OpenCores
URL https://opencores.org/ocsvn/test_project/test_project/trunk

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [security/] [selinux/] [ss/] [policydb.c] - Blame information for rev 62

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 62 marcus.erl 
/*
2 
 * Implementation of the policy database.
3 
 *
4 
 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 
 */
6 
 
7 
/*
8 
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9 
 *
10 
 *      Support for enhanced MLS infrastructure.
11 
 *
12 
 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
13 
 *
14 
 *      Added conditional policy language extensions
15 
 *
16 
 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
17 
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
18 
 *      This program is free software; you can redistribute it and/or modify
19 
 *      it under the terms of the GNU General Public License as published by
20 
 *      the Free Software Foundation, version 2.
21 
 */
22 
 
23 
#include <linux/kernel.h>
24 
#include <linux/sched.h>
25 
#include <linux/slab.h>
26 
#include <linux/string.h>
27 
#include <linux/errno.h>
28 
#include "security.h"
29 
 
30 
#include "policydb.h"
31 
#include "conditional.h"
32 
#include "mls.h"
33 
 
34 
#define _DEBUG_HASHES
35 
 
36 
#ifdef DEBUG_HASHES
37 
static char *symtab_name[SYM_NUM] = {
38 
        "common prefixes",
39 
        "classes",
40 
        "roles",
41 
        "types",
42 
        "users",
43 
        "bools",
44 
        "levels",
45 
        "categories",
46 
};
47 
#endif
48 
 
49 
int selinux_mls_enabled = 0;
50 
 
51 
static unsigned int symtab_sizes[SYM_NUM] = {
52 
        2,
53 
        32,
54 
        16,
55 
        512,
56 
        128,
57 
        16,
58 
        16,
59 
        16,
60 
};
61 
 
62 
struct policydb_compat_info {
63 
        int version;
64 
        int sym_num;
65 
        int ocon_num;
66 
};
67 
 
68 
/* These need to be updated if SYM_NUM or OCON_NUM changes */
69 
static struct policydb_compat_info policydb_compat[] = {
70 
        {
71 
                .version        = POLICYDB_VERSION_BASE,
72 
                .sym_num        = SYM_NUM - 3,
73 
                .ocon_num       = OCON_NUM - 1,
74 
        },
75 
        {
76 
                .version        = POLICYDB_VERSION_BOOL,
77 
                .sym_num        = SYM_NUM - 2,
78 
                .ocon_num       = OCON_NUM - 1,
79 
        },
80 
        {
81 
                .version        = POLICYDB_VERSION_IPV6,
82 
                .sym_num        = SYM_NUM - 2,
83 
                .ocon_num       = OCON_NUM,
84 
        },
85 
        {
86 
                .version        = POLICYDB_VERSION_NLCLASS,
87 
                .sym_num        = SYM_NUM - 2,
88 
                .ocon_num       = OCON_NUM,
89 
        },
90 
        {
91 
                .version        = POLICYDB_VERSION_MLS,
92 
                .sym_num        = SYM_NUM,
93 
                .ocon_num       = OCON_NUM,
94 
        },
95 
        {
96 
                .version        = POLICYDB_VERSION_AVTAB,
97 
                .sym_num        = SYM_NUM,
98 
                .ocon_num       = OCON_NUM,
99 
        },
100 
        {
101 
                .version        = POLICYDB_VERSION_RANGETRANS,
102 
                .sym_num        = SYM_NUM,
103 
                .ocon_num       = OCON_NUM,
104 
        },
105 
};
106 
 
107 
static struct policydb_compat_info *policydb_lookup_compat(int version)
108 
{
109 
        int i;
110 
        struct policydb_compat_info *info = NULL;
111 
 
112 
        for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
113 
                if (policydb_compat[i].version == version) {
114 
                        info = &policydb_compat[i];
115 
                        break;
116 
                }
117 
        }
118 
        return info;
119 
}
120 
 
121 
/*
122 
 * Initialize the role table.
123 
 */
124 
static int roles_init(struct policydb *p)
125 
{
126 
        char *key = NULL;
127 
        int rc;
128 
        struct role_datum *role;
129 
 
130 
        role = kzalloc(sizeof(*role), GFP_KERNEL);
131 
        if (!role) {
132 
                rc = -ENOMEM;
133 
                goto out;
134 
        }
135 
        role->value = ++p->p_roles.nprim;
136 
        if (role->value != OBJECT_R_VAL) {
137 
                rc = -EINVAL;
138 
                goto out_free_role;
139 
        }
140 
        key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL);
141 
        if (!key) {
142 
                rc = -ENOMEM;
143 
                goto out_free_role;
144 
        }
145 
        strcpy(key, OBJECT_R);
146 
        rc = hashtab_insert(p->p_roles.table, key, role);
147 
        if (rc)
148 
                goto out_free_key;
149 
out:
150 
        return rc;
151 
 
152 
out_free_key:
153 
        kfree(key);
154 
out_free_role:
155 
        kfree(role);
156 
        goto out;
157 
}
158 
 
159 
/*
160 
 * Initialize a policy database structure.
161 
 */
162 
static int policydb_init(struct policydb *p)
163 
{
164 
        int i, rc;
165 
 
166 
        memset(p, 0, sizeof(*p));
167 
 
168 
        for (i = 0; i < SYM_NUM; i++) {
169 
                rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
170 
                if (rc)
171 
                        goto out_free_symtab;
172 
        }
173 
 
174 
        rc = avtab_init(&p->te_avtab);
175 
        if (rc)
176 
                goto out_free_symtab;
177 
 
178 
        rc = roles_init(p);
179 
        if (rc)
180 
                goto out_free_symtab;
181 
 
182 
        rc = cond_policydb_init(p);
183 
        if (rc)
184 
                goto out_free_symtab;
185 
 
186 
out:
187 
        return rc;
188 
 
189 
out_free_symtab:
190 
        for (i = 0; i < SYM_NUM; i++)
191 
                hashtab_destroy(p->symtab[i].table);
192 
        goto out;
193 
}
194 
 
195 
/*
196 
 * The following *_index functions are used to
197 
 * define the val_to_name and val_to_struct arrays
198 
 * in a policy database structure.  The val_to_name
199 
 * arrays are used when converting security context
200 
 * structures into string representations.  The
201 
 * val_to_struct arrays are used when the attributes
202 
 * of a class, role, or user are needed.
203 
 */
204 
 
205 
static int common_index(void *key, void *datum, void *datap)
206 
{
207 
        struct policydb *p;
208 
        struct common_datum *comdatum;
209 
 
210 
        comdatum = datum;
211 
        p = datap;
212 
        if (!comdatum->value || comdatum->value > p->p_commons.nprim)
213 
                return -EINVAL;
214 
        p->p_common_val_to_name[comdatum->value - 1] = key;
215 
        return 0;
216 
}
217 
 
218 
static int class_index(void *key, void *datum, void *datap)
219 
{
220 
        struct policydb *p;
221 
        struct class_datum *cladatum;
222 
 
223 
        cladatum = datum;
224 
        p = datap;
225 
        if (!cladatum->value || cladatum->value > p->p_classes.nprim)
226 
                return -EINVAL;
227 
        p->p_class_val_to_name[cladatum->value - 1] = key;
228 
        p->class_val_to_struct[cladatum->value - 1] = cladatum;
229 
        return 0;
230 
}
231 
 
232 
static int role_index(void *key, void *datum, void *datap)
233 
{
234 
        struct policydb *p;
235 
        struct role_datum *role;
236 
 
237 
        role = datum;
238 
        p = datap;
239 
        if (!role->value || role->value > p->p_roles.nprim)
240 
                return -EINVAL;
241 
        p->p_role_val_to_name[role->value - 1] = key;
242 
        p->role_val_to_struct[role->value - 1] = role;
243 
        return 0;
244 
}
245 
 
246 
static int type_index(void *key, void *datum, void *datap)
247 
{
248 
        struct policydb *p;
249 
        struct type_datum *typdatum;
250 
 
251 
        typdatum = datum;
252 
        p = datap;
253 
 
254 
        if (typdatum->primary) {
255 
                if (!typdatum->value || typdatum->value > p->p_types.nprim)
256 
                        return -EINVAL;
257 
                p->p_type_val_to_name[typdatum->value - 1] = key;
258 
        }
259 
 
260 
        return 0;
261 
}
262 
 
263 
static int user_index(void *key, void *datum, void *datap)
264 
{
265 
        struct policydb *p;
266 
        struct user_datum *usrdatum;
267 
 
