1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Implementation of the policy database.
4  *
5  * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
6  */
7 
8 /*
9  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10  *
11  *	Support for enhanced MLS infrastructure.
12  *
13  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14  *
15  *	Added conditional policy language extensions
16  *
17  * Updated: Hewlett-Packard <paul@paul-moore.com>
18  *
19  *      Added support for the policy capability bitmap
20  *
21  * Update: Mellanox Techonologies
22  *
23  *	Added Infiniband support
24  *
25  * Copyright (C) 2016 Mellanox Techonologies
26  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
27  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
28  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
29  */
30 
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/string.h>
35 #include <linux/errno.h>
36 #include <linux/audit.h>
37 #include "security.h"
38 
39 #include "policydb.h"
40 #include "conditional.h"
41 #include "mls.h"
42 #include "services.h"
43 
44 #ifdef CONFIG_SECURITY_SELINUX_DEBUG
45 static const char *const symtab_name[SYM_NUM] = {
46 	"common prefixes",
47 	"classes",
48 	"roles",
49 	"types",
50 	"users",
51 	"bools",
52 	"levels",
53 	"categories",
54 };
55 #endif
56 
57 struct policydb_compat_info {
58 	unsigned int version;
59 	unsigned int sym_num;
60 	unsigned int ocon_num;
61 };
62 
63 /* These need to be updated if SYM_NUM or OCON_NUM changes */
64 static const struct policydb_compat_info policydb_compat[] = {
65 	{
66 		.version	= POLICYDB_VERSION_BASE,
67 		.sym_num	= SYM_NUM - 3,
68 		.ocon_num	= OCON_NUM - 3,
69 	},
70 	{
71 		.version	= POLICYDB_VERSION_BOOL,
72 		.sym_num	= SYM_NUM - 2,
73 		.ocon_num	= OCON_NUM - 3,
74 	},
75 	{
76 		.version	= POLICYDB_VERSION_IPV6,
77 		.sym_num	= SYM_NUM - 2,
78 		.ocon_num	= OCON_NUM - 2,
79 	},
80 	{
81 		.version	= POLICYDB_VERSION_NLCLASS,
82 		.sym_num	= SYM_NUM - 2,
83 		.ocon_num	= OCON_NUM - 2,
84 	},
85 	{
86 		.version	= POLICYDB_VERSION_MLS,
87 		.sym_num	= SYM_NUM,
88 		.ocon_num	= OCON_NUM - 2,
89 	},
90 	{
91 		.version	= POLICYDB_VERSION_AVTAB,
92 		.sym_num	= SYM_NUM,
93 		.ocon_num	= OCON_NUM - 2,
94 	},
95 	{
96 		.version	= POLICYDB_VERSION_RANGETRANS,
97 		.sym_num	= SYM_NUM,
98 		.ocon_num	= OCON_NUM - 2,
99 	},
100 	{
101 		.version	= POLICYDB_VERSION_POLCAP,
102 		.sym_num	= SYM_NUM,
103 		.ocon_num	= OCON_NUM - 2,
104 	},
105 	{
106 		.version	= POLICYDB_VERSION_PERMISSIVE,
107 		.sym_num	= SYM_NUM,
108 		.ocon_num	= OCON_NUM - 2,
109 	},
110 	{
111 		.version	= POLICYDB_VERSION_BOUNDARY,
112 		.sym_num	= SYM_NUM,
113 		.ocon_num	= OCON_NUM - 2,
114 	},
115 	{
116 		.version	= POLICYDB_VERSION_FILENAME_TRANS,
117 		.sym_num	= SYM_NUM,
118 		.ocon_num	= OCON_NUM - 2,
119 	},
120 	{
121 		.version	= POLICYDB_VERSION_ROLETRANS,
122 		.sym_num	= SYM_NUM,
123 		.ocon_num	= OCON_NUM - 2,
124 	},
125 	{
126 		.version	= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
127 		.sym_num	= SYM_NUM,
128 		.ocon_num	= OCON_NUM - 2,
129 	},
130 	{
131 		.version	= POLICYDB_VERSION_DEFAULT_TYPE,
132 		.sym_num	= SYM_NUM,
133 		.ocon_num	= OCON_NUM - 2,
134 	},
135 	{
136 		.version	= POLICYDB_VERSION_CONSTRAINT_NAMES,
137 		.sym_num	= SYM_NUM,
138 		.ocon_num	= OCON_NUM - 2,
139 	},
140 	{
141 		.version	= POLICYDB_VERSION_XPERMS_IOCTL,
142 		.sym_num	= SYM_NUM,
143 		.ocon_num	= OCON_NUM - 2,
144 	},
145 	{
146 		.version	= POLICYDB_VERSION_INFINIBAND,
147 		.sym_num	= SYM_NUM,
148 		.ocon_num	= OCON_NUM,
149 	},
150 	{
151 		.version	= POLICYDB_VERSION_GLBLUB,
152 		.sym_num	= SYM_NUM,
153 		.ocon_num	= OCON_NUM,
154 	},
155 	{
156 		.version	= POLICYDB_VERSION_COMP_FTRANS,
157 		.sym_num	= SYM_NUM,
158 		.ocon_num	= OCON_NUM,
159 	},
160 };
161 
policydb_lookup_compat(unsigned int version)162 static const struct policydb_compat_info *policydb_lookup_compat(unsigned int version)
163 {
164 	unsigned int i;
165 
166 	for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
167 		if (policydb_compat[i].version == version)
168 			return &policydb_compat[i];
169 	}
170 
171 	return NULL;
172 }
173 
174 /*
175  * The following *_destroy functions are used to
176  * free any memory allocated for each kind of
177  * symbol data in the policy database.
