Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
policydb.c
Go to the documentation of this file.
1 /*
2  * Implementation of the policy database.
3  *
4  * Author : Stephen Smalley, <[email protected]>
5  */
6 
7 /*
8  * Updated: Trusted Computer Solutions, Inc. <[email protected]>
9  *
10  * Support for enhanced MLS infrastructure.
11  *
12  * Updated: Frank Mayer <[email protected]> and Karl MacMillan <[email protected]>
13  *
14  * Added conditional policy language extensions
15  *
16  * Updated: Hewlett-Packard <[email protected]>
17  *
18  * Added support for the policy capability bitmap
19  *
20  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
21  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
22  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
23  * This program is free software; you can redistribute it and/or modify
24  * it under the terms of the GNU General Public License as published by
25  * the Free Software Foundation, version 2.
26  */
27 
28 #include <linux/kernel.h>
29 #include <linux/sched.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <linux/errno.h>
33 #include <linux/audit.h>
34 #include <linux/flex_array.h>
35 #include "security.h"
36 
37 #include "policydb.h"
38 #include "conditional.h"
39 #include "mls.h"
40 #include "services.h"
41 
42 #define _DEBUG_HASHES
43 
44 #ifdef DEBUG_HASHES
45 static const char *symtab_name[SYM_NUM] = {
46  "common prefixes",
47  "classes",
48  "roles",
49  "types",
50  "users",
51  "bools",
52  "levels",
53  "categories",
54 };
55 #endif
56 
57 static unsigned int symtab_sizes[SYM_NUM] = {
58  2,
59  32,
60  16,
61  512,
62  128,
63  16,
64  16,
65  16,
66 };
67 
69  int version;
70  int sym_num;
71  int ocon_num;
72 };
73 
74 /* These need to be updated if SYM_NUM or OCON_NUM changes */
75 static struct policydb_compat_info policydb_compat[] = {
76  {
77  .version = POLICYDB_VERSION_BASE,
78  .sym_num = SYM_NUM - 3,
79  .ocon_num = OCON_NUM - 1,
80  },
81  {
82  .version = POLICYDB_VERSION_BOOL,
83  .sym_num = SYM_NUM - 2,
84  .ocon_num = OCON_NUM - 1,
85  },
86  {
87  .version = POLICYDB_VERSION_IPV6,
88  .sym_num = SYM_NUM - 2,
89  .ocon_num = OCON_NUM,
90  },
91  {
92  .version = POLICYDB_VERSION_NLCLASS,
93  .sym_num = SYM_NUM - 2,
94  .ocon_num = OCON_NUM,
95  },
96  {
97  .version = POLICYDB_VERSION_MLS,
98  .sym_num = SYM_NUM,
99  .ocon_num = OCON_NUM,
100  },
101  {
102  .version = POLICYDB_VERSION_AVTAB,
103  .sym_num = SYM_NUM,
104  .ocon_num = OCON_NUM,
105  },
106  {
107  .version = POLICYDB_VERSION_RANGETRANS,
108  .sym_num = SYM_NUM,
109  .ocon_num = OCON_NUM,
110  },
111  {
112  .version = POLICYDB_VERSION_POLCAP,
113  .sym_num = SYM_NUM,
114  .ocon_num = OCON_NUM,
115  },
116  {
117  .version = POLICYDB_VERSION_PERMISSIVE,
118  .sym_num = SYM_NUM,
119  .ocon_num = OCON_NUM,
120  },
121  {
122  .version = POLICYDB_VERSION_BOUNDARY,
123  .sym_num = SYM_NUM,
124  .ocon_num = OCON_NUM,
125  },
126  {
128  .sym_num = SYM_NUM,
129  .ocon_num = OCON_NUM,
130  },
131  {
132  .version = POLICYDB_VERSION_ROLETRANS,
133  .sym_num = SYM_NUM,
134  .ocon_num = OCON_NUM,
135  },
136  {
138  .sym_num = SYM_NUM,
139  .ocon_num = OCON_NUM,
140  },
141  {
143  .sym_num = SYM_NUM,
144  .ocon_num = OCON_NUM,
145  },
146 };
147 
148 static struct policydb_compat_info *policydb_lookup_compat(int version)
149 {
150  int i;
151  struct policydb_compat_info *info = NULL;
152 
153  for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
154  if (policydb_compat[i].version == version) {
155  info = &policydb_compat[i];
156  break;
157  }
158  }
159  return info;
160 }
161 
162 /*
163  * Initialize the role table.
164  */
165 static int roles_init(struct policydb *p)
166 {
167  char *key = NULL;
168  int rc;
169  struct role_datum *role;
170 
171  rc = -ENOMEM;
172  role = kzalloc(sizeof(*role), GFP_KERNEL);
173  if (!role)
174  goto out;
175 
176  rc = -EINVAL;
177  role->value = ++p->p_roles.nprim;
178  if (role->value != OBJECT_R_VAL)
179  goto out;
180 
181  rc = -ENOMEM;
182  key = kstrdup(OBJECT_R, GFP_KERNEL);
183  if (!key)
184  goto out;
185 
186  rc = hashtab_insert(p->p_roles.table, key, role);
187  if (rc)
188  goto out;
189 
190  return 0;
191 out:
192  kfree(key);
193  kfree(role);
194  return rc;
195 }
196 
197 static u32 filenametr_hash(struct hashtab *h, const void *k)
198 {
199  const struct filename_trans *ft = k;
200  unsigned long hash;
201  unsigned int byte_num;
202  unsigned char focus;
203 
204  hash = ft->stype ^ ft->ttype ^ ft->tclass;
205 
206  byte_num = 0;
207  while ((focus = ft->name[byte_num++]))
208  hash = partial_name_hash(focus, hash);
209  return hash & (h->size - 1);
210 }
211 
212 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2)
213 {
214  const struct filename_trans *ft1 = k1;
215  const struct filename_trans *ft2 = k2;
216  int v;
217 
218  v = ft1->stype - ft2->stype;
219  if (v)
220  return v;
221 
222  v = ft1->ttype - ft2->ttype;
223  if (v)
224  return v;
225 
226  v = ft1->tclass - ft2->tclass;
227  if (v)
228  return v;
229 
230  return strcmp(ft1->name, ft2->name);
231 
232 }
233 
234 static u32 rangetr_hash(struct hashtab *h, const void *k)
235 {
236  const struct range_trans *key = k;
237  return (key->source_type + (key->target_type << 3) +
238  (key->target_class << 5)) & (h->size - 1);
239 }
240 
241 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
242 {
243  const struct range_trans *key1 = k1, *key2 = k2;
244  int v;
245 
246  v = key1->source_type - key2->source_type;
247  if (v)
248  return v;
249 
250  v = key1->target_type - key2->target_type;
251  if (v)
252  return v;
253 
254  v = key1->target_class - key2->target_class;
255 
256  return v;
257 }
258 
259 /*
260  * Initialize a policy database structure.
261  */
262 static int policydb_init(struct policydb *p)
263 {
264  int i, rc;
265 
266  memset(p, 0, sizeof(*p));
267 
268  for (i = 0; i < SYM_NUM; i++) {
269  rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
270  if (rc)
271  goto out;
272  }
273 
274  rc = avtab_init(&p->te_avtab);
275  if (rc)
276  goto out;
277 
278  rc = roles_init(p);
279  if (rc)
280  goto out;
281 
282  rc = cond_policydb_init(p);
283  if (rc)
284  goto out;
285 
286  p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
287  if (!p->filename_trans)
288  goto out;
289 
290  p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
291  if (!p->range_tr)
292  goto out;
293 
294  ebitmap_init(&p->filename_trans_ttypes);
295  ebitmap_init(&p->policycaps);
296  ebitmap_init(&p->permissive_map);
297 
298  return 0;
299 out:
302  for (i = 0; i < SYM_NUM; i++)
303  hashtab_destroy(p->symtab[i].table);
304  return rc;
305 }
306 
307 /*
308  * The following *_index functions are used to
309  * define the val_to_name and val_to_struct arrays
310  * in a policy database structure. The val_to_name
311  * arrays are used when converting security context
312  * structures into string representations. The
313  * val_to_struct arrays are used when the attributes
314  * of a class, role, or user are needed.
315  */
316 
317 static int common_index(void *key, void *datum, void *datap)
318 {
319  struct policydb *p;
320  struct common_datum *comdatum;
321  struct flex_array *fa;
322 
323  comdatum = datum;
324  p = datap;
325  if (!comdatum->value || comdatum->value > p->p_commons.nprim)
326  return -EINVAL;
327 
328  fa = p->sym_val_to_name[SYM_COMMONS];
329  if (flex_array_put_ptr(fa, comdatum->value - 1, key,
331  BUG();
332  return 0;
333 }
334 
335 static int class_index(void *key, void *datum, void *datap)
336 {
337  struct policydb *p;
338  struct class_datum *cladatum;
339  struct flex_array *fa;
340 
341  cladatum = datum;
342  p = datap;
343  if (!cladatum->value || cladatum->value > p->p_classes.nprim)
344  return -EINVAL;
345  fa = p->sym_val_to_name[SYM_CLASSES];
346  if (flex_array_put_ptr(fa, cladatum->value - 1, key,
348  BUG();
349  p->class_val_to_struct[cladatum->value - 1] = cladatum;
350  return 0;
351 }
352 
353 static int role_index(void *key, void *datum, void *datap)
354 {
355  struct policydb *p;
356  struct role_datum *role;
357  struct flex_array *fa;
358 
359  role = datum;
360  p = datap;
361  if (!role->value
362  || role->value > p->p_roles.nprim
363  || role->bounds > p->p_roles.nprim)
364  return -EINVAL;
365 
366  fa = p->sym_val_to_name[SYM_ROLES];
367  if (flex_array_put_ptr(fa, role->value - 1, key,
369  BUG();
370  p->role_val_to_struct[role->value - 1] = role;
371  return 0;
372 }
373 
374 static int type_index(void *key, void *datum, void *datap)
375 {
376  struct policydb *p;
377  struct type_datum *typdatum;
378  struct flex_array *fa;
379 
380  typdatum = datum;
381  p = datap;
382 
383  if (typdatum->primary) {
384  if (!typdatum->value
385  || typdatum->value > p->p_types.nprim
386  || typdatum->bounds > p->p_types.nprim)
387  return -EINVAL;
388  fa = p->sym_val_to_name[SYM_TYPES];
389  if (flex_array_put_ptr(fa, typdatum->value - 1, key,
391  BUG();
392 
393  fa = p->type_val_to_struct_array;
394  if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum,
396  BUG();
397  }
398 
399  return 0;
400 }
401 
402 static int user_index(void *key, void *datum, void *datap)
403 {
404  struct policydb *p;
405  struct user_datum *usrdatum;
406  struct flex_array *fa;
407 
408  usrdatum = datum;
409  p = datap;
410  if (!usrdatum->value
411  || usrdatum->value > p->p_users.nprim
412  || usrdatum->bounds > p->p_users.nprim)
413  return -EINVAL;
414 
415  fa = p->sym_val_to_name[SYM_USERS];
416  if (flex_array_put_ptr(fa, usrdatum->value - 1, key,
418  BUG();
419  p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
420  return 0;
421 }
422 
423 static int sens_index(void *key, void *datum, void *datap)
424 {
425  struct policydb *p;
426  struct level_datum *levdatum;
427  struct flex_array *fa;
428 
429  levdatum = datum;
430  p = datap;
431 
432  if (!levdatum->isalias) {
433  if (!levdatum->level->sens ||
434  levdatum->level->sens > p->p_levels.nprim)
435  return -EINVAL;
436  fa = p->sym_val_to_name[SYM_LEVELS];
437  if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key,
439  BUG();
440  }
441 
442  return 0;
443 }
444 
445 static int cat_index(void *key, void *datum, void *datap)
446 {
447  struct policydb *p;
448  struct cat_datum *catdatum;
449  struct flex_array *fa;
450 
451  catdatum = datum;
452  p = datap;
453 
454  if (!catdatum->isalias) {
455  if (!catdatum->value || catdatum->value > p->p_cats.nprim)
456  return -EINVAL;
457  fa = p->sym_val_to_name[SYM_CATS];
458  if (flex_array_put_ptr(fa, catdatum->value - 1, key,
460  BUG();
461  }
462 
463  return 0;
464 }
465 
466 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
467 {
468  common_index,
469  class_index,
470  role_index,
471  type_index,
472  user_index,
474  sens_index,
475  cat_index,
476 };
477 
478 #ifdef DEBUG_HASHES
479 static void hash_eval(struct hashtab *h, const char *hash_name)
480 {
481  struct hashtab_info info;
482 
483  hashtab_stat(h, &info);
484  printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
485  "longest chain length %d\n", hash_name, h->nel,
486  info.slots_used, h->size, info.max_chain_len);
487 }
488 
489 static void symtab_hash_eval(struct symtab *s)
490 {
491  int i;
492 
493  for (i = 0; i < SYM_NUM; i++)
494  hash_eval(s[i].table, symtab_name[i]);
495 }
496 
497 #else
498 static inline void hash_eval(struct hashtab *h, char *hash_name)
499 {
500 }
501 #endif
502 
503 /*
504  * Define the other val_to_name and val_to_struct arrays
505  * in a policy database structure.
