1
2 /* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
3
4 /*
5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6 *
7 * Support for enhanced MLS infrastructure.
8 *
9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10 *
11 * Added conditional policy language extensions
12 *
13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
14 * Fine-grained netlink support
15 * IPv6 support
16 * Code cleanup
17 *
18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20 * Copyright (C) 2003 - 2007 Red Hat, Inc.
21 * Copyright (C) 2017 Mellanox Technologies Inc.
22 *
23 * This library is free software; you can redistribute it and/or
24 * modify it under the terms of the GNU Lesser General Public
25 * License as published by the Free Software Foundation; either
26 * version 2.1 of the License, or (at your option) any later version.
27 *
28 * This library is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
31 * Lesser General Public License for more details.
32 *
33 * You should have received a copy of the GNU Lesser General Public
34 * License along with this library; if not, write to the Free Software
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
36 */
37
38 /* FLASK */
39
40 /*
41 * Implementation of the policy database.
42 */
43
44 #include <assert.h>
45 #include <stdlib.h>
46
47 #include <sepol/policydb/policydb.h>
48 #include <sepol/policydb/expand.h>
49 #include <sepol/policydb/conditional.h>
50 #include <sepol/policydb/avrule_block.h>
51 #include <sepol/policydb/util.h>
52
53 #include "kernel_to_common.h"
54 #include "private.h"
55 #include "debug.h"
56 #include "mls.h"
57 #include "policydb_validate.h"
58
59 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
60 const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
61
62 /* These need to be updated if SYM_NUM or OCON_NUM changes */
63 static const struct policydb_compat_info policydb_compat[] = {
64 {
65 .type = POLICY_KERN,
66 .version = POLICYDB_VERSION_BOUNDARY,
67 .sym_num = SYM_NUM,
68 .ocon_num = OCON_XEN_PCIDEVICE + 1,
69 .target_platform = SEPOL_TARGET_XEN,
70 },
71 {
72 .type = POLICY_KERN,
73 .version = POLICYDB_VERSION_XEN_DEVICETREE,
74 .sym_num = SYM_NUM,
75 .ocon_num = OCON_XEN_DEVICETREE + 1,
76 .target_platform = SEPOL_TARGET_XEN,
77 },
78 {
79 .type = POLICY_KERN,
80 .version = POLICYDB_VERSION_BASE,
81 .sym_num = SYM_NUM - 3,
82 .ocon_num = OCON_FSUSE + 1,
83 .target_platform = SEPOL_TARGET_SELINUX,
84 },
85 {
86 .type = POLICY_KERN,
87 .version = POLICYDB_VERSION_BOOL,
88 .sym_num = SYM_NUM - 2,
89 .ocon_num = OCON_FSUSE + 1,
90 .target_platform = SEPOL_TARGET_SELINUX,
91 },
92 {
93 .type = POLICY_KERN,
94 .version = POLICYDB_VERSION_IPV6,
95 .sym_num = SYM_NUM - 2,
96 .ocon_num = OCON_NODE6 + 1,
97 .target_platform = SEPOL_TARGET_SELINUX,
98 },
99 {
100 .type = POLICY_KERN,
101 .version = POLICYDB_VERSION_NLCLASS,
102 .sym_num = SYM_NUM - 2,
103 .ocon_num = OCON_NODE6 + 1,
104 .target_platform = SEPOL_TARGET_SELINUX,
105 },
106 {
107 .type = POLICY_KERN,
108 .version = POLICYDB_VERSION_MLS,
109 .sym_num = SYM_NUM,
110 .ocon_num = OCON_NODE6 + 1,
111 .target_platform = SEPOL_TARGET_SELINUX,
112 },
113 {
114 .type = POLICY_KERN,
115 .version = POLICYDB_VERSION_AVTAB,
116 .sym_num = SYM_NUM,
117 .ocon_num = OCON_NODE6 + 1,
118 .target_platform = SEPOL_TARGET_SELINUX,
119 },
120 {
121 .type = POLICY_KERN,
122 .version = POLICYDB_VERSION_RANGETRANS,
123 .sym_num = SYM_NUM,
124 .ocon_num = OCON_NODE6 + 1,
125 .target_platform = SEPOL_TARGET_SELINUX,
126 },
127 {
128 .type = POLICY_KERN,
129 .version = POLICYDB_VERSION_POLCAP,
130 .sym_num = SYM_NUM,
131 .ocon_num = OCON_NODE6 + 1,
132 .target_platform = SEPOL_TARGET_SELINUX,
133 },
134 {
135 .type = POLICY_KERN,
136 .version = POLICYDB_VERSION_PERMISSIVE,
137 .sym_num = SYM_NUM,
138 .ocon_num = OCON_NODE6 + 1,
139 .target_platform = SEPOL_TARGET_SELINUX,
140 },
141 {
142 .type = POLICY_KERN,
143 .version = POLICYDB_VERSION_BOUNDARY,
144 .sym_num = SYM_NUM,
145 .ocon_num = OCON_NODE6 + 1,
146 .target_platform = SEPOL_TARGET_SELINUX,
147 },
148 {
149 .type = POLICY_KERN,
150 .version = POLICYDB_VERSION_FILENAME_TRANS,
151 .sym_num = SYM_NUM,
152 .ocon_num = OCON_NODE6 + 1,
153 .target_platform = SEPOL_TARGET_SELINUX,
154 },
155 {
156 .type = POLICY_KERN,
157 .version = POLICYDB_VERSION_ROLETRANS,
158 .sym_num = SYM_NUM,
159 .ocon_num = OCON_NODE6 + 1,
160 .target_platform = SEPOL_TARGET_SELINUX,
161 },
162 {
163 .type = POLICY_KERN,
164 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
165 .sym_num = SYM_NUM,
166 .ocon_num = OCON_NODE6 + 1,
167 .target_platform = SEPOL_TARGET_SELINUX,
168 },
169 {
170 .type = POLICY_KERN,
171 .version = POLICYDB_VERSION_DEFAULT_TYPE,
172 .sym_num = SYM_NUM,
173 .ocon_num = OCON_NODE6 + 1,
174 .target_platform = SEPOL_TARGET_SELINUX,
175 },
176 {
177 .type = POLICY_KERN,
178 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
179 .sym_num = SYM_NUM,
180 .ocon_num = OCON_NODE6 + 1,
181 .target_platform = SEPOL_TARGET_SELINUX,
182 },
183 {
184 .type = POLICY_KERN,
185 .version = POLICYDB_VERSION_XPERMS_IOCTL,
186 .sym_num = SYM_NUM,
187 .ocon_num = OCON_NODE6 + 1,
188 .target_platform = SEPOL_TARGET_SELINUX,
189 },
190 {
191 .type = POLICY_KERN,
192 .version = POLICYDB_VERSION_INFINIBAND,
193 .sym_num = SYM_NUM,
194 .ocon_num = OCON_IBENDPORT + 1,
195 .target_platform = SEPOL_TARGET_SELINUX,
196 },
197 {
198 .type = POLICY_KERN,
199 .version = POLICYDB_VERSION_GLBLUB,
200 .sym_num = SYM_NUM,
201 .ocon_num = OCON_IBENDPORT + 1,
202 .target_platform = SEPOL_TARGET_SELINUX,
203 },
204 {
205 .type = POLICY_KERN,
206 .version = POLICYDB_VERSION_COMP_FTRANS,
207 .sym_num = SYM_NUM,
208 .ocon_num = OCON_IBENDPORT + 1,
209 .target_platform = SEPOL_TARGET_SELINUX,
210 },
211 {
212 .type = POLICY_BASE,
213 .version = MOD_POLICYDB_VERSION_BASE,
214 .sym_num = SYM_NUM,
215 .ocon_num = OCON_NODE6 + 1,
216 .target_platform = SEPOL_TARGET_SELINUX,
217 },
218 {
219 .type = POLICY_BASE,
220 .version = MOD_POLICYDB_VERSION_MLS,
221 .sym_num = SYM_NUM,
222 .ocon_num = OCON_NODE6 + 1,
223 .target_platform = SEPOL_TARGET_SELINUX,
224 },
225 {
226 .type = POLICY_BASE,
227 .version = MOD_POLICYDB_VERSION_MLS_USERS,
228 .sym_num = SYM_NUM,
229 .ocon_num = OCON_NODE6 + 1,
230 .target_platform = SEPOL_TARGET_SELINUX,
231 },
232 {
233 .type = POLICY_BASE,
234 .version = MOD_POLICYDB_VERSION_POLCAP,
235 .sym_num = SYM_NUM,
236 .ocon_num = OCON_NODE6 + 1,
237 .target_platform = SEPOL_TARGET_SELINUX,
238 },
239 {
240 .type = POLICY_BASE,
241 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
242 .sym_num = SYM_NUM,
243 .ocon_num = OCON_NODE6 + 1,
244 .target_platform = SEPOL_TARGET_SELINUX,
245 },
246 {
247 .type = POLICY_BASE,
248 .version = MOD_POLICYDB_VERSION_BOUNDARY,
249 .sym_num = SYM_NUM,
250 .ocon_num = OCON_NODE6 + 1,
251 .target_platform = SEPOL_TARGET_SELINUX,
252 },
253 {
254 .type = POLICY_BASE,
255 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
256 .sym_num = SYM_NUM,
257 .ocon_num = OCON_NODE6 + 1,
258 .target_platform = SEPOL_TARGET_SELINUX,
259 },
260 {
261 .type = POLICY_BASE,
262 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
263 .sym_num = SYM_NUM,
264 .ocon_num = OCON_NODE6 + 1,
265 .target_platform = SEPOL_TARGET_SELINUX,
266 },
267 {
268 .type = POLICY_BASE,
269 .version = MOD_POLICYDB_VERSION_ROLETRANS,
270 .sym_num = SYM_NUM,
271 .ocon_num = OCON_NODE6 + 1,
272 .target_platform = SEPOL_TARGET_SELINUX,
273 },
274 {
275 .type = POLICY_BASE,
276 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
277 .sym_num = SYM_NUM,
278 .ocon_num = OCON_NODE6 + 1,
279 .target_platform = SEPOL_TARGET_SELINUX,
280 },
281 {
282 .type = POLICY_BASE,
283 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
284 .sym_num = SYM_NUM,
285 .ocon_num = OCON_NODE6 + 1,
286 .target_platform = SEPOL_TARGET_SELINUX,
287 },
288 {
289 .type = POLICY_BASE,
290 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
291 .sym_num = SYM_NUM,
292 .ocon_num = OCON_NODE6 + 1,
293 .target_platform = SEPOL_TARGET_SELINUX,
294 },
295 {
296 .type = POLICY_BASE,
297 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
298 .sym_num = SYM_NUM,
299 .ocon_num = OCON_NODE6 + 1,
300 .target_platform = SEPOL_TARGET_SELINUX,
301 },
302 {
303 .type = POLICY_BASE,
304 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
305 .sym_num = SYM_NUM,
306 .ocon_num = OCON_NODE6 + 1,
307 .target_platform = SEPOL_TARGET_SELINUX,
308 },
309 {
310 .type = POLICY_BASE,
311 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
312 .sym_num = SYM_NUM,
313 .ocon_num = OCON_NODE6 + 1,
314 .target_platform = SEPOL_TARGET_SELINUX,
315 },
316 {
317 .type = POLICY_BASE,
318 .version = MOD_POLICYDB_VERSION_INFINIBAND,
319 .sym_num = SYM_NUM,
320 .ocon_num = OCON_IBENDPORT + 1,
321 .target_platform = SEPOL_TARGET_SELINUX,
322 },
323 {
324 .type = POLICY_BASE,
325 .version = MOD_POLICYDB_VERSION_GLBLUB,
326 .sym_num = SYM_NUM,
327 .ocon_num = OCON_IBENDPORT + 1,
328 .target_platform = SEPOL_TARGET_SELINUX,
329 },
330 {
331 .type = POLICY_BASE,
332 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS,
333 .sym_num = SYM_NUM,
334 .ocon_num = OCON_IBENDPORT + 1,
335 .target_platform = SEPOL_TARGET_SELINUX,
336 },
337 {
338 .type = POLICY_MOD,
339 .version = MOD_POLICYDB_VERSION_BASE,
340 .sym_num = SYM_NUM,
341 .ocon_num = 0,
342 .target_platform = SEPOL_TARGET_SELINUX,
343 },
344 {
345 .type = POLICY_MOD,
346 .version = MOD_POLICYDB_VERSION_MLS,
347 .sym_num = SYM_NUM,
348 .ocon_num = 0,
349 .target_platform = SEPOL_TARGET_SELINUX,
350 },
351 {
352 .type = POLICY_MOD,
353 .version = MOD_POLICYDB_VERSION_MLS_USERS,
354 .sym_num = SYM_NUM,
355 .ocon_num = 0,
356 .target_platform = SEPOL_TARGET_SELINUX,
357 },
358 {
359 .type = POLICY_MOD,
360 .version = MOD_POLICYDB_VERSION_POLCAP,
361 .sym_num = SYM_NUM,
362 .ocon_num = 0,
363 .target_platform = SEPOL_TARGET_SELINUX,
364 },
365 {
366 .type = POLICY_MOD,
367 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
368 .sym_num = SYM_NUM,
369 .ocon_num = 0,
370 .target_platform = SEPOL_TARGET_SELINUX,
371 },
372 {
373 .type = POLICY_MOD,
374 .version = MOD_POLICYDB_VERSION_BOUNDARY,
375 .sym_num = SYM_NUM,
376 .ocon_num = 0,
377 .target_platform = SEPOL_TARGET_SELINUX,
378 },
379 {
380 .type = POLICY_MOD,
381 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
382 .sym_num = SYM_NUM,
383 .ocon_num = 0,
384 .target_platform = SEPOL_TARGET_SELINUX,
385 },
386 {
387 .type = POLICY_MOD,
388 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
389 .sym_num = SYM_NUM,
390 .ocon_num = 0,
391 .target_platform = SEPOL_TARGET_SELINUX,
392 },
393 {
394 .type = POLICY_MOD,
395 .version = MOD_POLICYDB_VERSION_ROLETRANS,
396 .sym_num = SYM_NUM,
397 .ocon_num = 0,
398 .target_platform = SEPOL_TARGET_SELINUX,
399 },
400 {
401 .type = POLICY_MOD,
402 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
403 .sym_num = SYM_NUM,
404 .ocon_num = 0,
405 .target_platform = SEPOL_TARGET_SELINUX,
406 },
407 {
408 .type = POLICY_MOD,
409 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
410 .sym_num = SYM_NUM,
411 .ocon_num = 0,
412 .target_platform = SEPOL_TARGET_SELINUX,
413 },
414 {
415 .type = POLICY_MOD,
416 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
417 .sym_num = SYM_NUM,
418 .ocon_num = 0,
419 .target_platform = SEPOL_TARGET_SELINUX,
420 },
421 {
422 .type = POLICY_MOD,
423 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
424 .sym_num = SYM_NUM,
425 .ocon_num = 0,
426 .target_platform = SEPOL_TARGET_SELINUX,
427 },
428 {
429 .type = POLICY_MOD,
430 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
431 .sym_num = SYM_NUM,
432 .ocon_num = 0,
433 .target_platform = SEPOL_TARGET_SELINUX,
434 },
435 {
436 .type = POLICY_MOD,
437 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
438 .sym_num = SYM_NUM,
439 .ocon_num = 0,
440 .target_platform = SEPOL_TARGET_SELINUX,
441 },
442 {
443 .type = POLICY_MOD,
444 .version = MOD_POLICYDB_VERSION_INFINIBAND,
445 .sym_num = SYM_NUM,
446 .ocon_num = 0,
447 .target_platform = SEPOL_TARGET_SELINUX,
448 },
449 {
450 .type = POLICY_MOD,
451 .version = MOD_POLICYDB_VERSION_GLBLUB,
452 .sym_num = SYM_NUM,
453 .ocon_num = 0,
454 .target_platform = SEPOL_TARGET_SELINUX,
455 },
456 {
457 .type = POLICY_MOD,
458 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS,
459 .sym_num = SYM_NUM,
460 .ocon_num = 0,
461 .target_platform = SEPOL_TARGET_SELINUX,
462 },
463 };
464
465 #if 0
466 static char *symtab_name[SYM_NUM] = {
467 "common prefixes",
468 "classes",
469 "roles",
470 "types",
471 "users",
472 "bools" mls_symtab_names cond_symtab_names
473 };
474 #endif
475
476 static const unsigned int symtab_sizes[SYM_NUM] = {
477 2,
478 32,
479 16,
480 512,
481 128,
482 16,
483 16,
484 16,
485 };
486
policydb_lookup_compat(unsigned int version,unsigned int type,unsigned int target_platform)487 const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
488 unsigned int type,
489 unsigned int target_platform)
490 {
491 unsigned int i;
492 const struct policydb_compat_info *info = NULL;
493
494 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
495 if (policydb_compat[i].version == version &&
496 policydb_compat[i].type == type &&
497 policydb_compat[i].target_platform == target_platform) {
498 info = &policydb_compat[i];
499 break;
500 }
501 }
502 return info;
503 }
504
type_set_init(type_set_t * x)505 void type_set_init(type_set_t * x)
506 {
507 memset(x, 0, sizeof(type_set_t));
508 ebitmap_init(&x->types);
509 ebitmap_init(&x->negset);
510 }
511
type_set_destroy(type_set_t * x)512 void type_set_destroy(type_set_t * x)
513 {
514 if (x != NULL) {
515 ebitmap_destroy(&x->types);
516 ebitmap_destroy(&x->negset);
517 }
518 }
519
role_set_init(role_set_t * x)520 void role_set_init(role_set_t * x)
521 {
522 memset(x, 0, sizeof(role_set_t));
523 ebitmap_init(&x->roles);
524 }
525
role_set_destroy(role_set_t * x)526 void role_set_destroy(role_set_t * x)
527 {
528 ebitmap_destroy(&x->roles);
529 }
530
role_datum_init(role_datum_t * x)531 void role_datum_init(role_datum_t * x)
532 {
533 memset(x, 0, sizeof(role_datum_t));
534 ebitmap_init(&x->dominates);
535 type_set_init(&x->types);
536 ebitmap_init(&x->cache);
537 ebitmap_init(&x->roles);
538 }
539
role_datum_destroy(role_datum_t * x)540 void role_datum_destroy(role_datum_t * x)
541 {
542 if (x != NULL) {
543 ebitmap_destroy(&x->dominates);
544 type_set_destroy(&x->types);
545 ebitmap_destroy(&x->cache);
546 ebitmap_destroy(&x->roles);
547 }
548 }
549
type_datum_init(type_datum_t * x)550 void type_datum_init(type_datum_t * x)
551 {
552 memset(x, 0, sizeof(*x));
553 ebitmap_init(&x->types);
554 }
555
type_datum_destroy(type_datum_t * x)556 void type_datum_destroy(type_datum_t * x)
557 {
558 if (x != NULL) {
559 ebitmap_destroy(&x->types);
560 }
561 }
562
user_datum_init(user_datum_t * x)563 void user_datum_init(user_datum_t * x)
564 {
565 memset(x, 0, sizeof(user_datum_t));
566 role_set_init(&x->roles);
567 mls_semantic_range_init(&x->range);
568 mls_semantic_level_init(&x->dfltlevel);
569 ebitmap_init(&x->cache);
570 mls_range_init(&x->exp_range);
571 mls_level_init(&x->exp_dfltlevel);
572 }
573
user_datum_destroy(user_datum_t * x)574 void user_datum_destroy(user_datum_t * x)
575 {
576 if (x != NULL) {
577 role_set_destroy(&x->roles);
578 mls_semantic_range_destroy(&x->range);
579 mls_semantic_level_destroy(&x->dfltlevel);
580 ebitmap_destroy(&x->cache);
581 mls_range_destroy(&x->exp_range);