178  */
179 
perm_destroy(void * key,void * datum,void * p)180 static int perm_destroy(void *key, void *datum, void *p)
181 {
182 	kfree(key);
183 	kfree(datum);
184 	return 0;
185 }
186 
common_destroy(void * key,void * datum,void * p)187 static int common_destroy(void *key, void *datum, void *p)
188 {
189 	struct common_datum *comdatum;
190 
191 	kfree(key);
192 	if (datum) {
193 		comdatum = datum;
194 		hashtab_map(&comdatum->permissions.table, perm_destroy, NULL);
195 		hashtab_destroy(&comdatum->permissions.table);
196 	}
197 	kfree(datum);
198 	return 0;
199 }
200 
constraint_expr_destroy(struct constraint_expr * expr)201 static void constraint_expr_destroy(struct constraint_expr *expr)
202 {
203 	if (expr) {
204 		ebitmap_destroy(&expr->names);
205 		if (expr->type_names) {
206 			ebitmap_destroy(&expr->type_names->types);
207 			ebitmap_destroy(&expr->type_names->negset);
208 			kfree(expr->type_names);
209 		}
210 		kfree(expr);
211 	}
212 }
213 
cls_destroy(void * key,void * datum,void * p)214 static int cls_destroy(void *key, void *datum, void *p)
215 {
216 	struct class_datum *cladatum;
217 	struct constraint_node *constraint, *ctemp;
218 	struct constraint_expr *e, *etmp;
219 
220 	kfree(key);
221 	if (datum) {
222 		cladatum = datum;
223 		hashtab_map(&cladatum->permissions.table, perm_destroy, NULL);
224 		hashtab_destroy(&cladatum->permissions.table);
225 		constraint = cladatum->constraints;
226 		while (constraint) {
227 			e = constraint->expr;
228 			while (e) {
229 				etmp = e;
230 				e = e->next;
231 				constraint_expr_destroy(etmp);
232 			}
233 			ctemp = constraint;
234 			constraint = constraint->next;
235 			kfree(ctemp);
236 		}
237 
238 		constraint = cladatum->validatetrans;
239 		while (constraint) {
240 			e = constraint->expr;
241 			while (e) {
242 				etmp = e;
243 				e = e->next;
244 				constraint_expr_destroy(etmp);
245 			}
246 			ctemp = constraint;
247 			constraint = constraint->next;
248 			kfree(ctemp);
249 		}
250 		kfree(cladatum->comkey);
251 	}
252 	kfree(datum);
253 	return 0;
254 }
255 
role_destroy(void * key,void * datum,void * p)256 static int role_destroy(void *key, void *datum, void *p)
257 {
258 	struct role_datum *role;
259 
260 	kfree(key);
261 	if (datum) {
262 		role = datum;
263 		ebitmap_destroy(&role->dominates);
264 		ebitmap_destroy(&role->types);
265 	}
266 	kfree(datum);
267 	return 0;
268 }
269 
type_destroy(void * key,void * datum,void * p)270 static int type_destroy(void *key, void *datum, void *p)
271 {
272 	kfree(key);
273 	kfree(datum);
274 	return 0;
275 }
276 
user_destroy(void * key,void * datum,void * p)277 static int user_destroy(void *key, void *datum, void *p)
278 {
279 	struct user_datum *usrdatum;
280 
281 	kfree(key);
282 	if (datum) {
283 		usrdatum = datum;
284 		ebitmap_destroy(&usrdatum->roles);
285 		ebitmap_destroy(&usrdatum->range.level[0].cat);
286 		ebitmap_destroy(&usrdatum->range.level[1].cat);
287 		ebitmap_destroy(&usrdatum->dfltlevel.cat);
288 	}
289 	kfree(datum);
290 	return 0;
291 }
292 
sens_destroy(void * key,void * datum,void * p)293 static int sens_destroy(void *key, void *datum, void *p)
294 {
295 	struct level_datum *levdatum;
296 
297 	kfree(key);
298 	if (datum) {
299 		levdatum = datum;
300 		if (levdatum->level)
301 			ebitmap_destroy(&levdatum->level->cat);
302 		kfree(levdatum->level);
303 	}
304 	kfree(datum);
305 	return 0;
306 }
307 
cat_destroy(void * key,void * datum,void * p)308 static int cat_destroy(void *key, void *datum, void *p)
309 {
310 	kfree(key);
311 	kfree(datum);
312 	return 0;
313 }
314 
315 static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
316 	common_destroy,
317 	cls_destroy,
318 	role_destroy,
319 	type_destroy,
320 	user_destroy,
321 	cond_destroy_bool,
322 	sens_destroy,
323 	cat_destroy,
324 };
325 
filenametr_destroy(void * key,void * datum,void * p)326 static int filenametr_destroy(void *key, void *datum, void *p)
327 {
328 	struct filename_trans_key *ft = key;
329 	struct filename_trans_datum *next, *d = datum;
330 
331 	kfree(ft->name);
332 	kfree(key);
333 	do {
334 		ebitmap_destroy(&d->stypes);
335 		next = d->next;
336 		kfree(d);
337 		d = next;
338 	} while (unlikely(d));
339 	cond_resched();
340 	return 0;
341 }
342 
range_tr_destroy(void * key,void * datum,void * p)343 static int range_tr_destroy(void *key, void *datum, void *p)
344 {
345 	struct mls_range *rt = datum;
346 
347 	kfree(key);
348 	ebitmap_destroy(&rt->level[0].cat);
349 	ebitmap_destroy(&rt->level[1].cat);
350 	kfree(datum);
351 	cond_resched();
352 	return 0;
353 }
354 
role_tr_destroy(void * key,void * datum,void * p)355 static int role_tr_destroy(void *key, void *datum, void *p)
356 {
357 	kfree(key);
358 	kfree(datum);
359 	return 0;
360 }
361 
ocontext_destroy(struct ocontext * c,unsigned int i)362 static void ocontext_destroy(struct ocontext *c, unsigned int i)
363 {
364 	if (!c)
365 		return;
366 
367 	context_destroy(&c->context[0]);
368 	context_destroy(&c->context[1]);
369 	if (i == OCON_ISID || i == OCON_FS ||
370 	    i == OCON_NETIF || i == OCON_FSUSE)
371 		kfree(c->u.name);
372 	kfree(c);
373 }
374 
375 /*
376  * Initialize the role table.
377  */
roles_init(struct policydb * p)378 static int roles_init(struct policydb *p)
379 {
380 	char *key = NULL;
381 	int rc;
382 	struct role_datum *role;
383 
384 	role = kzalloc(sizeof(*role), GFP_KERNEL);
385 	if (!role)
386 		return -ENOMEM;
387 
388 	rc = -EINVAL;
389 	role->value = ++p->p_roles.nprim;
390 	if (role->value != OBJECT_R_VAL)
391 		goto out;
392 
393 	rc = -ENOMEM;
394 	key = kstrdup(OBJECT_R, GFP_KERNEL);
395 	if (!key)
396 		goto out;
397 
398 	rc = symtab_insert(&p->p_roles, key, role);
399 	if (rc)
400 		goto out;
401 
402 	return 0;
403 out:
404 	kfree(key);
405 	kfree(role);
406 	return rc;
407 }
408 
filenametr_hash(const void * k)409 static u32 filenametr_hash(const void *k)
410 {
411 	const struct filename_trans_key *ft = k;
412 	unsigned long hash;
413 	unsigned int byte_num;
414 	unsigned char focus;
415 
416 	hash = ft->ttype ^ ft->tclass;
417 
418 	byte_num = 0;
419 	while ((focus = ft->name[byte_num++]))
420 		hash = partial_name_hash(focus, hash);
421 	return hash;
422 }
423 
filenametr_cmp(const void * k1,const void * k2)424 static int filenametr_cmp(const void *k1, const void *k2)
425 {
426 	const struct filename_trans_key *ft1 = k1;
427 	const struct filename_trans_key *ft2 = k2;
428 	int v;
429 
430 	v = ft1->ttype - ft2->ttype;
431 	if (v)
432 		return v;
433 
434 	v = ft1->tclass - ft2->tclass;
435 	if (v)
436 		return v;
437 
438 	return strcmp(ft1->name, ft2->name);
439 
440 }
441 
442 static const struct hashtab_key_params filenametr_key_params = {
443 	.hash = filenametr_hash,
444 	.cmp = filenametr_cmp,
445 };
446 
policydb_filenametr_search(struct policydb * p,struct filename_trans_key * key)447 struct filename_trans_datum *policydb_filenametr_search(
448 	struct policydb *p, struct filename_trans_key *key)
449 {
450 	return hashtab_search(&p->filename_trans, key, filenametr_key_params);
451 }
452 
rangetr_hash(const void * k)453 static u32 rangetr_hash(const void *k)
454 {
455 	const struct range_trans *key = k;
456 
457 	return key->source_type + (key->target_type << 3) +