268 
        usrdatum = datum;
269 
        p = datap;
270 
        if (!usrdatum->value || usrdatum->value > p->p_users.nprim)
271 
                return -EINVAL;
272 
        p->p_user_val_to_name[usrdatum->value - 1] = key;
273 
        p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
274 
        return 0;
275 
}
276 
 
277 
static int sens_index(void *key, void *datum, void *datap)
278 
{
279 
        struct policydb *p;
280 
        struct level_datum *levdatum;
281 
 
282 
        levdatum = datum;
283 
        p = datap;
284 
 
285 
        if (!levdatum->isalias) {
286 
                if (!levdatum->level->sens ||
287 
                    levdatum->level->sens > p->p_levels.nprim)
288 
                        return -EINVAL;
289 
                p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
290 
        }
291 
 
292 
        return 0;
293 
}
294 
 
295 
static int cat_index(void *key, void *datum, void *datap)
296 
{
297 
        struct policydb *p;
298 
        struct cat_datum *catdatum;
299 
 
300 
        catdatum = datum;
301 
        p = datap;
302 
 
303 
        if (!catdatum->isalias) {
304 
                if (!catdatum->value || catdatum->value > p->p_cats.nprim)
305 
                        return -EINVAL;
306 
                p->p_cat_val_to_name[catdatum->value - 1] = key;
307 
        }
308 
 
309 
        return 0;
310 
}
311 
 
312 
static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
313 
{
314 
        common_index,
315 
        class_index,
316 
        role_index,
317 
        type_index,
318 
        user_index,
319 
        cond_index_bool,
320 
        sens_index,
321 
        cat_index,
322 
};
323 
 
324 
/*
325 
 * Define the common val_to_name array and the class
326 
 * val_to_name and val_to_struct arrays in a policy
327 
 * database structure.
328 
 *
329 
 * Caller must clean up upon failure.
330 
 */
331 
static int policydb_index_classes(struct policydb *p)
332 
{
333 
        int rc;
334 
 
335 
        p->p_common_val_to_name =
336 
                kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
337 
        if (!p->p_common_val_to_name) {
338 
                rc = -ENOMEM;
339 
                goto out;
340 
        }
341 
 
342 
        rc = hashtab_map(p->p_commons.table, common_index, p);
343 
        if (rc)
344 
                goto out;
345 
 
346 
        p->class_val_to_struct =
347 
                kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
348 
        if (!p->class_val_to_struct) {
349 
                rc = -ENOMEM;
350 
                goto out;
351 
        }
352 
 
353 
        p->p_class_val_to_name =
354 
                kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
355 
        if (!p->p_class_val_to_name) {
356 
                rc = -ENOMEM;
357 
                goto out;
358 
        }
359 
 
360 
        rc = hashtab_map(p->p_classes.table, class_index, p);
361 
out:
362 
        return rc;
363 
}
364 
 
365 
#ifdef DEBUG_HASHES
366 
static void symtab_hash_eval(struct symtab *s)
367 
{
368 
        int i;
369 
 
370 
        for (i = 0; i < SYM_NUM; i++) {
371 
                struct hashtab *h = s[i].table;
372 
                struct hashtab_info info;
373 
 
374 
                hashtab_stat(h, &info);
375 
                printk(KERN_DEBUG "%s:  %d entries and %d/%d buckets used, "
376 
                       "longest chain length %d\n", symtab_name[i], h->nel,
377 
                       info.slots_used, h->size, info.max_chain_len);
378 
        }
379 
}
380 
#endif
381 
 
382 
/*
383 
 * Define the other val_to_name and val_to_struct arrays
384 
 * in a policy database structure.
385 
 *
386 
 * Caller must clean up on failure.
387 
 */
388 
static int policydb_index_others(struct policydb *p)
389 
{
390 
        int i, rc = 0;
391 
 
392 
        printk(KERN_DEBUG "security:  %d users, %d roles, %d types, %d bools",
393 
               p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
394 
        if (selinux_mls_enabled)
395 
                printk(", %d sens, %d cats", p->p_levels.nprim,
396 
                       p->p_cats.nprim);
397 
        printk("\n");
398 
 
399 
        printk(KERN_DEBUG "security:  %d classes, %d rules\n",
400 
               p->p_classes.nprim, p->te_avtab.nel);
401 
 
402 
#ifdef DEBUG_HASHES
403 
        avtab_hash_eval(&p->te_avtab, "rules");
404 
        symtab_hash_eval(p->symtab);
405 
#endif
406 
 
407 
        p->role_val_to_struct =
408 
                kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
409 
                        GFP_KERNEL);
410 
        if (!p->role_val_to_struct) {
411 
                rc = -ENOMEM;
412 
                goto out;
413 
        }
414 
 
415 
        p->user_val_to_struct =
416 
                kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
417 
                        GFP_KERNEL);
418 
        if (!p->user_val_to_struct) {
419 
                rc = -ENOMEM;
420 
                goto out;
421 
        }
422 
 
423 
        if (cond_init_bool_indexes(p)) {
424 
                rc = -ENOMEM;
425 
                goto out;
426 
        }
427 
 
428 
        for (i = SYM_ROLES; i < SYM_NUM; i++) {
429 
                p->sym_val_to_name[i] =
430 
                        kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
431 
                if (!p->sym_val_to_name[i]) {
432 
                        rc = -ENOMEM;
433 
                        goto out;
434 
                }
435 
                rc = hashtab_map(p->symtab[i].table, index_f[i], p);
436 
                if (rc)
437 
                        goto out;
438 
        }
439 
 
440 
out:
441 
        return rc;
442 
}
443 
 
444 
/*
445 
 * The following *_destroy functions are used to
446 
 * free any memory allocated for each kind of
447 
 * symbol data in the policy database.
448 
 */
449 
 
450 
static int perm_destroy(void *key, void *datum, void *p)
451 
{
452 
        kfree(key);
453 
        kfree(datum);
454 
        return 0;
455 
}
456 
 
457 
static int common_destroy(void *key, void *datum, void *p)
458 
{
459 
        struct common_datum *comdatum;
460 
 
461 
        kfree(key);
462 
        comdatum = datum;
463 
        hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
464 
        hashtab_destroy(comdatum->permissions.table);
465 
        kfree(datum);
466 
        return 0;
467 
}
468 
 
469 
static int cls_destroy(void *key, void *datum, void *p)
470 
{
471 
        struct class_datum *cladatum;
472 
        struct constraint_node *constraint, *ctemp;
473 
        struct constraint_expr *e, *etmp;
474 
 
475 
        kfree(key);
476 
        cladatum = datum;
477 
        hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
478 
        hashtab_destroy(cladatum->permissions.table);
479 
        constraint = cladatum->constraints;
480 
        while (constraint) {
481 
                e = constraint->expr;
482 
                while (e) {
483 
                        ebitmap_destroy(&e->names);
484 
                        etmp = e;
485 
                        e = e->next;
486 
                        kfree(etmp);
487 
                }
488 
                ctemp = constraint;
489 
                constraint = constraint->next;
490 
                kfree(ctemp);
491 
        }
492 
 
493 
        constraint = cladatum->validatetrans;
494 
        while (constraint) {
495 
                e = constraint->expr;
496 
                while (e) {
497 
                        ebitmap_destroy(&e->names);
498 
                        etmp = e;
499 
                        e = e->next;
500 
                        kfree(etmp);
501 
                }
502 
                ctemp = constraint;
503 
                constraint = constraint->next;
504 
                kfree(ctemp);
505 
        }
506 
 
507 
        kfree(cladatum->comkey);
508 
        kfree(datum);
509 
        return 0;
510 
}
511 
 
512 
static int role_destroy(void *key, void *datum, void *p)
513 
{
514 
        struct role_datum *role;
515 
 
516 
        kfree(key);
517 
        role = datum;
518 
        ebitmap_destroy(&role->dominates);
519 
        ebitmap_destroy(&role->types);
520 
        kfree(datum);
521 
        return 0;
522 
}
523 
 
524 
static int type_destroy(void *key, void *datum, void *p)
525 
{
526 
        kfree(key);
527 
        kfree(datum);
528 
        return 0;
529 
}
530 
 
531 
static int user_destroy(void *key, void *datum, void *p)
532 
{
533 
        struct user_datum *usrdatum;
534 
 
535 
        kfree(key);
536 
        usrdatum = datum;
537 
        ebitmap_destroy(&usrdatum->roles);
538 
        ebitmap_destroy(&usrdatum->range.level[0].cat);
539 
        ebitmap_destroy(&usrdatum->range.level[1].cat);
540 
        ebitmap_destroy(&usrdatum->dfltlevel.cat);
541 
        kfree(datum);
542 
        return 0;
543 
}
544 
 
