1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Implementation of the policy database.
4 *
5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
6 */
7
8 /*
9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 *
11 * Support for enhanced MLS infrastructure.
12 *
13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14 *
15 * Added conditional policy language extensions
16 *
17 * Updated: Hewlett-Packard <paul@paul-moore.com>
18 *
19 * Added support for the policy capability bitmap
20 *
21 * Update: Mellanox Techonologies
22 *
23 * Added Infiniband support
24 *
25 * Copyright (C) 2016 Mellanox Techonologies
26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
29 */
30
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/string.h>
35 #include <linux/errno.h>
36 #include <linux/audit.h>
37 #include "security.h"
38
39 #include "policydb.h"
40 #include "conditional.h"
41 #include "mls.h"
42 #include "services.h"
43
44 #ifdef CONFIG_SECURITY_SELINUX_DEBUG
45 static const char *const symtab_name[SYM_NUM] = {
46 "common prefixes",
47 "classes",
48 "roles",
49 "types",
50 "users",
51 "bools",
52 "levels",
53 "categories",
54 };
55 #endif
56
57 struct policydb_compat_info {
58 unsigned int version;
59 unsigned int sym_num;
60 unsigned int ocon_num;
61 };
62
63 /* These need to be updated if SYM_NUM or OCON_NUM changes */
64 static const struct policydb_compat_info policydb_compat[] = {
65 {
66 .version = POLICYDB_VERSION_BASE,
67 .sym_num = SYM_NUM - 3,
68 .ocon_num = OCON_NUM - 3,
69 },
70 {
71 .version = POLICYDB_VERSION_BOOL,
72 .sym_num = SYM_NUM - 2,
73 .ocon_num = OCON_NUM - 3,
74 },
75 {
76 .version = POLICYDB_VERSION_IPV6,
77 .sym_num = SYM_NUM - 2,
78 .ocon_num = OCON_NUM - 2,
79 },
80 {
81 .version = POLICYDB_VERSION_NLCLASS,
82 .sym_num = SYM_NUM - 2,
83 .ocon_num = OCON_NUM - 2,
84 },
85 {
86 .version = POLICYDB_VERSION_MLS,
87 .sym_num = SYM_NUM,
88 .ocon_num = OCON_NUM - 2,
89 },
90 {
91 .version = POLICYDB_VERSION_AVTAB,
92 .sym_num = SYM_NUM,
93 .ocon_num = OCON_NUM - 2,
94 },
95 {
96 .version = POLICYDB_VERSION_RANGETRANS,
97 .sym_num = SYM_NUM,
98 .ocon_num = OCON_NUM - 2,
99 },
100 {
101 .version = POLICYDB_VERSION_POLCAP,
102 .sym_num = SYM_NUM,
103 .ocon_num = OCON_NUM - 2,
104 },
105 {
106 .version = POLICYDB_VERSION_PERMISSIVE,
107 .sym_num = SYM_NUM,
108 .ocon_num = OCON_NUM - 2,
109 },
110 {
111 .version = POLICYDB_VERSION_BOUNDARY,
112 .sym_num = SYM_NUM,
113 .ocon_num = OCON_NUM - 2,
114 },
115 {
116 .version = POLICYDB_VERSION_FILENAME_TRANS,
117 .sym_num = SYM_NUM,
118 .ocon_num = OCON_NUM - 2,
119 },
120 {
121 .version = POLICYDB_VERSION_ROLETRANS,
122 .sym_num = SYM_NUM,
123 .ocon_num = OCON_NUM - 2,
124 },
125 {
126 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
127 .sym_num = SYM_NUM,
128 .ocon_num = OCON_NUM - 2,
129 },
130 {
131 .version = POLICYDB_VERSION_DEFAULT_TYPE,
132 .sym_num = SYM_NUM,
133 .ocon_num = OCON_NUM - 2,
134 },
135 {
136 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
137 .sym_num = SYM_NUM,
138 .ocon_num = OCON_NUM - 2,
139 },
140 {
141 .version = POLICYDB_VERSION_XPERMS_IOCTL,
142 .sym_num = SYM_NUM,
143 .ocon_num = OCON_NUM - 2,
144 },
145 {
146 .version = POLICYDB_VERSION_INFINIBAND,
147 .sym_num = SYM_NUM,
148 .ocon_num = OCON_NUM,
149 },
150 {
151 .version = POLICYDB_VERSION_GLBLUB,
152 .sym_num = SYM_NUM,
153 .ocon_num = OCON_NUM,
154 },
155 {
156 .version = POLICYDB_VERSION_COMP_FTRANS,
157 .sym_num = SYM_NUM,
158 .ocon_num = OCON_NUM,
159 },
160 };
161
policydb_lookup_compat(unsigned int version)162 static const struct policydb_compat_info *policydb_lookup_compat(unsigned int version)
163 {
164 unsigned int i;
165
166 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
167 if (policydb_compat[i].version == version)
168 return &policydb_compat[i];
169 }
170
171 return NULL;
172 }
173
174 /*
175 * The following *_destroy functions are used to
176 * free any memory allocated for each kind of
177 * symbol data in the policy database.
178 */
179
perm_destroy(void * key,void * datum,void * p)180 static int perm_destroy(void *key, void *datum, void *p)
181 {
182 kfree(key);
183 kfree(datum);
184 return 0;
185 }
186
common_destroy(void * key,void * datum,void * p)187 static int common_destroy(void *key, void *datum, void *p)
188 {
189 struct common_datum *comdatum;
190
191 kfree(key);
192 if (datum) {
193 comdatum = datum;
194 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL);
195 hashtab_destroy(&comdatum->permissions.table);
196 }
197 kfree(datum);
198 return 0;
199 }
200
constraint_expr_destroy(struct constraint_expr * expr)201 static void constraint_expr_destroy(struct constraint_expr *expr)
202 {
203 if (expr) {
204 ebitmap_destroy(&expr->names);
205 if (expr->type_names) {
206 ebitmap_destroy(&expr->type_names->types);
207 ebitmap_destroy(&expr->type_names->negset);
208 kfree(expr->type_names);
209 }
210 kfree(expr);
211 }
212 }
213
cls_destroy(void * key,void * datum,void * p)214 static int cls_destroy(void *key, void *datum, void *p)
215 {
216 struct class_datum *cladatum;
217 struct constraint_node *constraint, *ctemp;
218 struct constraint_expr *e, *etmp;
219
220 kfree(key);
221 if (datum) {
222 cladatum = datum;
223 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL);
224 hashtab_destroy(&cladatum->permissions.table);
225 constraint = cladatum->constraints;
226 while (constraint) {
227 e = constraint->expr;
228 while (e) {
229 etmp = e;
230 e = e->next;
231 constraint_expr_destroy(etmp);
232 }
233 ctemp = constraint;
234 constraint = constraint->next;
235 kfree(ctemp);
236 }
237
238 constraint = cladatum->validatetrans;
239 while (constraint) {
240 e = constraint->expr;
241 while (e) {
242 etmp = e;
243 e = e->next;
244 constraint_expr_destroy(etmp);
245 }
246 ctemp = constraint;
247 constraint = constraint->next;
248 kfree(ctemp);
249 }
250 kfree(cladatum->comkey);
251 }
252 kfree(datum);
253 return 0;
254 }
255
role_destroy(void * key,void * datum,void * p)256 static int role_destroy(void *key, void *datum, void *p)
257 {
258 struct role_datum *role;
259
260 kfree(key);
261 if (datum) {
262 role = datum;
263 ebitmap_destroy(&role->dominates);
264 ebitmap_destroy(&role->types);
265 }
266 kfree(datum);
267 return 0;
268 }
269
type_destroy(void * key,void * datum,void * p)270 static int type_destroy(void *key, void *datum, void *p)
271 {
272 kfree(key);
273 kfree(datum);
274 return 0;
275 }
276
user_destroy(void * key,void * datum,void * p)277 static int user_destroy(void *key, void *datum, void *p)
278 {
279 struct user_datum *usrdatum;
280
281 kfree(key);
282 if (datum) {
283 usrdatum = datum;
284 ebitmap_destroy(&usrdatum->roles);
285 ebitmap_destroy(&usrdatum->range.level[0].cat);
286 ebitmap_destroy(&usrdatum->range.level[1].cat);
287 ebitmap_destroy(&usrdatum->dfltlevel.cat);
288 }
289 kfree(datum);
290 return 0;
291 }
292
sens_destroy(void * key,void * datum,void * p)293 static int sens_destroy(void *key, void *datum, void *p)
294 {
295 struct level_datum *levdatum;
296
297 kfree(key);
298 if (datum) {
299 levdatum = datum;
300 if (levdatum->level)
301 ebitmap_destroy(&levdatum->level->cat);
302 kfree(levdatum->level);
303 }
304 kfree(datum);
305 return 0;
306 }
307
cat_destroy(void * key,void * datum,void * p)308 static int cat_destroy(void *key, void *datum, void *p)
309 {
310 kfree(key);
311 kfree(datum);
312 return 0;
313 }
314
315 static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
316 common_destroy,
317 cls_destroy,
318 role_destroy,
319 type_destroy,
320 user_destroy,
321 cond_destroy_bool,
322 sens_destroy,
323 cat_destroy,
324 };
325
filenametr_destroy(void * key,void * datum,void * p)326 static int filenametr_destroy(void *key, void *datum, void *p)
327 {
328 struct filename_trans_key *ft = key;
329 struct filename_trans_datum *next, *d = datum;
330
331 kfree(ft->name);
332 kfree(key);
333 do {
334 ebitmap_destroy(&d->stypes);
335 next = d->next;
336 kfree(d);
337 d = next;
338 } while (unlikely(d));
339 cond_resched();
340 return 0;
341 }
342
range_tr_destroy(void * key,void * datum,void * p)343 static int range_tr_destroy(void *key, void *datum, void *p)
344 {
345 struct mls_range *rt = datum;
346
347 kfree(key);
348 ebitmap_destroy(&rt->level[0].cat);
349 ebitmap_destroy(&rt->level[1].cat);
350 kfree(datum);
351 cond_resched();
352 return 0;
353 }
354
role_tr_destroy(void * key,void * datum,void * p)355 static int role_tr_destroy(void *key, void *datum, void *p)
356 {
357 kfree(key);
358 kfree(datum);
359 return 0;
360 }
361
ocontext_destroy(struct ocontext * c,unsigned int i)362 static void ocontext_destroy(struct ocontext *c, unsigned int i)
363 {
364 if (!c)
365 return;
366
367 context_destroy(&c->context[0]);
368 context_destroy(&c->context[1]);
369 if (i == OCON_ISID || i == OCON_FS ||
370 i == OCON_NETIF || i == OCON_FSUSE)
371 kfree(c->u.name);
372 kfree(c);
373 }
374
375 /*
376 * Initialize the role table.
377 */
roles_init(struct policydb * p)378 static int roles_init(struct policydb *p)
379 {
380 char *key = NULL;
381 int rc;
382 struct role_datum *role;
383
384 role = kzalloc(sizeof(*role), GFP_KERNEL);
385 if (!role)
386 return -ENOMEM;
387
388 rc = -EINVAL;
389 role->value = ++p->p_roles.nprim;
390 if (role->value != OBJECT_R_VAL)
391 goto out;
392
393 rc = -ENOMEM;
394 key = kstrdup(OBJECT_R, GFP_KERNEL);
395 if (!key)
396 goto out;
397
398 rc = symtab_insert(&p->p_roles, key, role);
399 if (rc)
400 goto out;
401
402 return 0;
403 out:
404 kfree(key);
405 kfree(role);
406 return rc;
407 }
408
filenametr_hash(const void * k)409 static u32 filenametr_hash(const void *k)
410 {
411 const struct filename_trans_key *ft = k;
412 unsigned long hash;
413 unsigned int byte_num;
414 unsigned char focus;
415
416 hash = ft->ttype ^ ft->tclass;
417
418 byte_num = 0;
419 while ((focus = ft->name[byte_num++]))
420 hash = partial_name_hash(focus, hash);
421 return hash;
422 }
423
filenametr_cmp(const void * k1,const void * k2)424 static int filenametr_cmp(const void *k1, const void *k2)
425 {
426 const struct filename_trans_key *ft1 = k1;
427 const struct filename_trans_key *ft2 = k2;
428 int v;
429
430 v = ft1->ttype - ft2->ttype;
431 if (v)
432 return v;
433
434 v = ft1->tclass - ft2->tclass;
435 if (v)
436 return v;
437
438 return strcmp(ft1->name, ft2->name);
439
440 }
441
442 static const struct hashtab_key_params filenametr_key_params = {
443 .hash = filenametr_hash,
444 .cmp = filenametr_cmp,
445 };
446
policydb_filenametr_search(struct policydb * p,struct filename_trans_key * key)447 struct filename_trans_datum *policydb_filenametr_search(
448 struct policydb *p, struct filename_trans_key *key)
449 {
450 return hashtab_search(&p->filename_trans, key, filenametr_key_params);
451 }
452
rangetr_hash(const void * k)453 static u32 rangetr_hash(const void *k)
454 {
455 const struct range_trans *key = k;
456
457 return key->source_type + (key->target_type << 3) +
458 (key->target_class << 5);
459 }
460
rangetr_cmp(const void * k1,const void * k2)461 static int rangetr_cmp(const void *k1, const void *k2)
462 {
463 const struct range_trans *key1 = k1, *key2 = k2;
464 int v;
465
466 v = key1->source_type - key2->source_type;
467 if (v)
468 return v;
469
470 v = key1->target_type - key2->target_type;
471 if (v)
472 return v;
473
474 v = key1->target_class - key2->target_class;
475
476 return v;
477 }
478
479 static const struct hashtab_key_params rangetr_key_params = {
480 .hash = rangetr_hash,
481 .cmp = rangetr_cmp,
482 };
483
policydb_rangetr_search(struct policydb * p,struct range_trans * key)484 struct mls_range *policydb_rangetr_search(struct policydb *p,
485 struct range_trans *key)
486 {
487 return hashtab_search(&p->range_tr, key, rangetr_key_params);
488 }
489
role_trans_hash(const void * k)490 static u32 role_trans_hash(const void *k)
491 {
492 const struct role_trans_key *key = k;
493
494 return key->role + (key->type << 3) + (key->tclass << 5);
495 }
496
role_trans_cmp(const void * k1,const void * k2)497 static int role_trans_cmp(const void *k1, const void *k2)
498 {
499 const struct role_trans_key *key1 = k1, *key2 = k2;
500 int v;
501
502 v = key1->role - key2->role;
503 if (v)
504 return v;
505
506 v = key1->type - key2->type;
507 if (v)
508 return v;
509
510 return key1->tclass - key2->tclass;
511 }
512
513 static const struct hashtab_key_params roletr_key_params = {
514 .hash = role_trans_hash,
515 .cmp = role_trans_cmp,
516 };
517
policydb_roletr_search(struct policydb * p,struct role_trans_key * key)518 struct role_trans_datum *policydb_roletr_search(struct policydb *p,
519 struct role_trans_key *key)
520 {
521 return hashtab_search(&p->role_tr, key, roletr_key_params);
522 }
523
524 /*
525 * Initialize a policy database structure.