582 mls_level_destroy(&x->exp_dfltlevel);
583 }
584 }
585
level_datum_init(level_datum_t * x)586 void level_datum_init(level_datum_t * x)
587 {
588 memset(x, 0, sizeof(level_datum_t));
589 }
590
level_datum_destroy(level_datum_t * x)591 void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
592 {
593 /* the mls_level_t referenced by the level_datum is managed
594 * separately for now, so there is nothing to destroy */
595 return;
596 }
597
cat_datum_init(cat_datum_t * x)598 void cat_datum_init(cat_datum_t * x)
599 {
600 memset(x, 0, sizeof(cat_datum_t));
601 }
602
cat_datum_destroy(cat_datum_t * x)603 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
604 {
605 /* it's currently a simple struct - really nothing to destroy */
606 return;
607 }
608
class_perm_node_init(class_perm_node_t * x)609 void class_perm_node_init(class_perm_node_t * x)
610 {
611 memset(x, 0, sizeof(class_perm_node_t));
612 }
613
avrule_init(avrule_t * x)614 void avrule_init(avrule_t * x)
615 {
616 memset(x, 0, sizeof(avrule_t));
617 type_set_init(&x->stypes);
618 type_set_init(&x->ttypes);
619 }
620
avrule_destroy(avrule_t * x)621 void avrule_destroy(avrule_t * x)
622 {
623 class_perm_node_t *cur, *next;
624
625 if (x == NULL) {
626 return;
627 }
628 type_set_destroy(&x->stypes);
629 type_set_destroy(&x->ttypes);
630
631 free(x->source_filename);
632
633 next = x->perms;
634 while (next) {
635 cur = next;
636 next = cur->next;
637 free(cur);
638 }
639
640 free(x->xperms);
641 }
642
role_trans_rule_init(role_trans_rule_t * x)643 void role_trans_rule_init(role_trans_rule_t * x)
644 {
645 memset(x, 0, sizeof(*x));
646 role_set_init(&x->roles);
647 type_set_init(&x->types);
648 ebitmap_init(&x->classes);
649 }
650
role_trans_rule_destroy(role_trans_rule_t * x)651 static void role_trans_rule_destroy(role_trans_rule_t * x)
652 {
653 if (x != NULL) {
654 role_set_destroy(&x->roles);
655 type_set_destroy(&x->types);
656 ebitmap_destroy(&x->classes);
657 }
658 }
659
role_trans_rule_list_destroy(role_trans_rule_t * x)660 void role_trans_rule_list_destroy(role_trans_rule_t * x)
661 {
662 while (x != NULL) {
663 role_trans_rule_t *next = x->next;
664 role_trans_rule_destroy(x);
665 free(x);
666 x = next;
667 }
668 }
669
filename_trans_rule_init(filename_trans_rule_t * x)670 void filename_trans_rule_init(filename_trans_rule_t * x)
671 {
672 memset(x, 0, sizeof(*x));
673 type_set_init(&x->stypes);
674 type_set_init(&x->ttypes);
675 }
676
filename_trans_rule_destroy(filename_trans_rule_t * x)677 static void filename_trans_rule_destroy(filename_trans_rule_t * x)
678 {
679 if (!x)
680 return;
681 type_set_destroy(&x->stypes);
682 type_set_destroy(&x->ttypes);
683 free(x->name);
684 }
685
filename_trans_rule_list_destroy(filename_trans_rule_t * x)686 void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
687 {
688 filename_trans_rule_t *next;
689 while (x) {
690 next = x->next;
691 filename_trans_rule_destroy(x);
692 free(x);
693 x = next;
694 }
695 }
696
role_allow_rule_init(role_allow_rule_t * x)697 void role_allow_rule_init(role_allow_rule_t * x)
698 {
699 memset(x, 0, sizeof(role_allow_rule_t));
700 role_set_init(&x->roles);
701 role_set_init(&x->new_roles);
702 }
703
role_allow_rule_destroy(role_allow_rule_t * x)704 void role_allow_rule_destroy(role_allow_rule_t * x)
705 {
706 role_set_destroy(&x->roles);
707 role_set_destroy(&x->new_roles);
708 }
709
role_allow_rule_list_destroy(role_allow_rule_t * x)710 void role_allow_rule_list_destroy(role_allow_rule_t * x)
711 {
712 while (x != NULL) {
713 role_allow_rule_t *next = x->next;
714 role_allow_rule_destroy(x);
715 free(x);
716 x = next;
717 }
718 }
719
range_trans_rule_init(range_trans_rule_t * x)720 void range_trans_rule_init(range_trans_rule_t * x)
721 {
722 type_set_init(&x->stypes);
723 type_set_init(&x->ttypes);
724 ebitmap_init(&x->tclasses);
725 mls_semantic_range_init(&x->trange);
726 x->next = NULL;
727 }
728
range_trans_rule_destroy(range_trans_rule_t * x)729 void range_trans_rule_destroy(range_trans_rule_t * x)
730 {
731 type_set_destroy(&x->stypes);
732 type_set_destroy(&x->ttypes);
733 ebitmap_destroy(&x->tclasses);
734 mls_semantic_range_destroy(&x->trange);
735 }
736
range_trans_rule_list_destroy(range_trans_rule_t * x)737 void range_trans_rule_list_destroy(range_trans_rule_t * x)
738 {
739 while (x != NULL) {
740 range_trans_rule_t *next = x->next;
741 range_trans_rule_destroy(x);
742 free(x);
743 x = next;
744 }
745 }
746
avrule_list_destroy(avrule_t * x)747 void avrule_list_destroy(avrule_t * x)
748 {
749 avrule_t *next, *cur;
750
751 if (!x)
752 return;
753
754 next = x;
755 while (next) {
756 cur = next;
757 next = next->next;
758 avrule_destroy(cur);
759 free(cur);
760 }
761 }
762
763 /*
764 * Initialize the role table by implicitly adding role 'object_r'. If
765 * the policy is a module, set object_r's scope to be SCOPE_REQ,
766 * otherwise set it to SCOPE_DECL.
767 */
roles_init(policydb_t * p)768 static int roles_init(policydb_t * p)
769 {
770 char *key = 0;
771 int rc;
772 role_datum_t *role;
773
774 role = calloc(1, sizeof(role_datum_t));
775 if (!role) {
776 rc = -ENOMEM;
777 goto out;
778 }
779 key = strdup(OBJECT_R);
780 if (!key) {
781 rc = -ENOMEM;
782 goto out_free_role;
783 }
784 rc = symtab_insert(p, SYM_ROLES, key, role,
785 (p->policy_type ==
786 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
787 &role->s.value);
788 if (rc)
789 goto out_free_key;
790 if (role->s.value != OBJECT_R_VAL) {
791 rc = -EINVAL;
792 goto out_free_role;
793 }
794 out:
795 return rc;
796
797 out_free_key:
798 free(key);
799 out_free_role:
800 free(role);
801 goto out;
802 }
803
804 ignore_unsigned_overflow_
805 static inline unsigned long
partial_name_hash(unsigned long c,unsigned long prevhash)806 partial_name_hash(unsigned long c, unsigned long prevhash)
807 {
808 return (prevhash + (c << 4) + (c >> 4)) * 11;
809 }
810
filenametr_hash(hashtab_t h,const_hashtab_key_t k)811 static unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k)
812 {
813 const filename_trans_key_t *ft = (const filename_trans_key_t *)k;
814 unsigned long hash;
815 unsigned int byte_num;
816 unsigned char focus;
817
818 hash = ft->ttype ^ ft->tclass;
819
820 byte_num = 0;
821 while ((focus = ft->name[byte_num++]))
822 hash = partial_name_hash(focus, hash);
823 return hash & (h->size - 1);
824 }
825
filenametr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)826 static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
827 const_hashtab_key_t k1, const_hashtab_key_t k2)
828 {
829 const filename_trans_key_t *ft1 = (const filename_trans_key_t *)k1;
830 const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
831 int v;
832
833 v = spaceship_cmp(ft1->ttype, ft2->ttype);
834 if (v)
835 return v;
836
837 v = spaceship_cmp(ft1->tclass, ft2->tclass);
838 if (v)
839 return v;
840
841 return strcmp(ft1->name, ft2->name);
842
843 }
844
rangetr_hash(hashtab_t h,const_hashtab_key_t k)845 static unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k)
846 {
847 const struct range_trans *key = (const struct range_trans *)k;
848 return (key->source_type + (key->target_type << 3) +
849 (key->target_class << 5)) & (h->size - 1);
850 }
851
rangetr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)852 static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
853 const_hashtab_key_t k1, const_hashtab_key_t k2)
854 {
855 const struct range_trans *key1 = (const struct range_trans *)k1;
856 const struct range_trans *key2 = (const struct range_trans *)k2;
857 int v;
858
859 v = spaceship_cmp(key1->source_type, key2->source_type);
860 if (v)
861 return v;
862
863 v = spaceship_cmp(key1->target_type, key2->target_type);
864 if (v)
865 return v;
866
867 v = spaceship_cmp(key1->target_class, key2->target_class);
868
869 return v;
870 }
871
872 /*
873 * Initialize a policy database structure.
874 */
policydb_init(policydb_t * p)875 int policydb_init(policydb_t * p)
876 {
877 int i, rc;
878
879 memset(p, 0, sizeof(policydb_t));
880
881 for (i = 0; i < SYM_NUM; i++) {
882 p->sym_val_to_name[i] = NULL;
883 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
884 if (rc)
885 goto err;
886 }
887
888 /* initialize the module stuff */
889 for (i = 0; i < SYM_NUM; i++) {
890 if (symtab_init(&p->scope[i], symtab_sizes[i])) {
891 goto err;
892 }
893 }
894 if ((p->global = avrule_block_create()) == NULL ||
895 (p->global->branch_list = avrule_decl_create(1)) == NULL) {
896 goto err;
897 }
898 p->decl_val_to_struct = NULL;
899
900 rc = avtab_init(&p->te_avtab);
901 if (rc)
902 goto err;
903
904 rc = roles_init(p);
905 if (rc)
906 goto err;
907
908 rc = cond_policydb_init(p);
909 if (rc)
910 goto err;
911
912 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
913 if (!p->filename_trans) {
914 rc = -ENOMEM;
915 goto err;
916 }
917
918 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
919 if (!p->range_tr) {
920 rc = -ENOMEM;
921 goto err;
922 }
923
924 ebitmap_init(&p->policycaps);
925 ebitmap_init(&p->permissive_map);
926
927 return 0;
928 err:
929 hashtab_destroy(p->filename_trans);
930 hashtab_destroy(p->range_tr);
931 for (i = 0; i < SYM_NUM; i++) {
932 hashtab_destroy(p->symtab[i].table);
933 hashtab_destroy(p->scope[i].table);
934 }
935 avrule_block_list_destroy(p->global);
936 return rc;
937 }
938
policydb_role_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)939 int policydb_role_cache(hashtab_key_t key
940 __attribute__ ((unused)), hashtab_datum_t datum,
941 void *arg)
942 {
943 policydb_t *p;
944 role_datum_t *role;
945
946 role = (role_datum_t *) datum;
947 p = (policydb_t *) arg;
948
949 ebitmap_destroy(&role->cache);
950 if (type_set_expand(&role->types, &role->cache, p, 1)) {
951 return -1;
952 }
953
954 return 0;
955 }
956
policydb_user_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)957 int policydb_user_cache(hashtab_key_t key
958 __attribute__ ((unused)), hashtab_datum_t datum,
959 void *arg)
960 {
961 policydb_t *p;
962 user_datum_t *user;
963
964 user = (user_datum_t *) datum;
965 p = (policydb_t *) arg;
966
967 ebitmap_destroy(&user->cache);
968 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
969 return -1;
970 }
971
972 /* we do not expand user's MLS info in kernel policies because the
973 * semantic representation is not present and we do not expand user's
974 * MLS info in module policies because all of the necessary mls
975 * information is not present */
976 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
977 mls_range_destroy(&user->exp_range);
978 if (mls_semantic_range_expand(&user->range,
979 &user->exp_range, p, NULL)) {
980 return -1;
981 }
982
983 mls_level_destroy(&user->exp_dfltlevel);
984 if (mls_semantic_level_expand(&user->dfltlevel,
985 &user->exp_dfltlevel, p, NULL)) {
986 return -1;
987 }
988 }
989
990 return 0;
991 }
992
993 /*
994 * The following *_index functions are used to
995 * define the val_to_name and val_to_struct arrays
996 * in a policy database structure. The val_to_name
997 * arrays are used when converting security context
998 * structures into string representations. The
999 * val_to_struct arrays are used when the attributes
1000 * of a class, role, or user are needed.
1001 */
1002
common_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1003 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1004 {
1005 policydb_t *p;
1006 common_datum_t *comdatum;
1007
1008 comdatum = (common_datum_t *) datum;
1009 p = (policydb_t *) datap;
1010 if (!value_isvalid(comdatum->s.value, p->p_commons.nprim))
1011 return -EINVAL;
1012 if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL)
1013 return -EINVAL;
1014 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
1015
1016 return 0;
1017 }
1018
class_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1019 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1020 {
1021 policydb_t *p;
1022 class_datum_t *cladatum;
1023
1024 cladatum = (class_datum_t *) datum;
1025 p = (policydb_t *) datap;
1026 if (!value_isvalid(cladatum->s.value, p->p_classes.nprim))
1027 return -EINVAL;
1028 if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL)
1029 return -EINVAL;
1030 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
1031 p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
1032
1033 return 0;
1034 }
1035
role_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1036 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1037 {
1038 policydb_t *p;
1039 role_datum_t *role;
1040
1041 role = (role_datum_t *) datum;
1042 p = (policydb_t *) datap;
1043 if (!value_isvalid(role->s.value, p->p_roles.nprim))
1044 return -EINVAL;
1045 if (p->p_role_val_to_name[role->s.value - 1] != NULL)
1046 return -EINVAL;
1047 p->p_role_val_to_name[role->s.value - 1] = (char *)key;
1048 p->role_val_to_struct[role->s.value - 1] = role;
1049
1050 return 0;
1051 }
1052
type_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1053 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1054 {
1055 policydb_t *p;
1056 type_datum_t *typdatum;
1057
1058 typdatum = (type_datum_t *) datum;
1059 p = (policydb_t *) datap;
1060
1061 if (typdatum->primary) {
1062 if (!value_isvalid(typdatum->s.value, p->p_types.nprim))
1063 return -EINVAL;
1064 if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL)
1065 return -EINVAL;
1066 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
1067 p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
1068 }
1069
1070 return 0;
1071 }
1072
user_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1073 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1074 {
1075 policydb_t *p;
1076 user_datum_t *usrdatum;
1077
1078 usrdatum = (user_datum_t *) datum;
1079 p = (policydb_t *) datap;
1080
1081 if (!value_isvalid(usrdatum->s.value, p->p_users.nprim))
1082 return -EINVAL;
1083 if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL)
1084 return -EINVAL;
1085 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
1086 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
1087
1088 return 0;
1089 }
1090
sens_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1091 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1092 {
1093 policydb_t *p;
1094 level_datum_t *levdatum;
1095
1096 levdatum = (level_datum_t *) datum;
1097 p = (policydb_t *) datap;
1098
1099 if (!levdatum->isalias) {
1100 if (!value_isvalid(levdatum->level->sens, p->p_levels.nprim))
1101 return -EINVAL;
1102 if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL)
1103 return -EINVAL;
1104 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
1105 }
1106
1107 return 0;
1108 }
1109
cat_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1110 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1111 {
1112 policydb_t *p;
1113 cat_datum_t *catdatum;
1114
1115 catdatum = (cat_datum_t *) datum;
1116 p = (policydb_t *) datap;
1117
1118 if (!catdatum->isalias) {
1119 if (!value_isvalid(catdatum->s.value, p->p_cats.nprim))
1120 return -EINVAL;
1121 if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL)
1122 return -EINVAL;
1123 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
1124 }
1125
1126 return 0;
1127 }
1128
1129 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1130 void *datap) = {
1131 common_index, class_index, role_index, type_index, user_index,
1132 cond_index_bool, sens_index, cat_index,};
1133
1134 /*
1135 * Define the common val_to_name array and the class
1136 * val_to_name and val_to_struct arrays in a policy
1137 * database structure.