545 
static int sens_destroy(void *key, void *datum, void *p)
546 
{
547 
        struct level_datum *levdatum;
548 
 
549 
        kfree(key);
550 
        levdatum = datum;
551 
        ebitmap_destroy(&levdatum->level->cat);
552 
        kfree(levdatum->level);
553 
        kfree(datum);
554 
        return 0;
555 
}
556 
 
557 
static int cat_destroy(void *key, void *datum, void *p)
558 
{
559 
        kfree(key);
560 
        kfree(datum);
561 
        return 0;
562 
}
563 
 
564 
static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
565 
{
566 
        common_destroy,
567 
        cls_destroy,
568 
        role_destroy,
569 
        type_destroy,
570 
        user_destroy,
571 
        cond_destroy_bool,
572 
        sens_destroy,
573 
        cat_destroy,
574 
};
575 
 
576 
static void ocontext_destroy(struct ocontext *c, int i)
577 
{
578 
        context_destroy(&c->context[0]);
579 
        context_destroy(&c->context[1]);
580 
        if (i == OCON_ISID || i == OCON_FS ||
581 
            i == OCON_NETIF || i == OCON_FSUSE)
582 
                kfree(c->u.name);
583 
        kfree(c);
584 
}
585 
 
586 
/*
587 
 * Free any memory allocated by a policy database structure.
588 
 */
589 
void policydb_destroy(struct policydb *p)
590 
{
591 
        struct ocontext *c, *ctmp;
592 
        struct genfs *g, *gtmp;
593 
        int i;
594 
        struct role_allow *ra, *lra = NULL;
595 
        struct role_trans *tr, *ltr = NULL;
596 
        struct range_trans *rt, *lrt = NULL;
597 
 
598 
        for (i = 0; i < SYM_NUM; i++) {
599 
                cond_resched();
600 
                hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
601 
                hashtab_destroy(p->symtab[i].table);
602 
        }
603 
 
604 
        for (i = 0; i < SYM_NUM; i++)
605 
                kfree(p->sym_val_to_name[i]);
606 
 
607 
        kfree(p->class_val_to_struct);
608 
        kfree(p->role_val_to_struct);
609 
        kfree(p->user_val_to_struct);
610 
 
611 
        avtab_destroy(&p->te_avtab);
612 
 
613 
        for (i = 0; i < OCON_NUM; i++) {
614 
                cond_resched();
615 
                c = p->ocontexts[i];
616 
                while (c) {
617 
                        ctmp = c;
618 
                        c = c->next;
619 
                        ocontext_destroy(ctmp,i);
620 
                }
621 
                p->ocontexts[i] = NULL;
622 
        }
623 
 
624 
        g = p->genfs;
625 
        while (g) {
626 
                cond_resched();
627 
                kfree(g->fstype);
628 
                c = g->head;
629 
                while (c) {
630 
                        ctmp = c;
631 
                        c = c->next;
632 
                        ocontext_destroy(ctmp,OCON_FSUSE);
633 
                }
634 
                gtmp = g;
635 
                g = g->next;
636 
                kfree(gtmp);
637 
        }
638 
        p->genfs = NULL;
639 
 
640 
        cond_policydb_destroy(p);
641 
 
642 
        for (tr = p->role_tr; tr; tr = tr->next) {
643 
                cond_resched();
644 
                kfree(ltr);
645 
                ltr = tr;
646 
        }
647 
        kfree(ltr);
648 
 
649 
        for (ra = p->role_allow; ra; ra = ra -> next) {
650 
                cond_resched();
651 
                kfree(lra);
652 
                lra = ra;
653 
        }
654 
        kfree(lra);
655 
 
656 
        for (rt = p->range_tr; rt; rt = rt -> next) {
657 
                cond_resched();
658 
                if (lrt) {
659 
                        ebitmap_destroy(&lrt->target_range.level[0].cat);
660 
                        ebitmap_destroy(&lrt->target_range.level[1].cat);
661 
                        kfree(lrt);
662 
                }
663 
                lrt = rt;
664 
        }
665 
        if (lrt) {
666 
                ebitmap_destroy(&lrt->target_range.level[0].cat);
667 
                ebitmap_destroy(&lrt->target_range.level[1].cat);
668 
                kfree(lrt);
669 
        }
670 
 
671 
        if (p->type_attr_map) {
672 
                for (i = 0; i < p->p_types.nprim; i++)
673 
                        ebitmap_destroy(&p->type_attr_map[i]);
674 
        }
675 
        kfree(p->type_attr_map);
676 
 
677 
        kfree(p->undefined_perms);
678 
 
679 
        return;
680 
}
681 
 
682 
/*
683 
 * Load the initial SIDs specified in a policy database
684 
 * structure into a SID table.
685 
 */
686 
int policydb_load_isids(struct policydb *p, struct sidtab *s)
687 
{
688 
        struct ocontext *head, *c;
689 
        int rc;
690 
 
691 
        rc = sidtab_init(s);
692 
        if (rc) {
693 
                printk(KERN_ERR "security:  out of memory on SID table init\n");
694 
                goto out;
695 
        }
696 
 
697 
        head = p->ocontexts[OCON_ISID];
698 
        for (c = head; c; c = c->next) {
699 
                if (!c->context[0].user) {
700 
                        printk(KERN_ERR "security:  SID %s was never "
701 
                               "defined.\n", c->u.name);
702 
                        rc = -EINVAL;
703 
                        goto out;
704 
                }
705 
                if (sidtab_insert(s, c->sid[0], &c->context[0])) {
706 
                        printk(KERN_ERR "security:  unable to load initial "
707 
                               "SID %s.\n", c->u.name);
708 
                        rc = -EINVAL;
709 
                        goto out;
710 
                }
711 
        }
712 
out:
713 
        return rc;
714 
}
715 
 
716 
int policydb_class_isvalid(struct policydb *p, unsigned int class)
717 
{
718 
        if (!class || class > p->p_classes.nprim)
719 
                return 0;
720 
        return 1;
721 
}
722 
 
723 
int policydb_role_isvalid(struct policydb *p, unsigned int role)
724 
{
725 
        if (!role || role > p->p_roles.nprim)
726 
                return 0;
727 
        return 1;
728 
}
729 
 
730 
int policydb_type_isvalid(struct policydb *p, unsigned int type)
731 
{
732 
        if (!type || type > p->p_types.nprim)
733 
                return 0;
734 
        return 1;
735 
}
736 
 
737 
/*
738 
 * Return 1 if the fields in the security context
739 
 * structure `c' are valid.  Return 0 otherwise.
740 
 */
741 
int policydb_context_isvalid(struct policydb *p, struct context *c)
742 
{
743 
        struct role_datum *role;
744 
        struct user_datum *usrdatum;
745 
 
746 
        if (!c->role || c->role > p->p_roles.nprim)
747 
                return 0;
748 
 
749 
        if (!c->user || c->user > p->p_users.nprim)
750 
                return 0;
751 
 
752 
        if (!c->type || c->type > p->p_types.nprim)
753 
                return 0;
754 
 
755 
        if (c->role != OBJECT_R_VAL) {
756 
                /*
757 
                 * Role must be authorized for the type.
758 
                 */
759 
                role = p->role_val_to_struct[c->role - 1];
760 
                if (!ebitmap_get_bit(&role->types,
761 
                                     c->type - 1))
762 
                        /* role may not be associated with type */
763 
                        return 0;
764 
 
765 
                /*
766 
                 * User must be authorized for the role.
767 
                 */
768 
                usrdatum = p->user_val_to_struct[c->user - 1];
769 
                if (!usrdatum)
770 
                        return 0;
771 
 
772 
                if (!ebitmap_get_bit(&usrdatum->roles,
773 
                                     c->role - 1))
774 
                        /* user may not be associated with role */
775 
                        return 0;
776 
        }
777 
 
778 
        if (!mls_context_isvalid(p, c))
779 
                return 0;
780 
 
781 
        return 1;
782 
}
783 
 
784 
/*
785 
 * Read a MLS range structure from a policydb binary
786 
 * representation file.
787 
 */
788 
static int mls_read_range_helper(struct mls_range *r, void *fp)
789 
{
790 
        __le32 buf[2];
791 
        u32 items;
792 
        int rc;
793 
 
794 
        rc = next_entry(buf, fp, sizeof(u32));
795 
        if (rc < 0)
796 
                goto out;
797 
 
