1
2 /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
3
4 /*
5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6 *
7 * Support for enhanced MLS infrastructure.
8 *
9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10 *
11 * Added conditional policy language extensions
12 *
13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
14 * Fine-grained netlink support
15 * IPv6 support
16 * Code cleanup
17 *
18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20 * Copyright (C) 2003 - 2007 Red Hat, Inc.
21 *
22 * This library is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU Lesser General Public
24 * License as published by the Free Software Foundation; either
25 * version 2.1 of the License, or (at your option) any later version.
26 *
27 * This library is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30 * Lesser General Public License for more details.
31 *
32 * You should have received a copy of the GNU Lesser General Public
33 * License along with this library; if not, write to the Free Software
34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
35 */
36
37 /* FLASK */
38
39 /*
40 * Implementation of the policy database.
41 */
42
43 #include <assert.h>
44 #include <stdlib.h>
45
46 #include <sepol/policydb/policydb.h>
47 #include <sepol/policydb/expand.h>
48 #include <sepol/policydb/conditional.h>
49 #include <sepol/policydb/avrule_block.h>
50 #include <sepol/policydb/util.h>
51 #include <sepol/policydb/flask.h>
52
53 #include "private.h"
54 #include "debug.h"
55 #include "mls.h"
56
57 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
58 char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
59
60 /* These need to be updated if SYM_NUM or OCON_NUM changes */
61 static struct policydb_compat_info policydb_compat[] = {
62 {
63 .type = POLICY_KERN,
64 .version = POLICYDB_VERSION_BOUNDARY,
65 .sym_num = SYM_NUM,
66 .ocon_num = OCON_XEN_PCIDEVICE + 1,
67 .target_platform = SEPOL_TARGET_XEN,
68 },
69 {
70 .type = POLICY_KERN,
71 .version = POLICYDB_VERSION_BASE,
72 .sym_num = SYM_NUM - 3,
73 .ocon_num = OCON_FSUSE + 1,
74 .target_platform = SEPOL_TARGET_SELINUX,
75 },
76 {
77 .type = POLICY_KERN,
78 .version = POLICYDB_VERSION_BOOL,
79 .sym_num = SYM_NUM - 2,
80 .ocon_num = OCON_FSUSE + 1,
81 .target_platform = SEPOL_TARGET_SELINUX,
82 },
83 {
84 .type = POLICY_KERN,
85 .version = POLICYDB_VERSION_IPV6,
86 .sym_num = SYM_NUM - 2,
87 .ocon_num = OCON_NODE6 + 1,
88 .target_platform = SEPOL_TARGET_SELINUX,
89 },
90 {
91 .type = POLICY_KERN,
92 .version = POLICYDB_VERSION_NLCLASS,
93 .sym_num = SYM_NUM - 2,
94 .ocon_num = OCON_NODE6 + 1,
95 .target_platform = SEPOL_TARGET_SELINUX,
96 },
97 {
98 .type = POLICY_KERN,
99 .version = POLICYDB_VERSION_MLS,
100 .sym_num = SYM_NUM,
101 .ocon_num = OCON_NODE6 + 1,
102 .target_platform = SEPOL_TARGET_SELINUX,
103 },
104 {
105 .type = POLICY_KERN,
106 .version = POLICYDB_VERSION_AVTAB,
107 .sym_num = SYM_NUM,
108 .ocon_num = OCON_NODE6 + 1,
109 .target_platform = SEPOL_TARGET_SELINUX,
110 },
111 {
112 .type = POLICY_KERN,
113 .version = POLICYDB_VERSION_RANGETRANS,
114 .sym_num = SYM_NUM,
115 .ocon_num = OCON_NODE6 + 1,
116 .target_platform = SEPOL_TARGET_SELINUX,
117 },
118 {
119 .type = POLICY_KERN,
120 .version = POLICYDB_VERSION_POLCAP,
121 .sym_num = SYM_NUM,
122 .ocon_num = OCON_NODE6 + 1,
123 .target_platform = SEPOL_TARGET_SELINUX,
124 },
125 {
126 .type = POLICY_KERN,
127 .version = POLICYDB_VERSION_PERMISSIVE,
128 .sym_num = SYM_NUM,
129 .ocon_num = OCON_NODE6 + 1,
130 .target_platform = SEPOL_TARGET_SELINUX,
131 },
132 {
133 .type = POLICY_KERN,
134 .version = POLICYDB_VERSION_BOUNDARY,
135 .sym_num = SYM_NUM,
136 .ocon_num = OCON_NODE6 + 1,
137 .target_platform = SEPOL_TARGET_SELINUX,
138 },
139 {
140 .type = POLICY_KERN,
141 .version = POLICYDB_VERSION_FILENAME_TRANS,
142 .sym_num = SYM_NUM,
143 .ocon_num = OCON_NODE6 + 1,
144 .target_platform = SEPOL_TARGET_SELINUX,
145 },
146 {
147 .type = POLICY_KERN,
148 .version = POLICYDB_VERSION_ROLETRANS,
149 .sym_num = SYM_NUM,
150 .ocon_num = OCON_NODE6 + 1,
151 .target_platform = SEPOL_TARGET_SELINUX,
152 },
153 {
154 .type = POLICY_KERN,
155 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
156 .sym_num = SYM_NUM,
157 .ocon_num = OCON_NODE6 + 1,
158 .target_platform = SEPOL_TARGET_SELINUX,
159 },
160 {
161 .type = POLICY_KERN,
162 .version = POLICYDB_VERSION_DEFAULT_TYPE,
163 .sym_num = SYM_NUM,
164 .ocon_num = OCON_NODE6 + 1,
165 .target_platform = SEPOL_TARGET_SELINUX,
166 },
167 {
168 .type = POLICY_KERN,
169 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
170 .sym_num = SYM_NUM,
171 .ocon_num = OCON_NODE6 + 1,
172 .target_platform = SEPOL_TARGET_SELINUX,
173 },
174 {
175 .type = POLICY_BASE,
176 .version = MOD_POLICYDB_VERSION_BASE,
177 .sym_num = SYM_NUM,
178 .ocon_num = OCON_NODE6 + 1,
179 .target_platform = SEPOL_TARGET_SELINUX,
180 },
181 {
182 .type = POLICY_BASE,
183 .version = MOD_POLICYDB_VERSION_MLS,
184 .sym_num = SYM_NUM,
185 .ocon_num = OCON_NODE6 + 1,
186 .target_platform = SEPOL_TARGET_SELINUX,
187 },
188 {
189 .type = POLICY_BASE,
190 .version = MOD_POLICYDB_VERSION_MLS_USERS,
191 .sym_num = SYM_NUM,
192 .ocon_num = OCON_NODE6 + 1,
193 .target_platform = SEPOL_TARGET_SELINUX,
194 },
195 {
196 .type = POLICY_BASE,
197 .version = MOD_POLICYDB_VERSION_POLCAP,
198 .sym_num = SYM_NUM,
199 .ocon_num = OCON_NODE6 + 1,
200 .target_platform = SEPOL_TARGET_SELINUX,
201 },
202 {
203 .type = POLICY_BASE,
204 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
205 .sym_num = SYM_NUM,
206 .ocon_num = OCON_NODE6 + 1,
207 .target_platform = SEPOL_TARGET_SELINUX,
208 },
209 {
210 .type = POLICY_BASE,
211 .version = MOD_POLICYDB_VERSION_BOUNDARY,
212 .sym_num = SYM_NUM,
213 .ocon_num = OCON_NODE6 + 1,
214 .target_platform = SEPOL_TARGET_SELINUX,
215 },
216 {
217 .type = POLICY_BASE,
218 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
219 .sym_num = SYM_NUM,
220 .ocon_num = OCON_NODE6 + 1,
221 .target_platform = SEPOL_TARGET_SELINUX,
222 },
223 {
224 .type = POLICY_BASE,
225 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
226 .sym_num = SYM_NUM,
227 .ocon_num = OCON_NODE6 + 1,
228 .target_platform = SEPOL_TARGET_SELINUX,
229 },
230 {
231 .type = POLICY_BASE,
232 .version = MOD_POLICYDB_VERSION_ROLETRANS,
233 .sym_num = SYM_NUM,
234 .ocon_num = OCON_NODE6 + 1,
235 .target_platform = SEPOL_TARGET_SELINUX,
236 },
237 {
238 .type = POLICY_BASE,
239 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
240 .sym_num = SYM_NUM,
241 .ocon_num = OCON_NODE6 + 1,
242 .target_platform = SEPOL_TARGET_SELINUX,
243 },
244 {
245 .type = POLICY_BASE,
246 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
247 .sym_num = SYM_NUM,
248 .ocon_num = OCON_NODE6 + 1,
249 .target_platform = SEPOL_TARGET_SELINUX,
250 },
251 {
252 .type = POLICY_BASE,
253 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
254 .sym_num = SYM_NUM,
255 .ocon_num = OCON_NODE6 + 1,
256 .target_platform = SEPOL_TARGET_SELINUX,
257 },
258 {
259 .type = POLICY_BASE,
260 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
261 .sym_num = SYM_NUM,
262 .ocon_num = OCON_NODE6 + 1,
263 .target_platform = SEPOL_TARGET_SELINUX,
264 },
265 {
266 .type = POLICY_BASE,
267 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
268 .sym_num = SYM_NUM,
269 .ocon_num = OCON_NODE6 + 1,
270 .target_platform = SEPOL_TARGET_SELINUX,
271 },
272 {
273 .type = POLICY_MOD,
274 .version = MOD_POLICYDB_VERSION_BASE,
275 .sym_num = SYM_NUM,
276 .ocon_num = 0,
277 .target_platform = SEPOL_TARGET_SELINUX,
278 },
279 {
280 .type = POLICY_MOD,
281 .version = MOD_POLICYDB_VERSION_MLS,
282 .sym_num = SYM_NUM,
283 .ocon_num = 0,
284 .target_platform = SEPOL_TARGET_SELINUX,
285 },
286 {
287 .type = POLICY_MOD,
288 .version = MOD_POLICYDB_VERSION_MLS_USERS,
289 .sym_num = SYM_NUM,
290 .ocon_num = 0,
291 .target_platform = SEPOL_TARGET_SELINUX,
292 },
293 {
294 .type = POLICY_MOD,
295 .version = MOD_POLICYDB_VERSION_POLCAP,
296 .sym_num = SYM_NUM,
297 .ocon_num = 0,
298 .target_platform = SEPOL_TARGET_SELINUX,
299 },
300 {
301 .type = POLICY_MOD,
302 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
303 .sym_num = SYM_NUM,
304 .ocon_num = 0,
305 .target_platform = SEPOL_TARGET_SELINUX,
306 },
307 {
308 .type = POLICY_MOD,
309 .version = MOD_POLICYDB_VERSION_BOUNDARY,
310 .sym_num = SYM_NUM,
311 .ocon_num = 0,
312 .target_platform = SEPOL_TARGET_SELINUX,
313 },
314 {
315 .type = POLICY_MOD,
316 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
317 .sym_num = SYM_NUM,
318 .ocon_num = 0,
319 .target_platform = SEPOL_TARGET_SELINUX,
320 },
321 {
322 .type = POLICY_MOD,
323 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
324 .sym_num = SYM_NUM,
325 .ocon_num = 0,
326 .target_platform = SEPOL_TARGET_SELINUX,
327 },
328 {
329 .type = POLICY_MOD,
330 .version = MOD_POLICYDB_VERSION_ROLETRANS,
331 .sym_num = SYM_NUM,
332 .ocon_num = 0,
333 .target_platform = SEPOL_TARGET_SELINUX,
334 },
335 {
336 .type = POLICY_MOD,
337 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
338 .sym_num = SYM_NUM,
339 .ocon_num = 0,
340 .target_platform = SEPOL_TARGET_SELINUX,
341 },
342 {
343 .type = POLICY_MOD,
344 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
345 .sym_num = SYM_NUM,
346 .ocon_num = 0,
347 .target_platform = SEPOL_TARGET_SELINUX,
348 },
349 {
350 .type = POLICY_MOD,
351 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
352 .sym_num = SYM_NUM,
353 .ocon_num = 0,
354 .target_platform = SEPOL_TARGET_SELINUX,
355 },
356 {
357 .type = POLICY_MOD,
358 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
359 .sym_num = SYM_NUM,
360 .ocon_num = 0,
361 .target_platform = SEPOL_TARGET_SELINUX,
362 },
363 {
364 .type = POLICY_MOD,
365 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
366 .sym_num = SYM_NUM,
367 .ocon_num = 0,
368 .target_platform = SEPOL_TARGET_SELINUX,
369 },
370 };
371
372 #if 0
373 static char *symtab_name[SYM_NUM] = {
374 "common prefixes",
375 "classes",
376 "roles",
377 "types",
378 "users",
379 "bools" mls_symtab_names cond_symtab_names
380 };
381 #endif
382
383 static unsigned int symtab_sizes[SYM_NUM] = {
384 2,
385 32,
386 16,
387 512,
388 128,
389 16,
390 16,
391 16,
392 };
393
policydb_lookup_compat(unsigned int version,unsigned int type,unsigned int target_platform)394 struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
395 unsigned int type,
396 unsigned int target_platform)
397 {
398 unsigned int i;
399 struct policydb_compat_info *info = NULL;
400
401 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
402 if (policydb_compat[i].version == version &&
403 policydb_compat[i].type == type &&
404 policydb_compat[i].target_platform == target_platform) {
405 info = &policydb_compat[i];
406 break;
407 }
408 }
409 return info;
410 }
411
type_set_init(type_set_t * x)412 void type_set_init(type_set_t * x)
413 {
414 memset(x, 0, sizeof(type_set_t));
415 ebitmap_init(&x->types);
416 ebitmap_init(&x->negset);
417 }
418
type_set_destroy(type_set_t * x)419 void type_set_destroy(type_set_t * x)
420 {
421 if (x != NULL) {
422 ebitmap_destroy(&x->types);
423 ebitmap_destroy(&x->negset);
424 }
425 }
426
role_set_init(role_set_t * x)427 void role_set_init(role_set_t * x)
428 {
429 memset(x, 0, sizeof(role_set_t));
430 ebitmap_init(&x->roles);
431 }
432
role_set_destroy(role_set_t * x)433 void role_set_destroy(role_set_t * x)
434 {
435 ebitmap_destroy(&x->roles);
436 }
437
role_datum_init(role_datum_t * x)438 void role_datum_init(role_datum_t * x)
439 {
440 memset(x, 0, sizeof(role_datum_t));
441 ebitmap_init(&x->dominates);
442 type_set_init(&x->types);
443 ebitmap_init(&x->cache);
444 ebitmap_init(&x->roles);
445 }
446
role_datum_destroy(role_datum_t * x)447 void role_datum_destroy(role_datum_t * x)
448 {
449 if (x != NULL) {
450 ebitmap_destroy(&x->dominates);
451 type_set_destroy(&x->types);
452 ebitmap_destroy(&x->cache);
453 ebitmap_destroy(&x->roles);
454 }
455 }
456
type_datum_init(type_datum_t * x)457 void type_datum_init(type_datum_t * x)
458 {
459 memset(x, 0, sizeof(*x));
460 ebitmap_init(&x->types);
461 }
462
type_datum_destroy(type_datum_t * x)463 void type_datum_destroy(type_datum_t * x)
464 {
465 if (x != NULL) {
466 ebitmap_destroy(&x->types);
467 }
468 }
469
user_datum_init(user_datum_t * x)470 void user_datum_init(user_datum_t * x)
471 {
472 memset(x, 0, sizeof(user_datum_t));
473 role_set_init(&x->roles);
474 mls_semantic_range_init(&x->range);
475 mls_semantic_level_init(&x->dfltlevel);
476 ebitmap_init(&x->cache);
477 mls_range_init(&x->exp_range);
478 mls_level_init(&x->exp_dfltlevel);
479 }
480
user_datum_destroy(user_datum_t * x)481 void user_datum_destroy(user_datum_t * x)
482 {
483 if (x != NULL) {
484 role_set_destroy(&x->roles);
485 mls_semantic_range_destroy(&x->range);
486 mls_semantic_level_destroy(&x->dfltlevel);
487 ebitmap_destroy(&x->cache);
488 mls_range_destroy(&x->exp_range);
489 mls_level_destroy(&x->exp_dfltlevel);
490 }
491 }
492
level_datum_init(level_datum_t * x)493 void level_datum_init(level_datum_t * x)
494 {
495 memset(x, 0, sizeof(level_datum_t));
496 }
497
level_datum_destroy(level_datum_t * x)498 void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
499 {
500 /* the mls_level_t referenced by the level_datum is managed
501 * separately for now, so there is nothing to destroy */
502 return;
503 }
504
cat_datum_init(cat_datum_t * x)505 void cat_datum_init(cat_datum_t * x)
506 {
507 memset(x, 0, sizeof(cat_datum_t));
508 }
509
cat_datum_destroy(cat_datum_t * x)510 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
511 {
512 /* it's currently a simple struct - really nothing to destroy */
513 return;
514 }
515