1138 */
policydb_index_classes(policydb_t * p)1139 int policydb_index_classes(policydb_t * p)
1140 {
1141 free(p->p_common_val_to_name);
1142 p->p_common_val_to_name = (char **)
1143 calloc(p->p_commons.nprim, sizeof(char *));
1144 if (!p->p_common_val_to_name)
1145 return -1;
1146
1147 if (hashtab_map(p->p_commons.table, common_index, p))
1148 return -1;
1149
1150 free(p->class_val_to_struct);
1151 p->class_val_to_struct = (class_datum_t **)
1152 calloc(p->p_classes.nprim, sizeof(class_datum_t *));
1153 if (!p->class_val_to_struct)
1154 return -1;
1155
1156 free(p->p_class_val_to_name);
1157 p->p_class_val_to_name = (char **)
1158 calloc(p->p_classes.nprim, sizeof(char *));
1159 if (!p->p_class_val_to_name)
1160 return -1;
1161
1162 if (hashtab_map(p->p_classes.table, class_index, p))
1163 return -1;
1164
1165 return 0;
1166 }
1167
policydb_index_bools(policydb_t * p)1168 int policydb_index_bools(policydb_t * p)
1169 {
1170
1171 if (cond_init_bool_indexes(p) == -1)
1172 return -1;
1173 p->p_bool_val_to_name = (char **)
1174 calloc(p->p_bools.nprim, sizeof(char *));
1175 if (!p->p_bool_val_to_name)
1176 return -1;
1177 if (hashtab_map(p->p_bools.table, cond_index_bool, p))
1178 return -1;
1179 return 0;
1180 }
1181
policydb_index_decls(sepol_handle_t * handle,policydb_t * p)1182 static int policydb_index_decls(sepol_handle_t * handle, policydb_t * p)
1183 {
1184 avrule_block_t *curblock;
1185 avrule_decl_t *decl;
1186 unsigned int num_decls = 0;
1187
1188 free(p->decl_val_to_struct);
1189
1190 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1191 for (decl = curblock->branch_list; decl != NULL;
1192 decl = decl->next) {
1193 num_decls++;
1194 }
1195 }
1196
1197 p->decl_val_to_struct =
1198 calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
1199 if (!p->decl_val_to_struct) {
1200 return -1;
1201 }
1202
1203 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1204 for (decl = curblock->branch_list; decl != NULL;
1205 decl = decl->next) {
1206 if (!value_isvalid(decl->decl_id, num_decls)) {
1207 ERR(handle, "invalid decl ID %u", decl->decl_id);
1208 return -1;
1209 }
1210 if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) {
1211 ERR(handle, "duplicated decl ID %u", decl->decl_id);
1212 return -1;
1213 }
1214 p->decl_val_to_struct[decl->decl_id - 1] = decl;
1215 }
1216 }
1217
1218 return 0;
1219 }
1220
1221 /*
1222 * Define the other val_to_name and val_to_struct arrays
1223 * in a policy database structure.
1224 */
policydb_index_others(sepol_handle_t * handle,policydb_t * p,unsigned verbose)1225 int policydb_index_others(sepol_handle_t * handle,
1226 policydb_t * p, unsigned verbose)
1227 {
1228 int i;
1229
1230 if (verbose) {
1231 INFO(handle,
1232 "security: %d users, %d roles, %d types, %d bools",
1233 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
1234 p->p_bools.nprim);
1235
1236 if (p->mls)
1237 INFO(handle, "security: %d sens, %d cats",
1238 p->p_levels.nprim, p->p_cats.nprim);
1239
1240 INFO(handle, "security: %d classes, %d rules, %d cond rules",
1241 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
1242 }
1243 #if 0
1244 avtab_hash_eval(&p->te_avtab, "rules");
1245 for (i = 0; i < SYM_NUM; i++)
1246 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
1247 #endif
1248
1249 free(p->role_val_to_struct);
1250 p->role_val_to_struct = (role_datum_t **)
1251 calloc(p->p_roles.nprim, sizeof(role_datum_t *));
1252 if (!p->role_val_to_struct)
1253 return -1;
1254
1255 free(p->user_val_to_struct);
1256 p->user_val_to_struct = (user_datum_t **)
1257 calloc(p->p_users.nprim, sizeof(user_datum_t *));
1258 if (!p->user_val_to_struct)
1259 return -1;
1260
1261 free(p->type_val_to_struct);
1262 p->type_val_to_struct = (type_datum_t **)
1263 calloc(p->p_types.nprim, sizeof(type_datum_t *));
1264 if (!p->type_val_to_struct)
1265 return -1;
1266
1267 if (cond_init_bool_indexes(p))
1268 return -1;
1269
1270 for (i = SYM_ROLES; i < SYM_NUM; i++) {
1271 free(p->sym_val_to_name[i]);
1272 p->sym_val_to_name[i] = NULL;
1273 if (p->symtab[i].nprim) {
1274 p->sym_val_to_name[i] = (char **)
1275 calloc(p->symtab[i].nprim, sizeof(char *));
1276 if (!p->sym_val_to_name[i])
1277 return -1;
1278 if (hashtab_map(p->symtab[i].table, index_f[i], p))
1279 return -1;
1280 }
1281 }
1282
1283 /* This pre-expands the roles and users for context validity checking */
1284 if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1285 return -1;
1286
1287 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1288 return -1;
1289
1290 return 0;
1291 }
1292
1293 /*
1294 * The following *_destroy functions are used to
1295 * free any memory allocated for each kind of
1296 * symbol data in the policy database.
1297 */
1298
perm_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1299 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1300 __attribute__ ((unused)))
1301 {
1302 if (key)
1303 free(key);
1304 free(datum);
1305 return 0;
1306 }
1307
common_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1308 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1309 __attribute__ ((unused)))
1310 {
1311 common_datum_t *comdatum;
1312
1313 if (key)
1314 free(key);
1315 comdatum = (common_datum_t *) datum;
1316 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1317 hashtab_destroy(comdatum->permissions.table);
1318 free(datum);
1319 return 0;
1320 }
1321
class_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1322 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1323 __attribute__ ((unused)))
1324 {
1325 class_datum_t *cladatum;
1326 constraint_node_t *constraint, *ctemp;
1327
1328 if (key)
1329 free(key);
1330 cladatum = (class_datum_t *) datum;
1331 if (cladatum == NULL) {
1332 return 0;
1333 }
1334 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1335 hashtab_destroy(cladatum->permissions.table);
1336 constraint = cladatum->constraints;
1337 while (constraint) {
1338 constraint_expr_destroy(constraint->expr);
1339 ctemp = constraint;
1340 constraint = constraint->next;
1341 free(ctemp);
1342 }
1343
1344 constraint = cladatum->validatetrans;
1345 while (constraint) {
1346 constraint_expr_destroy(constraint->expr);
1347 ctemp = constraint;
1348 constraint = constraint->next;
1349 free(ctemp);
1350 }
1351
1352 if (cladatum->comkey)
1353 free(cladatum->comkey);
1354 free(datum);
1355 return 0;
1356 }
1357
role_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1358 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1359 __attribute__ ((unused)))
1360 {
1361 free(key);
1362 role_datum_destroy((role_datum_t *) datum);
1363 free(datum);
1364 return 0;
1365 }
1366
type_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1367 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1368 __attribute__ ((unused)))
1369 {
1370 free(key);
1371 type_datum_destroy((type_datum_t *) datum);
1372 free(datum);
1373 return 0;
1374 }
1375
user_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1376 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1377 __attribute__ ((unused)))
1378 {
1379 free(key);
1380 user_datum_destroy((user_datum_t *) datum);
1381 free(datum);
1382 return 0;
1383 }
1384
sens_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1385 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1386 __attribute__ ((unused)))
1387 {
1388 level_datum_t *levdatum;
1389
1390 if (key)
1391 free(key);
1392 levdatum = (level_datum_t *) datum;
1393 mls_level_destroy(levdatum->level);
1394 free(levdatum->level);
1395 level_datum_destroy(levdatum);
1396 free(levdatum);
1397 return 0;
1398 }
1399
cat_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1400 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1401 __attribute__ ((unused)))
1402 {
1403 if (key)
1404 free(key);
1405 cat_datum_destroy((cat_datum_t *) datum);
1406 free(datum);
1407 return 0;
1408 }
1409
1410 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1411 void *datap) = {
1412 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1413 cond_destroy_bool, sens_destroy, cat_destroy,};
1414
filenametr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1415 static int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1416 void *p __attribute__ ((unused)))
1417 {
1418 filename_trans_key_t *ft = (filename_trans_key_t *)key;
1419 filename_trans_datum_t *fd = datum, *next;
1420
1421 free(ft->name);
1422 free(key);
1423 do {
1424 next = fd->next;
1425 ebitmap_destroy(&fd->stypes);
1426 free(fd);
1427 fd = next;
1428 } while (fd);
1429 return 0;
1430 }
1431
range_tr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1432 static int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1433 void *p __attribute__ ((unused)))
1434 {
1435 struct mls_range *rt = (struct mls_range *)datum;
1436 free(key);
1437 ebitmap_destroy(&rt->level[0].cat);
1438 ebitmap_destroy(&rt->level[1].cat);
1439 free(datum);
1440 return 0;
1441 }
1442
ocontext_selinux_free(ocontext_t ** ocontexts)1443 static void ocontext_selinux_free(ocontext_t **ocontexts)
1444 {
1445 ocontext_t *c, *ctmp;
1446 int i;
1447
1448 for (i = 0; i < OCON_NUM; i++) {
1449 c = ocontexts[i];
1450 while (c) {
1451 ctmp = c;
1452 c = c->next;
1453 context_destroy(&ctmp->context[0]);
1454 context_destroy(&ctmp->context[1]);
1455 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1456 || i == OCON_FSUSE)
1457 free(ctmp->u.name);
1458 else if (i == OCON_IBENDPORT)
1459 free(ctmp->u.ibendport.dev_name);
1460 free(ctmp);
1461 }
1462 }
1463 }
1464
ocontext_xen_free(ocontext_t ** ocontexts)1465 static void ocontext_xen_free(ocontext_t **ocontexts)
1466 {
1467 ocontext_t *c, *ctmp;
1468 int i;
1469
1470 for (i = 0; i < OCON_NUM; i++) {
1471 c = ocontexts[i];
1472 while (c) {
1473 ctmp = c;
1474 c = c->next;
1475 context_destroy(&ctmp->context[0]);
1476 context_destroy(&ctmp->context[1]);
1477 if (i == OCON_ISID || i == OCON_XEN_DEVICETREE)
1478 free(ctmp->u.name);
1479 free(ctmp);
1480 }
1481 }
1482 }
1483
1484 /*
1485 * Free any memory allocated by a policy database structure.
1486 */
policydb_destroy(policydb_t * p)1487 void policydb_destroy(policydb_t * p)
1488 {
1489 ocontext_t *c, *ctmp;
1490 genfs_t *g, *gtmp;
1491 unsigned int i;
1492 role_allow_t *ra, *lra = NULL;
1493 role_trans_t *tr, *ltr = NULL;
1494
1495 if (!p)
1496 return;
1497
1498 ebitmap_destroy(&p->policycaps);
1499
1500 ebitmap_destroy(&p->permissive_map);
1501
1502 symtabs_destroy(p->symtab);
1503
1504 for (i = 0; i < SYM_NUM; i++) {
1505 if (p->sym_val_to_name[i])
1506 free(p->sym_val_to_name[i]);
1507 }
1508
1509 if (p->class_val_to_struct)
1510 free(p->class_val_to_struct);
1511 if (p->role_val_to_struct)
1512 free(p->role_val_to_struct);
1513 if (p->user_val_to_struct)
1514 free(p->user_val_to_struct);
1515 if (p->type_val_to_struct)
1516 free(p->type_val_to_struct);
1517 free(p->decl_val_to_struct);
1518
1519 for (i = 0; i < SYM_NUM; i++) {
1520 (void)hashtab_map(p->scope[i].table, scope_destroy, 0);
1521 hashtab_destroy(p->scope[i].table);
1522 }
1523 avrule_block_list_destroy(p->global);
1524 free(p->name);
1525 free(p->version);
1526
1527 avtab_destroy(&p->te_avtab);
1528
1529 if (p->target_platform == SEPOL_TARGET_SELINUX)
1530 ocontext_selinux_free(p->ocontexts);
1531 else if (p->target_platform == SEPOL_TARGET_XEN)
1532 ocontext_xen_free(p->ocontexts);
1533
1534 g = p->genfs;
1535 while (g) {
1536 free(g->fstype);
1537 c = g->head;
1538 while (c) {
1539 ctmp = c;
1540 c = c->next;
1541 context_destroy(&ctmp->context[0]);
1542 free(ctmp->u.name);
1543 free(ctmp);
1544 }
1545 gtmp = g;
1546 g = g->next;
1547 free(gtmp);
1548 }
1549 cond_policydb_destroy(p);
1550
1551 for (tr = p->role_tr; tr; tr = tr->next) {
1552 if (ltr)
1553 free(ltr);
1554 ltr = tr;
1555 }
1556 if (ltr)
1557 free(ltr);
1558
1559 for (ra = p->role_allow; ra; ra = ra->next) {
1560 if (lra)
1561 free(lra);
1562 lra = ra;
1563 }
1564 if (lra)
1565 free(lra);
1566
1567 hashtab_map(p->filename_trans, filenametr_destroy, NULL);
1568 hashtab_destroy(p->filename_trans);
1569
1570 hashtab_map(p->range_tr, range_tr_destroy, NULL);
1571 hashtab_destroy(p->range_tr);
1572
1573 if (p->type_attr_map) {
1574 for (i = 0; i < p->p_types.nprim; i++) {
1575 ebitmap_destroy(&p->type_attr_map[i]);
1576 }
1577 free(p->type_attr_map);
1578 }
1579
1580 if (p->attr_type_map) {
1581 for (i = 0; i < p->p_types.nprim; i++) {
1582 ebitmap_destroy(&p->attr_type_map[i]);
1583 }
1584 free(p->attr_type_map);
1585 }
1586
1587 return;
1588 }
1589
symtabs_destroy(symtab_t * symtab)1590 void symtabs_destroy(symtab_t * symtab)
1591 {
1592 int i;
1593 for (i = 0; i < SYM_NUM; i++) {
1594 (void)hashtab_map(symtab[i].table, destroy_f[i], 0);
1595 hashtab_destroy(symtab[i].table);
1596 }
1597 }
1598
scope_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1599 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1600 __attribute__ ((unused)))
1601 {
1602 scope_datum_t *cur = (scope_datum_t *) datum;
1603 free(key);
1604 if (cur != NULL) {
1605 free(cur->decl_ids);
1606 }
1607 free(cur);
1608 return 0;
1609 }
1610
1611 /*
1612 * Load the initial SIDs specified in a policy database
1613 * structure into a SID table.
1614 */
policydb_load_isids(policydb_t * p,sidtab_t * s)1615 int policydb_load_isids(policydb_t * p, sidtab_t * s)
1616 {
1617 ocontext_t *head, *c;
1618
1619 if (sepol_sidtab_init(s)) {
1620 ERR(NULL, "out of memory on SID table init");
1621 return -1;
1622 }
1623
1624 head = p->ocontexts[OCON_ISID];
1625 for (c = head; c; c = c->next) {
1626 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1627 ERR(NULL, "unable to load initial SID %s", c->u.name);
1628 return -1;
1629 }
1630 }
1631
1632 return 0;
1633 }
1634
1635 /* Declare a symbol for a certain avrule_block context. Insert it
1636 * into a symbol table for a policy. This function will handle
1637 * inserting the appropriate scope information in addition to
1638 * inserting the symbol into the hash table.
