1
2 /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
3
4 /*
5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6 *
7 * Support for enhanced MLS infrastructure.
8 *
9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10 *
11 * Added conditional policy language extensions
12 *
13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
14 * Fine-grained netlink support
15 * IPv6 support
16 * Code cleanup
17 *
18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20 * Copyright (C) 2003 - 2007 Red Hat, Inc.
21 *
22 * This library is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU Lesser General Public
24 * License as published by the Free Software Foundation; either
25 * version 2.1 of the License, or (at your option) any later version.
26 *
27 * This library is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30 * Lesser General Public License for more details.
31 *
32 * You should have received a copy of the GNU Lesser General Public
33 * License along with this library; if not, write to the Free Software
34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
35 */
36
37 /* FLASK */
38
39 /*
40 * Implementation of the policy database.
41 */
42
43 #include <assert.h>
44 #include <stdlib.h>
45
46 #include <sepol/policydb/policydb.h>
47 #include <sepol/policydb/expand.h>
48 #include <sepol/policydb/conditional.h>
49 #include <sepol/policydb/avrule_block.h>
50 #include <sepol/policydb/util.h>
51 #include <sepol/policydb/flask.h>
52
53 #include "private.h"
54 #include "debug.h"
55 #include "mls.h"
56
57 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
58 char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
59
60 /* These need to be updated if SYM_NUM or OCON_NUM changes */
61 static struct policydb_compat_info policydb_compat[] = {
62 {
63 .type = POLICY_KERN,
64 .version = POLICYDB_VERSION_BOUNDARY,
65 .sym_num = SYM_NUM,
66 .ocon_num = OCON_XEN_PCIDEVICE + 1,
67 .target_platform = SEPOL_TARGET_XEN,
68 },
69 {
70 .type = POLICY_KERN,
71 .version = POLICYDB_VERSION_BASE,
72 .sym_num = SYM_NUM - 3,
73 .ocon_num = OCON_FSUSE + 1,
74 .target_platform = SEPOL_TARGET_SELINUX,
75 },
76 {
77 .type = POLICY_KERN,
78 .version = POLICYDB_VERSION_BOOL,
79 .sym_num = SYM_NUM - 2,
80 .ocon_num = OCON_FSUSE + 1,
81 .target_platform = SEPOL_TARGET_SELINUX,
82 },
83 {
84 .type = POLICY_KERN,
85 .version = POLICYDB_VERSION_IPV6,
86 .sym_num = SYM_NUM - 2,
87 .ocon_num = OCON_NODE6 + 1,
88 .target_platform = SEPOL_TARGET_SELINUX,
89 },
90 {
91 .type = POLICY_KERN,
92 .version = POLICYDB_VERSION_NLCLASS,
93 .sym_num = SYM_NUM - 2,
94 .ocon_num = OCON_NODE6 + 1,
95 .target_platform = SEPOL_TARGET_SELINUX,
96 },
97 {
98 .type = POLICY_KERN,
99 .version = POLICYDB_VERSION_MLS,
100 .sym_num = SYM_NUM,
101 .ocon_num = OCON_NODE6 + 1,
102 .target_platform = SEPOL_TARGET_SELINUX,
103 },
104 {
105 .type = POLICY_KERN,
106 .version = POLICYDB_VERSION_AVTAB,
107 .sym_num = SYM_NUM,
108 .ocon_num = OCON_NODE6 + 1,
109 .target_platform = SEPOL_TARGET_SELINUX,
110 },
111 {
112 .type = POLICY_KERN,
113 .version = POLICYDB_VERSION_RANGETRANS,
114 .sym_num = SYM_NUM,
115 .ocon_num = OCON_NODE6 + 1,
116 .target_platform = SEPOL_TARGET_SELINUX,
117 },
118 {
119 .type = POLICY_KERN,
120 .version = POLICYDB_VERSION_POLCAP,
121 .sym_num = SYM_NUM,
122 .ocon_num = OCON_NODE6 + 1,
123 .target_platform = SEPOL_TARGET_SELINUX,
124 },
125 {
126 .type = POLICY_KERN,
127 .version = POLICYDB_VERSION_PERMISSIVE,
128 .sym_num = SYM_NUM,
129 .ocon_num = OCON_NODE6 + 1,
130 .target_platform = SEPOL_TARGET_SELINUX,
131 },
132 {
133 .type = POLICY_KERN,
134 .version = POLICYDB_VERSION_BOUNDARY,
135 .sym_num = SYM_NUM,
136 .ocon_num = OCON_NODE6 + 1,
137 .target_platform = SEPOL_TARGET_SELINUX,
138 },
139 {
140 .type = POLICY_KERN,
141 .version = POLICYDB_VERSION_FILENAME_TRANS,
142 .sym_num = SYM_NUM,
143 .ocon_num = OCON_NODE6 + 1,
144 .target_platform = SEPOL_TARGET_SELINUX,
145 },
146 {
147 .type = POLICY_KERN,
148 .version = POLICYDB_VERSION_ROLETRANS,
149 .sym_num = SYM_NUM,
150 .ocon_num = OCON_NODE6 + 1,
151 .target_platform = SEPOL_TARGET_SELINUX,
152 },
153 {
154 .type = POLICY_BASE,
155 .version = MOD_POLICYDB_VERSION_BASE,
156 .sym_num = SYM_NUM,
157 .ocon_num = OCON_NODE6 + 1,
158 .target_platform = SEPOL_TARGET_SELINUX,
159 },
160 {
161 .type = POLICY_BASE,
162 .version = MOD_POLICYDB_VERSION_MLS,
163 .sym_num = SYM_NUM,
164 .ocon_num = OCON_NODE6 + 1,
165 .target_platform = SEPOL_TARGET_SELINUX,
166 },
167 {
168 .type = POLICY_BASE,
169 .version = MOD_POLICYDB_VERSION_MLS_USERS,
170 .sym_num = SYM_NUM,
171 .ocon_num = OCON_NODE6 + 1,
172 .target_platform = SEPOL_TARGET_SELINUX,
173 },
174 {
175 .type = POLICY_BASE,
176 .version = MOD_POLICYDB_VERSION_POLCAP,
177 .sym_num = SYM_NUM,
178 .ocon_num = OCON_NODE6 + 1,
179 .target_platform = SEPOL_TARGET_SELINUX,
180 },
181 {
182 .type = POLICY_BASE,
183 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
184 .sym_num = SYM_NUM,
185 .ocon_num = OCON_NODE6 + 1,
186 .target_platform = SEPOL_TARGET_SELINUX,
187 },
188 {
189 .type = POLICY_BASE,
190 .version = MOD_POLICYDB_VERSION_BOUNDARY,
191 .sym_num = SYM_NUM,
192 .ocon_num = OCON_NODE6 + 1,
193 .target_platform = SEPOL_TARGET_SELINUX,
194 },
195 {
196 .type = POLICY_BASE,
197 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
198 .sym_num = SYM_NUM,
199 .ocon_num = OCON_NODE6 + 1,
200 .target_platform = SEPOL_TARGET_SELINUX,
201 },
202 {
203 .type = POLICY_BASE,
204 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
205 .sym_num = SYM_NUM,
206 .ocon_num = OCON_NODE6 + 1,
207 .target_platform = SEPOL_TARGET_SELINUX,
208 },
209 {
210 .type = POLICY_BASE,
211 .version = MOD_POLICYDB_VERSION_ROLETRANS,
212 .sym_num = SYM_NUM,
213 .ocon_num = OCON_NODE6 + 1,
214 .target_platform = SEPOL_TARGET_SELINUX,
215 },
216 {
217 .type = POLICY_BASE,
218 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
219 .sym_num = SYM_NUM,
220 .ocon_num = OCON_NODE6 + 1,
221 .target_platform = SEPOL_TARGET_SELINUX,
222 },
223 {
224 .type = POLICY_BASE,
225 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
226 .sym_num = SYM_NUM,
227 .ocon_num = OCON_NODE6 + 1,
228 .target_platform = SEPOL_TARGET_SELINUX,
229 },
230 {
231 .type = POLICY_MOD,
232 .version = MOD_POLICYDB_VERSION_BASE,
233 .sym_num = SYM_NUM,
234 .ocon_num = 0,
235 .target_platform = SEPOL_TARGET_SELINUX,
236 },
237 {
238 .type = POLICY_MOD,
239 .version = MOD_POLICYDB_VERSION_MLS,
240 .sym_num = SYM_NUM,
241 .ocon_num = 0,
242 .target_platform = SEPOL_TARGET_SELINUX,
243 },
244 {
245 .type = POLICY_MOD,
246 .version = MOD_POLICYDB_VERSION_MLS_USERS,
247 .sym_num = SYM_NUM,
248 .ocon_num = 0,
249 .target_platform = SEPOL_TARGET_SELINUX,
250 },
251 {
252 .type = POLICY_MOD,
253 .version = MOD_POLICYDB_VERSION_POLCAP,
254 .sym_num = SYM_NUM,
255 .ocon_num = 0,
256 .target_platform = SEPOL_TARGET_SELINUX,
257 },
258 {
259 .type = POLICY_MOD,
260 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
261 .sym_num = SYM_NUM,
262 .ocon_num = 0,
263 .target_platform = SEPOL_TARGET_SELINUX,
264 },
265 {
266 .type = POLICY_MOD,
267 .version = MOD_POLICYDB_VERSION_BOUNDARY,
268 .sym_num = SYM_NUM,
269 .ocon_num = 0,
270 .target_platform = SEPOL_TARGET_SELINUX,
271 },
272 {
273 .type = POLICY_MOD,
274 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
275 .sym_num = SYM_NUM,
276 .ocon_num = 0,
277 .target_platform = SEPOL_TARGET_SELINUX,
278 },
279 {
280 .type = POLICY_MOD,
281 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
282 .sym_num = SYM_NUM,
283 .ocon_num = 0,
284 .target_platform = SEPOL_TARGET_SELINUX,
285 },
286 {
287 .type = POLICY_MOD,
288 .version = MOD_POLICYDB_VERSION_ROLETRANS,
289 .sym_num = SYM_NUM,
290 .ocon_num = 0,
291 .target_platform = SEPOL_TARGET_SELINUX,
292 },
293 {
294 .type = POLICY_MOD,
295 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
296 .sym_num = SYM_NUM,
297 .ocon_num = 0,
298 .target_platform = SEPOL_TARGET_SELINUX,
299 },
300 {
301 .type = POLICY_MOD,
302 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
303 .sym_num = SYM_NUM,
304 .ocon_num = 0,
305 .target_platform = SEPOL_TARGET_SELINUX,
306 },
307 };
308
309 #if 0
310 static char *symtab_name[SYM_NUM] = {
311 "common prefixes",
312 "classes",
313 "roles",
314 "types",
315 "users",
316 "bools" mls_symtab_names cond_symtab_names
317 };
318 #endif
319
320 static unsigned int symtab_sizes[SYM_NUM] = {
321 2,
322 32,
323 16,
324 512,
325 128,
326 16,
327 16,
328 16,
329 };
330
policydb_lookup_compat(unsigned int version,unsigned int type,unsigned int target_platform)331 struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
332 unsigned int type,
333 unsigned int target_platform)
334 {
335 unsigned int i;
336 struct policydb_compat_info *info = NULL;
337
338 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
339 if (policydb_compat[i].version == version &&
340 policydb_compat[i].type == type &&
341 policydb_compat[i].target_platform == target_platform) {
342 info = &policydb_compat[i];
343 break;
344 }
345 }
346 return info;
347 }
348
type_set_init(type_set_t * x)349 void type_set_init(type_set_t * x)
350 {
351 memset(x, 0, sizeof(type_set_t));
352 ebitmap_init(&x->types);
353 ebitmap_init(&x->negset);
354 }
355
type_set_destroy(type_set_t * x)356 void type_set_destroy(type_set_t * x)
357 {
358 if (x != NULL) {
359 ebitmap_destroy(&x->types);
360 ebitmap_destroy(&x->negset);
361 }
362 }
363
role_set_init(role_set_t * x)364 void role_set_init(role_set_t * x)
365 {
366 memset(x, 0, sizeof(role_set_t));
367 ebitmap_init(&x->roles);
368 }
369
role_set_destroy(role_set_t * x)370 void role_set_destroy(role_set_t * x)
371 {
372 ebitmap_destroy(&x->roles);
373 }
374
role_datum_init(role_datum_t * x)375 void role_datum_init(role_datum_t * x)
376 {
377 memset(x, 0, sizeof(role_datum_t));
378 ebitmap_init(&x->dominates);
379 type_set_init(&x->types);
380 ebitmap_init(&x->cache);
381 ebitmap_init(&x->roles);
382 }
383
role_datum_destroy(role_datum_t * x)384 void role_datum_destroy(role_datum_t * x)
385 {
386 if (x != NULL) {
387 ebitmap_destroy(&x->dominates);
388 type_set_destroy(&x->types);
389 ebitmap_destroy(&x->cache);
390 ebitmap_destroy(&x->roles);
391 }
392 }
393
type_datum_init(type_datum_t * x)394 void type_datum_init(type_datum_t * x)
395 {
396 memset(x, 0, sizeof(*x));
397 ebitmap_init(&x->types);
398 }
399
type_datum_destroy(type_datum_t * x)400 void type_datum_destroy(type_datum_t * x)
401 {
402 if (x != NULL) {
403 ebitmap_destroy(&x->types);
404 }
405 }
406
user_datum_init(user_datum_t * x)407 void user_datum_init(user_datum_t * x)
408 {
409 memset(x, 0, sizeof(user_datum_t));
410 role_set_init(&x->roles);
411 mls_semantic_range_init(&x->range);
412 mls_semantic_level_init(&x->dfltlevel);
413 ebitmap_init(&x->cache);
414 mls_range_init(&x->exp_range);
415 mls_level_init(&x->exp_dfltlevel);
416 }
417
user_datum_destroy(user_datum_t * x)418 void user_datum_destroy(user_datum_t * x)
419 {
420 if (x != NULL) {
421 role_set_destroy(&x->roles);
422 mls_semantic_range_destroy(&x->range);
423 mls_semantic_level_destroy(&x->dfltlevel);
424 ebitmap_destroy(&x->cache);
425 mls_range_destroy(&x->exp_range);
426 mls_level_destroy(&x->exp_dfltlevel);
427 }
428 }
429
level_datum_init(level_datum_t * x)430 void level_datum_init(level_datum_t * x)
431 {
432 memset(x, 0, sizeof(level_datum_t));
433 }
434
level_datum_destroy(level_datum_t * x)435 void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
436 {
437 /* the mls_level_t referenced by the level_datum is managed
438 * separately for now, so there is nothing to destroy */
439 return;
440 }
441
cat_datum_init(cat_datum_t * x)442 void cat_datum_init(cat_datum_t * x)
443 {
444 memset(x, 0, sizeof(cat_datum_t));
445 }
446
cat_datum_destroy(cat_datum_t * x)447 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
448 {
449 /* it's currently a simple struct - really nothing to destroy */
450 return;
451 }
452
class_perm_node_init(class_perm_node_t * x)453 void class_perm_node_init(class_perm_node_t * x)
454 {
455 memset(x, 0, sizeof(class_perm_node_t));
456 }
457
avrule_init(avrule_t * x)458 void avrule_init(avrule_t * x)
459 {
460 memset(x, 0, sizeof(avrule_t));
461 type_set_init(&x->stypes);
462 type_set_init(&x->ttypes);
463 }
464
avrule_destroy(avrule_t * x)465 void avrule_destroy(avrule_t * x)
466 {
467 class_perm_node_t *cur, *next;
468
469 if (x == NULL) {
470 return;
471 }
472 type_set_destroy(&x->stypes);
473 type_set_destroy(&x->ttypes);
474
475 next = x->perms;
476 while (next) {
477 cur = next;
478 next = cur->next;
479 free(cur);
480 }
481 }
482
role_trans_rule_init(role_trans_rule_t * x)483 void role_trans_rule_init(role_trans_rule_t * x)
484 {
485 memset(x, 0, sizeof(*x));
486 role_set_init(&x->roles);
487 type_set_init(&x->types);