class_perm_node_init(class_perm_node_t * x)516 void class_perm_node_init(class_perm_node_t * x)
517 {
518 memset(x, 0, sizeof(class_perm_node_t));
519 }
520
avrule_init(avrule_t * x)521 void avrule_init(avrule_t * x)
522 {
523 memset(x, 0, sizeof(avrule_t));
524 type_set_init(&x->stypes);
525 type_set_init(&x->ttypes);
526 }
527
avrule_destroy(avrule_t * x)528 void avrule_destroy(avrule_t * x)
529 {
530 class_perm_node_t *cur, *next;
531
532 if (x == NULL) {
533 return;
534 }
535 type_set_destroy(&x->stypes);
536 type_set_destroy(&x->ttypes);
537
538 next = x->perms;
539 while (next) {
540 cur = next;
541 next = cur->next;
542 free(cur);
543 }
544 }
545
role_trans_rule_init(role_trans_rule_t * x)546 void role_trans_rule_init(role_trans_rule_t * x)
547 {
548 memset(x, 0, sizeof(*x));
549 role_set_init(&x->roles);
550 type_set_init(&x->types);
551 ebitmap_init(&x->classes);
552 }
553
role_trans_rule_destroy(role_trans_rule_t * x)554 void role_trans_rule_destroy(role_trans_rule_t * x)
555 {
556 if (x != NULL) {
557 role_set_destroy(&x->roles);
558 type_set_destroy(&x->types);
559 ebitmap_destroy(&x->classes);
560 }
561 }
562
role_trans_rule_list_destroy(role_trans_rule_t * x)563 void role_trans_rule_list_destroy(role_trans_rule_t * x)
564 {
565 while (x != NULL) {
566 role_trans_rule_t *next = x->next;
567 role_trans_rule_destroy(x);
568 free(x);
569 x = next;
570 }
571 }
572
filename_trans_rule_init(filename_trans_rule_t * x)573 void filename_trans_rule_init(filename_trans_rule_t * x)
574 {
575 memset(x, 0, sizeof(*x));
576 type_set_init(&x->stypes);
577 type_set_init(&x->ttypes);
578 }
579
filename_trans_rule_destroy(filename_trans_rule_t * x)580 static void filename_trans_rule_destroy(filename_trans_rule_t * x)
581 {
582 if (!x)
583 return;
584 type_set_destroy(&x->stypes);
585 type_set_destroy(&x->ttypes);
586 free(x->name);
587 }
588
filename_trans_rule_list_destroy(filename_trans_rule_t * x)589 void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
590 {
591 filename_trans_rule_t *next;
592 while (x) {
593 next = x->next;
594 filename_trans_rule_destroy(x);
595 free(x);
596 x = next;
597 }
598 }
599
role_allow_rule_init(role_allow_rule_t * x)600 void role_allow_rule_init(role_allow_rule_t * x)
601 {
602 memset(x, 0, sizeof(role_allow_rule_t));
603 role_set_init(&x->roles);
604 role_set_init(&x->new_roles);
605 }
606
role_allow_rule_destroy(role_allow_rule_t * x)607 void role_allow_rule_destroy(role_allow_rule_t * x)
608 {
609 role_set_destroy(&x->roles);
610 role_set_destroy(&x->new_roles);
611 }
612
role_allow_rule_list_destroy(role_allow_rule_t * x)613 void role_allow_rule_list_destroy(role_allow_rule_t * x)
614 {
615 while (x != NULL) {
616 role_allow_rule_t *next = x->next;
617 role_allow_rule_destroy(x);
618 free(x);
619 x = next;
620 }
621 }
622
range_trans_rule_init(range_trans_rule_t * x)623 void range_trans_rule_init(range_trans_rule_t * x)
624 {
625 type_set_init(&x->stypes);
626 type_set_init(&x->ttypes);
627 ebitmap_init(&x->tclasses);
628 mls_semantic_range_init(&x->trange);
629 x->next = NULL;
630 }
631
range_trans_rule_destroy(range_trans_rule_t * x)632 void range_trans_rule_destroy(range_trans_rule_t * x)
633 {
634 type_set_destroy(&x->stypes);
635 type_set_destroy(&x->ttypes);
636 ebitmap_destroy(&x->tclasses);
637 mls_semantic_range_destroy(&x->trange);
638 }
639
range_trans_rule_list_destroy(range_trans_rule_t * x)640 void range_trans_rule_list_destroy(range_trans_rule_t * x)
641 {
642 while (x != NULL) {
643 range_trans_rule_t *next = x->next;
644 range_trans_rule_destroy(x);
645 free(x);
646 x = next;
647 }
648 }
649
avrule_list_destroy(avrule_t * x)650 void avrule_list_destroy(avrule_t * x)
651 {
652 avrule_t *next, *cur;
653
654 if (!x)
655 return;
656
657 next = x;
658 while (next) {
659 cur = next;
660 next = next->next;
661 avrule_destroy(cur);
662 free(cur);
663 }
664 }
665
666 /*
667 * Initialize the role table by implicitly adding role 'object_r'. If
668 * the policy is a module, set object_r's scope to be SCOPE_REQ,
669 * otherwise set it to SCOPE_DECL.
670 */
roles_init(policydb_t * p)671 static int roles_init(policydb_t * p)
672 {
673 char *key = 0;
674 int rc;
675 role_datum_t *role;
676
677 role = calloc(1, sizeof(role_datum_t));
678 if (!role) {
679 rc = -ENOMEM;
680 goto out;
681 }
682 key = malloc(strlen(OBJECT_R) + 1);
683 if (!key) {
684 rc = -ENOMEM;
685 goto out_free_role;
686 }
687 strcpy(key, OBJECT_R);
688 rc = symtab_insert(p, SYM_ROLES, key, role,
689 (p->policy_type ==
690 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
691 &role->s.value);
692 if (rc)
693 goto out_free_key;
694 if (role->s.value != OBJECT_R_VAL) {
695 rc = -EINVAL;
696 goto out_free_role;
697 }
698 out:
699 return rc;
700
701 out_free_key:
702 free(key);
703 out_free_role:
704 free(role);
705 goto out;
706 }
707
708 /*
709 * Initialize a policy database structure.
710 */
policydb_init(policydb_t * p)711 int policydb_init(policydb_t * p)
712 {
713 int i, rc;
714
715 memset(p, 0, sizeof(policydb_t));
716
717 ebitmap_init(&p->policycaps);
718
719 ebitmap_init(&p->permissive_map);
720
721 for (i = 0; i < SYM_NUM; i++) {
722 p->sym_val_to_name[i] = NULL;
723 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
724 if (rc)
725 goto out_free_symtab;
726 }
727
728 /* initialize the module stuff */
729 for (i = 0; i < SYM_NUM; i++) {
730 if (symtab_init(&p->scope[i], symtab_sizes[i])) {
731 goto out_free_symtab;
732 }
733 }
734 if ((p->global = avrule_block_create()) == NULL ||
735 (p->global->branch_list = avrule_decl_create(1)) == NULL) {
736 goto out_free_symtab;
737 }
738 p->decl_val_to_struct = NULL;
739
740 rc = avtab_init(&p->te_avtab);
741 if (rc)
742 goto out_free_symtab;
743
744 rc = roles_init(p);
745 if (rc)
746 goto out_free_symtab;
747
748 rc = cond_policydb_init(p);
749 if (rc)
750 goto out_free_symtab;
751 out:
752 return rc;
753
754 out_free_symtab:
755 for (i = 0; i < SYM_NUM; i++) {
756 hashtab_destroy(p->symtab[i].table);
757 hashtab_destroy(p->scope[i].table);
758 }
759 avrule_block_list_destroy(p->global);
760 goto out;
761 }
762
policydb_role_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)763 int policydb_role_cache(hashtab_key_t key
764 __attribute__ ((unused)), hashtab_datum_t datum,
765 void *arg)
766 {
767 policydb_t *p;
768 role_datum_t *role;
769
770 role = (role_datum_t *) datum;
771 p = (policydb_t *) arg;
772
773 ebitmap_destroy(&role->cache);
774 if (type_set_expand(&role->types, &role->cache, p, 1)) {
775 return -1;
776 }
777
778 return 0;
779 }
780
policydb_user_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)781 int policydb_user_cache(hashtab_key_t key
782 __attribute__ ((unused)), hashtab_datum_t datum,
783 void *arg)
784 {
785 policydb_t *p;
786 user_datum_t *user;
787
788 user = (user_datum_t *) datum;
789 p = (policydb_t *) arg;
790
791 ebitmap_destroy(&user->cache);
792 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
793 return -1;
794 }
795
796 /* we do not expand user's MLS info in kernel policies because the
797 * semantic representation is not present and we do not expand user's
798 * MLS info in module policies because all of the necessary mls
799 * information is not present */
800 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
801 mls_range_destroy(&user->exp_range);
802 if (mls_semantic_range_expand(&user->range,
803 &user->exp_range, p, NULL)) {
804 return -1;
805 }
806
807 mls_level_destroy(&user->exp_dfltlevel);
808 if (mls_semantic_level_expand(&user->dfltlevel,
809 &user->exp_dfltlevel, p, NULL)) {
810 return -1;
811 }
812 }
813
814 return 0;
815 }
816
817 /*
818 * The following *_index functions are used to
819 * define the val_to_name and val_to_struct arrays
820 * in a policy database structure. The val_to_name
821 * arrays are used when converting security context
822 * structures into string representations. The
823 * val_to_struct arrays are used when the attributes
824 * of a class, role, or user are needed.
825 */
826
common_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)827 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
828 {
829 policydb_t *p;
830 common_datum_t *comdatum;
831
832 comdatum = (common_datum_t *) datum;
833 p = (policydb_t *) datap;
834 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim)
835 return -EINVAL;
836 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
837
838 return 0;
839 }
840
class_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)841 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
842 {
843 policydb_t *p;
844 class_datum_t *cladatum;
845
846 cladatum = (class_datum_t *) datum;
847 p = (policydb_t *) datap;
848 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim)
849 return -EINVAL;
850 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
851 p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
852
853 return 0;
854 }
855
role_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)856 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
857 {
858 policydb_t *p;
859 role_datum_t *role;
860
861 role = (role_datum_t *) datum;
862 p = (policydb_t *) datap;
863 if (!role->s.value || role->s.value > p->p_roles.nprim)
864 return -EINVAL;
865 p->p_role_val_to_name[role->s.value - 1] = (char *)key;
866 p->role_val_to_struct[role->s.value - 1] = role;
867
868 return 0;
869 }
870
type_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)871 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
872 {
873 policydb_t *p;
874 type_datum_t *typdatum;
875
876 typdatum = (type_datum_t *) datum;
877 p = (policydb_t *) datap;
878
879 if (typdatum->primary) {
880 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim)
881 return -EINVAL;
882 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
883 p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
884 }
885
886 return 0;
887 }
888
user_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)889 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
890 {
891 policydb_t *p;
892 user_datum_t *usrdatum;
893
894 usrdatum = (user_datum_t *) datum;
895 p = (policydb_t *) datap;
896
897 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim)
898 return -EINVAL;
899
900 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
901 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
902
903 return 0;
904 }
905
sens_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)906 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
907 {
908 policydb_t *p;
909 level_datum_t *levdatum;
910
911 levdatum = (level_datum_t *) datum;
912 p = (policydb_t *) datap;
913
914 if (!levdatum->isalias) {
915 if (!levdatum->level->sens ||
916 levdatum->level->sens > p->p_levels.nprim)
917 return -EINVAL;
918 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
919 }
920
921 return 0;
922 }
923
cat_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)924 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
925 {
926 policydb_t *p;
927 cat_datum_t *catdatum;
928
929 catdatum = (cat_datum_t *) datum;
930 p = (policydb_t *) datap;
931
932 if (!catdatum->isalias) {
933 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim)
934 return -EINVAL;
935 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
936 }
937
938 return 0;
939 }
940
941 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
942 void *datap) = {
943 common_index, class_index, role_index, type_index, user_index,
944 cond_index_bool, sens_index, cat_index,};
945
946 /*
947 * Define the common val_to_name array and the class
948 * val_to_name and val_to_struct arrays in a policy
949 * database structure.
950 */
policydb_index_classes(policydb_t * p)951 int policydb_index_classes(policydb_t * p)
952 {
953 free(p->p_common_val_to_name);
954 p->p_common_val_to_name = (char **)
955 malloc(p->p_commons.nprim * sizeof(char *));
956 if (!p->p_common_val_to_name)
957 return -1;
958
959 if (hashtab_map(p->p_commons.table, common_index, p))
960 return -1;
961
962 free(p->class_val_to_struct);
963 p->class_val_to_struct = (class_datum_t **)
964 malloc(p->p_classes.nprim * sizeof(class_datum_t *));
965 if (!p->class_val_to_struct)
966 return -1;
967
968 free(p->p_class_val_to_name);
969 p->p_class_val_to_name = (char **)
970 malloc(p->p_classes.nprim * sizeof(char *));
971 if (!p->p_class_val_to_name)
972 return -1;
973
974 if (hashtab_map(p->p_classes.table, class_index, p))
975 return -1;
976
977 return 0;
978 }
979
policydb_index_bools(policydb_t * p)980 int policydb_index_bools(policydb_t * p)
981 {
982
983 if (cond_init_bool_indexes(p) == -1)
984 return -1;
985 p->p_bool_val_to_name = (char **)
986 malloc(p->p_bools.nprim * sizeof(char *));
987 if (!p->p_bool_val_to_name)
988 return -1;
989 if (hashtab_map(p->p_bools.table, cond_index_bool, p))
990 return -1;
991 return 0;
992 }
993
policydb_index_decls(policydb_t * p)994 int policydb_index_decls(policydb_t * p)
995 {
996 avrule_block_t *curblock;
997 avrule_decl_t *decl;
998 int num_decls = 0;
999
1000 free(p->decl_val_to_struct);
1001
1002 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1003 for (decl = curblock->branch_list; decl != NULL;
1004 decl = decl->next) {
1005 num_decls++;
1006 }
1007 }
1008
1009 p->decl_val_to_struct =
1010 calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
1011 if (!p->decl_val_to_struct) {
1012 return -1;
1013 }
1014
1015 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1016 for (decl = curblock->branch_list; decl != NULL;
1017 decl = decl->next) {
1018 p->decl_val_to_struct[decl->decl_id - 1] = decl;
1019 }
1020 }
1021
1022 return 0;
1023 }
1024
1025 /*
1026 * Define the other val_to_name and val_to_struct arrays
1027 * in a policy database structure.