1639 *
1640 * arguments:
1641 * policydb_t *pol module policy to modify
1642 * uint32_t sym the symbole table for insertion (SYM_*)
1643 * hashtab_key_t key the key for the symbol - not cloned
1644 * hashtab_datum_t data the data for the symbol - not cloned
1645 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1646 * avrule_decl_id identifier for this symbol's encapsulating declaration
1647 * value (out) assigned value to the symbol (if value is not NULL)
1648 *
1649 * returns:
1650 * 0 success
1651 * 1 success, but symbol already existed as a requirement
1652 * (datum was not inserted and needs to be free()d)
1653 * -1 general error
1654 * -2 scope conflicted
1655 * -ENOMEM memory error
1656 * error codes from hashtab_insert
1657 */
symtab_insert(policydb_t * pol,uint32_t sym,hashtab_key_t key,hashtab_datum_t datum,uint32_t scope,uint32_t avrule_decl_id,uint32_t * value)1658 int symtab_insert(policydb_t * pol, uint32_t sym,
1659 hashtab_key_t key, hashtab_datum_t datum,
1660 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1661 {
1662 int rc, retval = 0;
1663 unsigned int i;
1664 scope_datum_t *scope_datum;
1665
1666 /* check if the symbol is already there. multiple
1667 * declarations of non-roles/non-users are illegal, but
1668 * multiple requires are allowed. */
1669
1670 /* FIX ME - the failures after the hashtab_insert will leave
1671 * the policy in a inconsistent state. */
1672 rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1673 if (rc == SEPOL_OK) {
1674 /* if no value is passed in the symbol is not primary
1675 * (i.e. aliases) */
1676 if (value)
1677 *value = ++pol->symtab[sym].nprim;
1678 } else if (rc == SEPOL_EEXIST) {
1679 retval = 1; /* symbol not added -- need to free() later */
1680 } else {
1681 return rc;
1682 }
1683
1684 /* get existing scope information; if there is not one then
1685 * create it */
1686 scope_datum =
1687 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1688 if (scope_datum == NULL) {
1689 hashtab_key_t key2 = strdup((char *)key);
1690 if (!key2)
1691 return -ENOMEM;
1692 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1693 free(key2);
1694 return -ENOMEM;
1695 }
1696 scope_datum->scope = scope;
1697 scope_datum->decl_ids = NULL;
1698 scope_datum->decl_ids_len = 0;
1699 if ((rc =
1700 hashtab_insert(pol->scope[sym].table, key2,
1701 scope_datum)) != 0) {
1702 free(key2);
1703 free(scope_datum);
1704 return rc;
1705 }
1706 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1707 /* disallow multiple declarations for non-roles/users */
1708 if (sym != SYM_ROLES && sym != SYM_USERS) {
1709 return -2;
1710 }
1711 /* Further confine that a role attribute can't have the same
1712 * name as another regular role, and a role attribute can't
1713 * be declared more than once. */
1714 if (sym == SYM_ROLES) {
1715 role_datum_t *base_role;
1716 role_datum_t *cur_role = (role_datum_t *)datum;
1717
1718 base_role = (role_datum_t *)
1719 hashtab_search(pol->symtab[sym].table,
1720 key);
1721 assert(base_role != NULL);
1722
1723 if (!((base_role->flavor == ROLE_ROLE) &&
1724 (cur_role->flavor == ROLE_ROLE))) {
1725 /* Only regular roles are allowed to have
1726 * multiple declarations. */
1727 return -2;
1728 }
1729 }
1730 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1731 scope_datum->scope = SCOPE_DECL;
1732 }
1733
1734 /* search through the pre-existing list to avoid adding duplicates */
1735 for (i = 0; i < scope_datum->decl_ids_len; i++) {
1736 if (scope_datum->decl_ids[i] == avrule_decl_id) {
1737 /* already there, so don't modify its scope */
1738 return retval;
1739 }
1740 }
1741
1742 if (add_i_to_a(avrule_decl_id,
1743 &scope_datum->decl_ids_len,
1744 &scope_datum->decl_ids) == -1) {
1745 return -ENOMEM;
1746 }
1747
1748 if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) {
1749 /* Need to keep the decl at the end of the list */
1750 uint32_t len, tmp;
1751 len = scope_datum->decl_ids_len;
1752 if (len < 2) {
1753 /* This should be impossible here */
1754 return -1;
1755 }
1756 tmp = scope_datum->decl_ids[len-2];
1757 scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1];
1758 scope_datum->decl_ids[len-1] = tmp;
1759 }
1760
1761 return retval;
1762 }
1763
type_set_or(type_set_t * dst,const type_set_t * a,const type_set_t * b)1764 static int type_set_or(type_set_t * dst, const type_set_t * a, const type_set_t * b)
1765 {
1766 type_set_init(dst);
1767
1768 if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1769 return -1;
1770 }
1771 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1772 return -1;
1773 }
1774
1775 dst->flags |= a->flags;
1776 dst->flags |= b->flags;
1777
1778 return 0;
1779 }
1780
type_set_cpy(type_set_t * dst,const type_set_t * src)1781 int type_set_cpy(type_set_t * dst, const type_set_t * src)
1782 {
1783 type_set_init(dst);
1784
1785 dst->flags = src->flags;
1786 if (ebitmap_cpy(&dst->types, &src->types))
1787 return -1;
1788 if (ebitmap_cpy(&dst->negset, &src->negset))
1789 return -1;
1790
1791 return 0;
1792 }
1793
type_set_or_eq(type_set_t * dst,const type_set_t * other)1794 int type_set_or_eq(type_set_t * dst, const type_set_t * other)
1795 {
1796 int ret;
1797 type_set_t tmp;
1798
1799 if (type_set_or(&tmp, dst, other))
1800 return -1;
1801 type_set_destroy(dst);
1802 ret = type_set_cpy(dst, &tmp);
1803 type_set_destroy(&tmp);
1804
1805 return ret;
1806 }
1807
1808 /***********************************************************************/
1809 /* everything below is for policy reads */
1810
1811 /* The following are read functions for module structures */
1812
role_set_read(role_set_t * r,struct policy_file * fp)1813 static int role_set_read(role_set_t * r, struct policy_file *fp)
1814 {
1815 uint32_t buf[1];
1816 int rc;
1817
1818 if (ebitmap_read(&r->roles, fp))
1819 return -1;
1820 rc = next_entry(buf, fp, sizeof(uint32_t));
1821 if (rc < 0)
1822 return -1;
1823 r->flags = le32_to_cpu(buf[0]);
1824
1825 return 0;
1826 }
1827
type_set_read(type_set_t * t,struct policy_file * fp)1828 static int type_set_read(type_set_t * t, struct policy_file *fp)
1829 {
1830 uint32_t buf[1];
1831 int rc;
1832
1833 if (ebitmap_read(&t->types, fp))
1834 return -1;
1835 if (ebitmap_read(&t->negset, fp))
1836 return -1;
1837
1838 rc = next_entry(buf, fp, sizeof(uint32_t));
1839 if (rc < 0)
1840 return -1;
1841 t->flags = le32_to_cpu(buf[0]);
1842
1843 return 0;
1844 }
1845
1846 /*
1847 * Read a MLS range structure from a policydb binary
1848 * representation file.
1849 */
mls_read_range_helper(mls_range_t * r,struct policy_file * fp)1850 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1851 {
1852 uint32_t buf[2], items;
1853 int rc;
1854
1855 rc = next_entry(buf, fp, sizeof(uint32_t));
1856 if (rc < 0)
1857 goto out;
1858
1859 items = le32_to_cpu(buf[0]);
1860 if (items > ARRAY_SIZE(buf)) {
1861 ERR(fp->handle, "range overflow");
1862 rc = -EINVAL;
1863 goto out;
1864 }
1865 rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1866 if (rc < 0) {
1867 ERR(fp->handle, "truncated range");
1868 goto out;
1869 }
1870 r->level[0].sens = le32_to_cpu(buf[0]);
1871 if (items > 1)
1872 r->level[1].sens = le32_to_cpu(buf[1]);
1873 else
1874 r->level[1].sens = r->level[0].sens;
1875
1876 rc = ebitmap_read(&r->level[0].cat, fp);
1877 if (rc) {
1878 ERR(fp->handle, "error reading low categories");
1879 goto out;
1880 }
1881 if (items > 1) {
1882 rc = ebitmap_read(&r->level[1].cat, fp);
1883 if (rc) {
1884 ERR(fp->handle, "error reading high categories");
1885 goto bad_high;
1886 }
1887 } else {
1888 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1889 if (rc) {
1890 ERR(fp->handle, "out of memory");
1891 goto bad_high;
1892 }
1893 }
1894
1895 rc = 0;
1896 out:
1897 return rc;
1898 bad_high:
1899 ebitmap_destroy(&r->level[0].cat);
1900 goto out;
1901 }
1902
1903 /*
1904 * Read a semantic MLS level structure from a policydb binary
1905 * representation file.
1906 */
mls_read_semantic_level_helper(mls_semantic_level_t * l,struct policy_file * fp)1907 static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1908 struct policy_file *fp)
1909 {
1910 uint32_t buf[2], ncat;
1911 unsigned int i;
1912 mls_semantic_cat_t *cat;
1913 int rc;
1914
1915 mls_semantic_level_init(l);
1916
1917 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1918 if (rc < 0) {
1919 ERR(fp->handle, "truncated level");
1920 goto bad;
1921 }
1922 l->sens = le32_to_cpu(buf[0]);
1923
1924 ncat = le32_to_cpu(buf[1]);
1925 for (i = 0; i < ncat; i++) {
1926 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1927 if (!cat) {
1928 ERR(fp->handle, "out of memory");
1929 goto bad;
1930 }
1931
1932 mls_semantic_cat_init(cat);
1933 cat->next = l->cat;
1934 l->cat = cat;
1935
1936 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1937 if (rc < 0) {
1938 ERR(fp->handle, "error reading level categories");
1939 goto bad;
1940 }
1941 cat->low = le32_to_cpu(buf[0]);
1942 cat->high = le32_to_cpu(buf[1]);
1943 }
1944
1945 return 0;
1946
1947 bad:
1948 return -EINVAL;
1949 }
1950
1951 /*
1952 * Read a semantic MLS range structure from a policydb binary
1953 * representation file.
1954 */
mls_read_semantic_range_helper(mls_semantic_range_t * r,struct policy_file * fp)1955 static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1956 struct policy_file *fp)
1957 {
1958 int rc;
1959
1960 rc = mls_read_semantic_level_helper(&r->level[0], fp);
1961 if (rc)
1962 return rc;
1963
1964 rc = mls_read_semantic_level_helper(&r->level[1], fp);
1965
1966 return rc;
1967 }
1968
mls_level_to_semantic(mls_level_t * l,mls_semantic_level_t * sl)1969 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1970 {
1971 unsigned int i;
1972 ebitmap_node_t *cnode;
1973 mls_semantic_cat_t *open_cat = NULL;
1974
1975 mls_semantic_level_init(sl);
1976 sl->sens = l->sens;
1977 ebitmap_for_each_bit(&l->cat, cnode, i) {
1978 if (ebitmap_node_get_bit(cnode, i)) {
1979 if (open_cat)
1980 continue;
1981 open_cat = (mls_semantic_cat_t *)
1982 malloc(sizeof(mls_semantic_cat_t));
1983 if (!open_cat)
1984 return -1;
1985
1986 mls_semantic_cat_init(open_cat);
1987 open_cat->low = i + 1;
1988 open_cat->next = sl->cat;
1989 sl->cat = open_cat;
1990 } else {
1991 if (!open_cat)
1992 continue;
1993 open_cat->high = i;
1994 open_cat = NULL;
1995 }
1996 }
1997 if (open_cat)
1998 open_cat->high = i;
1999
2000 return 0;
2001 }
2002
mls_range_to_semantic(mls_range_t * r,mls_semantic_range_t * sr)2003 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
2004 {
2005 if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
2006 return -1;
2007
2008 if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
2009 return -1;
2010
2011 return 0;
2012 }
2013
2014 /*
2015 * Read and validate a security context structure
2016 * from a policydb binary representation file.
2017 */
context_read_and_validate(context_struct_t * c,policydb_t * p,struct policy_file * fp)2018 static int context_read_and_validate(context_struct_t * c,
2019 policydb_t * p, struct policy_file *fp)
2020 {
2021 uint32_t buf[3];
2022 int rc;
2023
2024 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2025 if (rc < 0) {
2026 ERR(fp->handle, "context truncated");
2027 return -1;
2028 }
2029 c->user = le32_to_cpu(buf[0]);
2030 c->role = le32_to_cpu(buf[1]);
2031 c->type = le32_to_cpu(buf[2]);
2032 if ((p->policy_type == POLICY_KERN
2033 && p->policyvers >= POLICYDB_VERSION_MLS)
2034 || (p->policy_type == POLICY_BASE
2035 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
2036 if (mls_read_range_helper(&c->range, fp)) {
2037 ERR(fp->handle, "error reading MLS range "
2038 "of context");
2039 return -1;
2040 }
2041 }
2042
2043 if (!policydb_context_isvalid(p, c)) {
2044 ERR(fp->handle, "invalid security context");
2045 context_destroy(c);
2046 return -1;
2047 }
2048 return 0;
2049 }
2050
2051 /*
2052 * The following *_read functions are used to
2053 * read the symbol data from a policy database
2054 * binary representation file.
2055 */
2056
perm_read(policydb_t * p,hashtab_t h,struct policy_file * fp,uint32_t nprim)2057 static int perm_read(policydb_t * p
2058 __attribute__ ((unused)), hashtab_t h,
2059 struct policy_file *fp, uint32_t nprim)
2060 {
2061 char *key = 0;
2062 perm_datum_t *perdatum;
2063 uint32_t buf[2];
2064 size_t len;
2065 int rc;
2066
2067 perdatum = calloc(1, sizeof(perm_datum_t));
2068 if (!perdatum)
2069 return -1;
2070
2071 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2072 if (rc < 0)
2073 goto bad;
2074
2075 len = le32_to_cpu(buf[0]);
2076 if(str_read(&key, fp, len))
2077 goto bad;
2078
2079 perdatum->s.value = le32_to_cpu(buf[1]);
2080 if (!value_isvalid(perdatum->s.value, nprim))
2081 goto bad;
2082
2083 if (hashtab_insert(h, key, perdatum))
2084 goto bad;
2085
2086 return 0;
2087
2088 bad:
2089 perm_destroy(key, perdatum, NULL);
2090 return -1;
2091 }
2092
common_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2093 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2094 {
2095 char *key = 0;
2096 common_datum_t *comdatum;
2097 uint32_t buf[4];
2098 size_t len, nel;
2099 unsigned int i;
2100 int rc;
2101
2102 comdatum = calloc(1, sizeof(common_datum_t));
2103 if (!comdatum)
2104 return -1;
2105
2106 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2107 if (rc < 0)
2108 goto bad;
2109
2110 len = le32_to_cpu(buf[0]);
2111 if (zero_or_saturated(len))
2112 goto bad;
2113
2114 comdatum->s.value = le32_to_cpu(buf[1]);
2115
2116 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
2117 goto bad;
2118 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
2119 if (comdatum->permissions.nprim > PERM_SYMTAB_SIZE)
2120 goto bad;
2121 nel = le32_to_cpu(buf[3]);
2122
2123 key = malloc(len + 1);
2124 if (!key)
2125 goto bad;
2126 rc = next_entry(key, fp, len);
2127 if (rc < 0)
2128 goto bad;
2129 key[len] = 0;
2130
2131 for (i = 0; i < nel; i++) {
2132 if (perm_read(p, comdatum->permissions.table, fp, comdatum->permissions.nprim))
2133 goto bad;
2134 }
2135
2136 if (hashtab_insert(h, key, comdatum))
2137 goto bad;
2138
2139 return 0;
2140
2141 bad:
2142 common_destroy(key, comdatum, NULL);
2143 return -1;
2144 }
2145
read_cons_helper(policydb_t * p,constraint_node_t ** nodep,unsigned int ncons,int allowxtarget,struct policy_file * fp)2146 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
2147 unsigned int ncons,
2148 int allowxtarget, struct policy_file *fp)
2149 {
2150 constraint_node_t *c, *lc;
2151 constraint_expr_t *e, *le;
2152 uint32_t buf[3];
2153 size_t nexpr;
2154 unsigned int i, j;
2155 int rc, depth;
2156
2157 lc = NULL;
2158 for (i = 0; i < ncons; i++) {
2159 c = calloc(1, sizeof(constraint_node_t));