798 
        items = le32_to_cpu(buf[0]);
799 
        if (items > ARRAY_SIZE(buf)) {
800 
                printk(KERN_ERR "security: mls:  range overflow\n");
801 
                rc = -EINVAL;
802 
                goto out;
803 
        }
804 
        rc = next_entry(buf, fp, sizeof(u32) * items);
805 
        if (rc < 0) {
806 
                printk(KERN_ERR "security: mls:  truncated range\n");
807 
                goto out;
808 
        }
809 
        r->level[0].sens = le32_to_cpu(buf[0]);
810 
        if (items > 1)
811 
                r->level[1].sens = le32_to_cpu(buf[1]);
812 
        else
813 
                r->level[1].sens = r->level[0].sens;
814 
 
815 
        rc = ebitmap_read(&r->level[0].cat, fp);
816 
        if (rc) {
817 
                printk(KERN_ERR "security: mls:  error reading low "
818 
                       "categories\n");
819 
                goto out;
820 
        }
821 
        if (items > 1) {
822 
                rc = ebitmap_read(&r->level[1].cat, fp);
823 
                if (rc) {
824 
                        printk(KERN_ERR "security: mls:  error reading high "
825 
                               "categories\n");
826 
                        goto bad_high;
827 
                }
828 
        } else {
829 
                rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
830 
                if (rc) {
831 
                        printk(KERN_ERR "security: mls:  out of memory\n");
832 
                        goto bad_high;
833 
                }
834 
        }
835 
 
836 
        rc = 0;
837 
out:
838 
        return rc;
839 
bad_high:
840 
        ebitmap_destroy(&r->level[0].cat);
841 
        goto out;
842 
}
843 
 
844 
/*
845 
 * Read and validate a security context structure
846 
 * from a policydb binary representation file.
847 
 */
848 
static int context_read_and_validate(struct context *c,
849 
                                     struct policydb *p,
850 
                                     void *fp)
851 
{
852 
        __le32 buf[3];
853 
        int rc;
854 
 
855 
        rc = next_entry(buf, fp, sizeof buf);
856 
        if (rc < 0) {
857 
                printk(KERN_ERR "security: context truncated\n");
858 
                goto out;
859 
        }
860 
        c->user = le32_to_cpu(buf[0]);
861 
        c->role = le32_to_cpu(buf[1]);
862 
        c->type = le32_to_cpu(buf[2]);
863 
        if (p->policyvers >= POLICYDB_VERSION_MLS) {
864 
                if (mls_read_range_helper(&c->range, fp)) {
865 
                        printk(KERN_ERR "security: error reading MLS range of "
866 
                               "context\n");
867 
                        rc = -EINVAL;
868 
                        goto out;
869 
                }
870 
        }
871 
 
872 
        if (!policydb_context_isvalid(p, c)) {
873 
                printk(KERN_ERR "security:  invalid security context\n");
874 
                context_destroy(c);
875 
                rc = -EINVAL;
876 
        }
877 
out:
878 
        return rc;
879 
}
880 
 
881 
/*
882 
 * The following *_read functions are used to
883 
 * read the symbol data from a policy database
884 
 * binary representation file.
885 
 */
886 
 
887 
static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
888 
{
889 
        char *key = NULL;
890 
        struct perm_datum *perdatum;
891 
        int rc;
892 
        __le32 buf[2];
893 
        u32 len;
894 
 
895 
        perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
896 
        if (!perdatum) {
897 
                rc = -ENOMEM;
898 
                goto out;
899 
        }
900 
 
901 
        rc = next_entry(buf, fp, sizeof buf);
902 
        if (rc < 0)
903 
                goto bad;
904 
 
905 
        len = le32_to_cpu(buf[0]);
906 
        perdatum->value = le32_to_cpu(buf[1]);
907 
 
908 
        key = kmalloc(len + 1,GFP_KERNEL);
909 
        if (!key) {
910 
                rc = -ENOMEM;
911 
                goto bad;
912 
        }
913 
        rc = next_entry(key, fp, len);
914 
        if (rc < 0)
915 
                goto bad;
916 
        key[len] = 0;
917 
 
918 
        rc = hashtab_insert(h, key, perdatum);
919 
        if (rc)
920 
                goto bad;
921 
out:
922 
        return rc;
923 
bad:
924 
        perm_destroy(key, perdatum, NULL);
925 
        goto out;
926 
}
927 
 
928 
static int common_read(struct policydb *p, struct hashtab *h, void *fp)
929 
{
930 
        char *key = NULL;
931 
        struct common_datum *comdatum;
932 
        __le32 buf[4];
933 
        u32 len, nel;
934 
        int i, rc;
935 
 
936 
        comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
937 
        if (!comdatum) {
938 
                rc = -ENOMEM;
939 
                goto out;
940 
        }
941 
 
942 
        rc = next_entry(buf, fp, sizeof buf);
943 
        if (rc < 0)
944 
                goto bad;
945 
 
946 
        len = le32_to_cpu(buf[0]);
947 
        comdatum->value = le32_to_cpu(buf[1]);
948 
 
949 
        rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
950 
        if (rc)
951 
                goto bad;
952 
        comdatum->permissions.nprim = le32_to_cpu(buf[2]);
953 
        nel = le32_to_cpu(buf[3]);
954 
 
955 
        key = kmalloc(len + 1,GFP_KERNEL);
956 
        if (!key) {
957 
                rc = -ENOMEM;
958 
                goto bad;
959 
        }
960 
        rc = next_entry(key, fp, len);
961 
        if (rc < 0)
962 
                goto bad;
963 
        key[len] = 0;
964 
 
965 
        for (i = 0; i < nel; i++) {
966 
                rc = perm_read(p, comdatum->permissions.table, fp);
967 
                if (rc)
968 
                        goto bad;
969 
        }
970 
 
971 
        rc = hashtab_insert(h, key, comdatum);
972 
        if (rc)
973 
                goto bad;
974 
out:
975 
        return rc;
976 
bad:
977 
        common_destroy(key, comdatum, NULL);
978 
        goto out;
979 
}
980 
 
981 
static int read_cons_helper(struct constraint_node **nodep, int ncons,
982 
                            int allowxtarget, void *fp)
983 
{
984 
        struct constraint_node *c, *lc;
985 
        struct constraint_expr *e, *le;
986 
        __le32 buf[3];
987 
        u32 nexpr;
988 
        int rc, i, j, depth;
989 
 
990 
        lc = NULL;
991 
        for (i = 0; i < ncons; i++) {
992 
                c = kzalloc(sizeof(*c), GFP_KERNEL);
993 
                if (!c)
994 
                        return -ENOMEM;
995 
 
996 
                if (lc) {
997 
                        lc->next = c;
998 
                } else {
999 
                        *nodep = c;
1000 
                }
1001 
 
1002 
                rc = next_entry(buf, fp, (sizeof(u32) * 2));
1003 
                if (rc < 0)
1004 
                        return rc;
1005 
                c->permissions = le32_to_cpu(buf[0]);
1006 
                nexpr = le32_to_cpu(buf[1]);
1007 
                le = NULL;
1008 
                depth = -1;
1009 
                for (j = 0; j < nexpr; j++) {
1010 
                        e = kzalloc(sizeof(*e), GFP_KERNEL);
1011 
                        if (!e)
1012 
                                return -ENOMEM;
1013 
 
1014 
                        if (le) {
1015 
                                le->next = e;
1016 
                        } else {
1017 
                                c->expr = e;
1018 
                        }
1019 
 
1020 
                        rc = next_entry(buf, fp, (sizeof(u32) * 3));
1021 
                        if (rc < 0)
1022 
                                return rc;
1023 
                        e->expr_type = le32_to_cpu(buf[0]);
1024 
                        e->attr = le32_to_cpu(buf[1]);
1025 
                        e->op = le32_to_cpu(buf[2]);
1026 
 
1027 
                        switch (e->expr_type) {
1028 
                        case CEXPR_NOT:
1029 
                                if (depth < 0)
1030 
                                        return -EINVAL;
1031 
                                break;
1032 
                        case CEXPR_AND:
1033 
                        case CEXPR_OR:
1034 
                                if (depth < 1)
1035 
                                        return -EINVAL;
1036 
                                depth--;
1037 
                                break;
1038 
                        case CEXPR_ATTR:
1039 
                                if (depth == (CEXPR_MAXDEPTH - 1))
1040 
                                        return -EINVAL;
1041 
                                depth++;
1042 
                                break;
1043 
                        case CEXPR_NAMES:
1044 
                                if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1045 
                                        return -EINVAL;
1046 
                                if (depth == (CEXPR_MAXDEPTH - 1))
1047 
                                        return -EINVAL;
1048 
                                depth++;
1049 
                                if (ebitmap_read(&e->names, fp))
1050 
                                        return -EINVAL;
1051 
                                break;
1052 
                        default:
1053 
                                return -EINVAL;
1054 
                        }
1055 
                        le = e;
1056 
                }
1057 
                if (depth != 0)
1058 
                        return -EINVAL;
1059 
                lc = c;
1060 
        }
1061 
 
