1 /*
2 * Implementation of the policy database.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6
7 /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
8 *
9 * Added conditional policy language extensions
10 *
11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation, version 2.
15 */
16
17 #include <linux/kernel.h>
18 #include <linux/slab.h>
19 #include <linux/string.h>
20 #include <linux/errno.h>
21 #include "security.h"
22
23 #include "policydb.h"
24 #include "conditional.h"
25 #include "mls.h"
26
27 #define _DEBUG_HASHES
28
29 #ifdef DEBUG_HASHES
30 static char *symtab_name[SYM_NUM] = {
31 "common prefixes",
32 "classes",
33 "roles",
34 "types",
35 "users",
36 mls_symtab_names
37 "bools"
38 };
39 #endif
40
41 static unsigned int symtab_sizes[SYM_NUM] = {
42 2,
43 32,
44 16,
45 512,
46 128,
47 mls_symtab_sizes
48 16
49 };
50
51 struct policydb_compat_info {
52 int version;
53 int sym_num;
54 int ocon_num;
55 };
56
57 /* These need to be updated if SYM_NUM or OCON_NUM changes */
58 static struct policydb_compat_info policydb_compat[] = {
59 {
60 .version = POLICYDB_VERSION_BASE,
61 .sym_num = SYM_NUM - 1,
62 .ocon_num = OCON_NUM - 1,
63 },
64 {
65 .version = POLICYDB_VERSION_BOOL,
66 .sym_num = SYM_NUM,
67 .ocon_num = OCON_NUM - 1,
68 },
69 {
70 .version = POLICYDB_VERSION_IPV6,
71 .sym_num = SYM_NUM,
72 .ocon_num = OCON_NUM,
73 },
74 {
75 .version = POLICYDB_VERSION_NLCLASS,
76 .sym_num = SYM_NUM,
77 .ocon_num = OCON_NUM,
78 },
79 };
80
81 static struct policydb_compat_info *policydb_lookup_compat(int version)
82 {
83 int i;
84 struct policydb_compat_info *info = NULL;
85
86 for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) {
87 if (policydb_compat[i].version == version) {
88 info = &policydb_compat[i];
89 break;
90 }
91 }
92 return info;
93 }
94
95 /*
96 * Initialize the role table.
97 */
98 int roles_init(struct policydb *p)
99 {
100 char *key = NULL;
101 int rc;
102 struct role_datum *role;
103
104 role = kmalloc(sizeof(*role), GFP_KERNEL);
105 if (!role) {
106 rc = -ENOMEM;
107 goto out;
108 }
109 memset(role, 0, sizeof(*role));
110 role->value = ++p->p_roles.nprim;
111 if (role->value != OBJECT_R_VAL) {
112 rc = -EINVAL;
113 goto out_free_role;
114 }
115 key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL);
116 if (!key) {
117 rc = -ENOMEM;
118 goto out_free_role;
119 }
120 strcpy(key, OBJECT_R);
121 rc = hashtab_insert(p->p_roles.table, key, role);
122 if (rc)
123 goto out_free_key;
124 out:
125 return rc;
126
127 out_free_key:
128 kfree(key);
129 out_free_role:
130 kfree(role);
131 goto out;
132 }
133
134 /*
135 * Initialize a policy database structure.
136 */
137 int policydb_init(struct policydb *p)
138 {
139 int i, rc;
140
141 memset(p, 0, sizeof(*p));
142
143 for (i = 0; i < SYM_NUM; i++) {
144 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
145 if (rc)
146 goto out_free_symtab;
147 }
148
149 rc = avtab_init(&p->te_avtab);
150 if (rc)
151 goto out_free_symtab;
152
153 rc = roles_init(p);
154 if (rc)
155 goto out_free_avtab;
156
157 rc = cond_policydb_init(p);
158 if (rc)
159 goto out_free_avtab;
160
161 out:
162 return rc;
163
164 out_free_avtab:
165 avtab_destroy(&p->te_avtab);
166
167 out_free_symtab:
168 for (i = 0; i < SYM_NUM; i++)
169 hashtab_destroy(p->symtab[i].table);
170 goto out;
171 }
172
173 /*
174 * The following *_index functions are used to
175 * define the val_to_name and val_to_struct arrays
176 * in a policy database structure. The val_to_name
177 * arrays are used when converting security context
178 * structures into string representations. The
179 * val_to_struct arrays are used when the attributes
180 * of a class, role, or user are needed.