506  *
507  * Caller must clean up on failure.
508  */
509 static int policydb_index(struct policydb *p)
510 {
511  int i, rc;
512 
513  printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
514  p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
515  if (p->mls_enabled)
516  printk(", %d sens, %d cats", p->p_levels.nprim,
517  p->p_cats.nprim);
518  printk("\n");
519 
520  printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
521  p->p_classes.nprim, p->te_avtab.nel);
522 
523 #ifdef DEBUG_HASHES
524  avtab_hash_eval(&p->te_avtab, "rules");
525  symtab_hash_eval(p->symtab);
526 #endif
527 
528  rc = -ENOMEM;
530  kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)),
531  GFP_KERNEL);
532  if (!p->class_val_to_struct)
533  goto out;
534 
535  rc = -ENOMEM;
536  p->role_val_to_struct =
537  kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
538  GFP_KERNEL);
539  if (!p->role_val_to_struct)
540  goto out;
541 
542  rc = -ENOMEM;
543  p->user_val_to_struct =
544  kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
545  GFP_KERNEL);
546  if (!p->user_val_to_struct)
547  goto out;
548 
549  /* Yes, I want the sizeof the pointer, not the structure */
550  rc = -ENOMEM;
552  p->p_types.nprim,
554  if (!p->type_val_to_struct_array)
555  goto out;
556 
558  p->p_types.nprim, GFP_KERNEL | __GFP_ZERO);
559  if (rc)
560  goto out;
561 
562  rc = cond_init_bool_indexes(p);
563  if (rc)
564  goto out;
565 
566  for (i = 0; i < SYM_NUM; i++) {
567  rc = -ENOMEM;
568  p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *),
569  p->symtab[i].nprim,
571  if (!p->sym_val_to_name[i])
572  goto out;
573 
575  0, p->symtab[i].nprim,
577  if (rc)
578  goto out;
579 
580  rc = hashtab_map(p->symtab[i].table, index_f[i], p);
581  if (rc)
582  goto out;
583  }
584  rc = 0;
585 out:
586  return rc;
587 }
588 
589 /*
590  * The following *_destroy functions are used to
591  * free any memory allocated for each kind of
592  * symbol data in the policy database.
593  */
594 
595 static int perm_destroy(void *key, void *datum, void *p)
596 {
597  kfree(key);
598  kfree(datum);
599  return 0;
600 }
601 
602 static int common_destroy(void *key, void *datum, void *p)
603 {
604  struct common_datum *comdatum;
605 
606  kfree(key);
607  if (datum) {
608  comdatum = datum;
609  hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
610  hashtab_destroy(comdatum->permissions.table);
611  }
612  kfree(datum);
613  return 0;
614 }
615 
616 static int cls_destroy(void *key, void *datum, void *p)
617 {
618  struct class_datum *cladatum;
619  struct constraint_node *constraint, *ctemp;
620  struct constraint_expr *e, *etmp;
621 
622  kfree(key);
623  if (datum) {
624  cladatum = datum;
625  hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
626  hashtab_destroy(cladatum->permissions.table);
627  constraint = cladatum->constraints;
628  while (constraint) {
629  e = constraint->expr;
630  while (e) {
631  ebitmap_destroy(&e->names);
632  etmp = e;
633  e = e->next;
634  kfree(etmp);
635  }
636  ctemp = constraint;
637  constraint = constraint->next;
638  kfree(ctemp);
639  }
640 
641  constraint = cladatum->validatetrans;
642  while (constraint) {
643  e = constraint->expr;
644  while (e) {
645  ebitmap_destroy(&e->names);
646  etmp = e;
647  e = e->next;
648  kfree(etmp);
649  }
650  ctemp = constraint;
651  constraint = constraint->next;
652  kfree(ctemp);
653  }
654 
655  kfree(cladatum->comkey);
656  }
657  kfree(datum);
658  return 0;
659 }
660 
661 static int role_destroy(void *key, void *datum, void *p)
662 {
663  struct role_datum *role;
664 
665  kfree(key);
666  if (datum) {
667  role = datum;
668  ebitmap_destroy(&role->dominates);
669  ebitmap_destroy(&role->types);
670  }
671  kfree(datum);
672  return 0;
673 }
674 
675 static int type_destroy(void *key, void *datum, void *p)
676 {
677  kfree(key);
678  kfree(datum);
679  return 0;
680 }
681 
682 static int user_destroy(void *key, void *datum, void *p)
683 {
684  struct user_datum *usrdatum;
685 
686  kfree(key);
687  if (datum) {
688  usrdatum = datum;
689  ebitmap_destroy(&usrdatum->roles);
690  ebitmap_destroy(&usrdatum->range.level[0].cat);
691  ebitmap_destroy(&usrdatum->range.level[1].cat);
692  ebitmap_destroy(&usrdatum->dfltlevel.cat);
693  }
694  kfree(datum);
695  return 0;
696 }
697 
698 static int sens_destroy(void *key, void *datum, void *p)
699 {
700  struct level_datum *levdatum;
701 
702  kfree(key);
703  if (datum) {
704  levdatum = datum;
705  ebitmap_destroy(&levdatum->level->cat);
706  kfree(levdatum->level);
707  }
708  kfree(datum);
709  return 0;
710 }
711 
712 static int cat_destroy(void *key, void *datum, void *p)
713 {
714  kfree(key);
715  kfree(datum);
716  return 0;
717 }
718 
719 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
720 {
721  common_destroy,
722  cls_destroy,
723  role_destroy,
724  type_destroy,
725  user_destroy,
727  sens_destroy,
728  cat_destroy,
729 };
730 
731 static int filenametr_destroy(void *key, void *datum, void *p)
732 {
733  struct filename_trans *ft = key;
734  kfree(ft->name);
735  kfree(key);
736  kfree(datum);
737  cond_resched();
738  return 0;
739 }
740 
741 static int range_tr_destroy(void *key, void *datum, void *p)
742 {
743  struct mls_range *rt = datum;
744  kfree(key);
745  ebitmap_destroy(&rt->level[0].cat);
746  ebitmap_destroy(&rt->level[1].cat);
747  kfree(datum);
748  cond_resched();
749  return 0;
750 }
751 
752 static void ocontext_destroy(struct ocontext *c, int i)
753 {
754  if (!c)
755  return;
756 
757  context_destroy(&c->context[0]);
758  context_destroy(&c->context[1]);
759  if (i == OCON_ISID || i == OCON_FS ||
760  i == OCON_NETIF || i == OCON_FSUSE)
761  kfree(c->u.name);
762  kfree(c);
763 }
764 
765 /*
766  * Free any memory allocated by a policy database structure.
767  */
768 void policydb_destroy(struct policydb *p)
769 {
770  struct ocontext *c, *ctmp;
771  struct genfs *g, *gtmp;
772  int i;
773  struct role_allow *ra, *lra = NULL;
774  struct role_trans *tr, *ltr = NULL;
775 
776  for (i = 0; i < SYM_NUM; i++) {
777  cond_resched();
778  hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
779  hashtab_destroy(p->symtab[i].table);
780  }
781 
782  for (i = 0; i < SYM_NUM; i++) {
783  if (p->sym_val_to_name[i])
785  }
786 
792 
793  avtab_destroy(&p->te_avtab);
794 
795  for (i = 0; i < OCON_NUM; i++) {
796  cond_resched();
797  c = p->ocontexts[i];
798  while (c) {
799  ctmp = c;
800  c = c->next;
801  ocontext_destroy(ctmp, i);
802  }
803  p->ocontexts[i] = NULL;
804  }
805 
806  g = p->genfs;
807  while (g) {
808  cond_resched();
809  kfree(g->fstype);
810  c = g->head;
811  while (c) {
812  ctmp = c;
813  c = c->next;
814  ocontext_destroy(ctmp, OCON_FSUSE);
815  }
816  gtmp = g;
817  g = g->next;
818  kfree(gtmp);
819  }
820  p->genfs = NULL;
821 
823 
824  for (tr = p->role_tr; tr; tr = tr->next) {
825  cond_resched();
826  kfree(ltr);
827  ltr = tr;
828  }
829  kfree(ltr);
830 
831  for (ra = p->role_allow; ra; ra = ra->next) {
832  cond_resched();
833  kfree(lra);
834  lra = ra;
835  }
836  kfree(lra);
837 
838  hashtab_map(p->filename_trans, filenametr_destroy, NULL);
840 
841  hashtab_map(p->range_tr, range_tr_destroy, NULL);
843 
844  if (p->type_attr_map_array) {
845  for (i = 0; i < p->p_types.nprim; i++) {
846  struct ebitmap *e;
847 
849  if (!e)
850  continue;
851  ebitmap_destroy(e);
852  }
854  }
855 
859 
860  return;
861 }
862 
863 /*
864  * Load the initial SIDs specified in a policy database
865  * structure into a SID table.
866  */
867 int policydb_load_isids(struct policydb *p, struct sidtab *s)
868 {
869  struct ocontext *head, *c;
870  int rc;
871 
872  rc = sidtab_init(s);
873  if (rc) {
874  printk(KERN_ERR "SELinux: out of memory on SID table init\n");
875  goto out;
876  }
877 
878  head = p->ocontexts[OCON_ISID];
879  for (c = head; c; c = c->next) {
880  rc = -EINVAL;
881  if (!c->context[0].user) {
882  printk(KERN_ERR "SELinux: SID %s was never defined.\n",
883  c->u.name);
884  goto out;
885  }
886 
887  rc = sidtab_insert(s, c->sid[0], &c->context[0]);
888  if (rc) {
889  printk(KERN_ERR "SELinux: unable to load initial SID %s.\n",
890  c->u.name);
891  goto out;
892  }
893  }
894  rc = 0;
895 out:
896  return rc;
897 }
898 
899 int policydb_class_isvalid(struct policydb *p, unsigned int class)
900 {
901  if (!class || class > p->p_classes.nprim)
902  return 0;
903  return 1;
904 }
905 
906 int policydb_role_isvalid(struct policydb *p, unsigned int role)
907 {
908  if (!role || role > p->p_roles.nprim)
909  return 0;
910  return 1;
911 }
912 
913 int policydb_type_isvalid(struct policydb *p, unsigned int type)
914 {
915  if (!type || type > p->p_types.nprim)
916  return 0;
917  return 1;
918 }
919 
920 /*
921  * Return 1 if the fields in the security context
922  * structure `c' are valid. Return 0 otherwise.
923  */
924 int policydb_context_isvalid(struct policydb *p, struct context *c)
925 {
926  struct role_datum *role;
927  struct user_datum *usrdatum;
928 
929  if (!c->role || c->role > p->p_roles.nprim)
930  return 0;
931 
932  if (!c->user || c->user > p->p_users.nprim)
933  return 0;
934 
935  if (!c->type || c->type > p->p_types.nprim)
936  return 0;
937 
938  if (c->role != OBJECT_R_VAL) {
939  /*
940  * Role must be authorized for the type.
941  */
942  role = p->role_val_to_struct[c->role - 1];
943  if (!ebitmap_get_bit(&role->types, c->type - 1))
944  /* role may not be associated with type */
945  return 0;
946 
947  /*
948  * User must be authorized for the role.
949  */
950  usrdatum = p->user_val_to_struct[c->user - 1];
951  if (!usrdatum)
952  return 0;
953 
954  if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
955  /* user may not be associated with role */
956  return 0;
957  }
958 
959  if (!mls_context_isvalid(p, c))
960  return 0;
961 
962  return 1;
963 }
964 
965 /*
966  * Read a MLS range structure from a policydb binary
967  * representation file.