1028 */
policydb_index_others(sepol_handle_t * handle,policydb_t * p,unsigned verbose)1029 int policydb_index_others(sepol_handle_t * handle,
1030 policydb_t * p, unsigned verbose)
1031 {
1032 int i;
1033
1034 if (verbose) {
1035 INFO(handle,
1036 "security: %d users, %d roles, %d types, %d bools",
1037 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
1038 p->p_bools.nprim);
1039
1040 if (p->mls)
1041 INFO(handle, "security: %d sens, %d cats",
1042 p->p_levels.nprim, p->p_cats.nprim);
1043
1044 INFO(handle, "security: %d classes, %d rules, %d cond rules",
1045 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
1046 }
1047 #if 0
1048 avtab_hash_eval(&p->te_avtab, "rules");
1049 for (i = 0; i < SYM_NUM; i++)
1050 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
1051 #endif
1052
1053 free(p->role_val_to_struct);
1054 p->role_val_to_struct = (role_datum_t **)
1055 malloc(p->p_roles.nprim * sizeof(role_datum_t *));
1056 if (!p->role_val_to_struct)
1057 return -1;
1058
1059 free(p->user_val_to_struct);
1060 p->user_val_to_struct = (user_datum_t **)
1061 malloc(p->p_users.nprim * sizeof(user_datum_t *));
1062 if (!p->user_val_to_struct)
1063 return -1;
1064
1065 free(p->type_val_to_struct);
1066 p->type_val_to_struct = (type_datum_t **)
1067 calloc(p->p_types.nprim, sizeof(type_datum_t *));
1068 if (!p->type_val_to_struct)
1069 return -1;
1070
1071 cond_init_bool_indexes(p);
1072
1073 for (i = SYM_ROLES; i < SYM_NUM; i++) {
1074 free(p->sym_val_to_name[i]);
1075 p->sym_val_to_name[i] = NULL;
1076 if (p->symtab[i].nprim) {
1077 p->sym_val_to_name[i] = (char **)
1078 calloc(p->symtab[i].nprim, sizeof(char *));
1079 if (!p->sym_val_to_name[i])
1080 return -1;
1081 if (hashtab_map(p->symtab[i].table, index_f[i], p))
1082 return -1;
1083 }
1084 }
1085
1086 /* This pre-expands the roles and users for context validity checking */
1087 if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1088 return -1;
1089
1090 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1091 return -1;
1092
1093 return 0;
1094 }
1095
1096 /*
1097 * The following *_destroy functions are used to
1098 * free any memory allocated for each kind of
1099 * symbol data in the policy database.
1100 */
1101
perm_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1102 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1103 __attribute__ ((unused)))
1104 {
1105 if (key)
1106 free(key);
1107 free(datum);
1108 return 0;
1109 }
1110
common_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1111 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1112 __attribute__ ((unused)))
1113 {
1114 common_datum_t *comdatum;
1115
1116 if (key)
1117 free(key);
1118 comdatum = (common_datum_t *) datum;
1119 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1120 hashtab_destroy(comdatum->permissions.table);
1121 free(datum);
1122 return 0;
1123 }
1124
class_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1125 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1126 __attribute__ ((unused)))
1127 {
1128 class_datum_t *cladatum;
1129 constraint_node_t *constraint, *ctemp;
1130 constraint_expr_t *e, *etmp;
1131
1132 if (key)
1133 free(key);
1134 cladatum = (class_datum_t *) datum;
1135 if (cladatum == NULL) {
1136 return 0;
1137 }
1138 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1139 hashtab_destroy(cladatum->permissions.table);
1140 constraint = cladatum->constraints;
1141 while (constraint) {
1142 e = constraint->expr;
1143 while (e) {
1144 etmp = e;
1145 e = e->next;
1146 constraint_expr_destroy(etmp);
1147 }
1148 ctemp = constraint;
1149 constraint = constraint->next;
1150 free(ctemp);
1151 }
1152
1153 constraint = cladatum->validatetrans;
1154 while (constraint) {
1155 e = constraint->expr;
1156 while (e) {
1157 etmp = e;
1158 e = e->next;
1159 constraint_expr_destroy(etmp);
1160 }
1161 ctemp = constraint;
1162 constraint = constraint->next;
1163 free(ctemp);
1164 }
1165
1166 if (cladatum->comkey)
1167 free(cladatum->comkey);
1168 free(datum);
1169 return 0;
1170 }
1171
role_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1172 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1173 __attribute__ ((unused)))
1174 {
1175 free(key);
1176 role_datum_destroy((role_datum_t *) datum);
1177 free(datum);
1178 return 0;
1179 }
1180
type_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1181 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1182 __attribute__ ((unused)))
1183 {
1184 free(key);
1185 type_datum_destroy((type_datum_t *) datum);
1186 free(datum);
1187 return 0;
1188 }
1189
user_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1190 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1191 __attribute__ ((unused)))
1192 {
1193 free(key);
1194 user_datum_destroy((user_datum_t *) datum);
1195 free(datum);
1196 return 0;
1197 }
1198
sens_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1199 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1200 __attribute__ ((unused)))
1201 {
1202 level_datum_t *levdatum;
1203
1204 if (key)
1205 free(key);
1206 levdatum = (level_datum_t *) datum;
1207 mls_level_destroy(levdatum->level);
1208 free(levdatum->level);
1209 level_datum_destroy(levdatum);
1210 free(levdatum);
1211 return 0;
1212 }
1213
cat_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1214 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1215 __attribute__ ((unused)))
1216 {
1217 if (key)
1218 free(key);
1219 cat_datum_destroy((cat_datum_t *) datum);
1220 free(datum);
1221 return 0;
1222 }
1223
1224 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1225 void *datap) = {
1226 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1227 cond_destroy_bool, sens_destroy, cat_destroy,};
1228
ocontext_selinux_free(ocontext_t ** ocontexts)1229 void ocontext_selinux_free(ocontext_t **ocontexts)
1230 {
1231 ocontext_t *c, *ctmp;
1232 int i;
1233
1234 for (i = 0; i < OCON_NUM; i++) {
1235 c = ocontexts[i];
1236 while (c) {
1237 ctmp = c;
1238 c = c->next;
1239 context_destroy(&ctmp->context[0]);
1240 context_destroy(&ctmp->context[1]);
1241 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1242 || i == OCON_FSUSE)
1243 free(ctmp->u.name);
1244 free(ctmp);
1245 }
1246 }
1247 }
1248
ocontext_xen_free(ocontext_t ** ocontexts)1249 void ocontext_xen_free(ocontext_t **ocontexts)
1250 {
1251 ocontext_t *c, *ctmp;
1252 int i;
1253
1254 for (i = 0; i < OCON_NUM; i++) {
1255 c = ocontexts[i];
1256 while (c) {
1257 ctmp = c;
1258 c = c->next;
1259 context_destroy(&ctmp->context[0]);
1260 context_destroy(&ctmp->context[1]);
1261 if (i == OCON_ISID)
1262 free(ctmp->u.name);
1263 free(ctmp);
1264 }
1265 }
1266 }
1267
1268 /*
1269 * Free any memory allocated by a policy database structure.
1270 */
policydb_destroy(policydb_t * p)1271 void policydb_destroy(policydb_t * p)
1272 {
1273 ocontext_t *c, *ctmp;
1274 genfs_t *g, *gtmp;
1275 unsigned int i;
1276 role_allow_t *ra, *lra = NULL;
1277 role_trans_t *tr, *ltr = NULL;
1278 range_trans_t *rt, *lrt = NULL;
1279 filename_trans_t *ft, *nft;
1280
1281 if (!p)
1282 return;
1283
1284 ebitmap_destroy(&p->policycaps);
1285
1286 ebitmap_destroy(&p->permissive_map);
1287
1288 symtabs_destroy(p->symtab);
1289
1290 for (i = 0; i < SYM_NUM; i++) {
1291 if (p->sym_val_to_name[i])
1292 free(p->sym_val_to_name[i]);
1293 }
1294
1295 if (p->class_val_to_struct)
1296 free(p->class_val_to_struct);
1297 if (p->role_val_to_struct)
1298 free(p->role_val_to_struct);
1299 if (p->user_val_to_struct)
1300 free(p->user_val_to_struct);
1301 if (p->type_val_to_struct)
1302 free(p->type_val_to_struct);
1303 free(p->decl_val_to_struct);
1304
1305 for (i = 0; i < SYM_NUM; i++) {
1306 (void)hashtab_map(p->scope[i].table, scope_destroy, 0);
1307 hashtab_destroy(p->scope[i].table);
1308 }
1309 avrule_block_list_destroy(p->global);
1310 free(p->name);
1311 free(p->version);
1312
1313 avtab_destroy(&p->te_avtab);
1314
1315 if (p->target_platform == SEPOL_TARGET_SELINUX)
1316 ocontext_selinux_free(p->ocontexts);
1317 else if (p->target_platform == SEPOL_TARGET_XEN)
1318 ocontext_xen_free(p->ocontexts);
1319
1320 g = p->genfs;
1321 while (g) {
1322 free(g->fstype);
1323 c = g->head;
1324 while (c) {
1325 ctmp = c;
1326 c = c->next;
1327 context_destroy(&ctmp->context[0]);
1328 free(ctmp->u.name);
1329 free(ctmp);
1330 }
1331 gtmp = g;
1332 g = g->next;
1333 free(gtmp);
1334 }
1335 cond_policydb_destroy(p);
1336
1337 for (tr = p->role_tr; tr; tr = tr->next) {
1338 if (ltr)
1339 free(ltr);
1340 ltr = tr;
1341 }
1342 if (ltr)
1343 free(ltr);
1344
1345 ft = p->filename_trans;
1346 while (ft) {
1347 nft = ft->next;
1348 free(ft->name);
1349 free(ft);
1350 ft = nft;
1351 }
1352
1353 for (ra = p->role_allow; ra; ra = ra->next) {
1354 if (lra)
1355 free(lra);
1356 lra = ra;
1357 }
1358 if (lra)
1359 free(lra);
1360
1361 for (rt = p->range_tr; rt; rt = rt->next) {
1362 if (lrt) {
1363 ebitmap_destroy(&lrt->target_range.level[0].cat);
1364 ebitmap_destroy(&lrt->target_range.level[1].cat);
1365 free(lrt);
1366 }
1367 lrt = rt;
1368 }
1369 if (lrt) {
1370 ebitmap_destroy(&lrt->target_range.level[0].cat);
1371 ebitmap_destroy(&lrt->target_range.level[1].cat);
1372 free(lrt);
1373 }
1374
1375 if (p->type_attr_map) {
1376 for (i = 0; i < p->p_types.nprim; i++) {
1377 ebitmap_destroy(&p->type_attr_map[i]);
1378 }
1379 free(p->type_attr_map);
1380 }
1381
1382 if (p->attr_type_map) {
1383 for (i = 0; i < p->p_types.nprim; i++) {
1384 ebitmap_destroy(&p->attr_type_map[i]);
1385 }
1386 free(p->attr_type_map);
1387 }
1388
1389 return;
1390 }
1391
symtabs_destroy(symtab_t * symtab)1392 void symtabs_destroy(symtab_t * symtab)
1393 {
1394 int i;
1395 for (i = 0; i < SYM_NUM; i++) {
1396 (void)hashtab_map(symtab[i].table, destroy_f[i], 0);
1397 hashtab_destroy(symtab[i].table);
1398 }
1399 }
1400
scope_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1401 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1402 __attribute__ ((unused)))
1403 {
1404 scope_datum_t *cur = (scope_datum_t *) datum;
1405 free(key);
1406 if (cur != NULL) {
1407 free(cur->decl_ids);
1408 }
1409 free(cur);
1410 return 0;
1411 }
1412
get_symtab_destroy_func(int sym_num)1413 hashtab_destroy_func_t get_symtab_destroy_func(int sym_num)
1414 {
1415 if (sym_num < 0 || sym_num >= SYM_NUM) {
1416 return NULL;
1417 }
1418 return (hashtab_destroy_func_t) destroy_f[sym_num];
1419 }
1420
1421 /*
1422 * Load the initial SIDs specified in a policy database
1423 * structure into a SID table.
1424 */
policydb_load_isids(policydb_t * p,sidtab_t * s)1425 int policydb_load_isids(policydb_t * p, sidtab_t * s)
1426 {
1427 ocontext_t *head, *c;
1428
1429 if (sepol_sidtab_init(s)) {
1430 ERR(NULL, "out of memory on SID table init");
1431 return -1;
1432 }
1433
1434 head = p->ocontexts[OCON_ISID];
1435 for (c = head; c; c = c->next) {
1436 if (!c->context[0].user) {
1437 ERR(NULL, "SID %s was never defined", c->u.name);
1438 return -1;
1439 }
1440 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1441 ERR(NULL, "unable to load initial SID %s", c->u.name);
1442 return -1;
1443 }
1444 }
1445
1446 return 0;
1447 }
1448
1449 /* Declare a symbol for a certain avrule_block context. Insert it
1450 * into a symbol table for a policy. This function will handle
1451 * inserting the appropriate scope information in addition to
1452 * inserting the symbol into the hash table.