488 ebitmap_init(&x->classes);
489 }
490
role_trans_rule_destroy(role_trans_rule_t * x)491 void role_trans_rule_destroy(role_trans_rule_t * x)
492 {
493 if (x != NULL) {
494 role_set_destroy(&x->roles);
495 type_set_destroy(&x->types);
496 ebitmap_destroy(&x->classes);
497 }
498 }
499
role_trans_rule_list_destroy(role_trans_rule_t * x)500 void role_trans_rule_list_destroy(role_trans_rule_t * x)
501 {
502 while (x != NULL) {
503 role_trans_rule_t *next = x->next;
504 role_trans_rule_destroy(x);
505 free(x);
506 x = next;
507 }
508 }
509
filename_trans_rule_init(filename_trans_rule_t * x)510 void filename_trans_rule_init(filename_trans_rule_t * x)
511 {
512 memset(x, 0, sizeof(*x));
513 type_set_init(&x->stypes);
514 type_set_init(&x->ttypes);
515 }
516
filename_trans_rule_destroy(filename_trans_rule_t * x)517 static void filename_trans_rule_destroy(filename_trans_rule_t * x)
518 {
519 if (!x)
520 return;
521 type_set_destroy(&x->stypes);
522 type_set_destroy(&x->ttypes);
523 free(x->name);
524 }
525
filename_trans_rule_list_destroy(filename_trans_rule_t * x)526 void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
527 {
528 filename_trans_rule_t *next;
529 while (x) {
530 next = x->next;
531 filename_trans_rule_destroy(x);
532 free(x);
533 x = next;
534 }
535 }
536
role_allow_rule_init(role_allow_rule_t * x)537 void role_allow_rule_init(role_allow_rule_t * x)
538 {
539 memset(x, 0, sizeof(role_allow_rule_t));
540 role_set_init(&x->roles);
541 role_set_init(&x->new_roles);
542 }
543
role_allow_rule_destroy(role_allow_rule_t * x)544 void role_allow_rule_destroy(role_allow_rule_t * x)
545 {
546 role_set_destroy(&x->roles);
547 role_set_destroy(&x->new_roles);
548 }
549
role_allow_rule_list_destroy(role_allow_rule_t * x)550 void role_allow_rule_list_destroy(role_allow_rule_t * x)
551 {
552 while (x != NULL) {
553 role_allow_rule_t *next = x->next;
554 role_allow_rule_destroy(x);
555 free(x);
556 x = next;
557 }
558 }
559
range_trans_rule_init(range_trans_rule_t * x)560 void range_trans_rule_init(range_trans_rule_t * x)
561 {
562 type_set_init(&x->stypes);
563 type_set_init(&x->ttypes);
564 ebitmap_init(&x->tclasses);
565 mls_semantic_range_init(&x->trange);
566 x->next = NULL;
567 }
568
range_trans_rule_destroy(range_trans_rule_t * x)569 void range_trans_rule_destroy(range_trans_rule_t * x)
570 {
571 type_set_destroy(&x->stypes);
572 type_set_destroy(&x->ttypes);
573 ebitmap_destroy(&x->tclasses);
574 mls_semantic_range_destroy(&x->trange);
575 }
576
range_trans_rule_list_destroy(range_trans_rule_t * x)577 void range_trans_rule_list_destroy(range_trans_rule_t * x)
578 {
579 while (x != NULL) {
580 range_trans_rule_t *next = x->next;
581 range_trans_rule_destroy(x);
582 free(x);
583 x = next;
584 }
585 }
586
avrule_list_destroy(avrule_t * x)587 void avrule_list_destroy(avrule_t * x)
588 {
589 avrule_t *next, *cur;
590
591 if (!x)
592 return;
593
594 next = x;
595 while (next) {
596 cur = next;
597 next = next->next;
598 avrule_destroy(cur);
599 free(cur);
600 }
601 }
602
603 /*
604 * Initialize the role table by implicitly adding role 'object_r'. If
605 * the policy is a module, set object_r's scope to be SCOPE_REQ,
606 * otherwise set it to SCOPE_DECL.
607 */
roles_init(policydb_t * p)608 static int roles_init(policydb_t * p)
609 {
610 char *key = 0;
611 int rc;
612 role_datum_t *role;
613
614 role = calloc(1, sizeof(role_datum_t));
615 if (!role) {
616 rc = -ENOMEM;
617 goto out;
618 }
619 key = malloc(strlen(OBJECT_R) + 1);
620 if (!key) {
621 rc = -ENOMEM;
622 goto out_free_role;
623 }
624 strcpy(key, OBJECT_R);
625 rc = symtab_insert(p, SYM_ROLES, key, role,
626 (p->policy_type ==
627 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
628 &role->s.value);
629 if (rc)
630 goto out_free_key;
631 if (role->s.value != OBJECT_R_VAL) {
632 rc = -EINVAL;
633 goto out_free_role;
634 }
635 out:
636 return rc;
637
638 out_free_key:
639 free(key);
640 out_free_role:
641 free(role);
642 goto out;
643 }
644
645 /*
646 * Initialize a policy database structure.
647 */
policydb_init(policydb_t * p)648 int policydb_init(policydb_t * p)
649 {
650 int i, rc;
651
652 memset(p, 0, sizeof(policydb_t));
653
654 ebitmap_init(&p->policycaps);
655
656 ebitmap_init(&p->permissive_map);
657
658 for (i = 0; i < SYM_NUM; i++) {
659 p->sym_val_to_name[i] = NULL;
660 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
661 if (rc)
662 goto out_free_symtab;
663 }
664
665 /* initialize the module stuff */
666 for (i = 0; i < SYM_NUM; i++) {
667 if (symtab_init(&p->scope[i], symtab_sizes[i])) {
668 goto out_free_symtab;
669 }
670 }
671 if ((p->global = avrule_block_create()) == NULL ||
672 (p->global->branch_list = avrule_decl_create(1)) == NULL) {
673 goto out_free_symtab;
674 }
675 p->decl_val_to_struct = NULL;
676
677 rc = avtab_init(&p->te_avtab);
678 if (rc)
679 goto out_free_symtab;
680
681 rc = roles_init(p);
682 if (rc)
683 goto out_free_symtab;
684
685 rc = cond_policydb_init(p);
686 if (rc)
687 goto out_free_symtab;
688 out:
689 return rc;
690
691 out_free_symtab:
692 for (i = 0; i < SYM_NUM; i++) {
693 hashtab_destroy(p->symtab[i].table);
694 hashtab_destroy(p->scope[i].table);
695 }
696 avrule_block_list_destroy(p->global);
697 goto out;
698 }
699
policydb_role_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)700 int policydb_role_cache(hashtab_key_t key
701 __attribute__ ((unused)), hashtab_datum_t datum,
702 void *arg)
703 {
704 policydb_t *p;
705 role_datum_t *role;
706
707 role = (role_datum_t *) datum;
708 p = (policydb_t *) arg;
709
710 ebitmap_destroy(&role->cache);
711 if (type_set_expand(&role->types, &role->cache, p, 1)) {
712 return -1;
713 }
714
715 return 0;
716 }
717
policydb_user_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)718 int policydb_user_cache(hashtab_key_t key
719 __attribute__ ((unused)), hashtab_datum_t datum,
720 void *arg)
721 {
722 policydb_t *p;
723 user_datum_t *user;
724
725 user = (user_datum_t *) datum;
726 p = (policydb_t *) arg;
727
728 ebitmap_destroy(&user->cache);
729 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
730 return -1;
731 }
732
733 /* we do not expand user's MLS info in kernel policies because the
734 * semantic representation is not present and we do not expand user's
735 * MLS info in module policies because all of the necessary mls
736 * information is not present */
737 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
738 mls_range_destroy(&user->exp_range);
739 if (mls_semantic_range_expand(&user->range,
740 &user->exp_range, p, NULL)) {
741 return -1;
742 }
743
744 mls_level_destroy(&user->exp_dfltlevel);
745 if (mls_semantic_level_expand(&user->dfltlevel,
746 &user->exp_dfltlevel, p, NULL)) {
747 return -1;
748 }
749 }
750
751 return 0;
752 }
753
754 /*
755 * The following *_index functions are used to
756 * define the val_to_name and val_to_struct arrays
757 * in a policy database structure. The val_to_name
758 * arrays are used when converting security context
759 * structures into string representations. The
760 * val_to_struct arrays are used when the attributes
761 * of a class, role, or user are needed.
762 */
763
common_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)764 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
765 {
766 policydb_t *p;
767 common_datum_t *comdatum;
768
769 comdatum = (common_datum_t *) datum;
770 p = (policydb_t *) datap;
771 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim)
772 return -EINVAL;
773 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
774
775 return 0;
776 }
777
class_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)778 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
779 {
780 policydb_t *p;
781 class_datum_t *cladatum;
782
783 cladatum = (class_datum_t *) datum;
784 p = (policydb_t *) datap;
785 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim)
786 return -EINVAL;
787 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
788 p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
789
790 return 0;
791 }
792
role_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)793 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
794 {
795 policydb_t *p;
796 role_datum_t *role;
797
798 role = (role_datum_t *) datum;
799 p = (policydb_t *) datap;
800 if (!role->s.value || role->s.value > p->p_roles.nprim)
801 return -EINVAL;
802 p->p_role_val_to_name[role->s.value - 1] = (char *)key;
803 p->role_val_to_struct[role->s.value - 1] = role;
804
805 return 0;
806 }
807
type_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)808 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
809 {
810 policydb_t *p;
811 type_datum_t *typdatum;
812
813 typdatum = (type_datum_t *) datum;
814 p = (policydb_t *) datap;
815
816 if (typdatum->primary) {
817 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim)
818 return -EINVAL;
819 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
820 p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
821 }
822
823 return 0;
824 }
825
user_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)826 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
827 {
828 policydb_t *p;
829 user_datum_t *usrdatum;
830
831 usrdatum = (user_datum_t *) datum;
832 p = (policydb_t *) datap;
833
834 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim)
835 return -EINVAL;
836
837 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
838 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
839
840 return 0;
841 }
842
sens_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)843 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
844 {
845 policydb_t *p;
846 level_datum_t *levdatum;
847
848 levdatum = (level_datum_t *) datum;
849 p = (policydb_t *) datap;
850
851 if (!levdatum->isalias) {
852 if (!levdatum->level->sens ||
853 levdatum->level->sens > p->p_levels.nprim)
854 return -EINVAL;
855 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
856 }
857
858 return 0;
859 }
860
cat_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)861 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
862 {
863 policydb_t *p;
864 cat_datum_t *catdatum;
865
866 catdatum = (cat_datum_t *) datum;
867 p = (policydb_t *) datap;
868
869 if (!catdatum->isalias) {
870 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim)
871 return -EINVAL;
872 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
873 }
874
875 return 0;
876 }
877
878 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
879 void *datap) = {
880 common_index, class_index, role_index, type_index, user_index,
881 cond_index_bool, sens_index, cat_index,};
882
883 /*
884 * Define the common val_to_name array and the class
885 * val_to_name and val_to_struct arrays in a policy
886 * database structure.
887 */
policydb_index_classes(policydb_t * p)888 int policydb_index_classes(policydb_t * p)
889 {
890 free(p->p_common_val_to_name);
891 p->p_common_val_to_name = (char **)
892 malloc(p->p_commons.nprim * sizeof(char *));
893 if (!p->p_common_val_to_name)
894 return -1;
895
896 if (hashtab_map(p->p_commons.table, common_index, p))
897 return -1;
898
899 free(p->class_val_to_struct);
900 p->class_val_to_struct = (class_datum_t **)
901 malloc(p->p_classes.nprim * sizeof(class_datum_t *));
902 if (!p->class_val_to_struct)
903 return -1;
904
905 free(p->p_class_val_to_name);
906 p->p_class_val_to_name = (char **)
907 malloc(p->p_classes.nprim * sizeof(char *));
908 if (!p->p_class_val_to_name)
909 return -1;
910
911 if (hashtab_map(p->p_classes.table, class_index, p))
912 return -1;
913
914 return 0;
915 }
916
policydb_index_bools(policydb_t * p)917 int policydb_index_bools(policydb_t * p)
918 {
919
920 if (cond_init_bool_indexes(p) == -1)
921 return -1;
922 p->p_bool_val_to_name = (char **)
923 malloc(p->p_bools.nprim * sizeof(char *));
924 if (!p->p_bool_val_to_name)
925 return -1;
926 if (hashtab_map(p->p_bools.table, cond_index_bool, p))
927 return -1;
928 return 0;
929 }
930
policydb_index_decls(policydb_t * p)931 int policydb_index_decls(policydb_t * p)
932 {
933 avrule_block_t *curblock;
934 avrule_decl_t *decl;
935 int num_decls = 0;
936
937 free(p->decl_val_to_struct);
938
939 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
940 for (decl = curblock->branch_list; decl != NULL;
941 decl = decl->next) {
942 num_decls++;
943 }
944 }
945
946 p->decl_val_to_struct =
947 calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
948 if (!p->decl_val_to_struct) {
949 return -1;
950 }
951
952 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
953 for (decl = curblock->branch_list; decl != NULL;
954 decl = decl->next) {
955 p->decl_val_to_struct[decl->decl_id - 1] = decl;
956 }
957 }
958
959 return 0;
960 }
961
962 /*
963 * Define the other val_to_name and val_to_struct arrays
964 * in a policy database structure.