458 		(key->target_class << 5);
459 }
460 
rangetr_cmp(const void * k1,const void * k2)461 static int rangetr_cmp(const void *k1, const void *k2)
462 {
463 	const struct range_trans *key1 = k1, *key2 = k2;
464 	int v;
465 
466 	v = key1->source_type - key2->source_type;
467 	if (v)
468 		return v;
469 
470 	v = key1->target_type - key2->target_type;
471 	if (v)
472 		return v;
473 
474 	v = key1->target_class - key2->target_class;
475 
476 	return v;
477 }
478 
479 static const struct hashtab_key_params rangetr_key_params = {
480 	.hash = rangetr_hash,
481 	.cmp = rangetr_cmp,
482 };
483 
policydb_rangetr_search(struct policydb * p,struct range_trans * key)484 struct mls_range *policydb_rangetr_search(struct policydb *p,
485 					  struct range_trans *key)
486 {
487 	return hashtab_search(&p->range_tr, key, rangetr_key_params);
488 }
489 
role_trans_hash(const void * k)490 static u32 role_trans_hash(const void *k)
491 {
492 	const struct role_trans_key *key = k;
493 
494 	return key->role + (key->type << 3) + (key->tclass << 5);
495 }
496 
role_trans_cmp(const void * k1,const void * k2)497 static int role_trans_cmp(const void *k1, const void *k2)
498 {
499 	const struct role_trans_key *key1 = k1, *key2 = k2;
500 	int v;
501 
502 	v = key1->role - key2->role;
503 	if (v)
504 		return v;
505 
506 	v = key1->type - key2->type;
507 	if (v)
508 		return v;
509 
510 	return key1->tclass - key2->tclass;
511 }
512 
513 static const struct hashtab_key_params roletr_key_params = {
514 	.hash = role_trans_hash,
515 	.cmp = role_trans_cmp,
516 };
517 
policydb_roletr_search(struct policydb * p,struct role_trans_key * key)518 struct role_trans_datum *policydb_roletr_search(struct policydb *p,
519 						struct role_trans_key *key)
520 {
521 	return hashtab_search(&p->role_tr, key, roletr_key_params);
522 }
523 
524 /*
525  * Initialize a policy database structure.
526  */
policydb_init(struct policydb * p)527 static void policydb_init(struct policydb *p)
528 {
529 	memset(p, 0, sizeof(*p));
530 
531 	avtab_init(&p->te_avtab);
532 	cond_policydb_init(p);
533 
534 	ebitmap_init(&p->filename_trans_ttypes);
535 	ebitmap_init(&p->policycaps);
536 	ebitmap_init(&p->permissive_map);
537 }
538 
539 /*
540  * The following *_index functions are used to
541  * define the val_to_name and val_to_struct arrays
542  * in a policy database structure.  The val_to_name
543  * arrays are used when converting security context
544  * structures into string representations.  The
545  * val_to_struct arrays are used when the attributes
546  * of a class, role, or user are needed.
547  */
548 
common_index(void * key,void * datum,void * datap)549 static int common_index(void *key, void *datum, void *datap)
550 {
551 	struct policydb *p;
552 	struct common_datum *comdatum;
553 
554 	comdatum = datum;
555 	p = datap;
556 	if (!comdatum->value || comdatum->value > p->p_commons.nprim)
557 		return -EINVAL;
558 
559 	p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
560 
561 	return 0;
562 }
563 
class_index(void * key,void * datum,void * datap)564 static int class_index(void *key, void *datum, void *datap)
565 {
566 	struct policydb *p;
567 	struct class_datum *cladatum;
568 
569 	cladatum = datum;
570 	p = datap;
571 	if (!cladatum->value || cladatum->value > p->p_classes.nprim)
572 		return -EINVAL;
573 
574 	p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
575 	p->class_val_to_struct[cladatum->value - 1] = cladatum;
576 	return 0;
577 }
578 
role_index(void * key,void * datum,void * datap)579 static int role_index(void *key, void *datum, void *datap)
580 {
581 	struct policydb *p;
582 	struct role_datum *role;
583 
584 	role = datum;
585 	p = datap;
586 	if (!role->value
587 	    || role->value > p->p_roles.nprim
588 	    || role->bounds > p->p_roles.nprim)
589 		return -EINVAL;
590 
591 	p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
592 	p->role_val_to_struct[role->value - 1] = role;
593 	return 0;
594 }
595 
type_index(void * key,void * datum,void * datap)596 static int type_index(void *key, void *datum, void *datap)
597 {
598 	struct policydb *p;
599 	struct type_datum *typdatum;
600 
601 	typdatum = datum;
602 	p = datap;
603 
604 	if (typdatum->primary) {
605 		if (!typdatum->value
606 		    || typdatum->value > p->p_types.nprim
607 		    || typdatum->bounds > p->p_types.nprim)
608 			return -EINVAL;
609 		p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
610 		p->type_val_to_struct[typdatum->value - 1] = typdatum;
611 	}
612 
613 	return 0;
614 }
615 
user_index(void * key,void * datum,void * datap)616 static int user_index(void *key, void *datum, void *datap)
617 {
618 	struct policydb *p;
619 	struct user_datum *usrdatum;
620 
621 	usrdatum = datum;
622 	p = datap;
623 	if (!usrdatum->value
624 	    || usrdatum->value > p->p_users.nprim
625 	    || usrdatum->bounds > p->p_users.nprim)
626 		return -EINVAL;
627 
628 	p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
629 	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
630 	return 0;
631 }
632 
sens_index(void * key,void * datum,void * datap)633 static int sens_index(void *key, void *datum, void *datap)
634 {
635 	struct policydb *p;
636 	struct level_datum *levdatum;
637 
638 	levdatum = datum;
639 	p = datap;
640 
641 	if (!levdatum->isalias) {
642 		if (!levdatum->level->sens ||
643 		    levdatum->level->sens > p->p_levels.nprim)
644 			return -EINVAL;
645 
646 		p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
647 	}
648 
649 	return 0;
650 }
651 
cat_index(void * key,void * datum,void * datap)652 static int cat_index(void *key, void *datum, void *datap)
653 {
654 	struct policydb *p;
655 	struct cat_datum *catdatum;
656 
657 	catdatum = datum;
658 	p = datap;
659 
660 	if (!catdatum->isalias) {
661 		if (!catdatum->value || catdatum->value > p->p_cats.nprim)
662 			return -EINVAL;
663 
664 		p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
665 	}
666 
667 	return 0;
668 }
669 
670 static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
671 	common_index,
672 	class_index,
673 	role_index,
674 	type_index,
675 	user_index,
676 	cond_index_bool,
677 	sens_index,
678 	cat_index,
679 };
680 
681 #ifdef CONFIG_SECURITY_SELINUX_DEBUG
hash_eval(struct hashtab * h,const char * hash_name)682 static void hash_eval(struct hashtab *h, const char *hash_name)
683 {
684 	struct hashtab_info info;
685 
686 	hashtab_stat(h, &info);
687 	pr_debug("SELinux: %s:  %d entries and %d/%d buckets used, longest chain length %d\n",
688 		 hash_name, h->nel, info.slots_used, h->size,
689 		 info.max_chain_len);
690 }
691 
symtab_hash_eval(struct symtab * s)692 static void symtab_hash_eval(struct symtab *s)
693 {
694 	int i;
695 
696 	for (i = 0; i < SYM_NUM; i++)
697 		hash_eval(&s[i].table, symtab_name[i]);
698 }
699 
700 #else
hash_eval(struct hashtab * h,const char * hash_name)701 static inline void hash_eval(struct hashtab *h, const char *hash_name)
702 {
703 }
symtab_hash_eval(struct symtab * s)704 static inline void symtab_hash_eval(struct symtab *s)
705 {
706 }
707 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */
708 
709 /*
710  * Define the other val_to_name and val_to_struct arrays
711  * in a policy database structure.