1453 *
1454 * arguments:
1455 * policydb_t *pol module policy to modify
1456 * uint32_t sym the symbole table for insertion (SYM_*)
1457 * hashtab_key_t key the key for the symbol - not cloned
1458 * hashtab_datum_t data the data for the symbol - not cloned
1459 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1460 * avrule_decl_id identifier for this symbol's encapsulating declaration
1461 * value (out) assigned value to the symbol (if value is not NULL)
1462 *
1463 * returns:
1464 * 0 success
1465 * 1 success, but symbol already existed as a requirement
1466 * (datum was not inserted and needs to be free()d)
1467 * -1 general error
1468 * -2 scope conflicted
1469 * -ENOMEM memory error
1470 * error codes from hashtab_insert
1471 */
symtab_insert(policydb_t * pol,uint32_t sym,hashtab_key_t key,hashtab_datum_t datum,uint32_t scope,uint32_t avrule_decl_id,uint32_t * value)1472 int symtab_insert(policydb_t * pol, uint32_t sym,
1473 hashtab_key_t key, hashtab_datum_t datum,
1474 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1475 {
1476 int rc, retval = 0;
1477 unsigned int i;
1478 scope_datum_t *scope_datum;
1479
1480 /* check if the symbol is already there. multiple
1481 * declarations of non-roles/non-users are illegal, but
1482 * multiple requires are allowed. */
1483
1484 /* FIX ME - the failures after the hashtab_insert will leave
1485 * the policy in a inconsistent state. */
1486 rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1487 if (rc == SEPOL_OK) {
1488 /* if no value is passed in the symbol is not primary
1489 * (i.e. aliases) */
1490 if (value)
1491 *value = ++pol->symtab[sym].nprim;
1492 } else if (rc == SEPOL_EEXIST) {
1493 retval = 1; /* symbol not added -- need to free() later */
1494 } else {
1495 return rc;
1496 }
1497
1498 /* get existing scope information; if there is not one then
1499 * create it */
1500 scope_datum =
1501 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1502 if (scope_datum == NULL) {
1503 hashtab_key_t key2 = strdup((char *)key);
1504 if (!key2)
1505 return -ENOMEM;
1506 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1507 free(key2);
1508 return -ENOMEM;
1509 }
1510 scope_datum->scope = scope;
1511 scope_datum->decl_ids = NULL;
1512 scope_datum->decl_ids_len = 0;
1513 if ((rc =
1514 hashtab_insert(pol->scope[sym].table, key2,
1515 scope_datum)) != 0) {
1516 free(key2);
1517 free(scope_datum);
1518 return rc;
1519 }
1520 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1521 /* disallow multiple declarations for non-roles/users */
1522 if (sym != SYM_ROLES && sym != SYM_USERS) {
1523 return -2;
1524 }
1525 /* Further confine that a role attribute can't have the same
1526 * name as another regular role, and a role attribute can't
1527 * be declared more than once. */
1528 if (sym == SYM_ROLES) {
1529 role_datum_t *base_role;
1530 role_datum_t *cur_role = (role_datum_t *)datum;
1531
1532 base_role = (role_datum_t *)
1533 hashtab_search(pol->symtab[sym].table,
1534 key);
1535 assert(base_role != NULL);
1536
1537 if (!((base_role->flavor == ROLE_ROLE) &&
1538 (cur_role->flavor == ROLE_ROLE))) {
1539 /* Only regular roles are allowed to have
1540 * multiple declarations. */
1541 return -2;
1542 }
1543 }
1544 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1545 scope_datum->scope = SCOPE_DECL;
1546 } else if (scope_datum->scope != scope) {
1547 /* This only happens in DECL then REQUIRE case, which is handled by caller */
1548 return -2;
1549 }
1550
1551 /* search through the pre-existing list to avoid adding duplicates */
1552 for (i = 0; i < scope_datum->decl_ids_len; i++) {
1553 if (scope_datum->decl_ids[i] == avrule_decl_id) {
1554 /* already there, so don't modify its scope */
1555 return retval;
1556 }
1557 }
1558
1559 if (add_i_to_a(avrule_decl_id,
1560 &scope_datum->decl_ids_len,
1561 &scope_datum->decl_ids) == -1) {
1562 return -ENOMEM;
1563 }
1564
1565 return retval;
1566 }
1567
type_set_or(type_set_t * dst,type_set_t * a,type_set_t * b)1568 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b)
1569 {
1570 type_set_init(dst);
1571
1572 if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1573 return -1;
1574 }
1575 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1576 return -1;
1577 }
1578
1579 dst->flags |= a->flags;
1580 dst->flags |= b->flags;
1581
1582 return 0;
1583 }
1584
type_set_cpy(type_set_t * dst,type_set_t * src)1585 int type_set_cpy(type_set_t * dst, type_set_t * src)
1586 {
1587 type_set_init(dst);
1588
1589 dst->flags = src->flags;
1590 if (ebitmap_cpy(&dst->types, &src->types))
1591 return -1;
1592 if (ebitmap_cpy(&dst->negset, &src->negset))
1593 return -1;
1594
1595 return 0;
1596 }
1597
type_set_or_eq(type_set_t * dst,type_set_t * other)1598 int type_set_or_eq(type_set_t * dst, type_set_t * other)
1599 {
1600 int ret;
1601 type_set_t tmp;
1602
1603 if (type_set_or(&tmp, dst, other))
1604 return -1;
1605 type_set_destroy(dst);
1606 ret = type_set_cpy(dst, &tmp);
1607 type_set_destroy(&tmp);
1608
1609 return ret;
1610 }
1611
role_set_get_role(role_set_t * x,uint32_t role)1612 int role_set_get_role(role_set_t * x, uint32_t role)
1613 {
1614 if (x->flags & ROLE_STAR)
1615 return 1;
1616
1617 if (ebitmap_get_bit(&x->roles, role - 1)) {
1618 if (x->flags & ROLE_COMP)
1619 return 0;
1620 else
1621 return 1;
1622 } else {
1623 if (x->flags & ROLE_COMP)
1624 return 1;
1625 else
1626 return 0;
1627 }
1628 }
1629
1630 /***********************************************************************/
1631 /* everything below is for policy reads */
1632
1633 /* The following are read functions for module structures */
1634
role_set_read(role_set_t * r,struct policy_file * fp)1635 static int role_set_read(role_set_t * r, struct policy_file *fp)
1636 {
1637 uint32_t buf[1];
1638 int rc;
1639
1640 if (ebitmap_read(&r->roles, fp))
1641 return -1;
1642 rc = next_entry(buf, fp, sizeof(uint32_t));
1643 if (rc < 0)
1644 return -1;
1645 r->flags = le32_to_cpu(buf[0]);
1646
1647 return 0;
1648 }
1649
type_set_read(type_set_t * t,struct policy_file * fp)1650 static int type_set_read(type_set_t * t, struct policy_file *fp)
1651 {
1652 uint32_t buf[1];
1653 int rc;
1654
1655 if (ebitmap_read(&t->types, fp))
1656 return -1;
1657 if (ebitmap_read(&t->negset, fp))
1658 return -1;
1659
1660 rc = next_entry(buf, fp, sizeof(uint32_t));
1661 if (rc < 0)
1662 return -1;
1663 t->flags = le32_to_cpu(buf[0]);
1664
1665 return 0;
1666 }
1667
1668 /*
1669 * Read a MLS range structure from a policydb binary
1670 * representation file.
1671 */
mls_read_range_helper(mls_range_t * r,struct policy_file * fp)1672 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1673 {
1674 uint32_t buf[2], items;
1675 int rc;
1676
1677 rc = next_entry(buf, fp, sizeof(uint32_t));
1678 if (rc < 0)
1679 goto out;
1680
1681 items = le32_to_cpu(buf[0]);
1682 if (items > ARRAY_SIZE(buf)) {
1683 ERR(fp->handle, "range overflow");
1684 rc = -EINVAL;
1685 goto out;
1686 }
1687 rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1688 if (rc < 0) {
1689 ERR(fp->handle, "truncated range");
1690 goto out;
1691 }
1692 r->level[0].sens = le32_to_cpu(buf[0]);
1693 if (items > 1)
1694 r->level[1].sens = le32_to_cpu(buf[1]);
1695 else
1696 r->level[1].sens = r->level[0].sens;
1697
1698 rc = ebitmap_read(&r->level[0].cat, fp);
1699 if (rc) {
1700 ERR(fp->handle, "error reading low categories");
1701 goto out;
1702 }
1703 if (items > 1) {
1704 rc = ebitmap_read(&r->level[1].cat, fp);
1705 if (rc) {
1706 ERR(fp->handle, "error reading high categories");
1707 goto bad_high;
1708 }
1709 } else {
1710 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1711 if (rc) {
1712 ERR(fp->handle, "out of memory");
1713 goto bad_high;
1714 }
1715 }
1716
1717 rc = 0;
1718 out:
1719 return rc;
1720 bad_high:
1721 ebitmap_destroy(&r->level[0].cat);
1722 goto out;
1723 }
1724
1725 /*
1726 * Read a semantic MLS level structure from a policydb binary
1727 * representation file.
1728 */
mls_read_semantic_level_helper(mls_semantic_level_t * l,struct policy_file * fp)1729 static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1730 struct policy_file *fp)
1731 {
1732 uint32_t buf[2], ncat;
1733 unsigned int i;
1734 mls_semantic_cat_t *cat;
1735 int rc;
1736
1737 mls_semantic_level_init(l);
1738
1739 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1740 if (rc < 0) {
1741 ERR(fp->handle, "truncated level");
1742 goto bad;
1743 }
1744 l->sens = le32_to_cpu(buf[0]);
1745
1746 ncat = le32_to_cpu(buf[1]);
1747 for (i = 0; i < ncat; i++) {
1748 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1749 if (!cat) {
1750 ERR(fp->handle, "out of memory");
1751 goto bad;
1752 }
1753
1754 mls_semantic_cat_init(cat);
1755 cat->next = l->cat;
1756 l->cat = cat;
1757
1758 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1759 if (rc < 0) {
1760 ERR(fp->handle, "error reading level categories");
1761 goto bad;
1762 }
1763 cat->low = le32_to_cpu(buf[0]);
1764 cat->high = le32_to_cpu(buf[1]);
1765 }
1766
1767 return 0;
1768
1769 bad:
1770 return -EINVAL;
1771 }
1772
1773 /*
1774 * Read a semantic MLS range structure from a policydb binary
1775 * representation file.
1776 */
mls_read_semantic_range_helper(mls_semantic_range_t * r,struct policy_file * fp)1777 static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1778 struct policy_file *fp)
1779 {
1780 int rc;
1781
1782 rc = mls_read_semantic_level_helper(&r->level[0], fp);
1783 if (rc)
1784 return rc;
1785
1786 rc = mls_read_semantic_level_helper(&r->level[1], fp);
1787
1788 return rc;
1789 }
1790
mls_level_to_semantic(mls_level_t * l,mls_semantic_level_t * sl)1791 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1792 {
1793 unsigned int i;
1794 ebitmap_node_t *cnode;
1795 mls_semantic_cat_t *open_cat = NULL;
1796
1797 mls_semantic_level_init(sl);
1798 sl->sens = l->sens;
1799 ebitmap_for_each_bit(&l->cat, cnode, i) {
1800 if (ebitmap_node_get_bit(cnode, i)) {
1801 if (open_cat)
1802 continue;
1803 open_cat = (mls_semantic_cat_t *)
1804 malloc(sizeof(mls_semantic_cat_t));
1805 if (!open_cat)
1806 return -1;
1807
1808 mls_semantic_cat_init(open_cat);
1809 open_cat->low = i + 1;
1810 open_cat->next = sl->cat;
1811 sl->cat = open_cat;
1812 } else {
1813 if (!open_cat)
1814 continue;
1815 open_cat->high = i;
1816 open_cat = NULL;
1817 }
1818 }
1819 if (open_cat)
1820 open_cat->high = i;
1821
1822 return 0;
1823 }
1824
mls_range_to_semantic(mls_range_t * r,mls_semantic_range_t * sr)1825 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
1826 {
1827 if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
1828 return -1;
1829
1830 if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
1831 return -1;
1832
1833 return 0;
1834 }
1835
1836 /*
1837 * Read and validate a security context structure
1838 * from a policydb binary representation file.
1839 */
context_read_and_validate(context_struct_t * c,policydb_t * p,struct policy_file * fp)1840 static int context_read_and_validate(context_struct_t * c,
1841 policydb_t * p, struct policy_file *fp)
1842 {
1843 uint32_t buf[3];
1844 int rc;
1845
1846 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
1847 if (rc < 0) {
1848 ERR(fp->handle, "context truncated");
1849 return -1;
1850 }
1851 c->user = le32_to_cpu(buf[0]);
1852 c->role = le32_to_cpu(buf[1]);
1853 c->type = le32_to_cpu(buf[2]);
1854 if ((p->policy_type == POLICY_KERN
1855 && p->policyvers >= POLICYDB_VERSION_MLS)
1856 || (p->policy_type == POLICY_BASE
1857 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
1858 if (mls_read_range_helper(&c->range, fp)) {
1859 ERR(fp->handle, "error reading MLS range "
1860 "of context");
1861 return -1;
1862 }
1863 }
1864
1865 if (!policydb_context_isvalid(p, c)) {
1866 ERR(fp->handle, "invalid security context");
1867 context_destroy(c);
1868 return -1;
1869 }
1870 return 0;
1871 }
1872
1873 /*
1874 * The following *_read functions are used to
1875 * read the symbol data from a policy database
1876 * binary representation file.