968  */
969 static int mls_read_range_helper(struct mls_range *r, void *fp)
970 {
971  __le32 buf[2];
972  u32 items;
973  int rc;
974 
975  rc = next_entry(buf, fp, sizeof(u32));
976  if (rc)
977  goto out;
978 
979  rc = -EINVAL;
980  items = le32_to_cpu(buf[0]);
981  if (items > ARRAY_SIZE(buf)) {
982  printk(KERN_ERR "SELinux: mls: range overflow\n");
983  goto out;
984  }
985 
986  rc = next_entry(buf, fp, sizeof(u32) * items);
987  if (rc) {
988  printk(KERN_ERR "SELinux: mls: truncated range\n");
989  goto out;
990  }
991 
992  r->level[0].sens = le32_to_cpu(buf[0]);
993  if (items > 1)
994  r->level[1].sens = le32_to_cpu(buf[1]);
995  else
996  r->level[1].sens = r->level[0].sens;
997 
998  rc = ebitmap_read(&r->level[0].cat, fp);
999  if (rc) {
1000  printk(KERN_ERR "SELinux: mls: error reading low categories\n");
1001  goto out;
1002  }
1003  if (items > 1) {
1004  rc = ebitmap_read(&r->level[1].cat, fp);
1005  if (rc) {
1006  printk(KERN_ERR "SELinux: mls: error reading high categories\n");
1007  goto bad_high;
1008  }
1009  } else {
1010  rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1011  if (rc) {
1012  printk(KERN_ERR "SELinux: mls: out of memory\n");
1013  goto bad_high;
1014  }
1015  }
1016 
1017  return 0;
1018 bad_high:
1019  ebitmap_destroy(&r->level[0].cat);
1020 out:
1021  return rc;
1022 }
1023 
1024 /*
1025  * Read and validate a security context structure
1026  * from a policydb binary representation file.
1027  */
1028 static int context_read_and_validate(struct context *c,
1029  struct policydb *p,
1030  void *fp)
1031 {
1032  __le32 buf[3];
1033  int rc;
1034 
1035  rc = next_entry(buf, fp, sizeof buf);
1036  if (rc) {
1037  printk(KERN_ERR "SELinux: context truncated\n");
1038  goto out;
1039  }
1040  c->user = le32_to_cpu(buf[0]);
1041  c->role = le32_to_cpu(buf[1]);
1042  c->type = le32_to_cpu(buf[2]);
1043  if (p->policyvers >= POLICYDB_VERSION_MLS) {
1044  rc = mls_read_range_helper(&c->range, fp);
1045  if (rc) {
1046  printk(KERN_ERR "SELinux: error reading MLS range of context\n");
1047  goto out;
1048  }
1049  }
1050 
1051  rc = -EINVAL;
1052  if (!policydb_context_isvalid(p, c)) {
1053  printk(KERN_ERR "SELinux: invalid security context\n");
1054  context_destroy(c);
1055  goto out;
1056  }
1057  rc = 0;
1058 out:
1059  return rc;
1060 }
1061 
1062 /*
1063  * The following *_read functions are used to
1064  * read the symbol data from a policy database
1065  * binary representation file.
1066  */
1067 
1068 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
1069 {
1070  char *key = NULL;
1071  struct perm_datum *perdatum;
1072  int rc;
1073  __le32 buf[2];
1074  u32 len;
1075 
1076  rc = -ENOMEM;
1077  perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1078  if (!perdatum)
1079  goto bad;
1080 
1081  rc = next_entry(buf, fp, sizeof buf);
1082  if (rc)
1083  goto bad;
1084 
1085  len = le32_to_cpu(buf[0]);
1086  perdatum->value = le32_to_cpu(buf[1]);
1087 
1088  rc = -ENOMEM;
1089  key = kmalloc(len + 1, GFP_KERNEL);
1090  if (!key)
1091  goto bad;
1092 
1093  rc = next_entry(key, fp, len);
1094  if (rc)
1095  goto bad;
1096  key[len] = '\0';
1097 
1098  rc = hashtab_insert(h, key, perdatum);
1099  if (rc)
1100  goto bad;
1101 
1102  return 0;
1103 bad:
1104  perm_destroy(key, perdatum, NULL);
1105  return rc;
1106 }
1107 
1108 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
1109 {
1110  char *key = NULL;
1111  struct common_datum *comdatum;
1112  __le32 buf[4];
1113  u32 len, nel;
1114  int i, rc;
1115 
1116  rc = -ENOMEM;
1117  comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1118  if (!comdatum)
1119  goto bad;
1120 
1121  rc = next_entry(buf, fp, sizeof buf);
1122  if (rc)
1123  goto bad;
1124 
1125  len = le32_to_cpu(buf[0]);
1126  comdatum->value = le32_to_cpu(buf[1]);
1127 
1128  rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
1129  if (rc)
1130  goto bad;
1131  comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1132  nel = le32_to_cpu(buf[3]);
1133 
1134  rc = -ENOMEM;
1135  key = kmalloc(len + 1, GFP_KERNEL);
1136  if (!key)
1137  goto bad;
1138 
1139  rc = next_entry(key, fp, len);
1140  if (rc)
1141  goto bad;
1142  key[len] = '\0';
1143 
1144  for (i = 0; i < nel; i++) {
1145  rc = perm_read(p, comdatum->permissions.table, fp);
1146  if (rc)
1147  goto bad;
1148  }
1149 
1150  rc = hashtab_insert(h, key, comdatum);
1151  if (rc)
1152  goto bad;
1153  return 0;
1154 bad:
1155  common_destroy(key, comdatum, NULL);
1156  return rc;
1157 }
1158 
1159 static int read_cons_helper(struct constraint_node **nodep, int ncons,
1160  int allowxtarget, void *fp)
1161 {
1162  struct constraint_node *c, *lc;
1163  struct constraint_expr *e, *le;
1164  __le32 buf[3];
1165  u32 nexpr;
1166  int rc, i, j, depth;
1167 
1168  lc = NULL;
1169  for (i = 0; i < ncons; i++) {
1170  c = kzalloc(sizeof(*c), GFP_KERNEL);
1171  if (!c)
1172  return -ENOMEM;
1173 
1174  if (lc)
1175  lc->next = c;
1176  else
1177  *nodep = c;
1178 
1179  rc = next_entry(buf, fp, (sizeof(u32) * 2));
1180  if (rc)
1181  return rc;
1182  c->permissions = le32_to_cpu(buf[0]);
1183  nexpr = le32_to_cpu(buf[1]);
1184  le = NULL;
1185  depth = -1;
1186  for (j = 0; j < nexpr; j++) {
1187  e = kzalloc(sizeof(*e), GFP_KERNEL);
1188  if (!e)
1189  return -ENOMEM;
1190 
1191  if (le)
1192  le->next = e;
1193  else
1194  c->expr = e;
1195 
1196  rc = next_entry(buf, fp, (sizeof(u32) * 3));
1197  if (rc)
1198  return rc;
1199  e->expr_type = le32_to_cpu(buf[0]);
1200  e->attr = le32_to_cpu(buf[1]);
1201  e->op = le32_to_cpu(buf[2]);
1202 
1203  switch (e->expr_type) {
1204  case CEXPR_NOT:
1205  if (depth < 0)
1206  return -EINVAL;
1207  break;
1208  case CEXPR_AND:
1209  case CEXPR_OR:
1210  if (depth < 1)
1211  return -EINVAL;
1212  depth--;
1213  break;
1214  case CEXPR_ATTR:
1215  if (depth == (CEXPR_MAXDEPTH - 1))
1216  return -EINVAL;
1217  depth++;
1218  break;
1219  case CEXPR_NAMES:
1220  if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1221  return -EINVAL;
1222  if (depth == (CEXPR_MAXDEPTH - 1))
1223  return -EINVAL;
1224  depth++;
1225  rc = ebitmap_read(&e->names, fp);
1226  if (rc)
1227  return rc;
1228  break;
1229  default:
1230  return -EINVAL;
1231  }
1232  le = e;
1233  }
1234  if (depth != 0)
1235  return -EINVAL;
1236  lc = c;
1237  }
1238 
1239  return 0;
1240 }
1241 
1242 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1243 {
1244  char *key = NULL;
1245  struct class_datum *cladatum;
1246  __le32 buf[6];
1247  u32 len, len2, ncons, nel;
1248  int i, rc;
1249 
1250  rc = -ENOMEM;
1251  cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1252  if (!cladatum)
1253  goto bad;
1254 
1255  rc = next_entry(buf, fp, sizeof(u32)*6);
1256  if (rc)
1257  goto bad;
1258 
1259  len = le32_to_cpu(buf[0]);
1260  len2 = le32_to_cpu(buf[1]);
1261  cladatum->value = le32_to_cpu(buf[2]);
1262 
1263  rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1264  if (rc)
1265  goto bad;
1266  cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1267  nel = le32_to_cpu(buf[4]);
1268 
1269  ncons = le32_to_cpu(buf[5]);
1270 
1271  rc = -ENOMEM;
1272  key = kmalloc(len + 1, GFP_KERNEL);
1273  if (!key)
1274  goto bad;
1275 
1276  rc = next_entry(key, fp, len);
1277  if (rc)
1278  goto bad;
1279  key[len] = '\0';
1280 
1281  if (len2) {
1282  rc = -ENOMEM;
1283  cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
1284  if (!cladatum->comkey)
1285  goto bad;
1286  rc = next_entry(cladatum->comkey, fp, len2);
1287  if (rc)
1288  goto bad;
1289  cladatum->comkey[len2] = '\0';
1290 
1291  rc = -EINVAL;
1292  cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
1293  if (!cladatum->comdatum) {
1294  printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey);
1295  goto bad;
1296  }
1297  }
1298  for (i = 0; i < nel; i++) {
1299  rc = perm_read(p, cladatum->permissions.table, fp);
1300  if (rc)
1301  goto bad;
1302  }
1303 
1304  rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1305  if (rc)
1306  goto bad;
1307 
1309  /* grab the validatetrans rules */
1310  rc = next_entry(buf, fp, sizeof(u32));
1311  if (rc)
1312  goto bad;
1313  ncons = le32_to_cpu(buf[0]);
1314  rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1315  if (rc)
1316  goto bad;
1317  }
1318 
1320  rc = next_entry(buf, fp, sizeof(u32) * 3);
1321  if (rc)
1322  goto bad;
1323 
1324  cladatum->default_user = le32_to_cpu(buf[0]);
1325  cladatum->default_role = le32_to_cpu(buf[1]);
1326  cladatum->default_range = le32_to_cpu(buf[2]);
1327  }
1328 
1330  rc = next_entry(buf, fp, sizeof(u32) * 1);
1331  if (rc)
1332  goto bad;
1333  cladatum->default_type = le32_to_cpu(buf[0]);
1334  }
1335 
1336  rc = hashtab_insert(h, key, cladatum);
1337  if (rc)
1338  goto bad;
1339 
1340  return 0;
1341 bad:
1342  cls_destroy(key, cladatum, NULL);
1343  return rc;
1344 }
1345 
1346 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1347 {
1348  char *key = NULL;
1349  struct role_datum *role;
1350  int rc, to_read = 2;
1351  __le32 buf[3];
1352  u32 len;
1353 
1354  rc = -ENOMEM;
1355  role = kzalloc(sizeof(*role), GFP_KERNEL);
1356  if (!role)
1357  goto bad;
1358 
1360  to_read = 3;
1361 
1362  rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1363  if (rc)
1364  goto bad;
1365 
1366  len = le32_to_cpu(buf[0]);
1367  role->value = le32_to_cpu(buf[1]);
1369  role->bounds = le32_to_cpu(buf[2]);
1370 
1371  rc = -ENOMEM;
1372  key = kmalloc(len + 1, GFP_KERNEL);
1373  if (!key)
1374  goto bad;
1375 
1376  rc = next_entry(key, fp, len);
1377  if (rc)
1378  goto bad;
1379  key[len] = '\0';
1380 
1381  rc = ebitmap_read(&role->dominates, fp);
1382  if (rc)
1383  goto bad;
1384 
1385  rc = ebitmap_read(&role->types, fp);
1386  if (rc)
1387  goto bad;
1388 
1389  if (strcmp(key, OBJECT_R) == 0) {
1390  rc = -EINVAL;
1391  if (role->value != OBJECT_R_VAL) {
1392  printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
1393  OBJECT_R, role->value);
1394  goto bad;
1395  }
1396  rc = 0;
1397  goto bad;
1398  }
1399 
1400  rc = hashtab_insert(h, key, role);
1401  if (rc)
1402  goto bad;
1403  return 0;
1404 bad:
1405  role_destroy(key, role, NULL);
1406  return rc;
1407 }
1408 
1409 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1410 {
1411  char *key = NULL;
1412  struct type_datum *typdatum;
1413  int rc, to_read = 3;
1414  __le32 buf[4];
1415  u32 len;
1416 
1417  rc = -ENOMEM;
1418  typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1419  if (!typdatum)
1420  goto bad;
1421 
1423  to_read = 4;
1424 
1425  rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1426  if (rc)
1427  goto bad;
1428 
1429  len = le32_to_cpu(buf[0]);
1430  typdatum->value = le32_to_cpu(buf[1]);
1432  u32 prop = le32_to_cpu(buf[2]);
1433 
1434  if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1435  typdatum->primary = 1;
1436  if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1437  typdatum->attribute = 1;
1438 
1439  typdatum->bounds = le32_to_cpu(buf[3]);
1440  } else {
1441  typdatum->primary = le32_to_cpu(buf[2]);
1442  }
1443 
1444  rc = -ENOMEM;
1445  key = kmalloc(len + 1, GFP_KERNEL);
1446  if (!key)
1447  goto bad;
1448  rc = next_entry(key, fp, len);
1449  if (rc)
1450  goto bad;
1451  key[len] = '\0';
1452 
1453  rc = hashtab_insert(h, key, typdatum);
1454  if (rc)
1455  goto bad;
1456  return 0;
1457 bad:
1458  type_destroy(key, typdatum, NULL);
1459  return rc;
1460 }
1461 
1462 
1463 /*
1464  * Read a MLS level structure from a policydb binary
1465  * representation file.