712  *
713  * Caller must clean up on failure.
714  */
policydb_index(struct policydb * p)715 static int policydb_index(struct policydb *p)
716 {
717 	int i, rc;
718 
719 	if (p->mls_enabled)
720 		pr_debug("SELinux:  %d users, %d roles, %d types, %d bools, %d sens, %d cats\n",
721 			 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
722 			 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
723 	else
724 		pr_debug("SELinux:  %d users, %d roles, %d types, %d bools\n",
725 			 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
726 			 p->p_bools.nprim);
727 
728 	pr_debug("SELinux:  %d classes, %d rules\n",
729 		 p->p_classes.nprim, p->te_avtab.nel);
730 
731 	avtab_hash_eval(&p->te_avtab, "rules");
732 	symtab_hash_eval(p->symtab);
733 
734 	p->class_val_to_struct = kcalloc(p->p_classes.nprim,
735 					 sizeof(*p->class_val_to_struct),
736 					 GFP_KERNEL);
737 	if (!p->class_val_to_struct)
738 		return -ENOMEM;
739 
740 	p->role_val_to_struct = kcalloc(p->p_roles.nprim,
741 					sizeof(*p->role_val_to_struct),
742 					GFP_KERNEL);
743 	if (!p->role_val_to_struct)
744 		return -ENOMEM;
745 
746 	p->user_val_to_struct = kcalloc(p->p_users.nprim,
747 					sizeof(*p->user_val_to_struct),
748 					GFP_KERNEL);
749 	if (!p->user_val_to_struct)
750 		return -ENOMEM;
751 
752 	p->type_val_to_struct = kvcalloc(p->p_types.nprim,
753 					 sizeof(*p->type_val_to_struct),
754 					 GFP_KERNEL);
755 	if (!p->type_val_to_struct)
756 		return -ENOMEM;
757 
758 	rc = cond_init_bool_indexes(p);
759 	if (rc)
760 		goto out;
761 
762 	for (i = 0; i < SYM_NUM; i++) {
763 		p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,
764 						 sizeof(char *),
765 						 GFP_KERNEL);
766 		if (!p->sym_val_to_name[i])
767 			return -ENOMEM;
768 
769 		rc = hashtab_map(&p->symtab[i].table, index_f[i], p);
770 		if (rc)
771 			goto out;
772 	}
773 	rc = 0;
774 out:
775 	return rc;
776 }
777 
778 /*
779  * Free any memory allocated by a policy database structure.
780  */
policydb_destroy(struct policydb * p)781 void policydb_destroy(struct policydb *p)
782 {
783 	struct ocontext *c, *ctmp;
784 	struct genfs *g, *gtmp;
785 	u32 i;
786 	struct role_allow *ra, *lra = NULL;
787 
788 	for (i = 0; i < SYM_NUM; i++) {
789 		cond_resched();
790 		hashtab_map(&p->symtab[i].table, destroy_f[i], NULL);
791 		hashtab_destroy(&p->symtab[i].table);
792 	}
793 
794 	for (i = 0; i < SYM_NUM; i++)
795 		kvfree(p->sym_val_to_name[i]);
796 
797 	kfree(p->class_val_to_struct);
798 	kfree(p->role_val_to_struct);
799 	kfree(p->user_val_to_struct);
800 	kvfree(p->type_val_to_struct);
801 
802 	avtab_destroy(&p->te_avtab);
803 
804 	for (i = 0; i < OCON_NUM; i++) {
805 		cond_resched();
806 		c = p->ocontexts[i];
807 		while (c) {
808 			ctmp = c;
809 			c = c->next;
810 			ocontext_destroy(ctmp, i);
811 		}
812 		p->ocontexts[i] = NULL;
813 	}
814 
815 	g = p->genfs;
816 	while (g) {
817 		cond_resched();
818 		kfree(g->fstype);
819 		c = g->head;
820 		while (c) {
821 			ctmp = c;
822 			c = c->next;
823 			ocontext_destroy(ctmp, OCON_FSUSE);
824 		}
825 		gtmp = g;
826 		g = g->next;
827 		kfree(gtmp);
828 	}
829 	p->genfs = NULL;
830 
831 	cond_policydb_destroy(p);
832 
833 	hashtab_map(&p->role_tr, role_tr_destroy, NULL);
834 	hashtab_destroy(&p->role_tr);
835 
836 	for (ra = p->role_allow; ra; ra = ra->next) {
837 		cond_resched();
838 		kfree(lra);
839 		lra = ra;
840 	}
841 	kfree(lra);
842 
843 	hashtab_map(&p->filename_trans, filenametr_destroy, NULL);
844 	hashtab_destroy(&p->filename_trans);
845 
846 	hashtab_map(&p->range_tr, range_tr_destroy, NULL);
847 	hashtab_destroy(&p->range_tr);
848 
849 	if (p->type_attr_map_array) {
850 		for (i = 0; i < p->p_types.nprim; i++)
851 			ebitmap_destroy(&p->type_attr_map_array[i]);
852 		kvfree(p->type_attr_map_array);
853 	}
854 
855 	ebitmap_destroy(&p->filename_trans_ttypes);
856 	ebitmap_destroy(&p->policycaps);
857 	ebitmap_destroy(&p->permissive_map);
858 }
859 
860 /*
861  * Load the initial SIDs specified in a policy database
862  * structure into a SID table.