1062 
        return 0;
1063 
}
1064 
 
1065 
static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1066 
{
1067 
        char *key = NULL;
1068 
        struct class_datum *cladatum;
1069 
        __le32 buf[6];
1070 
        u32 len, len2, ncons, nel;
1071 
        int i, rc;
1072 
 
1073 
        cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1074 
        if (!cladatum) {
1075 
                rc = -ENOMEM;
1076 
                goto out;
1077 
        }
1078 
 
1079 
        rc = next_entry(buf, fp, sizeof(u32)*6);
1080 
        if (rc < 0)
1081 
                goto bad;
1082 
 
1083 
        len = le32_to_cpu(buf[0]);
1084 
        len2 = le32_to_cpu(buf[1]);
1085 
        cladatum->value = le32_to_cpu(buf[2]);
1086 
 
1087 
        rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1088 
        if (rc)
1089 
                goto bad;
1090 
        cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1091 
        nel = le32_to_cpu(buf[4]);
1092 
 
1093 
        ncons = le32_to_cpu(buf[5]);
1094 
 
1095 
        key = kmalloc(len + 1,GFP_KERNEL);
1096 
        if (!key) {
1097 
                rc = -ENOMEM;
1098 
                goto bad;
1099 
        }
1100 
        rc = next_entry(key, fp, len);
1101 
        if (rc < 0)
1102 
                goto bad;
1103 
        key[len] = 0;
1104 
 
1105 
        if (len2) {
1106 
                cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL);
1107 
                if (!cladatum->comkey) {
1108 
                        rc = -ENOMEM;
1109 
                        goto bad;
1110 
                }
1111 
                rc = next_entry(cladatum->comkey, fp, len2);
1112 
                if (rc < 0)
1113 
                        goto bad;
1114 
                cladatum->comkey[len2] = 0;
1115 
 
1116 
                cladatum->comdatum = hashtab_search(p->p_commons.table,
1117 
                                                    cladatum->comkey);
1118 
                if (!cladatum->comdatum) {
1119 
                        printk(KERN_ERR "security:  unknown common %s\n",
1120 
                               cladatum->comkey);
1121 
                        rc = -EINVAL;
1122 
                        goto bad;
1123 
                }
1124 
        }
1125 
        for (i = 0; i < nel; i++) {
1126 
                rc = perm_read(p, cladatum->permissions.table, fp);
1127 
                if (rc)
1128 
                        goto bad;
1129 
        }
1130 
 
1131 
        rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1132 
        if (rc)
1133 
                goto bad;
1134 
 
1135 
        if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1136 
                /* grab the validatetrans rules */
1137 
                rc = next_entry(buf, fp, sizeof(u32));
1138 
                if (rc < 0)
1139 
                        goto bad;
1140 
                ncons = le32_to_cpu(buf[0]);
1141 
                rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1142 
                if (rc)
1143 
                        goto bad;
1144 
        }
1145 
 
1146 
        rc = hashtab_insert(h, key, cladatum);
1147 
        if (rc)
1148 
                goto bad;
1149 
 
1150 
        rc = 0;
1151 
out:
1152 
        return rc;
1153 
bad:
1154 
        cls_destroy(key, cladatum, NULL);
1155 
        goto out;
1156 
}
1157 
 
1158 
static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1159 
{
1160 
        char *key = NULL;
1161 
        struct role_datum *role;
1162 
        int rc;
1163 
        __le32 buf[2];
1164 
        u32 len;
1165 
 
1166 
        role = kzalloc(sizeof(*role), GFP_KERNEL);
1167 
        if (!role) {
1168 
                rc = -ENOMEM;
1169 
                goto out;
1170 
        }
1171 
 
1172 
        rc = next_entry(buf, fp, sizeof buf);
1173 
        if (rc < 0)
1174 
                goto bad;
1175 
 
1176 
        len = le32_to_cpu(buf[0]);
1177 
        role->value = le32_to_cpu(buf[1]);
1178 
 
1179 
        key = kmalloc(len + 1,GFP_KERNEL);
1180 
        if (!key) {
1181 
                rc = -ENOMEM;
1182 
                goto bad;
1183 
        }
1184 
        rc = next_entry(key, fp, len);
1185 
        if (rc < 0)
1186 
                goto bad;
1187 
        key[len] = 0;
1188 
 
1189 
        rc = ebitmap_read(&role->dominates, fp);
1190 
        if (rc)
1191 
                goto bad;
1192 
 
1193 
        rc = ebitmap_read(&role->types, fp);
1194 
        if (rc)
1195 
                goto bad;
1196 
 
1197 
        if (strcmp(key, OBJECT_R) == 0) {
1198 
                if (role->value != OBJECT_R_VAL) {
1199 
                        printk(KERN_ERR "Role %s has wrong value %d\n",
1200 
                               OBJECT_R, role->value);
1201 
                        rc = -EINVAL;
1202 
                        goto bad;
1203 
                }
1204 
                rc = 0;
1205 
                goto bad;
1206 
        }
1207 
 
1208 
        rc = hashtab_insert(h, key, role);
1209 
        if (rc)
1210 
                goto bad;
1211 
out:
1212 
        return rc;
1213 
bad:
1214 
        role_destroy(key, role, NULL);
1215 
        goto out;
1216 
}
1217 
 
1218 
static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1219 
{
1220 
        char *key = NULL;
1221 
        struct type_datum *typdatum;
1222 
        int rc;
1223 
        __le32 buf[3];
1224 
        u32 len;
1225 
 
1226 
        typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL);
1227 
        if (!typdatum) {
1228 
                rc = -ENOMEM;
1229 
                return rc;
1230 
        }
1231 
 
1232 
        rc = next_entry(buf, fp, sizeof buf);
1233 
        if (rc < 0)
1234 
                goto bad;
1235 
 
1236 
        len = le32_to_cpu(buf[0]);
1237 
        typdatum->value = le32_to_cpu(buf[1]);
1238 
        typdatum->primary = le32_to_cpu(buf[2]);
1239 
 
1240 
        key = kmalloc(len + 1,GFP_KERNEL);
1241 
        if (!key) {
1242 
                rc = -ENOMEM;
1243 
                goto bad;
1244 
        }
1245 
        rc = next_entry(key, fp, len);
1246 
        if (rc < 0)
1247 
                goto bad;
1248 
        key[len] = 0;
1249 
 
1250 
        rc = hashtab_insert(h, key, typdatum);
1251 
        if (rc)
1252 
                goto bad;
1253 
out:
1254 
        return rc;
1255 
bad:
1256 
        type_destroy(key, typdatum, NULL);
1257 
        goto out;
1258 
}
1259 
 
1260 
 
1261 
/*
1262 
 * Read a MLS level structure from a policydb binary
1263 
 * representation file.
1264 
 */
1265 
static int mls_read_level(struct mls_level *lp, void *fp)
1266 
{
1267 
        __le32 buf[1];
1268 
        int rc;
1269 
 
1270 
        memset(lp, 0, sizeof(*lp));
1271 
 
1272 
        rc = next_entry(buf, fp, sizeof buf);
1273 
        if (rc < 0) {
1274 
                printk(KERN_ERR "security: mls: truncated level\n");
1275 
                goto bad;
1276 
        }
1277 
        lp->sens = le32_to_cpu(buf[0]);
1278 
 
1279 
        if (ebitmap_read(&lp->cat, fp)) {
1280 
                printk(KERN_ERR "security: mls:  error reading level "
1281 
                       "categories\n");
1282 
                goto bad;
1283 
        }
1284 
 
1285 
        return 0;
1286 
 
1287 
bad:
1288 
        return -EINVAL;
1289 
}
1290 
 
1291 
static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1292 
{
1293 
        char *key = NULL;
1294 
        struct user_datum *usrdatum;
1295 
        int rc;
1296 
        __le32 buf[2];
1297 
        u32 len;
1298 
 
1299 
        usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1300 
        if (!usrdatum) {
1301 
                rc = -ENOMEM;
1302 
                goto out;
1303 
        }
1304 
 
1305 
        rc = next_entry(buf, fp, sizeof buf);
1306 
        if (rc < 0)
1307 
                goto bad;
1308 
 
1309 
        len = le32_to_cpu(buf[0]);
1310 
        usrdatum->value = le32_to_cpu(buf[1]);
1311 
 