1466  */
1467 static int mls_read_level(struct mls_level *lp, void *fp)
1468 {
1469  __le32 buf[1];
1470  int rc;
1471 
1472  memset(lp, 0, sizeof(*lp));
1473 
1474  rc = next_entry(buf, fp, sizeof buf);
1475  if (rc) {
1476  printk(KERN_ERR "SELinux: mls: truncated level\n");
1477  return rc;
1478  }
1479  lp->sens = le32_to_cpu(buf[0]);
1480 
1481  rc = ebitmap_read(&lp->cat, fp);
1482  if (rc) {
1483  printk(KERN_ERR "SELinux: mls: error reading level categories\n");
1484  return rc;
1485  }
1486  return 0;
1487 }
1488 
1489 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1490 {
1491  char *key = NULL;
1492  struct user_datum *usrdatum;
1493  int rc, to_read = 2;
1494  __le32 buf[3];
1495  u32 len;
1496 
1497  rc = -ENOMEM;
1498  usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1499  if (!usrdatum)
1500  goto bad;
1501 
1503  to_read = 3;
1504 
1505  rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1506  if (rc)
1507  goto bad;
1508 
1509  len = le32_to_cpu(buf[0]);
1510  usrdatum->value = le32_to_cpu(buf[1]);
1512  usrdatum->bounds = le32_to_cpu(buf[2]);
1513 
1514  rc = -ENOMEM;
1515  key = kmalloc(len + 1, GFP_KERNEL);
1516  if (!key)
1517  goto bad;
1518  rc = next_entry(key, fp, len);
1519  if (rc)
1520  goto bad;
1521  key[len] = '\0';
1522 
1523  rc = ebitmap_read(&usrdatum->roles, fp);
1524  if (rc)
1525  goto bad;
1526 
1527  if (p->policyvers >= POLICYDB_VERSION_MLS) {
1528  rc = mls_read_range_helper(&usrdatum->range, fp);
1529  if (rc)
1530  goto bad;
1531  rc = mls_read_level(&usrdatum->dfltlevel, fp);
1532  if (rc)
1533  goto bad;
1534  }
1535 
1536  rc = hashtab_insert(h, key, usrdatum);
1537  if (rc)
1538  goto bad;
1539  return 0;
1540 bad:
1541  user_destroy(key, usrdatum, NULL);
1542  return rc;
1543 }
1544 
1545 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1546 {
1547  char *key = NULL;
1548  struct level_datum *levdatum;
1549  int rc;
1550  __le32 buf[2];
1551  u32 len;
1552 
1553  rc = -ENOMEM;
1554  levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1555  if (!levdatum)
1556  goto bad;
1557 
1558  rc = next_entry(buf, fp, sizeof buf);
1559  if (rc)
1560  goto bad;
1561 
1562  len = le32_to_cpu(buf[0]);
1563  levdatum->isalias = le32_to_cpu(buf[1]);
1564 
1565  rc = -ENOMEM;
1566  key = kmalloc(len + 1, GFP_ATOMIC);
1567  if (!key)
1568  goto bad;
1569  rc = next_entry(key, fp, len);
1570  if (rc)
1571  goto bad;
1572  key[len] = '\0';
1573 
1574  rc = -ENOMEM;
1575  levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1576  if (!levdatum->level)
1577  goto bad;
1578 
1579  rc = mls_read_level(levdatum->level, fp);
1580  if (rc)
1581  goto bad;
1582 
1583  rc = hashtab_insert(h, key, levdatum);
1584  if (rc)
1585  goto bad;
1586  return 0;
1587 bad:
1588  sens_destroy(key, levdatum, NULL);
1589  return rc;
1590 }
1591 
1592 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1593 {
1594  char *key = NULL;
1595  struct cat_datum *catdatum;
1596  int rc;
1597  __le32 buf[3];
1598  u32 len;
1599 
1600  rc = -ENOMEM;
1601  catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1602  if (!catdatum)
1603  goto bad;
1604 
1605  rc = next_entry(buf, fp, sizeof buf);
1606  if (rc)
1607  goto bad;
1608 
1609  len = le32_to_cpu(buf[0]);
1610  catdatum->value = le32_to_cpu(buf[1]);
1611  catdatum->isalias = le32_to_cpu(buf[2]);
1612 
1613  rc = -ENOMEM;
1614  key = kmalloc(len + 1, GFP_ATOMIC);
1615  if (!key)
1616  goto bad;
1617  rc = next_entry(key, fp, len);
1618  if (rc)
1619  goto bad;
1620  key[len] = '\0';
1621 
1622  rc = hashtab_insert(h, key, catdatum);
1623  if (rc)
1624  goto bad;
1625  return 0;
1626 bad:
1627  cat_destroy(key, catdatum, NULL);
1628  return rc;
1629 }
1630 
1631 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1632 {
1633  common_read,
1634  class_read,
1635  role_read,
1636  type_read,
1637  user_read,
1639  sens_read,
1640  cat_read,
1641 };
1642 
1643 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1644 {
1645  struct user_datum *upper, *user;
1646  struct policydb *p = datap;
1647  int depth = 0;
1648 
1649  upper = user = datum;
1650  while (upper->bounds) {
1651  struct ebitmap_node *node;
1652  unsigned long bit;
1653 
1654  if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1655  printk(KERN_ERR "SELinux: user %s: "
1656  "too deep or looped boundary",
1657  (char *) key);
1658  return -EINVAL;
1659  }
1660 
1661  upper = p->user_val_to_struct[upper->bounds - 1];
1662  ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1663  if (ebitmap_get_bit(&upper->roles, bit))
1664  continue;
1665 
1667  "SELinux: boundary violated policy: "
1668  "user=%s role=%s bounds=%s\n",
1669  sym_name(p, SYM_USERS, user->value - 1),
1670  sym_name(p, SYM_ROLES, bit),
1671  sym_name(p, SYM_USERS, upper->value - 1));
1672 
1673  return -EINVAL;
1674  }
1675  }
1676 
1677  return 0;
1678 }
1679 
1680 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1681 {
1682  struct role_datum *upper, *role;
1683  struct policydb *p = datap;
1684  int depth = 0;
1685 
1686  upper = role = datum;
1687  while (upper->bounds) {
1688  struct ebitmap_node *node;
1689  unsigned long bit;
1690 
1691  if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1692  printk(KERN_ERR "SELinux: role %s: "
1693  "too deep or looped bounds\n",
1694  (char *) key);
1695  return -EINVAL;
1696  }
1697 
1698  upper = p->role_val_to_struct[upper->bounds - 1];
1699  ebitmap_for_each_positive_bit(&role->types, node, bit) {
1700  if (ebitmap_get_bit(&upper->types, bit))
1701  continue;
1702 
1704  "SELinux: boundary violated policy: "
1705  "role=%s type=%s bounds=%s\n",
1706  sym_name(p, SYM_ROLES, role->value - 1),
1707  sym_name(p, SYM_TYPES, bit),
1708  sym_name(p, SYM_ROLES, upper->value - 1));
1709 
1710  return -EINVAL;
1711  }
1712  }
1713 
1714  return 0;
1715 }
1716 
1717 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1718 {
1719  struct type_datum *upper;
1720  struct policydb *p = datap;
1721  int depth = 0;
1722 
1723  upper = datum;
1724  while (upper->bounds) {
1725  if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1726  printk(KERN_ERR "SELinux: type %s: "
1727  "too deep or looped boundary\n",
1728  (char *) key);
1729  return -EINVAL;
1730  }
1731 
1733  upper->bounds - 1);
1734  BUG_ON(!upper);
1735 
1736  if (upper->attribute) {
1737  printk(KERN_ERR "SELinux: type %s: "
1738  "bounded by attribute %s",
1739  (char *) key,
1740  sym_name(p, SYM_TYPES, upper->value - 1));
1741  return -EINVAL;
1742  }
1743  }
1744 
1745  return 0;
1746 }
1747 
1748 static int policydb_bounds_sanity_check(struct policydb *p)
1749 {
1750  int rc;
1751 
1753  return 0;
1754 
1755  rc = hashtab_map(p->p_users.table,
1756  user_bounds_sanity_check, p);
1757  if (rc)
1758  return rc;
1759 
1760  rc = hashtab_map(p->p_roles.table,
1761  role_bounds_sanity_check, p);
1762  if (rc)
1763  return rc;
1764 
1765  rc = hashtab_map(p->p_types.table,
1766  type_bounds_sanity_check, p);
1767  if (rc)
1768  return rc;
1769 
1770  return 0;
1771 }
1772 
1774 {
1775  struct class_datum *cladatum;
1776 
1777  cladatum = hashtab_search(p->p_classes.table, name);
1778  if (!cladatum)
1779  return 0;
1780 
1781  return cladatum->value;
1782 }
1783 
1784 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1785 {
1786  struct class_datum *cladatum;
1787  struct perm_datum *perdatum = NULL;
1788  struct common_datum *comdatum;
1789 
1790  if (!tclass || tclass > p->p_classes.nprim)
1791  return 0;
1792 
1793  cladatum = p->class_val_to_struct[tclass-1];
1794  comdatum = cladatum->comdatum;
1795  if (comdatum)
1796  perdatum = hashtab_search(comdatum->permissions.table,
1797  name);
1798  if (!perdatum)
1799  perdatum = hashtab_search(cladatum->permissions.table,
1800  name);
1801  if (!perdatum)
1802  return 0;
1803 
1804  return 1U << (perdatum->value-1);
1805 }
1806 
1807 static int range_read(struct policydb *p, void *fp)
1808 {
1809  struct range_trans *rt = NULL;
1810  struct mls_range *r = NULL;
1811  int i, rc;
1812  __le32 buf[2];
1813  u32 nel;
1814 
1816  return 0;
1817 
1818  rc = next_entry(buf, fp, sizeof(u32));
1819  if (rc)
1820  goto out;
1821 
1822  nel = le32_to_cpu(buf[0]);
1823  for (i = 0; i < nel; i++) {
1824  rc = -ENOMEM;
1825  rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1826  if (!rt)
1827  goto out;
1828 
1829  rc = next_entry(buf, fp, (sizeof(u32) * 2));
1830  if (rc)
1831  goto out;
1832 
1833  rt->source_type = le32_to_cpu(buf[0]);
1834  rt->target_type = le32_to_cpu(buf[1]);
1836  rc = next_entry(buf, fp, sizeof(u32));
1837  if (rc)
1838  goto out;
1839  rt->target_class = le32_to_cpu(buf[0]);
1840  } else
1841  rt->target_class = p->process_class;
1842 
1843  rc = -EINVAL;