526 */
policydb_init(struct policydb * p)527 static void policydb_init(struct policydb *p)
528 {
529 memset(p, 0, sizeof(*p));
530
531 avtab_init(&p->te_avtab);
532 cond_policydb_init(p);
533
534 ebitmap_init(&p->filename_trans_ttypes);
535 ebitmap_init(&p->policycaps);
536 ebitmap_init(&p->permissive_map);
537 }
538
539 /*
540 * The following *_index functions are used to
541 * define the val_to_name and val_to_struct arrays
542 * in a policy database structure. The val_to_name
543 * arrays are used when converting security context
544 * structures into string representations. The
545 * val_to_struct arrays are used when the attributes
546 * of a class, role, or user are needed.
547 */
548
common_index(void * key,void * datum,void * datap)549 static int common_index(void *key, void *datum, void *datap)
550 {
551 struct policydb *p;
552 struct common_datum *comdatum;
553
554 comdatum = datum;
555 p = datap;
556 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
557 return -EINVAL;
558
559 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
560
561 return 0;
562 }
563
class_index(void * key,void * datum,void * datap)564 static int class_index(void *key, void *datum, void *datap)
565 {
566 struct policydb *p;
567 struct class_datum *cladatum;
568
569 cladatum = datum;
570 p = datap;
571 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
572 return -EINVAL;
573
574 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
575 p->class_val_to_struct[cladatum->value - 1] = cladatum;
576 return 0;
577 }
578
role_index(void * key,void * datum,void * datap)579 static int role_index(void *key, void *datum, void *datap)
580 {
581 struct policydb *p;
582 struct role_datum *role;
583
584 role = datum;
585 p = datap;
586 if (!role->value
587 || role->value > p->p_roles.nprim
588 || role->bounds > p->p_roles.nprim)
589 return -EINVAL;
590
591 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
592 p->role_val_to_struct[role->value - 1] = role;
593 return 0;
594 }
595
type_index(void * key,void * datum,void * datap)596 static int type_index(void *key, void *datum, void *datap)
597 {
598 struct policydb *p;
599 struct type_datum *typdatum;
600
601 typdatum = datum;
602 p = datap;
603
604 if (typdatum->primary) {
605 if (!typdatum->value
606 || typdatum->value > p->p_types.nprim
607 || typdatum->bounds > p->p_types.nprim)
608 return -EINVAL;
609 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
610 p->type_val_to_struct[typdatum->value - 1] = typdatum;
611 }
612
613 return 0;
614 }
615
user_index(void * key,void * datum,void * datap)616 static int user_index(void *key, void *datum, void *datap)
617 {
618 struct policydb *p;
619 struct user_datum *usrdatum;
620
621 usrdatum = datum;
622 p = datap;
623 if (!usrdatum->value
624 || usrdatum->value > p->p_users.nprim
625 || usrdatum->bounds > p->p_users.nprim)
626 return -EINVAL;
627
628 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
629 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
630 return 0;
631 }
632
sens_index(void * key,void * datum,void * datap)633 static int sens_index(void *key, void *datum, void *datap)
634 {
635 struct policydb *p;
636 struct level_datum *levdatum;
637
638 levdatum = datum;
639 p = datap;
640
641 if (!levdatum->isalias) {
642 if (!levdatum->level->sens ||
643 levdatum->level->sens > p->p_levels.nprim)
644 return -EINVAL;
645
646 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
647 }
648
649 return 0;
650 }
651
cat_index(void * key,void * datum,void * datap)652 static int cat_index(void *key, void *datum, void *datap)
653 {
654 struct policydb *p;
655 struct cat_datum *catdatum;
656
657 catdatum = datum;
658 p = datap;
659
660 if (!catdatum->isalias) {
661 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
662 return -EINVAL;
663
664 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
665 }
666
667 return 0;
668 }
669
670 static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
671 common_index,
672 class_index,
673 role_index,
674 type_index,
675 user_index,
676 cond_index_bool,
677 sens_index,
678 cat_index,
679 };
680
681 #ifdef CONFIG_SECURITY_SELINUX_DEBUG
hash_eval(struct hashtab * h,const char * hash_name)682 static void hash_eval(struct hashtab *h, const char *hash_name)
683 {
684 struct hashtab_info info;
685
686 hashtab_stat(h, &info);
687 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n",
688 hash_name, h->nel, info.slots_used, h->size,
689 info.max_chain_len);
690 }
691
symtab_hash_eval(struct symtab * s)692 static void symtab_hash_eval(struct symtab *s)
693 {
694 int i;
695
696 for (i = 0; i < SYM_NUM; i++)
697 hash_eval(&s[i].table, symtab_name[i]);
698 }
699
700 #else
hash_eval(struct hashtab * h,const char * hash_name)701 static inline void hash_eval(struct hashtab *h, const char *hash_name)
702 {
703 }
symtab_hash_eval(struct symtab * s)704 static inline void symtab_hash_eval(struct symtab *s)
705 {
706 }
707 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */
708
709 /*
710 * Define the other val_to_name and val_to_struct arrays
711 * in a policy database structure.
712 *
713 * Caller must clean up on failure.
714 */
policydb_index(struct policydb * p)715 static int policydb_index(struct policydb *p)
716 {
717 int i, rc;
718
719 if (p->mls_enabled)
720 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n",
721 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
722 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
723 else
724 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n",
725 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
726 p->p_bools.nprim);
727
728 pr_debug("SELinux: %d classes, %d rules\n",
729 p->p_classes.nprim, p->te_avtab.nel);
730
731 avtab_hash_eval(&p->te_avtab, "rules");
732 symtab_hash_eval(p->symtab);
733
734 p->class_val_to_struct = kcalloc(p->p_classes.nprim,
735 sizeof(*p->class_val_to_struct),
736 GFP_KERNEL);
737 if (!p->class_val_to_struct)
738 return -ENOMEM;
739
740 p->role_val_to_struct = kcalloc(p->p_roles.nprim,
741 sizeof(*p->role_val_to_struct),
742 GFP_KERNEL);
743 if (!p->role_val_to_struct)
744 return -ENOMEM;
745
746 p->user_val_to_struct = kcalloc(p->p_users.nprim,
747 sizeof(*p->user_val_to_struct),
748 GFP_KERNEL);
749 if (!p->user_val_to_struct)
750 return -ENOMEM;
751
752 p->type_val_to_struct = kvcalloc(p->p_types.nprim,
753 sizeof(*p->type_val_to_struct),
754 GFP_KERNEL);
755 if (!p->type_val_to_struct)
756 return -ENOMEM;
757
758 rc = cond_init_bool_indexes(p);
759 if (rc)
760 goto out;
761
762 for (i = 0; i < SYM_NUM; i++) {
763 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,
764 sizeof(char *),
765 GFP_KERNEL);
766 if (!p->sym_val_to_name[i])
767 return -ENOMEM;
768
769 rc = hashtab_map(&p->symtab[i].table, index_f[i], p);
770 if (rc)
771 goto out;
772 }
773 rc = 0;
774 out:
775 return rc;
776 }
777
778 /*
779 * Free any memory allocated by a policy database structure.
780 */
policydb_destroy(struct policydb * p)781 void policydb_destroy(struct policydb *p)
782 {
783 struct ocontext *c, *ctmp;
784 struct genfs *g, *gtmp;
785 u32 i;
786 struct role_allow *ra, *lra = NULL;
787
788 for (i = 0; i < SYM_NUM; i++) {
789 cond_resched();
790 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL);
791 hashtab_destroy(&p->symtab[i].table);
792 }
793
794 for (i = 0; i < SYM_NUM; i++)
795 kvfree(p->sym_val_to_name[i]);
796
797 kfree(p->class_val_to_struct);
798 kfree(p->role_val_to_struct);
799 kfree(p->user_val_to_struct);
800 kvfree(p->type_val_to_struct);
801
802 avtab_destroy(&p->te_avtab);
803
804 for (i = 0; i < OCON_NUM; i++) {
805 cond_resched();
806 c = p->ocontexts[i];
807 while (c) {
808 ctmp = c;
809 c = c->next;
810 ocontext_destroy(ctmp, i);
811 }
812 p->ocontexts[i] = NULL;
813 }
814
815 g = p->genfs;
816 while (g) {
817 cond_resched();
818 kfree(g->fstype);
819 c = g->head;
820 while (c) {
821 ctmp = c;
822 c = c->next;
823 ocontext_destroy(ctmp, OCON_FSUSE);
824 }
825 gtmp = g;
826 g = g->next;
827 kfree(gtmp);
828 }
829 p->genfs = NULL;
830
831 cond_policydb_destroy(p);
832
833 hashtab_map(&p->role_tr, role_tr_destroy, NULL);
834 hashtab_destroy(&p->role_tr);
835
836 for (ra = p->role_allow; ra; ra = ra->next) {
837 cond_resched();
838 kfree(lra);
839 lra = ra;
840 }
841 kfree(lra);
842
843 hashtab_map(&p->filename_trans, filenametr_destroy, NULL);
844 hashtab_destroy(&p->filename_trans);
845
846 hashtab_map(&p->range_tr, range_tr_destroy, NULL);
847 hashtab_destroy(&p->range_tr);
848
849 if (p->type_attr_map_array) {
850 for (i = 0; i < p->p_types.nprim; i++)
851 ebitmap_destroy(&p->type_attr_map_array[i]);
852 kvfree(p->type_attr_map_array);
853 }
854
855 ebitmap_destroy(&p->filename_trans_ttypes);
856 ebitmap_destroy(&p->policycaps);
857 ebitmap_destroy(&p->permissive_map);
858 }
859
860 /*
861 * Load the initial SIDs specified in a policy database
862 * structure into a SID table.
863 */
policydb_load_isids(struct policydb * p,struct sidtab * s)864 int policydb_load_isids(struct policydb *p, struct sidtab *s)
865 {
866 struct ocontext *head, *c;
867 int rc;
868
869 rc = sidtab_init(s);
870 if (rc) {
871 pr_err("SELinux: out of memory on SID table init\n");
872 return rc;
873 }
874
875 head = p->ocontexts[OCON_ISID];
876 for (c = head; c; c = c->next) {
877 u32 sid = c->sid[0];
878 const char *name = security_get_initial_sid_context(sid);
879
880 if (sid == SECSID_NULL) {
881 pr_err("SELinux: SID 0 was assigned a context.\n");
882 sidtab_destroy(s);
883 return -EINVAL;
884 }
885
886 /* Ignore initial SIDs unused by this kernel. */
887 if (!name)
888 continue;
889
890 rc = sidtab_set_initial(s, sid, &c->context[0]);
891 if (rc) {
892 pr_err("SELinux: unable to load initial SID %s.\n",
893 name);
894 sidtab_destroy(s);
895 return rc;
896 }
897 }
898 return 0;
899 }
900
policydb_class_isvalid(struct policydb * p,unsigned int class)901 int policydb_class_isvalid(struct policydb *p, unsigned int class)
902 {
903 if (!class || class > p->p_classes.nprim)
904 return 0;
905 return 1;
906 }
907
policydb_role_isvalid(struct policydb * p,unsigned int role)908 int policydb_role_isvalid(struct policydb *p, unsigned int role)
909 {
910 if (!role || role > p->p_roles.nprim)
911 return 0;
912 return 1;
913 }
914
policydb_type_isvalid(struct policydb * p,unsigned int type)915 int policydb_type_isvalid(struct policydb *p, unsigned int type)
916 {
917 if (!type || type > p->p_types.nprim)
918 return 0;
919 return 1;
920 }
921
922 /*
923 * Return 1 if the fields in the security context
924 * structure `c' are valid. Return 0 otherwise.
925 */
policydb_context_isvalid(struct policydb * p,struct context * c)926 int policydb_context_isvalid(struct policydb *p, struct context *c)
927 {
928 struct role_datum *role;
929 struct user_datum *usrdatum;
930
931 if (!c->role || c->role > p->p_roles.nprim)
932 return 0;
933
934 if (!c->user || c->user > p->p_users.nprim)
935 return 0;
936
937 if (!c->type || c->type > p->p_types.nprim)
938 return 0;
939
940 if (c->role != OBJECT_R_VAL) {
941 /*
942 * Role must be authorized for the type.
943 */
944 role = p->role_val_to_struct[c->role - 1];
945 if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
946 /* role may not be associated with type */
947 return 0;
948
949 /*
950 * User must be authorized for the role.
951 */
952 usrdatum = p->user_val_to_struct[c->user - 1];
953 if (!usrdatum)
954 return 0;
955
956 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
957 /* user may not be associated with role */
958 return 0;
959 }
960
961 if (!mls_context_isvalid(p, c))
962 return 0;
963
964 return 1;
965 }
966
967 /*
968 * Read a MLS range structure from a policydb binary
969 * representation file.
