1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Implementation of the policy database.
4 *
5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
6 */
7
8 /*
9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 *
11 * Support for enhanced MLS infrastructure.
12 *
13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14 *
15 * Added conditional policy language extensions
16 *
17 * Updated: Hewlett-Packard <paul@paul-moore.com>
18 *
19 * Added support for the policy capability bitmap
20 *
21 * Update: Mellanox Techonologies
22 *
23 * Added Infiniband support
24 *
25 * Copyright (C) 2016 Mellanox Techonologies
26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
29 */
30
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/string.h>
35 #include <linux/errno.h>
36 #include <linux/audit.h>
37 #include "security.h"
38
39 #include "policydb.h"
40 #include "conditional.h"
41 #include "mls.h"
42 #include "services.h"
43
44 #ifdef DEBUG_HASHES
45 static const char *symtab_name[SYM_NUM] = {
46 "common prefixes",
47 "classes",
48 "roles",
49 "types",
50 "users",
51 "bools",
52 "levels",
53 "categories",
54 };
55 #endif
56
57 struct policydb_compat_info {
58 int version;
59 int sym_num;
60 int ocon_num;
61 };
62
63 /* These need to be updated if SYM_NUM or OCON_NUM changes */
64 static const struct policydb_compat_info policydb_compat[] = {
65 {
66 .version = POLICYDB_VERSION_BASE,
67 .sym_num = SYM_NUM - 3,
68 .ocon_num = OCON_NUM - 3,
69 },
70 {
71 .version = POLICYDB_VERSION_BOOL,
72 .sym_num = SYM_NUM - 2,
73 .ocon_num = OCON_NUM - 3,
74 },
75 {
76 .version = POLICYDB_VERSION_IPV6,
77 .sym_num = SYM_NUM - 2,
78 .ocon_num = OCON_NUM - 2,
79 },
80 {
81 .version = POLICYDB_VERSION_NLCLASS,
82 .sym_num = SYM_NUM - 2,
83 .ocon_num = OCON_NUM - 2,
84 },
85 {
86 .version = POLICYDB_VERSION_MLS,
87 .sym_num = SYM_NUM,
88 .ocon_num = OCON_NUM - 2,
89 },
90 {
91 .version = POLICYDB_VERSION_AVTAB,
92 .sym_num = SYM_NUM,
93 .ocon_num = OCON_NUM - 2,
94 },
95 {
96 .version = POLICYDB_VERSION_RANGETRANS,
97 .sym_num = SYM_NUM,
98 .ocon_num = OCON_NUM - 2,
99 },
100 {
101 .version = POLICYDB_VERSION_POLCAP,
102 .sym_num = SYM_NUM,
103 .ocon_num = OCON_NUM - 2,
104 },
105 {
106 .version = POLICYDB_VERSION_PERMISSIVE,
107 .sym_num = SYM_NUM,
108 .ocon_num = OCON_NUM - 2,
109 },
110 {
111 .version = POLICYDB_VERSION_BOUNDARY,
112 .sym_num = SYM_NUM,
113 .ocon_num = OCON_NUM - 2,
114 },
115 {
116 .version = POLICYDB_VERSION_FILENAME_TRANS,
117 .sym_num = SYM_NUM,
118 .ocon_num = OCON_NUM - 2,
119 },
120 {
121 .version = POLICYDB_VERSION_ROLETRANS,
122 .sym_num = SYM_NUM,
123 .ocon_num = OCON_NUM - 2,
124 },
125 {
126 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
127 .sym_num = SYM_NUM,
128 .ocon_num = OCON_NUM - 2,
129 },
130 {
131 .version = POLICYDB_VERSION_DEFAULT_TYPE,
132 .sym_num = SYM_NUM,
133 .ocon_num = OCON_NUM - 2,
134 },
135 {
136 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
137 .sym_num = SYM_NUM,
138 .ocon_num = OCON_NUM - 2,
139 },
140 {
141 .version = POLICYDB_VERSION_XPERMS_IOCTL,
142 .sym_num = SYM_NUM,
143 .ocon_num = OCON_NUM - 2,
144 },
145 {
146 .version = POLICYDB_VERSION_INFINIBAND,
147 .sym_num = SYM_NUM,
148 .ocon_num = OCON_NUM,
149 },
150 {
151 .version = POLICYDB_VERSION_GLBLUB,
152 .sym_num = SYM_NUM,
153 .ocon_num = OCON_NUM,
154 },
155 {
156 .version = POLICYDB_VERSION_COMP_FTRANS,
157 .sym_num = SYM_NUM,
158 .ocon_num = OCON_NUM,
159 },
160 };
161
policydb_lookup_compat(int version)162 static const struct policydb_compat_info *policydb_lookup_compat(int version)
163 {
164 int i;
165
166 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
167 if (policydb_compat[i].version == version)
168 return &policydb_compat[i];
169 }
170
171 return NULL;
172 }
173
174 /*
175 * The following *_destroy functions are used to
176 * free any memory allocated for each kind of
177 * symbol data in the policy database.
178 */
179
perm_destroy(void * key,void * datum,void * p)180 static int perm_destroy(void *key, void *datum, void *p)
181 {
182 kfree(key);
183 kfree(datum);
184 return 0;
185 }
186
common_destroy(void * key,void * datum,void * p)187 static int common_destroy(void *key, void *datum, void *p)
188 {
189 struct common_datum *comdatum;
190
191 kfree(key);
192 if (datum) {
193 comdatum = datum;
194 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL);
195 hashtab_destroy(&comdatum->permissions.table);
196 }
197 kfree(datum);
198 return 0;
199 }
200
constraint_expr_destroy(struct constraint_expr * expr)201 static void constraint_expr_destroy(struct constraint_expr *expr)
202 {
203 if (expr) {
204 ebitmap_destroy(&expr->names);
205 if (expr->type_names) {
206 ebitmap_destroy(&expr->type_names->types);
207 ebitmap_destroy(&expr->type_names->negset);
208 kfree(expr->type_names);
209 }
210 kfree(expr);
211 }
212 }
213
cls_destroy(void * key,void * datum,void * p)214 static int cls_destroy(void *key, void *datum, void *p)
215 {
216 struct class_datum *cladatum;
217 struct constraint_node *constraint, *ctemp;
218 struct constraint_expr *e, *etmp;
219
220 kfree(key);
221 if (datum) {
222 cladatum = datum;
223 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL);
224 hashtab_destroy(&cladatum->permissions.table);
225 constraint = cladatum->constraints;
226 while (constraint) {
227 e = constraint->expr;
228 while (e) {
229 etmp = e;
230 e = e->next;
231 constraint_expr_destroy(etmp);
232 }
233 ctemp = constraint;
234 constraint = constraint->next;
235 kfree(ctemp);
236 }
237
238 constraint = cladatum->validatetrans;
239 while (constraint) {
240 e = constraint->expr;
241 while (e) {
242 etmp = e;
243 e = e->next;
244 constraint_expr_destroy(etmp);
245 }
246 ctemp = constraint;
247 constraint = constraint->next;
248 kfree(ctemp);
249 }
250 kfree(cladatum->comkey);
251 }
252 kfree(datum);
253 return 0;
254 }
255
role_destroy(void * key,void * datum,void * p)256 static int role_destroy(void *key, void *datum, void *p)
257 {
258 struct role_datum *role;
259
260 kfree(key);
261 if (datum) {
262 role = datum;
263 ebitmap_destroy(&role->dominates);
264 ebitmap_destroy(&role->types);
265 }
266 kfree(datum);
267 return 0;
268 }
269
type_destroy(void * key,void * datum,void * p)270 static int type_destroy(void *key, void *datum, void *p)
271 {
272 kfree(key);
273 kfree(datum);
274 return 0;
275 }
276
user_destroy(void * key,void * datum,void * p)277 static int user_destroy(void *key, void *datum, void *p)
278 {
279 struct user_datum *usrdatum;
280
281 kfree(key);
282 if (datum) {
283 usrdatum = datum;
284 ebitmap_destroy(&usrdatum->roles);
285 ebitmap_destroy(&usrdatum->range.level[0].cat);
286 ebitmap_destroy(&usrdatum->range.level[1].cat);
287 ebitmap_destroy(&usrdatum->dfltlevel.cat);
288 }
289 kfree(datum);
290 return 0;
291 }
292
sens_destroy(void * key,void * datum,void * p)293 static int sens_destroy(void *key, void *datum, void *p)
294 {
295 struct level_datum *levdatum;
296
297 kfree(key);
298 if (datum) {
299 levdatum = datum;
300 if (levdatum->level)
301 ebitmap_destroy(&levdatum->level->cat);
302 kfree(levdatum->level);
303 }
304 kfree(datum);
305 return 0;
306 }
307
cat_destroy(void * key,void * datum,void * p)308 static int cat_destroy(void *key, void *datum, void *p)
309 {
310 kfree(key);
311 kfree(datum);
312 return 0;
313 }
314
315 static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
316 common_destroy,
317 cls_destroy,
318 role_destroy,
319 type_destroy,
320 user_destroy,
321 cond_destroy_bool,
322 sens_destroy,
323 cat_destroy,
324 };
325
filenametr_destroy(void * key,void * datum,void * p)326 static int filenametr_destroy(void *key, void *datum, void *p)
327 {
328 struct filename_trans_key *ft = key;
329 struct filename_trans_datum *next, *d = datum;
330
331 kfree(ft->name);
332 kfree(key);
333 do {
334 ebitmap_destroy(&d->stypes);
335 next = d->next;
336 kfree(d);
337 d = next;
338 } while (unlikely(d));
339 cond_resched();
340 return 0;
341 }
342
range_tr_destroy(void * key,void * datum,void * p)343 static int range_tr_destroy(void *key, void *datum, void *p)
344 {
345 struct mls_range *rt = datum;
346
347 kfree(key);
348 ebitmap_destroy(&rt->level[0].cat);
349 ebitmap_destroy(&rt->level[1].cat);
350 kfree(datum);
351 cond_resched();
352 return 0;
353 }
354
role_tr_destroy(void * key,void * datum,void * p)355 static int role_tr_destroy(void *key, void *datum, void *p)
356 {
357 kfree(key);
358 kfree(datum);
359 return 0;
360 }
361
ocontext_destroy(struct ocontext * c,int i)362 static void ocontext_destroy(struct ocontext *c, int i)
363 {
364 if (!c)
365 return;
366
367 context_destroy(&c->context[0]);
368 context_destroy(&c->context[1]);
369 if (i == OCON_ISID || i == OCON_FS ||
370 i == OCON_NETIF || i == OCON_FSUSE)
371 kfree(c->u.name);
372 kfree(c);
373 }
374
375 /*
376 * Initialize the role table.
377 */
roles_init(struct policydb * p)378 static int roles_init(struct policydb *p)
379 {
380 char *key = NULL;
381 int rc;
382 struct role_datum *role;
383
384 role = kzalloc(sizeof(*role), GFP_KERNEL);
385 if (!role)
386 return -ENOMEM;
387
388 rc = -EINVAL;
389 role->value = ++p->p_roles.nprim;
390 if (role->value != OBJECT_R_VAL)
391 goto out;
392
393 rc = -ENOMEM;
394 key = kstrdup(OBJECT_R, GFP_KERNEL);
395 if (!key)
396 goto out;
397
398 rc = symtab_insert(&p->p_roles, key, role);
399 if (rc)
400 goto out;
401
402 return 0;
403 out:
404 kfree(key);
405 kfree(role);
406 return rc;
407 }
408
filenametr_hash(const void * k)409 static u32 filenametr_hash(const void *k)
410 {
411 const struct filename_trans_key *ft = k;
412 unsigned long hash;
413 unsigned int byte_num;
414 unsigned char focus;
415
416 hash = ft->ttype ^ ft->tclass;
417
418 byte_num = 0;
419 while ((focus = ft->name[byte_num++]))
420 hash = partial_name_hash(focus, hash);
421 return hash;
422 }
423
filenametr_cmp(const void * k1,const void * k2)424 static int filenametr_cmp(const void *k1, const void *k2)
425 {
426 const struct filename_trans_key *ft1 = k1;
427 const struct filename_trans_key *ft2 = k2;
428 int v;
429
430 v = ft1->ttype - ft2->ttype;
431 if (v)
432 return v;
433
434 v = ft1->tclass - ft2->tclass;
435 if (v)
436 return v;
437
438 return strcmp(ft1->name, ft2->name);
439
440 }
441
442 static const struct hashtab_key_params filenametr_key_params = {
443 .hash = filenametr_hash,
444 .cmp = filenametr_cmp,
445 };
446
policydb_filenametr_search(struct policydb * p,struct filename_trans_key * key)447 struct filename_trans_datum *policydb_filenametr_search(
448 struct policydb *p, struct filename_trans_key *key)
449 {
450 return hashtab_search(&p->filename_trans, key, filenametr_key_params);
451 }
452
rangetr_hash(const void * k)453 static u32 rangetr_hash(const void *k)
454 {
455 const struct range_trans *key = k;
456
457 return key->source_type + (key->target_type << 3) +
458 (key->target_class << 5);
459 }
460
rangetr_cmp(const void * k1,const void * k2)461 static int rangetr_cmp(const void *k1, const void *k2)
462 {
463 const struct range_trans *key1 = k1, *key2 = k2;
464 int v;
465
466 v = key1->source_type - key2->source_type;
467 if (v)
468 return v;
469
470 v = key1->target_type - key2->target_type;
471 if (v)
472 return v;
473
474 v = key1->target_class - key2->target_class;
475
476 return v;
477 }
478
479 static const struct hashtab_key_params rangetr_key_params = {
480 .hash = rangetr_hash,
481 .cmp = rangetr_cmp,
482 };
483
policydb_rangetr_search(struct policydb * p,struct range_trans * key)484 struct mls_range *policydb_rangetr_search(struct policydb *p,
485 struct range_trans *key)
486 {
487 return hashtab_search(&p->range_tr, key, rangetr_key_params);
488 }
489
role_trans_hash(const void * k)490 static u32 role_trans_hash(const void *k)
491 {
492 const struct role_trans_key *key = k;
493
494 return key->role + (key->type << 3) + (key->tclass << 5);
495 }
496
role_trans_cmp(const void * k1,const void * k2)497 static int role_trans_cmp(const void *k1, const void *k2)
498 {
499 const struct role_trans_key *key1 = k1, *key2 = k2;
500 int v;
501
502 v = key1->role - key2->role;
503 if (v)
504 return v;
505
506 v = key1->type - key2->type;
507 if (v)
508 return v;
509
510 return key1->tclass - key2->tclass;
511 }
512
513 static const struct hashtab_key_params roletr_key_params = {
514 .hash = role_trans_hash,
515 .cmp = role_trans_cmp,
516 };
517
policydb_roletr_search(struct policydb * p,struct role_trans_key * key)518 struct role_trans_datum *policydb_roletr_search(struct policydb *p,
519 struct role_trans_key *key)
520 {
521 return hashtab_search(&p->role_tr, key, roletr_key_params);
522 }
523
524 /*
525 * Initialize a policy database structure.