1312 
        key = kmalloc(len + 1,GFP_KERNEL);
1313 
        if (!key) {
1314 
                rc = -ENOMEM;
1315 
                goto bad;
1316 
        }
1317 
        rc = next_entry(key, fp, len);
1318 
        if (rc < 0)
1319 
                goto bad;
1320 
        key[len] = 0;
1321 
 
1322 
        rc = ebitmap_read(&usrdatum->roles, fp);
1323 
        if (rc)
1324 
                goto bad;
1325 
 
1326 
        if (p->policyvers >= POLICYDB_VERSION_MLS) {
1327 
                rc = mls_read_range_helper(&usrdatum->range, fp);
1328 
                if (rc)
1329 
                        goto bad;
1330 
                rc = mls_read_level(&usrdatum->dfltlevel, fp);
1331 
                if (rc)
1332 
                        goto bad;
1333 
        }
1334 
 
1335 
        rc = hashtab_insert(h, key, usrdatum);
1336 
        if (rc)
1337 
                goto bad;
1338 
out:
1339 
        return rc;
1340 
bad:
1341 
        user_destroy(key, usrdatum, NULL);
1342 
        goto out;
1343 
}
1344 
 
1345 
static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1346 
{
1347 
        char *key = NULL;
1348 
        struct level_datum *levdatum;
1349 
        int rc;
1350 
        __le32 buf[2];
1351 
        u32 len;
1352 
 
1353 
        levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1354 
        if (!levdatum) {
1355 
                rc = -ENOMEM;
1356 
                goto out;
1357 
        }
1358 
 
1359 
        rc = next_entry(buf, fp, sizeof buf);
1360 
        if (rc < 0)
1361 
                goto bad;
1362 
 
1363 
        len = le32_to_cpu(buf[0]);
1364 
        levdatum->isalias = le32_to_cpu(buf[1]);
1365 
 
1366 
        key = kmalloc(len + 1,GFP_ATOMIC);
1367 
        if (!key) {
1368 
                rc = -ENOMEM;
1369 
                goto bad;
1370 
        }
1371 
        rc = next_entry(key, fp, len);
1372 
        if (rc < 0)
1373 
                goto bad;
1374 
        key[len] = 0;
1375 
 
1376 
        levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1377 
        if (!levdatum->level) {
1378 
                rc = -ENOMEM;
1379 
                goto bad;
1380 
        }
1381 
        if (mls_read_level(levdatum->level, fp)) {
1382 
                rc = -EINVAL;
1383 
                goto bad;
1384 
        }
1385 
 
1386 
        rc = hashtab_insert(h, key, levdatum);
1387 
        if (rc)
1388 
                goto bad;
1389 
out:
1390 
        return rc;
1391 
bad:
1392 
        sens_destroy(key, levdatum, NULL);
1393 
        goto out;
1394 
}
1395 
 
1396 
static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1397 
{
1398 
        char *key = NULL;
1399 
        struct cat_datum *catdatum;
1400 
        int rc;
1401 
        __le32 buf[3];
1402 
        u32 len;
1403 
 
1404 
        catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1405 
        if (!catdatum) {
1406 
                rc = -ENOMEM;
1407 
                goto out;
1408 
        }
1409 
 
1410 
        rc = next_entry(buf, fp, sizeof buf);
1411 
        if (rc < 0)
1412 
                goto bad;
1413 
 
1414 
        len = le32_to_cpu(buf[0]);
1415 
        catdatum->value = le32_to_cpu(buf[1]);
1416 
        catdatum->isalias = le32_to_cpu(buf[2]);
1417 
 
1418 
        key = kmalloc(len + 1,GFP_ATOMIC);
1419 
        if (!key) {
1420 
                rc = -ENOMEM;
1421 
                goto bad;
1422 
        }
1423 
        rc = next_entry(key, fp, len);
1424 
        if (rc < 0)
1425 
                goto bad;
1426 
        key[len] = 0;
1427 
 
1428 
        rc = hashtab_insert(h, key, catdatum);
1429 
        if (rc)
1430 
                goto bad;
1431 
out:
1432 
        return rc;
1433 
 
1434 
bad:
1435 
        cat_destroy(key, catdatum, NULL);
1436 
        goto out;
1437 
}
1438 
 
1439 
static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1440 
{
1441 
        common_read,
1442 
        class_read,
1443 
        role_read,
1444 
        type_read,
1445 
        user_read,
1446 
        cond_read_bool,
1447 
        sens_read,
1448 
        cat_read,
1449 
};
1450 
 
1451 
extern int ss_initialized;
1452 
 
1453 
/*
1454 
 * Read the configuration data from a policy database binary
1455 
 * representation file into a policy database structure.
1456 
 */
1457 
int policydb_read(struct policydb *p, void *fp)
1458 
{
1459 
        struct role_allow *ra, *lra;
1460 
        struct role_trans *tr, *ltr;
1461 
        struct ocontext *l, *c, *newc;
1462 
        struct genfs *genfs_p, *genfs, *newgenfs;
1463 
        int i, j, rc;
1464 
        __le32 buf[8];
1465 
        u32 len, len2, config, nprim, nel, nel2;
1466 
        char *policydb_str;
1467 
        struct policydb_compat_info *info;
1468 
        struct range_trans *rt, *lrt;
1469 
 
1470 
        config = 0;
1471 
 
1472 
        rc = policydb_init(p);
1473 
        if (rc)
1474 
                goto out;
1475 
 
1476 
        /* Read the magic number and string length. */
1477 
        rc = next_entry(buf, fp, sizeof(u32)* 2);
1478 
        if (rc < 0)
1479 
                goto bad;
1480 
 
1481 
        if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
1482 
                printk(KERN_ERR "security:  policydb magic number 0x%x does "
1483 
                       "not match expected magic number 0x%x\n",
1484 
                       le32_to_cpu(buf[0]), POLICYDB_MAGIC);
1485 
                goto bad;
1486 
        }
1487 
 
1488 
        len = le32_to_cpu(buf[1]);
1489 
        if (len != strlen(POLICYDB_STRING)) {
1490 
                printk(KERN_ERR "security:  policydb string length %d does not "
1491 
                       "match expected length %Zu\n",
1492 
                       len, strlen(POLICYDB_STRING));
1493 
                goto bad;
1494 
        }
1495 
        policydb_str = kmalloc(len + 1,GFP_KERNEL);
1496 
        if (!policydb_str) {
1497 
                printk(KERN_ERR "security:  unable to allocate memory for policydb "
1498 
                       "string of length %d\n", len);
1499 
                rc = -ENOMEM;
1500 
                goto bad;
1501 
        }
1502 
        rc = next_entry(policydb_str, fp, len);
1503 
        if (rc < 0) {
1504 
                printk(KERN_ERR "security:  truncated policydb string identifier\n");
1505 
                kfree(policydb_str);
1506 
                goto bad;
1507 
        }
1508 
        policydb_str[len] = 0;
1509 
        if (strcmp(policydb_str, POLICYDB_STRING)) {
1510 
                printk(KERN_ERR "security:  policydb string %s does not match "
1511 
                       "my string %s\n", policydb_str, POLICYDB_STRING);
1512 
                kfree(policydb_str);
1513 
                goto bad;
1514 
        }
1515 
        /* Done with policydb_str. */
1516 
        kfree(policydb_str);
1517 
        policydb_str = NULL;
1518 
 
1519 
        /* Read the version, config, and table sizes. */
1520 
        rc = next_entry(buf, fp, sizeof(u32)*4);
1521 
        if (rc < 0)
1522 
                goto bad;
1523 
 
1524 
        p->policyvers = le32_to_cpu(buf[0]);
1525 
        if (p->policyvers < POLICYDB_VERSION_MIN ||
1526 
            p->policyvers > POLICYDB_VERSION_MAX) {
1527 
                printk(KERN_ERR "security:  policydb version %d does not match "
1528 
                       "my version range %d-%d\n",
1529 
                       le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1530 
                goto bad;
1531 
        }
1532 
 
1533 
        if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1534 
                if (ss_initialized && !selinux_mls_enabled) {
1535 
                        printk(KERN_ERR "Cannot switch between non-MLS and MLS "
1536 
                               "policies\n");
1537 
                        goto bad;
1538 
                }
1539 
                selinux_mls_enabled = 1;
1540 
                config |= POLICYDB_CONFIG_MLS;
1541 
 