970 */
mls_read_range_helper(struct mls_range * r,void * fp)971 static int mls_read_range_helper(struct mls_range *r, void *fp)
972 {
973 __le32 buf[2];
974 u32 items;
975 int rc;
976
977 rc = next_entry(buf, fp, sizeof(u32));
978 if (rc)
979 goto out;
980
981 rc = -EINVAL;
982 items = le32_to_cpu(buf[0]);
983 if (items > ARRAY_SIZE(buf)) {
984 pr_err("SELinux: mls: range overflow\n");
985 goto out;
986 }
987
988 rc = next_entry(buf, fp, sizeof(u32) * items);
989 if (rc) {
990 pr_err("SELinux: mls: truncated range\n");
991 goto out;
992 }
993
994 r->level[0].sens = le32_to_cpu(buf[0]);
995 if (items > 1)
996 r->level[1].sens = le32_to_cpu(buf[1]);
997 else
998 r->level[1].sens = r->level[0].sens;
999
1000 rc = ebitmap_read(&r->level[0].cat, fp);
1001 if (rc) {
1002 pr_err("SELinux: mls: error reading low categories\n");
1003 goto out;
1004 }
1005 if (items > 1) {
1006 rc = ebitmap_read(&r->level[1].cat, fp);
1007 if (rc) {
1008 pr_err("SELinux: mls: error reading high categories\n");
1009 goto bad_high;
1010 }
1011 } else {
1012 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1013 if (rc) {
1014 pr_err("SELinux: mls: out of memory\n");
1015 goto bad_high;
1016 }
1017 }
1018
1019 return 0;
1020 bad_high:
1021 ebitmap_destroy(&r->level[0].cat);
1022 out:
1023 return rc;
1024 }
1025
1026 /*
1027 * Read and validate a security context structure
1028 * from a policydb binary representation file.
1029 */
context_read_and_validate(struct context * c,struct policydb * p,void * fp)1030 static int context_read_and_validate(struct context *c,
1031 struct policydb *p,
1032 void *fp)
1033 {
1034 __le32 buf[3];
1035 int rc;
1036
1037 rc = next_entry(buf, fp, sizeof buf);
1038 if (rc) {
1039 pr_err("SELinux: context truncated\n");
1040 goto out;
1041 }
1042 c->user = le32_to_cpu(buf[0]);
1043 c->role = le32_to_cpu(buf[1]);
1044 c->type = le32_to_cpu(buf[2]);
1045 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1046 rc = mls_read_range_helper(&c->range, fp);
1047 if (rc) {
1048 pr_err("SELinux: error reading MLS range of context\n");
1049 goto out;
1050 }
1051 }
1052
1053 rc = -EINVAL;
1054 if (!policydb_context_isvalid(p, c)) {
1055 pr_err("SELinux: invalid security context\n");
1056 context_destroy(c);
1057 goto out;
1058 }
1059 rc = 0;
1060 out:
1061 return rc;
1062 }
1063
1064 /*
1065 * The following *_read functions are used to
1066 * read the symbol data from a policy database
1067 * binary representation file.
1068 */
1069
str_read(char ** strp,gfp_t flags,void * fp,u32 len)1070 static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1071 {
1072 int rc;
1073 char *str;
1074
1075 if ((len == 0) || (len == (u32)-1))
1076 return -EINVAL;
1077
1078 str = kmalloc(len + 1, flags | __GFP_NOWARN);
1079 if (!str)
1080 return -ENOMEM;
1081
1082 rc = next_entry(str, fp, len);
1083 if (rc) {
1084 kfree(str);
1085 return rc;
1086 }
1087
1088 str[len] = '\0';
1089 *strp = str;
1090 return 0;
1091 }
1092
perm_read(struct policydb * p,struct symtab * s,void * fp)1093 static int perm_read(struct policydb *p, struct symtab *s, void *fp)
1094 {
1095 char *key = NULL;
1096 struct perm_datum *perdatum;
1097 int rc;
1098 __le32 buf[2];
1099 u32 len;
1100
1101 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1102 if (!perdatum)
1103 return -ENOMEM;
1104
1105 rc = next_entry(buf, fp, sizeof buf);
1106 if (rc)
1107 goto bad;
1108
1109 len = le32_to_cpu(buf[0]);
1110 perdatum->value = le32_to_cpu(buf[1]);
1111
1112 rc = str_read(&key, GFP_KERNEL, fp, len);
1113 if (rc)
1114 goto bad;
1115
1116 rc = symtab_insert(s, key, perdatum);
1117 if (rc)
1118 goto bad;
1119
1120 return 0;
1121 bad:
1122 perm_destroy(key, perdatum, NULL);
1123 return rc;
1124 }
1125
common_read(struct policydb * p,struct symtab * s,void * fp)1126 static int common_read(struct policydb *p, struct symtab *s, void *fp)
1127 {
1128 char *key = NULL;
1129 struct common_datum *comdatum;
1130 __le32 buf[4];
1131 u32 i, len, nel;
1132 int rc;
1133
1134 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1135 if (!comdatum)
1136 return -ENOMEM;
1137
1138 rc = next_entry(buf, fp, sizeof buf);
1139 if (rc)
1140 goto bad;
1141
1142 len = le32_to_cpu(buf[0]);
1143 comdatum->value = le32_to_cpu(buf[1]);
1144 nel = le32_to_cpu(buf[3]);
1145
1146 rc = symtab_init(&comdatum->permissions, nel);
1147 if (rc)
1148 goto bad;
1149 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1150
1151 rc = str_read(&key, GFP_KERNEL, fp, len);
1152 if (rc)
1153 goto bad;
1154
1155 for (i = 0; i < nel; i++) {
1156 rc = perm_read(p, &comdatum->permissions, fp);
1157 if (rc)
1158 goto bad;
1159 }
1160
1161 rc = symtab_insert(s, key, comdatum);
1162 if (rc)
1163 goto bad;
1164 return 0;
1165 bad:
1166 common_destroy(key, comdatum, NULL);
1167 return rc;
1168 }
1169
type_set_init(struct type_set * t)1170 static void type_set_init(struct type_set *t)
1171 {
1172 ebitmap_init(&t->types);
1173 ebitmap_init(&t->negset);
1174 }
1175
type_set_read(struct type_set * t,void * fp)1176 static int type_set_read(struct type_set *t, void *fp)
1177 {
1178 __le32 buf[1];
1179 int rc;
1180
1181 if (ebitmap_read(&t->types, fp))
1182 return -EINVAL;
1183 if (ebitmap_read(&t->negset, fp))
1184 return -EINVAL;
1185
1186 rc = next_entry(buf, fp, sizeof(u32));
1187 if (rc < 0)
1188 return -EINVAL;
1189 t->flags = le32_to_cpu(buf[0]);
1190
1191 return 0;
1192 }
1193
1194
read_cons_helper(struct policydb * p,struct constraint_node ** nodep,u32 ncons,int allowxtarget,void * fp)1195 static int read_cons_helper(struct policydb *p,
1196 struct constraint_node **nodep,
1197 u32 ncons, int allowxtarget, void *fp)
1198 {
1199 struct constraint_node *c, *lc;
1200 struct constraint_expr *e, *le;
1201 __le32 buf[3];
1202 u32 i, j, nexpr;
1203 int rc, depth;
1204
1205 lc = NULL;
1206 for (i = 0; i < ncons; i++) {
1207 c = kzalloc(sizeof(*c), GFP_KERNEL);
1208 if (!c)
1209 return -ENOMEM;
1210
1211 if (lc)
1212 lc->next = c;
1213 else
1214 *nodep = c;
1215
1216 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1217 if (rc)
1218 return rc;
1219 c->permissions = le32_to_cpu(buf[0]);
1220 nexpr = le32_to_cpu(buf[1]);
1221 le = NULL;
1222 depth = -1;
1223 for (j = 0; j < nexpr; j++) {
1224 e = kzalloc(sizeof(*e), GFP_KERNEL);
1225 if (!e)
1226 return -ENOMEM;
1227
1228 if (le)
1229 le->next = e;
1230 else
1231 c->expr = e;
1232
1233 rc = next_entry(buf, fp, (sizeof(u32) * 3));
1234 if (rc)
1235 return rc;
1236 e->expr_type = le32_to_cpu(buf[0]);
1237 e->attr = le32_to_cpu(buf[1]);
1238 e->op = le32_to_cpu(buf[2]);
1239
1240 switch (e->expr_type) {
1241 case CEXPR_NOT:
1242 if (depth < 0)
1243 return -EINVAL;
1244 break;
1245 case CEXPR_AND:
1246 case CEXPR_OR:
1247 if (depth < 1)
1248 return -EINVAL;
1249 depth--;
1250 break;
1251 case CEXPR_ATTR:
1252 if (depth == (CEXPR_MAXDEPTH - 1))
1253 return -EINVAL;
1254 depth++;
1255 break;
1256 case CEXPR_NAMES:
1257 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1258 return -EINVAL;
1259 if (depth == (CEXPR_MAXDEPTH - 1))
1260 return -EINVAL;
1261 depth++;
1262 rc = ebitmap_read(&e->names, fp);
1263 if (rc)
1264 return rc;
1265 if (p->policyvers >=
1266 POLICYDB_VERSION_CONSTRAINT_NAMES) {
1267 e->type_names = kzalloc(sizeof
1268 (*e->type_names), GFP_KERNEL);
1269 if (!e->type_names)
1270 return -ENOMEM;
1271 type_set_init(e->type_names);
1272 rc = type_set_read(e->type_names, fp);
1273 if (rc)
1274 return rc;
1275 }
1276 break;
1277 default:
1278 return -EINVAL;
1279 }
1280 le = e;
1281 }
1282 if (depth != 0)
1283 return -EINVAL;
1284 lc = c;
1285 }
1286
1287 return 0;
1288 }
1289
class_read(struct policydb * p,struct symtab * s,void * fp)1290 static int class_read(struct policydb *p, struct symtab *s, void *fp)
1291 {
1292 char *key = NULL;
1293 struct class_datum *cladatum;
1294 __le32 buf[6];
1295 u32 i, len, len2, ncons, nel;
1296 int rc;
1297
1298 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1299 if (!cladatum)
1300 return -ENOMEM;
1301
1302 rc = next_entry(buf, fp, sizeof(u32)*6);
1303 if (rc)
1304 goto bad;
1305
1306 len = le32_to_cpu(buf[0]);
1307 len2 = le32_to_cpu(buf[1]);
1308 cladatum->value = le32_to_cpu(buf[2]);
1309 nel = le32_to_cpu(buf[4]);
1310
1311 rc = symtab_init(&cladatum->permissions, nel);
1312 if (rc)
1313 goto bad;
1314 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1315
1316 ncons = le32_to_cpu(buf[5]);
1317
1318 rc = str_read(&key, GFP_KERNEL, fp, len);
1319 if (rc)
1320 goto bad;
1321
1322 if (len2) {
1323 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2);
1324 if (rc)
1325 goto bad;
1326
1327 rc = -EINVAL;
1328 cladatum->comdatum = symtab_search(&p->p_commons,
1329 cladatum->comkey);
1330 if (!cladatum->comdatum) {
1331 pr_err("SELinux: unknown common %s\n",
1332 cladatum->comkey);
1333 goto bad;
1334 }
1335 }
1336 for (i = 0; i < nel; i++) {
1337 rc = perm_read(p, &cladatum->permissions, fp);
1338 if (rc)
1339 goto bad;
1340 }
1341
1342 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
1343 if (rc)
1344 goto bad;
1345
1346 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1347 /* grab the validatetrans rules */
1348 rc = next_entry(buf, fp, sizeof(u32));
1349 if (rc)
1350 goto bad;
1351 ncons = le32_to_cpu(buf[0]);
1352 rc = read_cons_helper(p, &cladatum->validatetrans,
1353 ncons, 1, fp);
1354 if (rc)
1355 goto bad;
1356 }
1357
1358 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1359 rc = next_entry(buf, fp, sizeof(u32) * 3);
1360 if (rc)
1361 goto bad;
1362
1363 cladatum->default_user = le32_to_cpu(buf[0]);
1364 cladatum->default_role = le32_to_cpu(buf[1]);
1365 cladatum->default_range = le32_to_cpu(buf[2]);
1366 }
1367
1368 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1369 rc = next_entry(buf, fp, sizeof(u32) * 1);
1370 if (rc)
1371 goto bad;
1372 cladatum->default_type = le32_to_cpu(buf[0]);
1373 }
1374
1375 rc = symtab_insert(s, key, cladatum);
1376 if (rc)
1377 goto bad;
1378
1379 return 0;
1380 bad:
1381 cls_destroy(key, cladatum, NULL);
1382 return rc;
1383 }
1384
role_read(struct policydb * p,struct symtab * s,void * fp)1385 static int role_read(struct policydb *p, struct symtab *s, void *fp)
1386 {
1387 char *key = NULL;
1388 struct role_datum *role;
1389 int rc;
1390 unsigned int to_read = 2;
1391 __le32 buf[3];
1392 u32 len;
1393
1394 role = kzalloc(sizeof(*role), GFP_KERNEL);
1395 if (!role)
1396 return -ENOMEM;
1397
1398 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1399 to_read = 3;
1400
1401 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1402 if (rc)
1403 goto bad;
1404
1405 len = le32_to_cpu(buf[0]);
1406 role->value = le32_to_cpu(buf[1]);
1407 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1408 role->bounds = le32_to_cpu(buf[2]);
1409
1410 rc = str_read(&key, GFP_KERNEL, fp, len);
1411 if (rc)
1412 goto bad;
1413
1414 rc = ebitmap_read(&role->dominates, fp);
1415 if (rc)
1416 goto bad;
1417
1418 rc = ebitmap_read(&role->types, fp);
1419 if (rc)
1420 goto bad;
1421
1422 if (strcmp(key, OBJECT_R) == 0) {
1423 rc = -EINVAL;
1424 if (role->value != OBJECT_R_VAL) {
1425 pr_err("SELinux: Role %s has wrong value %d\n",
1426 OBJECT_R, role->value);
1427 goto bad;
1428 }
1429 rc = 0;
1430 goto bad;
1431 }
1432
1433 rc = symtab_insert(s, key, role);
1434 if (rc)
1435 goto bad;
1436 return 0;
1437 bad:
1438 role_destroy(key, role, NULL);
1439 return rc;
1440 }
1441
type_read(struct policydb * p,struct symtab * s,void * fp)1442 static int type_read(struct policydb *p, struct symtab *s, void *fp)
1443 {
1444 char *key = NULL;
1445 struct type_datum *typdatum;
1446 int rc;
1447 unsigned int to_read = 3;
1448 __le32 buf[4];
1449 u32 len;
1450
1451 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1452 if (!typdatum)
1453 return -ENOMEM;
1454
1455 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1456 to_read = 4;
1457
1458 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1459 if (rc)
1460 goto bad;
1461
1462 len = le32_to_cpu(buf[0]);
1463 typdatum->value = le32_to_cpu(buf[1]);
1464 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1465 u32 prop = le32_to_cpu(buf[2]);
1466
1467 if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1468 typdatum->primary = 1;
1469 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1470 typdatum->attribute = 1;
1471
1472 typdatum->bounds = le32_to_cpu(buf[3]);
1473 } else {
1474 typdatum->primary = le32_to_cpu(buf[2]);
1475 }
1476
1477 rc = str_read(&key, GFP_KERNEL, fp, len);
1478 if (rc)
1479 goto bad;
1480
1481 rc = symtab_insert(s, key, typdatum);
1482 if (rc)
1483 goto bad;
1484 return 0;
1485 bad:
1486 type_destroy(key, typdatum, NULL);
1487 return rc;
1488 }
1489
1490
1491 /*
1492 * Read a MLS level structure from a policydb binary
1493 * representation file.