1844  if (!policydb_type_isvalid(p, rt->source_type) ||
1847  goto out;
1848 
1849  rc = -ENOMEM;
1850  r = kzalloc(sizeof(*r), GFP_KERNEL);
1851  if (!r)
1852  goto out;
1853 
1854  rc = mls_read_range_helper(r, fp);
1855  if (rc)
1856  goto out;
1857 
1858  rc = -EINVAL;
1859  if (!mls_range_isvalid(p, r)) {
1860  printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
1861  goto out;
1862  }
1863 
1864  rc = hashtab_insert(p->range_tr, rt, r);
1865  if (rc)
1866  goto out;
1867 
1868  rt = NULL;
1869  r = NULL;
1870  }
1871  hash_eval(p->range_tr, "rangetr");
1872  rc = 0;
1873 out:
1874  kfree(rt);
1875  kfree(r);
1876  return rc;
1877 }
1878 
1879 static int filename_trans_read(struct policydb *p, void *fp)
1880 {
1881  struct filename_trans *ft;
1882  struct filename_trans_datum *otype;
1883  char *name;
1884  u32 nel, len;
1885  __le32 buf[4];
1886  int rc, i;
1887 
1889  return 0;
1890 
1891  rc = next_entry(buf, fp, sizeof(u32));
1892  if (rc)
1893  return rc;
1894  nel = le32_to_cpu(buf[0]);
1895 
1896  for (i = 0; i < nel; i++) {
1897  ft = NULL;
1898  otype = NULL;
1899  name = NULL;
1900 
1901  rc = -ENOMEM;
1902  ft = kzalloc(sizeof(*ft), GFP_KERNEL);
1903  if (!ft)
1904  goto out;
1905 
1906  rc = -ENOMEM;
1907  otype = kmalloc(sizeof(*otype), GFP_KERNEL);
1908  if (!otype)
1909  goto out;
1910 
1911  /* length of the path component string */
1912  rc = next_entry(buf, fp, sizeof(u32));
1913  if (rc)
1914  goto out;
1915  len = le32_to_cpu(buf[0]);
1916 
1917  rc = -ENOMEM;
1918  name = kmalloc(len + 1, GFP_KERNEL);
1919  if (!name)
1920  goto out;
1921 
1922  ft->name = name;
1923 
1924  /* path component string */
1925  rc = next_entry(name, fp, len);
1926  if (rc)
1927  goto out;
1928  name[len] = 0;
1929 
1930  rc = next_entry(buf, fp, sizeof(u32) * 4);
1931  if (rc)
1932  goto out;
1933 
1934  ft->stype = le32_to_cpu(buf[0]);
1935  ft->ttype = le32_to_cpu(buf[1]);
1936  ft->tclass = le32_to_cpu(buf[2]);
1937 
1938  otype->otype = le32_to_cpu(buf[3]);
1939 
1940  rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1);
1941  if (rc)
1942  goto out;
1943 
1944  hashtab_insert(p->filename_trans, ft, otype);
1945  }
1946  hash_eval(p->filename_trans, "filenametr");
1947  return 0;
1948 out:
1949  kfree(ft);
1950  kfree(name);
1951  kfree(otype);
1952 
1953  return rc;
1954 }
1955 
1956 static int genfs_read(struct policydb *p, void *fp)
1957 {
1958  int i, j, rc;
1959  u32 nel, nel2, len, len2;
1960  __le32 buf[1];
1961  struct ocontext *l, *c;
1962  struct ocontext *newc = NULL;
1963  struct genfs *genfs_p, *genfs;
1964  struct genfs *newgenfs = NULL;
1965 
1966  rc = next_entry(buf, fp, sizeof(u32));
1967  if (rc)
1968  goto out;
1969  nel = le32_to_cpu(buf[0]);
1970 
1971  for (i = 0; i < nel; i++) {
1972  rc = next_entry(buf, fp, sizeof(u32));
1973  if (rc)
1974  goto out;
1975  len = le32_to_cpu(buf[0]);
1976 
1977  rc = -ENOMEM;
1978  newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1979  if (!newgenfs)
1980  goto out;
1981 
1982  rc = -ENOMEM;
1983  newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL);
1984  if (!newgenfs->fstype)
1985  goto out;
1986 
1987  rc = next_entry(newgenfs->fstype, fp, len);
1988  if (rc)
1989  goto out;
1990 
1991  newgenfs->fstype[len] = 0;
1992 
1993  for (genfs_p = NULL, genfs = p->genfs; genfs;
1994  genfs_p = genfs, genfs = genfs->next) {
1995  rc = -EINVAL;
1996  if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1997  printk(KERN_ERR "SELinux: dup genfs fstype %s\n",
1998  newgenfs->fstype);
1999  goto out;
2000  }
2001  if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2002  break;
2003  }
2004  newgenfs->next = genfs;
2005  if (genfs_p)
2006  genfs_p->next = newgenfs;
2007  else
2008  p->genfs = newgenfs;
2009  genfs = newgenfs;
2010  newgenfs = NULL;
2011 
2012  rc = next_entry(buf, fp, sizeof(u32));
2013  if (rc)
2014  goto out;
2015 
2016  nel2 = le32_to_cpu(buf[0]);
2017  for (j = 0; j < nel2; j++) {
2018  rc = next_entry(buf, fp, sizeof(u32));
2019  if (rc)
2020  goto out;
2021  len = le32_to_cpu(buf[0]);
2022 
2023  rc = -ENOMEM;
2024  newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2025  if (!newc)
2026  goto out;
2027 
2028  rc = -ENOMEM;
2029  newc->u.name = kmalloc(len + 1, GFP_KERNEL);
2030  if (!newc->u.name)
2031  goto out;
2032 
2033  rc = next_entry(newc->u.name, fp, len);
2034  if (rc)
2035  goto out;
2036  newc->u.name[len] = 0;
2037 
2038  rc = next_entry(buf, fp, sizeof(u32));
2039  if (rc)
2040  goto out;
2041 
2042  newc->v.sclass = le32_to_cpu(buf[0]);
2043  rc = context_read_and_validate(&newc->context[0], p, fp);
2044  if (rc)
2045  goto out;
2046 
2047  for (l = NULL, c = genfs->head; c;
2048  l = c, c = c->next) {
2049  rc = -EINVAL;
2050  if (!strcmp(newc->u.name, c->u.name) &&
2051  (!c->v.sclass || !newc->v.sclass ||
2052  newc->v.sclass == c->v.sclass)) {
2053  printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n",
2054  genfs->fstype, c->u.name);
2055  goto out;
2056  }
2057  len = strlen(newc->u.name);
2058  len2 = strlen(c->u.name);
2059  if (len > len2)
2060  break;
2061  }
2062 
2063  newc->next = c;
2064  if (l)
2065  l->next = newc;
2066  else
2067  genfs->head = newc;
2068  newc = NULL;
2069  }
2070  }
2071  rc = 0;
2072 out:
2073  if (newgenfs)
2074  kfree(newgenfs->fstype);
2075  kfree(newgenfs);
2076  ocontext_destroy(newc, OCON_FSUSE);
2077 
2078  return rc;
2079 }
2080 
2081 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
2082  void *fp)
2083 {
2084  int i, j, rc;
2085  u32 nel, len;
2086  __le32 buf[3];
2087  struct ocontext *l, *c;
2088  u32 nodebuf[8];
2089 
2090  for (i = 0; i < info->ocon_num; i++) {
2091  rc = next_entry(buf, fp, sizeof(u32));
2092  if (rc)
2093  goto out;
2094  nel = le32_to_cpu(buf[0]);
2095 
2096  l = NULL;
2097  for (j = 0; j < nel; j++) {
2098  rc = -ENOMEM;
2099  c = kzalloc(sizeof(*c), GFP_KERNEL);
2100  if (!c)
2101  goto out;
2102  if (l)
2103  l->next = c;
2104  else
2105  p->ocontexts[i] = c;
2106  l = c;
2107 
2108  switch (i) {
2109  case OCON_ISID:
2110  rc = next_entry(buf, fp, sizeof(u32));
2111  if (rc)
2112  goto out;
2113 
2114  c->sid[0] = le32_to_cpu(buf[0]);
2115  rc = context_read_and_validate(&c->context[0], p, fp);
2116  if (rc)
2117  goto out;
2118  break;
2119  case OCON_FS:
2120  case OCON_NETIF:
2121  rc = next_entry(buf, fp, sizeof(u32));
2122  if (rc)
2123  goto out;
2124  len = le32_to_cpu(buf[0]);
2125 
2126  rc = -ENOMEM;
2127  c->u.name = kmalloc(len + 1, GFP_KERNEL);
2128  if (!c->u.name)
2129  goto out;
2130 
2131  rc = next_entry(c->u.name, fp, len);
2132  if (rc)
2133  goto out;
2134 
2135  c->u.name[len] = 0;
2136  rc = context_read_and_validate(&c->context[0], p, fp);
2137  if (rc)
2138  goto out;
2139  rc = context_read_and_validate(&c->context[1], p, fp);
2140  if (rc)
2141  goto out;
2142  break;
2143  case OCON_PORT:
2144  rc = next_entry(buf, fp, sizeof(u32)*3);
2145  if (rc)
2146  goto out;
2147  c->u.port.protocol = le32_to_cpu(buf[0]);
2148  c->u.port.low_port = le32_to_cpu(buf[1]);
2149  c->u.port.high_port = le32_to_cpu(buf[2]);
2150  rc = context_read_and_validate(&c->context[0], p, fp);
2151  if (rc)
2152  goto out;
2153  break;
2154  case OCON_NODE:
2155  rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2156  if (rc)
2157  goto out;
2158  c->u.node.addr = nodebuf[0]; /* network order */
2159  c->u.node.mask = nodebuf[1]; /* network order */
2160  rc = context_read_and_validate(&c->context[0], p, fp);
2161  if (rc)
2162  goto out;
2163  break;
2164  case OCON_FSUSE:
2165  rc = next_entry(buf, fp, sizeof(u32)*2);
2166  if (rc)
2167  goto out;
2168 
2169  rc = -EINVAL;
2170  c->v.behavior = le32_to_cpu(buf[0]);
2171  if (c->v.behavior > SECURITY_FS_USE_NONE)
2172  goto out;
2173 
2174  rc = -ENOMEM;
2175  len = le32_to_cpu(buf[1]);
2176  c->u.name = kmalloc(len + 1, GFP_KERNEL);
2177  if (!c->u.name)
2178  goto out;
2179 
2180  rc = next_entry(c->u.name, fp, len);
2181  if (rc)
2182  goto out;
2183  c->u.name[len] = 0;
2184  rc = context_read_and_validate(&c->context[0], p, fp);
2185  if (rc)
2186  goto out;
2187  break;
2188  case OCON_NODE6: {
2189  int k;
2190 
2191  rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2192  if (rc)
2193  goto out;
2194  for (k = 0; k < 4; k++)
2195  c->u.node6.addr[k] = nodebuf[k];
2196  for (k = 0; k < 4; k++)
2197  c->u.node6.mask[k] = nodebuf[k+4];
2198  rc = context_read_and_validate(&c->context[0], p, fp);
2199  if (rc)
2200  goto out;
2201  break;
2202  }
2203  }
2204  }
2205  }
2206  rc = 0;
2207 out:
2208  return rc;
2209 }
2210 
2211 /*
2212  * Read the configuration data from a policy database binary
2213  * representation file into a policy database structure.