526 */
policydb_init(struct policydb * p)527 static void policydb_init(struct policydb *p)
528 {
529 memset(p, 0, sizeof(*p));
530
531 avtab_init(&p->te_avtab);
532 cond_policydb_init(p);
533
534 ebitmap_init(&p->filename_trans_ttypes);
535 ebitmap_init(&p->policycaps);
536 ebitmap_init(&p->permissive_map);
537 }
538
539 /*
540 * The following *_index functions are used to
541 * define the val_to_name and val_to_struct arrays
542 * in a policy database structure. The val_to_name
543 * arrays are used when converting security context
544 * structures into string representations. The
545 * val_to_struct arrays are used when the attributes
546 * of a class, role, or user are needed.
547 */
548
common_index(void * key,void * datum,void * datap)549 static int common_index(void *key, void *datum, void *datap)
550 {
551 struct policydb *p;
552 struct common_datum *comdatum;
553
554 comdatum = datum;
555 p = datap;
556 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
557 return -EINVAL;
558
559 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
560
561 return 0;
562 }
563
class_index(void * key,void * datum,void * datap)564 static int class_index(void *key, void *datum, void *datap)
565 {
566 struct policydb *p;
567 struct class_datum *cladatum;
568
569 cladatum = datum;
570 p = datap;
571 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
572 return -EINVAL;
573
574 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
575 p->class_val_to_struct[cladatum->value - 1] = cladatum;
576 return 0;
577 }
578
role_index(void * key,void * datum,void * datap)579 static int role_index(void *key, void *datum, void *datap)
580 {
581 struct policydb *p;
582 struct role_datum *role;
583
584 role = datum;
585 p = datap;
586 if (!role->value
587 || role->value > p->p_roles.nprim
588 || role->bounds > p->p_roles.nprim)
589 return -EINVAL;
590
591 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
592 p->role_val_to_struct[role->value - 1] = role;
593 return 0;
594 }
595
type_index(void * key,void * datum,void * datap)596 static int type_index(void *key, void *datum, void *datap)
597 {
598 struct policydb *p;
599 struct type_datum *typdatum;
600
601 typdatum = datum;
602 p = datap;
603
604 if (typdatum->primary) {
605 if (!typdatum->value
606 || typdatum->value > p->p_types.nprim
607 || typdatum->bounds > p->p_types.nprim)
608 return -EINVAL;
609 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
610 p->type_val_to_struct[typdatum->value - 1] = typdatum;
611 }
612
613 return 0;
614 }
615
user_index(void * key,void * datum,void * datap)616 static int user_index(void *key, void *datum, void *datap)
617 {
618 struct policydb *p;
619 struct user_datum *usrdatum;
620
621 usrdatum = datum;
622 p = datap;
623 if (!usrdatum->value
624 || usrdatum->value > p->p_users.nprim
625 || usrdatum->bounds > p->p_users.nprim)
626 return -EINVAL;
627
628 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
629 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
630 return 0;
631 }
632
sens_index(void * key,void * datum,void * datap)633 static int sens_index(void *key, void *datum, void *datap)
634 {
635 struct policydb *p;
636 struct level_datum *levdatum;
637
638 levdatum = datum;
639 p = datap;
640
641 if (!levdatum->isalias) {
642 if (!levdatum->level->sens ||
643 levdatum->level->sens > p->p_levels.nprim)
644 return -EINVAL;
645
646 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
647 }
648
649 return 0;
650 }
651
cat_index(void * key,void * datum,void * datap)652 static int cat_index(void *key, void *datum, void *datap)
653 {
654 struct policydb *p;
655 struct cat_datum *catdatum;
656
657 catdatum = datum;
658 p = datap;
659
660 if (!catdatum->isalias) {
661 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
662 return -EINVAL;
663
664 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
665 }
666
667 return 0;
668 }
669
670 static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
671 common_index,
672 class_index,
673 role_index,
674 type_index,
675 user_index,
676 cond_index_bool,
677 sens_index,
678 cat_index,
679 };
680
681 #ifdef DEBUG_HASHES
hash_eval(struct hashtab * h,const char * hash_name)682 static void hash_eval(struct hashtab *h, const char *hash_name)
683 {
684 struct hashtab_info info;
685
686 hashtab_stat(h, &info);
687 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n",
688 hash_name, h->nel, info.slots_used, h->size,
689 info.max_chain_len);
690 }
691
symtab_hash_eval(struct symtab * s)692 static void symtab_hash_eval(struct symtab *s)
693 {
694 int i;
695
696 for (i = 0; i < SYM_NUM; i++)
697 hash_eval(&s[i].table, symtab_name[i]);
698 }
699
700 #else
hash_eval(struct hashtab * h,const char * hash_name)701 static inline void hash_eval(struct hashtab *h, const char *hash_name)
702 {
703 }
704 #endif
705
706 /*
707 * Define the other val_to_name and val_to_struct arrays
708 * in a policy database structure.
709 *
710 * Caller must clean up on failure.
711 */
policydb_index(struct policydb * p)712 static int policydb_index(struct policydb *p)
713 {
714 int i, rc;
715
716 if (p->mls_enabled)
717 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n",
718 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
719 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
720 else
721 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n",
722 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
723 p->p_bools.nprim);
724
725 pr_debug("SELinux: %d classes, %d rules\n",
726 p->p_classes.nprim, p->te_avtab.nel);
727
728 #ifdef DEBUG_HASHES
729 avtab_hash_eval(&p->te_avtab, "rules");
730 symtab_hash_eval(p->symtab);
731 #endif
732
733 p->class_val_to_struct = kcalloc(p->p_classes.nprim,
734 sizeof(*p->class_val_to_struct),
735 GFP_KERNEL);
736 if (!p->class_val_to_struct)
737 return -ENOMEM;
738
739 p->role_val_to_struct = kcalloc(p->p_roles.nprim,
740 sizeof(*p->role_val_to_struct),
741 GFP_KERNEL);
742 if (!p->role_val_to_struct)
743 return -ENOMEM;
744
745 p->user_val_to_struct = kcalloc(p->p_users.nprim,
746 sizeof(*p->user_val_to_struct),
747 GFP_KERNEL);
748 if (!p->user_val_to_struct)
749 return -ENOMEM;
750
751 p->type_val_to_struct = kvcalloc(p->p_types.nprim,
752 sizeof(*p->type_val_to_struct),
753 GFP_KERNEL);
754 if (!p->type_val_to_struct)
755 return -ENOMEM;
756
757 rc = cond_init_bool_indexes(p);
758 if (rc)
759 goto out;
760
761 for (i = 0; i < SYM_NUM; i++) {
762 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,
763 sizeof(char *),
764 GFP_KERNEL);
765 if (!p->sym_val_to_name[i])
766 return -ENOMEM;
767
768 rc = hashtab_map(&p->symtab[i].table, index_f[i], p);
769 if (rc)
770 goto out;
771 }
772 rc = 0;
773 out:
774 return rc;
775 }
776
777 /*
778 * Free any memory allocated by a policy database structure.
779 */
policydb_destroy(struct policydb * p)780 void policydb_destroy(struct policydb *p)
781 {
782 struct ocontext *c, *ctmp;
783 struct genfs *g, *gtmp;
784 int i;
785 struct role_allow *ra, *lra = NULL;
786
787 for (i = 0; i < SYM_NUM; i++) {
788 cond_resched();
789 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL);
790 hashtab_destroy(&p->symtab[i].table);
791 }
792
793 for (i = 0; i < SYM_NUM; i++)
794 kvfree(p->sym_val_to_name[i]);
795
796 kfree(p->class_val_to_struct);
797 kfree(p->role_val_to_struct);
798 kfree(p->user_val_to_struct);
799 kvfree(p->type_val_to_struct);
800
801 avtab_destroy(&p->te_avtab);
802
803 for (i = 0; i < OCON_NUM; i++) {
804 cond_resched();
805 c = p->ocontexts[i];
806 while (c) {
807 ctmp = c;
808 c = c->next;
809 ocontext_destroy(ctmp, i);
810 }
811 p->ocontexts[i] = NULL;
812 }
813
814 g = p->genfs;
815 while (g) {
816 cond_resched();
817 kfree(g->fstype);
818 c = g->head;
819 while (c) {
820 ctmp = c;
821 c = c->next;
822 ocontext_destroy(ctmp, OCON_FSUSE);
823 }
824 gtmp = g;
825 g = g->next;
826 kfree(gtmp);
827 }
828 p->genfs = NULL;
829
830 cond_policydb_destroy(p);
831
832 hashtab_map(&p->role_tr, role_tr_destroy, NULL);
833 hashtab_destroy(&p->role_tr);
834
835 for (ra = p->role_allow; ra; ra = ra->next) {
836 cond_resched();
837 kfree(lra);
838 lra = ra;
839 }
840 kfree(lra);
841
842 hashtab_map(&p->filename_trans, filenametr_destroy, NULL);
843 hashtab_destroy(&p->filename_trans);
844
845 hashtab_map(&p->range_tr, range_tr_destroy, NULL);
846 hashtab_destroy(&p->range_tr);
847
848 if (p->type_attr_map_array) {
849 for (i = 0; i < p->p_types.nprim; i++)
850 ebitmap_destroy(&p->type_attr_map_array[i]);
851 kvfree(p->type_attr_map_array);
852 }
853
854 ebitmap_destroy(&p->filename_trans_ttypes);
855 ebitmap_destroy(&p->policycaps);
856 ebitmap_destroy(&p->permissive_map);
857 }
858
859 /*
860 * Load the initial SIDs specified in a policy database
861 * structure into a SID table.
862 */
policydb_load_isids(struct policydb * p,struct sidtab * s)863 int policydb_load_isids(struct policydb *p, struct sidtab *s)
864 {
865 struct ocontext *head, *c;
866 int rc;
867
868 rc = sidtab_init(s);
869 if (rc) {
870 pr_err("SELinux: out of memory on SID table init\n");
871 return rc;
872 }
873
874 head = p->ocontexts[OCON_ISID];
875 for (c = head; c; c = c->next) {
876 u32 sid = c->sid[0];
877 const char *name = security_get_initial_sid_context(sid);
878
879 if (sid == SECSID_NULL) {
880 pr_err("SELinux: SID 0 was assigned a context.\n");
881 sidtab_destroy(s);
882 return -EINVAL;
883 }
884
885 /* Ignore initial SIDs unused by this kernel. */
886 if (!name)
887 continue;
888
889 rc = sidtab_set_initial(s, sid, &c->context[0]);
890 if (rc) {
891 pr_err("SELinux: unable to load initial SID %s.\n",
892 name);
893 sidtab_destroy(s);
894 return rc;
895 }
896 }
897 return 0;
898 }
899
policydb_class_isvalid(struct policydb * p,unsigned int class)900 int policydb_class_isvalid(struct policydb *p, unsigned int class)
901 {
902 if (!class || class > p->p_classes.nprim)
903 return 0;
904 return 1;
905 }
906
policydb_role_isvalid(struct policydb * p,unsigned int role)907 int policydb_role_isvalid(struct policydb *p, unsigned int role)
908 {
909 if (!role || role > p->p_roles.nprim)
910 return 0;
911 return 1;
912 }
913
policydb_type_isvalid(struct policydb * p,unsigned int type)914 int policydb_type_isvalid(struct policydb *p, unsigned int type)
915 {
916 if (!type || type > p->p_types.nprim)
917 return 0;
918 return 1;
919 }
920
921 /*
922 * Return 1 if the fields in the security context
923 * structure `c' are valid. Return 0 otherwise.
924 */
policydb_context_isvalid(struct policydb * p,struct context * c)925 int policydb_context_isvalid(struct policydb *p, struct context *c)
926 {
927 struct role_datum *role;
928 struct user_datum *usrdatum;
929
930 if (!c->role || c->role > p->p_roles.nprim)
931 return 0;
932
933 if (!c->user || c->user > p->p_users.nprim)
934 return 0;
935
936 if (!c->type || c->type > p->p_types.nprim)
937 return 0;
938
939 if (c->role != OBJECT_R_VAL) {
940 /*
941 * Role must be authorized for the type.
942 */
943 role = p->role_val_to_struct[c->role - 1];
944 if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
945 /* role may not be associated with type */
946 return 0;
947
948 /*
949 * User must be authorized for the role.
950 */
951 usrdatum = p->user_val_to_struct[c->user - 1];
952 if (!usrdatum)
953 return 0;
954
955 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
956 /* user may not be associated with role */
957 return 0;
958 }
959
960 if (!mls_context_isvalid(p, c))
961 return 0;
962
963 return 1;
964 }
965
966 /*
967 * Read a MLS range structure from a policydb binary
968 * representation file.