863  */
policydb_load_isids(struct policydb * p,struct sidtab * s)864 int policydb_load_isids(struct policydb *p, struct sidtab *s)
865 {
866 	struct ocontext *head, *c;
867 	int rc;
868 
869 	rc = sidtab_init(s);
870 	if (rc) {
871 		pr_err("SELinux:  out of memory on SID table init\n");
872 		return rc;
873 	}
874 
875 	head = p->ocontexts[OCON_ISID];
876 	for (c = head; c; c = c->next) {
877 		u32 sid = c->sid[0];
878 		const char *name = security_get_initial_sid_context(sid);
879 
880 		if (sid == SECSID_NULL) {
881 			pr_err("SELinux:  SID 0 was assigned a context.\n");
882 			sidtab_destroy(s);
883 			return -EINVAL;
884 		}
885 
886 		/* Ignore initial SIDs unused by this kernel. */
887 		if (!name)
888 			continue;
889 
890 		rc = sidtab_set_initial(s, sid, &c->context[0]);
891 		if (rc) {
892 			pr_err("SELinux:  unable to load initial SID %s.\n",
893 			       name);
894 			sidtab_destroy(s);
895 			return rc;
896 		}
897 	}
898 	return 0;
899 }
900 
policydb_class_isvalid(struct policydb * p,unsigned int class)901 int policydb_class_isvalid(struct policydb *p, unsigned int class)
902 {
903 	if (!class || class > p->p_classes.nprim)
904 		return 0;
905 	return 1;
906 }
907 
policydb_role_isvalid(struct policydb * p,unsigned int role)908 int policydb_role_isvalid(struct policydb *p, unsigned int role)
909 {
910 	if (!role || role > p->p_roles.nprim)
911 		return 0;
912 	return 1;
913 }
914 
policydb_type_isvalid(struct policydb * p,unsigned int type)915 int policydb_type_isvalid(struct policydb *p, unsigned int type)
916 {
917 	if (!type || type > p->p_types.nprim)
918 		return 0;
919 	return 1;
920 }
921 
922 /*
923  * Return 1 if the fields in the security context
924  * structure `c' are valid.  Return 0 otherwise.
925  */
policydb_context_isvalid(struct policydb * p,struct context * c)926 int policydb_context_isvalid(struct policydb *p, struct context *c)
927 {
928 	struct role_datum *role;
929 	struct user_datum *usrdatum;
930 
931 	if (!c->role || c->role > p->p_roles.nprim)
932 		return 0;
933 
934 	if (!c->user || c->user > p->p_users.nprim)
935 		return 0;
936 
937 	if (!c->type || c->type > p->p_types.nprim)
938 		return 0;
939 
940 	if (c->role != OBJECT_R_VAL) {
941 		/*
942 		 * Role must be authorized for the type.
943 		 */
944 		role = p->role_val_to_struct[c->role - 1];
945 		if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
946 			/* role may not be associated with type */
947 			return 0;
948 
949 		/*
950 		 * User must be authorized for the role.
951 		 */
952 		usrdatum = p->user_val_to_struct[c->user - 1];
953 		if (!usrdatum)
954 			return 0;
955 
956 		if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
957 			/* user may not be associated with role */
958 			return 0;
959 	}
960 
961 	if (!mls_context_isvalid(p, c))
962 		return 0;
963 
964 	return 1;
965 }
966 
967 /*
968  * Read a MLS range structure from a policydb binary
969  * representation file.
970  */
mls_read_range_helper(struct mls_range * r,void * fp)971 static int mls_read_range_helper(struct mls_range *r, void *fp)
972 {
973 	__le32 buf[2];
974 	u32 items;
975 	int rc;
976 
977 	rc = next_entry(buf, fp, sizeof(u32));
978 	if (rc)
979 		goto out;
980 
981 	rc = -EINVAL;
982 	items = le32_to_cpu(buf[0]);
983 	if (items > ARRAY_SIZE(buf)) {
984 		pr_err("SELinux: mls:  range overflow\n");
985 		goto out;
986 	}
987 
988 	rc = next_entry(buf, fp, sizeof(u32) * items);
989 	if (rc) {
990 		pr_err("SELinux: mls:  truncated range\n");
991 		goto out;
992 	}
993 
994 	r->level[0].sens = le32_to_cpu(buf[0]);
995 	if (items > 1)
996 		r->level[1].sens = le32_to_cpu(buf[1]);
997 	else
998 		r->level[1].sens = r->level[0].sens;
999 
1000 	rc = ebitmap_read(&r->level[0].cat, fp);
1001 	if (rc) {
1002 		pr_err("SELinux: mls:  error reading low categories\n");
1003 		goto out;
1004 	}
1005 	if (items > 1) {
1006 		rc = ebitmap_read(&r->level[1].cat, fp);
1007 		if (rc) {
1008 			pr_err("SELinux: mls:  error reading high categories\n");
1009 			goto bad_high;
1010 		}
1011 	} else {
1012 		rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1013 		if (rc) {
1014 			pr_err("SELinux: mls:  out of memory\n");
1015 			goto bad_high;
1016 		}
1017 	}
1018 
1019 	return 0;
1020 bad_high:
1021 	ebitmap_destroy(&r->level[0].cat);
1022 out:
1023 	return rc;
1024 }
1025 
1026 /*
1027  * Read and validate a security context structure
1028  * from a policydb binary representation file.
1029  */
context_read_and_validate(struct context * c,struct policydb * p,void * fp)1030 static int context_read_and_validate(struct context *c,
1031 				     struct policydb *p,
1032 				     void *fp)
1033 {
1034 	__le32 buf[3];
1035 	int rc;
1036 
1037 	rc = next_entry(buf, fp, sizeof buf);
1038 	if (rc) {
1039 		pr_err("SELinux: context truncated\n");
1040 		goto out;
1041 	}
1042 	c->user = le32_to_cpu(buf[0]);
1043 	c->role = le32_to_cpu(buf[1]);
1044 	c->type = le32_to_cpu(buf[2]);
1045 	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1046 		rc = mls_read_range_helper(&c->range, fp);
1047 		if (rc) {
1048 			pr_err("SELinux: error reading MLS range of context\n");
1049 			goto out;
1050 		}
1051 	}
1052 
1053 	rc = -EINVAL;
1054 	if (!policydb_context_isvalid(p, c)) {
1055 		pr_err("SELinux:  invalid security context\n");
1056 		context_destroy(c);
1057 		goto out;
1058 	}
1059 	rc = 0;
1060 out:
1061 	return rc;
1062 }
1063 
1064 /*
1065  * The following *_read functions are used to
1066  * read the symbol data from a policy database
1067  * binary representation file.