965 */
policydb_index_others(sepol_handle_t * handle,policydb_t * p,unsigned verbose)966 int policydb_index_others(sepol_handle_t * handle,
967 policydb_t * p, unsigned verbose)
968 {
969 int i;
970
971 if (verbose) {
972 INFO(handle,
973 "security: %d users, %d roles, %d types, %d bools",
974 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
975 p->p_bools.nprim);
976
977 if (p->mls)
978 INFO(handle, "security: %d sens, %d cats",
979 p->p_levels.nprim, p->p_cats.nprim);
980
981 INFO(handle, "security: %d classes, %d rules, %d cond rules",
982 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
983 }
984 #if 0
985 avtab_hash_eval(&p->te_avtab, "rules");
986 for (i = 0; i < SYM_NUM; i++)
987 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
988 #endif
989
990 free(p->role_val_to_struct);
991 p->role_val_to_struct = (role_datum_t **)
992 malloc(p->p_roles.nprim * sizeof(role_datum_t *));
993 if (!p->role_val_to_struct)
994 return -1;
995
996 free(p->user_val_to_struct);
997 p->user_val_to_struct = (user_datum_t **)
998 malloc(p->p_users.nprim * sizeof(user_datum_t *));
999 if (!p->user_val_to_struct)
1000 return -1;
1001
1002 free(p->type_val_to_struct);
1003 p->type_val_to_struct = (type_datum_t **)
1004 calloc(p->p_types.nprim, sizeof(type_datum_t *));
1005 if (!p->type_val_to_struct)
1006 return -1;
1007
1008 cond_init_bool_indexes(p);
1009
1010 for (i = SYM_ROLES; i < SYM_NUM; i++) {
1011 free(p->sym_val_to_name[i]);
1012 p->sym_val_to_name[i] = NULL;
1013 if (p->symtab[i].nprim) {
1014 p->sym_val_to_name[i] = (char **)
1015 calloc(p->symtab[i].nprim, sizeof(char *));
1016 if (!p->sym_val_to_name[i])
1017 return -1;
1018 if (hashtab_map(p->symtab[i].table, index_f[i], p))
1019 return -1;
1020 }
1021 }
1022
1023 /* This pre-expands the roles and users for context validity checking */
1024 if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1025 return -1;
1026
1027 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1028 return -1;
1029
1030 return 0;
1031 }
1032
1033 /*
1034 * The following *_destroy functions are used to
1035 * free any memory allocated for each kind of
1036 * symbol data in the policy database.
1037 */
1038
perm_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1039 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1040 __attribute__ ((unused)))
1041 {
1042 if (key)
1043 free(key);
1044 free(datum);
1045 return 0;
1046 }
1047
common_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1048 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1049 __attribute__ ((unused)))
1050 {
1051 common_datum_t *comdatum;
1052
1053 if (key)
1054 free(key);
1055 comdatum = (common_datum_t *) datum;
1056 hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1057 hashtab_destroy(comdatum->permissions.table);
1058 free(datum);
1059 return 0;
1060 }
1061
class_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1062 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1063 __attribute__ ((unused)))
1064 {
1065 class_datum_t *cladatum;
1066 constraint_node_t *constraint, *ctemp;
1067 constraint_expr_t *e, *etmp;
1068
1069 if (key)
1070 free(key);
1071 cladatum = (class_datum_t *) datum;
1072 if (cladatum == NULL) {
1073 return 0;
1074 }
1075 hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1076 hashtab_destroy(cladatum->permissions.table);
1077 constraint = cladatum->constraints;
1078 while (constraint) {
1079 e = constraint->expr;
1080 while (e) {
1081 etmp = e;
1082 e = e->next;
1083 constraint_expr_destroy(etmp);
1084 }
1085 ctemp = constraint;
1086 constraint = constraint->next;
1087 free(ctemp);
1088 }
1089
1090 constraint = cladatum->validatetrans;
1091 while (constraint) {
1092 e = constraint->expr;
1093 while (e) {
1094 etmp = e;
1095 e = e->next;
1096 constraint_expr_destroy(etmp);
1097 }
1098 ctemp = constraint;
1099 constraint = constraint->next;
1100 free(ctemp);
1101 }
1102
1103 if (cladatum->comkey)
1104 free(cladatum->comkey);
1105 free(datum);
1106 return 0;
1107 }
1108
role_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1109 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1110 __attribute__ ((unused)))
1111 {
1112 free(key);
1113 role_datum_destroy((role_datum_t *) datum);
1114 free(datum);
1115 return 0;
1116 }
1117
type_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1118 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1119 __attribute__ ((unused)))
1120 {
1121 free(key);
1122 type_datum_destroy((type_datum_t *) datum);
1123 free(datum);
1124 return 0;
1125 }
1126
user_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1127 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1128 __attribute__ ((unused)))
1129 {
1130 free(key);
1131 user_datum_destroy((user_datum_t *) datum);
1132 free(datum);
1133 return 0;
1134 }
1135
sens_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1136 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1137 __attribute__ ((unused)))
1138 {
1139 level_datum_t *levdatum;
1140
1141 if (key)
1142 free(key);
1143 levdatum = (level_datum_t *) datum;
1144 mls_level_destroy(levdatum->level);
1145 free(levdatum->level);
1146 level_datum_destroy(levdatum);
1147 free(levdatum);
1148 return 0;
1149 }
1150
cat_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1151 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1152 __attribute__ ((unused)))
1153 {
1154 if (key)
1155 free(key);
1156 cat_datum_destroy((cat_datum_t *) datum);
1157 free(datum);
1158 return 0;
1159 }
1160
1161 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1162 void *datap) = {
1163 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1164 cond_destroy_bool, sens_destroy, cat_destroy,};
1165
ocontext_selinux_free(ocontext_t ** ocontexts)1166 void ocontext_selinux_free(ocontext_t **ocontexts)
1167 {
1168 ocontext_t *c, *ctmp;
1169 int i;
1170
1171 for (i = 0; i < OCON_NUM; i++) {
1172 c = ocontexts[i];
1173 while (c) {
1174 ctmp = c;
1175 c = c->next;
1176 context_destroy(&ctmp->context[0]);
1177 context_destroy(&ctmp->context[1]);
1178 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1179 || i == OCON_FSUSE)
1180 free(ctmp->u.name);
1181 free(ctmp);
1182 }
1183 }
1184 }
1185
ocontext_xen_free(ocontext_t ** ocontexts)1186 void ocontext_xen_free(ocontext_t **ocontexts)
1187 {
1188 ocontext_t *c, *ctmp;
1189 int i;
1190
1191 for (i = 0; i < OCON_NUM; i++) {
1192 c = ocontexts[i];
1193 while (c) {
1194 ctmp = c;
1195 c = c->next;
1196 context_destroy(&ctmp->context[0]);
1197 context_destroy(&ctmp->context[1]);
1198 if (i == OCON_ISID)
1199 free(ctmp->u.name);
1200 free(ctmp);
1201 }
1202 }
1203 }
1204
1205 /*
1206 * Free any memory allocated by a policy database structure.
1207 */
policydb_destroy(policydb_t * p)1208 void policydb_destroy(policydb_t * p)
1209 {
1210 ocontext_t *c, *ctmp;
1211 genfs_t *g, *gtmp;
1212 unsigned int i;
1213 role_allow_t *ra, *lra = NULL;
1214 role_trans_t *tr, *ltr = NULL;
1215 range_trans_t *rt, *lrt = NULL;
1216 filename_trans_t *ft, *nft;
1217
1218 if (!p)
1219 return;
1220
1221 ebitmap_destroy(&p->policycaps);
1222
1223 ebitmap_destroy(&p->permissive_map);
1224
1225 symtabs_destroy(p->symtab);
1226
1227 for (i = 0; i < SYM_NUM; i++) {
1228 if (p->sym_val_to_name[i])
1229 free(p->sym_val_to_name[i]);
1230 }
1231
1232 if (p->class_val_to_struct)
1233 free(p->class_val_to_struct);
1234 if (p->role_val_to_struct)
1235 free(p->role_val_to_struct);
1236 if (p->user_val_to_struct)
1237 free(p->user_val_to_struct);
1238 if (p->type_val_to_struct)
1239 free(p->type_val_to_struct);
1240 free(p->decl_val_to_struct);
1241
1242 for (i = 0; i < SYM_NUM; i++) {
1243 hashtab_map(p->scope[i].table, scope_destroy, 0);
1244 hashtab_destroy(p->scope[i].table);
1245 }
1246 avrule_block_list_destroy(p->global);
1247 free(p->name);
1248 free(p->version);
1249
1250 avtab_destroy(&p->te_avtab);
1251
1252 if (p->target_platform == SEPOL_TARGET_SELINUX)
1253 ocontext_selinux_free(p->ocontexts);
1254 else if (p->target_platform == SEPOL_TARGET_XEN)
1255 ocontext_xen_free(p->ocontexts);
1256
1257 g = p->genfs;
1258 while (g) {
1259 free(g->fstype);
1260 c = g->head;
1261 while (c) {
1262 ctmp = c;
1263 c = c->next;
1264 context_destroy(&ctmp->context[0]);
1265 free(ctmp->u.name);
1266 free(ctmp);
1267 }
1268 gtmp = g;
1269 g = g->next;
1270 free(gtmp);
1271 }
1272 cond_policydb_destroy(p);
1273
1274 for (tr = p->role_tr; tr; tr = tr->next) {
1275 if (ltr)
1276 free(ltr);
1277 ltr = tr;
1278 }
1279 if (ltr)
1280 free(ltr);
1281
1282 ft = p->filename_trans;
1283 while (ft) {
1284 nft = ft->next;
1285 free(ft->name);
1286 free(ft);
1287 ft = nft;
1288 }
1289
1290 for (ra = p->role_allow; ra; ra = ra->next) {
1291 if (lra)
1292 free(lra);
1293 lra = ra;
1294 }
1295 if (lra)
1296 free(lra);
1297
1298 for (rt = p->range_tr; rt; rt = rt->next) {
1299 if (lrt) {
1300 ebitmap_destroy(&lrt->target_range.level[0].cat);
1301 ebitmap_destroy(&lrt->target_range.level[1].cat);
1302 free(lrt);
1303 }
1304 lrt = rt;
1305 }
1306 if (lrt) {
1307 ebitmap_destroy(&lrt->target_range.level[0].cat);
1308 ebitmap_destroy(&lrt->target_range.level[1].cat);
1309 free(lrt);
1310 }
1311
1312 if (p->type_attr_map) {
1313 for (i = 0; i < p->p_types.nprim; i++) {
1314 ebitmap_destroy(&p->type_attr_map[i]);
1315 }
1316 free(p->type_attr_map);
1317 }
1318
1319 if (p->attr_type_map) {
1320 for (i = 0; i < p->p_types.nprim; i++) {
1321 ebitmap_destroy(&p->attr_type_map[i]);
1322 }
1323 free(p->attr_type_map);
1324 }
1325
1326 return;
1327 }
1328
symtabs_destroy(symtab_t * symtab)1329 void symtabs_destroy(symtab_t * symtab)
1330 {
1331 int i;
1332 for (i = 0; i < SYM_NUM; i++) {
1333 hashtab_map(symtab[i].table, destroy_f[i], 0);
1334 hashtab_destroy(symtab[i].table);
1335 }
1336 }
1337
scope_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1338 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1339 __attribute__ ((unused)))
1340 {
1341 scope_datum_t *cur = (scope_datum_t *) datum;
1342 free(key);
1343 if (cur != NULL) {
1344 free(cur->decl_ids);
1345 }
1346 free(cur);
1347 return 0;
1348 }
1349
get_symtab_destroy_func(int sym_num)1350 hashtab_destroy_func_t get_symtab_destroy_func(int sym_num)
1351 {
1352 if (sym_num < 0 || sym_num >= SYM_NUM) {
1353 return NULL;
1354 }
1355 return (hashtab_destroy_func_t) destroy_f[sym_num];
1356 }
1357
1358 /*
1359 * Load the initial SIDs specified in a policy database
1360 * structure into a SID table.
1361 */
policydb_load_isids(policydb_t * p,sidtab_t * s)1362 int policydb_load_isids(policydb_t * p, sidtab_t * s)
1363 {
1364 ocontext_t *head, *c;
1365
1366 if (sepol_sidtab_init(s)) {
1367 ERR(NULL, "out of memory on SID table init");
1368 return -1;
1369 }
1370
1371 head = p->ocontexts[OCON_ISID];
1372 for (c = head; c; c = c->next) {
1373 if (!c->context[0].user) {
1374 ERR(NULL, "SID %s was never defined", c->u.name);
1375 return -1;
1376 }
1377 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1378 ERR(NULL, "unable to load initial SID %s", c->u.name);
1379 return -1;
1380 }
1381 }
1382
1383 return 0;
1384 }
1385
1386 /* Declare a symbol for a certain avrule_block context. Insert it
1387 * into a symbol table for a policy. This function will handle
1388 * inserting the appropriate scope information in addition to
1389 * inserting the symbol into the hash table.