969 */
mls_read_range_helper(struct mls_range * r,void * fp)970 static int mls_read_range_helper(struct mls_range *r, void *fp)
971 {
972 __le32 buf[2];
973 u32 items;
974 int rc;
975
976 rc = next_entry(buf, fp, sizeof(u32));
977 if (rc)
978 goto out;
979
980 rc = -EINVAL;
981 items = le32_to_cpu(buf[0]);
982 if (items > ARRAY_SIZE(buf)) {
983 pr_err("SELinux: mls: range overflow\n");
984 goto out;
985 }
986
987 rc = next_entry(buf, fp, sizeof(u32) * items);
988 if (rc) {
989 pr_err("SELinux: mls: truncated range\n");
990 goto out;
991 }
992
993 r->level[0].sens = le32_to_cpu(buf[0]);
994 if (items > 1)
995 r->level[1].sens = le32_to_cpu(buf[1]);
996 else
997 r->level[1].sens = r->level[0].sens;
998
999 rc = ebitmap_read(&r->level[0].cat, fp);
1000 if (rc) {
1001 pr_err("SELinux: mls: error reading low categories\n");
1002 goto out;
1003 }
1004 if (items > 1) {
1005 rc = ebitmap_read(&r->level[1].cat, fp);
1006 if (rc) {
1007 pr_err("SELinux: mls: error reading high categories\n");
1008 goto bad_high;
1009 }
1010 } else {
1011 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1012 if (rc) {
1013 pr_err("SELinux: mls: out of memory\n");
1014 goto bad_high;
1015 }
1016 }
1017
1018 return 0;
1019 bad_high:
1020 ebitmap_destroy(&r->level[0].cat);
1021 out:
1022 return rc;
1023 }
1024
1025 /*
1026 * Read and validate a security context structure
1027 * from a policydb binary representation file.
1028 */
context_read_and_validate(struct context * c,struct policydb * p,void * fp)1029 static int context_read_and_validate(struct context *c,
1030 struct policydb *p,
1031 void *fp)
1032 {
1033 __le32 buf[3];
1034 int rc;
1035
1036 rc = next_entry(buf, fp, sizeof buf);
1037 if (rc) {
1038 pr_err("SELinux: context truncated\n");
1039 goto out;
1040 }
1041 c->user = le32_to_cpu(buf[0]);
1042 c->role = le32_to_cpu(buf[1]);
1043 c->type = le32_to_cpu(buf[2]);
1044 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1045 rc = mls_read_range_helper(&c->range, fp);
1046 if (rc) {
1047 pr_err("SELinux: error reading MLS range of context\n");
1048 goto out;
1049 }
1050 }
1051
1052 rc = -EINVAL;
1053 if (!policydb_context_isvalid(p, c)) {
1054 pr_err("SELinux: invalid security context\n");
1055 context_destroy(c);
1056 goto out;
1057 }
1058 rc = 0;
1059 out:
1060 return rc;
1061 }
1062
1063 /*
1064 * The following *_read functions are used to
1065 * read the symbol data from a policy database
1066 * binary representation file.
1067 */
1068
str_read(char ** strp,gfp_t flags,void * fp,u32 len)1069 static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1070 {
1071 int rc;
1072 char *str;
1073
1074 if ((len == 0) || (len == (u32)-1))
1075 return -EINVAL;
1076
1077 str = kmalloc(len + 1, flags | __GFP_NOWARN);
1078 if (!str)
1079 return -ENOMEM;
1080
1081 rc = next_entry(str, fp, len);
1082 if (rc) {
1083 kfree(str);
1084 return rc;
1085 }
1086
1087 str[len] = '\0';
1088 *strp = str;
1089 return 0;
1090 }
1091
perm_read(struct policydb * p,struct symtab * s,void * fp)1092 static int perm_read(struct policydb *p, struct symtab *s, void *fp)
1093 {
1094 char *key = NULL;
1095 struct perm_datum *perdatum;
1096 int rc;
1097 __le32 buf[2];
1098 u32 len;
1099
1100 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1101 if (!perdatum)
1102 return -ENOMEM;
1103
1104 rc = next_entry(buf, fp, sizeof buf);
1105 if (rc)
1106 goto bad;
1107
1108 len = le32_to_cpu(buf[0]);
1109 perdatum->value = le32_to_cpu(buf[1]);
1110
1111 rc = str_read(&key, GFP_KERNEL, fp, len);
1112 if (rc)
1113 goto bad;
1114
1115 rc = symtab_insert(s, key, perdatum);
1116 if (rc)
1117 goto bad;
1118
1119 return 0;
1120 bad:
1121 perm_destroy(key, perdatum, NULL);
1122 return rc;
1123 }
1124
common_read(struct policydb * p,struct symtab * s,void * fp)1125 static int common_read(struct policydb *p, struct symtab *s, void *fp)
1126 {
1127 char *key = NULL;
1128 struct common_datum *comdatum;
1129 __le32 buf[4];
1130 u32 len, nel;
1131 int i, rc;
1132
1133 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1134 if (!comdatum)
1135 return -ENOMEM;
1136
1137 rc = next_entry(buf, fp, sizeof buf);
1138 if (rc)
1139 goto bad;
1140
1141 len = le32_to_cpu(buf[0]);
1142 comdatum->value = le32_to_cpu(buf[1]);
1143 nel = le32_to_cpu(buf[3]);
1144
1145 rc = symtab_init(&comdatum->permissions, nel);
1146 if (rc)
1147 goto bad;
1148 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1149
1150 rc = str_read(&key, GFP_KERNEL, fp, len);
1151 if (rc)
1152 goto bad;
1153
1154 for (i = 0; i < nel; i++) {
1155 rc = perm_read(p, &comdatum->permissions, fp);
1156 if (rc)
1157 goto bad;
1158 }
1159
1160 rc = symtab_insert(s, key, comdatum);
1161 if (rc)
1162 goto bad;
1163 return 0;
1164 bad:
1165 common_destroy(key, comdatum, NULL);
1166 return rc;
1167 }
1168
type_set_init(struct type_set * t)1169 static void type_set_init(struct type_set *t)
1170 {
1171 ebitmap_init(&t->types);
1172 ebitmap_init(&t->negset);
1173 }
1174
type_set_read(struct type_set * t,void * fp)1175 static int type_set_read(struct type_set *t, void *fp)
1176 {
1177 __le32 buf[1];
1178 int rc;
1179
1180 if (ebitmap_read(&t->types, fp))
1181 return -EINVAL;
1182 if (ebitmap_read(&t->negset, fp))
1183 return -EINVAL;
1184
1185 rc = next_entry(buf, fp, sizeof(u32));
1186 if (rc < 0)
1187 return -EINVAL;
1188 t->flags = le32_to_cpu(buf[0]);
1189
1190 return 0;
1191 }
1192
1193
read_cons_helper(struct policydb * p,struct constraint_node ** nodep,int ncons,int allowxtarget,void * fp)1194 static int read_cons_helper(struct policydb *p,
1195 struct constraint_node **nodep,
1196 int ncons, int allowxtarget, void *fp)
1197 {
1198 struct constraint_node *c, *lc;
1199 struct constraint_expr *e, *le;
1200 __le32 buf[3];
1201 u32 nexpr;
1202 int rc, i, j, depth;
1203
1204 lc = NULL;
1205 for (i = 0; i < ncons; i++) {
1206 c = kzalloc(sizeof(*c), GFP_KERNEL);
1207 if (!c)
1208 return -ENOMEM;
1209
1210 if (lc)
1211 lc->next = c;
1212 else
1213 *nodep = c;
1214
1215 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1216 if (rc)
1217 return rc;
1218 c->permissions = le32_to_cpu(buf[0]);
1219 nexpr = le32_to_cpu(buf[1]);
1220 le = NULL;
1221 depth = -1;
1222 for (j = 0; j < nexpr; j++) {
1223 e = kzalloc(sizeof(*e), GFP_KERNEL);
1224 if (!e)
1225 return -ENOMEM;
1226
1227 if (le)
1228 le->next = e;
1229 else
1230 c->expr = e;
1231
1232 rc = next_entry(buf, fp, (sizeof(u32) * 3));
1233 if (rc)
1234 return rc;
1235 e->expr_type = le32_to_cpu(buf[0]);
1236 e->attr = le32_to_cpu(buf[1]);
1237 e->op = le32_to_cpu(buf[2]);
1238
1239 switch (e->expr_type) {
1240 case CEXPR_NOT:
1241 if (depth < 0)
1242 return -EINVAL;
1243 break;
1244 case CEXPR_AND:
1245 case CEXPR_OR:
1246 if (depth < 1)
1247 return -EINVAL;
1248 depth--;
1249 break;
1250 case CEXPR_ATTR:
1251 if (depth == (CEXPR_MAXDEPTH - 1))
1252 return -EINVAL;
1253 depth++;
1254 break;
1255 case CEXPR_NAMES:
1256 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1257 return -EINVAL;
1258 if (depth == (CEXPR_MAXDEPTH - 1))
1259 return -EINVAL;
1260 depth++;
1261 rc = ebitmap_read(&e->names, fp);
1262 if (rc)
1263 return rc;
1264 if (p->policyvers >=
1265 POLICYDB_VERSION_CONSTRAINT_NAMES) {
1266 e->type_names = kzalloc(sizeof
1267 (*e->type_names), GFP_KERNEL);
1268 if (!e->type_names)
1269 return -ENOMEM;
1270 type_set_init(e->type_names);
1271 rc = type_set_read(e->type_names, fp);
1272 if (rc)
1273 return rc;
1274 }
1275 break;
1276 default:
1277 return -EINVAL;
1278 }
1279 le = e;
1280 }
1281 if (depth != 0)
1282 return -EINVAL;
1283 lc = c;
1284 }
1285
1286 return 0;
1287 }
1288
class_read(struct policydb * p,struct symtab * s,void * fp)1289 static int class_read(struct policydb *p, struct symtab *s, void *fp)
1290 {
1291 char *key = NULL;
1292 struct class_datum *cladatum;
1293 __le32 buf[6];
1294 u32 len, len2, ncons, nel;
1295 int i, rc;
1296
1297 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1298 if (!cladatum)
1299 return -ENOMEM;
1300
1301 rc = next_entry(buf, fp, sizeof(u32)*6);
1302 if (rc)
1303 goto bad;
1304
1305 len = le32_to_cpu(buf[0]);
1306 len2 = le32_to_cpu(buf[1]);
1307 cladatum->value = le32_to_cpu(buf[2]);
1308 nel = le32_to_cpu(buf[4]);
1309
1310 rc = symtab_init(&cladatum->permissions, nel);
1311 if (rc)
1312 goto bad;
1313 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1314
1315 ncons = le32_to_cpu(buf[5]);
1316
1317 rc = str_read(&key, GFP_KERNEL, fp, len);
1318 if (rc)
1319 goto bad;
1320
1321 if (len2) {
1322 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2);
1323 if (rc)
1324 goto bad;
1325
1326 rc = -EINVAL;
1327 cladatum->comdatum = symtab_search(&p->p_commons,
1328 cladatum->comkey);
1329 if (!cladatum->comdatum) {
1330 pr_err("SELinux: unknown common %s\n",
1331 cladatum->comkey);
1332 goto bad;
1333 }
1334 }
1335 for (i = 0; i < nel; i++) {
1336 rc = perm_read(p, &cladatum->permissions, fp);
1337 if (rc)
1338 goto bad;
1339 }
1340
1341 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
1342 if (rc)
1343 goto bad;
1344
1345 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1346 /* grab the validatetrans rules */
1347 rc = next_entry(buf, fp, sizeof(u32));
1348 if (rc)
1349 goto bad;
1350 ncons = le32_to_cpu(buf[0]);
1351 rc = read_cons_helper(p, &cladatum->validatetrans,
1352 ncons, 1, fp);
1353 if (rc)
1354 goto bad;
1355 }
1356
1357 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1358 rc = next_entry(buf, fp, sizeof(u32) * 3);
1359 if (rc)
1360 goto bad;
1361
1362 cladatum->default_user = le32_to_cpu(buf[0]);
1363 cladatum->default_role = le32_to_cpu(buf[1]);
1364 cladatum->default_range = le32_to_cpu(buf[2]);
1365 }
1366
1367 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1368 rc = next_entry(buf, fp, sizeof(u32) * 1);
1369 if (rc)
1370 goto bad;
1371 cladatum->default_type = le32_to_cpu(buf[0]);
1372 }
1373
1374 rc = symtab_insert(s, key, cladatum);
1375 if (rc)
1376 goto bad;
1377
1378 return 0;
1379 bad:
1380 cls_destroy(key, cladatum, NULL);
1381 return rc;
1382 }
1383
role_read(struct policydb * p,struct symtab * s,void * fp)1384 static int role_read(struct policydb *p, struct symtab *s, void *fp)
1385 {
1386 char *key = NULL;
1387 struct role_datum *role;
1388 int rc, to_read = 2;
1389 __le32 buf[3];
1390 u32 len;
1391
1392 role = kzalloc(sizeof(*role), GFP_KERNEL);
1393 if (!role)
1394 return -ENOMEM;
1395
1396 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1397 to_read = 3;
1398
1399 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1400 if (rc)
1401 goto bad;
1402
1403 len = le32_to_cpu(buf[0]);
1404 role->value = le32_to_cpu(buf[1]);
1405 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1406 role->bounds = le32_to_cpu(buf[2]);
1407
1408 rc = str_read(&key, GFP_KERNEL, fp, len);
1409 if (rc)
1410 goto bad;
1411
1412 rc = ebitmap_read(&role->dominates, fp);
1413 if (rc)
1414 goto bad;
1415
1416 rc = ebitmap_read(&role->types, fp);
1417 if (rc)
1418 goto bad;
1419
1420 if (strcmp(key, OBJECT_R) == 0) {
1421 rc = -EINVAL;
1422 if (role->value != OBJECT_R_VAL) {
1423 pr_err("SELinux: Role %s has wrong value %d\n",
1424 OBJECT_R, role->value);
1425 goto bad;
1426 }
1427 rc = 0;
1428 goto bad;
1429 }
1430
1431 rc = symtab_insert(s, key, role);
1432 if (rc)
1433 goto bad;
1434 return 0;
1435 bad:
1436 role_destroy(key, role, NULL);
1437 return rc;
1438 }
1439
type_read(struct policydb * p,struct symtab * s,void * fp)1440 static int type_read(struct policydb *p, struct symtab *s, void *fp)
1441 {
1442 char *key = NULL;
1443 struct type_datum *typdatum;
1444 int rc, to_read = 3;
1445 __le32 buf[4];
1446 u32 len;
1447
1448 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1449 if (!typdatum)
1450 return -ENOMEM;
1451
1452 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1453 to_read = 4;
1454
1455 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1456 if (rc)
1457 goto bad;
1458
1459 len = le32_to_cpu(buf[0]);
1460 typdatum->value = le32_to_cpu(buf[1]);
1461 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1462 u32 prop = le32_to_cpu(buf[2]);
1463
1464 if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1465 typdatum->primary = 1;
1466 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1467 typdatum->attribute = 1;
1468
1469 typdatum->bounds = le32_to_cpu(buf[3]);
1470 } else {
1471 typdatum->primary = le32_to_cpu(buf[2]);
1472 }
1473
1474 rc = str_read(&key, GFP_KERNEL, fp, len);
1475 if (rc)
1476 goto bad;
1477
1478 rc = symtab_insert(s, key, typdatum);
1479 if (rc)
1480 goto bad;
1481 return 0;
1482 bad:
1483 type_destroy(key, typdatum, NULL);
1484 return rc;
1485 }
1486
1487
1488 /*
1489 * Read a MLS level structure from a policydb binary
1490 * representation file.