1068  */
1069 
str_read(char ** strp,gfp_t flags,void * fp,u32 len)1070 static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1071 {
1072 	int rc;
1073 	char *str;
1074 
1075 	if ((len == 0) || (len == (u32)-1))
1076 		return -EINVAL;
1077 
1078 	str = kmalloc(len + 1, flags | __GFP_NOWARN);
1079 	if (!str)
1080 		return -ENOMEM;
1081 
1082 	rc = next_entry(str, fp, len);
1083 	if (rc) {
1084 		kfree(str);
1085 		return rc;
1086 	}
1087 
1088 	str[len] = '\0';
1089 	*strp = str;
1090 	return 0;
1091 }
1092 
perm_read(struct policydb * p,struct symtab * s,void * fp)1093 static int perm_read(struct policydb *p, struct symtab *s, void *fp)
1094 {
1095 	char *key = NULL;
1096 	struct perm_datum *perdatum;
1097 	int rc;
1098 	__le32 buf[2];
1099 	u32 len;
1100 
1101 	perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1102 	if (!perdatum)
1103 		return -ENOMEM;
1104 
1105 	rc = next_entry(buf, fp, sizeof buf);
1106 	if (rc)
1107 		goto bad;
1108 
1109 	len = le32_to_cpu(buf[0]);
1110 	perdatum->value = le32_to_cpu(buf[1]);
1111 
1112 	rc = str_read(&key, GFP_KERNEL, fp, len);
1113 	if (rc)
1114 		goto bad;
1115 
1116 	rc = symtab_insert(s, key, perdatum);
1117 	if (rc)
1118 		goto bad;
1119 
1120 	return 0;
1121 bad:
1122 	perm_destroy(key, perdatum, NULL);
1123 	return rc;
1124 }
1125 
common_read(struct policydb * p,struct symtab * s,void * fp)1126 static int common_read(struct policydb *p, struct symtab *s, void *fp)
1127 {
1128 	char *key = NULL;
1129 	struct common_datum *comdatum;
1130 	__le32 buf[4];
1131 	u32 i, len, nel;
1132 	int rc;
1133 
1134 	comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1135 	if (!comdatum)
1136 		return -ENOMEM;
1137 
1138 	rc = next_entry(buf, fp, sizeof buf);
1139 	if (rc)
1140 		goto bad;
1141 
1142 	len = le32_to_cpu(buf[0]);
1143 	comdatum->value = le32_to_cpu(buf[1]);
1144 	nel = le32_to_cpu(buf[3]);
1145 
1146 	rc = symtab_init(&comdatum->permissions, nel);
1147 	if (rc)
1148 		goto bad;
1149 	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1150 
1151 	rc = str_read(&key, GFP_KERNEL, fp, len);
1152 	if (rc)
1153 		goto bad;
1154 
1155 	for (i = 0; i < nel; i++) {
1156 		rc = perm_read(p, &comdatum->permissions, fp);
1157 		if (rc)
1158 			goto bad;
1159 	}
1160 
1161 	rc = symtab_insert(s, key, comdatum);
1162 	if (rc)
1163 		goto bad;
1164 	return 0;
1165 bad:
1166 	common_destroy(key, comdatum, NULL);
1167 	return rc;
1168 }
1169 
type_set_init(struct type_set * t)1170 static void type_set_init(struct type_set *t)
1171 {
1172 	ebitmap_init(&t->types);
1173 	ebitmap_init(&t->negset);
1174 }
1175 
type_set_read(struct type_set * t,void * fp)1176 static int type_set_read(struct type_set *t, void *fp)
1177 {
1178 	__le32 buf[1];
1179 	int rc;
1180 
1181 	if (ebitmap_read(&t->types, fp))
1182 		return -EINVAL;
1183 	if (ebitmap_read(&t->negset, fp))
1184 		return -EINVAL;
1185 
1186 	rc = next_entry(buf, fp, sizeof(u32));
1187 	if (rc < 0)
1188 		return -EINVAL;
1189 	t->flags = le32_to_cpu(buf[0]);
1190 
1191 	return 0;
1192 }
1193 
1194 
read_cons_helper(struct policydb * p,struct constraint_node ** nodep,u32 ncons,int allowxtarget,void * fp)1195 static int read_cons_helper(struct policydb *p,
1196 				struct constraint_node **nodep,
1197 				u32 ncons, int allowxtarget, void *fp)
1198 {
1199 	struct constraint_node *c, *lc;
1200 	struct constraint_expr *e, *le;
1201 	__le32 buf[3];
1202 	u32 i, j, nexpr;
1203 	int rc, depth;
1204 
1205 	lc = NULL;
1206 	for (i = 0; i < ncons; i++) {
1207 		c = kzalloc(sizeof(*c), GFP_KERNEL);
1208 		if (!c)
1209 			return -ENOMEM;
1210 
1211 		if (lc)
1212 			lc->next = c;
1213 		else
1214 			*nodep = c;
1215 
1216 		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1217 		if (rc)
1218 			return rc;
1219 		c->permissions = le32_to_cpu(buf[0]);
1220 		nexpr = le32_to_cpu(buf[1]);
1221 		le = NULL;
1222 		depth = -1;
1223 		for (j = 0; j < nexpr; j++) {
1224 			e = kzalloc(sizeof(*e), GFP_KERNEL);
1225 			if (!e)
1226 				return -ENOMEM;
1227 
1228 			if (le)
1229 				le->next = e;
1230 			else
1231 				c->expr = e;
1232 
1233 			rc = next_entry(buf, fp, (sizeof(u32) * 3));
1234 			if (rc)
1235 				return rc;
1236 			e->expr_type = le32_to_cpu(buf[0]);
1237 			e->attr = le32_to_cpu(buf[1]);
1238 			e->op = le32_to_cpu(buf[2]);
1239 
1240 			switch (e->expr_type) {
1241 			case CEXPR_NOT:
1242 				if (depth < 0)
1243 					return -EINVAL;
1244 				break;
1245 			case CEXPR_AND:
1246 			case CEXPR_OR:
1247 				if (depth < 1)
1248 					return -EINVAL;
1249 				depth--;
1250 				break;
1251 			case CEXPR_ATTR:
1252 				if (depth == (CEXPR_MAXDEPTH - 1))
1253 					return -EINVAL;
1254 				depth++;
1255 				break;
1256 			case CEXPR_NAMES:
1257 				if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1258 					return -EINVAL;
1259 				if (depth == (CEXPR_MAXDEPTH - 1))
1260 					return -EINVAL;
1261 				depth++;
1262 				rc = ebitmap_read(&e->names, fp);
1263 				if (rc)
1264 					return rc;
1265 				if (p->policyvers >=
1266 				    POLICYDB_VERSION_CONSTRAINT_NAMES) {
1267 					e->type_names = kzalloc(sizeof
1268 						(*e->type_names), GFP_KERNEL);
1269 					if (!e->type_names)
1270 						return -ENOMEM;
1271 					type_set_init(e->type_names);
1272 					rc = type_set_read(e->type_names, fp);
1273 					if (rc)
1274 						return rc;
1275 				}
1276 				break;
1277 			default:
1278 				return -EINVAL;
1279 			}
1280 			le = e;
1281 		}
1282 		if (depth != 0)
1283 			return -EINVAL;