2160 if (!c)
2161 return -1;
2162
2163 if (lc)
2164 lc->next = c;
2165 else
2166 *nodep = c;
2167
2168 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2169 if (rc < 0)
2170 return -1;
2171 c->permissions = le32_to_cpu(buf[0]);
2172 nexpr = le32_to_cpu(buf[1]);
2173 le = NULL;
2174 depth = -1;
2175 for (j = 0; j < nexpr; j++) {
2176 e = malloc(sizeof(constraint_expr_t));
2177 if (!e)
2178 return -1;
2179 if (constraint_expr_init(e) == -1) {
2180 free(e);
2181 return -1;
2182 }
2183 if (le) {
2184 le->next = e;
2185 } else {
2186 c->expr = e;
2187 }
2188
2189 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2190 if (rc < 0)
2191 return -1;
2192 e->expr_type = le32_to_cpu(buf[0]);
2193 e->attr = le32_to_cpu(buf[1]);
2194 e->op = le32_to_cpu(buf[2]);
2195
2196 switch (e->expr_type) {
2197 case CEXPR_NOT:
2198 if (depth < 0)
2199 return -1;
2200 break;
2201 case CEXPR_AND:
2202 case CEXPR_OR:
2203 if (depth < 1)
2204 return -1;
2205 depth--;
2206 break;
2207 case CEXPR_ATTR:
2208 if (depth == (CEXPR_MAXDEPTH - 1))
2209 return -1;
2210 depth++;
2211 break;
2212 case CEXPR_NAMES:
2213 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
2214 return -1;
2215 if (depth == (CEXPR_MAXDEPTH - 1))
2216 return -1;
2217 depth++;
2218 if (ebitmap_read(&e->names, fp))
2219 return -1;
2220 if (p->policy_type != POLICY_KERN &&
2221 type_set_read(e->type_names, fp))
2222 return -1;
2223 else if (p->policy_type == POLICY_KERN &&
2224 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
2225 type_set_read(e->type_names, fp))
2226 return -1;
2227 break;
2228 default:
2229 return -1;
2230 }
2231 le = e;
2232 }
2233 if (depth != 0)
2234 return -1;
2235 lc = c;
2236 }
2237
2238 return 0;
2239 }
2240
class_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2241 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2242 {
2243 char *key = 0;
2244 class_datum_t *cladatum;
2245 uint32_t buf[6];
2246 size_t len, len2, ncons, nel;
2247 unsigned int i;
2248 int rc;
2249
2250 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2251 if (!cladatum)
2252 return -1;
2253
2254 rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2255 if (rc < 0)
2256 goto bad;
2257
2258 len = le32_to_cpu(buf[0]);
2259 if (zero_or_saturated(len))
2260 goto bad;
2261 len2 = le32_to_cpu(buf[1]);
2262 if (is_saturated(len2))
2263 goto bad;
2264 cladatum->s.value = le32_to_cpu(buf[2]);
2265
2266 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2267 goto bad;
2268 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2269 if (cladatum->permissions.nprim > PERM_SYMTAB_SIZE)
2270 goto bad;
2271 nel = le32_to_cpu(buf[4]);
2272
2273 ncons = le32_to_cpu(buf[5]);
2274
2275 key = malloc(len + 1);
2276 if (!key)
2277 goto bad;
2278 rc = next_entry(key, fp, len);
2279 if (rc < 0)
2280 goto bad;
2281 key[len] = 0;
2282
2283 if (len2) {
2284 cladatum->comkey = malloc(len2 + 1);
2285 if (!cladatum->comkey)
2286 goto bad;
2287 rc = next_entry(cladatum->comkey, fp, len2);
2288 if (rc < 0)
2289 goto bad;
2290 cladatum->comkey[len2] = 0;
2291
2292 cladatum->comdatum = hashtab_search(p->p_commons.table,
2293 cladatum->comkey);
2294 if (!cladatum->comdatum) {
2295 ERR(fp->handle, "unknown common %s", cladatum->comkey);
2296 goto bad;
2297 }
2298 }
2299 for (i = 0; i < nel; i++) {
2300 if (perm_read(p, cladatum->permissions.table, fp, cladatum->permissions.nprim))
2301 goto bad;
2302 }
2303
2304 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2305 goto bad;
2306
2307 if ((p->policy_type == POLICY_KERN
2308 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2309 || (p->policy_type == POLICY_BASE
2310 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2311 /* grab the validatetrans rules */
2312 rc = next_entry(buf, fp, sizeof(uint32_t));
2313 if (rc < 0)
2314 goto bad;
2315 ncons = le32_to_cpu(buf[0]);
2316 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2317 goto bad;
2318 }
2319
2320 if ((p->policy_type == POLICY_KERN &&
2321 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
2322 (p->policy_type == POLICY_BASE &&
2323 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
2324 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2325 if (rc < 0)
2326 goto bad;
2327 cladatum->default_user = le32_to_cpu(buf[0]);
2328 cladatum->default_role = le32_to_cpu(buf[1]);
2329 cladatum->default_range = le32_to_cpu(buf[2]);
2330 }
2331
2332 if ((p->policy_type == POLICY_KERN &&
2333 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) ||
2334 (p->policy_type == POLICY_BASE &&
2335 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) {
2336 rc = next_entry(buf, fp, sizeof(uint32_t));
2337 if (rc < 0)
2338 goto bad;
2339 cladatum->default_type = le32_to_cpu(buf[0]);
2340 }
2341
2342 if (hashtab_insert(h, key, cladatum))
2343 goto bad;
2344
2345 return 0;
2346
2347 bad:
2348 class_destroy(key, cladatum, NULL);
2349 return -1;
2350 }
2351
role_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2352 static int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2353 {
2354 char *key = 0;
2355 role_datum_t *role;
2356 uint32_t buf[3];
2357 size_t len;
2358 int rc, to_read = 2;
2359
2360 role = calloc(1, sizeof(role_datum_t));
2361 if (!role)
2362 return -1;
2363
2364 if (policydb_has_boundary_feature(p))
2365 to_read = 3;
2366
2367 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2368 if (rc < 0)
2369 goto bad;
2370
2371 len = le32_to_cpu(buf[0]);
2372 if (zero_or_saturated(len))
2373 goto bad;
2374
2375 role->s.value = le32_to_cpu(buf[1]);
2376 if (policydb_has_boundary_feature(p))
2377 role->bounds = le32_to_cpu(buf[2]);
2378
2379 key = malloc(len + 1);
2380 if (!key)
2381 goto bad;
2382 rc = next_entry(key, fp, len);
2383 if (rc < 0)
2384 goto bad;
2385 key[len] = 0;
2386
2387 if (ebitmap_read(&role->dominates, fp))
2388 goto bad;
2389
2390 if (p->policy_type == POLICY_KERN) {
2391 if (ebitmap_read(&role->types.types, fp))
2392 goto bad;
2393 } else {
2394 if (type_set_read(&role->types, fp))
2395 goto bad;
2396 }
2397
2398 if (p->policy_type != POLICY_KERN &&
2399 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2400 rc = next_entry(buf, fp, sizeof(uint32_t));
2401 if (rc < 0)
2402 goto bad;
2403
2404 role->flavor = le32_to_cpu(buf[0]);
2405
2406 if (ebitmap_read(&role->roles, fp))
2407 goto bad;
2408 }
2409
2410 if (strcmp(key, OBJECT_R) == 0) {
2411 if (role->s.value != OBJECT_R_VAL) {
2412 ERR(fp->handle, "role %s has wrong value %d",
2413 OBJECT_R, role->s.value);
2414 role_destroy(key, role, NULL);
2415 return -1;
2416 }
2417 role_destroy(key, role, NULL);
2418 return 0;
2419 }
2420
2421 if (hashtab_insert(h, key, role))
2422 goto bad;
2423
2424 return 0;
2425
2426 bad:
2427 role_destroy(key, role, NULL);
2428 return -1;
2429 }
2430
type_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2431 static int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2432 {
2433 char *key = 0;
2434 type_datum_t *typdatum;
2435 uint32_t buf[5];
2436 size_t len;
2437 int rc, to_read;
2438 int pos = 0;
2439
2440 typdatum = calloc(1, sizeof(type_datum_t));
2441 if (!typdatum)
2442 return -1;
2443
2444 if (policydb_has_boundary_feature(p)) {
2445 if (p->policy_type != POLICY_KERN
2446 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2447 to_read = 5;
2448 else
2449 to_read = 4;
2450 }
2451 else if (p->policy_type == POLICY_KERN)
2452 to_read = 3;
2453 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2454 to_read = 5;
2455 else
2456 to_read = 4;
2457
2458 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2459 if (rc < 0)
2460 goto bad;
2461
2462 len = le32_to_cpu(buf[pos]);
2463 if (zero_or_saturated(len))
2464 goto bad;
2465
2466 typdatum->s.value = le32_to_cpu(buf[++pos]);
2467 if (policydb_has_boundary_feature(p)) {
2468 uint32_t properties;
2469
2470 if (p->policy_type != POLICY_KERN
2471 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2472 typdatum->primary = le32_to_cpu(buf[++pos]);
2473 properties = le32_to_cpu(buf[++pos]);
2474 }
2475 else {
2476 properties = le32_to_cpu(buf[++pos]);
2477
2478 if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2479 typdatum->primary = 1;
2480 }
2481
2482 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2483 typdatum->flavor = TYPE_ATTRIB;
2484 if (properties & TYPEDATUM_PROPERTY_ALIAS
2485 && p->policy_type != POLICY_KERN)
2486 typdatum->flavor = TYPE_ALIAS;
2487 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2488 && p->policy_type != POLICY_KERN)
2489 typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2490
2491 typdatum->bounds = le32_to_cpu(buf[++pos]);
2492 } else {
2493 typdatum->primary = le32_to_cpu(buf[++pos]);
2494 if (p->policy_type != POLICY_KERN) {
2495 typdatum->flavor = le32_to_cpu(buf[++pos]);
2496 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2497 typdatum->flags = le32_to_cpu(buf[++pos]);
2498 }
2499 }
2500
2501 if (p->policy_type != POLICY_KERN) {
2502 if (ebitmap_read(&typdatum->types, fp))
2503 goto bad;
2504 }
2505
2506 key = malloc(len + 1);
2507 if (!key)
2508 goto bad;
2509 rc = next_entry(key, fp, len);
2510 if (rc < 0)
2511 goto bad;
2512 key[len] = 0;
2513
2514 if (hashtab_insert(h, key, typdatum))
2515 goto bad;
2516
2517 return 0;
2518
2519 bad:
2520 type_destroy(key, typdatum, NULL);
2521 return -1;
2522 }
2523
role_trans_read(policydb_t * p,struct policy_file * fp)2524 static int role_trans_read(policydb_t *p, struct policy_file *fp)
2525 {
2526 role_trans_t **t = &p->role_tr;
2527 unsigned int i;
2528 uint32_t buf[3], nel;
2529 role_trans_t *tr, *ltr;
2530 int rc;
2531 int new_roletr = (p->policy_type == POLICY_KERN &&
2532 p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2533
2534 rc = next_entry(buf, fp, sizeof(uint32_t));
2535 if (rc < 0)
2536 return -1;
2537 nel = le32_to_cpu(buf[0]);
2538 ltr = NULL;
2539 for (i = 0; i < nel; i++) {
2540 tr = calloc(1, sizeof(struct role_trans));
2541 if (!tr) {
2542 return -1;
2543 }
2544 if (ltr) {
2545 ltr->next = tr;
2546 } else {
2547 *t = tr;
2548 }
2549 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2550 if (rc < 0)
2551 return -1;
2552 tr->role = le32_to_cpu(buf[0]);
2553 tr->type = le32_to_cpu(buf[1]);
2554 tr->new_role = le32_to_cpu(buf[2]);
2555 if (new_roletr) {
2556 rc = next_entry(buf, fp, sizeof(uint32_t));
2557 if (rc < 0)
2558 return -1;
2559 tr->tclass = le32_to_cpu(buf[0]);
2560 } else
2561 tr->tclass = p->process_class;
2562 ltr = tr;
2563 }
2564 return 0;
2565 }
2566
role_allow_read(role_allow_t ** r,struct policy_file * fp)2567 static int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2568 {
2569 unsigned int i;
2570 uint32_t buf[2], nel;
2571 role_allow_t *ra, *lra;
2572 int rc;
2573
2574 rc = next_entry(buf, fp, sizeof(uint32_t));
2575 if (rc < 0)
2576 return -1;
2577 nel = le32_to_cpu(buf[0]);
2578 lra = NULL;
2579 for (i = 0; i < nel; i++) {
2580 ra = calloc(1, sizeof(struct role_allow));
2581 if (!ra) {
2582 return -1;
2583 }
2584 if (lra) {
2585 lra->next = ra;
2586 } else {
2587 *r = ra;
2588 }
2589 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2590 if (rc < 0)
2591 return -1;
2592 ra->role = le32_to_cpu(buf[0]);
2593 ra->new_role = le32_to_cpu(buf[1]);
2594 lra = ra;
2595 }
2596 return 0;
2597 }
2598
policydb_filetrans_insert(policydb_t * p,uint32_t stype,uint32_t ttype,uint32_t tclass,const char * name,char ** name_alloc,uint32_t otype,uint32_t * present_otype)2599 int policydb_filetrans_insert(policydb_t *p, uint32_t stype, uint32_t ttype,
2600 uint32_t tclass, const char *name,
2601 char **name_alloc, uint32_t otype,
2602 uint32_t *present_otype)
2603 {
2604 filename_trans_key_t *ft, key;
2605 filename_trans_datum_t *datum, *last;
2606
2607 key.ttype = ttype;
2608 key.tclass = tclass;
2609 key.name = (char *)name;
2610
2611 last = NULL;
2612 datum = hashtab_search(p->filename_trans, (hashtab_key_t)&key);
2613 while (datum) {
2614 if (ebitmap_get_bit(&datum->stypes, stype - 1)) {
2615 if (present_otype)
2616 *present_otype = datum->otype;
2617 return SEPOL_EEXIST;
2618 }
2619 if (datum->otype == otype)
2620 break;
2621 last = datum;
2622 datum = datum->next;
2623 }
2624 if (!datum) {
2625 datum = malloc(sizeof(*datum));
2626 if (!datum)
2627 return SEPOL_ENOMEM;
2628
2629 ebitmap_init(&datum->stypes);
2630 datum->otype = otype;
2631 datum->next = NULL;
2632
2633 if (last) {
2634 last->next = datum;
2635 } else {
2636 char *name_dup;
2637
2638 if (name_alloc) {
2639 name_dup = *name_alloc;
2640 *name_alloc = NULL;
2641 } else {
2642 name_dup = strdup(name);
2643 if (!name_dup) {
2644 free(datum);
2645 return SEPOL_ENOMEM;
2646 }
2647 }
2648
2649 ft = malloc(sizeof(*ft));
2650 if (!ft) {
2651 free(name_dup);
2652 free(datum);
2653 return SEPOL_ENOMEM;
2654 }
2655
2656 ft->ttype = ttype;
2657 ft->tclass = tclass;
2658 ft->name = name_dup;
2659
2660 if (hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2661 (hashtab_datum_t)datum)) {
2662 free(name_dup);
2663 free(datum);
2664 free(ft);
2665 return SEPOL_ENOMEM;
2666 }
2667 }
2668 }
2669
2670 p->filename_trans_count++;
2671 return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
2672 }
2673
filename_trans_read_one_compat(policydb_t * p,struct policy_file * fp)2674 static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp)
2675 {
2676 uint32_t buf[4], len, stype, ttype, tclass, otype;
2677 char *name = NULL;
2678 int rc;
2679
2680 rc = next_entry(buf, fp, sizeof(uint32_t));
2681 if (rc < 0)
2682 return -1;
2683 len = le32_to_cpu(buf[0]);
2684 if (zero_or_saturated(len))
2685 return -1;
2686
2687 name = calloc(len + 1, sizeof(*name));
2688 if (!name)
2689 return -1;
2690
2691 rc = next_entry(name, fp, len);
2692 if (rc < 0)
2693 goto err;
2694
2695 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2696 if (rc < 0)
2697 goto err;
2698
2699 stype = le32_to_cpu(buf[0]);
2700 if (stype == 0)
2701 goto err;
2702
2703 ttype = le32_to_cpu(buf[1]);
2704 tclass = le32_to_cpu(buf[2]);
2705 otype = le32_to_cpu(buf[3]);
2706
2707 rc = policydb_filetrans_insert(p, stype, ttype, tclass, name, &name,
2708 otype, NULL);
2709 if (rc) {
2710 if (rc != SEPOL_EEXIST)
2711 goto err;
2712 /*
2713 * Some old policies were wrongly generated with
2714 * duplicate filename transition rules. For backward
2715 * compatibility, do not reject such policies, just
2716 * ignore the duplicate.
2717 */
2718 }
2719 free(name);
2720 return 0;
2721 err:
2722 free(name);
2723 return -1;
2724 }
2725
filename_trans_check_datum(filename_trans_datum_t * datum)2726 static int filename_trans_check_datum(filename_trans_datum_t *datum)
2727 {
2728 ebitmap_t stypes, otypes;
2729 int rc = -1;
2730