2214  */
2215 int policydb_read(struct policydb *p, void *fp)
2216 {
2217  struct role_allow *ra, *lra;
2218  struct role_trans *tr, *ltr;
2219  int i, j, rc;
2220  __le32 buf[4];
2221  u32 len, nprim, nel;
2222 
2223  char *policydb_str;
2224  struct policydb_compat_info *info;
2225 
2226  rc = policydb_init(p);
2227  if (rc)
2228  return rc;
2229 
2230  /* Read the magic number and string length. */
2231  rc = next_entry(buf, fp, sizeof(u32) * 2);
2232  if (rc)
2233  goto bad;
2234 
2235  rc = -EINVAL;
2236  if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2237  printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
2238  "not match expected magic number 0x%x\n",
2239  le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2240  goto bad;
2241  }
2242 
2243  rc = -EINVAL;
2244  len = le32_to_cpu(buf[1]);
2245  if (len != strlen(POLICYDB_STRING)) {
2246  printk(KERN_ERR "SELinux: policydb string length %d does not "
2247  "match expected length %Zu\n",
2248  len, strlen(POLICYDB_STRING));
2249  goto bad;
2250  }
2251 
2252  rc = -ENOMEM;
2253  policydb_str = kmalloc(len + 1, GFP_KERNEL);
2254  if (!policydb_str) {
2255  printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
2256  "string of length %d\n", len);
2257  goto bad;
2258  }
2259 
2260  rc = next_entry(policydb_str, fp, len);
2261  if (rc) {
2262  printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
2263  kfree(policydb_str);
2264  goto bad;
2265  }
2266 
2267  rc = -EINVAL;
2268  policydb_str[len] = '\0';
2269  if (strcmp(policydb_str, POLICYDB_STRING)) {
2270  printk(KERN_ERR "SELinux: policydb string %s does not match "
2271  "my string %s\n", policydb_str, POLICYDB_STRING);
2272  kfree(policydb_str);
2273  goto bad;
2274  }
2275  /* Done with policydb_str. */
2276  kfree(policydb_str);
2277  policydb_str = NULL;
2278 
2279  /* Read the version and table sizes. */
2280  rc = next_entry(buf, fp, sizeof(u32)*4);
2281  if (rc)
2282  goto bad;
2283 
2284  rc = -EINVAL;
2285  p->policyvers = le32_to_cpu(buf[0]);
2286  if (p->policyvers < POLICYDB_VERSION_MIN ||
2288  printk(KERN_ERR "SELinux: policydb version %d does not match "
2289  "my version range %d-%d\n",
2291  goto bad;
2292  }
2293 
2294  if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2295  p->mls_enabled = 1;
2296 
2297  rc = -EINVAL;
2298  if (p->policyvers < POLICYDB_VERSION_MLS) {
2299  printk(KERN_ERR "SELinux: security policydb version %d "
2300  "(MLS) not backwards compatible\n",
2301  p->policyvers);
2302  goto bad;
2303  }
2304  }
2305  p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2306  p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2307 
2308  if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2309  rc = ebitmap_read(&p->policycaps, fp);
2310  if (rc)
2311  goto bad;
2312  }
2313 
2315  rc = ebitmap_read(&p->permissive_map, fp);
2316  if (rc)
2317  goto bad;
2318  }
2319 
2320  rc = -EINVAL;
2321  info = policydb_lookup_compat(p->policyvers);
2322  if (!info) {
2323  printk(KERN_ERR "SELinux: unable to find policy compat info "
2324  "for version %d\n", p->policyvers);
2325  goto bad;
2326  }
2327 
2328  rc = -EINVAL;
2329  if (le32_to_cpu(buf[2]) != info->sym_num ||
2330  le32_to_cpu(buf[3]) != info->ocon_num) {
2331  printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
2332  "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2333  le32_to_cpu(buf[3]),
2334  info->sym_num, info->ocon_num);
2335  goto bad;
2336  }
2337 
2338  for (i = 0; i < info->sym_num; i++) {
2339  rc = next_entry(buf, fp, sizeof(u32)*2);
2340  if (rc)
2341  goto bad;
2342  nprim = le32_to_cpu(buf[0]);
2343  nel = le32_to_cpu(buf[1]);
2344  for (j = 0; j < nel; j++) {
2345  rc = read_f[i](p, p->symtab[i].table, fp);
2346  if (rc)
2347  goto bad;
2348  }
2349 
2350  p->symtab[i].nprim = nprim;
2351  }
2352 
2353  rc = -EINVAL;
2354  p->process_class = string_to_security_class(p, "process");
2355  if (!p->process_class)
2356  goto bad;
2357 
2358  rc = avtab_read(&p->te_avtab, fp, p);
2359  if (rc)
2360  goto bad;
2361 
2362  if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2363  rc = cond_read_list(p, fp);
2364  if (rc)
2365  goto bad;
2366  }
2367 
2368  rc = next_entry(buf, fp, sizeof(u32));
2369  if (rc)
2370  goto bad;
2371  nel = le32_to_cpu(buf[0]);
2372  ltr = NULL;
2373  for (i = 0; i < nel; i++) {
2374  rc = -ENOMEM;
2375  tr = kzalloc(sizeof(*tr), GFP_KERNEL);
2376  if (!tr)
2377  goto bad;
2378  if (ltr)
2379  ltr->next = tr;
2380  else
2381  p->role_tr = tr;
2382  rc = next_entry(buf, fp, sizeof(u32)*3);
2383  if (rc)
2384  goto bad;
2385 
2386  rc = -EINVAL;
2387  tr->role = le32_to_cpu(buf[0]);
2388  tr->type = le32_to_cpu(buf[1]);
2389  tr->new_role = le32_to_cpu(buf[2]);
2391  rc = next_entry(buf, fp, sizeof(u32));
2392  if (rc)
2393  goto bad;
2394  tr->tclass = le32_to_cpu(buf[0]);
2395  } else
2396  tr->tclass = p->process_class;
2397 
2398  if (!policydb_role_isvalid(p, tr->role) ||
2399  !policydb_type_isvalid(p, tr->type) ||
2400  !policydb_class_isvalid(p, tr->tclass) ||
2402  goto bad;
2403  ltr = tr;
2404  }
2405 
2406  rc = next_entry(buf, fp, sizeof(u32));
2407  if (rc)
2408  goto bad;
2409  nel = le32_to_cpu(buf[0]);
2410  lra = NULL;
2411  for (i = 0; i < nel; i++) {
2412  rc = -ENOMEM;
2413  ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2414  if (!ra)
2415  goto bad;
2416  if (lra)
2417  lra->next = ra;
2418  else
2419  p->role_allow = ra;
2420  rc = next_entry(buf, fp, sizeof(u32)*2);
2421  if (rc)
2422  goto bad;
2423 
2424  rc = -EINVAL;
2425  ra->role = le32_to_cpu(buf[0]);
2426  ra->new_role = le32_to_cpu(buf[1]);
2427  if (!policydb_role_isvalid(p, ra->role) ||
2429  goto bad;
2430  lra = ra;
2431  }
2432 
2433  rc = filename_trans_read(p, fp);
2434  if (rc)
2435  goto bad;
2436 
2437  rc = policydb_index(p);
2438  if (rc)
2439  goto bad;
2440 
2441  rc = -EINVAL;
2442  p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
2443  p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
2444  if (!p->process_trans_perms)
2445  goto bad;
2446 
2447  rc = ocontext_read(p, info, fp);
2448  if (rc)
2449  goto bad;
2450 
2451  rc = genfs_read(p, fp);
2452  if (rc)
2453  goto bad;
2454 
2455  rc = range_read(p, fp);
2456  if (rc)
2457  goto bad;
2458 
2459  rc = -ENOMEM;
2460  p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap),
2461  p->p_types.nprim,
2463  if (!p->type_attr_map_array)
2464  goto bad;
2465 
2466  /* preallocate so we don't have to worry about the put ever failing */
2467  rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim,
2469  if (rc)
2470  goto bad;
2471 
2472  for (i = 0; i < p->p_types.nprim; i++) {
2473  struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
2474 
2475  BUG_ON(!e);
2476  ebitmap_init(e);
2477  if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2478  rc = ebitmap_read(e, fp);
2479  if (rc)
2480  goto bad;
2481  }
2482  /* add the type itself as the degenerate case */
2483  rc = ebitmap_set_bit(e, i, 1);
2484  if (rc)
2485  goto bad;
2486  }
2487 
2488  rc = policydb_bounds_sanity_check(p);
2489  if (rc)
2490  goto bad;
2491 
2492  rc = 0;
2493 out:
2494  return rc;
2495 bad:
2496  policydb_destroy(p);
2497  goto out;
2498 }
2499 
2500 /*
2501  * Write a MLS level structure to a policydb binary
2502  * representation file.
2503  */
2504 static int mls_write_level(struct mls_level *l, void *fp)
2505 {
2506  __le32 buf[1];
2507  int rc;
2508 
2509  buf[0] = cpu_to_le32(l->sens);
2510  rc = put_entry(buf, sizeof(u32), 1, fp);
2511  if (rc)
2512  return rc;
2513 
2514  rc = ebitmap_write(&l->cat, fp);
2515  if (rc)
2516  return rc;
2517 
2518  return 0;
2519 }
2520 
2521 /*
2522  * Write a MLS range structure to a policydb binary
2523  * representation file.
2524  */
2525 static int mls_write_range_helper(struct mls_range *r, void *fp)
2526 {
2527  __le32 buf[3];
2528  size_t items;
2529  int rc, eq;
2530 
2531  eq = mls_level_eq(&r->level[1], &r->level[0]);
2532 
2533  if (eq)
2534  items = 2;
2535  else
2536  items = 3;
2537  buf[0] = cpu_to_le32(items-1);
2538  buf[1] = cpu_to_le32(r->level[0].sens);
2539  if (!eq)
2540  buf[2] = cpu_to_le32(r->level[1].sens);
2541 
2542  BUG_ON(items > (sizeof(buf)/sizeof(buf[0])));
2543 
2544  rc = put_entry(buf, sizeof(u32), items, fp);
2545  if (rc)
2546  return rc;
2547 
2548  rc = ebitmap_write(&r->level[0].cat, fp);
2549  if (rc)
2550  return rc;
2551  if (!eq) {
2552  rc = ebitmap_write(&r->level[1].cat, fp);
2553  if (rc)
2554  return rc;
2555  }
2556 
2557  return 0;
2558 }
2559 
2560 static int sens_write(void *vkey, void *datum, void *ptr)
2561 {
2562  char *key = vkey;
2563  struct level_datum *levdatum = datum;
2564  struct policy_data *pd = ptr;
2565  void *fp = pd->fp;
2566  __le32 buf[2];
2567  size_t len;
2568  int rc;
2569 
2570  len = strlen(key);
2571  buf[0] = cpu_to_le32(len);
2572  buf[1] = cpu_to_le32(levdatum->isalias);
2573  rc = put_entry(buf, sizeof(u32), 2, fp);
2574  if (rc)
2575  return rc;
2576 
2577  rc = put_entry(key, 1, len, fp);
2578  if (rc)
2579  return rc;
2580 
2581  rc = mls_write_level(levdatum->level, fp);
2582  if (rc)
2583  return rc;
2584 
2585  return 0;
2586 }
2587 
2588 static int cat_write(void *vkey, void *datum, void *ptr)
2589 {
2590  char *key = vkey;
2591  struct cat_datum *catdatum = datum;
2592  struct policy_data *pd = ptr;
2593  void *fp = pd->fp;
2594  __le32 buf[3];
2595  size_t len;
2596  int rc;
2597 
2598  len = strlen(key);
2599  buf[0] = cpu_to_le32(len);
2600  buf[1] = cpu_to_le32(catdatum->value);
2601  buf[2] = cpu_to_le32(catdatum->isalias);
2602  rc = put_entry(buf, sizeof(u32), 3, fp);
2603  if (rc)
2604  return rc;
2605 
2606  rc = put_entry(key, 1, len, fp);
2607  if (rc)
2608  return rc;
2609 
2610  return 0;
2611 }
2612 
2613 static int role_trans_write(struct policydb *p, void *fp)
2614 {
2615  struct role_trans *r = p->role_tr;
2616  struct role_trans *tr;
2617  u32 buf[3];
2618  size_t nel;
2619  int rc;
2620 
2621  nel = 0;
2622  for (tr = r; tr; tr = tr->next)
2623  nel++;
2624  buf[0] = cpu_to_le32(nel);
2625  rc = put_entry(buf, sizeof(u32), 1, fp);
2626  if (rc)
2627  return rc;
2628  for (tr = r; tr; tr = tr->next) {
2629  buf[0] = cpu_to_le32(tr->role);
2630  buf[1] = cpu_to_le32(tr->type);
2631  buf[2] = cpu_to_le32(tr->new_role);
2632  rc = put_entry(buf, sizeof(u32), 3, fp);
2633  if (rc)
2634  return rc;
2636  buf[0] = cpu_to_le32(tr->tclass);
2637  rc = put_entry(buf, sizeof(u32), 1, fp);
2638  if (rc)
2639  return rc;
2640  }
2641  }
2642 
2643  return 0;
2644 }
2645 
2646 static int role_allow_write(struct role_allow *r, void *fp)
2647 {
2648  struct role_allow *ra;
2649  u32 buf[2];
2650  size_t nel;
2651  int rc;
2652 
2653  nel = 0;
2654  for (ra = r; ra; ra = ra->next)
2655  nel++;
2656  buf[0] = cpu_to_le32(nel);
2657  rc = put_entry(buf, sizeof(u32), 1, fp);
2658  if (rc)
2659  return rc;
2660  for (ra = r; ra; ra = ra->next) {
2661  buf[0] = cpu_to_le32(ra->role);
2662  buf[1] = cpu_to_le32(ra->new_role);
2663  rc = put_entry(buf, sizeof(u32), 2, fp);
2664  if (rc)
2665  return rc;
2666  }
2667  return 0;
2668 }
2669 
2670 /*
2671  * Write a security context structure
2672  * to a policydb binary representation file.