1390 *
1391 * arguments:
1392 * policydb_t *pol module policy to modify
1393 * uint32_t sym the symbole table for insertion (SYM_*)
1394 * hashtab_key_t key the key for the symbol - not cloned
1395 * hashtab_datum_t data the data for the symbol - not cloned
1396 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1397 * avrule_decl_id identifier for this symbol's encapsulating declaration
1398 * value (out) assigned value to the symbol (if value is not NULL)
1399 *
1400 * returns:
1401 * 0 success
1402 * 1 success, but symbol already existed as a requirement
1403 * (datum was not inserted and needs to be free()d)
1404 * -1 general error
1405 * -2 scope conflicted
1406 * -ENOMEM memory error
1407 * error codes from hashtab_insert
1408 */
symtab_insert(policydb_t * pol,uint32_t sym,hashtab_key_t key,hashtab_datum_t datum,uint32_t scope,uint32_t avrule_decl_id,uint32_t * value)1409 int symtab_insert(policydb_t * pol, uint32_t sym,
1410 hashtab_key_t key, hashtab_datum_t datum,
1411 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1412 {
1413 int rc, retval = 0;
1414 unsigned int i;
1415 scope_datum_t *scope_datum;
1416
1417 /* check if the symbol is already there. multiple
1418 * declarations of non-roles/non-users are illegal, but
1419 * multiple requires are allowed. */
1420
1421 /* FIX ME - the failures after the hashtab_insert will leave
1422 * the policy in a inconsistent state. */
1423 rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1424 if (rc == SEPOL_OK) {
1425 /* if no value is passed in the symbol is not primary
1426 * (i.e. aliases) */
1427 if (value)
1428 *value = ++pol->symtab[sym].nprim;
1429 } else if (rc == SEPOL_EEXIST) {
1430 retval = 1; /* symbol not added -- need to free() later */
1431 } else {
1432 return rc;
1433 }
1434
1435 /* get existing scope information; if there is not one then
1436 * create it */
1437 scope_datum =
1438 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1439 if (scope_datum == NULL) {
1440 hashtab_key_t key2 = strdup((char *)key);
1441 if (!key2)
1442 return -ENOMEM;
1443 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1444 free(key2);
1445 return -ENOMEM;
1446 }
1447 scope_datum->scope = scope;
1448 scope_datum->decl_ids = NULL;
1449 scope_datum->decl_ids_len = 0;
1450 if ((rc =
1451 hashtab_insert(pol->scope[sym].table, key2,
1452 scope_datum)) != 0) {
1453 free(key2);
1454 free(scope_datum);
1455 return rc;
1456 }
1457 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1458 /* disallow multiple declarations for non-roles/users */
1459 if (sym != SYM_ROLES && sym != SYM_USERS) {
1460 return -2;
1461 }
1462 /* Further confine that a role attribute can't have the same
1463 * name as another regular role, and a role attribute can't
1464 * be declared more than once. */
1465 if (sym == SYM_ROLES) {
1466 role_datum_t *base_role;
1467 role_datum_t *cur_role = (role_datum_t *)datum;
1468
1469 base_role = (role_datum_t *)
1470 hashtab_search(pol->symtab[sym].table,
1471 key);
1472 assert(base_role != NULL);
1473
1474 if (!((base_role->flavor == ROLE_ROLE) &&
1475 (cur_role->flavor == ROLE_ROLE))) {
1476 /* Only regular roles are allowed to have
1477 * multiple declarations. */
1478 return -2;
1479 }
1480 }
1481 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1482 scope_datum->scope = SCOPE_DECL;
1483 } else if (scope_datum->scope != scope) {
1484 /* This only happens in DECL then REQUIRE case, which is handled by caller */
1485 return -2;
1486 }
1487
1488 /* search through the pre-existing list to avoid adding duplicates */
1489 for (i = 0; i < scope_datum->decl_ids_len; i++) {
1490 if (scope_datum->decl_ids[i] == avrule_decl_id) {
1491 /* already there, so don't modify its scope */
1492 return retval;
1493 }
1494 }
1495
1496 if (add_i_to_a(avrule_decl_id,
1497 &scope_datum->decl_ids_len,
1498 &scope_datum->decl_ids) == -1) {
1499 return -ENOMEM;
1500 }
1501
1502 return retval;
1503 }
1504
type_set_or(type_set_t * dst,type_set_t * a,type_set_t * b)1505 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b)
1506 {
1507 type_set_init(dst);
1508
1509 if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1510 return -1;
1511 }
1512 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1513 return -1;
1514 }
1515
1516 dst->flags |= a->flags;
1517 dst->flags |= b->flags;
1518
1519 return 0;
1520 }
1521
type_set_cpy(type_set_t * dst,type_set_t * src)1522 int type_set_cpy(type_set_t * dst, type_set_t * src)
1523 {
1524 type_set_init(dst);
1525
1526 dst->flags = src->flags;
1527 if (ebitmap_cpy(&dst->types, &src->types))
1528 return -1;
1529 if (ebitmap_cpy(&dst->negset, &src->negset))
1530 return -1;
1531
1532 return 0;
1533 }
1534
type_set_or_eq(type_set_t * dst,type_set_t * other)1535 int type_set_or_eq(type_set_t * dst, type_set_t * other)
1536 {
1537 int ret;
1538 type_set_t tmp;
1539
1540 if (type_set_or(&tmp, dst, other))
1541 return -1;
1542 type_set_destroy(dst);
1543 ret = type_set_cpy(dst, &tmp);
1544 type_set_destroy(&tmp);
1545
1546 return ret;
1547 }
1548
role_set_get_role(role_set_t * x,uint32_t role)1549 int role_set_get_role(role_set_t * x, uint32_t role)
1550 {
1551 if (x->flags & ROLE_STAR)
1552 return 1;
1553
1554 if (ebitmap_get_bit(&x->roles, role - 1)) {
1555 if (x->flags & ROLE_COMP)
1556 return 0;
1557 else
1558 return 1;
1559 } else {
1560 if (x->flags & ROLE_COMP)
1561 return 1;
1562 else
1563 return 0;
1564 }
1565 }
1566
1567 /***********************************************************************/
1568 /* everything below is for policy reads */
1569
1570 /* The following are read functions for module structures */
1571
role_set_read(role_set_t * r,struct policy_file * fp)1572 static int role_set_read(role_set_t * r, struct policy_file *fp)
1573 {
1574 uint32_t buf[1];
1575 int rc;
1576
1577 if (ebitmap_read(&r->roles, fp))
1578 return -1;
1579 rc = next_entry(buf, fp, sizeof(uint32_t));
1580 if (rc < 0)
1581 return -1;
1582 r->flags = le32_to_cpu(buf[0]);
1583
1584 return 0;
1585 }
1586
type_set_read(type_set_t * t,struct policy_file * fp)1587 static int type_set_read(type_set_t * t, struct policy_file *fp)
1588 {
1589 uint32_t buf[1];
1590 int rc;
1591
1592 if (ebitmap_read(&t->types, fp))
1593 return -1;
1594 if (ebitmap_read(&t->negset, fp))
1595 return -1;
1596
1597 rc = next_entry(buf, fp, sizeof(uint32_t));
1598 if (rc < 0)
1599 return -1;
1600 t->flags = le32_to_cpu(buf[0]);
1601
1602 return 0;
1603 }
1604
1605 /*
1606 * Read a MLS range structure from a policydb binary
1607 * representation file.
1608 */
mls_read_range_helper(mls_range_t * r,struct policy_file * fp)1609 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1610 {
1611 uint32_t buf[2], items;
1612 int rc;
1613
1614 rc = next_entry(buf, fp, sizeof(uint32_t));
1615 if (rc < 0)
1616 goto out;
1617
1618 items = le32_to_cpu(buf[0]);
1619 if (items > ARRAY_SIZE(buf)) {
1620 ERR(fp->handle, "range overflow");
1621 rc = -EINVAL;
1622 goto out;
1623 }
1624 rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1625 if (rc < 0) {
1626 ERR(fp->handle, "truncated range");
1627 goto out;
1628 }
1629 r->level[0].sens = le32_to_cpu(buf[0]);
1630 if (items > 1)
1631 r->level[1].sens = le32_to_cpu(buf[1]);
1632 else
1633 r->level[1].sens = r->level[0].sens;
1634
1635 rc = ebitmap_read(&r->level[0].cat, fp);
1636 if (rc) {
1637 ERR(fp->handle, "error reading low categories");
1638 goto out;
1639 }
1640 if (items > 1) {
1641 rc = ebitmap_read(&r->level[1].cat, fp);
1642 if (rc) {
1643 ERR(fp->handle, "error reading high categories");
1644 goto bad_high;
1645 }
1646 } else {
1647 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1648 if (rc) {
1649 ERR(fp->handle, "out of memory");
1650 goto bad_high;
1651 }
1652 }
1653
1654 rc = 0;
1655 out:
1656 return rc;
1657 bad_high:
1658 ebitmap_destroy(&r->level[0].cat);
1659 goto out;
1660 }
1661
1662 /*
1663 * Read a semantic MLS level structure from a policydb binary
1664 * representation file.
1665 */
mls_read_semantic_level_helper(mls_semantic_level_t * l,struct policy_file * fp)1666 static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1667 struct policy_file *fp)
1668 {
1669 uint32_t buf[2], ncat;
1670 unsigned int i;
1671 mls_semantic_cat_t *cat;
1672 int rc;
1673
1674 mls_semantic_level_init(l);
1675
1676 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1677 if (rc < 0) {
1678 ERR(fp->handle, "truncated level");
1679 goto bad;
1680 }
1681 l->sens = le32_to_cpu(buf[0]);
1682
1683 ncat = le32_to_cpu(buf[1]);
1684 for (i = 0; i < ncat; i++) {
1685 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1686 if (!cat) {
1687 ERR(fp->handle, "out of memory");
1688 goto bad;
1689 }
1690
1691 mls_semantic_cat_init(cat);
1692 cat->next = l->cat;
1693 l->cat = cat;
1694
1695 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1696 if (rc < 0) {
1697 ERR(fp->handle, "error reading level categories");
1698 goto bad;
1699 }
1700 cat->low = le32_to_cpu(buf[0]);
1701 cat->high = le32_to_cpu(buf[1]);
1702 }
1703
1704 return 0;
1705
1706 bad:
1707 return -EINVAL;
1708 }
1709
1710 /*
1711 * Read a semantic MLS range structure from a policydb binary
1712 * representation file.
1713 */
mls_read_semantic_range_helper(mls_semantic_range_t * r,struct policy_file * fp)1714 static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1715 struct policy_file *fp)
1716 {
1717 int rc;
1718
1719 rc = mls_read_semantic_level_helper(&r->level[0], fp);
1720 if (rc)
1721 return rc;
1722
1723 rc = mls_read_semantic_level_helper(&r->level[1], fp);
1724
1725 return rc;
1726 }
1727
mls_level_to_semantic(mls_level_t * l,mls_semantic_level_t * sl)1728 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1729 {
1730 unsigned int i;
1731 ebitmap_node_t *cnode;
1732 mls_semantic_cat_t *open_cat = NULL;
1733
1734 mls_semantic_level_init(sl);
1735 sl->sens = l->sens;
1736 ebitmap_for_each_bit(&l->cat, cnode, i) {
1737 if (ebitmap_node_get_bit(cnode, i)) {
1738 if (open_cat)
1739 continue;
1740 open_cat = (mls_semantic_cat_t *)
1741 malloc(sizeof(mls_semantic_cat_t));
1742 if (!open_cat)
1743 return -1;
1744
1745 mls_semantic_cat_init(open_cat);
1746 open_cat->low = i + 1;
1747 open_cat->next = sl->cat;
1748 sl->cat = open_cat;
1749 } else {
1750 if (!open_cat)
1751 continue;
1752 open_cat->high = i;
1753 open_cat = NULL;
1754 }
1755 }
1756 if (open_cat)
1757 open_cat->high = i;
1758
1759 return 0;
1760 }
1761
mls_range_to_semantic(mls_range_t * r,mls_semantic_range_t * sr)1762 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
1763 {
1764 if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
1765 return -1;
1766
1767 if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
1768 return -1;
1769
1770 return 0;
1771 }
1772
1773 /*
1774 * Read and validate a security context structure
1775 * from a policydb binary representation file.
1776 */
context_read_and_validate(context_struct_t * c,policydb_t * p,struct policy_file * fp)1777 static int context_read_and_validate(context_struct_t * c,
1778 policydb_t * p, struct policy_file *fp)
1779 {
1780 uint32_t buf[3];
1781 int rc;
1782
1783 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
1784 if (rc < 0) {
1785 ERR(fp->handle, "context truncated");
1786 return -1;
1787 }
1788 c->user = le32_to_cpu(buf[0]);
1789 c->role = le32_to_cpu(buf[1]);
1790 c->type = le32_to_cpu(buf[2]);
1791 if ((p->policy_type == POLICY_KERN
1792 && p->policyvers >= POLICYDB_VERSION_MLS)
1793 || (p->policy_type == POLICY_BASE
1794 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
1795 if (mls_read_range_helper(&c->range, fp)) {
1796 ERR(fp->handle, "error reading MLS range "
1797 "of context");
1798 return -1;
1799 }
1800 }
1801
1802 if (!policydb_context_isvalid(p, c)) {
1803 ERR(fp->handle, "invalid security context");
1804 context_destroy(c);
1805 return -1;
1806 }
1807 return 0;
1808 }
1809
1810 /*
1811 * The following *_read functions are used to
1812 * read the symbol data from a policy database
1813 * binary representation file.