1491 */
mls_read_level(struct mls_level * lp,void * fp)1492 static int mls_read_level(struct mls_level *lp, void *fp)
1493 {
1494 __le32 buf[1];
1495 int rc;
1496
1497 memset(lp, 0, sizeof(*lp));
1498
1499 rc = next_entry(buf, fp, sizeof buf);
1500 if (rc) {
1501 pr_err("SELinux: mls: truncated level\n");
1502 return rc;
1503 }
1504 lp->sens = le32_to_cpu(buf[0]);
1505
1506 rc = ebitmap_read(&lp->cat, fp);
1507 if (rc) {
1508 pr_err("SELinux: mls: error reading level categories\n");
1509 return rc;
1510 }
1511 return 0;
1512 }
1513
user_read(struct policydb * p,struct symtab * s,void * fp)1514 static int user_read(struct policydb *p, struct symtab *s, void *fp)
1515 {
1516 char *key = NULL;
1517 struct user_datum *usrdatum;
1518 int rc, to_read = 2;
1519 __le32 buf[3];
1520 u32 len;
1521
1522 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1523 if (!usrdatum)
1524 return -ENOMEM;
1525
1526 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1527 to_read = 3;
1528
1529 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1530 if (rc)
1531 goto bad;
1532
1533 len = le32_to_cpu(buf[0]);
1534 usrdatum->value = le32_to_cpu(buf[1]);
1535 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1536 usrdatum->bounds = le32_to_cpu(buf[2]);
1537
1538 rc = str_read(&key, GFP_KERNEL, fp, len);
1539 if (rc)
1540 goto bad;
1541
1542 rc = ebitmap_read(&usrdatum->roles, fp);
1543 if (rc)
1544 goto bad;
1545
1546 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1547 rc = mls_read_range_helper(&usrdatum->range, fp);
1548 if (rc)
1549 goto bad;
1550 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1551 if (rc)
1552 goto bad;
1553 }
1554
1555 rc = symtab_insert(s, key, usrdatum);
1556 if (rc)
1557 goto bad;
1558 return 0;
1559 bad:
1560 user_destroy(key, usrdatum, NULL);
1561 return rc;
1562 }
1563
sens_read(struct policydb * p,struct symtab * s,void * fp)1564 static int sens_read(struct policydb *p, struct symtab *s, void *fp)
1565 {
1566 char *key = NULL;
1567 struct level_datum *levdatum;
1568 int rc;
1569 __le32 buf[2];
1570 u32 len;
1571
1572 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1573 if (!levdatum)
1574 return -ENOMEM;
1575
1576 rc = next_entry(buf, fp, sizeof buf);
1577 if (rc)
1578 goto bad;
1579
1580 len = le32_to_cpu(buf[0]);
1581 levdatum->isalias = le32_to_cpu(buf[1]);
1582
1583 rc = str_read(&key, GFP_ATOMIC, fp, len);
1584 if (rc)
1585 goto bad;
1586
1587 rc = -ENOMEM;
1588 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC);
1589 if (!levdatum->level)
1590 goto bad;
1591
1592 rc = mls_read_level(levdatum->level, fp);
1593 if (rc)
1594 goto bad;
1595
1596 rc = symtab_insert(s, key, levdatum);
1597 if (rc)
1598 goto bad;
1599 return 0;
1600 bad:
1601 sens_destroy(key, levdatum, NULL);
1602 return rc;
1603 }
1604
cat_read(struct policydb * p,struct symtab * s,void * fp)1605 static int cat_read(struct policydb *p, struct symtab *s, void *fp)
1606 {
1607 char *key = NULL;
1608 struct cat_datum *catdatum;
1609 int rc;
1610 __le32 buf[3];
1611 u32 len;
1612
1613 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1614 if (!catdatum)
1615 return -ENOMEM;
1616
1617 rc = next_entry(buf, fp, sizeof buf);
1618 if (rc)
1619 goto bad;
1620
1621 len = le32_to_cpu(buf[0]);
1622 catdatum->value = le32_to_cpu(buf[1]);
1623 catdatum->isalias = le32_to_cpu(buf[2]);
1624
1625 rc = str_read(&key, GFP_ATOMIC, fp, len);
1626 if (rc)
1627 goto bad;
1628
1629 rc = symtab_insert(s, key, catdatum);
1630 if (rc)
1631 goto bad;
1632 return 0;
1633 bad:
1634 cat_destroy(key, catdatum, NULL);
1635 return rc;
1636 }
1637
1638 static int (*const read_f[SYM_NUM]) (struct policydb *p,
1639 struct symtab *s, void *fp) = {
1640 common_read,
1641 class_read,
1642 role_read,
1643 type_read,
1644 user_read,
1645 cond_read_bool,
1646 sens_read,
1647 cat_read,
1648 };
1649
user_bounds_sanity_check(void * key,void * datum,void * datap)1650 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1651 {
1652 struct user_datum *upper, *user;
1653 struct policydb *p = datap;
1654 int depth = 0;
1655
1656 upper = user = datum;
1657 while (upper->bounds) {
1658 struct ebitmap_node *node;
1659 unsigned long bit;
1660
1661 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1662 pr_err("SELinux: user %s: "
1663 "too deep or looped boundary",
1664 (char *) key);
1665 return -EINVAL;
1666 }
1667
1668 upper = p->user_val_to_struct[upper->bounds - 1];
1669 ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1670 if (ebitmap_get_bit(&upper->roles, bit))
1671 continue;
1672
1673 pr_err("SELinux: boundary violated policy: "
1674 "user=%s role=%s bounds=%s\n",
1675 sym_name(p, SYM_USERS, user->value - 1),
1676 sym_name(p, SYM_ROLES, bit),
1677 sym_name(p, SYM_USERS, upper->value - 1));
1678
1679 return -EINVAL;
1680 }
1681 }
1682
1683 return 0;
1684 }
1685
role_bounds_sanity_check(void * key,void * datum,void * datap)1686 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1687 {
1688 struct role_datum *upper, *role;
1689 struct policydb *p = datap;
1690 int depth = 0;
1691
1692 upper = role = datum;
1693 while (upper->bounds) {
1694 struct ebitmap_node *node;
1695 unsigned long bit;
1696
1697 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1698 pr_err("SELinux: role %s: "
1699 "too deep or looped bounds\n",
1700 (char *) key);
1701 return -EINVAL;
1702 }
1703
1704 upper = p->role_val_to_struct[upper->bounds - 1];
1705 ebitmap_for_each_positive_bit(&role->types, node, bit) {
1706 if (ebitmap_get_bit(&upper->types, bit))
1707 continue;
1708
1709 pr_err("SELinux: boundary violated policy: "
1710 "role=%s type=%s bounds=%s\n",
1711 sym_name(p, SYM_ROLES, role->value - 1),
1712 sym_name(p, SYM_TYPES, bit),
1713 sym_name(p, SYM_ROLES, upper->value - 1));
1714
1715 return -EINVAL;
1716 }
1717 }
1718
1719 return 0;
1720 }
1721
type_bounds_sanity_check(void * key,void * datum,void * datap)1722 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1723 {
1724 struct type_datum *upper;
1725 struct policydb *p = datap;
1726 int depth = 0;
1727
1728 upper = datum;
1729 while (upper->bounds) {
1730 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1731 pr_err("SELinux: type %s: "
1732 "too deep or looped boundary\n",
1733 (char *) key);
1734 return -EINVAL;
1735 }
1736
1737 upper = p->type_val_to_struct[upper->bounds - 1];
1738 BUG_ON(!upper);
1739
1740 if (upper->attribute) {
1741 pr_err("SELinux: type %s: "
1742 "bounded by attribute %s",
1743 (char *) key,
1744 sym_name(p, SYM_TYPES, upper->value - 1));
1745 return -EINVAL;
1746 }
1747 }
1748
1749 return 0;
1750 }
1751
policydb_bounds_sanity_check(struct policydb * p)1752 static int policydb_bounds_sanity_check(struct policydb *p)
1753 {
1754 int rc;
1755
1756 if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1757 return 0;
1758
1759 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p);
1760 if (rc)
1761 return rc;
1762
1763 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p);
1764 if (rc)
1765 return rc;
1766
1767 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p);
1768 if (rc)
1769 return rc;
1770
1771 return 0;
1772 }
1773
string_to_security_class(struct policydb * p,const char * name)1774 u16 string_to_security_class(struct policydb *p, const char *name)
1775 {
1776 struct class_datum *cladatum;
1777
1778 cladatum = symtab_search(&p->p_classes, name);
1779 if (!cladatum)
1780 return 0;
1781
1782 return cladatum->value;
1783 }
1784
string_to_av_perm(struct policydb * p,u16 tclass,const char * name)1785 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1786 {
1787 struct class_datum *cladatum;
1788 struct perm_datum *perdatum = NULL;
1789 struct common_datum *comdatum;
1790
1791 if (!tclass || tclass > p->p_classes.nprim)
1792 return 0;
1793
1794 cladatum = p->class_val_to_struct[tclass-1];
1795 comdatum = cladatum->comdatum;
1796 if (comdatum)
1797 perdatum = symtab_search(&comdatum->permissions, name);
1798 if (!perdatum)
1799 perdatum = symtab_search(&cladatum->permissions, name);
1800 if (!perdatum)
1801 return 0;
1802
1803 return 1U << (perdatum->value-1);
1804 }
1805
range_read(struct policydb * p,void * fp)1806 static int range_read(struct policydb *p, void *fp)
1807 {
1808 struct range_trans *rt = NULL;
1809 struct mls_range *r = NULL;
1810 int i, rc;
1811 __le32 buf[2];
1812 u32 nel;
1813
1814 if (p->policyvers < POLICYDB_VERSION_MLS)
1815 return 0;
1816
1817 rc = next_entry(buf, fp, sizeof(u32));
1818 if (rc)
1819 return rc;
1820
1821 nel = le32_to_cpu(buf[0]);
1822
1823 rc = hashtab_init(&p->range_tr, nel);
1824 if (rc)
1825 return rc;
1826
1827 for (i = 0; i < nel; i++) {
1828 rc = -ENOMEM;
1829 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1830 if (!rt)
1831 goto out;
1832
1833 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1834 if (rc)
1835 goto out;
1836
1837 rt->source_type = le32_to_cpu(buf[0]);
1838 rt->target_type = le32_to_cpu(buf[1]);
1839 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1840 rc = next_entry(buf, fp, sizeof(u32));
1841 if (rc)
1842 goto out;
1843 rt->target_class = le32_to_cpu(buf[0]);
1844 } else
1845 rt->target_class = p->process_class;
1846
1847 rc = -EINVAL;
1848 if (!policydb_type_isvalid(p, rt->source_type) ||
1849 !policydb_type_isvalid(p, rt->target_type) ||
1850 !policydb_class_isvalid(p, rt->target_class))
1851 goto out;
1852
1853 rc = -ENOMEM;
1854 r = kzalloc(sizeof(*r), GFP_KERNEL);
1855 if (!r)
1856 goto out;
1857
1858 rc = mls_read_range_helper(r, fp);
1859 if (rc)
1860 goto out;
1861
1862 rc = -EINVAL;
1863 if (!mls_range_isvalid(p, r)) {
1864 pr_warn("SELinux: rangetrans: invalid range\n");
1865 goto out;
1866 }
1867
1868 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params);
1869 if (rc)
1870 goto out;
1871
1872 rt = NULL;
1873 r = NULL;
1874 }
1875 hash_eval(&p->range_tr, "rangetr");
1876 rc = 0;
1877 out:
1878 kfree(rt);
1879 kfree(r);
1880 return rc;
1881 }
1882
filename_trans_read_helper_compat(struct policydb * p,void * fp)1883 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1884 {
1885 struct filename_trans_key key, *ft = NULL;
1886 struct filename_trans_datum *last, *datum = NULL;
1887 char *name = NULL;
1888 u32 len, stype, otype;
1889 __le32 buf[4];
1890 int rc;
1891
1892 /* length of the path component string */
1893 rc = next_entry(buf, fp, sizeof(u32));
1894 if (rc)
1895 return rc;
1896 len = le32_to_cpu(buf[0]);
1897
1898 /* path component string */
1899 rc = str_read(&name, GFP_KERNEL, fp, len);
1900 if (rc)
1901 return rc;
1902
1903 rc = next_entry(buf, fp, sizeof(u32) * 4);
1904 if (rc)
1905 goto out;
1906
1907 stype = le32_to_cpu(buf[0]);
1908 key.ttype = le32_to_cpu(buf[1]);
1909 key.tclass = le32_to_cpu(buf[2]);
1910 key.name = name;
1911
1912 otype = le32_to_cpu(buf[3]);
1913
1914 last = NULL;
1915 datum = policydb_filenametr_search(p, &key);
1916 while (datum) {
1917 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1918 /* conflicting/duplicate rules are ignored */
1919 datum = NULL;
1920 goto out;
1921 }
1922 if (likely(datum->otype == otype))
1923 break;
1924 last = datum;
1925 datum = datum->next;