2731 ebitmap_init(&stypes);
2732 ebitmap_init(&otypes);
2733
2734 while (datum) {
2735 if (ebitmap_get_bit(&otypes, datum->otype))
2736 goto out;
2737
2738 if (ebitmap_set_bit(&otypes, datum->otype, 1))
2739 goto out;
2740
2741 if (ebitmap_match_any(&stypes, &datum->stypes))
2742 goto out;
2743
2744 if (ebitmap_union(&stypes, &datum->stypes))
2745 goto out;
2746
2747 datum = datum->next;
2748 }
2749 rc = 0;
2750 out:
2751 ebitmap_destroy(&stypes);
2752 ebitmap_destroy(&otypes);
2753 return rc;
2754 }
2755
filename_trans_read_one(policydb_t * p,struct policy_file * fp)2756 static int filename_trans_read_one(policydb_t *p, struct policy_file *fp)
2757 {
2758 filename_trans_key_t *ft = NULL;
2759 filename_trans_datum_t **dst, *datum, *first = NULL;
2760 unsigned int i;
2761 uint32_t buf[3], len, ttype, tclass, ndatum;
2762 char *name = NULL;
2763 int rc;
2764
2765 rc = next_entry(buf, fp, sizeof(uint32_t));
2766 if (rc < 0)
2767 return -1;
2768 len = le32_to_cpu(buf[0]);
2769 if (zero_or_saturated(len))
2770 return -1;
2771
2772 name = calloc(len + 1, sizeof(*name));
2773 if (!name)
2774 return -1;
2775
2776 rc = next_entry(name, fp, len);
2777 if (rc < 0)
2778 goto err;
2779
2780 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2781 if (rc < 0)
2782 goto err;
2783
2784 ttype = le32_to_cpu(buf[0]);
2785 tclass = le32_to_cpu(buf[1]);
2786 ndatum = le32_to_cpu(buf[2]);
2787 if (ndatum == 0)
2788 goto err;
2789
2790 dst = &first;
2791 for (i = 0; i < ndatum; i++) {
2792 datum = malloc(sizeof(*datum));
2793 if (!datum)
2794 goto err;
2795
2796 datum->next = NULL;
2797 *dst = datum;
2798
2799 /* ebitmap_read() will at least init the bitmap */
2800 rc = ebitmap_read(&datum->stypes, fp);
2801 if (rc < 0)
2802 goto err;
2803
2804 rc = next_entry(buf, fp, sizeof(uint32_t));
2805 if (rc < 0)
2806 goto err;
2807
2808 datum->otype = le32_to_cpu(buf[0]);
2809
2810 p->filename_trans_count += ebitmap_cardinality(&datum->stypes);
2811
2812 dst = &datum->next;
2813 }
2814
2815 if (ndatum > 1 && filename_trans_check_datum(first))
2816 goto err;
2817
2818 ft = malloc(sizeof(*ft));
2819 if (!ft)
2820 goto err;
2821
2822 ft->ttype = ttype;
2823 ft->tclass = tclass;
2824 ft->name = name;
2825
2826 rc = hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2827 (hashtab_datum_t)first);
2828 if (rc)
2829 goto err;
2830
2831 return 0;
2832 err:
2833 free(ft);
2834 free(name);
2835 while (first) {
2836 datum = first;
2837 first = first->next;
2838
2839 ebitmap_destroy(&datum->stypes);
2840 free(datum);
2841 }
2842 return -1;
2843 }
2844
filename_trans_read(policydb_t * p,struct policy_file * fp)2845 static int filename_trans_read(policydb_t *p, struct policy_file *fp)
2846 {
2847 unsigned int i;
2848 uint32_t buf[1], nel;
2849 int rc;
2850
2851 rc = next_entry(buf, fp, sizeof(uint32_t));
2852 if (rc < 0)
2853 return -1;
2854 nel = le32_to_cpu(buf[0]);
2855
2856 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2857 for (i = 0; i < nel; i++) {
2858 rc = filename_trans_read_one_compat(p, fp);
2859 if (rc < 0)
2860 return -1;
2861 }
2862 } else {
2863 for (i = 0; i < nel; i++) {
2864 rc = filename_trans_read_one(p, fp);
2865 if (rc < 0)
2866 return -1;
2867 }
2868 }
2869 return 0;
2870 }
2871
ocontext_read_xen(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2872 static int ocontext_read_xen(const struct policydb_compat_info *info,
2873 policydb_t *p, struct policy_file *fp)
2874 {
2875 unsigned int i, j;
2876 size_t nel, len;
2877 ocontext_t *l, *c;
2878 uint32_t buf[8];
2879 int rc;
2880
2881 for (i = 0; i < info->ocon_num; i++) {
2882 rc = next_entry(buf, fp, sizeof(uint32_t));
2883 if (rc < 0)
2884 return -1;
2885 nel = le32_to_cpu(buf[0]);
2886 l = NULL;
2887 for (j = 0; j < nel; j++) {
2888 c = calloc(1, sizeof(ocontext_t));
2889 if (!c)
2890 return -1;
2891 if (l)
2892 l->next = c;
2893 else
2894 p->ocontexts[i] = c;
2895 l = c;
2896 switch (i) {
2897 case OCON_XEN_ISID:
2898 rc = next_entry(buf, fp, sizeof(uint32_t));
2899 if (rc < 0)
2900 return -1;
2901 c->sid[0] = le32_to_cpu(buf[0]);
2902 if (is_saturated(c->sid[0]))
2903 return -1;
2904 if (context_read_and_validate
2905 (&c->context[0], p, fp))
2906 return -1;
2907 break;
2908 case OCON_XEN_PIRQ:
2909 rc = next_entry(buf, fp, sizeof(uint32_t));
2910 if (rc < 0)
2911 return -1;
2912 c->u.pirq = le32_to_cpu(buf[0]);
2913 if (context_read_and_validate
2914 (&c->context[0], p, fp))
2915 return -1;
2916 break;
2917 case OCON_XEN_IOPORT:
2918 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2919 if (rc < 0)
2920 return -1;
2921 c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2922 c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2923 if (context_read_and_validate
2924 (&c->context[0], p, fp))
2925 return -1;
2926 break;
2927 case OCON_XEN_IOMEM:
2928 if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) {
2929 uint64_t b64[2];
2930 rc = next_entry(b64, fp, sizeof(uint64_t) * 2);
2931 if (rc < 0)
2932 return -1;
2933 c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
2934 c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
2935 } else {
2936 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2937 if (rc < 0)
2938 return -1;
2939 c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2940 c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2941 }
2942 if (context_read_and_validate
2943 (&c->context[0], p, fp))
2944 return -1;
2945 break;
2946 case OCON_XEN_PCIDEVICE:
2947 rc = next_entry(buf, fp, sizeof(uint32_t));
2948 if (rc < 0)
2949 return -1;
2950 c->u.device = le32_to_cpu(buf[0]);
2951 if (context_read_and_validate
2952 (&c->context[0], p, fp))
2953 return -1;
2954 break;
2955 case OCON_XEN_DEVICETREE:
2956 rc = next_entry(buf, fp, sizeof(uint32_t));
2957 if (rc < 0)
2958 return -1;
2959 len = le32_to_cpu(buf[0]);
2960 if (zero_or_saturated(len))
2961 return -1;
2962
2963 c->u.name = malloc(len + 1);
2964 if (!c->u.name)
2965 return -1;
2966 rc = next_entry(c->u.name, fp, len);
2967 if (rc < 0)
2968 return -1;
2969 c->u.name[len] = 0;
2970 if (context_read_and_validate
2971 (&c->context[0], p, fp))
2972 return -1;
2973 break;
2974 default:
2975 /* should never get here */
2976 ERR(fp->handle, "Unknown Xen ocontext");
2977 return -1;
2978 }
2979 }
2980 }
2981 return 0;
2982 }
ocontext_read_selinux(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2983 static int ocontext_read_selinux(const struct policydb_compat_info *info,
2984 policydb_t * p, struct policy_file *fp)
2985 {
2986 unsigned int i, j;
2987 size_t nel, len;
2988 ocontext_t *l, *c;
2989 uint32_t buf[8];
2990 int rc;
2991
2992 for (i = 0; i < info->ocon_num; i++) {
2993 rc = next_entry(buf, fp, sizeof(uint32_t));
2994 if (rc < 0)
2995 return -1;
2996 nel = le32_to_cpu(buf[0]);
2997 l = NULL;
2998 for (j = 0; j < nel; j++) {
2999 c = calloc(1, sizeof(ocontext_t));
3000 if (!c) {
3001 return -1;
3002 }
3003 if (l) {
3004 l->next = c;
3005 } else {
3006 p->ocontexts[i] = c;
3007 }
3008 l = c;
3009 switch (i) {
3010 case OCON_ISID:
3011 rc = next_entry(buf, fp, sizeof(uint32_t));
3012 if (rc < 0)
3013 return -1;
3014 c->sid[0] = le32_to_cpu(buf[0]);
3015 if (is_saturated(c->sid[0]))
3016 return -1;
3017 if (context_read_and_validate
3018 (&c->context[0], p, fp))
3019 return -1;
3020 break;
3021 case OCON_FS:
3022 case OCON_NETIF:
3023 rc = next_entry(buf, fp, sizeof(uint32_t));
3024 if (rc < 0)
3025 return -1;
3026 len = le32_to_cpu(buf[0]);
3027 if (zero_or_saturated(len) || len > 63)
3028 return -1;
3029 c->u.name = malloc(len + 1);
3030 if (!c->u.name)
3031 return -1;
3032 rc = next_entry(c->u.name, fp, len);
3033 if (rc < 0)
3034 return -1;
3035 c->u.name[len] = 0;
3036 if (context_read_and_validate
3037 (&c->context[0], p, fp))
3038 return -1;
3039 if (context_read_and_validate
3040 (&c->context[1], p, fp))
3041 return -1;
3042 break;
3043 case OCON_IBPKEY: {
3044 uint32_t pkey_lo, pkey_hi;
3045
3046 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
3047 if (rc < 0)
3048 return -1;
3049
3050 pkey_lo = le32_to_cpu(buf[2]);
3051 pkey_hi = le32_to_cpu(buf[3]);
3052
3053 if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX)
3054 return -1;
3055
3056 c->u.ibpkey.low_pkey = pkey_lo;
3057 c->u.ibpkey.high_pkey = pkey_hi;
3058
3059 /* we want c->u.ibpkey.subnet_prefix in network
3060 * (big-endian) order, just memcpy it */
3061 memcpy(&c->u.ibpkey.subnet_prefix, buf,
3062 sizeof(c->u.ibpkey.subnet_prefix));
3063
3064 if (context_read_and_validate
3065 (&c->context[0], p, fp))
3066 return -1;
3067 break;
3068 }
3069 case OCON_IBENDPORT: {
3070 uint32_t port;
3071
3072 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3073 if (rc < 0)
3074 return -1;
3075 len = le32_to_cpu(buf[0]);
3076 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
3077 return -1;
3078
3079 port = le32_to_cpu(buf[1]);
3080 if (port > UINT8_MAX || port == 0)
3081 return -1;
3082
3083 c->u.ibendport.dev_name = malloc(len + 1);
3084 if (!c->u.ibendport.dev_name)
3085 return -1;
3086 rc = next_entry(c->u.ibendport.dev_name, fp, len);
3087 if (rc < 0)
3088 return -1;
3089 c->u.ibendport.dev_name[len] = 0;
3090 c->u.ibendport.port = port;
3091 if (context_read_and_validate
3092 (&c->context[0], p, fp))
3093 return -1;
3094 break;
3095 }
3096 case OCON_PORT:
3097 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
3098 if (rc < 0)
3099 return -1;
3100 c->u.port.protocol = le32_to_cpu(buf[0]);
3101 c->u.port.low_port = le32_to_cpu(buf[1]);
3102 c->u.port.high_port = le32_to_cpu(buf[2]);
3103 if (context_read_and_validate
3104 (&c->context[0], p, fp))
3105 return -1;
3106 break;
3107 case OCON_NODE:
3108 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3109 if (rc < 0)
3110 return -1;
3111 c->u.node.addr = buf[0]; /* network order */
3112 c->u.node.mask = buf[1]; /* network order */
3113 if (context_read_and_validate
3114 (&c->context[0], p, fp))
3115 return -1;
3116 break;
3117 case OCON_FSUSE:
3118 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3119 if (rc < 0)
3120 return -1;
3121 c->v.behavior = le32_to_cpu(buf[0]);
3122 len = le32_to_cpu(buf[1]);
3123 if (zero_or_saturated(len))
3124 return -1;
3125 c->u.name = malloc(len + 1);
3126 if (!c->u.name)
3127 return -1;
3128 rc = next_entry(c->u.name, fp, len);
3129 if (rc < 0)
3130 return -1;
3131 c->u.name[len] = 0;
3132 if (context_read_and_validate
3133 (&c->context[0], p, fp))
3134 return -1;
3135 break;
3136 case OCON_NODE6:{
3137 int k;
3138
3139 rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
3140 if (rc < 0)
3141 return -1;
3142 for (k = 0; k < 4; k++)
3143 /* network order */
3144 c->u.node6.addr[k] = buf[k];
3145 for (k = 0; k < 4; k++)
3146 /* network order */
3147 c->u.node6.mask[k] = buf[k + 4];
3148 if (context_read_and_validate
3149 (&c->context[0], p, fp))
3150 return -1;
3151 break;
3152 }
3153 default:{
3154 ERR(fp->handle, "Unknown SELinux ocontext");
3155 return -1;
3156 }
3157 }
3158 }
3159 }
3160 return 0;
3161 }
3162
ocontext_read(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)3163 static int ocontext_read(const struct policydb_compat_info *info,
3164 policydb_t *p, struct policy_file *fp)
3165 {
3166 int rc = -1;
3167 switch (p->target_platform) {
3168 case SEPOL_TARGET_SELINUX:
3169 rc = ocontext_read_selinux(info, p, fp);
3170 break;
3171 case SEPOL_TARGET_XEN:
3172 rc = ocontext_read_xen(info, p, fp);
3173 break;
3174 default:
3175 ERR(fp->handle, "Unknown target");
3176 }
3177 return rc;
3178 }
3179
genfs_read(policydb_t * p,struct policy_file * fp)3180 static int genfs_read(policydb_t * p, struct policy_file *fp)
3181 {
3182 uint32_t buf[1];
3183 size_t nel, nel2, len, len2;
3184 genfs_t *genfs_p, *newgenfs, *genfs;
3185 size_t i, j;
3186 ocontext_t *l, *c, *newc = NULL;
3187 int rc;
3188
3189 rc = next_entry(buf, fp, sizeof(uint32_t));
3190 if (rc < 0)
3191 goto bad;
3192 nel = le32_to_cpu(buf[0]);
3193 genfs_p = NULL;
3194 for (i = 0; i < nel; i++) {
3195 rc = next_entry(buf, fp, sizeof(uint32_t));
3196 if (rc < 0)
3197 goto bad;
3198 len = le32_to_cpu(buf[0]);
3199 if (zero_or_saturated(len))
3200 goto bad;
3201 newgenfs = calloc(1, sizeof(genfs_t));
3202 if (!newgenfs)
3203 goto bad;
3204 newgenfs->fstype = malloc(len + 1);
3205 if (!newgenfs->fstype) {
3206 free(newgenfs);
3207 goto bad;
3208 }
3209 rc = next_entry(newgenfs->fstype, fp, len);
3210 if (rc < 0) {
3211 free(newgenfs->fstype);
3212 free(newgenfs);
3213 goto bad;
3214 }
3215 newgenfs->fstype[len] = 0;
3216 for (genfs_p = NULL, genfs = p->genfs; genfs;
3217 genfs_p = genfs, genfs = genfs->next) {
3218 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
3219 ERR(fp->handle, "dup genfs fstype %s",
3220 newgenfs->fstype);
3221 free(newgenfs->fstype);
3222 free(newgenfs);
3223 goto bad;
3224 }
3225 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
3226 break;
3227 }
3228 newgenfs->next = genfs;
3229 if (genfs_p)
3230 genfs_p->next = newgenfs;
3231 else
3232 p->genfs = newgenfs;
3233 rc = next_entry(buf, fp, sizeof(uint32_t));
3234 if (rc < 0)
3235 goto bad;
3236 nel2 = le32_to_cpu(buf[0]);
3237 for (j = 0; j < nel2; j++) {
3238 newc = calloc(1, sizeof(ocontext_t));
3239 if (!newc) {
3240 goto bad;
3241 }
3242 rc = next_entry(buf, fp, sizeof(uint32_t));
3243 if (rc < 0)
3244 goto bad;
3245 len = le32_to_cpu(buf[0]);
3246 if (zero_or_saturated(len))
3247 goto bad;
3248 newc->u.name = malloc(len + 1);
3249 if (!newc->u.name) {
3250 goto bad;
3251 }
3252 rc = next_entry(newc->u.name, fp, len);
3253 if (rc < 0)
3254 goto bad;
3255 newc->u.name[len] = 0;
3256 rc = next_entry(buf, fp, sizeof(uint32_t));
3257 if (rc < 0)
3258 goto bad;
3259 newc->v.sclass = le32_to_cpu(buf[0]);
3260 if (context_read_and_validate(&newc->context[0], p, fp))
3261 goto bad;
3262 for (l = NULL, c = newgenfs->head; c;
3263 l = c, c = c->next) {
3264 if (!strcmp(newc->u.name, c->u.name) &&
3265 (!c->v.sclass || !newc->v.sclass ||
3266 newc->v.sclass == c->v.sclass)) {
3267 ERR(fp->handle, "dup genfs entry "
3268 "(%s,%s)", newgenfs->fstype,
3269 c->u.name);
3270 goto bad;
3271 }
3272 len = strlen(newc->u.name);
3273 len2 = strlen(c->u.name);
3274 if (len > len2)
3275 break;
3276 }
3277 newc->next = c;
3278 if (l)
3279 l->next = newc;
3280 else
3281 newgenfs->head = newc;
3282 /* clear newc after a new owner has the pointer */
3283 newc = NULL;
3284 }
3285 }
3286
3287 return 0;
3288
3289 bad:
3290 if (newc) {
3291 context_destroy(&newc->context[0]);
3292 context_destroy(&newc->context[1]);
3293 free(newc->u.name);
3294 free(newc);
3295 }
3296 return -1;
3297 }
3298
3299 /*
3300 * Read a MLS level structure from a policydb binary
3301 * representation file.