2673  */
2674 static int context_write(struct policydb *p, struct context *c,
2675  void *fp)
2676 {
2677  int rc;
2678  __le32 buf[3];
2679 
2680  buf[0] = cpu_to_le32(c->user);
2681  buf[1] = cpu_to_le32(c->role);
2682  buf[2] = cpu_to_le32(c->type);
2683 
2684  rc = put_entry(buf, sizeof(u32), 3, fp);
2685  if (rc)
2686  return rc;
2687 
2688  rc = mls_write_range_helper(&c->range, fp);
2689  if (rc)
2690  return rc;
2691 
2692  return 0;
2693 }
2694 
2695 /*
2696  * The following *_write functions are used to
2697  * write the symbol data to a policy database
2698  * binary representation file.
2699  */
2700 
2701 static int perm_write(void *vkey, void *datum, void *fp)
2702 {
2703  char *key = vkey;
2704  struct perm_datum *perdatum = datum;
2705  __le32 buf[2];
2706  size_t len;
2707  int rc;
2708 
2709  len = strlen(key);
2710  buf[0] = cpu_to_le32(len);
2711  buf[1] = cpu_to_le32(perdatum->value);
2712  rc = put_entry(buf, sizeof(u32), 2, fp);
2713  if (rc)
2714  return rc;
2715 
2716  rc = put_entry(key, 1, len, fp);
2717  if (rc)
2718  return rc;
2719 
2720  return 0;
2721 }
2722 
2723 static int common_write(void *vkey, void *datum, void *ptr)
2724 {
2725  char *key = vkey;
2726  struct common_datum *comdatum = datum;
2727  struct policy_data *pd = ptr;
2728  void *fp = pd->fp;
2729  __le32 buf[4];
2730  size_t len;
2731  int rc;
2732 
2733  len = strlen(key);
2734  buf[0] = cpu_to_le32(len);
2735  buf[1] = cpu_to_le32(comdatum->value);
2736  buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2737  buf[3] = cpu_to_le32(comdatum->permissions.table->nel);
2738  rc = put_entry(buf, sizeof(u32), 4, fp);
2739  if (rc)
2740  return rc;
2741 
2742  rc = put_entry(key, 1, len, fp);
2743  if (rc)
2744  return rc;
2745 
2746  rc = hashtab_map(comdatum->permissions.table, perm_write, fp);
2747  if (rc)
2748  return rc;
2749 
2750  return 0;
2751 }
2752 
2753 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2754  void *fp)
2755 {
2756  struct constraint_node *c;
2757  struct constraint_expr *e;
2758  __le32 buf[3];
2759  u32 nel;
2760  int rc;
2761 
2762  for (c = node; c; c = c->next) {
2763  nel = 0;
2764  for (e = c->expr; e; e = e->next)
2765  nel++;
2766  buf[0] = cpu_to_le32(c->permissions);
2767  buf[1] = cpu_to_le32(nel);
2768  rc = put_entry(buf, sizeof(u32), 2, fp);
2769  if (rc)
2770  return rc;
2771  for (e = c->expr; e; e = e->next) {
2772  buf[0] = cpu_to_le32(e->expr_type);
2773  buf[1] = cpu_to_le32(e->attr);
2774  buf[2] = cpu_to_le32(e->op);
2775  rc = put_entry(buf, sizeof(u32), 3, fp);
2776  if (rc)
2777  return rc;
2778 
2779  switch (e->expr_type) {
2780  case CEXPR_NAMES:
2781  rc = ebitmap_write(&e->names, fp);
2782  if (rc)
2783  return rc;
2784  break;
2785  default:
2786  break;
2787  }
2788  }
2789  }
2790 
2791  return 0;
2792 }
2793 
2794 static int class_write(void *vkey, void *datum, void *ptr)
2795 {
2796  char *key = vkey;
2797  struct class_datum *cladatum = datum;
2798  struct policy_data *pd = ptr;
2799  void *fp = pd->fp;
2800  struct policydb *p = pd->p;
2801  struct constraint_node *c;
2802  __le32 buf[6];
2803  u32 ncons;
2804  size_t len, len2;
2805  int rc;
2806 
2807  len = strlen(key);
2808  if (cladatum->comkey)
2809  len2 = strlen(cladatum->comkey);
2810  else
2811  len2 = 0;
2812 
2813  ncons = 0;
2814  for (c = cladatum->constraints; c; c = c->next)
2815  ncons++;
2816 
2817  buf[0] = cpu_to_le32(len);
2818  buf[1] = cpu_to_le32(len2);
2819  buf[2] = cpu_to_le32(cladatum->value);
2820  buf[3] = cpu_to_le32(cladatum->permissions.nprim);
2821  if (cladatum->permissions.table)
2822  buf[4] = cpu_to_le32(cladatum->permissions.table->nel);
2823  else
2824  buf[4] = 0;
2825  buf[5] = cpu_to_le32(ncons);
2826  rc = put_entry(buf, sizeof(u32), 6, fp);
2827  if (rc)
2828  return rc;
2829 
2830  rc = put_entry(key, 1, len, fp);
2831  if (rc)
2832  return rc;
2833 
2834  if (cladatum->comkey) {
2835  rc = put_entry(cladatum->comkey, 1, len2, fp);
2836  if (rc)
2837  return rc;
2838  }
2839 
2840  rc = hashtab_map(cladatum->permissions.table, perm_write, fp);
2841  if (rc)
2842  return rc;
2843 
2844  rc = write_cons_helper(p, cladatum->constraints, fp);
2845  if (rc)
2846  return rc;
2847 
2848  /* write out the validatetrans rule */
2849  ncons = 0;
2850  for (c = cladatum->validatetrans; c; c = c->next)
2851  ncons++;
2852 
2853  buf[0] = cpu_to_le32(ncons);
2854  rc = put_entry(buf, sizeof(u32), 1, fp);
2855  if (rc)
2856  return rc;
2857 
2858  rc = write_cons_helper(p, cladatum->validatetrans, fp);
2859  if (rc)
2860  return rc;
2861 
2863  buf[0] = cpu_to_le32(cladatum->default_user);
2864  buf[1] = cpu_to_le32(cladatum->default_role);
2865  buf[2] = cpu_to_le32(cladatum->default_range);
2866 
2867  rc = put_entry(buf, sizeof(uint32_t), 3, fp);
2868  if (rc)
2869  return rc;
2870  }
2871 
2873  buf[0] = cpu_to_le32(cladatum->default_type);
2874  rc = put_entry(buf, sizeof(uint32_t), 1, fp);
2875  if (rc)
2876  return rc;
2877  }
2878 
2879  return 0;
2880 }
2881 
2882 static int role_write(void *vkey, void *datum, void *ptr)
2883 {
2884  char *key = vkey;
2885  struct role_datum *role = datum;
2886  struct policy_data *pd = ptr;
2887  void *fp = pd->fp;
2888  struct policydb *p = pd->p;
2889  __le32 buf[3];
2890  size_t items, len;
2891  int rc;
2892 
2893  len = strlen(key);
2894  items = 0;
2895  buf[items++] = cpu_to_le32(len);
2896  buf[items++] = cpu_to_le32(role->value);
2898  buf[items++] = cpu_to_le32(role->bounds);
2899 
2900  BUG_ON(items > (sizeof(buf)/sizeof(buf[0])));
2901 
2902  rc = put_entry(buf, sizeof(u32), items, fp);
2903  if (rc)
2904  return rc;
2905 
2906  rc = put_entry(key, 1, len, fp);
2907  if (rc)
2908  return rc;
2909 
2910  rc = ebitmap_write(&role->dominates, fp);
2911  if (rc)
2912  return rc;
2913 
2914  rc = ebitmap_write(&role->types, fp);
2915  if (rc)
2916  return rc;
2917 
2918  return 0;
2919 }
2920 
2921 static int type_write(void *vkey, void *datum, void *ptr)
2922 {
2923  char *key = vkey;
2924  struct type_datum *typdatum = datum;
2925  struct policy_data *pd = ptr;
2926  struct policydb *p = pd->p;
2927  void *fp = pd->fp;
2928  __le32 buf[4];
2929  int rc;
2930  size_t items, len;
2931 
2932  len = strlen(key);
2933  items = 0;
2934  buf[items++] = cpu_to_le32(len);
2935  buf[items++] = cpu_to_le32(typdatum->value);
2937  u32 properties = 0;
2938 
2939  if (typdatum->primary)
2940  properties |= TYPEDATUM_PROPERTY_PRIMARY;
2941 
2942  if (typdatum->attribute)
2943  properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
2944 
2945  buf[items++] = cpu_to_le32(properties);
2946  buf[items++] = cpu_to_le32(typdatum->bounds);
2947  } else {
2948  buf[items++] = cpu_to_le32(typdatum->primary);
2949  }
2950  BUG_ON(items > (sizeof(buf) / sizeof(buf[0])));
2951  rc = put_entry(buf, sizeof(u32), items, fp);
2952  if (rc)
2953  return rc;
2954 
2955  rc = put_entry(key, 1, len, fp);
2956  if (rc)
2957  return rc;
2958 
2959  return 0;
2960 }
2961 
2962 static int user_write(void *vkey, void *datum, void *ptr)
2963 {
2964  char *key = vkey;
2965  struct user_datum *usrdatum = datum;
2966  struct policy_data *pd = ptr;
2967  struct policydb *p = pd->p;
2968  void *fp = pd->fp;
2969  __le32 buf[3];
2970  size_t items, len;
2971  int rc;
2972 
2973  len = strlen(key);
2974  items = 0;
2975  buf[items++] = cpu_to_le32(len);
2976  buf[items++] = cpu_to_le32(usrdatum->value);
2978  buf[items++] = cpu_to_le32(usrdatum->bounds);
2979  BUG_ON(items > (sizeof(buf) / sizeof(buf[0])));
2980  rc = put_entry(buf, sizeof(u32), items, fp);
2981  if (rc)
2982  return rc;
2983 
2984  rc = put_entry(key, 1, len, fp);
2985  if (rc)
2986  return rc;
2987 
2988  rc = ebitmap_write(&usrdatum->roles, fp);
2989  if (rc)
2990  return rc;
2991 
2992  rc = mls_write_range_helper(&usrdatum->range, fp);
2993  if (rc)
2994  return rc;
2995 
2996  rc = mls_write_level(&usrdatum->dfltlevel, fp);
2997  if (rc)
2998  return rc;
2999 
3000  return 0;
3001 }
3002 
3003 static int (*write_f[SYM_NUM]) (void *key, void *datum,
3004  void *datap) =
3005 {
3006  common_write,
3007  class_write,
3008  role_write,
3009  type_write,
3010  user_write,
3012  sens_write,
3013  cat_write,
3014 };
3015 
3016 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info,
3017  void *fp)
3018 {
3019  unsigned int i, j, rc;
3020  size_t nel, len;
3021  __le32 buf[3];
3022  u32 nodebuf[8];
3023  struct ocontext *c;
3024  for (i = 0; i < info->ocon_num; i++) {
3025  nel = 0;
3026  for (c = p->ocontexts[i]; c; c = c->next)
3027  nel++;
3028  buf[0] = cpu_to_le32(nel);
3029  rc = put_entry(buf, sizeof(u32), 1, fp);
3030  if (rc)
3031  return rc;
3032  for (c = p->ocontexts[i]; c; c = c->next) {
3033  switch (i) {
3034  case OCON_ISID:
3035  buf[0] = cpu_to_le32(c->sid[0]);
3036  rc = put_entry(buf, sizeof(u32), 1, fp);
3037  if (rc)
3038  return rc;
3039  rc = context_write(p, &c->context[0], fp);
3040  if (rc)
3041  return rc;
3042  break;
3043  case OCON_FS:
3044  case OCON_NETIF:
3045  len = strlen(c->u.name);
3046  buf[0] = cpu_to_le32(len);
3047  rc = put_entry(buf, sizeof(u32), 1, fp);
3048  if (rc)
3049  return rc;
3050  rc = put_entry(c->u.name, 1, len, fp);