181 */
182
183 static int common_index(void *key, void *datum, void *datap)
184 {
185 struct policydb *p;
186 struct common_datum *comdatum;
187
188 comdatum = datum;
189 p = datap;
190 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
191 return -EINVAL;
192 p->p_common_val_to_name[comdatum->value - 1] = key;
193 return 0;
194 }
195
196 static int class_index(void *key, void *datum, void *datap)
197 {
198 struct policydb *p;
199 struct class_datum *cladatum;
200
201 cladatum = datum;
202 p = datap;
203 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
204 return -EINVAL;
205 p->p_class_val_to_name[cladatum->value - 1] = key;
206 p->class_val_to_struct[cladatum->value - 1] = cladatum;
207 return 0;
208 }
209
210 static int role_index(void *key, void *datum, void *datap)
211 {
212 struct policydb *p;
213 struct role_datum *role;
214
215 role = datum;
216 p = datap;
217 if (!role->value || role->value > p->p_roles.nprim)
218 return -EINVAL;
219 p->p_role_val_to_name[role->value - 1] = key;
220 p->role_val_to_struct[role->value - 1] = role;
221 return 0;
222 }
223
224 static int type_index(void *key, void *datum, void *datap)
225 {
226 struct policydb *p;
227 struct type_datum *typdatum;
228
229 typdatum = datum;
230 p = datap;
231
232 if (typdatum->primary) {
233 if (!typdatum->value || typdatum->value > p->p_types.nprim)
234 return -EINVAL;
235 p->p_type_val_to_name[typdatum->value - 1] = key;
236 }
237
238 return 0;
239 }
240
241 static int user_index(void *key, void *datum, void *datap)
242 {
243 struct policydb *p;
244 struct user_datum *usrdatum;
245
246 usrdatum = datum;
247 p = datap;
248 if (!usrdatum->value || usrdatum->value > p->p_users.nprim)
249 return -EINVAL;
250 p->p_user_val_to_name[usrdatum->value - 1] = key;
251 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
252 return 0;
253 }
254
255 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
256 {
257 common_index,
258 class_index,
259 role_index,
260 type_index,
261 user_index,
262 mls_index_f
263 cond_index_bool
264 };
265
266 /*
267 * Define the common val_to_name array and the class
268 * val_to_name and val_to_struct arrays in a policy
269 * database structure.
270 *
271 * Caller must clean up upon failure.
272 */
273 int policydb_index_classes(struct policydb *p)
274 {
275 int rc;
276
277 p->p_common_val_to_name =
278 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
279 if (!p->p_common_val_to_name) {
280 rc = -ENOMEM;
281 goto out;
282 }
283
284 rc = hashtab_map(p->p_commons.table, common_index, p);
285 if (rc)
286 goto out;
287
288 p->class_val_to_struct =
289 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
290 if (!p->class_val_to_struct) {
291 rc = -ENOMEM;
292 goto out;
293 }
294
295 p->p_class_val_to_name =
296 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
297 if (!p->p_class_val_to_name) {
298 rc = -ENOMEM;
299 goto out;
300 }
301
302 rc = hashtab_map(p->p_classes.table, class_index, p);
303 out:
304 return rc;
305 }
306
307 #ifdef DEBUG_HASHES
308 static void symtab_hash_eval(struct symtab *s)
309 {
310 int i;
311
312 for (i = 0; i < SYM_NUM; i++) {
313 struct hashtab *h = s[i].table;
314 struct hashtab_info info;
315
316 hashtab_stat(h, &info);
317 printk(KERN_INFO "%s: %d entries and %d/%d buckets used, "
318 "longest chain length %d\n", symtab_name[i], h->nel,
319 info.slots_used, h->size, info.max_chain_len);
320 }
321 }
322 #endif
323
324 /*
325 * Define the other val_to_name and val_to_struct arrays
326 * in a policy database structure.
327 *
328 * Caller must clean up on failure.
329 */
330 int policydb_index_others(struct policydb *p)
331 {
332 int i, rc = 0;
333
334 printk(KERN_INFO "security: %d users, %d roles, %d types, %d bools",
335 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
336 mls_policydb_index_others(p);
337 printk("\n");
338
339 printk(KERN_INFO "security: %d classes, %d rules\n",
340 p->p_classes.nprim, p->te_avtab.nel);
341
342 #ifdef DEBUG_HASHES
343 avtab_hash_eval(&p->te_avtab, "rules");
344 symtab_hash_eval(p->symtab);
345 #endif
346
347 p->role_val_to_struct =
348 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
349 GFP_KERNEL);
350 if (!p->role_val_to_struct) {
351 rc = -ENOMEM;
352 goto out;
353 }
354
355 p->user_val_to_struct =
356 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
357 GFP_KERNEL);
358 if (!p->user_val_to_struct) {
359 rc = -ENOMEM;
360 goto out;
361 }
362
363 if (cond_init_bool_indexes(p)) {
364 rc = -ENOMEM;
365 goto out;
366 }
367
368 for (i = SYM_ROLES; i < SYM_NUM; i++) {
369 p->sym_val_to_name[i] =
370 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
371 if (!p->sym_val_to_name[i]) {
372 rc = -ENOMEM;
373 goto out;
374 }
375 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
376 if (rc)
377 goto out;
378 }
379
380 out:
381 return rc;
382 }
383
384 /*
385 * The following *_destroy functions are used to
386 * free any memory allocated for each kind of
387 * symbol data in the policy database.