1877 */
1878
perm_read(policydb_t * p,hashtab_t h,struct policy_file * fp)1879 static int perm_read(policydb_t * p
1880 __attribute__ ((unused)), hashtab_t h,
1881 struct policy_file *fp)
1882 {
1883 char *key = 0;
1884 perm_datum_t *perdatum;
1885 uint32_t buf[2];
1886 size_t len;
1887 int rc;
1888
1889 perdatum = calloc(1, sizeof(perm_datum_t));
1890 if (!perdatum)
1891 return -1;
1892
1893 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1894 if (rc < 0)
1895 goto bad;
1896
1897 len = le32_to_cpu(buf[0]);
1898 perdatum->s.value = le32_to_cpu(buf[1]);
1899
1900 key = malloc(len + 1);
1901 if (!key)
1902 goto bad;
1903 rc = next_entry(key, fp, len);
1904 if (rc < 0)
1905 goto bad;
1906 key[len] = 0;
1907
1908 if (hashtab_insert(h, key, perdatum))
1909 goto bad;
1910
1911 return 0;
1912
1913 bad:
1914 perm_destroy(key, perdatum, NULL);
1915 return -1;
1916 }
1917
common_read(policydb_t * p,hashtab_t h,struct policy_file * fp)1918 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
1919 {
1920 char *key = 0;
1921 common_datum_t *comdatum;
1922 uint32_t buf[4];
1923 size_t len, nel;
1924 unsigned int i;
1925 int rc;
1926
1927 comdatum = calloc(1, sizeof(common_datum_t));
1928 if (!comdatum)
1929 return -1;
1930
1931 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
1932 if (rc < 0)
1933 goto bad;
1934
1935 len = le32_to_cpu(buf[0]);
1936 comdatum->s.value = le32_to_cpu(buf[1]);
1937
1938 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
1939 goto bad;
1940 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1941 nel = le32_to_cpu(buf[3]);
1942
1943 key = malloc(len + 1);
1944 if (!key)
1945 goto bad;
1946 rc = next_entry(key, fp, len);
1947 if (rc < 0)
1948 goto bad;
1949 key[len] = 0;
1950
1951 for (i = 0; i < nel; i++) {
1952 if (perm_read(p, comdatum->permissions.table, fp))
1953 goto bad;
1954 }
1955
1956 if (hashtab_insert(h, key, comdatum))
1957 goto bad;
1958
1959 return 0;
1960
1961 bad:
1962 common_destroy(key, comdatum, NULL);
1963 return -1;
1964 }
1965
read_cons_helper(policydb_t * p,constraint_node_t ** nodep,unsigned int ncons,int allowxtarget,struct policy_file * fp)1966 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
1967 unsigned int ncons,
1968 int allowxtarget, struct policy_file *fp)
1969 {
1970 constraint_node_t *c, *lc;
1971 constraint_expr_t *e, *le;
1972 uint32_t buf[3];
1973 size_t nexpr;
1974 unsigned int i, j;
1975 int rc, depth;
1976
1977 lc = NULL;
1978 for (i = 0; i < ncons; i++) {
1979 c = calloc(1, sizeof(constraint_node_t));
1980 if (!c)
1981 return -1;
1982
1983 if (lc)
1984 lc->next = c;
1985 else
1986 *nodep = c;
1987
1988 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
1989 if (rc < 0)
1990 return -1;
1991 c->permissions = le32_to_cpu(buf[0]);
1992 nexpr = le32_to_cpu(buf[1]);
1993 le = NULL;
1994 depth = -1;
1995 for (j = 0; j < nexpr; j++) {
1996 e = malloc(sizeof(constraint_expr_t));
1997 if (!e)
1998 return -1;
1999 if (constraint_expr_init(e) == -1) {
2000 free(e);
2001 return -1;
2002 }
2003 if (le) {
2004 le->next = e;
2005 } else {
2006 c->expr = e;
2007 }
2008
2009 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2010 if (rc < 0)
2011 return -1;
2012 e->expr_type = le32_to_cpu(buf[0]);
2013 e->attr = le32_to_cpu(buf[1]);
2014 e->op = le32_to_cpu(buf[2]);
2015
2016 switch (e->expr_type) {
2017 case CEXPR_NOT:
2018 if (depth < 0)
2019 return -1;
2020 break;
2021 case CEXPR_AND:
2022 case CEXPR_OR:
2023 if (depth < 1)
2024 return -1;
2025 depth--;
2026 break;
2027 case CEXPR_ATTR:
2028 if (depth == (CEXPR_MAXDEPTH - 1))
2029 return -1;
2030 depth++;
2031 break;
2032 case CEXPR_NAMES:
2033 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
2034 return -1;
2035 if (depth == (CEXPR_MAXDEPTH - 1))
2036 return -1;
2037 depth++;
2038 if (ebitmap_read(&e->names, fp))
2039 return -1;
2040 if (p->policy_type != POLICY_KERN &&
2041 type_set_read(e->type_names, fp))
2042 return -1;
2043 else if (p->policy_type == POLICY_KERN &&
2044 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
2045 type_set_read(e->type_names, fp))
2046 return -1;
2047 break;
2048 default:
2049 return -1;
2050 }
2051 le = e;
2052 }
2053 if (depth != 0)
2054 return -1;
2055 lc = c;
2056 }
2057
2058 return 0;
2059 }
2060
class_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2061 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2062 {
2063 char *key = 0;
2064 class_datum_t *cladatum;
2065 uint32_t buf[6];
2066 size_t len, len2, ncons, nel;
2067 unsigned int i;
2068 int rc;
2069
2070 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2071 if (!cladatum)
2072 return -1;
2073
2074 rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2075 if (rc < 0)
2076 goto bad;
2077
2078 len = le32_to_cpu(buf[0]);
2079 len2 = le32_to_cpu(buf[1]);
2080 cladatum->s.value = le32_to_cpu(buf[2]);
2081
2082 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2083 goto bad;
2084 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2085 nel = le32_to_cpu(buf[4]);
2086
2087 ncons = le32_to_cpu(buf[5]);
2088
2089 key = malloc(len + 1);
2090 if (!key)
2091 goto bad;
2092 rc = next_entry(key, fp, len);
2093 if (rc < 0)
2094 goto bad;
2095 key[len] = 0;
2096
2097 if (len2) {
2098 cladatum->comkey = malloc(len2 + 1);
2099 if (!cladatum->comkey)
2100 goto bad;
2101 rc = next_entry(cladatum->comkey, fp, len2);
2102 if (rc < 0)
2103 goto bad;
2104 cladatum->comkey[len2] = 0;
2105
2106 cladatum->comdatum = hashtab_search(p->p_commons.table,
2107 cladatum->comkey);
2108 if (!cladatum->comdatum) {
2109 ERR(fp->handle, "unknown common %s", cladatum->comkey);
2110 goto bad;
2111 }
2112 }
2113 for (i = 0; i < nel; i++) {
2114 if (perm_read(p, cladatum->permissions.table, fp))
2115 goto bad;
2116 }
2117
2118 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2119 goto bad;
2120
2121 if ((p->policy_type == POLICY_KERN
2122 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2123 || (p->policy_type == POLICY_BASE
2124 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2125 /* grab the validatetrans rules */
2126 rc = next_entry(buf, fp, sizeof(uint32_t));
2127 if (rc < 0)
2128 goto bad;
2129 ncons = le32_to_cpu(buf[0]);
2130 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2131 goto bad;
2132 }
2133
2134 if ((p->policy_type == POLICY_KERN &&
2135 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
2136 (p->policy_type == POLICY_BASE &&
2137 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
2138 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2139 if (rc < 0)
2140 goto bad;
2141 cladatum->default_user = le32_to_cpu(buf[0]);
2142 cladatum->default_role = le32_to_cpu(buf[1]);
2143 cladatum->default_range = le32_to_cpu(buf[2]);
2144 }
2145
2146 if ((p->policy_type == POLICY_KERN &&
2147 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) ||
2148 (p->policy_type == POLICY_BASE &&
2149 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) {
2150 rc = next_entry(buf, fp, sizeof(uint32_t));
2151 if (rc < 0)
2152 goto bad;
2153 cladatum->default_type = le32_to_cpu(buf[0]);
2154 }
2155
2156 if (hashtab_insert(h, key, cladatum))
2157 goto bad;
2158
2159 return 0;
2160
2161 bad:
2162 class_destroy(key, cladatum, NULL);
2163 return -1;
2164 }
2165
role_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2166 static int role_read(policydb_t * p
2167 __attribute__ ((unused)), hashtab_t h,
2168 struct policy_file *fp)
2169 {
2170 char *key = 0;
2171 role_datum_t *role;
2172 uint32_t buf[3];
2173 size_t len;
2174 int rc, to_read = 2;
2175
2176 role = calloc(1, sizeof(role_datum_t));
2177 if (!role)
2178 return -1;
2179
2180 if (policydb_has_boundary_feature(p))
2181 to_read = 3;
2182
2183 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2184 if (rc < 0)
2185 goto bad;
2186
2187 len = le32_to_cpu(buf[0]);
2188 role->s.value = le32_to_cpu(buf[1]);
2189 if (policydb_has_boundary_feature(p))
2190 role->bounds = le32_to_cpu(buf[2]);
2191
2192 key = malloc(len + 1);
2193 if (!key)
2194 goto bad;
2195 rc = next_entry(key, fp, len);
2196 if (rc < 0)
2197 goto bad;
2198 key[len] = 0;
2199
2200 if (ebitmap_read(&role->dominates, fp))
2201 goto bad;
2202
2203 if (p->policy_type == POLICY_KERN) {
2204 if (ebitmap_read(&role->types.types, fp))
2205 goto bad;
2206 } else {
2207 if (type_set_read(&role->types, fp))
2208 goto bad;
2209 }
2210
2211 if (p->policy_type != POLICY_KERN &&
2212 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2213 rc = next_entry(buf, fp, sizeof(uint32_t));
2214 if (rc < 0)
2215 goto bad;
2216
2217 role->flavor = le32_to_cpu(buf[0]);
2218
2219 if (ebitmap_read(&role->roles, fp))
2220 goto bad;
2221 }
2222
2223 if (strcmp(key, OBJECT_R) == 0) {
2224 if (role->s.value != OBJECT_R_VAL) {
2225 ERR(fp->handle, "role %s has wrong value %d",
2226 OBJECT_R, role->s.value);
2227 role_destroy(key, role, NULL);
2228 return -1;
2229 }
2230 role_destroy(key, role, NULL);
2231 return 0;
2232 }
2233
2234 if (hashtab_insert(h, key, role))
2235 goto bad;
2236
2237 return 0;
2238
2239 bad:
2240 role_destroy(key, role, NULL);
2241 return -1;
2242 }
2243
type_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2244 static int type_read(policydb_t * p
2245 __attribute__ ((unused)), hashtab_t h,
2246 struct policy_file *fp)
2247 {
2248 char *key = 0;
2249 type_datum_t *typdatum;
2250 uint32_t buf[5];
2251 size_t len;
2252 int rc, to_read;
2253 int pos = 0;
2254
2255 typdatum = calloc(1, sizeof(type_datum_t));
2256 if (!typdatum)
2257 return -1;
2258
2259 if (policydb_has_boundary_feature(p)) {
2260 if (p->policy_type != POLICY_KERN
2261 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2262 to_read = 5;
2263 else
2264 to_read = 4;
2265 }
2266 else if (p->policy_type == POLICY_KERN)
2267 to_read = 3;
2268 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2269 to_read = 5;
2270 else
2271 to_read = 4;
2272
2273 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2274 if (rc < 0)
2275 goto bad;
2276
2277 len = le32_to_cpu(buf[pos]);
2278 typdatum->s.value = le32_to_cpu(buf[++pos]);
2279 if (policydb_has_boundary_feature(p)) {
2280 uint32_t properties;
2281
2282 if (p->policy_type != POLICY_KERN
2283 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2284 typdatum->primary = le32_to_cpu(buf[++pos]);
2285 properties = le32_to_cpu(buf[++pos]);
2286 }
2287 else {
2288 properties = le32_to_cpu(buf[++pos]);
2289
2290 if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2291 typdatum->primary = 1;
2292 }
2293
2294 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2295 typdatum->flavor = TYPE_ATTRIB;
2296 if (properties & TYPEDATUM_PROPERTY_ALIAS
2297 && p->policy_type != POLICY_KERN)
2298 typdatum->flavor = TYPE_ALIAS;
2299 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2300 && p->policy_type != POLICY_KERN)
2301 typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2302
2303 typdatum->bounds = le32_to_cpu(buf[++pos]);
2304 } else {
2305 typdatum->primary = le32_to_cpu(buf[++pos]);
2306 if (p->policy_type != POLICY_KERN) {
2307 typdatum->flavor = le32_to_cpu(buf[++pos]);
2308 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2309 typdatum->flags = le32_to_cpu(buf[++pos]);
2310 }
2311 }
2312
2313 if (p->policy_type != POLICY_KERN) {
2314 if (ebitmap_read(&typdatum->types, fp))
2315 goto bad;
2316 }
2317
2318 key = malloc(len + 1);
2319 if (!key)
2320 goto bad;
2321 rc = next_entry(key, fp, len);
2322 if (rc < 0)
2323 goto bad;
2324 key[len] = 0;
2325
2326 if (hashtab_insert(h, key, typdatum))
2327 goto bad;
2328
2329 return 0;
2330
2331 bad:
2332 type_destroy(key, typdatum, NULL);
2333 return -1;
2334 }
2335
role_trans_read(policydb_t * p,struct policy_file * fp)2336 int role_trans_read(policydb_t *p, struct policy_file *fp)
2337 {
2338 role_trans_t **t = &p->role_tr;
2339 unsigned int i;
2340 uint32_t buf[3], nel;
2341 role_trans_t *tr, *ltr;
2342 int rc;
2343 int new_roletr = (p->policy_type == POLICY_KERN &&
2344 p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2345
2346 rc = next_entry(buf, fp, sizeof(uint32_t));
2347 if (rc < 0)
2348 return -1;
2349 nel = le32_to_cpu(buf[0]);
2350 ltr = NULL;
2351 for (i = 0; i < nel; i++) {
2352 tr = calloc(1, sizeof(struct role_trans));
2353 if (!tr) {
2354 return -1;
2355 }
2356 if (ltr) {
2357 ltr->next = tr;
2358 } else {
2359 *t = tr;
2360 }
2361 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2362 if (rc < 0)
2363 return -1;
2364 tr->role = le32_to_cpu(buf[0]);
2365 tr->type = le32_to_cpu(buf[1]);
2366 tr->new_role = le32_to_cpu(buf[2]);
2367 if (new_roletr) {
2368 rc = next_entry(buf, fp, sizeof(uint32_t));
2369 if (rc < 0)
2370 return -1;
2371 tr->tclass = le32_to_cpu(buf[0]);
2372 } else
2373 tr->tclass = SECCLASS_PROCESS;
2374 ltr = tr;
2375 }
2376 return 0;
2377 }
2378
role_allow_read(role_allow_t ** r,struct policy_file * fp)2379 int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2380 {
2381 unsigned int i;
2382 uint32_t buf[2], nel;
2383 role_allow_t *ra, *lra;
2384 int rc;
2385
2386 rc = next_entry(buf, fp, sizeof(uint32_t));
2387 if (rc < 0)
2388 return -1;
2389 nel = le32_to_cpu(buf[0]);
2390 lra = NULL;
2391 for (i = 0; i < nel; i++) {
2392 ra = calloc(1, sizeof(struct role_allow));
2393 if (!ra) {
2394 return -1;
2395 }
2396 if (lra) {
2397 lra->next = ra;
2398 } else {
2399 *r = ra;
2400 }
2401 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2402 if (rc < 0)
2403 return -1;
2404 ra->role = le32_to_cpu(buf[0]);
2405 ra->new_role = le32_to_cpu(buf[1]);
2406 lra = ra;
2407 }
2408 return 0;
2409 }
2410
filename_trans_read(filename_trans_t ** t,struct policy_file * fp)2411 int filename_trans_read(filename_trans_t **t, struct policy_file *fp)
2412 {
2413 unsigned int i;
2414 uint32_t buf[4], nel, len;
2415 filename_trans_t *ft, *lft;
2416 int rc;
2417 char *name;
2418
2419 rc = next_entry(buf, fp, sizeof(uint32_t));
2420 if (rc < 0)
2421 return -1;
2422 nel = le32_to_cpu(buf[0]);
2423
2424 lft = NULL;
2425 for (i = 0; i < nel; i++) {
2426 ft = calloc(1, sizeof(struct filename_trans));
2427 if (!ft)
2428 return -1;
2429 if (lft)
2430 lft->next = ft;
2431 else
2432 *t = ft;
2433 lft = ft;
2434 rc = next_entry(buf, fp, sizeof(uint32_t));
2435 if (rc < 0)
2436 return -1;
2437 len = le32_to_cpu(buf[0]);
2438
2439 name = calloc(len + 1, sizeof(*name));
2440 if (!name)
2441 return -1;
2442
2443 ft->name = name;
2444
2445 rc = next_entry(name, fp, len);
2446 if (rc < 0)
2447 return -1;
2448
2449 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2450 if (rc < 0)
2451 return -1;
2452
2453 ft->stype = le32_to_cpu(buf[0]);
2454 ft->ttype = le32_to_cpu(buf[1]);
2455 ft->tclass = le32_to_cpu(buf[2]);
2456 ft->otype = le32_to_cpu(buf[3]);
2457 }
2458 return 0;
2459 }
2460
ocontext_read_xen(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2461 static int ocontext_read_xen(struct policydb_compat_info *info,