1494 */
mls_read_level(struct mls_level * lp,void * fp)1495 static int mls_read_level(struct mls_level *lp, void *fp)
1496 {
1497 __le32 buf[1];
1498 int rc;
1499
1500 memset(lp, 0, sizeof(*lp));
1501
1502 rc = next_entry(buf, fp, sizeof buf);
1503 if (rc) {
1504 pr_err("SELinux: mls: truncated level\n");
1505 return rc;
1506 }
1507 lp->sens = le32_to_cpu(buf[0]);
1508
1509 rc = ebitmap_read(&lp->cat, fp);
1510 if (rc) {
1511 pr_err("SELinux: mls: error reading level categories\n");
1512 return rc;
1513 }
1514 return 0;
1515 }
1516
user_read(struct policydb * p,struct symtab * s,void * fp)1517 static int user_read(struct policydb *p, struct symtab *s, void *fp)
1518 {
1519 char *key = NULL;
1520 struct user_datum *usrdatum;
1521 int rc;
1522 unsigned int to_read = 2;
1523 __le32 buf[3];
1524 u32 len;
1525
1526 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1527 if (!usrdatum)
1528 return -ENOMEM;
1529
1530 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1531 to_read = 3;
1532
1533 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1534 if (rc)
1535 goto bad;
1536
1537 len = le32_to_cpu(buf[0]);
1538 usrdatum->value = le32_to_cpu(buf[1]);
1539 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1540 usrdatum->bounds = le32_to_cpu(buf[2]);
1541
1542 rc = str_read(&key, GFP_KERNEL, fp, len);
1543 if (rc)
1544 goto bad;
1545
1546 rc = ebitmap_read(&usrdatum->roles, fp);
1547 if (rc)
1548 goto bad;
1549
1550 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1551 rc = mls_read_range_helper(&usrdatum->range, fp);
1552 if (rc)
1553 goto bad;
1554 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1555 if (rc)
1556 goto bad;
1557 }
1558
1559 rc = symtab_insert(s, key, usrdatum);
1560 if (rc)
1561 goto bad;
1562 return 0;
1563 bad:
1564 user_destroy(key, usrdatum, NULL);
1565 return rc;
1566 }
1567
sens_read(struct policydb * p,struct symtab * s,void * fp)1568 static int sens_read(struct policydb *p, struct symtab *s, void *fp)
1569 {
1570 char *key = NULL;
1571 struct level_datum *levdatum;
1572 int rc;
1573 __le32 buf[2];
1574 u32 len;
1575
1576 levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL);
1577 if (!levdatum)
1578 return -ENOMEM;
1579
1580 rc = next_entry(buf, fp, sizeof buf);
1581 if (rc)
1582 goto bad;
1583
1584 len = le32_to_cpu(buf[0]);
1585 levdatum->isalias = le32_to_cpu(buf[1]);
1586
1587 rc = str_read(&key, GFP_KERNEL, fp, len);
1588 if (rc)
1589 goto bad;
1590
1591 rc = -ENOMEM;
1592 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_KERNEL);
1593 if (!levdatum->level)
1594 goto bad;
1595
1596 rc = mls_read_level(levdatum->level, fp);
1597 if (rc)
1598 goto bad;
1599
1600 rc = symtab_insert(s, key, levdatum);
1601 if (rc)
1602 goto bad;
1603 return 0;
1604 bad:
1605 sens_destroy(key, levdatum, NULL);
1606 return rc;
1607 }
1608
cat_read(struct policydb * p,struct symtab * s,void * fp)1609 static int cat_read(struct policydb *p, struct symtab *s, void *fp)
1610 {
1611 char *key = NULL;
1612 struct cat_datum *catdatum;
1613 int rc;
1614 __le32 buf[3];
1615 u32 len;
1616
1617 catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL);
1618 if (!catdatum)
1619 return -ENOMEM;
1620
1621 rc = next_entry(buf, fp, sizeof buf);
1622 if (rc)
1623 goto bad;
1624
1625 len = le32_to_cpu(buf[0]);
1626 catdatum->value = le32_to_cpu(buf[1]);
1627 catdatum->isalias = le32_to_cpu(buf[2]);
1628
1629 rc = str_read(&key, GFP_KERNEL, fp, len);
1630 if (rc)
1631 goto bad;
1632
1633 rc = symtab_insert(s, key, catdatum);
1634 if (rc)
1635 goto bad;
1636 return 0;
1637 bad:
1638 cat_destroy(key, catdatum, NULL);
1639 return rc;
1640 }
1641
1642 static int (*const read_f[SYM_NUM]) (struct policydb *p,
1643 struct symtab *s, void *fp) = {
1644 common_read,
1645 class_read,
1646 role_read,
1647 type_read,
1648 user_read,
1649 cond_read_bool,
1650 sens_read,
1651 cat_read,
1652 };
1653
user_bounds_sanity_check(void * key,void * datum,void * datap)1654 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1655 {
1656 struct user_datum *upper, *user;
1657 struct policydb *p = datap;
1658 int depth = 0;
1659
1660 upper = user = datum;
1661 while (upper->bounds) {
1662 struct ebitmap_node *node;
1663 u32 bit;
1664
1665 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1666 pr_err("SELinux: user %s: "
1667 "too deep or looped boundary\n",
1668 (char *) key);
1669 return -EINVAL;
1670 }
1671
1672 upper = p->user_val_to_struct[upper->bounds - 1];
1673 ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1674 if (ebitmap_get_bit(&upper->roles, bit))
1675 continue;
1676
1677 pr_err("SELinux: boundary violated policy: "
1678 "user=%s role=%s bounds=%s\n",
1679 sym_name(p, SYM_USERS, user->value - 1),
1680 sym_name(p, SYM_ROLES, bit),
1681 sym_name(p, SYM_USERS, upper->value - 1));
1682
1683 return -EINVAL;
1684 }
1685 }
1686
1687 return 0;
1688 }
1689
role_bounds_sanity_check(void * key,void * datum,void * datap)1690 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1691 {
1692 struct role_datum *upper, *role;
1693 struct policydb *p = datap;
1694 int depth = 0;
1695
1696 upper = role = datum;
1697 while (upper->bounds) {
1698 struct ebitmap_node *node;
1699 u32 bit;
1700
1701 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1702 pr_err("SELinux: role %s: "
1703 "too deep or looped bounds\n",
1704 (char *) key);
1705 return -EINVAL;
1706 }
1707
1708 upper = p->role_val_to_struct[upper->bounds - 1];
1709 ebitmap_for_each_positive_bit(&role->types, node, bit) {
1710 if (ebitmap_get_bit(&upper->types, bit))
1711 continue;
1712
1713 pr_err("SELinux: boundary violated policy: "
1714 "role=%s type=%s bounds=%s\n",
1715 sym_name(p, SYM_ROLES, role->value - 1),
1716 sym_name(p, SYM_TYPES, bit),
1717 sym_name(p, SYM_ROLES, upper->value - 1));
1718
1719 return -EINVAL;
1720 }
1721 }
1722
1723 return 0;
1724 }
1725
type_bounds_sanity_check(void * key,void * datum,void * datap)1726 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1727 {
1728 struct type_datum *upper;
1729 struct policydb *p = datap;
1730 int depth = 0;
1731
1732 upper = datum;
1733 while (upper->bounds) {
1734 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1735 pr_err("SELinux: type %s: "
1736 "too deep or looped boundary\n",
1737 (char *) key);
1738 return -EINVAL;
1739 }
1740
1741 upper = p->type_val_to_struct[upper->bounds - 1];
1742 BUG_ON(!upper);
1743
1744 if (upper->attribute) {
1745 pr_err("SELinux: type %s: "
1746 "bounded by attribute %s\n",
1747 (char *) key,
1748 sym_name(p, SYM_TYPES, upper->value - 1));
1749 return -EINVAL;
1750 }
1751 }
1752
1753 return 0;
1754 }
1755
policydb_bounds_sanity_check(struct policydb * p)1756 static int policydb_bounds_sanity_check(struct policydb *p)
1757 {
1758 int rc;
1759
1760 if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1761 return 0;
1762
1763 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p);
1764 if (rc)
1765 return rc;
1766
1767 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p);
1768 if (rc)
1769 return rc;
1770
1771 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p);
1772 if (rc)
1773 return rc;
1774
1775 return 0;
1776 }
1777
string_to_security_class(struct policydb * p,const char * name)1778 u16 string_to_security_class(struct policydb *p, const char *name)
1779 {
1780 struct class_datum *cladatum;
1781
1782 cladatum = symtab_search(&p->p_classes, name);
1783 if (!cladatum)
1784 return 0;
1785
1786 return cladatum->value;
1787 }
1788
string_to_av_perm(struct policydb * p,u16 tclass,const char * name)1789 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1790 {
1791 struct class_datum *cladatum;
1792 struct perm_datum *perdatum = NULL;
1793 struct common_datum *comdatum;
1794
1795 if (!tclass || tclass > p->p_classes.nprim)
1796 return 0;
1797
1798 cladatum = p->class_val_to_struct[tclass-1];
1799 comdatum = cladatum->comdatum;
1800 if (comdatum)
1801 perdatum = symtab_search(&comdatum->permissions, name);
1802 if (!perdatum)
1803 perdatum = symtab_search(&cladatum->permissions, name);
1804 if (!perdatum)
1805 return 0;
1806
1807 return 1U << (perdatum->value-1);
1808 }
1809
range_read(struct policydb * p,void * fp)1810 static int range_read(struct policydb *p, void *fp)
1811 {
1812 struct range_trans *rt = NULL;
1813 struct mls_range *r = NULL;
1814 int rc;
1815 __le32 buf[2];
1816 u32 i, nel;
1817
1818 if (p->policyvers < POLICYDB_VERSION_MLS)
1819 return 0;
1820
1821 rc = next_entry(buf, fp, sizeof(u32));
1822 if (rc)
1823 return rc;
1824
1825 nel = le32_to_cpu(buf[0]);
1826
1827 rc = hashtab_init(&p->range_tr, nel);
1828 if (rc)
1829 return rc;
1830
1831 for (i = 0; i < nel; i++) {
1832 rc = -ENOMEM;
1833 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1834 if (!rt)
1835 goto out;
1836
1837 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1838 if (rc)
1839 goto out;
1840
1841 rt->source_type = le32_to_cpu(buf[0]);
1842 rt->target_type = le32_to_cpu(buf[1]);
1843 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1844 rc = next_entry(buf, fp, sizeof(u32));
1845 if (rc)
1846 goto out;
1847 rt->target_class = le32_to_cpu(buf[0]);
1848 } else
1849 rt->target_class = p->process_class;
1850
1851 rc = -EINVAL;
1852 if (!policydb_type_isvalid(p, rt->source_type) ||
1853 !policydb_type_isvalid(p, rt->target_type) ||
1854 !policydb_class_isvalid(p, rt->target_class))
1855 goto out;
1856
1857 rc = -ENOMEM;
1858 r = kzalloc(sizeof(*r), GFP_KERNEL);
1859 if (!r)
1860 goto out;
1861
1862 rc = mls_read_range_helper(r, fp);
1863 if (rc)
1864 goto out;
1865
1866 rc = -EINVAL;
1867 if (!mls_range_isvalid(p, r)) {
1868 pr_warn("SELinux: rangetrans: invalid range\n");
1869 goto out;
1870 }
1871
1872 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params);
1873 if (rc)
1874 goto out;
1875
1876 rt = NULL;
1877 r = NULL;
1878 }
1879 hash_eval(&p->range_tr, "rangetr");
1880 rc = 0;
1881 out:
1882 kfree(rt);
1883 kfree(r);
1884 return rc;
1885 }
1886
filename_trans_read_helper_compat(struct policydb * p,void * fp)1887 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1888 {
1889 struct filename_trans_key key, *ft = NULL;
1890 struct filename_trans_datum *last, *datum = NULL;
1891 char *name = NULL;
1892 u32 len, stype, otype;
1893 __le32 buf[4];
1894 int rc;
1895
1896 /* length of the path component string */
1897 rc = next_entry(buf, fp, sizeof(u32));
1898 if (rc)
1899 return rc;
1900 len = le32_to_cpu(buf[0]);
1901
1902 /* path component string */
1903 rc = str_read(&name, GFP_KERNEL, fp, len);
1904 if (rc)
1905 return rc;
1906
1907 rc = next_entry(buf, fp, sizeof(u32) * 4);
1908 if (rc)
1909 goto out;
1910
1911 stype = le32_to_cpu(buf[0]);
1912 key.ttype = le32_to_cpu(buf[1]);
1913 key.tclass = le32_to_cpu(buf[2]);
1914 key.name = name;
1915
1916 otype = le32_to_cpu(buf[3]);
1917
1918 last = NULL;
1919 datum = policydb_filenametr_search(p, &key);
1920 while (datum) {
1921 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1922 /* conflicting/duplicate rules are ignored */
1923 datum = NULL;
1924 goto out;
1925 }
1926 if (likely(datum->otype == otype))
1927 break;
1928 last = datum;
1929 datum = datum->next;
1930 }
1931 if (!datum) {
1932 rc = -ENOMEM;