388 */
389
390 static int perm_destroy(void *key, void *datum, void *p)
391 {
392 kfree(key);
393 kfree(datum);
394 return 0;
395 }
396
397 static int common_destroy(void *key, void *datum, void *p)
398 {
399 struct common_datum *comdatum;
400
401 kfree(key);
402 comdatum = datum;
403 hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
404 hashtab_destroy(comdatum->permissions.table);
405 kfree(datum);
406 return 0;
407 }
408
409 static int class_destroy(void *key, void *datum, void *p)
410 {
411 struct class_datum *cladatum;
412 struct constraint_node *constraint, *ctemp;
413 struct constraint_expr *e, *etmp;
414
415 kfree(key);
416 cladatum = datum;
417 hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
418 hashtab_destroy(cladatum->permissions.table);
419 constraint = cladatum->constraints;
420 while (constraint) {
421 e = constraint->expr;
422 while (e) {
423 ebitmap_destroy(&e->names);
424 etmp = e;
425 e = e->next;
426 kfree(etmp);
427 }
428 ctemp = constraint;
429 constraint = constraint->next;
430 kfree(ctemp);
431 }
432 kfree(cladatum->comkey);
433 kfree(datum);
434 return 0;
435 }
436
437 static int role_destroy(void *key, void *datum, void *p)
438 {
439 struct role_datum *role;
440
441 kfree(key);
442 role = datum;
443 ebitmap_destroy(&role->dominates);
444 ebitmap_destroy(&role->types);
445 kfree(datum);
446 return 0;
447 }
448
449 static int type_destroy(void *key, void *datum, void *p)
450 {
451 kfree(key);
452 kfree(datum);
453 return 0;
454 }
455
456 static int user_destroy(void *key, void *datum, void *p)
457 {
458 struct user_datum *usrdatum;
459
460 kfree(key);
461 usrdatum = datum;
462 ebitmap_destroy(&usrdatum->roles);
463 mls_user_destroy(usrdatum);
464 kfree(datum);
465 return 0;
466 }
467
468 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
469 {
470 common_destroy,
471 class_destroy,
472 role_destroy,
473 type_destroy,
474 user_destroy,
475 mls_destroy_f
476 cond_destroy_bool
477 };
478
479 void ocontext_destroy(struct ocontext *c, int i)
480 {
481 context_destroy(&c->context[0]);
482 context_destroy(&c->context[1]);
483 if (i == OCON_ISID || i == OCON_FS ||
484 i == OCON_NETIF || i == OCON_FSUSE)
485 kfree(c->u.name);
486 kfree(c);
487 }
488
489 /*
490 * Free any memory allocated by a policy database structure.
491 */
492 void policydb_destroy(struct policydb *p)
493 {
494 struct ocontext *c, *ctmp;
495 struct genfs *g, *gtmp;
496 int i;
497
498 for (i = 0; i < SYM_NUM; i++) {
499 hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
500 hashtab_destroy(p->symtab[i].table);
501 }
502
503 for (i = 0; i < SYM_NUM; i++) {
504 if (p->sym_val_to_name[i])
505 kfree(p->sym_val_to_name[i]);
506 }
507
508 if (p->class_val_to_struct)
509 kfree(p->class_val_to_struct);
510 if (p->role_val_to_struct)
511 kfree(p->role_val_to_struct);
512 if (p->user_val_to_struct)
513 kfree(p->user_val_to_struct);
514
515 avtab_destroy(&p->te_avtab);
516
517 for (i = 0; i < OCON_NUM; i++) {
518 c = p->ocontexts[i];
519 while (c) {
520 ctmp = c;
521 c = c->next;
522 ocontext_destroy(ctmp,i);
523 }
524 }
525
526 g = p->genfs;
527 while (g) {
528 kfree(g->fstype);
529 c = g->head;
530 while (c) {
531 ctmp = c;
532 c = c->next;
533 ocontext_destroy(ctmp,OCON_FSUSE);
534 }
535 gtmp = g;
536 g = g->next;
537 kfree(gtmp);
538 }
539
540 cond_policydb_destroy(p);
541
542 return;
543 }
544
545 /*
546 * Load the initial SIDs specified in a policy database
547 * structure into a SID table.
548 */
549 int policydb_load_isids(struct policydb *p, struct sidtab *s)
550 {
551 struct ocontext *head, *c;
552 int rc;
553
554 rc = sidtab_init(s);
555 if (rc) {
556 printk(KERN_ERR "security: out of memory on SID table init\n");
557 goto out;
558 }
559
560 head = p->ocontexts[OCON_ISID];
561 for (c = head; c; c = c->next) {
562 if (!c->context[0].user) {
563 printk(KERN_ERR "security: SID %s was never "
564 "defined.\n", c->u.name);
565 rc = -EINVAL;
566 goto out;
567 }
568 if (sidtab_insert(s, c->sid[0], &c->context[0])) {
569 printk(KERN_ERR "security: unable to load initial "
570 "SID %s.\n", c->u.name);
571 rc = -EINVAL;
572 goto out;
573 }
574 }
575 out:
576 return rc;
577 }
578
579 /*
580 * Return 1 if the fields in the security context
581 * structure `c' are valid. Return 0 otherwise.
582 */
583 int policydb_context_isvalid(struct policydb *p, struct context *c)
584 {
585 struct role_datum *role;
586 struct user_datum *usrdatum;
587
588 if (!c->role || c->role > p->p_roles.nprim)
589 return 0;
590
591 if (!c->user || c->user > p->p_users.nprim)
592 return 0;
593
594 if (!c->type || c->type > p->p_types.nprim)
595 return 0;
596
597 if (c->role != OBJECT_R_VAL) {
598 /*
599 * Role must be authorized for the type.
600 */
601 role = p->role_val_to_struct[c->role - 1];
602 if (!ebitmap_get_bit(&role->types,
603 c->type - 1))
604 /* role may not be associated with type */
605 return 0;
606
607 /*
608 * User must be authorized for the role.
609 */
610 usrdatum = p->user_val_to_struct[c->user - 1];
611 if (!usrdatum)
612 return 0;
613
614 if (!ebitmap_get_bit(&usrdatum->roles,
615 c->role - 1))
616 /* user may not be associated with role */
617 return 0;
618 }
619
620 if (!mls_context_isvalid(p, c))
621 return 0;
622
623 return 1;
624 }
625
626 /*
627 * Read and validate a security context structure
628 * from a policydb binary representation file.