2462 policydb_t *p, struct policy_file *fp)
2463 {
2464 unsigned int i, j;
2465 size_t nel;
2466 ocontext_t *l, *c;
2467 uint32_t buf[8];
2468 int rc;
2469
2470 for (i = 0; i < info->ocon_num; i++) {
2471 rc = next_entry(buf, fp, sizeof(uint32_t));
2472 if (rc < 0)
2473 return -1;
2474 nel = le32_to_cpu(buf[0]);
2475 l = NULL;
2476 for (j = 0; j < nel; j++) {
2477 c = calloc(1, sizeof(ocontext_t));
2478 if (!c)
2479 return -1;
2480 if (l)
2481 l->next = c;
2482 else
2483 p->ocontexts[i] = c;
2484 l = c;
2485 switch (i) {
2486 case OCON_XEN_ISID:
2487 rc = next_entry(buf, fp, sizeof(uint32_t));
2488 if (rc < 0)
2489 return -1;
2490 c->sid[0] = le32_to_cpu(buf[0]);
2491 if (context_read_and_validate
2492 (&c->context[0], p, fp))
2493 return -1;
2494 break;
2495 case OCON_XEN_PIRQ:
2496 rc = next_entry(buf, fp, sizeof(uint32_t));
2497 if (rc < 0)
2498 return -1;
2499 c->u.pirq = le32_to_cpu(buf[0]);
2500 if (context_read_and_validate
2501 (&c->context[0], p, fp))
2502 return -1;
2503 break;
2504 case OCON_XEN_IOPORT:
2505 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2506 if (rc < 0)
2507 return -1;
2508 c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2509 c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2510 if (context_read_and_validate
2511 (&c->context[0], p, fp))
2512 return -1;
2513 break;
2514 case OCON_XEN_IOMEM:
2515 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2516 if (rc < 0)
2517 return -1;
2518 c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2519 c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2520 if (context_read_and_validate
2521 (&c->context[0], p, fp))
2522 return -1;
2523 break;
2524 case OCON_XEN_PCIDEVICE:
2525 rc = next_entry(buf, fp, sizeof(uint32_t));
2526 if (rc < 0)
2527 return -1;
2528 c->u.device = le32_to_cpu(buf[0]);
2529 if (context_read_and_validate
2530 (&c->context[0], p, fp))
2531 return -1;
2532 break;
2533 default:
2534 /* should never get here */
2535 ERR(fp->handle, "Unknown Xen ocontext");
2536 return -1;
2537 }
2538 }
2539 }
2540 return 0;
2541 }
ocontext_read_selinux(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2542 static int ocontext_read_selinux(struct policydb_compat_info *info,
2543 policydb_t * p, struct policy_file *fp)
2544 {
2545 unsigned int i, j;
2546 size_t nel, len;
2547 ocontext_t *l, *c;
2548 uint32_t buf[8];
2549 int rc;
2550
2551 for (i = 0; i < info->ocon_num; i++) {
2552 rc = next_entry(buf, fp, sizeof(uint32_t));
2553 if (rc < 0)
2554 return -1;
2555 nel = le32_to_cpu(buf[0]);
2556 l = NULL;
2557 for (j = 0; j < nel; j++) {
2558 c = calloc(1, sizeof(ocontext_t));
2559 if (!c) {
2560 return -1;
2561 }
2562 if (l) {
2563 l->next = c;
2564 } else {
2565 p->ocontexts[i] = c;
2566 }
2567 l = c;
2568 switch (i) {
2569 case OCON_ISID:
2570 rc = next_entry(buf, fp, sizeof(uint32_t));
2571 if (rc < 0)
2572 return -1;
2573 c->sid[0] = le32_to_cpu(buf[0]);
2574 if (context_read_and_validate
2575 (&c->context[0], p, fp))
2576 return -1;
2577 break;
2578 case OCON_FS:
2579 case OCON_NETIF:
2580 rc = next_entry(buf, fp, sizeof(uint32_t));
2581 if (rc < 0)
2582 return -1;
2583 len = le32_to_cpu(buf[0]);
2584 c->u.name = malloc(len + 1);
2585 if (!c->u.name)
2586 return -1;
2587 rc = next_entry(c->u.name, fp, len);
2588 if (rc < 0)
2589 return -1;
2590 c->u.name[len] = 0;
2591 if (context_read_and_validate
2592 (&c->context[0], p, fp))
2593 return -1;
2594 if (context_read_and_validate
2595 (&c->context[1], p, fp))
2596 return -1;
2597 break;
2598 case OCON_PORT:
2599 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2600 if (rc < 0)
2601 return -1;
2602 c->u.port.protocol = le32_to_cpu(buf[0]);
2603 c->u.port.low_port = le32_to_cpu(buf[1]);
2604 c->u.port.high_port = le32_to_cpu(buf[2]);
2605 if (context_read_and_validate
2606 (&c->context[0], p, fp))
2607 return -1;
2608 break;
2609 case OCON_NODE:
2610 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2611 if (rc < 0)
2612 return -1;
2613 c->u.node.addr = buf[0]; /* network order */
2614 c->u.node.mask = buf[1]; /* network order */
2615 if (context_read_and_validate
2616 (&c->context[0], p, fp))
2617 return -1;
2618 break;
2619 case OCON_FSUSE:
2620 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2621 if (rc < 0)
2622 return -1;
2623 c->v.behavior = le32_to_cpu(buf[0]);
2624 len = le32_to_cpu(buf[1]);
2625 c->u.name = malloc(len + 1);
2626 if (!c->u.name)
2627 return -1;
2628 rc = next_entry(c->u.name, fp, len);
2629 if (rc < 0)
2630 return -1;
2631 c->u.name[len] = 0;
2632 if (context_read_and_validate
2633 (&c->context[0], p, fp))
2634 return -1;
2635 break;
2636 case OCON_NODE6:{
2637 int k;
2638
2639 rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
2640 if (rc < 0)
2641 return -1;
2642 for (k = 0; k < 4; k++)
2643 /* network order */
2644 c->u.node6.addr[k] = buf[k];
2645 for (k = 0; k < 4; k++)
2646 /* network order */
2647 c->u.node6.mask[k] = buf[k + 4];
2648 if (context_read_and_validate
2649 (&c->context[0], p, fp))
2650 return -1;
2651 break;
2652 }
2653 default:{
2654 ERR(fp->handle, "Unknown SELinux ocontext");
2655 return -1;
2656 }
2657 }
2658 }
2659 }
2660 return 0;
2661 }
2662
ocontext_read(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2663 static int ocontext_read(struct policydb_compat_info *info,
2664 policydb_t *p, struct policy_file *fp)
2665 {
2666 int rc = -1;
2667 switch (p->target_platform) {
2668 case SEPOL_TARGET_SELINUX:
2669 rc = ocontext_read_selinux(info, p, fp);
2670 break;
2671 case SEPOL_TARGET_XEN:
2672 rc = ocontext_read_xen(info, p, fp);
2673 break;
2674 default:
2675 ERR(fp->handle, "Unknown target");
2676 }
2677 return rc;
2678 }
2679
genfs_read(policydb_t * p,struct policy_file * fp)2680 static int genfs_read(policydb_t * p, struct policy_file *fp)
2681 {
2682 uint32_t buf[1];
2683 size_t nel, nel2, len, len2;
2684 genfs_t *genfs_p, *newgenfs, *genfs;
2685 unsigned int i, j;
2686 ocontext_t *l, *c, *newc = NULL;
2687 int rc;
2688
2689 rc = next_entry(buf, fp, sizeof(uint32_t));
2690 if (rc < 0)
2691 goto bad;
2692 nel = le32_to_cpu(buf[0]);
2693 genfs_p = NULL;
2694 for (i = 0; i < nel; i++) {
2695 rc = next_entry(buf, fp, sizeof(uint32_t));
2696 if (rc < 0)
2697 goto bad;
2698 len = le32_to_cpu(buf[0]);
2699 newgenfs = calloc(1, sizeof(genfs_t));
2700 if (!newgenfs)
2701 goto bad;
2702 newgenfs->fstype = malloc(len + 1);
2703 if (!newgenfs->fstype) {
2704 free(newgenfs);
2705 goto bad;
2706 }
2707 rc = next_entry(newgenfs->fstype, fp, len);
2708 if (rc < 0) {
2709 free(newgenfs->fstype);
2710 free(newgenfs);
2711 goto bad;
2712 }
2713 newgenfs->fstype[len] = 0;
2714 for (genfs_p = NULL, genfs = p->genfs; genfs;
2715 genfs_p = genfs, genfs = genfs->next) {
2716 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2717 ERR(fp->handle, "dup genfs fstype %s",
2718 newgenfs->fstype);
2719 free(newgenfs->fstype);
2720 free(newgenfs);
2721 goto bad;
2722 }
2723 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2724 break;
2725 }
2726 newgenfs->next = genfs;
2727 if (genfs_p)
2728 genfs_p->next = newgenfs;
2729 else
2730 p->genfs = newgenfs;
2731 rc = next_entry(buf, fp, sizeof(uint32_t));
2732 if (rc < 0)
2733 goto bad;
2734 nel2 = le32_to_cpu(buf[0]);
2735 for (j = 0; j < nel2; j++) {
2736 newc = calloc(1, sizeof(ocontext_t));
2737 if (!newc) {
2738 goto bad;
2739 }
2740 rc = next_entry(buf, fp, sizeof(uint32_t));
2741 if (rc < 0)
2742 goto bad;
2743 len = le32_to_cpu(buf[0]);
2744 newc->u.name = malloc(len + 1);
2745 if (!newc->u.name) {
2746 goto bad;
2747 }
2748 rc = next_entry(newc->u.name, fp, len);
2749 if (rc < 0)
2750 goto bad;
2751 newc->u.name[len] = 0;
2752 rc = next_entry(buf, fp, sizeof(uint32_t));
2753 if (rc < 0)
2754 goto bad;
2755 newc->v.sclass = le32_to_cpu(buf[0]);
2756 if (context_read_and_validate(&newc->context[0], p, fp))
2757 goto bad;
2758 for (l = NULL, c = newgenfs->head; c;
2759 l = c, c = c->next) {
2760 if (!strcmp(newc->u.name, c->u.name) &&
2761 (!c->v.sclass || !newc->v.sclass ||
2762 newc->v.sclass == c->v.sclass)) {
2763 ERR(fp->handle, "dup genfs entry "
2764 "(%s,%s)", newgenfs->fstype,
2765 c->u.name);
2766 goto bad;
2767 }
2768 len = strlen(newc->u.name);
2769 len2 = strlen(c->u.name);
2770 if (len > len2)
2771 break;
2772 }
2773 newc->next = c;
2774 if (l)
2775 l->next = newc;
2776 else
2777 newgenfs->head = newc;
2778 }
2779 }
2780
2781 return 0;
2782
2783 bad:
2784 if (newc) {
2785 context_destroy(&newc->context[0]);
2786 context_destroy(&newc->context[1]);
2787 free(newc->u.name);
2788 free(newc);
2789 }
2790 return -1;
2791 }
2792
2793 /*
2794 * Read a MLS level structure from a policydb binary
2795 * representation file.
2796 */
mls_read_level(mls_level_t * lp,struct policy_file * fp)2797 static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
2798 {
2799 uint32_t buf[1];
2800 int rc;
2801
2802 mls_level_init(lp);
2803
2804 rc = next_entry(buf, fp, sizeof(uint32_t));
2805 if (rc < 0) {
2806 ERR(fp->handle, "truncated level");
2807 goto bad;
2808 }
2809 lp->sens = le32_to_cpu(buf[0]);
2810
2811 if (ebitmap_read(&lp->cat, fp)) {
2812 ERR(fp->handle, "error reading level categories");
2813 goto bad;
2814 }
2815 return 0;
2816
2817 bad:
2818 return -EINVAL;
2819 }
2820
user_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2821 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2822 {
2823 char *key = 0;
2824 user_datum_t *usrdatum;
2825 uint32_t buf[3];
2826 size_t len;
2827 int rc, to_read = 2;
2828
2829 usrdatum = calloc(1, sizeof(user_datum_t));
2830 if (!usrdatum)
2831 return -1;
2832
2833 if (policydb_has_boundary_feature(p))
2834 to_read = 3;
2835
2836 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2837 if (rc < 0)
2838 goto bad;
2839
2840 len = le32_to_cpu(buf[0]);
2841 usrdatum->s.value = le32_to_cpu(buf[1]);
2842 if (policydb_has_boundary_feature(p))
2843 usrdatum->bounds = le32_to_cpu(buf[2]);
2844
2845 key = malloc(len + 1);
2846 if (!key)
2847 goto bad;
2848 rc = next_entry(key, fp, len);
2849 if (rc < 0)
2850 goto bad;
2851 key[len] = 0;
2852
2853 if (p->policy_type == POLICY_KERN) {
2854 if (ebitmap_read(&usrdatum->roles.roles, fp))
2855 goto bad;
2856 } else {
2857 if (role_set_read(&usrdatum->roles, fp))
2858 goto bad;
2859 }
2860
2861 /* users were not allowed in mls modules before version
2862 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
2863 * required - the mls fields will be empty. user declarations in
2864 * non-mls modules will also have empty mls fields */
2865 if ((p->policy_type == POLICY_KERN
2866 && p->policyvers >= POLICYDB_VERSION_MLS)
2867 || (p->policy_type == POLICY_MOD
2868 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
2869 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
2870 || (p->policy_type == POLICY_BASE
2871 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
2872 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
2873 if (mls_read_range_helper(&usrdatum->exp_range, fp))
2874 goto bad;
2875 if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
2876 goto bad;
2877 if (p->policy_type != POLICY_KERN) {
2878 if (mls_range_to_semantic(&usrdatum->exp_range,
2879 &usrdatum->range))
2880 goto bad;
2881 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
2882 &usrdatum->dfltlevel))
2883 goto bad;
2884 }
2885 } else if ((p->policy_type == POLICY_MOD
2886 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
2887 || (p->policy_type == POLICY_BASE
2888 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
2889 if (mls_read_semantic_range_helper(&usrdatum->range, fp))
2890 goto bad;
2891 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
2892 goto bad;
2893 }
2894
2895 if (hashtab_insert(h, key, usrdatum))
2896 goto bad;
2897
2898 return 0;
2899
2900 bad:
2901 user_destroy(key, usrdatum, NULL);
2902 return -1;
2903 }
2904
sens_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2905 static int sens_read(policydb_t * p
2906 __attribute__ ((unused)), hashtab_t h,
2907 struct policy_file *fp)
2908 {
2909 char *key = 0;
2910 level_datum_t *levdatum;
2911 uint32_t buf[2], len;
2912 int rc;
2913
2914 levdatum = malloc(sizeof(level_datum_t));
2915 if (!levdatum)
2916 return -1;
2917 level_datum_init(levdatum);
2918
2919 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2920 if (rc < 0)
2921 goto bad;
2922
2923 len = le32_to_cpu(buf[0]);
2924 levdatum->isalias = le32_to_cpu(buf[1]);
2925
2926 key = malloc(len + 1);
2927 if (!key)
2928 goto bad;
2929 rc = next_entry(key, fp, len);
2930 if (rc < 0)
2931 goto bad;
2932 key[len] = 0;
2933
2934 levdatum->level = malloc(sizeof(mls_level_t));
2935 if (!levdatum->level || mls_read_level(levdatum->level, fp))
2936 goto bad;
2937
2938 if (hashtab_insert(h, key, levdatum))
2939 goto bad;
2940
2941 return 0;
2942
2943 bad:
2944 sens_destroy(key, levdatum, NULL);
2945 return -1;
2946 }
2947
cat_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2948 static int cat_read(policydb_t * p
2949 __attribute__ ((unused)), hashtab_t h,
2950 struct policy_file *fp)
2951 {
2952 char *key = 0;
2953 cat_datum_t *catdatum;
2954 uint32_t buf[3], len;
2955 int rc;
2956
2957 catdatum = malloc(sizeof(cat_datum_t));
2958 if (!catdatum)
2959 return -1;
2960 cat_datum_init(catdatum);
2961
2962 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2963 if (rc < 0)
2964 goto bad;
2965
2966 len = le32_to_cpu(buf[0]);
2967 catdatum->s.value = le32_to_cpu(buf[1]);
2968 catdatum->isalias = le32_to_cpu(buf[2]);
2969
2970 key = malloc(len + 1);
2971 if (!key)
2972 goto bad;
2973 rc = next_entry(key, fp, len);
2974 if (rc < 0)
2975 goto bad;
2976 key[len] = 0;
2977
2978 if (hashtab_insert(h, key, catdatum))
2979 goto bad;
2980
2981 return 0;
2982
2983 bad:
2984 cat_destroy(key, catdatum, NULL);
2985 return -1;
2986 }
2987
2988 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
2989 struct policy_file * fp) = {
2990 common_read, class_read, role_read, type_read, user_read,
2991 cond_read_bool, sens_read, cat_read,};
2992
2993 /************** module reading functions below **************/
2994
avrule_read(policydb_t * p,struct policy_file * fp)2995 static avrule_t *avrule_read(policydb_t * p
2996 __attribute__ ((unused)), struct policy_file *fp)
2997 {
2998 unsigned int i;
2999 uint32_t buf[2], len;
3000 class_perm_node_t *cur, *tail = NULL;
3001 avrule_t *avrule;
3002 int rc;
3003
3004 avrule = (avrule_t *) malloc(sizeof(avrule_t));
3005 if (!avrule)
3006 return NULL;
3007
3008 avrule_init(avrule);
3009
3010 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3011 if (rc < 0)
3012 goto bad;
3013
3014 (avrule)->specified = le32_to_cpu(buf[0]);
3015 (avrule)->flags = le32_to_cpu(buf[1]);
3016
3017 if (type_set_read(&avrule->stypes, fp))
3018 goto bad;