1814 */
1815
perm_read(policydb_t * p,hashtab_t h,struct policy_file * fp)1816 static int perm_read(policydb_t * p
1817 __attribute__ ((unused)), hashtab_t h,
1818 struct policy_file *fp)
1819 {
1820 char *key = 0;
1821 perm_datum_t *perdatum;
1822 uint32_t buf[2];
1823 size_t len;
1824 int rc;
1825
1826 perdatum = calloc(1, sizeof(perm_datum_t));
1827 if (!perdatum)
1828 return -1;
1829
1830 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1831 if (rc < 0)
1832 goto bad;
1833
1834 len = le32_to_cpu(buf[0]);
1835 perdatum->s.value = le32_to_cpu(buf[1]);
1836
1837 key = malloc(len + 1);
1838 if (!key)
1839 goto bad;
1840 rc = next_entry(key, fp, len);
1841 if (rc < 0)
1842 goto bad;
1843 key[len] = 0;
1844
1845 if (hashtab_insert(h, key, perdatum))
1846 goto bad;
1847
1848 return 0;
1849
1850 bad:
1851 perm_destroy(key, perdatum, NULL);
1852 return -1;
1853 }
1854
common_read(policydb_t * p,hashtab_t h,struct policy_file * fp)1855 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
1856 {
1857 char *key = 0;
1858 common_datum_t *comdatum;
1859 uint32_t buf[4];
1860 size_t len, nel;
1861 unsigned int i;
1862 int rc;
1863
1864 comdatum = calloc(1, sizeof(common_datum_t));
1865 if (!comdatum)
1866 return -1;
1867
1868 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
1869 if (rc < 0)
1870 goto bad;
1871
1872 len = le32_to_cpu(buf[0]);
1873 comdatum->s.value = le32_to_cpu(buf[1]);
1874
1875 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
1876 goto bad;
1877 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1878 nel = le32_to_cpu(buf[3]);
1879
1880 key = malloc(len + 1);
1881 if (!key)
1882 goto bad;
1883 rc = next_entry(key, fp, len);
1884 if (rc < 0)
1885 goto bad;
1886 key[len] = 0;
1887
1888 for (i = 0; i < nel; i++) {
1889 if (perm_read(p, comdatum->permissions.table, fp))
1890 goto bad;
1891 }
1892
1893 if (hashtab_insert(h, key, comdatum))
1894 goto bad;
1895
1896 return 0;
1897
1898 bad:
1899 common_destroy(key, comdatum, NULL);
1900 return -1;
1901 }
1902
read_cons_helper(policydb_t * p,constraint_node_t ** nodep,unsigned int ncons,int allowxtarget,struct policy_file * fp)1903 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
1904 unsigned int ncons,
1905 int allowxtarget, struct policy_file *fp)
1906 {
1907 constraint_node_t *c, *lc;
1908 constraint_expr_t *e, *le;
1909 uint32_t buf[3];
1910 size_t nexpr;
1911 unsigned int i, j;
1912 int rc, depth;
1913
1914 lc = NULL;
1915 for (i = 0; i < ncons; i++) {
1916 c = calloc(1, sizeof(constraint_node_t));
1917 if (!c)
1918 return -1;
1919
1920 if (lc)
1921 lc->next = c;
1922 else
1923 *nodep = c;
1924
1925 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
1926 if (rc < 0)
1927 return -1;
1928 c->permissions = le32_to_cpu(buf[0]);
1929 nexpr = le32_to_cpu(buf[1]);
1930 le = NULL;
1931 depth = -1;
1932 for (j = 0; j < nexpr; j++) {
1933 e = malloc(sizeof(constraint_expr_t));
1934 if (!e)
1935 return -1;
1936 if (constraint_expr_init(e) == -1) {
1937 free(e);
1938 return -1;
1939 }
1940 if (le) {
1941 le->next = e;
1942 } else {
1943 c->expr = e;
1944 }
1945
1946 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
1947 if (rc < 0)
1948 return -1;
1949 e->expr_type = le32_to_cpu(buf[0]);
1950 e->attr = le32_to_cpu(buf[1]);
1951 e->op = le32_to_cpu(buf[2]);
1952
1953 switch (e->expr_type) {
1954 case CEXPR_NOT:
1955 if (depth < 0)
1956 return -1;
1957 break;
1958 case CEXPR_AND:
1959 case CEXPR_OR:
1960 if (depth < 1)
1961 return -1;
1962 depth--;
1963 break;
1964 case CEXPR_ATTR:
1965 if (depth == (CEXPR_MAXDEPTH - 1))
1966 return -1;
1967 depth++;
1968 break;
1969 case CEXPR_NAMES:
1970 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1971 return -1;
1972 if (depth == (CEXPR_MAXDEPTH - 1))
1973 return -1;
1974 depth++;
1975 if (ebitmap_read(&e->names, fp))
1976 return -1;
1977 if (p->policy_type != POLICY_KERN &&
1978 type_set_read(e->type_names, fp))
1979 return -1;
1980 break;
1981 default:
1982 return -1;
1983 }
1984 le = e;
1985 }
1986 if (depth != 0)
1987 return -1;
1988 lc = c;
1989 }
1990
1991 return 0;
1992 }
1993
class_read(policydb_t * p,hashtab_t h,struct policy_file * fp)1994 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
1995 {
1996 char *key = 0;
1997 class_datum_t *cladatum;
1998 uint32_t buf[6];
1999 size_t len, len2, ncons, nel;
2000 unsigned int i;
2001 int rc;
2002
2003 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2004 if (!cladatum)
2005 return -1;
2006
2007 rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2008 if (rc < 0)
2009 goto bad;
2010
2011 len = le32_to_cpu(buf[0]);
2012 len2 = le32_to_cpu(buf[1]);
2013 cladatum->s.value = le32_to_cpu(buf[2]);
2014
2015 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2016 goto bad;
2017 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2018 nel = le32_to_cpu(buf[4]);
2019
2020 ncons = le32_to_cpu(buf[5]);
2021
2022 key = malloc(len + 1);
2023 if (!key)
2024 goto bad;
2025 rc = next_entry(key, fp, len);
2026 if (rc < 0)
2027 goto bad;
2028 key[len] = 0;
2029
2030 if (len2) {
2031 cladatum->comkey = malloc(len2 + 1);
2032 if (!cladatum->comkey)
2033 goto bad;
2034 rc = next_entry(cladatum->comkey, fp, len2);
2035 if (rc < 0)
2036 goto bad;
2037 cladatum->comkey[len2] = 0;
2038
2039 cladatum->comdatum = hashtab_search(p->p_commons.table,
2040 cladatum->comkey);
2041 if (!cladatum->comdatum) {
2042 ERR(fp->handle, "unknown common %s", cladatum->comkey);
2043 goto bad;
2044 }
2045 }
2046 for (i = 0; i < nel; i++) {
2047 if (perm_read(p, cladatum->permissions.table, fp))
2048 goto bad;
2049 }
2050
2051 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2052 goto bad;
2053
2054 if ((p->policy_type == POLICY_KERN
2055 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2056 || (p->policy_type == POLICY_BASE
2057 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2058 /* grab the validatetrans rules */
2059 rc = next_entry(buf, fp, sizeof(uint32_t));
2060 if (rc < 0)
2061 goto bad;
2062 ncons = le32_to_cpu(buf[0]);
2063 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2064 goto bad;
2065 }
2066
2067 if (hashtab_insert(h, key, cladatum))
2068 goto bad;
2069
2070 return 0;
2071
2072 bad:
2073 class_destroy(key, cladatum, NULL);
2074 return -1;
2075 }
2076
role_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2077 static int role_read(policydb_t * p
2078 __attribute__ ((unused)), hashtab_t h,
2079 struct policy_file *fp)
2080 {
2081 char *key = 0;
2082 role_datum_t *role;
2083 uint32_t buf[3];
2084 size_t len;
2085 int rc, to_read = 2;
2086
2087 role = calloc(1, sizeof(role_datum_t));
2088 if (!role)
2089 return -1;
2090
2091 if (policydb_has_boundary_feature(p))
2092 to_read = 3;
2093
2094 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2095 if (rc < 0)
2096 goto bad;
2097
2098 len = le32_to_cpu(buf[0]);
2099 role->s.value = le32_to_cpu(buf[1]);
2100 if (policydb_has_boundary_feature(p))
2101 role->bounds = le32_to_cpu(buf[2]);
2102
2103 key = malloc(len + 1);
2104 if (!key)
2105 goto bad;
2106 rc = next_entry(key, fp, len);
2107 if (rc < 0)
2108 goto bad;
2109 key[len] = 0;
2110
2111 if (ebitmap_read(&role->dominates, fp))
2112 goto bad;
2113
2114 if (p->policy_type == POLICY_KERN) {
2115 if (ebitmap_read(&role->types.types, fp))
2116 goto bad;
2117 } else {
2118 if (type_set_read(&role->types, fp))
2119 goto bad;
2120 }
2121
2122 if (p->policy_type != POLICY_KERN &&
2123 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2124 rc = next_entry(buf, fp, sizeof(uint32_t));
2125 if (rc < 0)
2126 goto bad;
2127
2128 role->flavor = le32_to_cpu(buf[0]);
2129
2130 if (ebitmap_read(&role->roles, fp))
2131 goto bad;
2132 }
2133
2134 if (strcmp(key, OBJECT_R) == 0) {
2135 if (role->s.value != OBJECT_R_VAL) {
2136 ERR(fp->handle, "role %s has wrong value %d",
2137 OBJECT_R, role->s.value);
2138 role_destroy(key, role, NULL);
2139 return -1;
2140 }
2141 role_destroy(key, role, NULL);
2142 return 0;
2143 }
2144
2145 if (hashtab_insert(h, key, role))
2146 goto bad;
2147
2148 return 0;
2149
2150 bad:
2151 role_destroy(key, role, NULL);
2152 return -1;
2153 }
2154
type_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2155 static int type_read(policydb_t * p
2156 __attribute__ ((unused)), hashtab_t h,
2157 struct policy_file *fp)
2158 {
2159 char *key = 0;
2160 type_datum_t *typdatum;
2161 uint32_t buf[5];
2162 size_t len;
2163 int rc, to_read;
2164 int pos = 0;
2165
2166 typdatum = calloc(1, sizeof(type_datum_t));
2167 if (!typdatum)
2168 return -1;
2169
2170 if (policydb_has_boundary_feature(p)) {
2171 if (p->policy_type != POLICY_KERN
2172 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2173 to_read = 5;
2174 else
2175 to_read = 4;
2176 }
2177 else if (p->policy_type == POLICY_KERN)
2178 to_read = 3;
2179 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2180 to_read = 5;
2181 else
2182 to_read = 4;
2183
2184 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2185 if (rc < 0)
2186 goto bad;
2187
2188 len = le32_to_cpu(buf[pos]);
2189 typdatum->s.value = le32_to_cpu(buf[++pos]);
2190 if (policydb_has_boundary_feature(p)) {
2191 uint32_t properties;
2192
2193 if (p->policy_type != POLICY_KERN
2194 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2195 typdatum->primary = le32_to_cpu(buf[++pos]);
2196 properties = le32_to_cpu(buf[++pos]);
2197 }
2198 else {
2199 properties = le32_to_cpu(buf[++pos]);
2200
2201 if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2202 typdatum->primary = 1;
2203 }
2204
2205 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2206 typdatum->flavor = TYPE_ATTRIB;
2207 if (properties & TYPEDATUM_PROPERTY_ALIAS
2208 && p->policy_type != POLICY_KERN)
2209 typdatum->flavor = TYPE_ALIAS;
2210 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2211 && p->policy_type != POLICY_KERN)
2212 typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2213
2214 typdatum->bounds = le32_to_cpu(buf[++pos]);
2215 } else {
2216 typdatum->primary = le32_to_cpu(buf[++pos]);
2217 if (p->policy_type != POLICY_KERN) {
2218 typdatum->flavor = le32_to_cpu(buf[++pos]);
2219 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2220 typdatum->flags = le32_to_cpu(buf[++pos]);
2221 }
2222 }
2223
2224 if (p->policy_type != POLICY_KERN) {
2225 if (ebitmap_read(&typdatum->types, fp))
2226 goto bad;
2227 }
2228
2229 key = malloc(len + 1);
2230 if (!key)
2231 goto bad;
2232 rc = next_entry(key, fp, len);
2233 if (rc < 0)
2234 goto bad;
2235 key[len] = 0;
2236
2237 if (hashtab_insert(h, key, typdatum))
2238 goto bad;
2239
2240 return 0;
2241
2242 bad:
2243 type_destroy(key, typdatum, NULL);
2244 return -1;
2245 }
2246
role_trans_read(policydb_t * p,struct policy_file * fp)2247 int role_trans_read(policydb_t *p, struct policy_file *fp)
2248 {
2249 role_trans_t **t = &p->role_tr;
2250 unsigned int i;
2251 uint32_t buf[3], nel;
2252 role_trans_t *tr, *ltr;
2253 int rc;
2254 int new_roletr = (p->policy_type == POLICY_KERN &&
2255 p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2256
2257 rc = next_entry(buf, fp, sizeof(uint32_t));
2258 if (rc < 0)
2259 return -1;
2260 nel = le32_to_cpu(buf[0]);
2261 ltr = NULL;
2262 for (i = 0; i < nel; i++) {
2263 tr = calloc(1, sizeof(struct role_trans));
2264 if (!tr) {
2265 return -1;
2266 }
2267 if (ltr) {
2268 ltr->next = tr;
2269 } else {
2270 *t = tr;
2271 }
2272 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2273 if (rc < 0)
2274 return -1;
2275 tr->role = le32_to_cpu(buf[0]);
2276 tr->type = le32_to_cpu(buf[1]);
2277 tr->new_role = le32_to_cpu(buf[2]);
2278 if (new_roletr) {
2279 rc = next_entry(buf, fp, sizeof(uint32_t));
2280 if (rc < 0)
2281 return -1;
2282 tr->tclass = le32_to_cpu(buf[0]);
2283 } else
2284 tr->tclass = SECCLASS_PROCESS;
2285 ltr = tr;
2286 }
2287 return 0;
2288 }
2289
role_allow_read(role_allow_t ** r,struct policy_file * fp)2290 int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2291 {
2292 unsigned int i;
2293 uint32_t buf[2], nel;
2294 role_allow_t *ra, *lra;
2295 int rc;
2296
2297 rc = next_entry(buf, fp, sizeof(uint32_t));
2298 if (rc < 0)
2299 return -1;
2300 nel = le32_to_cpu(buf[0]);
2301 lra = NULL;
2302 for (i = 0; i < nel; i++) {
2303 ra = calloc(1, sizeof(struct role_allow));
2304 if (!ra) {
2305 return -1;
2306 }
2307 if (lra) {
2308 lra->next = ra;
2309 } else {
2310 *r = ra;
2311 }
2312 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2313 if (rc < 0)
2314 return -1;
2315 ra->role = le32_to_cpu(buf[0]);
2316 ra->new_role = le32_to_cpu(buf[1]);
2317 lra = ra;
2318 }
2319 return 0;
2320 }
2321
filename_trans_read(filename_trans_t ** t,struct policy_file * fp)2322 int filename_trans_read(filename_trans_t **t, struct policy_file *fp)
2323 {
2324 unsigned int i;
2325 uint32_t buf[4], nel, len;
2326 filename_trans_t *ft, *lft;
2327 int rc;
2328 char *name;
2329
2330 rc = next_entry(buf, fp, sizeof(uint32_t));
2331 if (rc < 0)
2332 return -1;
2333 nel = le32_to_cpu(buf[0]);
2334
2335 lft = NULL;
2336 for (i = 0; i < nel; i++) {
2337 ft = calloc(1, sizeof(struct filename_trans));
2338 if (!ft)
2339 return -1;
2340 if (lft)
2341 lft->next = ft;
2342 else
2343 *t = ft;
2344 lft = ft;
2345 rc = next_entry(buf, fp, sizeof(uint32_t));
2346 if (rc < 0)
2347 return -1;
2348 len = le32_to_cpu(buf[0]);
2349
2350 name = calloc(len, sizeof(*name));
2351 if (!name)
2352 return -1;
2353
2354 ft->name = name;
2355
2356 rc = next_entry(name, fp, len);
2357 if (rc < 0)
2358 return -1;
2359
2360 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2361 if (rc < 0)
2362 return -1;
2363
2364 ft->stype = le32_to_cpu(buf[0]);
2365 ft->ttype = le32_to_cpu(buf[1]);
2366 ft->tclass = le32_to_cpu(buf[2]);
2367 ft->otype = le32_to_cpu(buf[3]);
2368 }
2369 return 0;
2370 }
2371
ocontext_read_xen(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2372 static int ocontext_read_xen(struct policydb_compat_info *info,
2373 policydb_t *p, struct policy_file *fp)
2374 {
2375 unsigned int i, j;
2376 size_t nel;
2377 ocontext_t *l, *c;
2378 uint32_t buf[8];
2379 int rc;
2380
2381 for (i = 0; i < info->ocon_num; i++) {
2382 rc = next_entry(buf, fp, sizeof(uint32_t));
2383 if (rc < 0)
2384 return -1;
2385 nel = le32_to_cpu(buf[0]);
2386 l = NULL;
2387 for (j = 0; j < nel; j++) {
2388 c = calloc(1, sizeof(ocontext_t));
2389 if (!c)
2390 return -1;
2391 if (l)
2392 l->next = c;
2393 else
2394 p->ocontexts[i] = c;
2395 l = c;
2396 switch (i) {
2397 case OCON_XEN_ISID:
2398 rc = next_entry(buf, fp, sizeof(uint32_t));
2399 if (rc < 0)
2400 return -1;
2401 c->sid[0] = le32_to_cpu(buf[0]);
2402 if (context_read_and_validate
2403 (&c->context[0], p, fp))
2404 return -1;
2405 break;
2406 case OCON_XEN_PIRQ:
2407 rc = next_entry(buf, fp, sizeof(uint32_t));
2408 if (rc < 0)
2409 return -1;
2410 c->u.pirq = le32_to_cpu(buf[0]);
2411 if (context_read_and_validate
2412 (&c->context[0], p, fp))
2413 return -1;
2414 break;
2415 case OCON_XEN_IOPORT:
2416 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2417 if (rc < 0)
2418 return -1;
2419 c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2420 c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2421 if (context_read_and_validate
2422 (&c->context[0], p, fp))
2423 return -1;
2424 break;
2425 case OCON_XEN_IOMEM:
2426 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2427 if (rc < 0)
2428 return -1;
2429 c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2430 c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2431 if (context_read_and_validate
2432 (&c->context[0], p, fp))
2433 return -1;
2434 break;
2435 case OCON_XEN_PCIDEVICE:
2436 rc = next_entry(buf, fp, sizeof(uint32_t));
2437 if (rc < 0)
2438 return -1;
2439 c->u.device = le32_to_cpu(buf[0]);
2440 if (context_read_and_validate
2441 (&c->context[0], p, fp))
2442 return -1;
2443 break;
2444 default:
2445 /* should never get here */
2446 ERR(fp->handle, "Unknown Xen ocontext");
2447 return -1;
2448 }
2449 }
2450 }
2451 return 0;
2452 }
ocontext_read_selinux(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2453 static int ocontext_read_selinux(struct policydb_compat_info *info,
2454 policydb_t * p, struct policy_file *fp)
2455 {
2456 unsigned int i, j;
2457 size_t nel, len;
2458 ocontext_t *l, *c;
2459 uint32_t buf[8];
2460 int rc;
2461
2462 for (i = 0; i < info->ocon_num; i++) {
2463 rc = next_entry(buf, fp, sizeof(uint32_t));
2464 if (rc < 0)
2465 return -1;
2466 nel = le32_to_cpu(buf[0]);
2467 l = NULL;
2468 for (j = 0; j < nel; j++) {
2469 c = calloc(1, sizeof(ocontext_t));
2470 if (!c) {
2471 return -1;
2472 }
2473 if (l) {
2474 l->next = c;
2475 } else {
2476 p->ocontexts[i] = c;
2477 }
2478 l = c;
2479 switch (i) {
2480 case OCON_ISID:
2481 rc = next_entry(buf, fp, sizeof(uint32_t));
2482 if (rc < 0)
2483 return -1;
2484 c->sid[0] = le32_to_cpu(buf[0]);
2485 if (context_read_and_validate
2486 (&c->context[0], p, fp))
2487 return -1;
2488 break;
2489 case OCON_FS:
2490 case OCON_NETIF:
2491 rc = next_entry(buf, fp, sizeof(uint32_t));
2492 if (rc < 0)
2493 return -1;
2494 len = le32_to_cpu(buf[0]);
2495 c->u.name = malloc(len + 1);
2496 if (!c->u.name)
2497 return -1;
2498 rc = next_entry(c->u.name, fp, len);
2499 if (rc < 0)
2500 return -1;
2501 c->u.name[len] = 0;
2502 if (context_read_and_validate
2503 (&c->context[0], p, fp))
2504 return -1;
2505 if (context_read_and_validate
2506 (&c->context[1], p, fp))
2507 return -1;
2508 break;
2509 case OCON_PORT:
2510 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2511 if (rc < 0)
2512 return -1;
2513 c->u.port.protocol = le32_to_cpu(buf[0]);
2514 c->u.port.low_port = le32_to_cpu(buf[1]);
2515 c->u.port.high_port = le32_to_cpu(buf[2]);
2516 if (context_read_and_validate
2517 (&c->context[0], p, fp))
2518 return -1;
2519 break;
2520 case OCON_NODE:
2521 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2522 if (rc < 0)
2523 return -1;
2524 c->u.node.addr = buf[0]; /* network order */
2525 c->u.node.mask = buf[1]; /* network order */
2526 if (context_read_and_validate
2527 (&c->context[0], p, fp))
2528 return -1;
2529 break;
2530 case OCON_FSUSE:
2531 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2532 if (rc < 0)
2533 return -1;
2534 c->v.behavior = le32_to_cpu(buf[0]);
2535 len = le32_to_cpu(buf[1]);
2536 c->u.name = malloc(len + 1);
2537 if (!c->u.name)
2538 return -1;
2539 rc = next_entry(c->u.name, fp, len);
2540 if (rc < 0)
2541 return -1;
2542 c->u.name[len] = 0;
2543 if (context_read_and_validate
2544 (&c->context[0], p, fp))
2545 return -1;
2546 break;
2547 case OCON_NODE6:{
2548 int k;
2549
2550 rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
2551 if (rc < 0)
2552 return -1;
2553 for (k = 0; k < 4; k++)
2554 /* network order */
2555 c->u.node6.addr[k] = buf[k];
2556 for (k = 0; k < 4; k++)
2557 /* network order */
2558 c->u.node6.mask[k] = buf[k + 4];
2559 if (context_read_and_validate
2560 (&c->context[0], p, fp))
2561 return -1;
2562 break;
2563 }
2564 default:{
2565 ERR(fp->handle, "Unknown SELinux ocontext");
2566 return -1;
2567 }
2568 }
2569 }
2570 }
2571 return 0;
2572 }
2573
ocontext_read(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2574 static int ocontext_read(struct policydb_compat_info *info,
2575 policydb_t *p, struct policy_file *fp)
2576 {
2577 int rc = -1;
2578 switch (p->target_platform) {
2579 case SEPOL_TARGET_SELINUX:
2580 rc = ocontext_read_selinux(info, p, fp);
2581 break;
2582 case SEPOL_TARGET_XEN:
2583 rc = ocontext_read_xen(info, p, fp);
2584 break;
2585 default:
2586 ERR(fp->handle, "Unknown target");
2587 }
2588 return rc;
2589 }
2590
genfs_read(policydb_t * p,struct policy_file * fp)2591 static int genfs_read(policydb_t * p, struct policy_file *fp)
2592 {
2593 uint32_t buf[1];
2594 size_t nel, nel2, len, len2;
2595 genfs_t *genfs_p, *newgenfs, *genfs;
2596 unsigned int i, j;
2597 ocontext_t *l, *c, *newc = NULL;
2598 int rc;
2599
2600 rc = next_entry(buf, fp, sizeof(uint32_t));
2601 if (rc < 0)
2602 goto bad;
2603 nel = le32_to_cpu(buf[0]);
2604 genfs_p = NULL;
2605 for (i = 0; i < nel; i++) {
2606 rc = next_entry(buf, fp, sizeof(uint32_t));
2607 if (rc < 0)
2608 goto bad;
2609 len = le32_to_cpu(buf[0]);
2610 newgenfs = calloc(1, sizeof(genfs_t));
2611 if (!newgenfs)
2612 goto bad;
2613 newgenfs->fstype = malloc(len + 1);
2614 if (!newgenfs->fstype) {
2615 free(newgenfs);
2616 goto bad;
2617 }
2618 rc = next_entry(newgenfs->fstype, fp, len);
2619 if (rc < 0) {
2620 free(newgenfs->fstype);
2621 free(newgenfs);
2622 goto bad;
2623 }
2624 newgenfs->fstype[len] = 0;
2625 for (genfs_p = NULL, genfs = p->genfs; genfs;
2626 genfs_p = genfs, genfs = genfs->next) {
2627 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2628 ERR(fp->handle, "dup genfs fstype %s",
2629 newgenfs->fstype);
2630 free(newgenfs->fstype);
2631 free(newgenfs);
2632 goto bad;
2633 }
2634 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2635 break;
2636 }
2637 newgenfs->next = genfs;
2638 if (genfs_p)
2639 genfs_p->next = newgenfs;
2640 else
2641 p->genfs = newgenfs;
2642 rc = next_entry(buf, fp, sizeof(uint32_t));
2643 if (rc < 0)
2644 goto bad;
2645 nel2 = le32_to_cpu(buf[0]);
2646 for (j = 0; j < nel2; j++) {
2647 newc = calloc(1, sizeof(ocontext_t));
2648 if (!newc) {
2649 goto bad;
2650 }
2651 rc = next_entry(buf, fp, sizeof(uint32_t));
2652 if (rc < 0)
2653 goto bad;
2654 len = le32_to_cpu(buf[0]);
2655 newc->u.name = malloc(len + 1);
2656 if (!newc->u.name) {
2657 goto bad;
2658 }
2659 rc = next_entry(newc->u.name, fp, len);
2660 if (rc < 0)
2661 goto bad;
2662 newc->u.name[len] = 0;
2663 rc = next_entry(buf, fp, sizeof(uint32_t));
2664 if (rc < 0)
2665 goto bad;
2666 newc->v.sclass = le32_to_cpu(buf[0]);
2667 if (context_read_and_validate(&newc->context[0], p, fp))
2668 goto bad;
2669 for (l = NULL, c = newgenfs->head; c;
2670 l = c, c = c->next) {
2671 if (!strcmp(newc->u.name, c->u.name) &&
2672 (!c->v.sclass || !newc->v.sclass ||
2673 newc->v.sclass == c->v.sclass)) {
2674 ERR(fp->handle, "dup genfs entry "
2675 "(%s,%s)", newgenfs->fstype,
2676 c->u.name);
2677 goto bad;
2678 }
2679 len = strlen(newc->u.name);
2680 len2 = strlen(c->u.name);
2681 if (len > len2)
2682 break;
2683 }
2684 newc->next = c;
2685 if (l)
2686 l->next = newc;
2687 else
2688 newgenfs->head = newc;
2689 }
2690 }
2691
2692 return 0;
2693
2694 bad:
2695 if (newc) {
2696 context_destroy(&newc->context[0]);
2697 context_destroy(&newc->context[1]);
2698 free(newc->u.name);
2699 free(newc);
2700 }
2701 return -1;
2702 }
2703
2704 /*
2705 * Read a MLS level structure from a policydb binary
2706 * representation file.
2707 */
mls_read_level(mls_level_t * lp,struct policy_file * fp)2708 static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
2709 {
2710 uint32_t buf[1];
2711 int rc;
2712
2713 mls_level_init(lp);
2714
2715 rc = next_entry(buf, fp, sizeof(uint32_t));
2716 if (rc < 0) {
2717 ERR(fp->handle, "truncated level");
2718 goto bad;
2719 }
2720 lp->sens = le32_to_cpu(buf[0]);
2721
2722 if (ebitmap_read(&lp->cat, fp)) {
2723 ERR(fp->handle, "error reading level categories");
2724 goto bad;
2725 }
2726 return 0;
2727
2728 bad:
2729 return -EINVAL;
2730 }
2731
user_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2732 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2733 {
2734 char *key = 0;
2735 user_datum_t *usrdatum;
2736 uint32_t buf[3];
2737 size_t len;
2738 int rc, to_read = 2;
2739
2740 usrdatum = calloc(1, sizeof(user_datum_t));
2741 if (!usrdatum)
2742 return -1;
2743
2744 if (policydb_has_boundary_feature(p))
2745 to_read = 3;
2746
2747 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2748 if (rc < 0)
2749 goto bad;
2750
2751 len = le32_to_cpu(buf[0]);
2752 usrdatum->s.value = le32_to_cpu(buf[1]);
2753 if (policydb_has_boundary_feature(p))
2754 usrdatum->bounds = le32_to_cpu(buf[2]);
2755
2756 key = malloc(len + 1);
2757 if (!key)
2758 goto bad;
2759 rc = next_entry(key, fp, len);
2760 if (rc < 0)
2761 goto bad;
2762 key[len] = 0;
2763
2764 if (p->policy_type == POLICY_KERN) {
2765 if (ebitmap_read(&usrdatum->roles.roles, fp))
2766 goto bad;
2767 } else {
2768 if (role_set_read(&usrdatum->roles, fp))
2769 goto bad;
2770 }
2771
2772 /* users were not allowed in mls modules before version
2773 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
2774 * required - the mls fields will be empty. user declarations in
2775 * non-mls modules will also have empty mls fields */
2776 if ((p->policy_type == POLICY_KERN
2777 && p->policyvers >= POLICYDB_VERSION_MLS)
2778 || (p->policy_type == POLICY_MOD
2779 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
2780 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
2781 || (p->policy_type == POLICY_BASE
2782 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
2783 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
2784 if (mls_read_range_helper(&usrdatum->exp_range, fp))
2785 goto bad;
2786 if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
2787 goto bad;
2788 if (p->policy_type != POLICY_KERN) {
2789 if (mls_range_to_semantic(&usrdatum->exp_range,
2790 &usrdatum->range))
2791 goto bad;
2792 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
2793 &usrdatum->dfltlevel))
2794 goto bad;
2795 }
2796 } else if ((p->policy_type == POLICY_MOD
2797 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
2798 || (p->policy_type == POLICY_BASE
2799 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
2800 if (mls_read_semantic_range_helper(&usrdatum->range, fp))
2801 goto bad;
2802 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
2803 goto bad;
2804 }
2805
2806 if (hashtab_insert(h, key, usrdatum))
2807 goto bad;
2808
2809 return 0;
2810
2811 bad:
2812 user_destroy(key, usrdatum, NULL);
2813 return -1;
2814 }
2815
sens_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2816 static int sens_read(policydb_t * p
2817 __attribute__ ((unused)), hashtab_t h,
2818 struct policy_file *fp)
2819 {
2820 char *key = 0;
2821 level_datum_t *levdatum;
2822 uint32_t buf[2], len;
2823 int rc;
2824
2825 levdatum = malloc(sizeof(level_datum_t));
2826 if (!levdatum)
2827 return -1;
2828 level_datum_init(levdatum);
2829
2830 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2831 if (rc < 0)
2832 goto bad;
2833
2834 len = le32_to_cpu(buf[0]);
2835 levdatum->isalias = le32_to_cpu(buf[1]);
2836
2837 key = malloc(len + 1);
2838 if (!key)
2839 goto bad;
2840 rc = next_entry(key, fp, len);
2841 if (rc < 0)
2842 goto bad;
2843 key[len] = 0;
2844
2845 levdatum->level = malloc(sizeof(mls_level_t));
2846 if (!levdatum->level || mls_read_level(levdatum->level, fp))
2847 goto bad;
2848
2849 if (hashtab_insert(h, key, levdatum))
2850 goto bad;
2851
2852 return 0;
2853
2854 bad:
2855 sens_destroy(key, levdatum, NULL);
2856 return -1;
2857 }
2858
cat_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2859 static int cat_read(policydb_t * p
2860 __attribute__ ((unused)), hashtab_t h,
2861 struct policy_file *fp)
2862 {
2863 char *key = 0;
2864 cat_datum_t *catdatum;
2865 uint32_t buf[3], len;
2866 int rc;
2867
2868 catdatum = malloc(sizeof(cat_datum_t));
2869 if (!catdatum)
2870 return -1;
2871 cat_datum_init(catdatum);
2872
2873 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2874 if (rc < 0)
2875 goto bad;
2876
2877 len = le32_to_cpu(buf[0]);
2878 catdatum->s.value = le32_to_cpu(buf[1]);
2879 catdatum->isalias = le32_to_cpu(buf[2]);
2880
2881 key = malloc(len + 1);
2882 if (!key)
2883 goto bad;
2884 rc = next_entry(key, fp, len);
2885 if (rc < 0)
2886 goto bad;
2887 key[len] = 0;
2888
2889 if (hashtab_insert(h, key, catdatum))
2890 goto bad;
2891
2892 return 0;
2893
2894 bad:
2895 cat_destroy(key, catdatum, NULL);
2896 return -1;
2897 }
2898
2899 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
2900 struct policy_file * fp) = {
2901 common_read, class_read, role_read, type_read, user_read,
2902 cond_read_bool, sens_read, cat_read,};
2903
2904 /************** module reading functions below **************/
2905
avrule_read(policydb_t * p,struct policy_file * fp)2906 static avrule_t *avrule_read(policydb_t * p
2907 __attribute__ ((unused)), struct policy_file *fp)
2908 {
2909 unsigned int i;
2910 uint32_t buf[2], len;
2911 class_perm_node_t *cur, *tail = NULL;
2912 avrule_t *avrule;
2913 int rc;
2914
2915 avrule = (avrule_t *) malloc(sizeof(avrule_t));
2916 if (!avrule)
2917 return NULL;
2918
2919 avrule_init(avrule);
2920
2921 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2922 if (rc < 0)
2923 goto bad;
2924
2925 (avrule)->specified = le32_to_cpu(buf[0]);
2926 (avrule)->flags = le32_to_cpu(buf[1]);
2927
2928 if (type_set_read(&avrule->stypes, fp))
2929 goto bad;
2930
2931 if (type_set_read(&avrule->ttypes, fp))
2932 goto bad;
2933
2934 rc = next_entry(buf, fp, sizeof(uint32_t));
2935 if (rc < 0)
2936 goto bad;
2937 len = le32_to_cpu(buf[0]);
2938
2939 for (i = 0; i < len; i++) {
2940 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