1542 
                if (p->policyvers < POLICYDB_VERSION_MLS) {
1543 
                        printk(KERN_ERR "security policydb version %d (MLS) "
1544 
                               "not backwards compatible\n", p->policyvers);
1545 
                        goto bad;
1546 
                }
1547 
        } else {
1548 
                if (ss_initialized && selinux_mls_enabled) {
1549 
                        printk(KERN_ERR "Cannot switch between MLS and non-MLS "
1550 
                               "policies\n");
1551 
                        goto bad;
1552 
                }
1553 
        }
1554 
        p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
1555 
        p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
1556 
 
1557 
        info = policydb_lookup_compat(p->policyvers);
1558 
        if (!info) {
1559 
                printk(KERN_ERR "security:  unable to find policy compat info "
1560 
                       "for version %d\n", p->policyvers);
1561 
                goto bad;
1562 
        }
1563 
 
1564 
        if (le32_to_cpu(buf[2]) != info->sym_num ||
1565 
                le32_to_cpu(buf[3]) != info->ocon_num) {
1566 
                printk(KERN_ERR "security:  policydb table sizes (%d,%d) do "
1567 
                       "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
1568 
                        le32_to_cpu(buf[3]),
1569 
                       info->sym_num, info->ocon_num);
1570 
                goto bad;
1571 
        }
1572 
 
1573 
        for (i = 0; i < info->sym_num; i++) {
1574 
                rc = next_entry(buf, fp, sizeof(u32)*2);
1575 
                if (rc < 0)
1576 
                        goto bad;
1577 
                nprim = le32_to_cpu(buf[0]);
1578 
                nel = le32_to_cpu(buf[1]);
1579 
                for (j = 0; j < nel; j++) {
1580 
                        rc = read_f[i](p, p->symtab[i].table, fp);
1581 
                        if (rc)
1582 
                                goto bad;
1583 
                }
1584 
 
1585 
                p->symtab[i].nprim = nprim;
1586 
        }
1587 
 
1588 
        rc = avtab_read(&p->te_avtab, fp, p);
1589 
        if (rc)
1590 
                goto bad;
1591 
 
1592 
        if (p->policyvers >= POLICYDB_VERSION_BOOL) {
1593 
                rc = cond_read_list(p, fp);
1594 
                if (rc)
1595 
                        goto bad;
1596 
        }
1597 
 
1598 
        rc = next_entry(buf, fp, sizeof(u32));
1599 
        if (rc < 0)
1600 
                goto bad;
1601 
        nel = le32_to_cpu(buf[0]);
1602 
        ltr = NULL;
1603 
        for (i = 0; i < nel; i++) {
1604 
                tr = kzalloc(sizeof(*tr), GFP_KERNEL);
1605 
                if (!tr) {
1606 
                        rc = -ENOMEM;
1607 
                        goto bad;
1608 
                }
1609 
                if (ltr) {
1610 
                        ltr->next = tr;
1611 
                } else {
1612 
                        p->role_tr = tr;
1613 
                }
1614 
                rc = next_entry(buf, fp, sizeof(u32)*3);
1615 
                if (rc < 0)
1616 
                        goto bad;
1617 
                tr->role = le32_to_cpu(buf[0]);
1618 
                tr->type = le32_to_cpu(buf[1]);
1619 
                tr->new_role = le32_to_cpu(buf[2]);
1620 
                if (!policydb_role_isvalid(p, tr->role) ||
1621 
                    !policydb_type_isvalid(p, tr->type) ||
1622 
                    !policydb_role_isvalid(p, tr->new_role)) {
1623 
                        rc = -EINVAL;
1624 
                        goto bad;
1625 
                }
1626 
                ltr = tr;
1627 
        }
1628 
 
1629 
        rc = next_entry(buf, fp, sizeof(u32));
1630 
        if (rc < 0)
1631 
                goto bad;
1632 
        nel = le32_to_cpu(buf[0]);
1633 
        lra = NULL;
1634 
        for (i = 0; i < nel; i++) {
1635 
                ra = kzalloc(sizeof(*ra), GFP_KERNEL);
1636 
                if (!ra) {
1637 
                        rc = -ENOMEM;
1638 
                        goto bad;
1639 
                }
1640 
                if (lra) {
1641 
                        lra->next = ra;
1642 
                } else {
1643 
                        p->role_allow = ra;
1644 
                }
1645 
                rc = next_entry(buf, fp, sizeof(u32)*2);
1646 
                if (rc < 0)
1647 
                        goto bad;
1648 
                ra->role = le32_to_cpu(buf[0]);
1649 
                ra->new_role = le32_to_cpu(buf[1]);
1650 
                if (!policydb_role_isvalid(p, ra->role) ||
1651 
                    !policydb_role_isvalid(p, ra->new_role)) {
1652 
                        rc = -EINVAL;
1653 
                        goto bad;
1654 
                }
1655 
                lra = ra;
1656 
        }
1657 
 
1658 
        rc = policydb_index_classes(p);
1659 
        if (rc)
1660 
                goto bad;
1661 
 
1662 
        rc = policydb_index_others(p);
1663 
        if (rc)
1664 
                goto bad;
1665 
 
1666 
        for (i = 0; i < info->ocon_num; i++) {
1667 
                rc = next_entry(buf, fp, sizeof(u32));
1668 
                if (rc < 0)
1669 
                        goto bad;
1670 
                nel = le32_to_cpu(buf[0]);
1671 
                l = NULL;
1672 
                for (j = 0; j < nel; j++) {
1673 
                        c = kzalloc(sizeof(*c), GFP_KERNEL);
1674 
                        if (!c) {
1675 
                                rc = -ENOMEM;
1676 
                                goto bad;
1677 
                        }
1678 
                        if (l) {
1679 
                                l->next = c;
1680 
                        } else {
1681 
                                p->ocontexts[i] = c;
1682 
                        }
1683 
                        l = c;
1684 
                        rc = -EINVAL;
1685 
                        switch (i) {
1686 
                        case OCON_ISID:
1687 
                                rc = next_entry(buf, fp, sizeof(u32));
1688 
                                if (rc < 0)
1689 
                                        goto bad;
1690 
                                c->sid[0] = le32_to_cpu(buf[0]);
1691 
                                rc = context_read_and_validate(&c->context[0], p, fp);
1692 
                                if (rc)
1693 
                                        goto bad;
1694 
                                break;
1695 
                        case OCON_FS:
1696 
                        case OCON_NETIF:
1697 
                                rc = next_entry(buf, fp, sizeof(u32));
1698 
                                if (rc < 0)
1699 
                                        goto bad;
1700 
                                len = le32_to_cpu(buf[0]);
1701 
                                c->u.name = kmalloc(len + 1,GFP_KERNEL);
1702 
                                if (!c->u.name) {
1703 
                                        rc = -ENOMEM;
1704 
                                        goto bad;
1705 
                                }
1706 
                                rc = next_entry(c->u.name, fp, len);
1707 
                                if (rc < 0)
1708 
                                        goto bad;
1709 
                                c->u.name[len] = 0;
1710 
                                rc = context_read_and_validate(&c->context[0], p, fp);
1711 
                                if (rc)
1712 
                                        goto bad;
1713 
                                rc = context_read_and_validate(&c->context[1], p, fp);
1714 
                                if (rc)
1715 
                                        goto bad;
1716 
                                break;
1717 
                        case OCON_PORT:
1718 
                                rc = next_entry(buf, fp, sizeof(u32)*3);
1719 
                                if (rc < 0)
1720 
                                        goto bad;
1721 
                                c->u.port.protocol = le32_to_cpu(buf[0]);
1722 
                                c->u.port.low_port = le32_to_cpu(buf[1]);
1723 
                                c->u.port.high_port = le32_to_cpu(buf[2]);
1724 
                                rc = context_read_and_validate(&c->context[0], p, fp);
1725 
                                if (rc)
1726 
                                        goto bad;
1727 
                                break;
1728 
                        case OCON_NODE:
1729 
                                rc = next_entry(buf, fp, sizeof(u32)* 2);
1730 
                                if (rc < 0)
1731 
                                        goto bad;
1732 
                                c->u.node.addr = le32_to_cpu(buf[0]);
1733 
                                c->u.node.mask = le32_to_cpu(buf[1]);
1734 
                                rc = context_read_and_validate(&c->context[0], p, fp);
1735 
                                if (rc)
1736 
                                        goto bad;
1737 
                                break;
1738 
                        case OCON_FSUSE:
1739 
                                rc = next_entry(buf, fp, sizeof(u32)*2);
1740 
                                if (rc < 0)
1741 
                                        goto bad;
1742 
                                c->v.behavior = le32_to_cpu(buf[0]);
1743 
                                if (c->v.behavior > SECURITY_FS_USE_NONE)
1744 
                                        goto bad;
1745 
                                len = le32_to_cpu(buf[1]);
1746 
                                c->u.name = kmalloc(len + 1,GFP_KERNEL);
1747 
                                if (!c->u.name) {
1748 
                                        rc = -ENOMEM;
1749 
                                        goto bad;
1750 
                                }
1751 
                                rc = next_entry(c->u.name, fp, len);
1752 
                                if (rc < 0)
1753 
                                        goto bad;
1754 
                                c->u.name[len] = 0;
1755 
                                rc = context_read_and_validate(&c->context[0], p, fp);
1756 
                                if (rc)
1757 
                                        goto bad;
1758 
                                break;
1759 
                        case OCON_NODE6: {
1760 
                                int k;
1761 
 