3019
3020 if (type_set_read(&avrule->ttypes, fp))
3021 goto bad;
3022
3023 rc = next_entry(buf, fp, sizeof(uint32_t));
3024 if (rc < 0)
3025 goto bad;
3026 len = le32_to_cpu(buf[0]);
3027
3028 for (i = 0; i < len; i++) {
3029 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
3030 if (!cur)
3031 goto bad;
3032 class_perm_node_init(cur);
3033
3034 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3035 if (rc < 0) {
3036 free(cur);
3037 goto bad;
3038 }
3039
3040 cur->class = le32_to_cpu(buf[0]);
3041 cur->data = le32_to_cpu(buf[1]);
3042
3043 if (!tail) {
3044 avrule->perms = cur;
3045 } else {
3046 tail->next = cur;
3047 }
3048 tail = cur;
3049 }
3050
3051 return avrule;
3052 bad:
3053 if (avrule) {
3054 avrule_destroy(avrule);
3055 free(avrule);
3056 }
3057 return NULL;
3058 }
3059
range_read(policydb_t * p,struct policy_file * fp)3060 static int range_read(policydb_t * p, struct policy_file *fp)
3061 {
3062 uint32_t buf[2], nel;
3063 range_trans_t *rt, *lrt;
3064 range_trans_rule_t *rtr, *lrtr = NULL;
3065 unsigned int i;
3066 int new_rangetr = (p->policy_type == POLICY_KERN &&
3067 p->policyvers >= POLICYDB_VERSION_RANGETRANS);
3068 int rc;
3069
3070 rc = next_entry(buf, fp, sizeof(uint32_t));
3071 if (rc < 0)
3072 return -1;
3073 nel = le32_to_cpu(buf[0]);
3074 lrt = NULL;
3075 for (i = 0; i < nel; i++) {
3076 rt = calloc(1, sizeof(range_trans_t));
3077 if (!rt)
3078 return -1;
3079 if (lrt)
3080 lrt->next = rt;
3081 else
3082 p->range_tr = rt;
3083 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3084 if (rc < 0)
3085 return -1;
3086 rt->source_type = le32_to_cpu(buf[0]);
3087 rt->target_type = le32_to_cpu(buf[1]);
3088 if (new_rangetr) {
3089 rc = next_entry(buf, fp, (sizeof(uint32_t)));
3090 if (rc < 0)
3091 return -1;
3092 rt->target_class = le32_to_cpu(buf[0]);
3093 } else
3094 rt->target_class = SECCLASS_PROCESS;
3095 if (mls_read_range_helper(&rt->target_range, fp))
3096 return -1;
3097 lrt = rt;
3098 }
3099
3100 /* if this is a kernel policy, we are done - otherwise we need to
3101 * convert these structs to range_trans_rule_ts */
3102 if (p->policy_type == POLICY_KERN)
3103 return 0;
3104
3105 /* create range_trans_rules_ts that correspond to the range_trans_ts
3106 * that were just read in from an older policy */
3107 for (rt = p->range_tr; rt; rt = rt->next) {
3108 rtr = malloc(sizeof(range_trans_rule_t));
3109 if (!rtr) {
3110 return -1;
3111 }
3112 range_trans_rule_init(rtr);
3113
3114 if (lrtr)
3115 lrtr->next = rtr;
3116 else
3117 p->global->enabled->range_tr_rules = rtr;
3118
3119 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3120 return -1;
3121
3122 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3123 return -1;
3124
3125 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3126 return -1;
3127
3128 if (mls_range_to_semantic(&rt->target_range, &rtr->trange))
3129 return -1;
3130
3131 lrtr = rtr;
3132 }
3133
3134 /* now destroy the range_trans_ts */
3135 lrt = NULL;
3136 for (rt = p->range_tr; rt; rt = rt->next) {
3137 if (lrt) {
3138 ebitmap_destroy(&lrt->target_range.level[0].cat);
3139 ebitmap_destroy(&lrt->target_range.level[1].cat);
3140 free(lrt);
3141 }
3142 lrt = rt;
3143 }
3144 if (lrt) {
3145 ebitmap_destroy(&lrt->target_range.level[0].cat);
3146 ebitmap_destroy(&lrt->target_range.level[1].cat);
3147 free(lrt);
3148 }
3149 p->range_tr = NULL;
3150
3151 return 0;
3152 }
3153
avrule_read_list(policydb_t * p,avrule_t ** avrules,struct policy_file * fp)3154 int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3155 struct policy_file *fp)
3156 {
3157 unsigned int i;
3158 avrule_t *cur, *tail;
3159 uint32_t buf[1], len;
3160 int rc;
3161
3162 *avrules = tail = NULL;
3163
3164 rc = next_entry(buf, fp, sizeof(uint32_t));
3165 if (rc < 0) {
3166 return -1;
3167 }
3168 len = le32_to_cpu(buf[0]);
3169
3170 for (i = 0; i < len; i++) {
3171 cur = avrule_read(p, fp);
3172 if (!cur) {
3173 return -1;
3174 }
3175
3176 if (!tail) {
3177 *avrules = cur;
3178 } else {
3179 tail->next = cur;
3180 }
3181 tail = cur;
3182 }
3183
3184 return 0;
3185 }
3186
role_trans_rule_read(policydb_t * p,role_trans_rule_t ** r,struct policy_file * fp)3187 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3188 struct policy_file *fp)
3189 {
3190 uint32_t buf[1], nel;
3191 unsigned int i;
3192 role_trans_rule_t *tr, *ltr;
3193 int rc;
3194
3195 rc = next_entry(buf, fp, sizeof(uint32_t));
3196 if (rc < 0)
3197 return -1;
3198 nel = le32_to_cpu(buf[0]);
3199 ltr = NULL;
3200 for (i = 0; i < nel; i++) {
3201 tr = malloc(sizeof(role_trans_rule_t));
3202 if (!tr) {
3203 return -1;
3204 }
3205 role_trans_rule_init(tr);
3206
3207 if (ltr) {
3208 ltr->next = tr;
3209 } else {
3210 *r = tr;
3211 }
3212
3213 if (role_set_read(&tr->roles, fp))
3214 return -1;
3215
3216 if (type_set_read(&tr->types, fp))
3217 return -1;
3218
3219 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3220 if (ebitmap_read(&tr->classes, fp))
3221 return -1;
3222 } else {
3223 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1))
3224 return -1;
3225 }
3226
3227 rc = next_entry(buf, fp, sizeof(uint32_t));
3228 if (rc < 0)
3229 return -1;
3230 tr->new_role = le32_to_cpu(buf[0]);
3231 ltr = tr;
3232 }
3233
3234 return 0;
3235 }
3236
role_allow_rule_read(role_allow_rule_t ** r,struct policy_file * fp)3237 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3238 {
3239 unsigned int i;
3240 uint32_t buf[1], nel;
3241 role_allow_rule_t *ra, *lra;
3242 int rc;
3243
3244 rc = next_entry(buf, fp, sizeof(uint32_t));
3245 if (rc < 0)
3246 return -1;
3247 nel = le32_to_cpu(buf[0]);
3248 lra = NULL;
3249 for (i = 0; i < nel; i++) {
3250 ra = malloc(sizeof(role_allow_rule_t));
3251 if (!ra) {
3252 return -1;
3253 }
3254 role_allow_rule_init(ra);
3255
3256 if (lra) {
3257 lra->next = ra;
3258 } else {
3259 *r = ra;
3260 }
3261
3262 if (role_set_read(&ra->roles, fp))
3263 return -1;
3264
3265 if (role_set_read(&ra->new_roles, fp))
3266 return -1;
3267
3268 lra = ra;
3269 }
3270 return 0;
3271 }
3272
filename_trans_rule_read(filename_trans_rule_t ** r,struct policy_file * fp)3273 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp)
3274 {
3275 uint32_t buf[2], nel;
3276 unsigned int i, len;
3277 filename_trans_rule_t *ftr, *lftr;
3278 int rc;
3279
3280 rc = next_entry(buf, fp, sizeof(uint32_t));
3281 if (rc < 0)
3282 return -1;
3283 nel = le32_to_cpu(buf[0]);
3284 lftr = NULL;
3285 for (i = 0; i < nel; i++) {
3286 ftr = malloc(sizeof(*ftr));
3287 if (!ftr)
3288 return -1;
3289
3290 filename_trans_rule_init(ftr);
3291
3292 if (lftr)
3293 lftr->next = ftr;
3294 else
3295 *r = ftr;
3296 lftr = ftr;
3297
3298 rc = next_entry(buf, fp, sizeof(uint32_t));
3299 if (rc < 0)
3300 return -1;
3301
3302 len = le32_to_cpu(buf[0]);
3303
3304 ftr->name = malloc(len + 1);
3305 if (!ftr->name)
3306 return -1;
3307
3308 rc = next_entry(ftr->name, fp, len);
3309 if (rc)
3310 return -1;
3311 ftr->name[len] = 0;
3312
3313 if (type_set_read(&ftr->stypes, fp))
3314 return -1;
3315
3316 if (type_set_read(&ftr->ttypes, fp))
3317 return -1;
3318
3319 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3320 if (rc < 0)
3321 return -1;
3322 ftr->tclass = le32_to_cpu(buf[0]);
3323 ftr->otype = le32_to_cpu(buf[1]);
3324 }
3325
3326 return 0;
3327 }
3328
range_trans_rule_read(range_trans_rule_t ** r,struct policy_file * fp)3329 static int range_trans_rule_read(range_trans_rule_t ** r,
3330 struct policy_file *fp)
3331 {
3332 uint32_t buf[1], nel;
3333 unsigned int i;
3334 range_trans_rule_t *rt, *lrt = NULL;
3335 int rc;
3336
3337 rc = next_entry(buf, fp, sizeof(uint32_t));
3338 if (rc < 0)
3339 return -1;
3340 nel = le32_to_cpu(buf[0]);
3341 for (i = 0; i < nel; i++) {
3342 rt = malloc(sizeof(range_trans_rule_t));
3343 if (!rt) {
3344 return -1;
3345 }
3346 range_trans_rule_init(rt);
3347
3348 if (lrt)
3349 lrt->next = rt;
3350 else
3351 *r = rt;
3352
3353 if (type_set_read(&rt->stypes, fp))
3354 return -1;
3355
3356 if (type_set_read(&rt->ttypes, fp))
3357 return -1;
3358
3359 if (ebitmap_read(&rt->tclasses, fp))
3360 return -1;
3361
3362 if (mls_read_semantic_range_helper(&rt->trange, fp))
3363 return -1;
3364
3365 lrt = rt;
3366 }
3367
3368 return 0;
3369 }
3370
scope_index_read(scope_index_t * scope_index,unsigned int num_scope_syms,struct policy_file * fp)3371 static int scope_index_read(scope_index_t * scope_index,
3372 unsigned int num_scope_syms, struct policy_file *fp)
3373 {
3374 unsigned int i;
3375 uint32_t buf[1];
3376 int rc;
3377
3378 for (i = 0; i < num_scope_syms; i++) {
3379 if (ebitmap_read(scope_index->scope + i, fp) == -1) {
3380 return -1;
3381 }
3382 }
3383 rc = next_entry(buf, fp, sizeof(uint32_t));
3384 if (rc < 0)
3385 return -1;
3386 scope_index->class_perms_len = le32_to_cpu(buf[0]);
3387 if (scope_index->class_perms_len == 0) {
3388 scope_index->class_perms_map = NULL;
3389 return 0;
3390 }
3391 if ((scope_index->class_perms_map =
3392 calloc(scope_index->class_perms_len,
3393 sizeof(*scope_index->class_perms_map))) == NULL) {
3394 return -1;
3395 }
3396 for (i = 0; i < scope_index->class_perms_len; i++) {
3397 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) {
3398 return -1;
3399 }
3400 }
3401 return 0;
3402 }
3403
avrule_decl_read(policydb_t * p,avrule_decl_t * decl,unsigned int num_scope_syms,struct policy_file * fp)3404 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3405 unsigned int num_scope_syms, struct policy_file *fp)
3406 {
3407 uint32_t buf[2], nprim, nel;
3408 unsigned int i, j;
3409 int rc;
3410
3411 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3412 if (rc < 0)
3413 return -1;
3414 decl->decl_id = le32_to_cpu(buf[0]);
3415 decl->enabled = le32_to_cpu(buf[1]);
3416 if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3417 avrule_read_list(p, &decl->avrules, fp) == -1 ||
3418 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3419 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3420 return -1;
3421 }
3422
3423 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
3424 filename_trans_rule_read(&decl->filename_trans_rules, fp))
3425 return -1;
3426
3427 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
3428 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
3429 return -1;
3430 }
3431 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
3432 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
3433 return -1;
3434 }
3435
3436 for (i = 0; i < num_scope_syms; i++) {
3437 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3438 if (rc < 0)
3439 return -1;
3440 nprim = le32_to_cpu(buf[0]);
3441 nel = le32_to_cpu(buf[1]);
3442 for (j = 0; j < nel; j++) {
3443 if (read_f[i] (p, decl->symtab[i].table, fp)) {
3444 return -1;
3445 }
3446 }
3447 decl->symtab[i].nprim = nprim;
3448 }
3449 return 0;
3450 }
3451
avrule_block_read(policydb_t * p,avrule_block_t ** block,unsigned int num_scope_syms,struct policy_file * fp)3452 static int avrule_block_read(policydb_t * p,
3453 avrule_block_t ** block,
3454 unsigned int num_scope_syms,
3455 struct policy_file *fp)
3456 {
3457 avrule_block_t *last_block = NULL, *curblock;
3458 uint32_t buf[1], num_blocks, nel;
3459 int rc;
3460
3461 assert(*block == NULL);
3462
3463 rc = next_entry(buf, fp, sizeof(uint32_t));
3464 if (rc < 0)
3465 return -1;
3466 num_blocks = le32_to_cpu(buf[0]);
3467 nel = num_blocks;
3468 while (num_blocks > 0) {
3469 avrule_decl_t *last_decl = NULL, *curdecl;
3470 uint32_t num_decls;
3471 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
3472 return -1;
3473 }
3474 rc = next_entry(buf, fp, sizeof(uint32_t));
3475 if (rc < 0) {
3476 free(curblock);
3477 return -1;
3478 }
3479 /* if this is the first block its non-optional, else its optional */
3480 if (num_blocks != nel)
3481 curblock->flags |= AVRULE_OPTIONAL;
3482
3483 num_decls = le32_to_cpu(buf[0]);
3484 while (num_decls > 0) {
3485 if ((curdecl = avrule_decl_create(0)) == NULL) {
3486 avrule_block_destroy(curblock);
3487 return -1;
3488 }
3489 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
3490 -1) {
3491 avrule_decl_destroy(curdecl);
3492 avrule_block_destroy(curblock);
3493 return -1;
3494 }
3495 if (curdecl->enabled) {
3496 if (curblock->enabled != NULL) {
3497 /* probably a corrupt file */
3498 avrule_decl_destroy(curdecl);
3499 avrule_block_destroy(curblock);
3500 return -1;
3501 }
3502 curblock->enabled = curdecl;
3503 }
3504 /* one must be careful to reconstruct the
3505 * decl chain in its correct order */
3506 if (curblock->branch_list == NULL) {
3507 curblock->branch_list = curdecl;
3508 } else {
3509 assert(last_decl);
3510 last_decl->next = curdecl;
3511 }
3512 last_decl = curdecl;
3513 num_decls--;
3514 }
3515
3516 if (*block == NULL) {
3517 *block = curblock;
3518 } else {
3519 assert(last_block);
3520 last_block->next = curblock;
3521 }
3522 last_block = curblock;
3523
3524 num_blocks--;
3525 }
3526
3527 return 0;
3528 }
3529
scope_read(policydb_t * p,int symnum,struct policy_file * fp)3530 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
3531 {
3532 scope_datum_t *scope = NULL;
3533 uint32_t buf[2];
3534 char *key = NULL;
3535 size_t key_len;
3536 unsigned int i;
3537 hashtab_t h = p->scope[symnum].table;
3538 int rc;
3539
3540 rc = next_entry(buf, fp, sizeof(uint32_t));
3541 if (rc < 0)
3542 goto cleanup;
3543 key_len = le32_to_cpu(buf[0]);
3544 key = malloc(key_len + 1);
3545 if (!key)
3546 goto cleanup;
3547 rc = next_entry(key, fp, key_len);
3548 if (rc < 0)
3549 goto cleanup;
3550 key[key_len] = '\0';
3551
3552 /* ensure that there already exists a symbol with this key */
3553 if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
3554 goto cleanup;
3555 }
3556
3557 if ((scope = calloc(1, sizeof(*scope))) == NULL) {
3558 goto cleanup;
3559 }
3560 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3561 if (rc < 0)
3562 goto cleanup;
3563 scope->scope = le32_to_cpu(buf[0]);
3564 scope->decl_ids_len = le32_to_cpu(buf[1]);
3565 assert(scope->decl_ids_len > 0);
3566 if ((scope->decl_ids =
3567 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
3568 goto cleanup;
3569 }
3570 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
3571 if (rc < 0)
3572 goto cleanup;
3573 for (i = 0; i < scope->decl_ids_len; i++) {
3574 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
3575 }
3576
3577 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
3578 /* object_r was already added to this table in roles_init() */
3579 scope_destroy(key, scope, NULL);
3580 } else {
3581 if (hashtab_insert(h, key, scope)) {
3582 goto cleanup;
3583 }
3584 }
3585
3586 return 0;
3587
3588 cleanup:
3589 scope_destroy(key, scope, NULL);
3590 return -1;
3591 }
3592
3593 /*
3594 * Read the configuration data from a policy database binary
3595 * representation file into a policy database structure.