1926 }
1927 if (!datum) {
1928 rc = -ENOMEM;
1929 datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1930 if (!datum)
1931 goto out;
1932
1933 ebitmap_init(&datum->stypes);
1934 datum->otype = otype;
1935 datum->next = NULL;
1936
1937 if (unlikely(last)) {
1938 last->next = datum;
1939 } else {
1940 rc = -ENOMEM;
1941 ft = kmemdup(&key, sizeof(key), GFP_KERNEL);
1942 if (!ft)
1943 goto out;
1944
1945 rc = hashtab_insert(&p->filename_trans, ft, datum,
1946 filenametr_key_params);
1947 if (rc)
1948 goto out;
1949 name = NULL;
1950
1951 rc = ebitmap_set_bit(&p->filename_trans_ttypes,
1952 key.ttype, 1);
1953 if (rc)
1954 return rc;
1955 }
1956 }
1957 kfree(name);
1958 return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
1959
1960 out:
1961 kfree(ft);
1962 kfree(name);
1963 kfree(datum);
1964 return rc;
1965 }
1966
filename_trans_read_helper(struct policydb * p,void * fp)1967 static int filename_trans_read_helper(struct policydb *p, void *fp)
1968 {
1969 struct filename_trans_key *ft = NULL;
1970 struct filename_trans_datum **dst, *datum, *first = NULL;
1971 char *name = NULL;
1972 u32 len, ttype, tclass, ndatum, i;
1973 __le32 buf[3];
1974 int rc;
1975
1976 /* length of the path component string */
1977 rc = next_entry(buf, fp, sizeof(u32));
1978 if (rc)
1979 return rc;
1980 len = le32_to_cpu(buf[0]);
1981
1982 /* path component string */
1983 rc = str_read(&name, GFP_KERNEL, fp, len);
1984 if (rc)
1985 return rc;
1986
1987 rc = next_entry(buf, fp, sizeof(u32) * 3);
1988 if (rc)
1989 goto out;
1990
1991 ttype = le32_to_cpu(buf[0]);
1992 tclass = le32_to_cpu(buf[1]);
1993
1994 ndatum = le32_to_cpu(buf[2]);
1995 if (ndatum == 0) {
1996 pr_err("SELinux: Filename transition key with no datum\n");
1997 rc = -ENOENT;
1998 goto out;
1999 }
2000
2001 dst = &first;
2002 for (i = 0; i < ndatum; i++) {
2003 rc = -ENOMEM;
2004 datum = kmalloc(sizeof(*datum), GFP_KERNEL);
2005 if (!datum)
2006 goto out;
2007
2008 datum->next = NULL;
2009 *dst = datum;
2010
2011 /* ebitmap_read() will at least init the bitmap */
2012 rc = ebitmap_read(&datum->stypes, fp);
2013 if (rc)
2014 goto out;
2015
2016 rc = next_entry(buf, fp, sizeof(u32));
2017 if (rc)
2018 goto out;
2019
2020 datum->otype = le32_to_cpu(buf[0]);
2021
2022 dst = &datum->next;
2023 }
2024
2025 rc = -ENOMEM;
2026 ft = kmalloc(sizeof(*ft), GFP_KERNEL);
2027 if (!ft)
2028 goto out;
2029
2030 ft->ttype = ttype;
2031 ft->tclass = tclass;
2032 ft->name = name;
2033
2034 rc = hashtab_insert(&p->filename_trans, ft, first,
2035 filenametr_key_params);
2036 if (rc == -EEXIST)
2037 pr_err("SELinux: Duplicate filename transition key\n");
2038 if (rc)
2039 goto out;
2040
2041 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1);
2042
2043 out:
2044 kfree(ft);
2045 kfree(name);
2046 while (first) {
2047 datum = first;
2048 first = first->next;
2049
2050 ebitmap_destroy(&datum->stypes);
2051 kfree(datum);
2052 }
2053 return rc;
2054 }
2055
filename_trans_read(struct policydb * p,void * fp)2056 static int filename_trans_read(struct policydb *p, void *fp)
2057 {
2058 u32 nel;
2059 __le32 buf[1];
2060 int rc, i;
2061
2062 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
2063 return 0;
2064
2065 rc = next_entry(buf, fp, sizeof(u32));
2066 if (rc)
2067 return rc;
2068 nel = le32_to_cpu(buf[0]);
2069
2070 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2071 p->compat_filename_trans_count = nel;
2072
2073 rc = hashtab_init(&p->filename_trans, (1 << 11));
2074 if (rc)
2075 return rc;
2076
2077 for (i = 0; i < nel; i++) {
2078 rc = filename_trans_read_helper_compat(p, fp);
2079 if (rc)
2080 return rc;
2081 }
2082 } else {
2083 rc = hashtab_init(&p->filename_trans, nel);
2084 if (rc)
2085 return rc;
2086
2087 for (i = 0; i < nel; i++) {
2088 rc = filename_trans_read_helper(p, fp);
2089 if (rc)
2090 return rc;
2091 }
2092 }
2093 hash_eval(&p->filename_trans, "filenametr");
2094 return 0;
2095 }
2096
genfs_read(struct policydb * p,void * fp)2097 static int genfs_read(struct policydb *p, void *fp)
2098 {
2099 int i, j, rc;
2100 u32 nel, nel2, len, len2;
2101 __le32 buf[1];
2102 struct ocontext *l, *c;
2103 struct ocontext *newc = NULL;
2104 struct genfs *genfs_p, *genfs;
2105 struct genfs *newgenfs = NULL;
2106
2107 rc = next_entry(buf, fp, sizeof(u32));
2108 if (rc)
2109 return rc;
2110 nel = le32_to_cpu(buf[0]);
2111
2112 for (i = 0; i < nel; i++) {
2113 rc = next_entry(buf, fp, sizeof(u32));
2114 if (rc)
2115 goto out;
2116 len = le32_to_cpu(buf[0]);
2117
2118 rc = -ENOMEM;
2119 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2120 if (!newgenfs)
2121 goto out;
2122
2123 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len);
2124 if (rc)
2125 goto out;
2126
2127 for (genfs_p = NULL, genfs = p->genfs; genfs;
2128 genfs_p = genfs, genfs = genfs->next) {
2129 rc = -EINVAL;
2130 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2131 pr_err("SELinux: dup genfs fstype %s\n",
2132 newgenfs->fstype);
2133 goto out;
2134 }
2135 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2136 break;
2137 }
2138 newgenfs->next = genfs;
2139 if (genfs_p)
2140 genfs_p->next = newgenfs;
2141 else
2142 p->genfs = newgenfs;
2143 genfs = newgenfs;
2144 newgenfs = NULL;
2145
2146 rc = next_entry(buf, fp, sizeof(u32));
2147 if (rc)
2148 goto out;
2149
2150 nel2 = le32_to_cpu(buf[0]);
2151 for (j = 0; j < nel2; j++) {
2152 rc = next_entry(buf, fp, sizeof(u32));
2153 if (rc)
2154 goto out;
2155 len = le32_to_cpu(buf[0]);
2156
2157 rc = -ENOMEM;
2158 newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2159 if (!newc)
2160 goto out;
2161
2162 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len);
2163 if (rc)
2164 goto out;
2165
2166 rc = next_entry(buf, fp, sizeof(u32));
2167 if (rc)
2168 goto out;
2169
2170 newc->v.sclass = le32_to_cpu(buf[0]);
2171 rc = context_read_and_validate(&newc->context[0], p, fp);
2172 if (rc)
2173 goto out;
2174
2175 for (l = NULL, c = genfs->head; c;
2176 l = c, c = c->next) {
2177 rc = -EINVAL;
2178 if (!strcmp(newc->u.name, c->u.name) &&
2179 (!c->v.sclass || !newc->v.sclass ||
2180 newc->v.sclass == c->v.sclass)) {
2181 pr_err("SELinux: dup genfs entry (%s,%s)\n",
2182 genfs->fstype, c->u.name);
2183 goto out;
2184 }
2185 len = strlen(newc->u.name);
2186 len2 = strlen(c->u.name);
2187 if (len > len2)
2188 break;
2189 }
2190
2191 newc->next = c;
2192 if (l)
2193 l->next = newc;
2194 else
2195 genfs->head = newc;
2196 newc = NULL;
2197 }
2198 }
2199 rc = 0;
2200 out:
2201 if (newgenfs) {
2202 kfree(newgenfs->fstype);
2203 kfree(newgenfs);
2204 }
2205 ocontext_destroy(newc, OCON_FSUSE);
2206
2207 return rc;
2208 }
2209
ocontext_read(struct policydb * p,const struct policydb_compat_info * info,void * fp)2210 static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info,
2211 void *fp)
2212 {
2213 int i, j, rc;
2214 u32 nel, len;
2215 __be64 prefixbuf[1];
2216 __le32 buf[3];
2217 struct ocontext *l, *c;
2218 u32 nodebuf[8];
2219
2220 for (i = 0; i < info->ocon_num; i++) {
2221 rc = next_entry(buf, fp, sizeof(u32));
2222 if (rc)
2223 goto out;
2224 nel = le32_to_cpu(buf[0]);
2225
2226 l = NULL;
2227 for (j = 0; j < nel; j++) {
2228 rc = -ENOMEM;
2229 c = kzalloc(sizeof(*c), GFP_KERNEL);
2230 if (!c)
2231 goto out;
2232 if (l)
2233 l->next = c;
2234 else
2235 p->ocontexts[i] = c;
2236 l = c;
2237
2238 switch (i) {
2239 case OCON_ISID:
2240 rc = next_entry(buf, fp, sizeof(u32));
2241 if (rc)
2242 goto out;
2243
2244 c->sid[0] = le32_to_cpu(buf[0]);
2245 rc = context_read_and_validate(&c->context[0], p, fp);
2246 if (rc)
2247 goto out;
2248 break;
2249 case OCON_FS:
2250 case OCON_NETIF:
2251 rc = next_entry(buf, fp, sizeof(u32));
2252 if (rc)
2253 goto out;
2254 len = le32_to_cpu(buf[0]);
2255
2256 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2257 if (rc)
2258 goto out;
2259
2260 rc = context_read_and_validate(&c->context[0], p, fp);
2261 if (rc)
2262 goto out;
2263 rc = context_read_and_validate(&c->context[1], p, fp);
2264 if (rc)
2265 goto out;
2266 break;
2267 case OCON_PORT:
2268 rc = next_entry(buf, fp, sizeof(u32)*3);
2269 if (rc)
2270 goto out;
2271 c->u.port.protocol = le32_to_cpu(buf[0]);
2272 c->u.port.low_port = le32_to_cpu(buf[1]);
2273 c->u.port.high_port = le32_to_cpu(buf[2]);
2274 rc = context_read_and_validate(&c->context[0], p, fp);
2275 if (rc)
2276 goto out;
2277 break;
2278 case OCON_NODE:
2279 rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2280 if (rc)
2281 goto out;
2282 c->u.node.addr = nodebuf[0]; /* network order */
2283 c->u.node.mask = nodebuf[1]; /* network order */
2284 rc = context_read_and_validate(&c->context[0], p, fp);
2285 if (rc)
2286 goto out;
2287 break;
2288 case OCON_FSUSE:
2289 rc = next_entry(buf, fp, sizeof(u32)*2);
2290 if (rc)
2291 goto out;
2292
2293 rc = -EINVAL;
2294 c->v.behavior = le32_to_cpu(buf[0]);
2295 /* Determined at runtime, not in policy DB. */
2296 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2297 goto out;
2298 if (c->v.behavior > SECURITY_FS_USE_MAX)
2299 goto out;
2300
2301 len = le32_to_cpu(buf[1]);
2302 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2303 if (rc)
2304 goto out;
2305
2306 rc = context_read_and_validate(&c->context[0], p, fp);
2307 if (rc)
2308 goto out;
2309 break;
2310 case OCON_NODE6: {
2311 int k;
2312
2313 rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2314 if (rc)
2315 goto out;
2316 for (k = 0; k < 4; k++)
2317 c->u.node6.addr[k] = nodebuf[k];
2318 for (k = 0; k < 4; k++)
2319 c->u.node6.mask[k] = nodebuf[k+4];
2320 rc = context_read_and_validate(&c->context[0], p, fp);
2321 if (rc)
2322 goto out;
2323 break;
2324 }
2325 case OCON_IBPKEY: {
2326 u32 pkey_lo, pkey_hi;
2327
2328 rc = next_entry(prefixbuf, fp, sizeof(u64));
2329 if (rc)
2330 goto out;
2331
2332 /* we need to have subnet_prefix in CPU order */
2333 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]);
2334
2335 rc = next_entry(buf, fp, sizeof(u32) * 2);
2336 if (rc)
2337 goto out;
2338
2339 pkey_lo = le32_to_cpu(buf[0]);
2340 pkey_hi = le32_to_cpu(buf[1]);
2341
2342 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) {
2343 rc = -EINVAL;
2344 goto out;
2345 }
2346
2347 c->u.ibpkey.low_pkey = pkey_lo;
2348 c->u.ibpkey.high_pkey = pkey_hi;
2349
2350 rc = context_read_and_validate(&c->context[0],
2351 p,
2352 fp);
2353 if (rc)
2354 goto out;
2355 break;
2356 }
2357 case OCON_IBENDPORT: {
2358 u32 port;
2359
2360 rc = next_entry(buf, fp, sizeof(u32) * 2);
2361 if (rc)
2362 goto out;
2363 len = le32_to_cpu(buf[0]);
2364
2365 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2366 if (rc)
2367 goto out;
2368
2369 port = le32_to_cpu(buf[1]);
2370 if (port > U8_MAX || port == 0) {
2371 rc = -EINVAL;
2372 goto out;
2373 }
2374
2375 c->u.ibendport.port = port;
2376
2377 rc = context_read_and_validate(&c->context[0],
2378 p,
2379 fp);
2380 if (rc)
2381 goto out;
2382 break;
2383 } /* end case */
2384 } /* end switch */
2385 }
2386 }
2387 rc = 0;
2388 out:
2389 return rc;
2390 }
2391
2392 /*
2393 * Read the configuration data from a policy database binary
2394 * representation file into a policy database structure.