3051  if (rc)
3052  return rc;
3053  rc = context_write(p, &c->context[0], fp);
3054  if (rc)
3055  return rc;
3056  rc = context_write(p, &c->context[1], fp);
3057  if (rc)
3058  return rc;
3059  break;
3060  case OCON_PORT:
3061  buf[0] = cpu_to_le32(c->u.port.protocol);
3062  buf[1] = cpu_to_le32(c->u.port.low_port);
3063  buf[2] = cpu_to_le32(c->u.port.high_port);
3064  rc = put_entry(buf, sizeof(u32), 3, fp);
3065  if (rc)
3066  return rc;
3067  rc = context_write(p, &c->context[0], fp);
3068  if (rc)
3069  return rc;
3070  break;
3071  case OCON_NODE:
3072  nodebuf[0] = c->u.node.addr; /* network order */
3073  nodebuf[1] = c->u.node.mask; /* network order */
3074  rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3075  if (rc)
3076  return rc;
3077  rc = context_write(p, &c->context[0], fp);
3078  if (rc)
3079  return rc;
3080  break;
3081  case OCON_FSUSE:
3082  buf[0] = cpu_to_le32(c->v.behavior);
3083  len = strlen(c->u.name);
3084  buf[1] = cpu_to_le32(len);
3085  rc = put_entry(buf, sizeof(u32), 2, fp);
3086  if (rc)
3087  return rc;
3088  rc = put_entry(c->u.name, 1, len, fp);
3089  if (rc)
3090  return rc;
3091  rc = context_write(p, &c->context[0], fp);
3092  if (rc)
3093  return rc;
3094  break;
3095  case OCON_NODE6:
3096  for (j = 0; j < 4; j++)
3097  nodebuf[j] = c->u.node6.addr[j]; /* network order */
3098  for (j = 0; j < 4; j++)
3099  nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3100  rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3101  if (rc)
3102  return rc;
3103  rc = context_write(p, &c->context[0], fp);
3104  if (rc)
3105  return rc;
3106  break;
3107  }
3108  }
3109  }
3110  return 0;
3111 }
3112 
3113 static int genfs_write(struct policydb *p, void *fp)
3114 {
3115  struct genfs *genfs;
3116  struct ocontext *c;
3117  size_t len;
3118  __le32 buf[1];
3119  int rc;
3120 
3121  len = 0;
3122  for (genfs = p->genfs; genfs; genfs = genfs->next)
3123  len++;
3124  buf[0] = cpu_to_le32(len);
3125  rc = put_entry(buf, sizeof(u32), 1, fp);
3126  if (rc)
3127  return rc;
3128  for (genfs = p->genfs; genfs; genfs = genfs->next) {
3129  len = strlen(genfs->fstype);
3130  buf[0] = cpu_to_le32(len);
3131  rc = put_entry(buf, sizeof(u32), 1, fp);
3132  if (rc)
3133  return rc;
3134  rc = put_entry(genfs->fstype, 1, len, fp);
3135  if (rc)
3136  return rc;
3137  len = 0;
3138  for (c = genfs->head; c; c = c->next)
3139  len++;
3140  buf[0] = cpu_to_le32(len);
3141  rc = put_entry(buf, sizeof(u32), 1, fp);
3142  if (rc)
3143  return rc;
3144  for (c = genfs->head; c; c = c->next) {
3145  len = strlen(c->u.name);
3146  buf[0] = cpu_to_le32(len);
3147  rc = put_entry(buf, sizeof(u32), 1, fp);
3148  if (rc)
3149  return rc;
3150  rc = put_entry(c->u.name, 1, len, fp);
3151  if (rc)
3152  return rc;
3153  buf[0] = cpu_to_le32(c->v.sclass);
3154  rc = put_entry(buf, sizeof(u32), 1, fp);
3155  if (rc)
3156  return rc;
3157  rc = context_write(p, &c->context[0], fp);
3158  if (rc)
3159  return rc;
3160  }
3161  }
3162  return 0;
3163 }
3164 
3165 static int hashtab_cnt(void *key, void *data, void *ptr)
3166 {
3167  int *cnt = ptr;
3168  *cnt = *cnt + 1;
3169 
3170  return 0;
3171 }
3172 
3173 static int range_write_helper(void *key, void *data, void *ptr)
3174 {
3175  __le32 buf[2];
3176  struct range_trans *rt = key;
3177  struct mls_range *r = data;
3178  struct policy_data *pd = ptr;
3179  void *fp = pd->fp;
3180  struct policydb *p = pd->p;
3181  int rc;
3182 
3183  buf[0] = cpu_to_le32(rt->source_type);
3184  buf[1] = cpu_to_le32(rt->target_type);
3185  rc = put_entry(buf, sizeof(u32), 2, fp);
3186  if (rc)
3187  return rc;
3189  buf[0] = cpu_to_le32(rt->target_class);
3190  rc = put_entry(buf, sizeof(u32), 1, fp);
3191  if (rc)
3192  return rc;
3193  }
3194  rc = mls_write_range_helper(r, fp);
3195  if (rc)
3196  return rc;
3197 
3198  return 0;
3199 }
3200 
3201 static int range_write(struct policydb *p, void *fp)
3202 {
3203  size_t nel;
3204  __le32 buf[1];
3205  int rc;
3206  struct policy_data pd;
3207 
3208  pd.p = p;
3209  pd.fp = fp;
3210 
3211  /* count the number of entries in the hashtab */
3212  nel = 0;
3213  rc = hashtab_map(p->range_tr, hashtab_cnt, &nel);
3214  if (rc)
3215  return rc;
3216 
3217  buf[0] = cpu_to_le32(nel);
3218  rc = put_entry(buf, sizeof(u32), 1, fp);
3219  if (rc)
3220  return rc;
3221 
3222  /* actually write all of the entries */
3223  rc = hashtab_map(p->range_tr, range_write_helper, &pd);
3224  if (rc)
3225  return rc;
3226 
3227  return 0;
3228 }
3229 
3230 static int filename_write_helper(void *key, void *data, void *ptr)
3231 {
3232  __le32 buf[4];
3233  struct filename_trans *ft = key;
3234  struct filename_trans_datum *otype = data;
3235  void *fp = ptr;
3236  int rc;
3237  u32 len;
3238 
3239  len = strlen(ft->name);
3240  buf[0] = cpu_to_le32(len);
3241  rc = put_entry(buf, sizeof(u32), 1, fp);
3242  if (rc)
3243  return rc;
3244 
3245  rc = put_entry(ft->name, sizeof(char), len, fp);
3246  if (rc)
3247  return rc;
3248 
3249  buf[0] = ft->stype;
3250  buf[1] = ft->ttype;
3251  buf[2] = ft->tclass;
3252  buf[3] = otype->otype;
3253 
3254  rc = put_entry(buf, sizeof(u32), 4, fp);
3255  if (rc)
3256  return rc;
3257 
3258  return 0;
3259 }
3260 
3261 static int filename_trans_write(struct policydb *p, void *fp)
3262 {
3263  u32 nel;
3264  __le32 buf[1];
3265  int rc;
3266 
3268  return 0;
3269 
3270  nel = 0;
3271  rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel);
3272  if (rc)
3273  return rc;
3274 
3275  buf[0] = cpu_to_le32(nel);
3276  rc = put_entry(buf, sizeof(u32), 1, fp);
3277  if (rc)
3278  return rc;
3279 
3280  rc = hashtab_map(p->filename_trans, filename_write_helper, fp);
3281  if (rc)
3282  return rc;
3283 
3284  return 0;
3285 }
3286 
3287 /*
3288  * Write the configuration data in a policy database
3289  * structure to a policy database binary representation
3290  * file.
3291  */
3292 int policydb_write(struct policydb *p, void *fp)
3293 {
3294  unsigned int i, num_syms;
3295  int rc;
3296  __le32 buf[4];
3297  u32 config;
3298  size_t len;
3299  struct policydb_compat_info *info;
3300 
3301  /*
3302  * refuse to write policy older than compressed avtab
3303  * to simplify the writer. There are other tests dropped
3304  * since we assume this throughout the writer code. Be
3305  * careful if you ever try to remove this restriction
3306  */
3308  printk(KERN_ERR "SELinux: refusing to write policy version %d."
3309  " Because it is less than version %d\n", p->policyvers,
3311  return -EINVAL;
3312  }
3313 
3314  config = 0;
3315  if (p->mls_enabled)
3316  config |= POLICYDB_CONFIG_MLS;
3317 
3318  if (p->reject_unknown)
3319  config |= REJECT_UNKNOWN;
3320  if (p->allow_unknown)
3321  config |= ALLOW_UNKNOWN;
3322 
3323  /* Write the magic number and string identifiers. */
3324  buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3325  len = strlen(POLICYDB_STRING);
3326  buf[1] = cpu_to_le32(len);
3327  rc = put_entry(buf, sizeof(u32), 2, fp);
3328  if (rc)
3329  return rc;
3330  rc = put_entry(POLICYDB_STRING, 1, len, fp);
3331  if (rc)
3332  return rc;
3333 
3334  /* Write the version, config, and table sizes. */
3335  info = policydb_lookup_compat(p->policyvers);
3336  if (!info) {
3337  printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
3338  "version %d", p->policyvers);
3339  return -EINVAL;
3340  }
3341 
3342  buf[0] = cpu_to_le32(p->policyvers);
3343  buf[1] = cpu_to_le32(config);
3344  buf[2] = cpu_to_le32(info->sym_num);
3345  buf[3] = cpu_to_le32(info->ocon_num);
3346 
3347  rc = put_entry(buf, sizeof(u32), 4, fp);
3348  if (rc)
3349  return rc;
3350 
3351  if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3352  rc = ebitmap_write(&p->policycaps, fp);
3353  if (rc)
3354  return rc;
3355  }
3356 
3358  rc = ebitmap_write(&p->permissive_map, fp);
3359  if (rc)
3360  return rc;
3361  }
3362 
3363  num_syms = info->sym_num;
3364  for (i = 0; i < num_syms; i++) {
3365  struct policy_data pd;
3366 
3367  pd.fp = fp;
3368  pd.p = p;
3369 
3370  buf[0] = cpu_to_le32(p->symtab[i].nprim);
3371  buf[1] = cpu_to_le32(p->symtab[i].table->nel);
3372 
3373  rc = put_entry(buf, sizeof(u32), 2, fp);
3374  if (rc)
3375  return rc;
3376  rc = hashtab_map(p->symtab[i].table, write_f[i], &pd);
3377  if (rc)
3378  return rc;
3379  }
3380 
3381  rc = avtab_write(p, &p->te_avtab, fp);
3382  if (rc)
3383  return rc;
3384 
3385  rc = cond_write_list(p, p->cond_list, fp);
3386  if (rc)
3387  return rc;
3388 
3389  rc = role_trans_write(p, fp);
3390  if (rc)
3391  return rc;
3392 
3393  rc = role_allow_write(p->role_allow, fp);
3394  if (rc)
3395  return rc;
3396 
3397  rc = filename_trans_write(p, fp);
3398  if (rc)
3399  return rc;
3400 
3401  rc = ocontext_write(p, info, fp);
3402  if (rc)
3403  return rc;
3404 
3405  rc = genfs_write(p, fp);
3406  if (rc)
3407  return rc;
3408 
3409  rc = range_write(p, fp);
3410  if (rc)
3411  return rc;
3412 
3413  for (i = 0; i < p->p_types.nprim; i++) {
3414  struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
3415 
3416  BUG_ON(!e);
3417  rc = ebitmap_write(e, fp);
3418  if (rc)
3419  return rc;
3420  }
3421 
3422  return 0;
3423 }