3596 */
policydb_read(policydb_t * p,struct policy_file * fp,unsigned verbose)3597 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
3598 {
3599
3600 unsigned int i, j, r_policyvers;
3601 uint32_t buf[5];
3602 size_t len, nprim, nel;
3603 char *policydb_str;
3604 struct policydb_compat_info *info;
3605 unsigned int policy_type, bufindex;
3606 ebitmap_node_t *tnode;
3607 int rc;
3608
3609 /* Read the magic number and string length. */
3610 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3611 if (rc < 0)
3612 return POLICYDB_ERROR;
3613 for (i = 0; i < 2; i++)
3614 buf[i] = le32_to_cpu(buf[i]);
3615
3616 if (buf[0] == POLICYDB_MAGIC) {
3617 policy_type = POLICY_KERN;
3618 } else if (buf[0] == POLICYDB_MOD_MAGIC) {
3619 policy_type = POLICY_MOD;
3620 } else {
3621 ERR(fp->handle, "policydb magic number %#08x does not "
3622 "match expected magic number %#08x or %#08x",
3623 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
3624 return POLICYDB_ERROR;
3625 }
3626
3627 len = buf[1];
3628 if (len > POLICYDB_STRING_MAX_LENGTH) {
3629 ERR(fp->handle, "policydb string length too long ");
3630 return POLICYDB_ERROR;
3631 }
3632
3633 policydb_str = malloc(len + 1);
3634 if (!policydb_str) {
3635 ERR(fp->handle, "unable to allocate memory for policydb "
3636 "string of length %zu", len);
3637 return POLICYDB_ERROR;
3638 }
3639 rc = next_entry(policydb_str, fp, len);
3640 if (rc < 0) {
3641 ERR(fp->handle, "truncated policydb string identifier");
3642 free(policydb_str);
3643 return POLICYDB_ERROR;
3644 }
3645 policydb_str[len] = 0;
3646
3647 if (policy_type == POLICY_KERN) {
3648 for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
3649 if ((strcmp(policydb_str, policydb_target_strings[i])
3650 == 0)) {
3651 policydb_set_target_platform(p, i);
3652 break;
3653 }
3654 }
3655
3656 if (i == POLICYDB_TARGET_SZ) {
3657 ERR(fp->handle, "cannot find a valid target for policy "
3658 "string %s", policydb_str);
3659 free(policydb_str);
3660 return POLICYDB_ERROR;
3661 }
3662 } else {
3663 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
3664 ERR(fp->handle, "invalid string identifier %s",
3665 policydb_str);
3666 free(policydb_str);
3667 return POLICYDB_ERROR;
3668 }
3669 }
3670
3671 /* Done with policydb_str. */
3672 free(policydb_str);
3673 policydb_str = NULL;
3674
3675 /* Read the version, config, and table sizes (and policy type if it's a module). */
3676 if (policy_type == POLICY_KERN)
3677 nel = 4;
3678 else
3679 nel = 5;
3680
3681 rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
3682 if (rc < 0)
3683 return POLICYDB_ERROR;
3684 for (i = 0; i < nel; i++)
3685 buf[i] = le32_to_cpu(buf[i]);
3686
3687 bufindex = 0;
3688
3689 if (policy_type == POLICY_MOD) {
3690 /* We know it's a module but not whether it's a base
3691 module or regular binary policy module. buf[0]
3692 tells us which. */
3693 policy_type = buf[bufindex];
3694 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
3695 ERR(fp->handle, "unknown module type: %#08x",
3696 policy_type);
3697 return POLICYDB_ERROR;
3698 }
3699 bufindex++;
3700 }
3701
3702 r_policyvers = buf[bufindex];
3703 if (policy_type == POLICY_KERN) {
3704 if (r_policyvers < POLICYDB_VERSION_MIN ||
3705 r_policyvers > POLICYDB_VERSION_MAX) {
3706 ERR(fp->handle, "policydb version %d does not match "
3707 "my version range %d-%d", buf[bufindex],
3708 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
3709 return POLICYDB_ERROR;
3710 }
3711 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
3712 if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
3713 r_policyvers > MOD_POLICYDB_VERSION_MAX) {
3714 ERR(fp->handle, "policydb module version %d does "
3715 "not match my version range %d-%d",
3716 buf[bufindex], MOD_POLICYDB_VERSION_MIN,
3717 MOD_POLICYDB_VERSION_MAX);
3718 return POLICYDB_ERROR;
3719 }
3720 } else {
3721 assert(0);
3722 }
3723 bufindex++;
3724
3725 /* Set the policy type and version from the read values. */
3726 p->policy_type = policy_type;
3727 p->policyvers = r_policyvers;
3728
3729 if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
3730 p->mls = 1;
3731 } else {
3732 p->mls = 0;
3733 }
3734
3735 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
3736
3737 bufindex++;
3738
3739 info = policydb_lookup_compat(r_policyvers, policy_type,
3740 p->target_platform);
3741 if (!info) {
3742 ERR(fp->handle, "unable to find policy compat info "
3743 "for version %d", r_policyvers);
3744 goto bad;
3745 }
3746
3747 if (buf[bufindex] != info->sym_num
3748 || buf[bufindex + 1] != info->ocon_num) {
3749 ERR(fp->handle,
3750 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
3751 buf[bufindex], buf[bufindex + 1], info->sym_num,
3752 info->ocon_num);
3753 goto bad;
3754 }
3755
3756 if (p->policy_type == POLICY_MOD) {
3757 /* Get the module name and version */
3758 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3759 goto bad;
3760 }
3761 len = le32_to_cpu(buf[0]);
3762 if ((p->name = malloc(len + 1)) == NULL) {
3763 goto bad;
3764 }
3765 if ((rc = next_entry(p->name, fp, len)) < 0) {
3766 goto bad;
3767 }
3768 p->name[len] = '\0';
3769 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3770 goto bad;
3771 }
3772 len = le32_to_cpu(buf[0]);
3773 if ((p->version = malloc(len + 1)) == NULL) {
3774 goto bad;
3775 }
3776 if ((rc = next_entry(p->version, fp, len)) < 0) {
3777 goto bad;
3778 }
3779 p->version[len] = '\0';
3780 }
3781
3782 if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
3783 p->policy_type == POLICY_KERN) ||
3784 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
3785 p->policy_type == POLICY_BASE) ||
3786 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
3787 p->policy_type == POLICY_MOD)) {
3788 if (ebitmap_read(&p->policycaps, fp))
3789 goto bad;
3790 }
3791
3792 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
3793 p->policy_type == POLICY_KERN) {
3794 if (ebitmap_read(&p->permissive_map, fp))
3795 goto bad;
3796 }
3797
3798 for (i = 0; i < info->sym_num; i++) {
3799 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3800 if (rc < 0)
3801 goto bad;
3802 nprim = le32_to_cpu(buf[0]);
3803 nel = le32_to_cpu(buf[1]);
3804 for (j = 0; j < nel; j++) {
3805 if (read_f[i] (p, p->symtab[i].table, fp))
3806 goto bad;
3807 }
3808
3809 p->symtab[i].nprim = nprim;
3810 }
3811
3812 if (policy_type == POLICY_KERN) {
3813 if (avtab_read(&p->te_avtab, fp, r_policyvers))
3814 goto bad;
3815 if (r_policyvers >= POLICYDB_VERSION_BOOL)
3816 if (cond_read_list(p, &p->cond_list, fp))
3817 goto bad;
3818 if (role_trans_read(p, fp))
3819 goto bad;
3820 if (role_allow_read(&p->role_allow, fp))
3821 goto bad;
3822 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
3823 filename_trans_read(&p->filename_trans, fp))
3824 goto bad;
3825 } else {
3826 /* first read the AV rule blocks, then the scope tables */
3827 avrule_block_destroy(p->global);
3828 p->global = NULL;
3829 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
3830 goto bad;
3831 }
3832 for (i = 0; i < info->sym_num; i++) {
3833 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3834 goto bad;
3835 }
3836 nel = le32_to_cpu(buf[0]);
3837 for (j = 0; j < nel; j++) {
3838 if (scope_read(p, i, fp))
3839 goto bad;
3840 }
3841 }
3842
3843 }
3844
3845 if (policydb_index_decls(p))
3846 goto bad;
3847
3848 if (policydb_index_classes(p))
3849 goto bad;
3850
3851 if (policydb_index_others(fp->handle, p, verbose))
3852 goto bad;
3853
3854 if (ocontext_read(info, p, fp) == -1) {
3855 goto bad;
3856 }
3857
3858 if (genfs_read(p, fp) == -1) {
3859 goto bad;
3860 }
3861
3862 if ((p->policy_type == POLICY_KERN
3863 && p->policyvers >= POLICYDB_VERSION_MLS)
3864 || (p->policy_type == POLICY_BASE
3865 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3866 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
3867 if (range_read(p, fp)) {
3868 goto bad;
3869 }
3870 }
3871
3872 if (policy_type == POLICY_KERN) {
3873 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
3874 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
3875 if (!p->type_attr_map || !p->attr_type_map)
3876 goto bad;
3877 for (i = 0; i < p->p_types.nprim; i++) {
3878 ebitmap_init(&p->type_attr_map[i]);
3879 ebitmap_init(&p->attr_type_map[i]);
3880 }
3881 for (i = 0; i < p->p_types.nprim; i++) {
3882 if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
3883 if (ebitmap_read(&p->type_attr_map[i], fp))
3884 goto bad;
3885 ebitmap_for_each_bit(&p->type_attr_map[i],
3886 tnode, j) {
3887 if (!ebitmap_node_get_bit(tnode, j)
3888 || i == j)
3889 continue;
3890 if (ebitmap_set_bit
3891 (&p->attr_type_map[j], i, 1))
3892 goto bad;
3893 }
3894 }
3895 /* add the type itself as the degenerate case */
3896 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
3897 goto bad;
3898 }
3899 }
3900
3901 return POLICYDB_SUCCESS;
3902 bad:
3903 return POLICYDB_ERROR;
3904 }
3905
policydb_reindex_users(policydb_t * p)3906 int policydb_reindex_users(policydb_t * p)
3907 {
3908 unsigned int i = SYM_USERS;
3909
3910 if (p->user_val_to_struct)
3911 free(p->user_val_to_struct);
3912 if (p->sym_val_to_name[i])
3913 free(p->sym_val_to_name[i]);
3914
3915 p->user_val_to_struct = (user_datum_t **)
3916 malloc(p->p_users.nprim * sizeof(user_datum_t *));
3917 if (!p->user_val_to_struct)
3918 return -1;
3919
3920 p->sym_val_to_name[i] = (char **)
3921 malloc(p->symtab[i].nprim * sizeof(char *));
3922 if (!p->sym_val_to_name[i])
3923 return -1;
3924
3925 if (hashtab_map(p->symtab[i].table, index_f[i], p))
3926 return -1;
3927
3928 /* Expand user roles for context validity checking */
3929 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
3930 return -1;
3931
3932 return 0;
3933 }
3934
policy_file_init(policy_file_t * pf)3935 void policy_file_init(policy_file_t *pf)
3936 {
3937 memset(pf, 0, sizeof(policy_file_t));
3938 }
3939
policydb_set_target_platform(policydb_t * p,int platform)3940 int policydb_set_target_platform(policydb_t *p, int platform)
3941 {
3942 if (platform == SEPOL_TARGET_SELINUX)
3943 p->target_platform = SEPOL_TARGET_SELINUX;
3944 else if (platform == SEPOL_TARGET_XEN)
3945 p->target_platform = SEPOL_TARGET_XEN;
3946 else
3947 return -1;
3948
3949 return 0;
3950 }
3951
3952