1933 datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1934 if (!datum)
1935 goto out;
1936
1937 ebitmap_init(&datum->stypes);
1938 datum->otype = otype;
1939 datum->next = NULL;
1940
1941 if (unlikely(last)) {
1942 last->next = datum;
1943 } else {
1944 rc = -ENOMEM;
1945 ft = kmemdup(&key, sizeof(key), GFP_KERNEL);
1946 if (!ft)
1947 goto out;
1948
1949 rc = hashtab_insert(&p->filename_trans, ft, datum,
1950 filenametr_key_params);
1951 if (rc)
1952 goto out;
1953 name = NULL;
1954
1955 rc = ebitmap_set_bit(&p->filename_trans_ttypes,
1956 key.ttype, 1);
1957 if (rc)
1958 return rc;
1959 }
1960 }
1961 kfree(name);
1962 return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
1963
1964 out:
1965 kfree(ft);
1966 kfree(name);
1967 kfree(datum);
1968 return rc;
1969 }
1970
filename_trans_read_helper(struct policydb * p,void * fp)1971 static int filename_trans_read_helper(struct policydb *p, void *fp)
1972 {
1973 struct filename_trans_key *ft = NULL;
1974 struct filename_trans_datum **dst, *datum, *first = NULL;
1975 char *name = NULL;
1976 u32 len, ttype, tclass, ndatum, i;
1977 __le32 buf[3];
1978 int rc;
1979
1980 /* length of the path component string */
1981 rc = next_entry(buf, fp, sizeof(u32));
1982 if (rc)
1983 return rc;
1984 len = le32_to_cpu(buf[0]);
1985
1986 /* path component string */
1987 rc = str_read(&name, GFP_KERNEL, fp, len);
1988 if (rc)
1989 return rc;
1990
1991 rc = next_entry(buf, fp, sizeof(u32) * 3);
1992 if (rc)
1993 goto out;
1994
1995 ttype = le32_to_cpu(buf[0]);
1996 tclass = le32_to_cpu(buf[1]);
1997
1998 ndatum = le32_to_cpu(buf[2]);
1999 if (ndatum == 0) {
2000 pr_err("SELinux: Filename transition key with no datum\n");
2001 rc = -ENOENT;
2002 goto out;
2003 }
2004
2005 dst = &first;
2006 for (i = 0; i < ndatum; i++) {
2007 rc = -ENOMEM;
2008 datum = kmalloc(sizeof(*datum), GFP_KERNEL);
2009 if (!datum)
2010 goto out;
2011
2012 datum->next = NULL;
2013 *dst = datum;
2014
2015 /* ebitmap_read() will at least init the bitmap */
2016 rc = ebitmap_read(&datum->stypes, fp);
2017 if (rc)
2018 goto out;
2019
2020 rc = next_entry(buf, fp, sizeof(u32));
2021 if (rc)
2022 goto out;
2023
2024 datum->otype = le32_to_cpu(buf[0]);
2025
2026 dst = &datum->next;
2027 }
2028
2029 rc = -ENOMEM;
2030 ft = kmalloc(sizeof(*ft), GFP_KERNEL);
2031 if (!ft)
2032 goto out;
2033
2034 ft->ttype = ttype;
2035 ft->tclass = tclass;
2036 ft->name = name;
2037
2038 rc = hashtab_insert(&p->filename_trans, ft, first,
2039 filenametr_key_params);
2040 if (rc == -EEXIST)
2041 pr_err("SELinux: Duplicate filename transition key\n");
2042 if (rc)
2043 goto out;
2044
2045 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1);
2046
2047 out:
2048 kfree(ft);
2049 kfree(name);
2050 while (first) {
2051 datum = first;
2052 first = first->next;
2053
2054 ebitmap_destroy(&datum->stypes);
2055 kfree(datum);
2056 }
2057 return rc;
2058 }
2059
filename_trans_read(struct policydb * p,void * fp)2060 static int filename_trans_read(struct policydb *p, void *fp)
2061 {
2062 u32 nel, i;
2063 __le32 buf[1];
2064 int rc;
2065
2066 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
2067 return 0;
2068
2069 rc = next_entry(buf, fp, sizeof(u32));
2070 if (rc)
2071 return rc;
2072 nel = le32_to_cpu(buf[0]);
2073
2074 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2075 p->compat_filename_trans_count = nel;
2076
2077 rc = hashtab_init(&p->filename_trans, (1 << 11));
2078 if (rc)
2079 return rc;
2080
2081 for (i = 0; i < nel; i++) {
2082 rc = filename_trans_read_helper_compat(p, fp);
2083 if (rc)
2084 return rc;
2085 }
2086 } else {
2087 rc = hashtab_init(&p->filename_trans, nel);
2088 if (rc)
2089 return rc;
2090
2091 for (i = 0; i < nel; i++) {
2092 rc = filename_trans_read_helper(p, fp);
2093 if (rc)
2094 return rc;
2095 }
2096 }
2097 hash_eval(&p->filename_trans, "filenametr");
2098 return 0;
2099 }
2100
genfs_read(struct policydb * p,void * fp)2101 static int genfs_read(struct policydb *p, void *fp)
2102 {
2103 int rc;
2104 u32 i, j, nel, nel2, len, len2;
2105 __le32 buf[1];
2106 struct ocontext *l, *c;
2107 struct ocontext *newc = NULL;
2108 struct genfs *genfs_p, *genfs;
2109 struct genfs *newgenfs = NULL;
2110
2111 rc = next_entry(buf, fp, sizeof(u32));
2112 if (rc)
2113 return rc;
2114 nel = le32_to_cpu(buf[0]);
2115
2116 for (i = 0; i < nel; i++) {
2117 rc = next_entry(buf, fp, sizeof(u32));
2118 if (rc)
2119 goto out;
2120 len = le32_to_cpu(buf[0]);
2121
2122 rc = -ENOMEM;
2123 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2124 if (!newgenfs)
2125 goto out;
2126
2127 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len);
2128 if (rc)
2129 goto out;
2130
2131 for (genfs_p = NULL, genfs = p->genfs; genfs;
2132 genfs_p = genfs, genfs = genfs->next) {
2133 rc = -EINVAL;
2134 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2135 pr_err("SELinux: dup genfs fstype %s\n",
2136 newgenfs->fstype);
2137 goto out;
2138 }
2139 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2140 break;
2141 }
2142 newgenfs->next = genfs;
2143 if (genfs_p)
2144 genfs_p->next = newgenfs;
2145 else
2146 p->genfs = newgenfs;
2147 genfs = newgenfs;
2148 newgenfs = NULL;
2149
2150 rc = next_entry(buf, fp, sizeof(u32));
2151 if (rc)
2152 goto out;
2153
2154 nel2 = le32_to_cpu(buf[0]);
2155 for (j = 0; j < nel2; j++) {
2156 rc = next_entry(buf, fp, sizeof(u32));
2157 if (rc)
2158 goto out;
2159 len = le32_to_cpu(buf[0]);
2160
2161 rc = -ENOMEM;
2162 newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2163 if (!newc)
2164 goto out;
2165
2166 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len);
2167 if (rc)
2168 goto out;
2169
2170 rc = next_entry(buf, fp, sizeof(u32));
2171 if (rc)
2172 goto out;
2173
2174 newc->v.sclass = le32_to_cpu(buf[0]);
2175 rc = context_read_and_validate(&newc->context[0], p, fp);
2176 if (rc)
2177 goto out;
2178
2179 for (l = NULL, c = genfs->head; c;
2180 l = c, c = c->next) {
2181 rc = -EINVAL;
2182 if (!strcmp(newc->u.name, c->u.name) &&
2183 (!c->v.sclass || !newc->v.sclass ||
2184 newc->v.sclass == c->v.sclass)) {
2185 pr_err("SELinux: dup genfs entry (%s,%s)\n",
2186 genfs->fstype, c->u.name);
2187 goto out;
2188 }
2189 len = strlen(newc->u.name);
2190 len2 = strlen(c->u.name);
2191 if (len > len2)
2192 break;
2193 }
2194
2195 newc->next = c;
2196 if (l)
2197 l->next = newc;
2198 else
2199 genfs->head = newc;
2200 newc = NULL;
2201 }
2202 }
2203 rc = 0;
2204 out:
2205 if (newgenfs) {
2206 kfree(newgenfs->fstype);
2207 kfree(newgenfs);
2208 }
2209 ocontext_destroy(newc, OCON_FSUSE);
2210
2211 return rc;
2212 }
2213
ocontext_read(struct policydb * p,const struct policydb_compat_info * info,void * fp)2214 static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info,
2215 void *fp)
2216 {
2217 int rc;
2218 unsigned int i;
2219 u32 j, nel, len;
2220 __be64 prefixbuf[1];
2221 __le32 buf[3];
2222 struct ocontext *l, *c;
2223 u32 nodebuf[8];
2224
2225 for (i = 0; i < info->ocon_num; i++) {
2226 rc = next_entry(buf, fp, sizeof(u32));
2227 if (rc)
2228 goto out;
2229 nel = le32_to_cpu(buf[0]);
2230
2231 l = NULL;
2232 for (j = 0; j < nel; j++) {
2233 rc = -ENOMEM;
2234 c = kzalloc(sizeof(*c), GFP_KERNEL);
2235 if (!c)
2236 goto out;
2237 if (l)
2238 l->next = c;
2239 else
2240 p->ocontexts[i] = c;
2241 l = c;
2242
2243 switch (i) {
2244 case OCON_ISID:
2245 rc = next_entry(buf, fp, sizeof(u32));
2246 if (rc)
2247 goto out;
2248
2249 c->sid[0] = le32_to_cpu(buf[0]);
2250 rc = context_read_and_validate(&c->context[0], p, fp);
2251 if (rc)
2252 goto out;
2253 break;
2254 case OCON_FS:
2255 case OCON_NETIF:
2256 rc = next_entry(buf, fp, sizeof(u32));
2257 if (rc)
2258 goto out;
2259 len = le32_to_cpu(buf[0]);
2260
2261 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2262 if (rc)
2263 goto out;
2264
2265 if (i == OCON_FS)
2266 pr_warn("SELinux: void and deprecated fs ocon %s\n",
2267 c->u.name);
2268
2269 rc = context_read_and_validate(&c->context[0], p, fp);
2270 if (rc)
2271 goto out;
2272 rc = context_read_and_validate(&c->context[1], p, fp);
2273 if (rc)
2274 goto out;
2275 break;
2276 case OCON_PORT:
2277 rc = next_entry(buf, fp, sizeof(u32)*3);
2278 if (rc)
2279 goto out;
2280 c->u.port.protocol = le32_to_cpu(buf[0]);
2281 c->u.port.low_port = le32_to_cpu(buf[1]);
2282 c->u.port.high_port = le32_to_cpu(buf[2]);
2283 rc = context_read_and_validate(&c->context[0], p, fp);
2284 if (rc)
2285 goto out;
2286 break;
2287 case OCON_NODE:
2288 rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2289 if (rc)
2290 goto out;
2291 c->u.node.addr = nodebuf[0]; /* network order */
2292 c->u.node.mask = nodebuf[1]; /* network order */
2293 rc = context_read_and_validate(&c->context[0], p, fp);
2294 if (rc)
2295 goto out;
2296 break;
2297 case OCON_FSUSE:
2298 rc = next_entry(buf, fp, sizeof(u32)*2);
2299 if (rc)
2300 goto out;
2301
2302 rc = -EINVAL;
2303 c->v.behavior = le32_to_cpu(buf[0]);
2304 /* Determined at runtime, not in policy DB. */
2305 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2306 goto out;
2307 if (c->v.behavior > SECURITY_FS_USE_MAX)
2308 goto out;
2309
2310 len = le32_to_cpu(buf[1]);
2311 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2312 if (rc)
2313 goto out;
2314
2315 rc = context_read_and_validate(&c->context[0], p, fp);
2316 if (rc)
2317 goto out;
2318 break;
2319 case OCON_NODE6: {
2320 int k;
2321
2322 rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2323 if (rc)
2324 goto out;
2325 for (k = 0; k < 4; k++)
2326 c->u.node6.addr[k] = nodebuf[k];
2327 for (k = 0; k < 4; k++)
2328 c->u.node6.mask[k] = nodebuf[k+4];
2329 rc = context_read_and_validate(&c->context[0], p, fp);
2330 if (rc)
2331 goto out;
2332 break;
2333 }
2334 case OCON_IBPKEY: {
2335 u32 pkey_lo, pkey_hi;
2336
2337 rc = next_entry(prefixbuf, fp, sizeof(u64));
2338 if (rc)
2339 goto out;
2340
2341 /* we need to have subnet_prefix in CPU order */
2342 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]);
2343
2344 rc = next_entry(buf, fp, sizeof(u32) * 2);
2345 if (rc)
2346 goto out;
2347
2348 pkey_lo = le32_to_cpu(buf[0]);
2349 pkey_hi = le32_to_cpu(buf[1]);
2350
2351 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) {
2352 rc = -EINVAL;
2353 goto out;
2354 }
2355
2356 c->u.ibpkey.low_pkey = pkey_lo;
2357 c->u.ibpkey.high_pkey = pkey_hi;
2358
2359 rc = context_read_and_validate(&c->context[0],
2360 p,
2361 fp);
2362 if (rc)
2363 goto out;
2364 break;
2365 }
2366 case OCON_IBENDPORT: {
2367 u32 port;
2368
2369 rc = next_entry(buf, fp, sizeof(u32) * 2);
2370 if (rc)
2371 goto out;
2372 len = le32_to_cpu(buf[0]);
2373
2374 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2375 if (rc)
2376 goto out;
2377
2378 port = le32_to_cpu(buf[1]);
2379 if (port > U8_MAX || port == 0) {
2380 rc = -EINVAL;
2381 goto out;
2382 }
2383
2384 c->u.ibendport.port = port;
2385
2386 rc = context_read_and_validate(&c->context[0],
2387 p,
2388 fp);
2389 if (rc)
2390 goto out;
2391 break;
2392 } /* end case */
2393 } /* end switch */
2394 }
2395 }
2396 rc = 0;
2397 out:
2398 return rc;
2399 }
2400
2401 /*
2402 * Read the configuration data from a policy database binary
2403 * representation file into a policy database structure.