629 */
630 static int context_read_and_validate(struct context *c,
631 struct policydb *p,
632 void *fp)
633 {
634 u32 buf[3];
635 int rc;
636
637 rc = next_entry(buf, fp, sizeof buf);
638 if (rc < 0) {
639 printk(KERN_ERR "security: context truncated\n");
640 goto out;
641 }
642 c->user = le32_to_cpu(buf[0]);
643 c->role = le32_to_cpu(buf[1]);
644 c->type = le32_to_cpu(buf[2]);
645 if (mls_read_range(c, fp)) {
646 printk(KERN_ERR "security: error reading MLS range of "
647 "context\n");
648 rc = -EINVAL;
649 goto out;
650 }
651
652 if (!policydb_context_isvalid(p, c)) {
653 printk(KERN_ERR "security: invalid security context\n");
654 context_destroy(c);
655 rc = -EINVAL;
656 }
657 out:
658 return rc;
659 }
660
661 /*
662 * The following *_read functions are used to
663 * read the symbol data from a policy database
664 * binary representation file.
665 */
666
667 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
668 {
669 char *key = NULL;
670 struct perm_datum *perdatum;
671 int rc;
672 u32 buf[2], len;
673
674 perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL);
675 if (!perdatum) {
676 rc = -ENOMEM;
677 goto out;
678 }
679 memset(perdatum, 0, sizeof(*perdatum));
680
681 rc = next_entry(buf, fp, sizeof buf);
682 if (rc < 0)
683 goto bad;
684
685 len = le32_to_cpu(buf[0]);
686 perdatum->value = le32_to_cpu(buf[1]);
687 rc = mls_read_perm(perdatum, fp);
688 if (rc)
689 goto bad;
690
691 key = kmalloc(len + 1,GFP_KERNEL);
692 if (!key) {
693 rc = -ENOMEM;
694 goto bad;
695 }
696 rc = next_entry(key, fp, len);
697 if (rc < 0)
698 goto bad;
699 key[len] = 0;
700
701 rc = hashtab_insert(h, key, perdatum);
702 if (rc)
703 goto bad;
704 out:
705 return rc;
706 bad:
707 perm_destroy(key, perdatum, NULL);
708 goto out;
709 }
710
711 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
712 {
713 char *key = NULL;
714 struct common_datum *comdatum;
715 u32 buf[4], len, nel;
716 int i, rc;
717
718 comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL);
719 if (!comdatum) {
720 rc = -ENOMEM;
721 goto out;
722 }
723 memset(comdatum, 0, sizeof(*comdatum));
724
725 rc = next_entry(buf, fp, sizeof buf);
726 if (rc < 0)
727 goto bad;
728
729 len = le32_to_cpu(buf[0]);
730 comdatum->value = le32_to_cpu(buf[1]);
731
732 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
733 if (rc)
734 goto bad;
735 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
736 nel = le32_to_cpu(buf[3]);
737
738 key = kmalloc(len + 1,GFP_KERNEL);
739 if (!key) {
740 rc = -ENOMEM;
741 goto bad;
742 }
743 rc = next_entry(key, fp, len);
744 if (rc < 0)
745 goto bad;
746 key[len] = 0;
747
748 for (i = 0; i < nel; i++) {
749 rc = perm_read(p, comdatum->permissions.table, fp);
750 if (rc)
751 goto bad;
752 }
753
754 rc = hashtab_insert(h, key, comdatum);
755 if (rc)
756 goto bad;
757 out:
758 return rc;
759 bad:
760 common_destroy(key, comdatum, NULL);
761 goto out;
762 }
763
764 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
765 {
766 char *key = NULL;
767 struct class_datum *cladatum;
768 struct constraint_node *c, *lc;
769 struct constraint_expr *e, *le;
770 u32 buf[6], len, len2, ncons, nexpr, nel;
771 int i, j, depth, rc;
772
773 cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL);
774 if (!cladatum) {
775 rc = -ENOMEM;
776 goto out;
777 }
778 memset(cladatum, 0, sizeof(*cladatum));
779
780 rc = next_entry(buf, fp, sizeof(u32)*6);
781 if (rc < 0)
782 goto bad;
783
784 len = le32_to_cpu(buf[0]);
785 len2 = le32_to_cpu(buf[1]);
786 cladatum->value = le32_to_cpu(buf[2]);
787
788 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
789 if (rc)
790 goto bad;
791 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
792 nel = le32_to_cpu(buf[4]);
793
794 ncons = le32_to_cpu(buf[5]);
795
796 key = kmalloc(len + 1,GFP_KERNEL);
797 if (!key) {
798 rc = -ENOMEM;
799 goto bad;
800 }
801 rc = next_entry(key, fp, len);
802 if (rc < 0)
803 goto bad;
804 key[len] = 0;
805
806 if (len2) {
807 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL);
808 if (!cladatum->comkey) {
809 rc = -ENOMEM;
810 goto bad;
811 }
812 rc = next_entry(cladatum->comkey, fp, len2);
813 if (rc < 0)
814 goto bad;
815 cladatum->comkey[len2] = 0;
816
817 cladatum->comdatum = hashtab_search(p->p_commons.table,
818 cladatum->comkey);
819 if (!cladatum->comdatum) {
820 printk(KERN_ERR "security: unknown common %s\n",
821 cladatum->comkey);
822 rc = -EINVAL;
823 goto bad;
824 }
825 }
826 for (i = 0; i < nel; i++) {
827 rc = perm_read(p, cladatum->permissions.table, fp);
828 if (rc)
829 goto bad;
830 }
831
832 lc = NULL;
833 for (i = 0; i < ncons; i++) {
834 c = kmalloc(sizeof(*c), GFP_KERNEL);
835 if (!c) {
836 rc = -ENOMEM;
837 goto bad;
838 }
839 memset(c, 0, sizeof(*c));
840
841 if (lc) {
842 lc->next = c;
843 } else {
844 cladatum->constraints = c;
845 }
846
847 rc = next_entry(buf, fp, sizeof(u32)*2);