2395 */
policydb_read(struct policydb * p,void * fp)2396 int policydb_read(struct policydb *p, void *fp)
2397 {
2398 struct role_allow *ra, *lra;
2399 struct role_trans_key *rtk = NULL;
2400 struct role_trans_datum *rtd = NULL;
2401 int i, j, rc;
2402 __le32 buf[4];
2403 u32 len, nprim, nel, perm;
2404
2405 char *policydb_str;
2406 const struct policydb_compat_info *info;
2407
2408 policydb_init(p);
2409
2410 /* Read the magic number and string length. */
2411 rc = next_entry(buf, fp, sizeof(u32) * 2);
2412 if (rc)
2413 goto bad;
2414
2415 rc = -EINVAL;
2416 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2417 pr_err("SELinux: policydb magic number 0x%x does "
2418 "not match expected magic number 0x%x\n",
2419 le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2420 goto bad;
2421 }
2422
2423 rc = -EINVAL;
2424 len = le32_to_cpu(buf[1]);
2425 if (len != strlen(POLICYDB_STRING)) {
2426 pr_err("SELinux: policydb string length %d does not "
2427 "match expected length %zu\n",
2428 len, strlen(POLICYDB_STRING));
2429 goto bad;
2430 }
2431
2432 rc = -ENOMEM;
2433 policydb_str = kmalloc(len + 1, GFP_KERNEL);
2434 if (!policydb_str) {
2435 pr_err("SELinux: unable to allocate memory for policydb "
2436 "string of length %d\n", len);
2437 goto bad;
2438 }
2439
2440 rc = next_entry(policydb_str, fp, len);
2441 if (rc) {
2442 pr_err("SELinux: truncated policydb string identifier\n");
2443 kfree(policydb_str);
2444 goto bad;
2445 }
2446
2447 rc = -EINVAL;
2448 policydb_str[len] = '\0';
2449 if (strcmp(policydb_str, POLICYDB_STRING)) {
2450 pr_err("SELinux: policydb string %s does not match "
2451 "my string %s\n", policydb_str, POLICYDB_STRING);
2452 kfree(policydb_str);
2453 goto bad;
2454 }
2455 /* Done with policydb_str. */
2456 kfree(policydb_str);
2457 policydb_str = NULL;
2458
2459 /* Read the version and table sizes. */
2460 rc = next_entry(buf, fp, sizeof(u32)*4);
2461 if (rc)
2462 goto bad;
2463
2464 rc = -EINVAL;
2465 p->policyvers = le32_to_cpu(buf[0]);
2466 if (p->policyvers < POLICYDB_VERSION_MIN ||
2467 p->policyvers > POLICYDB_VERSION_MAX) {
2468 pr_err("SELinux: policydb version %d does not match "
2469 "my version range %d-%d\n",
2470 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2471 goto bad;
2472 }
2473
2474 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2475 p->mls_enabled = 1;
2476
2477 rc = -EINVAL;
2478 if (p->policyvers < POLICYDB_VERSION_MLS) {
2479 pr_err("SELinux: security policydb version %d "
2480 "(MLS) not backwards compatible\n",
2481 p->policyvers);
2482 goto bad;
2483 }
2484 }
2485 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2486 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2487
2488 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE)) {
2489 p->android_netlink_route = 1;
2490 }
2491
2492 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_ANDROID_NETLINK_GETNEIGH)) {
2493 p->android_netlink_getneigh = 1;
2494 }
2495
2496 if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2497 rc = ebitmap_read(&p->policycaps, fp);
2498 if (rc)
2499 goto bad;
2500 }
2501
2502 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2503 rc = ebitmap_read(&p->permissive_map, fp);
2504 if (rc)
2505 goto bad;
2506 }
2507
2508 rc = -EINVAL;
2509 info = policydb_lookup_compat(p->policyvers);
2510 if (!info) {
2511 pr_err("SELinux: unable to find policy compat info "
2512 "for version %d\n", p->policyvers);
2513 goto bad;
2514 }
2515
2516 rc = -EINVAL;
2517 if (le32_to_cpu(buf[2]) != info->sym_num ||
2518 le32_to_cpu(buf[3]) != info->ocon_num) {
2519 pr_err("SELinux: policydb table sizes (%d,%d) do "
2520 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2521 le32_to_cpu(buf[3]),
2522 info->sym_num, info->ocon_num);
2523 goto bad;
2524 }
2525
2526 for (i = 0; i < info->sym_num; i++) {
2527 rc = next_entry(buf, fp, sizeof(u32)*2);
2528 if (rc)
2529 goto bad;
2530 nprim = le32_to_cpu(buf[0]);
2531 nel = le32_to_cpu(buf[1]);
2532
2533 rc = symtab_init(&p->symtab[i], nel);
2534 if (rc)
2535 goto out;
2536
2537 if (i == SYM_ROLES) {
2538 rc = roles_init(p);
2539 if (rc)
2540 goto out;
2541 }
2542
2543 for (j = 0; j < nel; j++) {
2544 rc = read_f[i](p, &p->symtab[i], fp);
2545 if (rc)
2546 goto bad;
2547 }
2548
2549 p->symtab[i].nprim = nprim;
2550 }
2551
2552 rc = -EINVAL;
2553 p->process_class = string_to_security_class(p, "process");
2554 if (!p->process_class) {
2555 pr_err("SELinux: process class is required, not defined in policy\n");
2556 goto bad;
2557 }
2558
2559 rc = avtab_read(&p->te_avtab, fp, p);
2560 if (rc)
2561 goto bad;
2562
2563 if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2564 rc = cond_read_list(p, fp);
2565 if (rc)
2566 goto bad;
2567 }
2568
2569 rc = next_entry(buf, fp, sizeof(u32));
2570 if (rc)
2571 goto bad;
2572 nel = le32_to_cpu(buf[0]);
2573
2574 rc = hashtab_init(&p->role_tr, nel);
2575 if (rc)
2576 goto bad;
2577 for (i = 0; i < nel; i++) {
2578 rc = -ENOMEM;
2579 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL);
2580 if (!rtk)
2581 goto bad;
2582
2583 rc = -ENOMEM;
2584 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL);
2585 if (!rtd)
2586 goto bad;
2587
2588 rc = next_entry(buf, fp, sizeof(u32)*3);
2589 if (rc)
2590 goto bad;
2591
2592 rtk->role = le32_to_cpu(buf[0]);
2593 rtk->type = le32_to_cpu(buf[1]);
2594 rtd->new_role = le32_to_cpu(buf[2]);
2595 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2596 rc = next_entry(buf, fp, sizeof(u32));
2597 if (rc)
2598 goto bad;
2599 rtk->tclass = le32_to_cpu(buf[0]);
2600 } else
2601 rtk->tclass = p->process_class;
2602
2603 rc = -EINVAL;
2604 if (!policydb_role_isvalid(p, rtk->role) ||
2605 !policydb_type_isvalid(p, rtk->type) ||
2606 !policydb_class_isvalid(p, rtk->tclass) ||
2607 !policydb_role_isvalid(p, rtd->new_role))
2608 goto bad;
2609
2610 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params);
2611 if (rc)
2612 goto bad;
2613
2614 rtk = NULL;
2615 rtd = NULL;
2616 }
2617
2618 rc = next_entry(buf, fp, sizeof(u32));
2619 if (rc)
2620 goto bad;
2621 nel = le32_to_cpu(buf[0]);
2622 lra = NULL;
2623 for (i = 0; i < nel; i++) {
2624 rc = -ENOMEM;
2625 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2626 if (!ra)
2627 goto bad;
2628 if (lra)
2629 lra->next = ra;
2630 else
2631 p->role_allow = ra;
2632 rc = next_entry(buf, fp, sizeof(u32)*2);
2633 if (rc)
2634 goto bad;
2635
2636 rc = -EINVAL;
2637 ra->role = le32_to_cpu(buf[0]);
2638 ra->new_role = le32_to_cpu(buf[1]);
2639 if (!policydb_role_isvalid(p, ra->role) ||
2640 !policydb_role_isvalid(p, ra->new_role))
2641 goto bad;
2642 lra = ra;
2643 }
2644
2645 rc = filename_trans_read(p, fp);
2646 if (rc)
2647 goto bad;
2648
2649 rc = policydb_index(p);
2650 if (rc)
2651 goto bad;
2652
2653 rc = -EINVAL;
2654 perm = string_to_av_perm(p, p->process_class, "transition");
2655 if (!perm) {
2656 pr_err("SELinux: process transition permission is required, not defined in policy\n");
2657 goto bad;
2658 }
2659 p->process_trans_perms = perm;
2660 perm = string_to_av_perm(p, p->process_class, "dyntransition");
2661 if (!perm) {
2662 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n");
2663 goto bad;
2664 }
2665 p->process_trans_perms |= perm;
2666
2667 rc = ocontext_read(p, info, fp);
2668 if (rc)
2669 goto bad;
2670
2671 rc = genfs_read(p, fp);
2672 if (rc)
2673 goto bad;
2674
2675 rc = range_read(p, fp);
2676 if (rc)
2677 goto bad;
2678
2679 rc = -ENOMEM;
2680 p->type_attr_map_array = kvcalloc(p->p_types.nprim,
2681 sizeof(*p->type_attr_map_array),
2682 GFP_KERNEL);
2683 if (!p->type_attr_map_array)
2684 goto bad;
2685
2686 /* just in case ebitmap_init() becomes more than just a memset(0): */
2687 for (i = 0; i < p->p_types.nprim; i++)
2688 ebitmap_init(&p->type_attr_map_array[i]);
2689
2690 for (i = 0; i < p->p_types.nprim; i++) {
2691 struct ebitmap *e = &p->type_attr_map_array[i];
2692
2693 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2694 rc = ebitmap_read(e, fp);
2695 if (rc)
2696 goto bad;
2697 }
2698 /* add the type itself as the degenerate case */
2699 rc = ebitmap_set_bit(e, i, 1);
2700 if (rc)
2701 goto bad;
2702 }
2703
2704 rc = policydb_bounds_sanity_check(p);
2705 if (rc)
2706 goto bad;
2707
2708 rc = 0;
2709 out:
2710 return rc;
2711 bad:
2712 kfree(rtk);
2713 kfree(rtd);
2714 policydb_destroy(p);
2715 goto out;
2716 }
2717
2718 /*
2719 * Write a MLS level structure to a policydb binary
2720 * representation file.
2721 */
mls_write_level(struct mls_level * l,void * fp)2722 static int mls_write_level(struct mls_level *l, void *fp)
2723 {
2724 __le32 buf[1];
2725 int rc;
2726
2727 buf[0] = cpu_to_le32(l->sens);
2728 rc = put_entry(buf, sizeof(u32), 1, fp);
2729 if (rc)
2730 return rc;
2731
2732 rc = ebitmap_write(&l->cat, fp);
2733 if (rc)
2734 return rc;
2735
2736 return 0;
2737 }
2738
2739 /*
2740 * Write a MLS range structure to a policydb binary
2741 * representation file.
2742 */
mls_write_range_helper(struct mls_range * r,void * fp)2743 static int mls_write_range_helper(struct mls_range *r, void *fp)
2744 {
2745 __le32 buf[3];
2746 size_t items;
2747 int rc, eq;
2748
2749 eq = mls_level_eq(&r->level[1], &r->level[0]);
2750
2751 if (eq)
2752 items = 2;
2753 else
2754 items = 3;
2755 buf[0] = cpu_to_le32(items-1);
2756 buf[1] = cpu_to_le32(r->level[0].sens);
2757 if (!eq)
2758 buf[2] = cpu_to_le32(r->level[1].sens);
2759
2760 BUG_ON(items > ARRAY_SIZE(buf));
2761
2762 rc = put_entry(buf, sizeof(u32), items, fp);
2763 if (rc)
2764 return rc;
2765
2766 rc = ebitmap_write(&r->level[0].cat, fp);
2767 if (rc)
2768 return rc;
2769 if (!eq) {
2770 rc = ebitmap_write(&r->level[1].cat, fp);
2771 if (rc)
2772 return rc;
2773 }
2774
2775 return 0;
2776 }
2777
sens_write(void * vkey,void * datum,void * ptr)2778 static int sens_write(void *vkey, void *datum, void *ptr)
2779 {
2780 char *key = vkey;
2781 struct level_datum *levdatum = datum;
2782 struct policy_data *pd = ptr;
2783 void *fp = pd->fp;
2784 __le32 buf[2];
2785 size_t len;
2786 int rc;
2787
2788 len = strlen(key);
2789 buf[0] = cpu_to_le32(len);
2790 buf[1] = cpu_to_le32(levdatum->isalias);
2791 rc = put_entry(buf, sizeof(u32), 2, fp);
2792 if (rc)
2793 return rc;
2794
2795 rc = put_entry(key, 1, len, fp);
2796 if (rc)
2797 return rc;
2798
2799 rc = mls_write_level(levdatum->level, fp);
2800 if (rc)
2801 return rc;
2802
2803 return 0;
2804 }
2805
cat_write(void * vkey,void * datum,void * ptr)2806 static int cat_write(void *vkey, void *datum, void *ptr)
2807 {
2808 char *key = vkey;
2809 struct cat_datum *catdatum = datum;
2810 struct policy_data *pd = ptr;
2811 void *fp = pd->fp;
2812 __le32 buf[3];
2813 size_t len;
2814 int rc;
2815
2816 len = strlen(key);
2817 buf[0] = cpu_to_le32(len);
2818 buf[1] = cpu_to_le32(catdatum->value);
2819 buf[2] = cpu_to_le32(catdatum->isalias);
2820 rc = put_entry(buf, sizeof(u32), 3, fp);
2821 if (rc)
2822 return rc;
2823
2824 rc = put_entry(key, 1, len, fp);
2825 if (rc)
2826 return rc;
2827
2828 return 0;
2829 }
2830
role_trans_write_one(void * key,void * datum,void * ptr)2831 static int role_trans_write_one(void *key, void *datum, void *ptr)
2832 {
2833 struct role_trans_key *rtk = key;
2834 struct role_trans_datum *rtd = datum;
2835 struct policy_data *pd = ptr;
2836 void *fp = pd->fp;
2837 struct policydb *p = pd->p;
2838 __le32 buf[3];
2839 int rc;
2840
2841 buf[0] = cpu_to_le32(rtk->role);
2842 buf[1] = cpu_to_le32(rtk->type);
2843 buf[2] = cpu_to_le32(rtd->new_role);
2844 rc = put_entry(buf, sizeof(u32), 3, fp);
2845 if (rc)
2846 return rc;
2847 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2848 buf[0] = cpu_to_le32(rtk->tclass);
2849 rc = put_entry(buf, sizeof(u32), 1, fp);
2850 if (rc)
2851 return rc;
2852 }
2853 return 0;
2854 }
2855
role_trans_write(struct policydb * p,void * fp)2856 static int role_trans_write(struct policydb *p, void *fp)
2857 {
2858 struct policy_data pd = { .p = p, .fp = fp };
2859 __le32 buf[1];
2860 int rc;
2861
2862 buf[0] = cpu_to_le32(p->role_tr.nel);
2863 rc = put_entry(buf, sizeof(u32), 1, fp);
2864 if (rc)
2865 return rc;
2866
2867 return hashtab_map(&p->role_tr, role_trans_write_one, &pd);
2868 }
2869
role_allow_write(struct role_allow * r,void * fp)2870 static int role_allow_write(struct role_allow *r, void *fp)
2871 {
2872 struct role_allow *ra;
2873 __le32 buf[2];
2874 size_t nel;
2875 int rc;
2876
2877 nel = 0;
2878 for (ra = r; ra; ra = ra->next)
2879 nel++;
2880 buf[0] = cpu_to_le32(nel);
2881 rc = put_entry(buf, sizeof(u32), 1, fp);
2882 if (rc)
2883 return rc;
2884 for (ra = r; ra; ra = ra->next) {
2885 buf[0] = cpu_to_le32(ra->role);
2886 buf[1] = cpu_to_le32(ra->new_role);
2887 rc = put_entry(buf, sizeof(u32), 2, fp);
2888 if (rc)
2889 return rc;
2890 }
2891 return 0;
2892 }
2893
2894 /*
2895 * Write a security context structure
2896 * to a policydb binary representation file.