3302 */
mls_read_level(mls_level_t * lp,struct policy_file * fp)3303 static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
3304 {
3305 uint32_t buf[1];
3306 int rc;
3307
3308 mls_level_init(lp);
3309
3310 rc = next_entry(buf, fp, sizeof(uint32_t));
3311 if (rc < 0) {
3312 ERR(fp->handle, "truncated level");
3313 goto bad;
3314 }
3315 lp->sens = le32_to_cpu(buf[0]);
3316
3317 if (ebitmap_read(&lp->cat, fp)) {
3318 ERR(fp->handle, "error reading level categories");
3319 goto bad;
3320 }
3321 return 0;
3322
3323 bad:
3324 return -EINVAL;
3325 }
3326
user_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3327 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
3328 {
3329 char *key = 0;
3330 user_datum_t *usrdatum;
3331 uint32_t buf[3];
3332 size_t len;
3333 int rc, to_read = 2;
3334
3335 usrdatum = calloc(1, sizeof(user_datum_t));
3336 if (!usrdatum)
3337 return -1;
3338
3339 if (policydb_has_boundary_feature(p))
3340 to_read = 3;
3341
3342 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
3343 if (rc < 0)
3344 goto bad;
3345
3346 len = le32_to_cpu(buf[0]);
3347 if (zero_or_saturated(len))
3348 goto bad;
3349
3350 usrdatum->s.value = le32_to_cpu(buf[1]);
3351 if (policydb_has_boundary_feature(p))
3352 usrdatum->bounds = le32_to_cpu(buf[2]);
3353
3354 key = malloc(len + 1);
3355 if (!key)
3356 goto bad;
3357 rc = next_entry(key, fp, len);
3358 if (rc < 0)
3359 goto bad;
3360 key[len] = 0;
3361
3362 if (p->policy_type == POLICY_KERN) {
3363 if (ebitmap_read(&usrdatum->roles.roles, fp))
3364 goto bad;
3365 } else {
3366 if (role_set_read(&usrdatum->roles, fp))
3367 goto bad;
3368 }
3369
3370 /* users were not allowed in mls modules before version
3371 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
3372 * required - the mls fields will be empty. user declarations in
3373 * non-mls modules will also have empty mls fields */
3374 if ((p->policy_type == POLICY_KERN
3375 && p->policyvers >= POLICYDB_VERSION_MLS)
3376 || (p->policy_type == POLICY_MOD
3377 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3378 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
3379 || (p->policy_type == POLICY_BASE
3380 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3381 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
3382 if (mls_read_range_helper(&usrdatum->exp_range, fp))
3383 goto bad;
3384 if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
3385 goto bad;
3386 if (p->policy_type != POLICY_KERN) {
3387 if (mls_range_to_semantic(&usrdatum->exp_range,
3388 &usrdatum->range))
3389 goto bad;
3390 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
3391 &usrdatum->dfltlevel))
3392 goto bad;
3393 }
3394 } else if ((p->policy_type == POLICY_MOD
3395 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
3396 || (p->policy_type == POLICY_BASE
3397 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
3398 if (mls_read_semantic_range_helper(&usrdatum->range, fp))
3399 goto bad;
3400 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
3401 goto bad;
3402 }
3403
3404 if (hashtab_insert(h, key, usrdatum))
3405 goto bad;
3406
3407 return 0;
3408
3409 bad:
3410 user_destroy(key, usrdatum, NULL);
3411 return -1;
3412 }
3413
sens_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3414 static int sens_read(policydb_t * p
3415 __attribute__ ((unused)), hashtab_t h,
3416 struct policy_file *fp)
3417 {
3418 char *key = 0;
3419 level_datum_t *levdatum;
3420 uint32_t buf[2], len;
3421 int rc;
3422
3423 levdatum = malloc(sizeof(level_datum_t));
3424 if (!levdatum)
3425 return -1;
3426 level_datum_init(levdatum);
3427
3428 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3429 if (rc < 0)
3430 goto bad;
3431
3432 len = le32_to_cpu(buf[0]);
3433 if (zero_or_saturated(len))
3434 goto bad;
3435
3436 levdatum->isalias = le32_to_cpu(buf[1]);
3437
3438 key = malloc(len + 1);
3439 if (!key)
3440 goto bad;
3441 rc = next_entry(key, fp, len);
3442 if (rc < 0)
3443 goto bad;
3444 key[len] = 0;
3445
3446 levdatum->level = malloc(sizeof(mls_level_t));
3447 if (!levdatum->level || mls_read_level(levdatum->level, fp))
3448 goto bad;
3449
3450 if (hashtab_insert(h, key, levdatum))
3451 goto bad;
3452
3453 return 0;
3454
3455 bad:
3456 sens_destroy(key, levdatum, NULL);
3457 return -1;
3458 }
3459
cat_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3460 static int cat_read(policydb_t * p
3461 __attribute__ ((unused)), hashtab_t h,
3462 struct policy_file *fp)
3463 {
3464 char *key = 0;
3465 cat_datum_t *catdatum;
3466 uint32_t buf[3], len;
3467 int rc;
3468
3469 catdatum = malloc(sizeof(cat_datum_t));
3470 if (!catdatum)
3471 return -1;
3472 cat_datum_init(catdatum);
3473
3474 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
3475 if (rc < 0)
3476 goto bad;
3477
3478 len = le32_to_cpu(buf[0]);
3479 if(zero_or_saturated(len))
3480 goto bad;
3481
3482 catdatum->s.value = le32_to_cpu(buf[1]);
3483 catdatum->isalias = le32_to_cpu(buf[2]);
3484
3485 key = malloc(len + 1);
3486 if (!key)
3487 goto bad;
3488 rc = next_entry(key, fp, len);
3489 if (rc < 0)
3490 goto bad;
3491 key[len] = 0;
3492
3493 if (hashtab_insert(h, key, catdatum))
3494 goto bad;
3495
3496 return 0;
3497
3498 bad:
3499 cat_destroy(key, catdatum, NULL);
3500 return -1;
3501 }
3502
3503 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
3504 struct policy_file * fp) = {
3505 common_read, class_read, role_read, type_read, user_read,
3506 cond_read_bool, sens_read, cat_read,};
3507
3508 /************** module reading functions below **************/
3509
avrule_read(policydb_t * p,struct policy_file * fp)3510 static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
3511 {
3512 unsigned int i;
3513 uint32_t buf[2], len;
3514 class_perm_node_t *cur, *tail = NULL;
3515 avrule_t *avrule;
3516 int rc;
3517
3518 avrule = (avrule_t *) malloc(sizeof(avrule_t));
3519 if (!avrule)
3520 return NULL;
3521
3522 avrule_init(avrule);
3523
3524 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3525 if (rc < 0)
3526 goto bad;
3527
3528 avrule->specified = le32_to_cpu(buf[0]);
3529 avrule->flags = le32_to_cpu(buf[1]);
3530
3531 if (type_set_read(&avrule->stypes, fp))
3532 goto bad;
3533
3534 if (type_set_read(&avrule->ttypes, fp))
3535 goto bad;
3536
3537 rc = next_entry(buf, fp, sizeof(uint32_t));
3538 if (rc < 0)
3539 goto bad;
3540 len = le32_to_cpu(buf[0]);
3541
3542 for (i = 0; i < len; i++) {
3543 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
3544 if (!cur)
3545 goto bad;
3546 class_perm_node_init(cur);
3547
3548 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3549 if (rc < 0) {
3550 free(cur);
3551 goto bad;
3552 }
3553
3554 cur->tclass = le32_to_cpu(buf[0]);
3555 cur->data = le32_to_cpu(buf[1]);
3556
3557 if (!tail) {
3558 avrule->perms = cur;
3559 } else {
3560 tail->next = cur;
3561 }
3562 tail = cur;
3563 }
3564
3565 if (avrule->specified & AVRULE_XPERMS) {
3566 uint8_t buf8;
3567 size_t nel = ARRAY_SIZE(avrule->xperms->perms);
3568 uint32_t buf32[nel];
3569
3570 if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) {
3571 ERR(fp->handle,
3572 "module policy version %u does not support ioctl"
3573 " extended permissions rules and one was specified",
3574 p->policyvers);
3575 goto bad;
3576 }
3577
3578 if (p->target_platform != SEPOL_TARGET_SELINUX) {
3579 ERR(fp->handle,
3580 "Target platform %s does not support ioctl"
3581 " extended permissions rules and one was specified",
3582 policydb_target_strings[p->target_platform]);
3583 goto bad;
3584 }
3585
3586 avrule->xperms = calloc(1, sizeof(*avrule->xperms));
3587 if (!avrule->xperms)
3588 goto bad;
3589
3590 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3591 if (rc < 0) {
3592 ERR(fp->handle, "truncated entry");
3593 goto bad;
3594 }
3595 avrule->xperms->specified = buf8;
3596 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3597 if (rc < 0) {
3598 ERR(fp->handle, "truncated entry");
3599 goto bad;
3600 }
3601 avrule->xperms->driver = buf8;
3602 rc = next_entry(buf32, fp, sizeof(uint32_t)*nel);
3603 if (rc < 0) {
3604 ERR(fp->handle, "truncated entry");
3605 goto bad;
3606 }
3607 for (i = 0; i < nel; i++)
3608 avrule->xperms->perms[i] = le32_to_cpu(buf32[i]);
3609 }
3610
3611 return avrule;
3612 bad:
3613 if (avrule) {
3614 avrule_destroy(avrule);
3615 free(avrule);
3616 }
3617 return NULL;
3618 }
3619
range_read(policydb_t * p,struct policy_file * fp)3620 static int range_read(policydb_t * p, struct policy_file *fp)
3621 {
3622 uint32_t buf[2], nel;
3623 range_trans_t *rt = NULL;
3624 struct mls_range *r = NULL;
3625 range_trans_rule_t *rtr = NULL, *lrtr = NULL;
3626 unsigned int i;
3627 int new_rangetr = (p->policy_type == POLICY_KERN &&
3628 p->policyvers >= POLICYDB_VERSION_RANGETRANS);
3629 int rc;
3630
3631 rc = next_entry(buf, fp, sizeof(uint32_t));
3632 if (rc < 0)
3633 return -1;
3634 nel = le32_to_cpu(buf[0]);
3635 for (i = 0; i < nel; i++) {
3636 rt = calloc(1, sizeof(range_trans_t));
3637 if (!rt)
3638 return -1;
3639 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3640 if (rc < 0)
3641 goto err;
3642 rt->source_type = le32_to_cpu(buf[0]);
3643 if (!value_isvalid(rt->source_type, p->p_types.nprim))
3644 goto err;
3645 rt->target_type = le32_to_cpu(buf[1]);
3646 if (!value_isvalid(rt->target_type, p->p_types.nprim))
3647 goto err;
3648 if (new_rangetr) {
3649 rc = next_entry(buf, fp, (sizeof(uint32_t)));
3650 if (rc < 0)
3651 goto err;
3652 rt->target_class = le32_to_cpu(buf[0]);
3653 if (!value_isvalid(rt->target_class, p->p_classes.nprim))
3654 goto err;
3655 } else
3656 rt->target_class = p->process_class;
3657 r = calloc(1, sizeof(*r));
3658 if (!r)
3659 goto err;
3660 if (mls_read_range_helper(r, fp))
3661 goto err;
3662
3663 if (p->policy_type == POLICY_KERN) {
3664 rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r);
3665 if (rc)
3666 goto err;
3667 rt = NULL;
3668 r = NULL;
3669 continue;
3670 }
3671
3672 /* Module policy: convert to range_trans_rule and discard. */
3673 rtr = malloc(sizeof(range_trans_rule_t));
3674 if (!rtr)
3675 goto err;
3676 range_trans_rule_init(rtr);
3677
3678 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3679 goto err;
3680
3681 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3682 goto err;
3683
3684 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3685 goto err;
3686
3687 if (mls_range_to_semantic(r, &rtr->trange))
3688 goto err;
3689
3690 if (lrtr)
3691 lrtr->next = rtr;
3692 else
3693 p->global->enabled->range_tr_rules = rtr;
3694
3695 free(rt);
3696 rt = NULL;
3697 free(r);
3698 r = NULL;
3699 lrtr = rtr;
3700 }
3701
3702 return 0;
3703 err:
3704 free(rt);
3705 if (r) {
3706 mls_range_destroy(r);
3707 free(r);
3708 }
3709 if (rtr) {
3710 range_trans_rule_destroy(rtr);
3711 free(rtr);
3712 }
3713 return -1;
3714 }
3715
avrule_read_list(policydb_t * p,avrule_t ** avrules,struct policy_file * fp)3716 int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3717 struct policy_file *fp)
3718 {
3719 unsigned int i;
3720 avrule_t *cur, *tail;
3721 uint32_t buf[1], len;
3722 int rc;
3723
3724 *avrules = tail = NULL;
3725
3726 rc = next_entry(buf, fp, sizeof(uint32_t));
3727 if (rc < 0) {
3728 return -1;
3729 }
3730 len = le32_to_cpu(buf[0]);
3731
3732 for (i = 0; i < len; i++) {
3733 cur = avrule_read(p, fp);
3734 if (!cur) {
3735 return -1;
3736 }
3737
3738 if (!tail) {
3739 *avrules = cur;
3740 } else {
3741 tail->next = cur;
3742 }
3743 tail = cur;
3744 }
3745
3746 return 0;
3747 }
3748
role_trans_rule_read(policydb_t * p,role_trans_rule_t ** r,struct policy_file * fp)3749 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3750 struct policy_file *fp)
3751 {
3752 uint32_t buf[1], nel;
3753 unsigned int i;
3754 role_trans_rule_t *tr, *ltr;
3755 int rc;
3756
3757 rc = next_entry(buf, fp, sizeof(uint32_t));
3758 if (rc < 0)
3759 return -1;
3760 nel = le32_to_cpu(buf[0]);
3761 ltr = NULL;
3762 for (i = 0; i < nel; i++) {
3763 tr = malloc(sizeof(role_trans_rule_t));
3764 if (!tr) {
3765 return -1;
3766 }
3767 role_trans_rule_init(tr);
3768
3769 if (ltr) {
3770 ltr->next = tr;
3771 } else {
3772 *r = tr;
3773 }
3774
3775 if (role_set_read(&tr->roles, fp))
3776 return -1;
3777
3778 if (type_set_read(&tr->types, fp))
3779 return -1;
3780
3781 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3782 if (ebitmap_read(&tr->classes, fp))
3783 return -1;
3784 } else {
3785 if (!p->process_class)
3786 return -1;
3787 if (ebitmap_set_bit(&tr->classes, p->process_class - 1, 1))
3788 return -1;
3789 }
3790
3791 rc = next_entry(buf, fp, sizeof(uint32_t));
3792 if (rc < 0)
3793 return -1;
3794 tr->new_role = le32_to_cpu(buf[0]);
3795 ltr = tr;
3796 }
3797
3798 return 0;
3799 }
3800
role_allow_rule_read(role_allow_rule_t ** r,struct policy_file * fp)3801 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3802 {
3803 unsigned int i;
3804 uint32_t buf[1], nel;
3805 role_allow_rule_t *ra, *lra;
3806 int rc;
3807
3808 rc = next_entry(buf, fp, sizeof(uint32_t));
3809 if (rc < 0)
3810 return -1;
3811 nel = le32_to_cpu(buf[0]);
3812 lra = NULL;
3813 for (i = 0; i < nel; i++) {
3814 ra = malloc(sizeof(role_allow_rule_t));
3815 if (!ra) {
3816 return -1;
3817 }
3818 role_allow_rule_init(ra);
3819
3820 if (lra) {
3821 lra->next = ra;
3822 } else {
3823 *r = ra;
3824 }
3825
3826 if (role_set_read(&ra->roles, fp))
3827 return -1;
3828
3829 if (role_set_read(&ra->new_roles, fp))
3830 return -1;
3831
3832 lra = ra;
3833 }
3834 return 0;
3835 }
3836
filename_trans_rule_read(policydb_t * p,filename_trans_rule_t ** r,struct policy_file * fp)3837 static int filename_trans_rule_read(policydb_t *p, filename_trans_rule_t **r,
3838 struct policy_file *fp)
3839 {
3840 uint32_t buf[3], nel, i, len;
3841 unsigned int entries;
3842 filename_trans_rule_t *ftr, *lftr;
3843 int rc;
3844
3845 rc = next_entry(buf, fp, sizeof(uint32_t));
3846 if (rc < 0)
3847 return -1;
3848 nel = le32_to_cpu(buf[0]);
3849 lftr = NULL;
3850 for (i = 0; i < nel; i++) {
3851 ftr = malloc(sizeof(*ftr));
3852 if (!ftr)
3853 return -1;
3854
3855 filename_trans_rule_init(ftr);
3856
3857 if (lftr)
3858 lftr->next = ftr;
3859 else
3860 *r = ftr;
3861 lftr = ftr;
3862
3863 rc = next_entry(buf, fp, sizeof(uint32_t));
3864 if (rc < 0)
3865 return -1;
3866
3867 len = le32_to_cpu(buf[0]);
3868 if (zero_or_saturated(len))
3869 return -1;
3870
3871 ftr->name = malloc(len + 1);
3872 if (!ftr->name)
3873 return -1;
3874
3875 rc = next_entry(ftr->name, fp, len);
3876 if (rc)
3877 return -1;
3878 ftr->name[len] = 0;
3879
3880 if (type_set_read(&ftr->stypes, fp))
3881 return -1;
3882
3883 if (type_set_read(&ftr->ttypes, fp))
3884 return -1;
3885
3886 if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS)
3887 entries = 3;
3888 else
3889 entries = 2;
3890
3891 rc = next_entry(buf, fp, sizeof(uint32_t) * entries);
3892 if (rc < 0)
3893 return -1;
3894 ftr->tclass = le32_to_cpu(buf[0]);
3895 ftr->otype = le32_to_cpu(buf[1]);
3896 if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS)
3897 ftr->flags = le32_to_cpu(buf[2]);
3898 }
3899
3900 return 0;
3901 }
3902
range_trans_rule_read(range_trans_rule_t ** r,struct policy_file * fp)3903 static int range_trans_rule_read(range_trans_rule_t ** r,
3904 struct policy_file *fp)
3905 {
3906 uint32_t buf[1], nel;
3907 unsigned int i;
3908 range_trans_rule_t *rt, *lrt = NULL;
3909 int rc;
3910
3911 rc = next_entry(buf, fp, sizeof(uint32_t));
3912 if (rc < 0)
3913 return -1;
3914 nel = le32_to_cpu(buf[0]);
3915 for (i = 0; i < nel; i++) {
3916 rt = malloc(sizeof(range_trans_rule_t));
3917 if (!rt) {
3918 return -1;
3919 }
3920 range_trans_rule_init(rt);
3921
3922 if (lrt)
3923 lrt->next = rt;
3924 else
3925 *r = rt;
3926
3927 if (type_set_read(&rt->stypes, fp))
3928 return -1;
3929
3930 if (type_set_read(&rt->ttypes, fp))
3931 return -1;
3932
3933 if (ebitmap_read(&rt->tclasses, fp))
3934 return -1;
3935
3936 if (mls_read_semantic_range_helper(&rt->trange, fp))
3937 return -1;
3938
3939 lrt = rt;
3940 }
3941
3942 return 0;
3943 }
3944
scope_index_read(scope_index_t * scope_index,unsigned int num_scope_syms,struct policy_file * fp)3945 static int scope_index_read(scope_index_t * scope_index,
3946 unsigned int num_scope_syms, struct policy_file *fp)
3947 {
3948 unsigned int i;
3949 uint32_t buf[1];
3950 int rc;
3951
3952 for (i = 0; i < num_scope_syms; i++) {
3953 if (ebitmap_read(scope_index->scope + i, fp) < 0) {
3954 return -1;
3955 }
3956 }
3957 rc = next_entry(buf, fp, sizeof(uint32_t));
3958 if (rc < 0)
3959 return -1;
3960 scope_index->class_perms_len = le32_to_cpu(buf[0]);
3961 if (is_saturated(scope_index->class_perms_len))
3962 return -1;
3963 if (scope_index->class_perms_len == 0) {
3964 scope_index->class_perms_map = NULL;
3965 return 0;
3966 }
3967 if ((scope_index->class_perms_map =
3968 calloc(scope_index->class_perms_len,
3969 sizeof(*scope_index->class_perms_map))) == NULL) {
3970 return -1;
3971 }
3972 for (i = 0; i < scope_index->class_perms_len; i++) {
3973 if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
3974 return -1;
3975 }
3976 }
3977 return 0;
3978 }
3979
avrule_decl_read(policydb_t * p,avrule_decl_t * decl,unsigned int num_scope_syms,struct policy_file * fp)3980 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3981 unsigned int num_scope_syms, struct policy_file *fp)
3982 {
3983 uint32_t buf[2], nprim, nel;
3984 unsigned int i, j;
3985 int rc;
3986
3987 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3988 if (rc < 0)
3989 return -1;
3990 decl->decl_id = le32_to_cpu(buf[0]);
3991 decl->enabled = le32_to_cpu(buf[1]);
3992 if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3993 avrule_read_list(p, &decl->avrules, fp) == -1 ||
3994 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3995 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3996 return -1;
3997 }
3998
3999 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
4000 filename_trans_rule_read(p, &decl->filename_trans_rules, fp))
4001 return -1;
4002
4003 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
4004 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
4005 return -1;
4006 }
4007 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
4008 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
4009 return -1;
4010 }
4011
4012 for (i = 0; i < num_scope_syms; i++) {
4013 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4014 if (rc < 0)
4015 return -1;
4016 nprim = le32_to_cpu(buf[0]);
4017 if (is_saturated(nprim))
4018 return -1;
4019 nel = le32_to_cpu(buf[1]);
4020 for (j = 0; j < nel; j++) {
4021 if (read_f[i] (p, decl->symtab[i].table, fp)) {
4022 return -1;
4023 }
4024 }
4025 decl->symtab[i].nprim = nprim;
4026 }
4027 return 0;
4028 }
4029
avrule_block_read(policydb_t * p,avrule_block_t ** block,unsigned int num_scope_syms,struct policy_file * fp)4030 static int avrule_block_read(policydb_t * p,
4031 avrule_block_t ** block,
4032 unsigned int num_scope_syms,
4033 struct policy_file *fp)
4034 {
4035 avrule_block_t *last_block = NULL, *curblock;
4036 uint32_t buf[1], num_blocks, nel;
4037 int rc;
4038
4039 assert(*block == NULL);
4040
4041 rc = next_entry(buf, fp, sizeof(uint32_t));
4042 if (rc < 0)
4043 return -1;
4044 num_blocks = le32_to_cpu(buf[0]);
4045 nel = num_blocks;
4046 while (num_blocks > 0) {
4047 avrule_decl_t *last_decl = NULL, *curdecl;
4048 uint32_t num_decls;
4049 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
4050 return -1;
4051 }
4052 rc = next_entry(buf, fp, sizeof(uint32_t));
4053 if (rc < 0) {
4054 free(curblock);
4055 return -1;
4056 }
4057 /* if this is the first block its non-optional, else its optional */
4058 if (num_blocks != nel)
4059 curblock->flags |= AVRULE_OPTIONAL;
4060
4061 num_decls = le32_to_cpu(buf[0]);
4062 while (num_decls > 0) {
4063 if ((curdecl = avrule_decl_create(0)) == NULL) {
4064 avrule_block_destroy(curblock);
4065 return -1;
4066 }
4067 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
4068 -1) {
4069 avrule_decl_destroy(curdecl);
4070 avrule_block_destroy(curblock);
4071 return -1;
4072 }
4073 if (curdecl->enabled) {
4074 if (curblock->enabled != NULL) {
4075 /* probably a corrupt file */
4076 avrule_decl_destroy(curdecl);
4077 avrule_block_destroy(curblock);
4078 return -1;
4079 }
4080 curblock->enabled = curdecl;
4081 }
4082 /* one must be careful to reconstruct the
4083 * decl chain in its correct order */
4084 if (curblock->branch_list == NULL) {
4085 curblock->branch_list = curdecl;
4086 } else {
4087 assert(last_decl);
4088 last_decl->next = curdecl;
4089 }
4090 last_decl = curdecl;
4091 num_decls--;
4092 }
4093
4094 if (*block == NULL) {
4095 *block = curblock;
4096 } else {
4097 assert(last_block);
4098 last_block->next = curblock;
4099 }
4100 last_block = curblock;
4101
4102 num_blocks--;
4103 }
4104
4105 return 0;
4106 }
4107
scope_read(policydb_t * p,int symnum,struct policy_file * fp)4108 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
4109 {
4110 scope_datum_t *scope = NULL;
4111 uint32_t buf[2];
4112 char *key = NULL;
4113 size_t key_len;
4114 unsigned int i;
4115 hashtab_t h = p->scope[symnum].table;
4116 int rc;
4117
4118 rc = next_entry(buf, fp, sizeof(uint32_t));
4119 if (rc < 0)
4120 goto cleanup;
4121 key_len = le32_to_cpu(buf[0]);
4122 if (zero_or_saturated(key_len))
4123 goto cleanup;
4124 key = malloc(key_len + 1);
4125 if (!key)
4126 goto cleanup;
4127 rc = next_entry(key, fp, key_len);
4128 if (rc < 0)
4129 goto cleanup;
4130 key[key_len] = '\0';
4131
4132 /* ensure that there already exists a symbol with this key */
4133 if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
4134 goto cleanup;
4135 }
4136
4137 if ((scope = calloc(1, sizeof(*scope))) == NULL) {
4138 goto cleanup;
4139 }
4140 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4141 if (rc < 0)
4142 goto cleanup;
4143 scope->scope = le32_to_cpu(buf[0]);
4144 scope->decl_ids_len = le32_to_cpu(buf[1]);
4145 if (zero_or_saturated(scope->decl_ids_len)) {
4146 ERR(fp->handle, "invalid scope with no declaration");
4147 goto cleanup;
4148 }
4149 if ((scope->decl_ids =
4150 calloc(scope->decl_ids_len, sizeof(uint32_t))) == NULL) {
4151 goto cleanup;
4152 }
4153 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
4154 if (rc < 0)
4155 goto cleanup;
4156 for (i = 0; i < scope->decl_ids_len; i++) {
4157 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
4158 }
4159
4160 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
4161 /* object_r was already added to this table in roles_init() */
4162 scope_destroy(key, scope, NULL);
4163 } else {
4164 if (hashtab_insert(h, key, scope)) {
4165 goto cleanup;
4166 }
4167 }
4168
4169 return 0;
4170
4171 cleanup:
4172 scope_destroy(key, scope, NULL);
4173 return -1;
4174 }
4175
policydb_string_to_security_class(struct policydb * policydb,const char * class_name)4176 static sepol_security_class_t policydb_string_to_security_class(
4177 struct policydb *policydb,
4178 const char *class_name)
4179 {
4180 class_datum_t *tclass_datum;
4181
4182 tclass_datum = hashtab_search(policydb->p_classes.table,
4183 class_name);
4184 if (!tclass_datum)
4185 return 0;
4186 return tclass_datum->s.value;
4187 }
4188
policydb_string_to_av_perm(struct policydb * policydb,sepol_security_class_t tclass,const char * perm_name)4189 static sepol_access_vector_t policydb_string_to_av_perm(
4190 struct policydb *policydb,
4191 sepol_security_class_t tclass,
4192 const char *perm_name)
4193 {
4194 class_datum_t *tclass_datum;
4195 perm_datum_t *perm_datum;
4196
4197 if (!tclass || tclass > policydb->p_classes.nprim)
4198 return 0;
4199 tclass_datum = policydb->class_val_to_struct[tclass - 1];
4200
4201 perm_datum = (perm_datum_t *)
4202 hashtab_search(tclass_datum->permissions.table,
4203 perm_name);
4204 if (perm_datum != NULL)
4205 return UINT32_C(1) << (perm_datum->s.value - 1);
4206
4207 if (tclass_datum->comdatum == NULL)
4208 return 0;
4209
4210 perm_datum = (perm_datum_t *)
4211 hashtab_search(tclass_datum->comdatum->permissions.table,
4212 perm_name);
4213
4214 if (perm_datum != NULL)
4215 return UINT32_C(1) << (perm_datum->s.value - 1);
4216
4217 return 0;
4218 }
4219
4220
4221 /*
4222 * Read the configuration data from a policy database binary
4223 * representation file into a policy database structure.