848 if (rc < 0)
849 goto bad;
850 c->permissions = le32_to_cpu(buf[0]);
851 nexpr = le32_to_cpu(buf[1]);
852 le = NULL;
853 depth = -1;
854 for (j = 0; j < nexpr; j++) {
855 e = kmalloc(sizeof(*e), GFP_KERNEL);
856 if (!e) {
857 rc = -ENOMEM;
858 goto bad;
859 }
860 memset(e, 0, sizeof(*e));
861
862 if (le) {
863 le->next = e;
864 } else {
865 c->expr = e;
866 }
867
868 rc = next_entry(buf, fp, sizeof(u32)*3);
869 if (rc < 0)
870 goto bad;
871 e->expr_type = le32_to_cpu(buf[0]);
872 e->attr = le32_to_cpu(buf[1]);
873 e->op = le32_to_cpu(buf[2]);
874
875 rc = -EINVAL;
876 switch (e->expr_type) {
877 case CEXPR_NOT:
878 if (depth < 0)
879 goto bad;
880 break;
881 case CEXPR_AND:
882 case CEXPR_OR:
883 if (depth < 1)
884 goto bad;
885 depth--;
886 break;
887 case CEXPR_ATTR:
888 if (depth == (CEXPR_MAXDEPTH-1))
889 goto bad;
890 depth++;
891 break;
892 case CEXPR_NAMES:
893 if (depth == (CEXPR_MAXDEPTH-1))
894 goto bad;
895 depth++;
896 if (ebitmap_read(&e->names, fp))
897 goto bad;
898 break;
899 default:
900 goto bad;
901 }
902 le = e;
903 }
904 if (depth != 0)
905 goto bad;
906 lc = c;
907 }
908
909 rc = mls_read_class(cladatum, fp);
910 if (rc)
911 goto bad;
912
913 rc = hashtab_insert(h, key, cladatum);
914 if (rc)
915 goto bad;
916
917 rc = 0;
918 out:
919 return rc;
920 bad:
921 class_destroy(key, cladatum, NULL);
922 goto out;
923 }
924
925 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
926 {
927 char *key = NULL;
928 struct role_datum *role;
929 int rc;
930 u32 buf[2], len;
931
932 role = kmalloc(sizeof(*role), GFP_KERNEL);
933 if (!role) {
934 rc = -ENOMEM;
935 goto out;
936 }
937 memset(role, 0, sizeof(*role));
938
939 rc = next_entry(buf, fp, sizeof buf);
940 if (rc < 0)
941 goto bad;
942
943 len = le32_to_cpu(buf[0]);
944 role->value = le32_to_cpu(buf[1]);
945
946 key = kmalloc(len + 1,GFP_KERNEL);
947 if (!key) {
948 rc = -ENOMEM;
949 goto bad;
950 }
951 rc = next_entry(key, fp, len);
952 if (rc < 0)
953 goto bad;
954 key[len] = 0;
955
956 rc = ebitmap_read(&role->dominates, fp);
957 if (rc)
958 goto bad;
959
960 rc = ebitmap_read(&role->types, fp);
961 if (rc)
962 goto bad;
963
964 if (strcmp(key, OBJECT_R) == 0) {
965 if (role->value != OBJECT_R_VAL) {
966 printk(KERN_ERR "Role %s has wrong value %d\n",
967 OBJECT_R, role->value);
968 rc = -EINVAL;
969 goto bad;
970 }
971 rc = 0;
972 goto bad;
973 }
974
975 rc = hashtab_insert(h, key, role);
976 if (rc)
977 goto bad;
978 out:
979 return rc;
980 bad:
981 role_destroy(key, role, NULL);
982 goto out;
983 }
984
985 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
986 {
987 char *key = NULL;
988 struct type_datum *typdatum;
989 int rc;
990 u32 buf[3], len;
991
992 typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL);
993 if (!typdatum) {
994 rc = -ENOMEM;
995 return rc;
996 }
997 memset(typdatum, 0, sizeof(*typdatum));
998
999 rc = next_entry(buf, fp, sizeof buf);
1000 if (rc < 0)
1001 goto bad;
1002
1003 len = le32_to_cpu(buf[0]);
1004 typdatum->value = le32_to_cpu(buf[1]);
1005 typdatum->primary = le32_to_cpu(buf[2]);
1006
1007 key = kmalloc(len + 1,GFP_KERNEL);
1008 if (!key) {
1009 rc = -ENOMEM;
1010 goto bad;
1011 }
1012 rc = next_entry(key, fp, len);
1013 if (rc < 0)
1014 goto bad;
1015 key[len] = 0;
1016
1017 rc = hashtab_insert(h, key, typdatum);
1018 if (rc)
1019 goto bad;
1020 out:
1021 return rc;
1022 bad:
1023 type_destroy(key, typdatum, NULL);
1024 goto out;
1025 }
1026
1027 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1028 {
1029 char *key = NULL;
1030 struct user_datum *usrdatum;
1031 int rc;
1032 u32 buf[2], len;
1033
1034
1035 usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL);
1036 if (!usrdatum) {
1037 rc = -ENOMEM;
1038 goto out;
1039 }
1040 memset(usrdatum, 0, sizeof(*usrdatum));
1041
1042 rc = next_entry(buf, fp, sizeof buf);
1043 if (rc < 0)
1044 goto bad;
1045
1046 len = le32_to_cpu(buf[0]);
1047 usrdatum->value = le32_to_cpu(buf[1]);
1048
1049 key = kmalloc(len + 1,GFP_KERNEL);
1050 if (!key) {
1051 rc = -ENOMEM;
1052 goto bad;
1053 }
1054 rc = next_entry(key, fp, len);
1055 if (rc < 0)
1056 goto bad;
1057 key[len] = 0;
1058
1059 rc = ebitmap_read(&usrdatum->roles, fp);
1060 if (rc)
1061 goto bad;
1062
1063 rc = mls_read_user(usrdatum, fp);
1064 if (rc)
1065 goto bad;
1066
1067 rc = hashtab_insert(h, key, usrdatum);
1068 if (rc)
1069 goto bad;
1070 out:
1071 return rc;
1072 bad:
1073 user_destroy(key, usrdatum, NULL);
1074 goto out;
1075 }
1076
1077 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1078 {
1079 common_read,
1080 class_read,
1081 role_read,
1082 type_read,
1083 user_read,
1084 mls_read_f
1085 cond_read_bool
1086 };
1087
1088 #define mls_config(x) \
1089 ((x) & POLICYDB_CONFIG_MLS) ? "mls" : "no_mls"
1090
1091 /*
1092 * Read the configuration data from a policy database binary
1093 * representation file into a policy database structure.