2897 */
context_write(struct policydb * p,struct context * c,void * fp)2898 static int context_write(struct policydb *p, struct context *c,
2899 void *fp)
2900 {
2901 int rc;
2902 __le32 buf[3];
2903
2904 buf[0] = cpu_to_le32(c->user);
2905 buf[1] = cpu_to_le32(c->role);
2906 buf[2] = cpu_to_le32(c->type);
2907
2908 rc = put_entry(buf, sizeof(u32), 3, fp);
2909 if (rc)
2910 return rc;
2911
2912 rc = mls_write_range_helper(&c->range, fp);
2913 if (rc)
2914 return rc;
2915
2916 return 0;
2917 }
2918
2919 /*
2920 * The following *_write functions are used to
2921 * write the symbol data to a policy database
2922 * binary representation file.
2923 */
2924
perm_write(void * vkey,void * datum,void * fp)2925 static int perm_write(void *vkey, void *datum, void *fp)
2926 {
2927 char *key = vkey;
2928 struct perm_datum *perdatum = datum;
2929 __le32 buf[2];
2930 size_t len;
2931 int rc;
2932
2933 len = strlen(key);
2934 buf[0] = cpu_to_le32(len);
2935 buf[1] = cpu_to_le32(perdatum->value);
2936 rc = put_entry(buf, sizeof(u32), 2, fp);
2937 if (rc)
2938 return rc;
2939
2940 rc = put_entry(key, 1, len, fp);
2941 if (rc)
2942 return rc;
2943
2944 return 0;
2945 }
2946
common_write(void * vkey,void * datum,void * ptr)2947 static int common_write(void *vkey, void *datum, void *ptr)
2948 {
2949 char *key = vkey;
2950 struct common_datum *comdatum = datum;
2951 struct policy_data *pd = ptr;
2952 void *fp = pd->fp;
2953 __le32 buf[4];
2954 size_t len;
2955 int rc;
2956
2957 len = strlen(key);
2958 buf[0] = cpu_to_le32(len);
2959 buf[1] = cpu_to_le32(comdatum->value);
2960 buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2961 buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
2962 rc = put_entry(buf, sizeof(u32), 4, fp);
2963 if (rc)
2964 return rc;
2965
2966 rc = put_entry(key, 1, len, fp);
2967 if (rc)
2968 return rc;
2969
2970 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp);
2971 if (rc)
2972 return rc;
2973
2974 return 0;
2975 }
2976
type_set_write(struct type_set * t,void * fp)2977 static int type_set_write(struct type_set *t, void *fp)
2978 {
2979 int rc;
2980 __le32 buf[1];
2981
2982 if (ebitmap_write(&t->types, fp))
2983 return -EINVAL;
2984 if (ebitmap_write(&t->negset, fp))
2985 return -EINVAL;
2986
2987 buf[0] = cpu_to_le32(t->flags);
2988 rc = put_entry(buf, sizeof(u32), 1, fp);
2989 if (rc)
2990 return -EINVAL;
2991
2992 return 0;
2993 }
2994
write_cons_helper(struct policydb * p,struct constraint_node * node,void * fp)2995 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2996 void *fp)
2997 {
2998 struct constraint_node *c;
2999 struct constraint_expr *e;
3000 __le32 buf[3];
3001 u32 nel;
3002 int rc;
3003
3004 for (c = node; c; c = c->next) {
3005 nel = 0;
3006 for (e = c->expr; e; e = e->next)
3007 nel++;
3008 buf[0] = cpu_to_le32(c->permissions);
3009 buf[1] = cpu_to_le32(nel);
3010 rc = put_entry(buf, sizeof(u32), 2, fp);
3011 if (rc)
3012 return rc;
3013 for (e = c->expr; e; e = e->next) {
3014 buf[0] = cpu_to_le32(e->expr_type);
3015 buf[1] = cpu_to_le32(e->attr);
3016 buf[2] = cpu_to_le32(e->op);
3017 rc = put_entry(buf, sizeof(u32), 3, fp);
3018 if (rc)
3019 return rc;
3020
3021 switch (e->expr_type) {
3022 case CEXPR_NAMES:
3023 rc = ebitmap_write(&e->names, fp);
3024 if (rc)
3025 return rc;
3026 if (p->policyvers >=
3027 POLICYDB_VERSION_CONSTRAINT_NAMES) {
3028 rc = type_set_write(e->type_names, fp);
3029 if (rc)
3030 return rc;
3031 }
3032 break;
3033 default:
3034 break;
3035 }
3036 }
3037 }
3038
3039 return 0;
3040 }
3041
class_write(void * vkey,void * datum,void * ptr)3042 static int class_write(void *vkey, void *datum, void *ptr)
3043 {
3044 char *key = vkey;
3045 struct class_datum *cladatum = datum;
3046 struct policy_data *pd = ptr;
3047 void *fp = pd->fp;
3048 struct policydb *p = pd->p;
3049 struct constraint_node *c;
3050 __le32 buf[6];
3051 u32 ncons;
3052 size_t len, len2;
3053 int rc;
3054
3055 len = strlen(key);
3056 if (cladatum->comkey)
3057 len2 = strlen(cladatum->comkey);
3058 else
3059 len2 = 0;
3060
3061 ncons = 0;
3062 for (c = cladatum->constraints; c; c = c->next)
3063 ncons++;
3064
3065 buf[0] = cpu_to_le32(len);
3066 buf[1] = cpu_to_le32(len2);
3067 buf[2] = cpu_to_le32(cladatum->value);
3068 buf[3] = cpu_to_le32(cladatum->permissions.nprim);
3069 buf[4] = cpu_to_le32(cladatum->permissions.table.nel);
3070 buf[5] = cpu_to_le32(ncons);
3071 rc = put_entry(buf, sizeof(u32), 6, fp);
3072 if (rc)
3073 return rc;
3074
3075 rc = put_entry(key, 1, len, fp);
3076 if (rc)
3077 return rc;
3078
3079 if (cladatum->comkey) {
3080 rc = put_entry(cladatum->comkey, 1, len2, fp);
3081 if (rc)
3082 return rc;
3083 }
3084
3085 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp);
3086 if (rc)
3087 return rc;
3088
3089 rc = write_cons_helper(p, cladatum->constraints, fp);
3090 if (rc)
3091 return rc;
3092
3093 /* write out the validatetrans rule */
3094 ncons = 0;
3095 for (c = cladatum->validatetrans; c; c = c->next)
3096 ncons++;
3097
3098 buf[0] = cpu_to_le32(ncons);
3099 rc = put_entry(buf, sizeof(u32), 1, fp);
3100 if (rc)
3101 return rc;
3102
3103 rc = write_cons_helper(p, cladatum->validatetrans, fp);
3104 if (rc)
3105 return rc;
3106
3107 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
3108 buf[0] = cpu_to_le32(cladatum->default_user);
3109 buf[1] = cpu_to_le32(cladatum->default_role);
3110 buf[2] = cpu_to_le32(cladatum->default_range);
3111
3112 rc = put_entry(buf, sizeof(uint32_t), 3, fp);
3113 if (rc)
3114 return rc;
3115 }
3116
3117 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
3118 buf[0] = cpu_to_le32(cladatum->default_type);
3119 rc = put_entry(buf, sizeof(uint32_t), 1, fp);
3120 if (rc)
3121 return rc;
3122 }
3123
3124 return 0;
3125 }
3126
role_write(void * vkey,void * datum,void * ptr)3127 static int role_write(void *vkey, void *datum, void *ptr)
3128 {
3129 char *key = vkey;
3130 struct role_datum *role = datum;
3131 struct policy_data *pd = ptr;
3132 void *fp = pd->fp;
3133 struct policydb *p = pd->p;
3134 __le32 buf[3];
3135 size_t items, len;
3136 int rc;
3137
3138 len = strlen(key);
3139 items = 0;
3140 buf[items++] = cpu_to_le32(len);
3141 buf[items++] = cpu_to_le32(role->value);
3142 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3143 buf[items++] = cpu_to_le32(role->bounds);
3144
3145 BUG_ON(items > ARRAY_SIZE(buf));
3146
3147 rc = put_entry(buf, sizeof(u32), items, fp);
3148 if (rc)
3149 return rc;
3150
3151 rc = put_entry(key, 1, len, fp);
3152 if (rc)
3153 return rc;
3154
3155 rc = ebitmap_write(&role->dominates, fp);
3156 if (rc)
3157 return rc;
3158
3159 rc = ebitmap_write(&role->types, fp);
3160 if (rc)
3161 return rc;
3162
3163 return 0;
3164 }
3165
type_write(void * vkey,void * datum,void * ptr)3166 static int type_write(void *vkey, void *datum, void *ptr)
3167 {
3168 char *key = vkey;
3169 struct type_datum *typdatum = datum;
3170 struct policy_data *pd = ptr;
3171 struct policydb *p = pd->p;
3172 void *fp = pd->fp;
3173 __le32 buf[4];
3174 int rc;
3175 size_t items, len;
3176
3177 len = strlen(key);
3178 items = 0;
3179 buf[items++] = cpu_to_le32(len);
3180 buf[items++] = cpu_to_le32(typdatum->value);
3181 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3182 u32 properties = 0;
3183
3184 if (typdatum->primary)
3185 properties |= TYPEDATUM_PROPERTY_PRIMARY;
3186
3187 if (typdatum->attribute)
3188 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3189
3190 buf[items++] = cpu_to_le32(properties);
3191 buf[items++] = cpu_to_le32(typdatum->bounds);
3192 } else {
3193 buf[items++] = cpu_to_le32(typdatum->primary);
3194 }
3195 BUG_ON(items > ARRAY_SIZE(buf));
3196 rc = put_entry(buf, sizeof(u32), items, fp);
3197 if (rc)
3198 return rc;
3199
3200 rc = put_entry(key, 1, len, fp);
3201 if (rc)
3202 return rc;
3203
3204 return 0;
3205 }
3206
user_write(void * vkey,void * datum,void * ptr)3207 static int user_write(void *vkey, void *datum, void *ptr)
3208 {
3209 char *key = vkey;
3210 struct user_datum *usrdatum = datum;
3211 struct policy_data *pd = ptr;
3212 struct policydb *p = pd->p;
3213 void *fp = pd->fp;
3214 __le32 buf[3];
3215 size_t items, len;
3216 int rc;
3217
3218 len = strlen(key);
3219 items = 0;
3220 buf[items++] = cpu_to_le32(len);
3221 buf[items++] = cpu_to_le32(usrdatum->value);
3222 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3223 buf[items++] = cpu_to_le32(usrdatum->bounds);
3224 BUG_ON(items > ARRAY_SIZE(buf));
3225 rc = put_entry(buf, sizeof(u32), items, fp);
3226 if (rc)
3227 return rc;
3228
3229 rc = put_entry(key, 1, len, fp);
3230 if (rc)
3231 return rc;
3232
3233 rc = ebitmap_write(&usrdatum->roles, fp);
3234 if (rc)
3235 return rc;
3236
3237 rc = mls_write_range_helper(&usrdatum->range, fp);
3238 if (rc)
3239 return rc;
3240
3241 rc = mls_write_level(&usrdatum->dfltlevel, fp);
3242 if (rc)
3243 return rc;
3244
3245 return 0;
3246 }
3247
3248 static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
3249 common_write,
3250 class_write,
3251 role_write,
3252 type_write,
3253 user_write,
3254 cond_write_bool,
3255 sens_write,
3256 cat_write,
3257 };
3258
ocontext_write(struct policydb * p,const struct policydb_compat_info * info,void * fp)3259 static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info,
3260 void *fp)
3261 {
3262 unsigned int i, j, rc;
3263 size_t nel, len;
3264 __be64 prefixbuf[1];
3265 __le32 buf[3];
3266 u32 nodebuf[8];
3267 struct ocontext *c;
3268 for (i = 0; i < info->ocon_num; i++) {
3269 nel = 0;
3270 for (c = p->ocontexts[i]; c; c = c->next)
3271 nel++;
3272 buf[0] = cpu_to_le32(nel);
3273 rc = put_entry(buf, sizeof(u32), 1, fp);
3274 if (rc)
3275 return rc;
3276 for (c = p->ocontexts[i]; c; c = c->next) {
3277 switch (i) {
3278 case OCON_ISID:
3279 buf[0] = cpu_to_le32(c->sid[0]);
3280 rc = put_entry(buf, sizeof(u32), 1, fp);
3281 if (rc)
3282 return rc;
3283 rc = context_write(p, &c->context[0], fp);
3284 if (rc)
3285 return rc;
3286 break;
3287 case OCON_FS:
3288 case OCON_NETIF:
3289 len = strlen(c->u.name);
3290 buf[0] = cpu_to_le32(len);
3291 rc = put_entry(buf, sizeof(u32), 1, fp);
3292 if (rc)
3293 return rc;
3294 rc = put_entry(c->u.name, 1, len, fp);
3295 if (rc)
3296 return rc;
3297 rc = context_write(p, &c->context[0], fp);
3298 if (rc)
3299 return rc;
3300 rc = context_write(p, &c->context[1], fp);
3301 if (rc)
3302 return rc;
3303 break;
3304 case OCON_PORT:
3305 buf[0] = cpu_to_le32(c->u.port.protocol);
3306 buf[1] = cpu_to_le32(c->u.port.low_port);
3307 buf[2] = cpu_to_le32(c->u.port.high_port);
3308 rc = put_entry(buf, sizeof(u32), 3, fp);
3309 if (rc)
3310 return rc;
3311 rc = context_write(p, &c->context[0], fp);
3312 if (rc)
3313 return rc;
3314 break;
3315 case OCON_NODE:
3316 nodebuf[0] = c->u.node.addr; /* network order */
3317 nodebuf[1] = c->u.node.mask; /* network order */