1284 		lc = c;
1285 	}
1286 
1287 	return 0;
1288 }
1289 
class_read(struct policydb * p,struct symtab * s,void * fp)1290 static int class_read(struct policydb *p, struct symtab *s, void *fp)
1291 {
1292 	char *key = NULL;
1293 	struct class_datum *cladatum;
1294 	__le32 buf[6];
1295 	u32 i, len, len2, ncons, nel;
1296 	int rc;
1297 
1298 	cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1299 	if (!cladatum)
1300 		return -ENOMEM;
1301 
1302 	rc = next_entry(buf, fp, sizeof(u32)*6);
1303 	if (rc)
1304 		goto bad;
1305 
1306 	len = le32_to_cpu(buf[0]);
1307 	len2 = le32_to_cpu(buf[1]);
1308 	cladatum->value = le32_to_cpu(buf[2]);
1309 	nel = le32_to_cpu(buf[4]);
1310 
1311 	rc = symtab_init(&cladatum->permissions, nel);
1312 	if (rc)
1313 		goto bad;
1314 	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1315 
1316 	ncons = le32_to_cpu(buf[5]);
1317 
1318 	rc = str_read(&key, GFP_KERNEL, fp, len);
1319 	if (rc)
1320 		goto bad;
1321 
1322 	if (len2) {
1323 		rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2);
1324 		if (rc)
1325 			goto bad;
1326 
1327 		rc = -EINVAL;
1328 		cladatum->comdatum = symtab_search(&p->p_commons,
1329 						   cladatum->comkey);
1330 		if (!cladatum->comdatum) {
1331 			pr_err("SELinux:  unknown common %s\n",
1332 			       cladatum->comkey);
1333 			goto bad;
1334 		}
1335 	}
1336 	for (i = 0; i < nel; i++) {
1337 		rc = perm_read(p, &cladatum->permissions, fp);
1338 		if (rc)
1339 			goto bad;
1340 	}
1341 
1342 	rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
1343 	if (rc)
1344 		goto bad;
1345 
1346 	if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1347 		/* grab the validatetrans rules */
1348 		rc = next_entry(buf, fp, sizeof(u32));
1349 		if (rc)
1350 			goto bad;
1351 		ncons = le32_to_cpu(buf[0]);
1352 		rc = read_cons_helper(p, &cladatum->validatetrans,
1353 				ncons, 1, fp);
1354 		if (rc)
1355 			goto bad;
1356 	}
1357 
1358 	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1359 		rc = next_entry(buf, fp, sizeof(u32) * 3);
1360 		if (rc)
1361 			goto bad;
1362 
1363 		cladatum->default_user = le32_to_cpu(buf[0]);
1364 		cladatum->default_role = le32_to_cpu(buf[1]);
1365 		cladatum->default_range = le32_to_cpu(buf[2]);
1366 	}
1367 
1368 	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1369 		rc = next_entry(buf, fp, sizeof(u32) * 1);
1370 		if (rc)
1371 			goto bad;
1372 		cladatum->default_type = le32_to_cpu(buf[0]);
1373 	}
1374 
1375 	rc = symtab_insert(s, key, cladatum);
1376 	if (rc)
1377 		goto bad;
1378 
1379 	return 0;
1380 bad:
1381 	cls_destroy(key, cladatum, NULL);
1382 	return rc;
1383 }
1384 
role_read(struct policydb * p,struct symtab * s,void * fp)1385 static int role_read(struct policydb *p, struct symtab *s, void *fp)
1386 {
1387 	char *key = NULL;
1388 	struct role_datum *role;
1389 	int rc;
1390 	unsigned int to_read = 2;
1391 	__le32 buf[3];
1392 	u32 len;
1393 
1394 	role = kzalloc(sizeof(*role), GFP_KERNEL);
1395 	if (!role)
1396 		return -ENOMEM;
1397 
1398 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1399 		to_read = 3;
1400 
1401 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1402 	if (rc)
1403 		goto bad;
1404 
1405 	len = le32_to_cpu(buf[0]);
1406 	role->value = le32_to_cpu(buf[1]);
1407 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1408 		role->bounds = le32_to_cpu(buf[2]);
1409 
1410 	rc = str_read(&key, GFP_KERNEL, fp, len);
1411 	if (rc)
1412 		goto bad;
1413 
1414 	rc = ebitmap_read(&role->dominates, fp);
1415 	if (rc)
1416 		goto bad;
1417 
1418 	rc = ebitmap_read(&role->types, fp);
1419 	if (rc)
1420 		goto bad;
1421 
1422 	if (strcmp(key, OBJECT_R) == 0) {
1423 		rc = -EINVAL;
1424 		if (role->value != OBJECT_R_VAL) {
1425 			pr_err("SELinux: Role %s has wrong value %d\n",
1426 			       OBJECT_R, role->value);
1427 			goto bad;
1428 		}
1429 		rc = 0;
1430 		goto bad;
1431 	}
1432 
1433 	rc = symtab_insert(s, key, role);
1434 	if (rc)
1435 		goto bad;
1436 	return 0;
1437 bad:
1438 	role_destroy(key, role, NULL);
1439 	return rc;
1440 }
1441 
type_read(struct policydb * p,struct symtab * s,void * fp)1442 static int type_read(struct policydb *p, struct symtab *s, void *fp)
1443 {
1444 	char *key = NULL;
1445 	struct type_datum *typdatum;
1446 	int rc;
1447 	unsigned int to_read = 3;
1448 	__le32 buf[4];
1449 	u32 len;
1450 
1451 	typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1452 	if (!typdatum)
1453 		return -ENOMEM;
1454 
1455 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1456 		to_read = 4;
1457 
1458 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1459 	if (rc)
1460 		goto bad;
1461 
1462 	len = le32_to_cpu(buf[0]);
1463 	typdatum->value = le32_to_cpu(buf[1]);
1464 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1465 		u32 prop = le32_to_cpu(buf[2]);
1466 
1467 		if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1468 			typdatum->primary = 1;
1469 		if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1470 			typdatum->attribute = 1;
1471 
1472 		typdatum->bounds = le32_to_cpu(buf[3]);
1473 	} else {
1474 		typdatum->primary = le32_to_cpu(buf[2]);
1475 	}
1476 
1477 	rc = str_read(&key, GFP_KERNEL, fp, len);
1478 	if (rc)
1479 		goto bad;
1480 
1481 	rc = symtab_insert(s, key, typdatum);
1482 	if (rc)
1483 		goto bad;
1484 	return 0;
1485 bad:
1486 	type_destroy(key, typdatum, NULL);
1487 	return rc;
1488 }
1489 
1490 
1491 /*
1492  * Read a MLS level structure from a policydb binary
1493  * representation file.