1094 */
1095 int policydb_read(struct policydb *p, void *fp)
1096 {
1097 struct role_allow *ra, *lra;
1098 struct role_trans *tr, *ltr;
1099 struct ocontext *l, *c, *newc;
1100 struct genfs *genfs_p, *genfs, *newgenfs;
1101 int i, j, rc;
1102 u32 buf[8], len, len2, config, nprim, nel, nel2;
1103 char *policydb_str;
1104 struct policydb_compat_info *info;
1105
1106 config = 0;
1107 mls_set_config(config);
1108
1109 rc = policydb_init(p);
1110 if (rc)
1111 goto out;
1112
1113 /* Read the magic number and string length. */
1114 rc = next_entry(buf, fp, sizeof(u32)* 2);
1115 if (rc < 0)
1116 goto bad;
1117
1118 for (i = 0; i < 2; i++)
1119 buf[i] = le32_to_cpu(buf[i]);
1120
1121 if (buf[0] != POLICYDB_MAGIC) {
1122 printk(KERN_ERR "security: policydb magic number 0x%x does "
1123 "not match expected magic number 0x%x\n",
1124 buf[0], POLICYDB_MAGIC);
1125 goto bad;
1126 }
1127
1128 len = buf[1];
1129 if (len != strlen(POLICYDB_STRING)) {
1130 printk(KERN_ERR "security: policydb string length %d does not "
1131 "match expected length %Zu\n",
1132 len, strlen(POLICYDB_STRING));
1133 goto bad;
1134 }
1135 policydb_str = kmalloc(len + 1,GFP_KERNEL);
1136 if (!policydb_str) {
1137 printk(KERN_ERR "security: unable to allocate memory for policydb "
1138 "string of length %d\n", len);
1139 rc = -ENOMEM;
1140 goto bad;
1141 }
1142 rc = next_entry(policydb_str, fp, len);
1143 if (rc < 0) {
1144 printk(KERN_ERR "security: truncated policydb string identifier\n");
1145 kfree(policydb_str);
1146 goto bad;
1147 }
1148 policydb_str[len] = 0;
1149 if (strcmp(policydb_str, POLICYDB_STRING)) {
1150 printk(KERN_ERR "security: policydb string %s does not match "
1151 "my string %s\n", policydb_str, POLICYDB_STRING);
1152 kfree(policydb_str);
1153 goto bad;
1154 }
1155 /* Done with policydb_str. */
1156 kfree(policydb_str);
1157 policydb_str = NULL;
1158
1159 /* Read the version, config, and table sizes. */
1160 rc = next_entry(buf, fp, sizeof(u32)*4);
1161 if (rc < 0)
1162 goto bad;
1163 for (i = 0; i < 4; i++)
1164 buf[i] = le32_to_cpu(buf[i]);
1165
1166 p->policyvers = buf[0];
1167 if (p->policyvers < POLICYDB_VERSION_MIN ||
1168 p->policyvers > POLICYDB_VERSION_MAX) {
1169 printk(KERN_ERR "security: policydb version %d does not match "
1170 "my version range %d-%d\n",
1171 buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1172 goto bad;
1173 }
1174
1175 if (buf[1] != config) {
1176 printk(KERN_ERR "security: policydb configuration (%s) does "
1177 "not match my configuration (%s)\n",
1178 mls_config(buf[1]),
1179 mls_config(config));
1180 goto bad;
1181 }
1182
1183
1184 info = policydb_lookup_compat(p->policyvers);
1185 if (!info) {
1186 printk(KERN_ERR "security: unable to find policy compat info "
1187 "for version %d\n", p->policyvers);
1188 goto bad;
1189 }
1190
1191 if (buf[2] != info->sym_num || buf[3] != info->ocon_num) {
1192 printk(KERN_ERR "security: policydb table sizes (%d,%d) do "
1193 "not match mine (%d,%d)\n", buf[2], buf[3],
1194 info->sym_num, info->ocon_num);
1195 goto bad;
1196 }
1197
1198 rc = mls_read_nlevels(p, fp);
1199 if (rc)
1200 goto bad;
1201
1202 for (i = 0; i < info->sym_num; i++) {
1203 rc = next_entry(buf, fp, sizeof(u32)*2);
1204 if (rc < 0)
1205 goto bad;
1206 nprim = le32_to_cpu(buf[0]);
1207 nel = le32_to_cpu(buf[1]);
1208 for (j = 0; j < nel; j++) {
1209 rc = read_f[i](p, p->symtab[i].table, fp);
1210 if (rc)
1211 goto bad;
1212 }
1213
1214 p->symtab[i].nprim = nprim;
1215 }
1216
1217 rc = avtab_read(&p->te_avtab, fp, config);
1218 if (rc)
1219 goto bad;
1220
1221 if (p->policyvers >= POLICYDB_VERSION_BOOL) {