2404 */
policydb_read(struct policydb * p,void * fp)2405 int policydb_read(struct policydb *p, void *fp)
2406 {
2407 struct role_allow *ra, *lra;
2408 struct role_trans_key *rtk = NULL;
2409 struct role_trans_datum *rtd = NULL;
2410 int rc;
2411 __le32 buf[4];
2412 u32 i, j, len, nprim, nel, perm;
2413
2414 char *policydb_str;
2415 const struct policydb_compat_info *info;
2416
2417 policydb_init(p);
2418
2419 /* Read the magic number and string length. */
2420 rc = next_entry(buf, fp, sizeof(u32) * 2);
2421 if (rc)
2422 goto bad;
2423
2424 rc = -EINVAL;
2425 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2426 pr_err("SELinux: policydb magic number 0x%x does "
2427 "not match expected magic number 0x%x\n",
2428 le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2429 goto bad;
2430 }
2431
2432 rc = -EINVAL;
2433 len = le32_to_cpu(buf[1]);
2434 if (len != strlen(POLICYDB_STRING)) {
2435 pr_err("SELinux: policydb string length %d does not "
2436 "match expected length %zu\n",
2437 len, strlen(POLICYDB_STRING));
2438 goto bad;
2439 }
2440
2441 rc = -ENOMEM;
2442 policydb_str = kmalloc(len + 1, GFP_KERNEL);
2443 if (!policydb_str) {
2444 pr_err("SELinux: unable to allocate memory for policydb "
2445 "string of length %d\n", len);
2446 goto bad;
2447 }
2448
2449 rc = next_entry(policydb_str, fp, len);
2450 if (rc) {
2451 pr_err("SELinux: truncated policydb string identifier\n");
2452 kfree(policydb_str);
2453 goto bad;
2454 }
2455
2456 rc = -EINVAL;
2457 policydb_str[len] = '\0';
2458 if (strcmp(policydb_str, POLICYDB_STRING)) {
2459 pr_err("SELinux: policydb string %s does not match "
2460 "my string %s\n", policydb_str, POLICYDB_STRING);
2461 kfree(policydb_str);
2462 goto bad;
2463 }
2464 /* Done with policydb_str. */
2465 kfree(policydb_str);
2466 policydb_str = NULL;
2467
2468 /* Read the version and table sizes. */
2469 rc = next_entry(buf, fp, sizeof(u32)*4);
2470 if (rc)
2471 goto bad;
2472
2473 rc = -EINVAL;
2474 p->policyvers = le32_to_cpu(buf[0]);
2475 if (p->policyvers < POLICYDB_VERSION_MIN ||
2476 p->policyvers > POLICYDB_VERSION_MAX) {
2477 pr_err("SELinux: policydb version %d does not match "
2478 "my version range %d-%d\n",
2479 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2480 goto bad;
2481 }
2482
2483 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2484 p->mls_enabled = 1;
2485
2486 rc = -EINVAL;
2487 if (p->policyvers < POLICYDB_VERSION_MLS) {
2488 pr_err("SELinux: security policydb version %d "
2489 "(MLS) not backwards compatible\n",
2490 p->policyvers);
2491 goto bad;
2492 }
2493 }
2494 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2495 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2496
2497 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE)) {
2498 p->android_netlink_route = 1;
2499 }
2500
2501 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_ANDROID_NETLINK_GETNEIGH)) {
2502 p->android_netlink_getneigh = 1;
2503 }
2504
2505 if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2506 rc = ebitmap_read(&p->policycaps, fp);
2507 if (rc)
2508 goto bad;
2509 }
2510
2511 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2512 rc = ebitmap_read(&p->permissive_map, fp);
2513 if (rc)
2514 goto bad;
2515 }
2516
2517 rc = -EINVAL;
2518 info = policydb_lookup_compat(p->policyvers);
2519 if (!info) {
2520 pr_err("SELinux: unable to find policy compat info "
2521 "for version %d\n", p->policyvers);
2522 goto bad;
2523 }
2524
2525 rc = -EINVAL;
2526 if (le32_to_cpu(buf[2]) != info->sym_num ||
2527 le32_to_cpu(buf[3]) != info->ocon_num) {
2528 pr_err("SELinux: policydb table sizes (%d,%d) do "
2529 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2530 le32_to_cpu(buf[3]),
2531 info->sym_num, info->ocon_num);
2532 goto bad;
2533 }
2534
2535 for (i = 0; i < info->sym_num; i++) {
2536 rc = next_entry(buf, fp, sizeof(u32)*2);
2537 if (rc)
2538 goto bad;
2539 nprim = le32_to_cpu(buf[0]);
2540 nel = le32_to_cpu(buf[1]);
2541
2542 rc = symtab_init(&p->symtab[i], nel);
2543 if (rc)
2544 goto out;
2545
2546 if (i == SYM_ROLES) {
2547 rc = roles_init(p);
2548 if (rc)
2549 goto out;
2550 }
2551
2552 for (j = 0; j < nel; j++) {
2553 rc = read_f[i](p, &p->symtab[i], fp);
2554 if (rc)
2555 goto bad;
2556 }
2557
2558 p->symtab[i].nprim = nprim;
2559 }
2560
2561 rc = -EINVAL;
2562 p->process_class = string_to_security_class(p, "process");
2563 if (!p->process_class) {
2564 pr_err("SELinux: process class is required, not defined in policy\n");
2565 goto bad;
2566 }
2567
2568 rc = avtab_read(&p->te_avtab, fp, p);
2569 if (rc)
2570 goto bad;
2571
2572 if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2573 rc = cond_read_list(p, fp);
2574 if (rc)
2575 goto bad;
2576 }
2577
2578 rc = next_entry(buf, fp, sizeof(u32));
2579 if (rc)
2580 goto bad;
2581 nel = le32_to_cpu(buf[0]);
2582
2583 rc = hashtab_init(&p->role_tr, nel);
2584 if (rc)
2585 goto bad;
2586 for (i = 0; i < nel; i++) {
2587 rc = -ENOMEM;
2588 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL);
2589 if (!rtk)
2590 goto bad;
2591
2592 rc = -ENOMEM;
2593 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL);
2594 if (!rtd)
2595 goto bad;
2596
2597 rc = next_entry(buf, fp, sizeof(u32)*3);
2598 if (rc)
2599 goto bad;
2600
2601 rtk->role = le32_to_cpu(buf[0]);
2602 rtk->type = le32_to_cpu(buf[1]);
2603 rtd->new_role = le32_to_cpu(buf[2]);
2604 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2605 rc = next_entry(buf, fp, sizeof(u32));
2606 if (rc)
2607 goto bad;
2608 rtk->tclass = le32_to_cpu(buf[0]);
2609 } else
2610 rtk->tclass = p->process_class;
2611
2612 rc = -EINVAL;
2613 if (!policydb_role_isvalid(p, rtk->role) ||
2614 !policydb_type_isvalid(p, rtk->type) ||
2615 !policydb_class_isvalid(p, rtk->tclass) ||
2616 !policydb_role_isvalid(p, rtd->new_role))
2617 goto bad;
2618
2619 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params);
2620 if (rc)
2621 goto bad;
2622
2623 rtk = NULL;
2624 rtd = NULL;
2625 }
2626
2627 rc = next_entry(buf, fp, sizeof(u32));
2628 if (rc)
2629 goto bad;
2630 nel = le32_to_cpu(buf[0]);
2631 lra = NULL;
2632 for (i = 0; i < nel; i++) {
2633 rc = -ENOMEM;
2634 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2635 if (!ra)
2636 goto bad;
2637 if (lra)
2638 lra->next = ra;
2639 else
2640 p->role_allow = ra;
2641 rc = next_entry(buf, fp, sizeof(u32)*2);
2642 if (rc)
2643 goto bad;
2644
2645 rc = -EINVAL;
2646 ra->role = le32_to_cpu(buf[0]);
2647 ra->new_role = le32_to_cpu(buf[1]);
2648 if (!policydb_role_isvalid(p, ra->role) ||
2649 !policydb_role_isvalid(p, ra->new_role))
2650 goto bad;
2651 lra = ra;
2652 }
2653
2654 rc = filename_trans_read(p, fp);
2655 if (rc)
2656 goto bad;
2657
2658 rc = policydb_index(p);
2659 if (rc)
2660 goto bad;
2661
2662 rc = -EINVAL;
2663 perm = string_to_av_perm(p, p->process_class, "transition");
2664 if (!perm) {
2665 pr_err("SELinux: process transition permission is required, not defined in policy\n");
2666 goto bad;
2667 }
2668 p->process_trans_perms = perm;
2669 perm = string_to_av_perm(p, p->process_class, "dyntransition");
2670 if (!perm) {
2671 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n");
2672 goto bad;
2673 }
2674 p->process_trans_perms |= perm;
2675
2676 rc = ocontext_read(p, info, fp);
2677 if (rc)
2678 goto bad;
2679
2680 rc = genfs_read(p, fp);
2681 if (rc)
2682 goto bad;
2683
2684 rc = range_read(p, fp);
2685 if (rc)
2686 goto bad;
2687
2688 rc = -ENOMEM;
2689 p->type_attr_map_array = kvcalloc(p->p_types.nprim,
2690 sizeof(*p->type_attr_map_array),
2691 GFP_KERNEL);
2692 if (!p->type_attr_map_array)
2693 goto bad;
2694
2695 /* just in case ebitmap_init() becomes more than just a memset(0): */
2696 for (i = 0; i < p->p_types.nprim; i++)
2697 ebitmap_init(&p->type_attr_map_array[i]);
2698
2699 for (i = 0; i < p->p_types.nprim; i++) {
2700 struct ebitmap *e = &p->type_attr_map_array[i];
2701
2702 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2703 rc = ebitmap_read(e, fp);
2704 if (rc)
2705 goto bad;
2706 }
2707 /* add the type itself as the degenerate case */
2708 rc = ebitmap_set_bit(e, i, 1);
2709 if (rc)
2710 goto bad;
2711 }
2712
2713 rc = policydb_bounds_sanity_check(p);
2714 if (rc)
2715 goto bad;
2716
2717 rc = 0;
2718 out:
2719 return rc;
2720 bad:
2721 kfree(rtk);
2722 kfree(rtd);
2723 policydb_destroy(p);
2724 goto out;
2725 }
2726
2727 /*
2728 * Write a MLS level structure to a policydb binary
2729 * representation file.
2730 */
mls_write_level(struct mls_level * l,void * fp)2731 static int mls_write_level(struct mls_level *l, void *fp)
2732 {
2733 __le32 buf[1];
2734 int rc;
2735
2736 buf[0] = cpu_to_le32(l->sens);
2737 rc = put_entry(buf, sizeof(u32), 1, fp);
2738 if (rc)
2739 return rc;
2740
2741 rc = ebitmap_write(&l->cat, fp);
2742 if (rc)
2743 return rc;
2744
2745 return 0;
2746 }
2747
2748 /*
2749 * Write a MLS range structure to a policydb binary
2750 * representation file.
2751 */
mls_write_range_helper(struct mls_range * r,void * fp)2752 static int mls_write_range_helper(struct mls_range *r, void *fp)
2753 {
2754 __le32 buf[3];
2755 size_t items;
2756 int rc, eq;
2757
2758 eq = mls_level_eq(&r->level[1], &r->level[0]);
2759
2760 if (eq)
2761 items = 2;
2762 else
2763 items = 3;
2764 buf[0] = cpu_to_le32(items-1);
2765 buf[1] = cpu_to_le32(r->level[0].sens);
2766 if (!eq)
2767 buf[2] = cpu_to_le32(r->level[1].sens);
2768
2769 BUG_ON(items > ARRAY_SIZE(buf));
2770
2771 rc = put_entry(buf, sizeof(u32), items, fp);
2772 if (rc)
2773 return rc;
2774
2775 rc = ebitmap_write(&r->level[0].cat, fp);
2776 if (rc)
2777 return rc;
2778 if (!eq) {
2779 rc = ebitmap_write(&r->level[1].cat, fp);
2780 if (rc)
2781 return rc;
2782 }
2783
2784 return 0;
2785 }
2786
sens_write(void * vkey,void * datum,void * ptr)2787 static int sens_write(void *vkey, void *datum, void *ptr)
2788 {
2789 char *key = vkey;
2790 struct level_datum *levdatum = datum;
2791 struct policy_data *pd = ptr;
2792 void *fp = pd->fp;
2793 __le32 buf[2];
2794 size_t len;
2795 int rc;
2796
2797 len = strlen(key);
2798 buf[0] = cpu_to_le32(len);
2799 buf[1] = cpu_to_le32(levdatum->isalias);
2800 rc = put_entry(buf, sizeof(u32), 2, fp);
2801 if (rc)
2802 return rc;
2803
2804 rc = put_entry(key, 1, len, fp);
2805 if (rc)
2806 return rc;
2807
2808 rc = mls_write_level(levdatum->level, fp);
2809 if (rc)
2810 return rc;
2811
2812 return 0;
2813 }
2814
cat_write(void * vkey,void * datum,void * ptr)2815 static int cat_write(void *vkey, void *datum, void *ptr)
2816 {
2817 char *key = vkey;
2818 struct cat_datum *catdatum = datum;
2819 struct policy_data *pd = ptr;
2820 void *fp = pd->fp;
2821 __le32 buf[3];
2822 size_t len;
2823 int rc;
2824
2825 len = strlen(key);
2826 buf[0] = cpu_to_le32(len);
2827 buf[1] = cpu_to_le32(catdatum->value);
2828 buf[2] = cpu_to_le32(catdatum->isalias);
2829 rc = put_entry(buf, sizeof(u32), 3, fp);
2830 if (rc)
2831 return rc;
2832
2833 rc = put_entry(key, 1, len, fp);
2834 if (rc)
2835 return rc;
2836
2837 return 0;
2838 }
2839
role_trans_write_one(void * key,void * datum,void * ptr)2840 static int role_trans_write_one(void *key, void *datum, void *ptr)
2841 {
2842 struct role_trans_key *rtk = key;
2843 struct role_trans_datum *rtd = datum;
2844 struct policy_data *pd = ptr;
2845 void *fp = pd->fp;
2846 struct policydb *p = pd->p;
2847 __le32 buf[3];
2848 int rc;
2849
2850 buf[0] = cpu_to_le32(rtk->role);
2851 buf[1] = cpu_to_le32(rtk->type);
2852 buf[2] = cpu_to_le32(rtd->new_role);
2853 rc = put_entry(buf, sizeof(u32), 3, fp);
2854 if (rc)
2855 return rc;
2856 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2857 buf[0] = cpu_to_le32(rtk->tclass);
2858 rc = put_entry(buf, sizeof(u32), 1, fp);
2859 if (rc)
2860 return rc;
2861 }
2862 return 0;
2863 }
2864
role_trans_write(struct policydb * p,void * fp)2865 static int role_trans_write(struct policydb *p, void *fp)
2866 {
2867 struct policy_data pd = { .p = p, .fp = fp };
2868 __le32 buf[1];
2869 int rc;
2870
2871 buf[0] = cpu_to_le32(p->role_tr.nel);
2872 rc = put_entry(buf, sizeof(u32), 1, fp);
2873 if (rc)
2874 return rc;
2875
2876 return hashtab_map(&p->role_tr, role_trans_write_one, &pd);
2877 }
2878
role_allow_write(struct role_allow * r,void * fp)2879 static int role_allow_write(struct role_allow *r, void *fp)
2880 {
2881 struct role_allow *ra;
2882 __le32 buf[2];
2883 size_t nel;
2884 int rc;
2885
2886 nel = 0;
2887 for (ra = r; ra; ra = ra->next)
2888 nel++;
2889 buf[0] = cpu_to_le32(nel);
2890 rc = put_entry(buf, sizeof(u32), 1, fp);
2891 if (rc)
2892 return rc;
2893 for (ra = r; ra; ra = ra->next) {
2894 buf[0] = cpu_to_le32(ra->role);
2895 buf[1] = cpu_to_le32(ra->new_role);
2896 rc = put_entry(buf, sizeof(u32), 2, fp);
2897 if (rc)
2898 return rc;
2899 }
2900 return 0;
2901 }
2902
2903 /*
2904 * Write a security context structure
2905 * to a policydb binary representation file.