2941 if (!cur)
2942 goto bad;
2943 class_perm_node_init(cur);
2944
2945 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2946 if (rc < 0) {
2947 free(cur);
2948 goto bad;
2949 }
2950
2951 cur->class = le32_to_cpu(buf[0]);
2952 cur->data = le32_to_cpu(buf[1]);
2953
2954 if (!tail) {
2955 avrule->perms = cur;
2956 } else {
2957 tail->next = cur;
2958 }
2959 tail = cur;
2960 }
2961
2962 return avrule;
2963 bad:
2964 if (avrule) {
2965 avrule_destroy(avrule);
2966 free(avrule);
2967 }
2968 return NULL;
2969 }
2970
range_read(policydb_t * p,struct policy_file * fp)2971 static int range_read(policydb_t * p, struct policy_file *fp)
2972 {
2973 uint32_t buf[2], nel;
2974 range_trans_t *rt, *lrt;
2975 range_trans_rule_t *rtr, *lrtr = NULL;
2976 unsigned int i;
2977 int new_rangetr = (p->policy_type == POLICY_KERN &&
2978 p->policyvers >= POLICYDB_VERSION_RANGETRANS);
2979 int rc;
2980
2981 rc = next_entry(buf, fp, sizeof(uint32_t));
2982 if (rc < 0)
2983 return -1;
2984 nel = le32_to_cpu(buf[0]);
2985 lrt = NULL;
2986 for (i = 0; i < nel; i++) {
2987 rt = calloc(1, sizeof(range_trans_t));
2988 if (!rt)
2989 return -1;
2990 if (lrt)
2991 lrt->next = rt;
2992 else
2993 p->range_tr = rt;
2994 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2995 if (rc < 0)
2996 return -1;
2997 rt->source_type = le32_to_cpu(buf[0]);
2998 rt->target_type = le32_to_cpu(buf[1]);
2999 if (new_rangetr) {
3000 rc = next_entry(buf, fp, (sizeof(uint32_t)));
3001 if (rc < 0)
3002 return -1;
3003 rt->target_class = le32_to_cpu(buf[0]);
3004 } else
3005 rt->target_class = SECCLASS_PROCESS;
3006 if (mls_read_range_helper(&rt->target_range, fp))
3007 return -1;
3008 lrt = rt;
3009 }
3010
3011 /* if this is a kernel policy, we are done - otherwise we need to
3012 * convert these structs to range_trans_rule_ts */
3013 if (p->policy_type == POLICY_KERN)
3014 return 0;
3015
3016 /* create range_trans_rules_ts that correspond to the range_trans_ts
3017 * that were just read in from an older policy */
3018 for (rt = p->range_tr; rt; rt = rt->next) {
3019 rtr = malloc(sizeof(range_trans_rule_t));
3020 if (!rtr) {
3021 return -1;
3022 }
3023 range_trans_rule_init(rtr);
3024
3025 if (lrtr)
3026 lrtr->next = rtr;
3027 else
3028 p->global->enabled->range_tr_rules = rtr;
3029
3030 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3031 return -1;
3032
3033 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3034 return -1;
3035
3036 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3037 return -1;
3038
3039 if (mls_range_to_semantic(&rt->target_range, &rtr->trange))
3040 return -1;
3041
3042 lrtr = rtr;
3043 }
3044
3045 /* now destroy the range_trans_ts */
3046 lrt = NULL;
3047 for (rt = p->range_tr; rt; rt = rt->next) {
3048 if (lrt) {
3049 ebitmap_destroy(&lrt->target_range.level[0].cat);
3050 ebitmap_destroy(&lrt->target_range.level[1].cat);
3051 free(lrt);
3052 }
3053 lrt = rt;
3054 }
3055 if (lrt) {
3056 ebitmap_destroy(&lrt->target_range.level[0].cat);
3057 ebitmap_destroy(&lrt->target_range.level[1].cat);
3058 free(lrt);
3059 }
3060 p->range_tr = NULL;
3061
3062 return 0;
3063 }
3064
avrule_read_list(policydb_t * p,avrule_t ** avrules,struct policy_file * fp)3065 int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3066 struct policy_file *fp)
3067 {
3068 unsigned int i;
3069 avrule_t *cur, *tail;
3070 uint32_t buf[1], len;
3071 int rc;
3072
3073 *avrules = tail = NULL;
3074
3075 rc = next_entry(buf, fp, sizeof(uint32_t));
3076 if (rc < 0) {
3077 return -1;
3078 }
3079 len = le32_to_cpu(buf[0]);
3080
3081 for (i = 0; i < len; i++) {
3082 cur = avrule_read(p, fp);
3083 if (!cur) {
3084 return -1;
3085 }
3086
3087 if (!tail) {
3088 *avrules = cur;
3089 } else {
3090 tail->next = cur;
3091 }
3092 tail = cur;
3093 }
3094
3095 return 0;
3096 }
3097
role_trans_rule_read(policydb_t * p,role_trans_rule_t ** r,struct policy_file * fp)3098 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3099 struct policy_file *fp)
3100 {
3101 uint32_t buf[1], nel;
3102 unsigned int i;
3103 role_trans_rule_t *tr, *ltr;
3104 int rc;
3105
3106 rc = next_entry(buf, fp, sizeof(uint32_t));
3107 if (rc < 0)
3108 return -1;
3109 nel = le32_to_cpu(buf[0]);
3110 ltr = NULL;
3111 for (i = 0; i < nel; i++) {
3112 tr = malloc(sizeof(role_trans_rule_t));
3113 if (!tr) {
3114 return -1;
3115 }
3116 role_trans_rule_init(tr);
3117
3118 if (ltr) {
3119 ltr->next = tr;
3120 } else {
3121 *r = tr;
3122 }
3123
3124 if (role_set_read(&tr->roles, fp))
3125 return -1;
3126
3127 if (type_set_read(&tr->types, fp))
3128 return -1;
3129
3130 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3131 if (ebitmap_read(&tr->classes, fp))
3132 return -1;
3133 } else {
3134 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1))
3135 return -1;
3136 }
3137
3138 rc = next_entry(buf, fp, sizeof(uint32_t));
3139 if (rc < 0)
3140 return -1;
3141 tr->new_role = le32_to_cpu(buf[0]);
3142 ltr = tr;
3143 }
3144
3145 return 0;
3146 }
3147
role_allow_rule_read(role_allow_rule_t ** r,struct policy_file * fp)3148 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3149 {
3150 unsigned int i;
3151 uint32_t buf[1], nel;
3152 role_allow_rule_t *ra, *lra;
3153 int rc;
3154
3155 rc = next_entry(buf, fp, sizeof(uint32_t));
3156 if (rc < 0)
3157 return -1;
3158 nel = le32_to_cpu(buf[0]);
3159 lra = NULL;
3160 for (i = 0; i < nel; i++) {
3161 ra = malloc(sizeof(role_allow_rule_t));
3162 if (!ra) {
3163 return -1;
3164 }
3165 role_allow_rule_init(ra);
3166
3167 if (lra) {
3168 lra->next = ra;
3169 } else {
3170 *r = ra;
3171 }
3172
3173 if (role_set_read(&ra->roles, fp))
3174 return -1;
3175
3176 if (role_set_read(&ra->new_roles, fp))
3177 return -1;
3178
3179 lra = ra;
3180 }
3181 return 0;
3182 }
3183
filename_trans_rule_read(filename_trans_rule_t ** r,struct policy_file * fp)3184 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp)
3185 {
3186 uint32_t buf[2], nel;
3187 unsigned int i, len;
3188 filename_trans_rule_t *ftr, *lftr;
3189 int rc;
3190
3191 rc = next_entry(buf, fp, sizeof(uint32_t));
3192 if (rc < 0)
3193 return -1;
3194 nel = le32_to_cpu(buf[0]);
3195 lftr = NULL;
3196 for (i = 0; i < nel; i++) {
3197 ftr = malloc(sizeof(*ftr));
3198 if (!ftr)
3199 return -1;
3200
3201 filename_trans_rule_init(ftr);
3202
3203 if (lftr)
3204 lftr->next = ftr;
3205 else
3206 *r = ftr;
3207 lftr = ftr;
3208
3209 rc = next_entry(buf, fp, sizeof(uint32_t));
3210 if (rc < 0)
3211 return -1;
3212
3213 len = le32_to_cpu(buf[0]);
3214
3215 ftr->name = malloc(len + 1);
3216 if (!ftr->name)
3217 return -1;
3218
3219 rc = next_entry(ftr->name, fp, len);
3220 if (rc)
3221 return -1;
3222 ftr->name[len] = 0;
3223
3224 if (type_set_read(&ftr->stypes, fp))
3225 return -1;
3226
3227 if (type_set_read(&ftr->ttypes, fp))
3228 return -1;
3229
3230 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3231 if (rc < 0)
3232 return -1;
3233 ftr->tclass = le32_to_cpu(buf[0]);
3234 ftr->otype = le32_to_cpu(buf[1]);
3235 }
3236
3237 return 0;
3238 }
3239
range_trans_rule_read(range_trans_rule_t ** r,struct policy_file * fp)3240 static int range_trans_rule_read(range_trans_rule_t ** r,
3241 struct policy_file *fp)
3242 {
3243 uint32_t buf[1], nel;
3244 unsigned int i;
3245 range_trans_rule_t *rt, *lrt = NULL;
3246 int rc;
3247
3248 rc = next_entry(buf, fp, sizeof(uint32_t));
3249 if (rc < 0)
3250 return -1;
3251 nel = le32_to_cpu(buf[0]);
3252 for (i = 0; i < nel; i++) {
3253 rt = malloc(sizeof(range_trans_rule_t));
3254 if (!rt) {
3255 return -1;
3256 }
3257 range_trans_rule_init(rt);
3258
3259 if (lrt)
3260 lrt->next = rt;
3261 else
3262 *r = rt;
3263
3264 if (type_set_read(&rt->stypes, fp))
3265 return -1;
3266
3267 if (type_set_read(&rt->ttypes, fp))
3268 return -1;
3269
3270 if (ebitmap_read(&rt->tclasses, fp))
3271 return -1;
3272
3273 if (mls_read_semantic_range_helper(&rt->trange, fp))
3274 return -1;
3275
3276 lrt = rt;
3277 }
3278
3279 return 0;
3280 }
3281
scope_index_read(scope_index_t * scope_index,unsigned int num_scope_syms,struct policy_file * fp)3282 static int scope_index_read(scope_index_t * scope_index,
3283 unsigned int num_scope_syms, struct policy_file *fp)
3284 {
3285 unsigned int i;
3286 uint32_t buf[1];
3287 int rc;
3288
3289 for (i = 0; i < num_scope_syms; i++) {
3290 if (ebitmap_read(scope_index->scope + i, fp) == -1) {
3291 return -1;
3292 }
3293 }
3294 rc = next_entry(buf, fp, sizeof(uint32_t));
3295 if (rc < 0)
3296 return -1;
3297 scope_index->class_perms_len = le32_to_cpu(buf[0]);
3298 if (scope_index->class_perms_len == 0) {
3299 scope_index->class_perms_map = NULL;
3300 return 0;
3301 }
3302 if ((scope_index->class_perms_map =
3303 calloc(scope_index->class_perms_len,
3304 sizeof(*scope_index->class_perms_map))) == NULL) {
3305 return -1;
3306 }
3307 for (i = 0; i < scope_index->class_perms_len; i++) {
3308 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) {
3309 return -1;
3310 }
3311 }
3312 return 0;
3313 }
3314
avrule_decl_read(policydb_t * p,avrule_decl_t * decl,unsigned int num_scope_syms,struct policy_file * fp)3315 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3316 unsigned int num_scope_syms, struct policy_file *fp)
3317 {
3318 uint32_t buf[2], nprim, nel;
3319 unsigned int i, j;
3320 int rc;
3321
3322 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3323 if (rc < 0)
3324 return -1;
3325 decl->decl_id = le32_to_cpu(buf[0]);
3326 decl->enabled = le32_to_cpu(buf[1]);
3327 if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3328 avrule_read_list(p, &decl->avrules, fp) == -1 ||
3329 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3330 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3331 return -1;
3332 }
3333
3334 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
3335 filename_trans_rule_read(&decl->filename_trans_rules, fp))
3336 return -1;
3337
3338 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
3339 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
3340 return -1;
3341 }
3342 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
3343 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
3344 return -1;
3345 }
3346
3347 for (i = 0; i < num_scope_syms; i++) {
3348 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3349 if (rc < 0)
3350 return -1;
3351 nprim = le32_to_cpu(buf[0]);
3352 nel = le32_to_cpu(buf[1]);
3353 for (j = 0; j < nel; j++) {
3354 if (read_f[i] (p, decl->symtab[i].table, fp)) {
3355 return -1;
3356 }
3357 }
3358 decl->symtab[i].nprim = nprim;
3359 }
3360 return 0;
3361 }
3362
avrule_block_read(policydb_t * p,avrule_block_t ** block,unsigned int num_scope_syms,struct policy_file * fp)3363 static int avrule_block_read(policydb_t * p,
3364 avrule_block_t ** block,
3365 unsigned int num_scope_syms,
3366 struct policy_file *fp)
3367 {
3368 avrule_block_t *last_block = NULL, *curblock;
3369 uint32_t buf[1], num_blocks, nel;
3370 int rc;
3371
3372 rc = next_entry(buf, fp, sizeof(uint32_t));
3373 if (rc < 0)
3374 return -1;
3375 num_blocks = le32_to_cpu(buf[0]);
3376 nel = num_blocks;
3377 while (num_blocks > 0) {
3378 avrule_decl_t *last_decl = NULL, *curdecl;
3379 uint32_t num_decls;
3380 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
3381 return -1;
3382 }
3383 rc = next_entry(buf, fp, sizeof(uint32_t));
3384 if (rc < 0) {
3385 free(curblock);
3386 return -1;
3387 }
3388 /* if this is the first block its non-optional, else its optional */
3389 if (num_blocks != nel)
3390 curblock->flags |= AVRULE_OPTIONAL;
3391
3392 num_decls = le32_to_cpu(buf[0]);
3393 while (num_decls > 0) {
3394 if ((curdecl = avrule_decl_create(0)) == NULL) {
3395 avrule_block_destroy(curblock);
3396 return -1;
3397 }
3398 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
3399 -1) {
3400 avrule_decl_destroy(curdecl);
3401 avrule_block_destroy(curblock);
3402 return -1;
3403 }
3404 if (curdecl->enabled) {
3405 if (curblock->enabled != NULL) {
3406 /* probably a corrupt file */
3407 avrule_decl_destroy(curdecl);
3408 avrule_block_destroy(curblock);
3409 return -1;
3410 }
3411 curblock->enabled = curdecl;
3412 }
3413 /* one must be careful to reconstruct the
3414 * decl chain in its correct order */
3415 if (curblock->branch_list == NULL) {
3416 curblock->branch_list = curdecl;
3417 } else {
3418 last_decl->next = curdecl;
3419 }
3420 last_decl = curdecl;
3421 num_decls--;
3422 }
3423
3424 if (*block == NULL) {
3425 *block = curblock;
3426 } else {
3427 last_block->next = curblock;
3428 }
3429 last_block = curblock;
3430
3431 num_blocks--;
3432 }
3433
3434 return 0;
3435 }
3436
scope_read(policydb_t * p,int symnum,struct policy_file * fp)3437 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
3438 {
3439 scope_datum_t *scope = NULL;
3440 uint32_t buf[2];
3441 char *key = NULL;
3442 size_t key_len;
3443 unsigned int i;
3444 hashtab_t h = p->scope[symnum].table;
3445 int rc;
3446
3447 rc = next_entry(buf, fp, sizeof(uint32_t));
3448 if (rc < 0)
3449 goto cleanup;
3450 key_len = le32_to_cpu(buf[0]);
3451 key = malloc(key_len + 1);
3452 if (!key)
3453 goto cleanup;
3454 rc = next_entry(key, fp, key_len);
3455 if (rc < 0)
3456 goto cleanup;
3457 key[key_len] = '\0';
3458
3459 /* ensure that there already exists a symbol with this key */
3460 if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
3461 goto cleanup;
3462 }
3463
3464 if ((scope = calloc(1, sizeof(*scope))) == NULL) {
3465 goto cleanup;
3466 }
3467 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3468 if (rc < 0)
3469 goto cleanup;
3470 scope->scope = le32_to_cpu(buf[0]);
3471 scope->decl_ids_len = le32_to_cpu(buf[1]);
3472 assert(scope->decl_ids_len > 0);
3473 if ((scope->decl_ids =
3474 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
3475 goto cleanup;
3476 }
3477 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
3478 if (rc < 0)
3479 goto cleanup;
3480 for (i = 0; i < scope->decl_ids_len; i++) {
3481 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
3482 }
3483
3484 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
3485 /* object_r was already added to this table in roles_init() */
3486 scope_destroy(key, scope, NULL);
3487 } else {
3488 if (hashtab_insert(h, key, scope)) {
3489 goto cleanup;
3490 }
3491 }
3492
3493 return 0;
3494
3495 cleanup:
3496 scope_destroy(key, scope, NULL);
3497 return -1;
3498 }
3499
3500 /*
3501 * Read the configuration data from a policy database binary
3502 * representation file into a policy database structure.