1222 rc = cond_read_list(p, fp);
1223 if (rc)
1224 goto bad;
1225 }
1226
1227 rc = next_entry(buf, fp, sizeof(u32));
1228 if (rc < 0)
1229 goto bad;
1230 nel = le32_to_cpu(buf[0]);
1231 ltr = NULL;
1232 for (i = 0; i < nel; i++) {
1233 tr = kmalloc(sizeof(*tr), GFP_KERNEL);
1234 if (!tr) {
1235 rc = -ENOMEM;
1236 goto bad;
1237 }
1238 memset(tr, 0, sizeof(*tr));
1239 if (ltr) {
1240 ltr->next = tr;
1241 } else {
1242 p->role_tr = tr;
1243 }
1244 rc = next_entry(buf, fp, sizeof(u32)*3);
1245 if (rc < 0)
1246 goto bad;
1247 tr->role = le32_to_cpu(buf[0]);
1248 tr->type = le32_to_cpu(buf[1]);
1249 tr->new_role = le32_to_cpu(buf[2]);
1250 ltr = tr;
1251 }
1252
1253 rc = next_entry(buf, fp, sizeof(u32));
1254 if (rc < 0)
1255 goto bad;
1256 nel = le32_to_cpu(buf[0]);
1257 lra = NULL;
1258 for (i = 0; i < nel; i++) {
1259 ra = kmalloc(sizeof(*ra), GFP_KERNEL);
1260 if (!ra) {
1261 rc = -ENOMEM;
1262 goto bad;
1263 }
1264 memset(ra, 0, sizeof(*ra));
1265 if (lra) {
1266 lra->next = ra;
1267 } else {
1268 p->role_allow = ra;
1269 }
1270 rc = next_entry(buf, fp, sizeof(u32)*2);
1271 if (rc < 0)
1272 goto bad;
1273 ra->role = le32_to_cpu(buf[0]);
1274 ra->new_role = le32_to_cpu(buf[1]);
1275 lra = ra;
1276 }
1277
1278 rc = policydb_index_classes(p);
1279 if (rc)
1280 goto bad;
1281
1282 rc = policydb_index_others(p);
1283 if (rc)
1284 goto bad;
1285
1286 for (i = 0; i < info->ocon_num; i++) {
1287 rc = next_entry(buf, fp, sizeof(u32));
1288 if (rc < 0)
1289 goto bad;
1290 nel = le32_to_cpu(buf[0]);
1291 l = NULL;
1292 for (j = 0; j < nel; j++) {
1293 c = kmalloc(sizeof(*c), GFP_KERNEL);
1294 if (!c) {
1295 rc = -ENOMEM;
1296 goto bad;
1297 }
1298 memset(c, 0, sizeof(*c));
1299 if (l) {
1300 l->next = c;
1301 } else {
1302 p->ocontexts[i] = c;
1303 }
1304 l = c;
1305 rc = -EINVAL;
1306 switch (i) {
1307 case OCON_ISID:
1308 rc = next_entry(buf, fp, sizeof(u32));
1309 if (rc < 0)
1310 goto bad;
1311 c->sid[0] = le32_to_cpu(buf[0]);
1312 rc = context_read_and_validate(&c->context[0], p, fp);
1313 if (rc)
1314 goto bad;
1315 break;
1316 case OCON_FS:
1317 case OCON_NETIF:
1318 rc = next_entry(buf, fp, sizeof(u32));
1319 if (rc < 0)
1320 goto bad;
1321 len = le32_to_cpu(buf[0]);
1322 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1323 if (!c->u.name) {
1324 rc = -ENOMEM;
1325 goto bad;
1326 }
1327 rc = next_entry(c->u.name, fp, len);
1328 if (rc < 0)
1329 goto bad;
1330 c->u.name[len] = 0;
1331 rc = context_read_and_validate(&c->context[0], p, fp);
1332 if (rc)
1333 goto bad;
1334 rc = context_read_and_validate(&c->context[1], p, fp);
1335 if (rc)
1336 goto bad;
1337 break;
1338 case OCON_PORT:
1339 rc = next_entry(buf, fp, sizeof(u32)*3);
1340 if (rc < 0)
1341 goto bad;
1342 c->u.port.protocol = le32_to_cpu(buf[0]);
1343 c->u.port.low_port = le32_to_cpu(buf[1]);
1344 c->u.port.high_port = le32_to_cpu(buf[2]);
1345 rc = context_read_and_validate(&c->context[0], p, fp);
1346 if (rc)
1347 goto bad;
1348 break;
1349 case OCON_NODE:
1350 rc = next_entry(buf, fp, sizeof(u32)* 2);
1351 if (rc < 0)
1352 goto bad;
1353 c->u.node.addr = le32_to_cpu(buf[0]);
1354 c->u.node.mask = le32_to_cpu(buf[1]);
1355 rc = context_read_and_validate(&c->context[0], p, fp);
1356 if (rc)
1357 goto bad;
1358 break;
1359 case OCON_FSUSE:
1360 rc = next_entry(buf, fp, sizeof(u32)*2);
1361 if (rc < 0)
1362 goto bad;
1363 c->v.behavior = le32_to_cpu(buf[0]);
1364 if (c->v.behavior > SECURITY_FS_USE_NONE)
1365 goto bad;
1366 len = le32_to_cpu(buf[1]);
1367 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1368 if (!c->u.name) {
1369 rc = -ENOMEM;
1370 goto bad;
1371 }