2906 */
context_write(struct policydb * p,struct context * c,void * fp)2907 static int context_write(struct policydb *p, struct context *c,
2908 void *fp)
2909 {
2910 int rc;
2911 __le32 buf[3];
2912
2913 buf[0] = cpu_to_le32(c->user);
2914 buf[1] = cpu_to_le32(c->role);
2915 buf[2] = cpu_to_le32(c->type);
2916
2917 rc = put_entry(buf, sizeof(u32), 3, fp);
2918 if (rc)
2919 return rc;
2920
2921 rc = mls_write_range_helper(&c->range, fp);
2922 if (rc)
2923 return rc;
2924
2925 return 0;
2926 }
2927
2928 /*
2929 * The following *_write functions are used to
2930 * write the symbol data to a policy database
2931 * binary representation file.
2932 */
2933
perm_write(void * vkey,void * datum,void * fp)2934 static int perm_write(void *vkey, void *datum, void *fp)
2935 {
2936 char *key = vkey;
2937 struct perm_datum *perdatum = datum;
2938 __le32 buf[2];
2939 size_t len;
2940 int rc;
2941
2942 len = strlen(key);
2943 buf[0] = cpu_to_le32(len);
2944 buf[1] = cpu_to_le32(perdatum->value);
2945 rc = put_entry(buf, sizeof(u32), 2, fp);
2946 if (rc)
2947 return rc;
2948
2949 rc = put_entry(key, 1, len, fp);
2950 if (rc)
2951 return rc;
2952
2953 return 0;
2954 }
2955
common_write(void * vkey,void * datum,void * ptr)2956 static int common_write(void *vkey, void *datum, void *ptr)
2957 {
2958 char *key = vkey;
2959 struct common_datum *comdatum = datum;
2960 struct policy_data *pd = ptr;
2961 void *fp = pd->fp;
2962 __le32 buf[4];
2963 size_t len;
2964 int rc;
2965
2966 len = strlen(key);
2967 buf[0] = cpu_to_le32(len);
2968 buf[1] = cpu_to_le32(comdatum->value);
2969 buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2970 buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
2971 rc = put_entry(buf, sizeof(u32), 4, fp);
2972 if (rc)
2973 return rc;
2974
2975 rc = put_entry(key, 1, len, fp);
2976 if (rc)
2977 return rc;
2978
2979 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp);
2980 if (rc)
2981 return rc;
2982
2983 return 0;
2984 }
2985
type_set_write(struct type_set * t,void * fp)2986 static int type_set_write(struct type_set *t, void *fp)
2987 {
2988 int rc;
2989 __le32 buf[1];
2990
2991 if (ebitmap_write(&t->types, fp))
2992 return -EINVAL;
2993 if (ebitmap_write(&t->negset, fp))
2994 return -EINVAL;
2995
2996 buf[0] = cpu_to_le32(t->flags);
2997 rc = put_entry(buf, sizeof(u32), 1, fp);
2998 if (rc)
2999 return -EINVAL;
3000
3001 return 0;
3002 }
3003
write_cons_helper(struct policydb * p,struct constraint_node * node,void * fp)3004 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
3005 void *fp)
3006 {
3007 struct constraint_node *c;
3008 struct constraint_expr *e;
3009 __le32 buf[3];
3010 u32 nel;
3011 int rc;
3012
3013 for (c = node; c; c = c->next) {
3014 nel = 0;
3015 for (e = c->expr; e; e = e->next)
3016 nel++;
3017 buf[0] = cpu_to_le32(c->permissions);
3018 buf[1] = cpu_to_le32(nel);
3019 rc = put_entry(buf, sizeof(u32), 2, fp);
3020 if (rc)
3021 return rc;
3022 for (e = c->expr; e; e = e->next) {
3023 buf[0] = cpu_to_le32(e->expr_type);
3024 buf[1] = cpu_to_le32(e->attr);
3025 buf[2] = cpu_to_le32(e->op);
3026 rc = put_entry(buf, sizeof(u32), 3, fp);
3027 if (rc)
3028 return rc;
3029
3030 switch (e->expr_type) {
3031 case CEXPR_NAMES:
3032 rc = ebitmap_write(&e->names, fp);
3033 if (rc)
3034 return rc;
3035 if (p->policyvers >=
3036 POLICYDB_VERSION_CONSTRAINT_NAMES) {
3037 rc = type_set_write(e->type_names, fp);
3038 if (rc)
3039 return rc;
3040 }
3041 break;
3042 default:
3043 break;
3044 }
3045 }
3046 }
3047
3048 return 0;
3049 }
3050
class_write(void * vkey,void * datum,void * ptr)3051 static int class_write(void *vkey, void *datum, void *ptr)
3052 {
3053 char *key = vkey;
3054 struct class_datum *cladatum = datum;
3055 struct policy_data *pd = ptr;
3056 void *fp = pd->fp;
3057 struct policydb *p = pd->p;
3058 struct constraint_node *c;
3059 __le32 buf[6];
3060 u32 ncons;
3061 size_t len, len2;
3062 int rc;
3063
3064 len = strlen(key);
3065 if (cladatum->comkey)
3066 len2 = strlen(cladatum->comkey);
3067 else
3068 len2 = 0;
3069
3070 ncons = 0;
3071 for (c = cladatum->constraints; c; c = c->next)
3072 ncons++;
3073
3074 buf[0] = cpu_to_le32(len);
3075 buf[1] = cpu_to_le32(len2);
3076 buf[2] = cpu_to_le32(cladatum->value);
3077 buf[3] = cpu_to_le32(cladatum->permissions.nprim);
3078 buf[4] = cpu_to_le32(cladatum->permissions.table.nel);
3079 buf[5] = cpu_to_le32(ncons);
3080 rc = put_entry(buf, sizeof(u32), 6, fp);
3081 if (rc)
3082 return rc;
3083
3084 rc = put_entry(key, 1, len, fp);
3085 if (rc)
3086 return rc;
3087
3088 if (cladatum->comkey) {
3089 rc = put_entry(cladatum->comkey, 1, len2, fp);
3090 if (rc)
3091 return rc;
3092 }
3093
3094 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp);
3095 if (rc)
3096 return rc;
3097
3098 rc = write_cons_helper(p, cladatum->constraints, fp);
3099 if (rc)
3100 return rc;
3101
3102 /* write out the validatetrans rule */
3103 ncons = 0;
3104 for (c = cladatum->validatetrans; c; c = c->next)
3105 ncons++;
3106
3107 buf[0] = cpu_to_le32(ncons);
3108 rc = put_entry(buf, sizeof(u32), 1, fp);
3109 if (rc)
3110 return rc;
3111
3112 rc = write_cons_helper(p, cladatum->validatetrans, fp);
3113 if (rc)
3114 return rc;
3115
3116 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
3117 buf[0] = cpu_to_le32(cladatum->default_user);
3118 buf[1] = cpu_to_le32(cladatum->default_role);
3119 buf[2] = cpu_to_le32(cladatum->default_range);
3120
3121 rc = put_entry(buf, sizeof(uint32_t), 3, fp);
3122 if (rc)
3123 return rc;
3124 }
3125
3126 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
3127 buf[0] = cpu_to_le32(cladatum->default_type);
3128 rc = put_entry(buf, sizeof(uint32_t), 1, fp);
3129 if (rc)
3130 return rc;
3131 }
3132
3133 return 0;
3134 }
3135
role_write(void * vkey,void * datum,void * ptr)3136 static int role_write(void *vkey, void *datum, void *ptr)
3137 {
3138 char *key = vkey;
3139 struct role_datum *role = datum;
3140 struct policy_data *pd = ptr;
3141 void *fp = pd->fp;
3142 struct policydb *p = pd->p;
3143 __le32 buf[3];
3144 size_t items, len;
3145 int rc;
3146
3147 len = strlen(key);
3148 items = 0;
3149 buf[items++] = cpu_to_le32(len);
3150 buf[items++] = cpu_to_le32(role->value);
3151 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3152 buf[items++] = cpu_to_le32(role->bounds);
3153
3154 BUG_ON(items > ARRAY_SIZE(buf));
3155
3156 rc = put_entry(buf, sizeof(u32), items, fp);
3157 if (rc)
3158 return rc;
3159
3160 rc = put_entry(key, 1, len, fp);
3161 if (rc)
3162 return rc;
3163
3164 rc = ebitmap_write(&role->dominates, fp);
3165 if (rc)
3166 return rc;
3167
3168 rc = ebitmap_write(&role->types, fp);
3169 if (rc)
3170 return rc;
3171
3172 return 0;
3173 }
3174
type_write(void * vkey,void * datum,void * ptr)3175 static int type_write(void *vkey, void *datum, void *ptr)
3176 {
3177 char *key = vkey;
3178 struct type_datum *typdatum = datum;
3179 struct policy_data *pd = ptr;
3180 struct policydb *p = pd->p;
3181 void *fp = pd->fp;
3182 __le32 buf[4];
3183 int rc;
3184 size_t items, len;
3185
3186 len = strlen(key);
3187 items = 0;
3188 buf[items++] = cpu_to_le32(len);
3189 buf[items++] = cpu_to_le32(typdatum->value);
3190 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3191 u32 properties = 0;
3192
3193 if (typdatum->primary)
3194 properties |= TYPEDATUM_PROPERTY_PRIMARY;
3195
3196 if (typdatum->attribute)
3197 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3198
3199 buf[items++] = cpu_to_le32(properties);
3200 buf[items++] = cpu_to_le32(typdatum->bounds);
3201 } else {
3202 buf[items++] = cpu_to_le32(typdatum->primary);
3203 }
3204 BUG_ON(items > ARRAY_SIZE(buf));
3205 rc = put_entry(buf, sizeof(u32), items, fp);
3206 if (rc)
3207 return rc;
3208
3209 rc = put_entry(key, 1, len, fp);
3210 if (rc)
3211 return rc;
3212
3213 return 0;
3214 }
3215
user_write(void * vkey,void * datum,void * ptr)3216 static int user_write(void *vkey, void *datum, void *ptr)
3217 {
3218 char *key = vkey;
3219 struct user_datum *usrdatum = datum;
3220 struct policy_data *pd = ptr;
3221 struct policydb *p = pd->p;
3222 void *fp = pd->fp;
3223 __le32 buf[3];
3224 size_t items, len;
3225 int rc;
3226
3227 len = strlen(key);
3228 items = 0;
3229 buf[items++] = cpu_to_le32(len);
3230 buf[items++] = cpu_to_le32(usrdatum->value);
3231 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3232 buf[items++] = cpu_to_le32(usrdatum->bounds);
3233 BUG_ON(items > ARRAY_SIZE(buf));
3234 rc = put_entry(buf, sizeof(u32), items, fp);
3235 if (rc)
3236 return rc;
3237
3238 rc = put_entry(key, 1, len, fp);
3239 if (rc)
3240 return rc;
3241
3242 rc = ebitmap_write(&usrdatum->roles, fp);
3243 if (rc)
3244 return rc;
3245
3246 rc = mls_write_range_helper(&usrdatum->range, fp);
3247 if (rc)
3248 return rc;
3249
3250 rc = mls_write_level(&usrdatum->dfltlevel, fp);
3251 if (rc)
3252 return rc;
3253
3254 return 0;
3255 }
3256
3257 static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
3258 common_write,
3259 class_write,
3260 role_write,
3261 type_write,
3262 user_write,
3263 cond_write_bool,
3264 sens_write,
3265 cat_write,
3266 };
3267
ocontext_write(struct policydb * p,const struct policydb_compat_info * info,void * fp)3268 static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info,
3269 void *fp)
3270 {
3271 unsigned int i, j;
3272 int rc;
3273 size_t nel, len;
3274 __be64 prefixbuf[1];
3275 __le32 buf[3];
3276 u32 nodebuf[8];
3277 struct ocontext *c;
3278 for (i = 0; i < info->ocon_num; i++) {
3279 nel = 0;
3280 for (c = p->ocontexts[i]; c; c = c->next)
3281 nel++;
3282 buf[0] = cpu_to_le32(nel);
3283 rc = put_entry(buf, sizeof(u32), 1, fp);
3284 if (rc)
3285 return rc;
3286 for (c = p->ocontexts[i]; c; c = c->next) {
3287 switch (i) {
3288 case OCON_ISID:
3289 buf[0] = cpu_to_le32(c->sid[0]);
3290 rc = put_entry(buf, sizeof(u32), 1, fp);
3291 if (rc)
3292 return rc;
3293 rc = context_write(p, &c->context[0], fp);
3294 if (rc)
3295 return rc;
3296 break;
3297 case OCON_FS:
3298 case OCON_NETIF:
3299 len = strlen(c->u.name);
3300 buf[0] = cpu_to_le32(len);
3301 rc = put_entry(buf, sizeof(u32), 1, fp);
3302 if (rc)
3303 return rc;
3304 rc = put_entry(c->u.name, 1, len, fp);
3305 if (rc)
3306 return rc;
3307 rc = context_write(p, &c->context[0], fp);
3308 if (rc)
3309 return rc;
3310 rc = context_write(p, &c->context[1], fp);
3311 if (rc)
3312 return rc;
3313 break;
3314 case OCON_PORT:
3315 buf[0] = cpu_to_le32(c->u.port.protocol);
3316 buf[1] = cpu_to_le32(c->u.port.low_port);
3317 buf[2] = cpu_to_le32(c->u.port.high_port);
3318 rc = put_entry(buf, sizeof(u32), 3, fp);
3319 if (rc)
3320 return rc;
3321 rc = context_write(p, &c->context[0], fp);
3322 if (rc)
3323 return rc;
3324 break;
3325 case OCON_NODE:
3326 nodebuf[0] = c->u.node.addr; /* network order */
3327 nodebuf[1] = c->u.node.mask; /* network order */