1762 
                                rc = next_entry(buf, fp, sizeof(u32) * 8);
1763 
                                if (rc < 0)
1764 
                                        goto bad;
1765 
                                for (k = 0; k < 4; k++)
1766 
                                        c->u.node6.addr[k] = le32_to_cpu(buf[k]);
1767 
                                for (k = 0; k < 4; k++)
1768 
                                        c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
1769 
                                if (context_read_and_validate(&c->context[0], p, fp))
1770 
                                        goto bad;
1771 
                                break;
1772 
                        }
1773 
                        }
1774 
                }
1775 
        }
1776 
 
1777 
        rc = next_entry(buf, fp, sizeof(u32));
1778 
        if (rc < 0)
1779 
                goto bad;
1780 
        nel = le32_to_cpu(buf[0]);
1781 
        genfs_p = NULL;
1782 
        rc = -EINVAL;
1783 
        for (i = 0; i < nel; i++) {
1784 
                rc = next_entry(buf, fp, sizeof(u32));
1785 
                if (rc < 0)
1786 
                        goto bad;
1787 
                len = le32_to_cpu(buf[0]);
1788 
                newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1789 
                if (!newgenfs) {
1790 
                        rc = -ENOMEM;
1791 
                        goto bad;
1792 
                }
1793 
 
1794 
                newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
1795 
                if (!newgenfs->fstype) {
1796 
                        rc = -ENOMEM;
1797 
                        kfree(newgenfs);
1798 
                        goto bad;
1799 
                }
1800 
                rc = next_entry(newgenfs->fstype, fp, len);
1801 
                if (rc < 0) {
1802 
                        kfree(newgenfs->fstype);
1803 
                        kfree(newgenfs);
1804 
                        goto bad;
1805 
                }
1806 
                newgenfs->fstype[len] = 0;
1807 
                for (genfs_p = NULL, genfs = p->genfs; genfs;
1808 
                     genfs_p = genfs, genfs = genfs->next) {
1809 
                        if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1810 
                                printk(KERN_ERR "security:  dup genfs "
1811 
                                       "fstype %s\n", newgenfs->fstype);
1812 
                                kfree(newgenfs->fstype);
1813 
                                kfree(newgenfs);
1814 
                                goto bad;
1815 
                        }
1816 
                        if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1817 
                                break;
1818 
                }
1819 
                newgenfs->next = genfs;
1820 
                if (genfs_p)
1821 
                        genfs_p->next = newgenfs;
1822 
                else
1823 
                        p->genfs = newgenfs;
1824 
                rc = next_entry(buf, fp, sizeof(u32));
1825 
                if (rc < 0)
1826 
                        goto bad;
1827 
                nel2 = le32_to_cpu(buf[0]);
1828 
                for (j = 0; j < nel2; j++) {
1829 
                        rc = next_entry(buf, fp, sizeof(u32));
1830 
                        if (rc < 0)
1831 
                                goto bad;
1832 
                        len = le32_to_cpu(buf[0]);
1833 
 
1834 
                        newc = kzalloc(sizeof(*newc), GFP_KERNEL);
1835 
                        if (!newc) {
1836 
                                rc = -ENOMEM;
1837 
                                goto bad;
1838 
                        }
1839 
 
1840 
                        newc->u.name = kmalloc(len + 1,GFP_KERNEL);
1841 
                        if (!newc->u.name) {
1842 
                                rc = -ENOMEM;
1843 
                                goto bad_newc;
1844 
                        }
1845 
                        rc = next_entry(newc->u.name, fp, len);
1846 
                        if (rc < 0)
1847 
                                goto bad_newc;
1848 
                        newc->u.name[len] = 0;
1849 
                        rc = next_entry(buf, fp, sizeof(u32));
1850 
                        if (rc < 0)
1851 
                                goto bad_newc;
1852 
                        newc->v.sclass = le32_to_cpu(buf[0]);
1853 
                        if (context_read_and_validate(&newc->context[0], p, fp))
1854 
                                goto bad_newc;
1855 
                        for (l = NULL, c = newgenfs->head; c;
1856 
                             l = c, c = c->next) {
1857 
                                if (!strcmp(newc->u.name, c->u.name) &&
1858 
                                    (!c->v.sclass || !newc->v.sclass ||
1859 
                                     newc->v.sclass == c->v.sclass)) {
1860 
                                        printk(KERN_ERR "security:  dup genfs "
1861 
                                               "entry (%s,%s)\n",
1862 
                                               newgenfs->fstype, c->u.name);
1863 
                                        goto bad_newc;
1864 
                                }
1865 
                                len = strlen(newc->u.name);
1866 
                                len2 = strlen(c->u.name);
1867 
                                if (len > len2)
1868 
                                        break;
1869 
                        }
1870 
 
1871 
                        newc->next = c;
1872 
                        if (l)
1873 
                                l->next = newc;
1874 
                        else
1875 
                                newgenfs->head = newc;
1876 
                }
1877 
        }
1878 
 
1879 
        if (p->policyvers >= POLICYDB_VERSION_MLS) {
1880 
                int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS;
1881 
                rc = next_entry(buf, fp, sizeof(u32));
1882 
                if (rc < 0)
1883 
                        goto bad;
1884 
                nel = le32_to_cpu(buf[0]);
1885 
                lrt = NULL;
1886 
                for (i = 0; i < nel; i++) {
1887 
                        rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1888 
                        if (!rt) {
1889 
                                rc = -ENOMEM;
1890 
                                goto bad;
1891 
                        }
1892 
                        if (lrt)
1893 
                                lrt->next = rt;
1894 
                        else
1895 
                                p->range_tr = rt;
1896 
                        rc = next_entry(buf, fp, (sizeof(u32) * 2));
1897 
                        if (rc < 0)
1898 
                                goto bad;
1899 
                        rt->source_type = le32_to_cpu(buf[0]);
1900 
                        rt->target_type = le32_to_cpu(buf[1]);
1901 
                        if (new_rangetr) {
1902 
                                rc = next_entry(buf, fp, sizeof(u32));
1903 
                                if (rc < 0)
1904 
                                        goto bad;
1905 
                                rt->target_class = le32_to_cpu(buf[0]);
1906 
                        } else
1907 
                                rt->target_class = SECCLASS_PROCESS;
1908 
                        if (!policydb_type_isvalid(p, rt->source_type) ||
1909 
                            !policydb_type_isvalid(p, rt->target_type) ||
1910 
                            !policydb_class_isvalid(p, rt->target_class)) {
1911 
                                rc = -EINVAL;
1912 
                                goto bad;
1913 
                        }
1914 
                        rc = mls_read_range_helper(&rt->target_range, fp);
1915 
                        if (rc)
1916 
                                goto bad;
1917 
                        if (!mls_range_isvalid(p, &rt->target_range)) {
1918 
                                printk(KERN_WARNING "security:  rangetrans:  invalid range\n");
1919 
                                goto bad;
1920 
                        }
1921 
                        lrt = rt;
1922 
                }
1923 
        }
1924 
 
1925 
        p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
1926 
        if (!p->type_attr_map)
1927 
                goto bad;
1928 
 
1929 
        for (i = 0; i < p->p_types.nprim; i++) {
1930 
                ebitmap_init(&p->type_attr_map[i]);
1931 
                if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
1932 
                        if (ebitmap_read(&p->type_attr_map[i], fp))
1933 
                                goto bad;
1934 
                }
1935 
                /* add the type itself as the degenerate case */
1936 
                if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
1937 
                                goto bad;
1938 
        }
1939 
 
1940 
        rc = 0;
1941 
out:
1942 
        return rc;
1943 
bad_newc:
1944 
        ocontext_destroy(newc,OCON_FSUSE);
1945 
bad:
1946 
        if (!rc)
1947 
                rc = -EINVAL;
1948 
        policydb_destroy(p);
1949 
        goto out;
1950 
}

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.