4224 */
policydb_read(policydb_t * p,struct policy_file * fp,unsigned verbose)4225 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
4226 {
4227
4228 unsigned int i, j, r_policyvers;
4229 uint32_t buf[5];
4230 size_t len, nprim, nel;
4231 char *policydb_str;
4232 const struct policydb_compat_info *info;
4233 unsigned int policy_type, bufindex;
4234 ebitmap_node_t *tnode;
4235 int rc;
4236
4237 /* Read the magic number and string length. */
4238 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4239 if (rc < 0)
4240 return POLICYDB_ERROR;
4241 for (i = 0; i < 2; i++)
4242 buf[i] = le32_to_cpu(buf[i]);
4243
4244 if (buf[0] == POLICYDB_MAGIC) {
4245 policy_type = POLICY_KERN;
4246 } else if (buf[0] == POLICYDB_MOD_MAGIC) {
4247 policy_type = POLICY_MOD;
4248 } else {
4249 ERR(fp->handle, "policydb magic number %#08x does not "
4250 "match expected magic number %#08x or %#08x",
4251 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
4252 return POLICYDB_ERROR;
4253 }
4254
4255 len = buf[1];
4256 if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) {
4257 ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero");
4258 return POLICYDB_ERROR;
4259 }
4260
4261 policydb_str = malloc(len + 1);
4262 if (!policydb_str) {
4263 ERR(fp->handle, "unable to allocate memory for policydb "
4264 "string of length %zu", len);
4265 return POLICYDB_ERROR;
4266 }
4267 rc = next_entry(policydb_str, fp, len);
4268 if (rc < 0) {
4269 ERR(fp->handle, "truncated policydb string identifier");
4270 free(policydb_str);
4271 return POLICYDB_ERROR;
4272 }
4273 policydb_str[len] = 0;
4274
4275 if (policy_type == POLICY_KERN) {
4276 for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
4277 if ((strcmp(policydb_str, policydb_target_strings[i])
4278 == 0)) {
4279 policydb_set_target_platform(p, i);
4280 break;
4281 }
4282 }
4283
4284 if (i == POLICYDB_TARGET_SZ) {
4285 ERR(fp->handle, "cannot find a valid target for policy "
4286 "string %s", policydb_str);
4287 free(policydb_str);
4288 return POLICYDB_ERROR;
4289 }
4290 } else {
4291 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
4292 ERR(fp->handle, "invalid string identifier %s",
4293 policydb_str);
4294 free(policydb_str);
4295 return POLICYDB_ERROR;
4296 }
4297 }
4298
4299 /* Done with policydb_str. */
4300 free(policydb_str);
4301 policydb_str = NULL;
4302
4303 /* Read the version, config, and table sizes (and policy type if it's a module). */
4304 if (policy_type == POLICY_KERN)
4305 nel = 4;
4306 else
4307 nel = 5;
4308
4309 rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
4310 if (rc < 0)
4311 return POLICYDB_ERROR;
4312 for (i = 0; i < nel; i++)
4313 buf[i] = le32_to_cpu(buf[i]);
4314
4315 bufindex = 0;
4316
4317 if (policy_type == POLICY_MOD) {
4318 /* We know it's a module but not whether it's a base
4319 module or regular binary policy module. buf[0]
4320 tells us which. */
4321 policy_type = buf[bufindex];
4322 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
4323 ERR(fp->handle, "unknown module type: %#08x",
4324 policy_type);
4325 return POLICYDB_ERROR;
4326 }
4327 bufindex++;
4328 }
4329
4330 r_policyvers = buf[bufindex];
4331 if (policy_type == POLICY_KERN) {
4332 if (r_policyvers < POLICYDB_VERSION_MIN ||
4333 r_policyvers > POLICYDB_VERSION_MAX) {
4334 ERR(fp->handle, "policydb version %d does not match "
4335 "my version range %d-%d", buf[bufindex],
4336 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
4337 return POLICYDB_ERROR;
4338 }
4339 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
4340 if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
4341 r_policyvers > MOD_POLICYDB_VERSION_MAX) {
4342 ERR(fp->handle, "policydb module version %d does "
4343 "not match my version range %d-%d",
4344 buf[bufindex], MOD_POLICYDB_VERSION_MIN,
4345 MOD_POLICYDB_VERSION_MAX);
4346 return POLICYDB_ERROR;
4347 }
4348 } else {
4349 assert(0);
4350 }
4351 bufindex++;
4352
4353 /* Set the policy type and version from the read values. */
4354 p->policy_type = policy_type;
4355 p->policyvers = r_policyvers;
4356
4357 if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
4358 p->mls = 1;
4359 } else {
4360 p->mls = 0;
4361 }
4362
4363 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
4364
4365 bufindex++;
4366
4367 info = policydb_lookup_compat(r_policyvers, policy_type,
4368 p->target_platform);
4369 if (!info) {
4370 ERR(fp->handle, "unable to find policy compat info "
4371 "for version %d", r_policyvers);
4372 goto bad;
4373 }
4374
4375 if (buf[bufindex] != info->sym_num
4376 || buf[bufindex + 1] != info->ocon_num) {
4377 ERR(fp->handle,
4378 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
4379 buf[bufindex], buf[bufindex + 1], info->sym_num,
4380 info->ocon_num);
4381 goto bad;
4382 }
4383
4384 if (p->policy_type == POLICY_MOD) {
4385 /* Get the module name and version */
4386 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4387 goto bad;
4388 }
4389 len = le32_to_cpu(buf[0]);
4390 if (zero_or_saturated(len))
4391 goto bad;
4392 if ((p->name = malloc(len + 1)) == NULL) {
4393 goto bad;
4394 }
4395 if ((rc = next_entry(p->name, fp, len)) < 0) {
4396 goto bad;
4397 }
4398 p->name[len] = '\0';
4399 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4400 goto bad;
4401 }
4402 len = le32_to_cpu(buf[0]);
4403 if (zero_or_saturated(len))
4404 goto bad;
4405 if ((p->version = malloc(len + 1)) == NULL) {
4406 goto bad;
4407 }
4408 if ((rc = next_entry(p->version, fp, len)) < 0) {
4409 goto bad;
4410 }
4411 p->version[len] = '\0';
4412 }
4413
4414 if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
4415 p->policy_type == POLICY_KERN) ||
4416 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4417 p->policy_type == POLICY_BASE) ||
4418 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4419 p->policy_type == POLICY_MOD)) {
4420 if (ebitmap_read(&p->policycaps, fp))
4421 goto bad;
4422 }
4423
4424 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
4425 p->policy_type == POLICY_KERN) {
4426 if (ebitmap_read(&p->permissive_map, fp))
4427 goto bad;
4428 }
4429
4430 for (i = 0; i < info->sym_num; i++) {
4431 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4432 if (rc < 0)
4433 goto bad;
4434 nprim = le32_to_cpu(buf[0]);
4435 if (is_saturated(nprim))
4436 goto bad;
4437 nel = le32_to_cpu(buf[1]);
4438 if (nel && !nprim) {
4439 ERR(fp->handle, "unexpected items in symbol table with no symbol");
4440 goto bad;
4441 }
4442 for (j = 0; j < nel; j++) {
4443 if (read_f[i] (p, p->symtab[i].table, fp))
4444 goto bad;
4445 }
4446
4447 p->symtab[i].nprim = nprim;
4448 }
4449
4450 switch (p->target_platform) {
4451 case SEPOL_TARGET_SELINUX:
4452 p->process_class = policydb_string_to_security_class(p, "process");
4453 p->dir_class = policydb_string_to_security_class(p, "dir");
4454 break;
4455 case SEPOL_TARGET_XEN:
4456 p->process_class = policydb_string_to_security_class(p, "domain");
4457 break;
4458 default:
4459 break;
4460 }
4461
4462 if (policy_type == POLICY_KERN) {
4463 if (avtab_read(&p->te_avtab, fp, r_policyvers))
4464 goto bad;
4465 if (r_policyvers >= POLICYDB_VERSION_BOOL)
4466 if (cond_read_list(p, &p->cond_list, fp))
4467 goto bad;
4468 if (role_trans_read(p, fp))
4469 goto bad;
4470 if (role_allow_read(&p->role_allow, fp))
4471 goto bad;
4472 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
4473 filename_trans_read(p, fp))
4474 goto bad;
4475 } else {
4476 /* first read the AV rule blocks, then the scope tables */
4477 avrule_block_destroy(p->global);
4478 p->global = NULL;
4479 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
4480 goto bad;
4481 }
4482 if (p->global == NULL) {
4483 ERR(fp->handle, "no avrule block in policy");
4484 goto bad;
4485 }
4486 for (i = 0; i < info->sym_num; i++) {
4487 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4488 goto bad;
4489 }
4490 nel = le32_to_cpu(buf[0]);
4491 for (j = 0; j < nel; j++) {
4492 if (scope_read(p, i, fp))
4493 goto bad;
4494 }
4495 }
4496
4497 }
4498
4499 if (policydb_index_decls(fp->handle, p))
4500 goto bad;
4501
4502 if (policydb_index_classes(p))
4503 goto bad;
4504
4505 switch (p->target_platform) {
4506 case SEPOL_TARGET_SELINUX:
4507 /* fall through */
4508 case SEPOL_TARGET_XEN:
4509 p->process_trans = policydb_string_to_av_perm(p, p->process_class,
4510 "transition");
4511 p->process_trans_dyntrans = p->process_trans |
4512 policydb_string_to_av_perm(p, p->process_class,
4513 "dyntransition");
4514 break;
4515 default:
4516 break;
4517 }
4518
4519 if (policydb_index_others(fp->handle, p, verbose))
4520 goto bad;
4521
4522 if (ocontext_read(info, p, fp) == -1) {
4523 goto bad;
4524 }
4525
4526 if (genfs_read(p, fp) == -1) {
4527 goto bad;
4528 }
4529
4530 if ((p->policy_type == POLICY_KERN
4531 && p->policyvers >= POLICYDB_VERSION_MLS)
4532 || (p->policy_type == POLICY_BASE
4533 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
4534 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
4535 if (range_read(p, fp)) {
4536 goto bad;
4537 }
4538 }
4539
4540 if (policy_type == POLICY_KERN) {
4541 p->type_attr_map = calloc(p->p_types.nprim, sizeof(ebitmap_t));
4542 p->attr_type_map = calloc(p->p_types.nprim, sizeof(ebitmap_t));
4543 if (!p->type_attr_map || !p->attr_type_map)
4544 goto bad;
4545 for (i = 0; i < p->p_types.nprim; i++) {
4546 if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
4547 if (ebitmap_read(&p->type_attr_map[i], fp))
4548 goto bad;
4549 ebitmap_for_each_positive_bit(&p->type_attr_map[i],
4550 tnode, j) {
4551 if (i == j)
4552 continue;
4553
4554 if (j >= p->p_types.nprim)
4555 goto bad;
4556
4557 if (ebitmap_set_bit
4558 (&p->attr_type_map[j], i, 1))
4559 goto bad;
4560 }
4561 }
4562 /* add the type itself as the degenerate case */
4563 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
4564 goto bad;
4565 if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
4566 if (ebitmap_set_bit(&p->attr_type_map[i], i, 1))
4567 goto bad;
4568 }
4569 }
4570 }
4571
4572 if (policydb_validate(fp->handle, p))
4573 goto bad;
4574
4575 return POLICYDB_SUCCESS;
4576 bad:
4577 return POLICYDB_ERROR;
4578 }
4579
policydb_reindex_users(policydb_t * p)4580 int policydb_reindex_users(policydb_t * p)
4581 {
4582 unsigned int i = SYM_USERS;
4583
4584 if (p->user_val_to_struct)
4585 free(p->user_val_to_struct);
4586 if (p->sym_val_to_name[i])
4587 free(p->sym_val_to_name[i]);
4588
4589 p->user_val_to_struct = (user_datum_t **)
4590 calloc(p->p_users.nprim, sizeof(user_datum_t *));
4591 if (!p->user_val_to_struct)
4592 return -1;
4593
4594 p->sym_val_to_name[i] = (char **)
4595 calloc(p->symtab[i].nprim, sizeof(char *));
4596 if (!p->sym_val_to_name[i])
4597 return -1;
4598
4599 if (hashtab_map(p->symtab[i].table, index_f[i], p))
4600 return -1;
4601
4602 /* Expand user roles for context validity checking */
4603 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
4604 return -1;
4605
4606 return 0;
4607 }
4608
policy_file_init(policy_file_t * pf)4609 void policy_file_init(policy_file_t *pf)
4610 {
4611 memset(pf, 0, sizeof(policy_file_t));
4612 }
4613
policydb_set_target_platform(policydb_t * p,int platform)4614 int policydb_set_target_platform(policydb_t *p, int platform)
4615 {
4616 if (platform == SEPOL_TARGET_SELINUX)
4617 p->target_platform = SEPOL_TARGET_SELINUX;
4618 else if (platform == SEPOL_TARGET_XEN)
4619 p->target_platform = SEPOL_TARGET_XEN;
4620 else
4621 return -1;
4622
4623 return 0;
4624 }
4625
policydb_sort_ocontexts(policydb_t * p)4626 int policydb_sort_ocontexts(policydb_t *p)
4627 {
4628 return sort_ocontexts(p);
4629 }
4630