3318 rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3319 if (rc)
3320 return rc;
3321 rc = context_write(p, &c->context[0], fp);
3322 if (rc)
3323 return rc;
3324 break;
3325 case OCON_FSUSE:
3326 buf[0] = cpu_to_le32(c->v.behavior);
3327 len = strlen(c->u.name);
3328 buf[1] = cpu_to_le32(len);
3329 rc = put_entry(buf, sizeof(u32), 2, fp);
3330 if (rc)
3331 return rc;
3332 rc = put_entry(c->u.name, 1, len, fp);
3333 if (rc)
3334 return rc;
3335 rc = context_write(p, &c->context[0], fp);
3336 if (rc)
3337 return rc;
3338 break;
3339 case OCON_NODE6:
3340 for (j = 0; j < 4; j++)
3341 nodebuf[j] = c->u.node6.addr[j]; /* network order */
3342 for (j = 0; j < 4; j++)
3343 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3344 rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3345 if (rc)
3346 return rc;
3347 rc = context_write(p, &c->context[0], fp);
3348 if (rc)
3349 return rc;
3350 break;
3351 case OCON_IBPKEY:
3352 /* subnet_prefix is in CPU order */
3353 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3354
3355 rc = put_entry(prefixbuf, sizeof(u64), 1, fp);
3356 if (rc)
3357 return rc;
3358
3359 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey);
3360 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey);
3361
3362 rc = put_entry(buf, sizeof(u32), 2, fp);
3363 if (rc)
3364 return rc;
3365 rc = context_write(p, &c->context[0], fp);
3366 if (rc)
3367 return rc;
3368 break;
3369 case OCON_IBENDPORT:
3370 len = strlen(c->u.ibendport.dev_name);
3371 buf[0] = cpu_to_le32(len);
3372 buf[1] = cpu_to_le32(c->u.ibendport.port);
3373 rc = put_entry(buf, sizeof(u32), 2, fp);
3374 if (rc)
3375 return rc;
3376 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp);
3377 if (rc)
3378 return rc;
3379 rc = context_write(p, &c->context[0], fp);
3380 if (rc)
3381 return rc;
3382 break;
3383 }
3384 }
3385 }
3386 return 0;
3387 }
3388
genfs_write(struct policydb * p,void * fp)3389 static int genfs_write(struct policydb *p, void *fp)
3390 {
3391 struct genfs *genfs;
3392 struct ocontext *c;
3393 size_t len;
3394 __le32 buf[1];
3395 int rc;
3396
3397 len = 0;
3398 for (genfs = p->genfs; genfs; genfs = genfs->next)
3399 len++;
3400 buf[0] = cpu_to_le32(len);
3401 rc = put_entry(buf, sizeof(u32), 1, fp);
3402 if (rc)
3403 return rc;
3404 for (genfs = p->genfs; genfs; genfs = genfs->next) {
3405 len = strlen(genfs->fstype);
3406 buf[0] = cpu_to_le32(len);
3407 rc = put_entry(buf, sizeof(u32), 1, fp);
3408 if (rc)
3409 return rc;
3410 rc = put_entry(genfs->fstype, 1, len, fp);
3411 if (rc)
3412 return rc;
3413 len = 0;
3414 for (c = genfs->head; c; c = c->next)
3415 len++;
3416 buf[0] = cpu_to_le32(len);
3417 rc = put_entry(buf, sizeof(u32), 1, fp);
3418 if (rc)
3419 return rc;
3420 for (c = genfs->head; c; c = c->next) {
3421 len = strlen(c->u.name);
3422 buf[0] = cpu_to_le32(len);
3423 rc = put_entry(buf, sizeof(u32), 1, fp);
3424 if (rc)
3425 return rc;
3426 rc = put_entry(c->u.name, 1, len, fp);
3427 if (rc)
3428 return rc;
3429 buf[0] = cpu_to_le32(c->v.sclass);
3430 rc = put_entry(buf, sizeof(u32), 1, fp);
3431 if (rc)
3432 return rc;
3433 rc = context_write(p, &c->context[0], fp);
3434 if (rc)
3435 return rc;
3436 }
3437 }
3438 return 0;
3439 }
3440
range_write_helper(void * key,void * data,void * ptr)3441 static int range_write_helper(void *key, void *data, void *ptr)
3442 {
3443 __le32 buf[2];
3444 struct range_trans *rt = key;
3445 struct mls_range *r = data;
3446 struct policy_data *pd = ptr;
3447 void *fp = pd->fp;
3448 struct policydb *p = pd->p;
3449 int rc;
3450
3451 buf[0] = cpu_to_le32(rt->source_type);
3452 buf[1] = cpu_to_le32(rt->target_type);
3453 rc = put_entry(buf, sizeof(u32), 2, fp);
3454 if (rc)
3455 return rc;
3456 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3457 buf[0] = cpu_to_le32(rt->target_class);
3458 rc = put_entry(buf, sizeof(u32), 1, fp);
3459 if (rc)
3460 return rc;
3461 }
3462 rc = mls_write_range_helper(r, fp);
3463 if (rc)
3464 return rc;
3465
3466 return 0;
3467 }
3468
range_write(struct policydb * p,void * fp)3469 static int range_write(struct policydb *p, void *fp)
3470 {
3471 __le32 buf[1];
3472 int rc;
3473 struct policy_data pd;
3474
3475 pd.p = p;
3476 pd.fp = fp;
3477
3478 buf[0] = cpu_to_le32(p->range_tr.nel);
3479 rc = put_entry(buf, sizeof(u32), 1, fp);
3480 if (rc)
3481 return rc;
3482
3483 /* actually write all of the entries */
3484 rc = hashtab_map(&p->range_tr, range_write_helper, &pd);
3485 if (rc)
3486 return rc;
3487
3488 return 0;
3489 }
3490
filename_write_helper_compat(void * key,void * data,void * ptr)3491 static int filename_write_helper_compat(void *key, void *data, void *ptr)
3492 {
3493 struct filename_trans_key *ft = key;
3494 struct filename_trans_datum *datum = data;
3495 struct ebitmap_node *node;
3496 void *fp = ptr;
3497 __le32 buf[4];
3498 int rc;
3499 u32 bit, len = strlen(ft->name);
3500
3501 do {
3502 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) {
3503 buf[0] = cpu_to_le32(len);
3504 rc = put_entry(buf, sizeof(u32), 1, fp);
3505 if (rc)
3506 return rc;
3507
3508 rc = put_entry(ft->name, sizeof(char), len, fp);
3509 if (rc)
3510 return rc;
3511
3512 buf[0] = cpu_to_le32(bit + 1);
3513 buf[1] = cpu_to_le32(ft->ttype);
3514 buf[2] = cpu_to_le32(ft->tclass);
3515 buf[3] = cpu_to_le32(datum->otype);
3516
3517 rc = put_entry(buf, sizeof(u32), 4, fp);
3518 if (rc)
3519 return rc;
3520 }
3521
3522 datum = datum->next;
3523 } while (unlikely(datum));
3524
3525 return 0;
3526 }
3527
filename_write_helper(void * key,void * data,void * ptr)3528 static int filename_write_helper(void *key, void *data, void *ptr)
3529 {
3530 struct filename_trans_key *ft = key;
3531 struct filename_trans_datum *datum;
3532 void *fp = ptr;
3533 __le32 buf[3];
3534 int rc;
3535 u32 ndatum, len = strlen(ft->name);
3536
3537 buf[0] = cpu_to_le32(len);
3538 rc = put_entry(buf, sizeof(u32), 1, fp);
3539 if (rc)
3540 return rc;
3541
3542 rc = put_entry(ft->name, sizeof(char), len, fp);
3543 if (rc)
3544 return rc;
3545
3546 ndatum = 0;
3547 datum = data;
3548 do {
3549 ndatum++;
3550 datum = datum->next;
3551 } while (unlikely(datum));
3552
3553 buf[0] = cpu_to_le32(ft->ttype);
3554 buf[1] = cpu_to_le32(ft->tclass);
3555 buf[2] = cpu_to_le32(ndatum);
3556 rc = put_entry(buf, sizeof(u32), 3, fp);
3557 if (rc)
3558 return rc;
3559
3560 datum = data;
3561 do {
3562 rc = ebitmap_write(&datum->stypes, fp);
3563 if (rc)
3564 return rc;
3565
3566 buf[0] = cpu_to_le32(datum->otype);
3567 rc = put_entry(buf, sizeof(u32), 1, fp);
3568 if (rc)
3569 return rc;
3570
3571 datum = datum->next;
3572 } while (unlikely(datum));
3573
3574 return 0;
3575 }
3576
filename_trans_write(struct policydb * p,void * fp)3577 static int filename_trans_write(struct policydb *p, void *fp)
3578 {
3579 __le32 buf[1];
3580 int rc;
3581
3582 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3583 return 0;
3584
3585 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
3586 buf[0] = cpu_to_le32(p->compat_filename_trans_count);
3587 rc = put_entry(buf, sizeof(u32), 1, fp);
3588 if (rc)
3589 return rc;
3590
3591 rc = hashtab_map(&p->filename_trans,
3592 filename_write_helper_compat, fp);
3593 } else {
3594 buf[0] = cpu_to_le32(p->filename_trans.nel);
3595 rc = put_entry(buf, sizeof(u32), 1, fp);
3596 if (rc)
3597 return rc;
3598
3599 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp);
3600 }
3601 return rc;
3602 }
3603
3604 /*
3605 * Write the configuration data in a policy database
3606 * structure to a policy database binary representation
3607 * file.
3608 */
policydb_write(struct policydb * p,void * fp)3609 int policydb_write(struct policydb *p, void *fp)
3610 {
3611 unsigned int i, num_syms;
3612 int rc;
3613 __le32 buf[4];
3614 u32 config;
3615 size_t len;
3616 const struct policydb_compat_info *info;
3617
3618 /*
3619 * refuse to write policy older than compressed avtab
3620 * to simplify the writer. There are other tests dropped
3621 * since we assume this throughout the writer code. Be
3622 * careful if you ever try to remove this restriction
3623 */
3624 if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3625 pr_err("SELinux: refusing to write policy version %d."
3626 " Because it is less than version %d\n", p->policyvers,
3627 POLICYDB_VERSION_AVTAB);
3628 return -EINVAL;
3629 }
3630
3631 config = 0;
3632 if (p->mls_enabled)
3633 config |= POLICYDB_CONFIG_MLS;
3634
3635 if (p->reject_unknown)
3636 config |= REJECT_UNKNOWN;
3637 if (p->allow_unknown)
3638 config |= ALLOW_UNKNOWN;
3639
3640 /* Write the magic number and string identifiers. */
3641 buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3642 len = strlen(POLICYDB_STRING);
3643 buf[1] = cpu_to_le32(len);
3644 rc = put_entry(buf, sizeof(u32), 2, fp);
3645 if (rc)
3646 return rc;
3647 rc = put_entry(POLICYDB_STRING, 1, len, fp);
3648 if (rc)
3649 return rc;
3650
3651 /* Write the version, config, and table sizes. */
3652 info = policydb_lookup_compat(p->policyvers);
3653 if (!info) {
3654 pr_err("SELinux: compatibility lookup failed for policy "
3655 "version %d", p->policyvers);
3656 return -EINVAL;
3657 }
3658
3659 buf[0] = cpu_to_le32(p->policyvers);
3660 buf[1] = cpu_to_le32(config);
3661 buf[2] = cpu_to_le32(info->sym_num);
3662 buf[3] = cpu_to_le32(info->ocon_num);
3663
3664 rc = put_entry(buf, sizeof(u32), 4, fp);
3665 if (rc)
3666 return rc;
3667
3668 if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3669 rc = ebitmap_write(&p->policycaps, fp);
3670 if (rc)
3671 return rc;
3672 }
3673
3674 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3675 rc = ebitmap_write(&p->permissive_map, fp);
3676 if (rc)
3677 return rc;
3678 }
3679
3680 num_syms = info->sym_num;
3681 for (i = 0; i < num_syms; i++) {
3682 struct policy_data pd;
3683
3684 pd.fp = fp;
3685 pd.p = p;
3686
3687 buf[0] = cpu_to_le32(p->symtab[i].nprim);
3688 buf[1] = cpu_to_le32(p->symtab[i].table.nel);
3689
3690 rc = put_entry(buf, sizeof(u32), 2, fp);
3691 if (rc)
3692 return rc;
3693 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd);
3694 if (rc)
3695 return rc;
3696 }
3697
3698 rc = avtab_write(p, &p->te_avtab, fp);
3699 if (rc)
3700 return rc;
3701
3702 rc = cond_write_list(p, fp);
3703 if (rc)
3704 return rc;
3705
3706 rc = role_trans_write(p, fp);
3707 if (rc)
3708 return rc;
3709
3710 rc = role_allow_write(p->role_allow, fp);
3711 if (rc)
3712 return rc;
3713
3714 rc = filename_trans_write(p, fp);
3715 if (rc)
3716 return rc;
3717
3718 rc = ocontext_write(p, info, fp);
3719 if (rc)
3720 return rc;
3721
3722 rc = genfs_write(p, fp);
3723 if (rc)
3724 return rc;
3725
3726 rc = range_write(p, fp);
3727 if (rc)
3728 return rc;
3729
3730 for (i = 0; i < p->p_types.nprim; i++) {
3731 struct ebitmap *e = &p->type_attr_map_array[i];
3732
3733 rc = ebitmap_write(e, fp);
3734 if (rc)
3735 return rc;
3736 }
3737
3738 return 0;
3739 }
3740