3503 */
policydb_read(policydb_t * p,struct policy_file * fp,unsigned verbose)3504 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
3505 {
3506
3507 unsigned int i, j, r_policyvers;
3508 uint32_t buf[5];
3509 size_t len, nprim, nel;
3510 char *policydb_str;
3511 struct policydb_compat_info *info;
3512 unsigned int policy_type, bufindex;
3513 ebitmap_node_t *tnode;
3514 int rc;
3515
3516 /* Read the magic number and string length. */
3517 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3518 if (rc < 0)
3519 return POLICYDB_ERROR;
3520 for (i = 0; i < 2; i++)
3521 buf[i] = le32_to_cpu(buf[i]);
3522
3523 if (buf[0] == POLICYDB_MAGIC) {
3524 policy_type = POLICY_KERN;
3525 } else if (buf[0] == POLICYDB_MOD_MAGIC) {
3526 policy_type = POLICY_MOD;
3527 } else {
3528 ERR(fp->handle, "policydb magic number %#08x does not "
3529 "match expected magic number %#08x or %#08x",
3530 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
3531 return POLICYDB_ERROR;
3532 }
3533
3534 len = buf[1];
3535 if (len > POLICYDB_STRING_MAX_LENGTH) {
3536 ERR(fp->handle, "policydb string length too long ");
3537 return POLICYDB_ERROR;
3538 }
3539
3540 policydb_str = malloc(len + 1);
3541 if (!policydb_str) {
3542 ERR(fp->handle, "unable to allocate memory for policydb "
3543 "string of length %zu", len);
3544 return POLICYDB_ERROR;
3545 }
3546 rc = next_entry(policydb_str, fp, len);
3547 if (rc < 0) {
3548 ERR(fp->handle, "truncated policydb string identifier");
3549 free(policydb_str);
3550 return POLICYDB_ERROR;
3551 }
3552 policydb_str[len] = 0;
3553
3554 if (policy_type == POLICY_KERN) {
3555 for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
3556 if ((strcmp(policydb_str, policydb_target_strings[i])
3557 == 0)) {
3558 policydb_set_target_platform(p, i);
3559 break;
3560 }
3561 }
3562
3563 if (i == POLICYDB_TARGET_SZ) {
3564 ERR(fp->handle, "cannot find a valid target for policy "
3565 "string %s", policydb_str);
3566 free(policydb_str);
3567 return POLICYDB_ERROR;
3568 }
3569 } else {
3570 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
3571 ERR(fp->handle, "invalid string identifier %s",
3572 policydb_str);
3573 free(policydb_str);
3574 return POLICYDB_ERROR;
3575 }
3576 }
3577
3578 /* Done with policydb_str. */
3579 free(policydb_str);
3580 policydb_str = NULL;
3581
3582 /* Read the version, config, and table sizes (and policy type if it's a module). */
3583 if (policy_type == POLICY_KERN)
3584 nel = 4;
3585 else
3586 nel = 5;
3587
3588 rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
3589 if (rc < 0)
3590 return POLICYDB_ERROR;
3591 for (i = 0; i < nel; i++)
3592 buf[i] = le32_to_cpu(buf[i]);
3593
3594 bufindex = 0;
3595
3596 if (policy_type == POLICY_MOD) {
3597 /* We know it's a module but not whether it's a base
3598 module or regular binary policy module. buf[0]
3599 tells us which. */
3600 policy_type = buf[bufindex];
3601 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
3602 ERR(fp->handle, "unknown module type: %#08x",
3603 policy_type);
3604 return POLICYDB_ERROR;
3605 }
3606 bufindex++;
3607 }
3608
3609 r_policyvers = buf[bufindex];
3610 if (policy_type == POLICY_KERN) {
3611 if (r_policyvers < POLICYDB_VERSION_MIN ||
3612 r_policyvers > POLICYDB_VERSION_MAX) {
3613 ERR(fp->handle, "policydb version %d does not match "
3614 "my version range %d-%d", buf[bufindex],
3615 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
3616 return POLICYDB_ERROR;
3617 }
3618 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
3619 if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
3620 r_policyvers > MOD_POLICYDB_VERSION_MAX) {
3621 ERR(fp->handle, "policydb module version %d does "
3622 "not match my version range %d-%d",
3623 buf[bufindex], MOD_POLICYDB_VERSION_MIN,
3624 MOD_POLICYDB_VERSION_MAX);
3625 return POLICYDB_ERROR;
3626 }
3627 } else {
3628 assert(0);
3629 }
3630 bufindex++;
3631
3632 /* Set the policy type and version from the read values. */
3633 p->policy_type = policy_type;
3634 p->policyvers = r_policyvers;
3635
3636 if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
3637 p->mls = 1;
3638 } else {
3639 p->mls = 0;
3640 }
3641
3642 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
3643
3644 bufindex++;
3645
3646 info = policydb_lookup_compat(r_policyvers, policy_type,
3647 p->target_platform);
3648 if (!info) {
3649 ERR(fp->handle, "unable to find policy compat info "
3650 "for version %d", r_policyvers);
3651 goto bad;
3652 }
3653
3654 if (buf[bufindex] != info->sym_num
3655 || buf[bufindex + 1] != info->ocon_num) {
3656 ERR(fp->handle,
3657 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
3658 buf[bufindex], buf[bufindex + 1], info->sym_num,
3659 info->ocon_num);
3660 goto bad;
3661 }
3662
3663 if (p->policy_type == POLICY_MOD) {
3664 /* Get the module name and version */
3665 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3666 goto bad;
3667 }
3668 len = le32_to_cpu(buf[0]);
3669 if ((p->name = malloc(len + 1)) == NULL) {
3670 goto bad;
3671 }
3672 if ((rc = next_entry(p->name, fp, len)) < 0) {
3673 goto bad;
3674 }
3675 p->name[len] = '\0';
3676 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3677 goto bad;
3678 }
3679 len = le32_to_cpu(buf[0]);
3680 if ((p->version = malloc(len + 1)) == NULL) {
3681 goto bad;
3682 }
3683 if ((rc = next_entry(p->version, fp, len)) < 0) {
3684 goto bad;
3685 }
3686 p->version[len] = '\0';
3687 }
3688
3689 if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
3690 p->policy_type == POLICY_KERN) ||
3691 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
3692 p->policy_type == POLICY_BASE) ||
3693 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
3694 p->policy_type == POLICY_MOD)) {
3695 if (ebitmap_read(&p->policycaps, fp))
3696 goto bad;
3697 }
3698
3699 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
3700 p->policy_type == POLICY_KERN) {
3701 if (ebitmap_read(&p->permissive_map, fp))
3702 goto bad;
3703 }
3704
3705 for (i = 0; i < info->sym_num; i++) {
3706 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3707 if (rc < 0)
3708 goto bad;
3709 nprim = le32_to_cpu(buf[0]);
3710 nel = le32_to_cpu(buf[1]);
3711 for (j = 0; j < nel; j++) {
3712 if (read_f[i] (p, p->symtab[i].table, fp))
3713 goto bad;
3714 }
3715
3716 p->symtab[i].nprim = nprim;
3717 }
3718
3719 if (policy_type == POLICY_KERN) {
3720 if (avtab_read(&p->te_avtab, fp, r_policyvers))
3721 goto bad;
3722 if (r_policyvers >= POLICYDB_VERSION_BOOL)
3723 if (cond_read_list(p, &p->cond_list, fp))
3724 goto bad;
3725 if (role_trans_read(p, fp))
3726 goto bad;
3727 if (role_allow_read(&p->role_allow, fp))
3728 goto bad;
3729 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
3730 filename_trans_read(&p->filename_trans, fp))
3731 goto bad;
3732 } else {
3733 /* first read the AV rule blocks, then the scope tables */
3734 avrule_block_destroy(p->global);
3735 p->global = NULL;
3736 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
3737 goto bad;
3738 }
3739 for (i = 0; i < info->sym_num; i++) {
3740 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3741 goto bad;
3742 }
3743 nel = le32_to_cpu(buf[0]);
3744 for (j = 0; j < nel; j++) {
3745 if (scope_read(p, i, fp))
3746 goto bad;
3747 }
3748 }
3749
3750 }
3751
3752 if (policydb_index_decls(p))
3753 goto bad;
3754
3755 if (policydb_index_classes(p))
3756 goto bad;
3757
3758 if (policydb_index_others(fp->handle, p, verbose))
3759 goto bad;
3760
3761 if (ocontext_read(info, p, fp) == -1) {
3762 goto bad;
3763 }
3764
3765 if (genfs_read(p, fp) == -1) {
3766 goto bad;
3767 }
3768
3769 if ((p->policy_type == POLICY_KERN
3770 && p->policyvers >= POLICYDB_VERSION_MLS)
3771 || (p->policy_type == POLICY_BASE
3772 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3773 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
3774 if (range_read(p, fp)) {
3775 goto bad;
3776 }
3777 }
3778
3779 if (policy_type == POLICY_KERN) {
3780 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
3781 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
3782 if (!p->type_attr_map || !p->attr_type_map)
3783 goto bad;
3784 for (i = 0; i < p->p_types.nprim; i++) {
3785 ebitmap_init(&p->type_attr_map[i]);
3786 ebitmap_init(&p->attr_type_map[i]);
3787 }
3788 for (i = 0; i < p->p_types.nprim; i++) {
3789 if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
3790 if (ebitmap_read(&p->type_attr_map[i], fp))
3791 goto bad;
3792 ebitmap_for_each_bit(&p->type_attr_map[i],
3793 tnode, j) {
3794 if (!ebitmap_node_get_bit(tnode, j)
3795 || i == j)
3796 continue;
3797 if (ebitmap_set_bit
3798 (&p->attr_type_map[j], i, 1))
3799 goto bad;
3800 }
3801 }
3802 /* add the type itself as the degenerate case */
3803 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
3804 goto bad;
3805 }
3806 }
3807
3808 return POLICYDB_SUCCESS;
3809 bad:
3810 return POLICYDB_ERROR;
3811 }
3812
policydb_reindex_users(policydb_t * p)3813 int policydb_reindex_users(policydb_t * p)
3814 {
3815 unsigned int i = SYM_USERS;
3816
3817 if (p->user_val_to_struct)
3818 free(p->user_val_to_struct);
3819 if (p->sym_val_to_name[i])
3820 free(p->sym_val_to_name[i]);
3821
3822 p->user_val_to_struct = (user_datum_t **)
3823 malloc(p->p_users.nprim * sizeof(user_datum_t *));
3824 if (!p->user_val_to_struct)
3825 return -1;
3826
3827 p->sym_val_to_name[i] = (char **)
3828 malloc(p->symtab[i].nprim * sizeof(char *));
3829 if (!p->sym_val_to_name[i])
3830 return -1;
3831
3832 if (hashtab_map(p->symtab[i].table, index_f[i], p))
3833 return -1;
3834
3835 /* Expand user roles for context validity checking */
3836 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
3837 return -1;
3838
3839 return 0;
3840 }
3841
policy_file_init(policy_file_t * pf)3842 void policy_file_init(policy_file_t *pf)
3843 {
3844 memset(pf, 0, sizeof(policy_file_t));
3845 }
3846
policydb_set_target_platform(policydb_t * p,int platform)3847 int policydb_set_target_platform(policydb_t *p, int platform)
3848 {
3849 if (platform == SEPOL_TARGET_SELINUX)
3850 p->target_platform = SEPOL_TARGET_SELINUX;
3851 else if (platform == SEPOL_TARGET_XEN)
3852 p->target_platform = SEPOL_TARGET_XEN;
3853 else
3854 return -1;
3855
3856 return 0;
3857 }
3858
3859