1372 rc = next_entry(c->u.name, fp, len);
1373 if (rc < 0)
1374 goto bad;
1375 c->u.name[len] = 0;
1376 rc = context_read_and_validate(&c->context[0], p, fp);
1377 if (rc)
1378 goto bad;
1379 break;
1380 case OCON_NODE6: {
1381 int k;
1382
1383 rc = next_entry(buf, fp, sizeof(u32) * 8);
1384 if (rc < 0)
1385 goto bad;
1386 for (k = 0; k < 4; k++)
1387 c->u.node6.addr[k] = le32_to_cpu(buf[k]);
1388 for (k = 0; k < 4; k++)
1389 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
1390 if (context_read_and_validate(&c->context[0], p, fp))
1391 goto bad;
1392 break;
1393 }
1394 }
1395 }
1396 }
1397
1398 rc = next_entry(buf, fp, sizeof(u32));
1399 if (rc < 0)
1400 goto bad;
1401 nel = le32_to_cpu(buf[0]);
1402 genfs_p = NULL;
1403 rc = -EINVAL;
1404 for (i = 0; i < nel; i++) {
1405 rc = next_entry(buf, fp, sizeof(u32));
1406 if (rc < 0)
1407 goto bad;
1408 len = le32_to_cpu(buf[0]);
1409 newgenfs = kmalloc(sizeof(*newgenfs), GFP_KERNEL);
1410 if (!newgenfs) {
1411 rc = -ENOMEM;
1412 goto bad;
1413 }
1414 memset(newgenfs, 0, sizeof(*newgenfs));
1415
1416 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
1417 if (!newgenfs->fstype) {
1418 rc = -ENOMEM;
1419 kfree(newgenfs);
1420 goto bad;
1421 }
1422 rc = next_entry(newgenfs->fstype, fp, len);
1423 if (rc < 0) {
1424 kfree(newgenfs->fstype);
1425 kfree(newgenfs);
1426 goto bad;
1427 }
1428 newgenfs->fstype[len] = 0;
1429 for (genfs_p = NULL, genfs = p->genfs; genfs;
1430 genfs_p = genfs, genfs = genfs->next) {
1431 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1432 printk(KERN_ERR "security: dup genfs "
1433 "fstype %s\n", newgenfs->fstype);
1434 kfree(newgenfs->fstype);
1435 kfree(newgenfs);
1436 goto bad;
1437 }
1438 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1439 break;
1440 }
1441 newgenfs->next = genfs;
1442 if (genfs_p)
1443 genfs_p->next = newgenfs;
1444 else
1445 p->genfs = newgenfs;
1446 rc = next_entry(buf, fp, sizeof(u32));
1447 if (rc < 0)
1448 goto bad;
1449 nel2 = le32_to_cpu(buf[0]);
1450 for (j = 0; j < nel2; j++) {
1451 rc = next_entry(buf, fp, sizeof(u32));
1452 if (rc < 0)
1453 goto bad;
1454 len = le32_to_cpu(buf[0]);
1455
1456 newc = kmalloc(sizeof(*newc), GFP_KERNEL);
1457 if (!newc) {
1458 rc = -ENOMEM;
1459 goto bad;
1460 }
1461 memset(newc, 0, sizeof(*newc));
1462
1463 newc->u.name = kmalloc(len + 1,GFP_KERNEL);
1464 if (!newc->u.name) {
1465 rc = -ENOMEM;
1466 goto bad_newc;
1467 }
1468 rc = next_entry(newc->u.name, fp, len);
1469 if (rc < 0)
1470 goto bad_newc;
1471 newc->u.name[len] = 0;
1472 rc = next_entry(buf, fp, sizeof(u32));
1473 if (rc < 0)
1474 goto bad_newc;
1475 newc->v.sclass = le32_to_cpu(buf[0]);
1476 if (context_read_and_validate(&newc->context[0], p, fp))
1477 goto bad_newc;
1478 for (l = NULL, c = newgenfs->head; c;
1479 l = c, c = c->next) {
1480 if (!strcmp(newc->u.name, c->u.name) &&
1481 (!c->v.sclass || !newc->v.sclass ||
1482 newc->v.sclass == c->v.sclass)) {
1483 printk(KERN_ERR "security: dup genfs "
1484 "entry (%s,%s)\n",
1485 newgenfs->fstype, c->u.name);
1486 goto bad_newc;
1487 }
1488 len = strlen(newc->u.name);
1489 len2 = strlen(c->u.name);
1490 if (len > len2)
1491 break;
1492 }
1493
1494 newc->next = c;
1495 if (l)
1496 l->next = newc;
1497 else
1498 newgenfs->head = newc;
1499 }
1500 }
1501
1502 rc = mls_read_trusted(p, fp);
1503 if (rc)
1504 goto bad;
1505
1506 rc = 0;
1507 out:
1508 return rc;
1509 bad_newc:
1510 ocontext_destroy(newc,OCON_FSUSE);
1511 bad:
1512 if (!rc)
1513 rc = -EINVAL;
1514 policydb_destroy(p);
1515 goto out;
1516 }
1517
|
This page was automatically generated by the
LXR engine.
|