3328 rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3329 if (rc)
3330 return rc;
3331 rc = context_write(p, &c->context[0], fp);
3332 if (rc)
3333 return rc;
3334 break;
3335 case OCON_FSUSE:
3336 buf[0] = cpu_to_le32(c->v.behavior);
3337 len = strlen(c->u.name);
3338 buf[1] = cpu_to_le32(len);
3339 rc = put_entry(buf, sizeof(u32), 2, fp);
3340 if (rc)
3341 return rc;
3342 rc = put_entry(c->u.name, 1, len, fp);
3343 if (rc)
3344 return rc;
3345 rc = context_write(p, &c->context[0], fp);
3346 if (rc)
3347 return rc;
3348 break;
3349 case OCON_NODE6:
3350 for (j = 0; j < 4; j++)
3351 nodebuf[j] = c->u.node6.addr[j]; /* network order */
3352 for (j = 0; j < 4; j++)
3353 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3354 rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3355 if (rc)
3356 return rc;
3357 rc = context_write(p, &c->context[0], fp);
3358 if (rc)
3359 return rc;
3360 break;
3361 case OCON_IBPKEY:
3362 /* subnet_prefix is in CPU order */
3363 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3364
3365 rc = put_entry(prefixbuf, sizeof(u64), 1, fp);
3366 if (rc)
3367 return rc;
3368
3369 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey);
3370 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey);
3371
3372 rc = put_entry(buf, sizeof(u32), 2, fp);
3373 if (rc)
3374 return rc;
3375 rc = context_write(p, &c->context[0], fp);
3376 if (rc)
3377 return rc;
3378 break;
3379 case OCON_IBENDPORT:
3380 len = strlen(c->u.ibendport.dev_name);
3381 buf[0] = cpu_to_le32(len);
3382 buf[1] = cpu_to_le32(c->u.ibendport.port);
3383 rc = put_entry(buf, sizeof(u32), 2, fp);
3384 if (rc)
3385 return rc;
3386 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp);
3387 if (rc)
3388 return rc;
3389 rc = context_write(p, &c->context[0], fp);
3390 if (rc)
3391 return rc;
3392 break;
3393 }
3394 }
3395 }
3396 return 0;
3397 }
3398
genfs_write(struct policydb * p,void * fp)3399 static int genfs_write(struct policydb *p, void *fp)
3400 {
3401 struct genfs *genfs;
3402 struct ocontext *c;
3403 size_t len;
3404 __le32 buf[1];
3405 int rc;
3406
3407 len = 0;
3408 for (genfs = p->genfs; genfs; genfs = genfs->next)
3409 len++;
3410 buf[0] = cpu_to_le32(len);
3411 rc = put_entry(buf, sizeof(u32), 1, fp);
3412 if (rc)
3413 return rc;
3414 for (genfs = p->genfs; genfs; genfs = genfs->next) {
3415 len = strlen(genfs->fstype);
3416 buf[0] = cpu_to_le32(len);
3417 rc = put_entry(buf, sizeof(u32), 1, fp);
3418 if (rc)
3419 return rc;
3420 rc = put_entry(genfs->fstype, 1, len, fp);
3421 if (rc)
3422 return rc;
3423 len = 0;
3424 for (c = genfs->head; c; c = c->next)
3425 len++;
3426 buf[0] = cpu_to_le32(len);
3427 rc = put_entry(buf, sizeof(u32), 1, fp);
3428 if (rc)
3429 return rc;
3430 for (c = genfs->head; c; c = c->next) {
3431 len = strlen(c->u.name);
3432 buf[0] = cpu_to_le32(len);
3433 rc = put_entry(buf, sizeof(u32), 1, fp);
3434 if (rc)
3435 return rc;
3436 rc = put_entry(c->u.name, 1, len, fp);
3437 if (rc)
3438 return rc;
3439 buf[0] = cpu_to_le32(c->v.sclass);
3440 rc = put_entry(buf, sizeof(u32), 1, fp);
3441 if (rc)
3442 return rc;
3443 rc = context_write(p, &c->context[0], fp);
3444 if (rc)
3445 return rc;
3446 }
3447 }
3448 return 0;
3449 }
3450
range_write_helper(void * key,void * data,void * ptr)3451 static int range_write_helper(void *key, void *data, void *ptr)
3452 {
3453 __le32 buf[2];
3454 struct range_trans *rt = key;
3455 struct mls_range *r = data;
3456 struct policy_data *pd = ptr;
3457 void *fp = pd->fp;
3458 struct policydb *p = pd->p;
3459 int rc;
3460
3461 buf[0] = cpu_to_le32(rt->source_type);
3462 buf[1] = cpu_to_le32(rt->target_type);
3463 rc = put_entry(buf, sizeof(u32), 2, fp);
3464 if (rc)
3465 return rc;
3466 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3467 buf[0] = cpu_to_le32(rt->target_class);
3468 rc = put_entry(buf, sizeof(u32), 1, fp);
3469 if (rc)
3470 return rc;
3471 }
3472 rc = mls_write_range_helper(r, fp);
3473 if (rc)
3474 return rc;
3475
3476 return 0;
3477 }
3478
range_write(struct policydb * p,void * fp)3479 static int range_write(struct policydb *p, void *fp)
3480 {
3481 __le32 buf[1];
3482 int rc;
3483 struct policy_data pd;
3484
3485 pd.p = p;
3486 pd.fp = fp;
3487
3488 buf[0] = cpu_to_le32(p->range_tr.nel);
3489 rc = put_entry(buf, sizeof(u32), 1, fp);
3490 if (rc)
3491 return rc;
3492
3493 /* actually write all of the entries */
3494 rc = hashtab_map(&p->range_tr, range_write_helper, &pd);
3495 if (rc)
3496 return rc;
3497
3498 return 0;
3499 }
3500
filename_write_helper_compat(void * key,void * data,void * ptr)3501 static int filename_write_helper_compat(void *key, void *data, void *ptr)
3502 {
3503 struct filename_trans_key *ft = key;
3504 struct filename_trans_datum *datum = data;
3505 struct ebitmap_node *node;
3506 void *fp = ptr;
3507 __le32 buf[4];
3508 int rc;
3509 u32 bit, len = strlen(ft->name);
3510
3511 do {
3512 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) {
3513 buf[0] = cpu_to_le32(len);
3514 rc = put_entry(buf, sizeof(u32), 1, fp);
3515 if (rc)
3516 return rc;
3517
3518 rc = put_entry(ft->name, sizeof(char), len, fp);
3519 if (rc)
3520 return rc;
3521
3522 buf[0] = cpu_to_le32(bit + 1);
3523 buf[1] = cpu_to_le32(ft->ttype);
3524 buf[2] = cpu_to_le32(ft->tclass);
3525 buf[3] = cpu_to_le32(datum->otype);
3526
3527 rc = put_entry(buf, sizeof(u32), 4, fp);
3528 if (rc)
3529 return rc;
3530 }
3531
3532 datum = datum->next;
3533 } while (unlikely(datum));
3534
3535 return 0;
3536 }
3537
filename_write_helper(void * key,void * data,void * ptr)3538 static int filename_write_helper(void *key, void *data, void *ptr)
3539 {
3540 struct filename_trans_key *ft = key;
3541 struct filename_trans_datum *datum;
3542 void *fp = ptr;
3543 __le32 buf[3];
3544 int rc;
3545 u32 ndatum, len = strlen(ft->name);
3546
3547 buf[0] = cpu_to_le32(len);
3548 rc = put_entry(buf, sizeof(u32), 1, fp);
3549 if (rc)
3550 return rc;
3551
3552 rc = put_entry(ft->name, sizeof(char), len, fp);
3553 if (rc)
3554 return rc;
3555
3556 ndatum = 0;
3557 datum = data;
3558 do {
3559 ndatum++;
3560 datum = datum->next;
3561 } while (unlikely(datum));
3562
3563 buf[0] = cpu_to_le32(ft->ttype);
3564 buf[1] = cpu_to_le32(ft->tclass);
3565 buf[2] = cpu_to_le32(ndatum);
3566 rc = put_entry(buf, sizeof(u32), 3, fp);
3567 if (rc)
3568 return rc;
3569
3570 datum = data;
3571 do {
3572 rc = ebitmap_write(&datum->stypes, fp);
3573 if (rc)
3574 return rc;
3575
3576 buf[0] = cpu_to_le32(datum->otype);
3577 rc = put_entry(buf, sizeof(u32), 1, fp);
3578 if (rc)
3579 return rc;
3580
3581 datum = datum->next;
3582 } while (unlikely(datum));
3583
3584 return 0;
3585 }
3586
filename_trans_write(struct policydb * p,void * fp)3587 static int filename_trans_write(struct policydb *p, void *fp)
3588 {
3589 __le32 buf[1];
3590 int rc;
3591
3592 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3593 return 0;
3594
3595 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
3596 buf[0] = cpu_to_le32(p->compat_filename_trans_count);
3597 rc = put_entry(buf, sizeof(u32), 1, fp);
3598 if (rc)
3599 return rc;
3600
3601 rc = hashtab_map(&p->filename_trans,
3602 filename_write_helper_compat, fp);
3603 } else {
3604 buf[0] = cpu_to_le32(p->filename_trans.nel);
3605 rc = put_entry(buf, sizeof(u32), 1, fp);
3606 if (rc)
3607 return rc;
3608
3609 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp);
3610 }
3611 return rc;
3612 }
3613
3614 /*
3615 * Write the configuration data in a policy database
3616 * structure to a policy database binary representation
3617 * file.
3618 */
policydb_write(struct policydb * p,void * fp)3619 int policydb_write(struct policydb *p, void *fp)
3620 {
3621 unsigned int num_syms;
3622 int rc;
3623 __le32 buf[4];
3624 u32 config, i;
3625 size_t len;
3626 const struct policydb_compat_info *info;
3627
3628 /*
3629 * refuse to write policy older than compressed avtab
3630 * to simplify the writer. There are other tests dropped
3631 * since we assume this throughout the writer code. Be
3632 * careful if you ever try to remove this restriction
3633 */
3634 if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3635 pr_err("SELinux: refusing to write policy version %d."
3636 " Because it is less than version %d\n", p->policyvers,
3637 POLICYDB_VERSION_AVTAB);
3638 return -EINVAL;
3639 }
3640
3641 config = 0;
3642 if (p->mls_enabled)
3643 config |= POLICYDB_CONFIG_MLS;
3644
3645 if (p->reject_unknown)
3646 config |= REJECT_UNKNOWN;
3647 if (p->allow_unknown)
3648 config |= ALLOW_UNKNOWN;
3649
3650 /* Write the magic number and string identifiers. */
3651 buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3652 len = strlen(POLICYDB_STRING);
3653 buf[1] = cpu_to_le32(len);
3654 rc = put_entry(buf, sizeof(u32), 2, fp);
3655 if (rc)
3656 return rc;
3657 rc = put_entry(POLICYDB_STRING, 1, len, fp);
3658 if (rc)
3659 return rc;
3660
3661 /* Write the version, config, and table sizes. */
3662 info = policydb_lookup_compat(p->policyvers);
3663 if (!info) {
3664 pr_err("SELinux: compatibility lookup failed for policy "
3665 "version %d\n", p->policyvers);
3666 return -EINVAL;
3667 }
3668
3669 buf[0] = cpu_to_le32(p->policyvers);
3670 buf[1] = cpu_to_le32(config);
3671 buf[2] = cpu_to_le32(info->sym_num);
3672 buf[3] = cpu_to_le32(info->ocon_num);
3673
3674 rc = put_entry(buf, sizeof(u32), 4, fp);
3675 if (rc)
3676 return rc;
3677
3678 if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3679 rc = ebitmap_write(&p->policycaps, fp);
3680 if (rc)
3681 return rc;
3682 }
3683
3684 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3685 rc = ebitmap_write(&p->permissive_map, fp);
3686 if (rc)
3687 return rc;
3688 }
3689
3690 num_syms = info->sym_num;
3691 for (i = 0; i < num_syms; i++) {
3692 struct policy_data pd;
3693
3694 pd.fp = fp;
3695 pd.p = p;
3696
3697 buf[0] = cpu_to_le32(p->symtab[i].nprim);
3698 buf[1] = cpu_to_le32(p->symtab[i].table.nel);
3699
3700 rc = put_entry(buf, sizeof(u32), 2, fp);
3701 if (rc)
3702 return rc;
3703 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd);
3704 if (rc)
3705 return rc;
3706 }
3707
3708 rc = avtab_write(p, &p->te_avtab, fp);
3709 if (rc)
3710 return rc;
3711
3712 rc = cond_write_list(p, fp);
3713 if (rc)
3714 return rc;
3715
3716 rc = role_trans_write(p, fp);
3717 if (rc)
3718 return rc;
3719
3720 rc = role_allow_write(p->role_allow, fp);
3721 if (rc)
3722 return rc;
3723
3724 rc = filename_trans_write(p, fp);
3725 if (rc)
3726 return rc;
3727
3728 rc = ocontext_write(p, info, fp);
3729 if (rc)
3730 return rc;
3731
3732 rc = genfs_write(p, fp);
3733 if (rc)
3734 return rc;
3735
3736 rc = range_write(p, fp);
3737 if (rc)
3738 return rc;
3739
3740 for (i = 0; i < p->p_types.nprim; i++) {
3741 struct ebitmap *e = &p->type_attr_map_array[i];
3742
3743 rc = ebitmap_write(e, fp);
3744 if (rc)
3745 return rc;
3746 }
3747
3748 return 0;
3749 }
3750