1494  */
mls_read_level(struct mls_level * lp,void * fp)1495 static int mls_read_level(struct mls_level *lp, void *fp)
1496 {
1497 	__le32 buf[1];
1498 	int rc;
1499 
1500 	memset(lp, 0, sizeof(*lp));
1501 
1502 	rc = next_entry(buf, fp, sizeof buf);
1503 	if (rc) {
1504 		pr_err("SELinux: mls: truncated level\n");
1505 		return rc;
1506 	}
1507 	lp->sens = le32_to_cpu(buf[0]);
1508 
1509 	rc = ebitmap_read(&lp->cat, fp);
1510 	if (rc) {
1511 		pr_err("SELinux: mls:  error reading level categories\n");
1512 		return rc;
1513 	}
1514 	return 0;
1515 }
1516 
user_read(struct policydb * p,struct symtab * s,void * fp)1517 static int user_read(struct policydb *p, struct symtab *s, void *fp)
1518 {
1519 	char *key = NULL;
1520 	struct user_datum *usrdatum;
1521 	int rc;
1522 	unsigned int to_read = 2;
1523 	__le32 buf[3];
1524 	u32 len;
1525 
1526 	usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1527 	if (!usrdatum)
1528 		return -ENOMEM;
1529 
1530 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1531 		to_read = 3;
1532 
1533 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1534 	if (rc)
1535 		goto bad;
1536 
1537 	len = le32_to_cpu(buf[0]);
1538 	usrdatum->value = le32_to_cpu(buf[1]);
1539 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1540 		usrdatum->bounds = le32_to_cpu(buf[2]);
1541 
1542 	rc = str_read(&key, GFP_KERNEL, fp, len);
1543 	if (rc)
1544 		goto bad;
1545 
1546 	rc = ebitmap_read(&usrdatum->roles, fp);
1547 	if (rc)
1548 		goto bad;
1549 
1550 	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1551 		rc = mls_read_range_helper(&usrdatum->range, fp);
1552 		if (rc)
1553 			goto bad;
1554 		rc = mls_read_level(&usrdatum->dfltlevel, fp);
1555 		if (rc)
1556 			goto bad;
1557 	}
1558 
1559 	rc = symtab_insert(s, key, usrdatum);
1560 	if (rc)
1561 		goto bad;
1562 	return 0;
1563 bad:
1564 	user_destroy(key, usrdatum, NULL);
1565 	return rc;
1566 }
1567 
sens_read(struct policydb * p,struct symtab * s,void * fp)1568 static int sens_read(struct policydb *p, struct symtab *s, void *fp)
1569 {
1570 	char *key = NULL;
1571 	struct level_datum *levdatum;
1572 	int rc;
1573 	__le32 buf[2];
1574 	u32 len;
1575 
1576 	levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL);
1577 	if (!levdatum)
1578 		return -ENOMEM;
1579 
1580 	rc = next_entry(buf, fp, sizeof buf);
1581 	if (rc)
1582 		goto bad;
1583 
1584 	len = le32_to_cpu(buf[0]);
1585 	levdatum->isalias = le32_to_cpu(buf[1]);
1586 
1587 	rc = str_read(&key, GFP_KERNEL, fp, len);
1588 	if (rc)
1589 		goto bad;
1590 
1591 	rc = -ENOMEM;
1592 	levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_KERNEL);
1593 	if (!levdatum->level)
1594 		goto bad;
1595 
1596 	rc = mls_read_level(levdatum->level, fp);
1597 	if (rc)
1598 		goto bad;
1599 
1600 	rc = symtab_insert(s, key, levdatum);
1601 	if (rc)
1602 		goto bad;
1603 	return 0;
1604 bad:
1605 	sens_destroy(key, levdatum, NULL);
1606 	return rc;
1607 }
1608 
cat_read(struct policydb * p,struct symtab * s,void * fp)1609 static int cat_read(struct policydb *p, struct symtab *s, void *fp)
1610 {
1611 	char *key = NULL;
1612 	struct cat_datum *catdatum;
1613 	int rc;
1614 	__le32 buf[3];
1615 	u32 len;
1616 
1617 	catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL);
1618 	if (!catdatum)
1619 		return -ENOMEM;
1620 
1621 	rc = next_entry(buf, fp, sizeof buf);
1622 	if (rc)
1623 		goto bad;
1624 
1625 	len = le32_to_cpu(buf[0]);
1626 	catdatum->value = le32_to_cpu(buf[1]);
1627 	catdatum->isalias = le32_to_cpu(buf[2]);
1628 
1629 	rc = str_read(&key, GFP_KERNEL, fp, len);
1630 	if (rc)
1631 		goto bad;
1632 
1633 	rc = symtab_insert(s, key, catdatum);
1634 	if (rc)
1635 		goto bad;
1636 	return 0;
1637 bad:
1638 	cat_destroy(key, catdatum, NULL);
1639 	return rc;
1640 }
1641 
1642 static int (*const read_f[SYM_NUM]) (struct policydb *p,
1643 				     struct symtab *s, void *fp) = {
1644 	common_read,
1645 	class_read,
1646 	role_read,
1647 	type_read,
1648 	user_read,
1649 	cond_read_bool,
1650 	sens_read,
1651 	cat_read,
1652 };
1653 
user_bounds_sanity_check(void * key,void * datum,void * datap)1654 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1655 {
1656 	struct user_datum *upper, *user;
1657 	struct policydb *p = datap;
1658 	int depth = 0;
1659 
1660 	upper = user = datum;
1661 	while (upper->bounds) {
1662 		struct ebitmap_node *node;
1663 		u32 bit;
1664 
1665 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1666 			pr_err("SELinux: user %s: "
1667 			       "too deep or looped boundary\n",
1668 			       (char *) key);
1669 			return -EINVAL;
1670 		}
1671 
1672 		upper = p->user_val_to_struct[upper->bounds - 1];
1673 		ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1674 			if (ebitmap_get_bit(&upper->roles, bit))
1675 				continue;
1676 
1677 			pr_err("SELinux: boundary violated policy: "
1678 			       "user=%s role=%s bounds=%s\n",
1679 			       sym_name(p, SYM_USERS, user->value - 1),
1680 			       sym_name(p, SYM_ROLES, bit),
1681 			       sym_name(p, SYM_USERS, upper->value - 1));
1682 
1683 			return -EINVAL;
1684 		}
1685 	}
1686 
1687 	return 0;
1688 }
1689 
role_bounds_sanity_check(void * key,void * datum,void * datap)1690 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1691 {
1692 	struct role_datum *upper, *role;
1693 	struct policydb *p = datap;
1694 	int depth = 0;
1695 
1696 	upper = role = datum;
1697 	while (upper->bounds) {
1698 		struct ebitmap_node *node;
1699 		u32 bit;
1700 
1701 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1702 			pr_err("SELinux: role %s: "
1703 			       "too deep or looped bounds\n",
1704 			       (char *) key);
1705 			return -EINVAL;
1706 		}
1707 
1708 		upper = p->role_val_to_struct[upper->bounds - 1];
1709 		ebitmap_for_each_positive_bit(&role->types, node, bit) {
1710 			if (ebitmap_get_bit(&upper->types, bit))
1711 				continue;
1712 
1713 			pr_err("SELinux: boundary violated policy: "
1714 			       "role=%s type=%s bounds=%s\n",
1715 			       sym_name(p, SYM_ROLES, role->value - 1),
1716 			       sym_name(p, SYM_TYPES, bit),
1717 			       sym_name(p, SYM_ROLES, upper->value - 1));
1718 
1719 			return -EINVAL;
1720 		}
1721 	}
1722 
1723 	return 0;
1724 }
1725 
type_bounds_sanity_check(void * key,void * datum,void * datap)1726 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1727 {
1728 	struct type_datum *upper;
1729 	struct policydb *p = datap;
1730 	int depth = 0;
1731 
1732 	upper = datum;
1733 	while (upper->bounds) {
1734 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1735 			pr_err("SELinux: type %s: "
1736 			       "too deep or looped boundary\n",
1737 			       (char *) key);
1738 			return -EINVAL;
1739 		}
1740 
1741 		upper = p->type_val_to_struct[upper->bounds - 1];
1742 		BUG_ON(!upper);
1743 
1744 		if (upper->attribute) {
1745 			pr_err("SELinux: type %s: "
1746 			       "bounded by attribute %s\n",
1747 			       (char *) key,
1748 			       sym_name(p, SYM_TYPES, upper->value - 1));
1749 			return -EINVAL;
1750 		}
1751 	}
1752 
1753 	return 0;
1754 }
1755 
policydb_bounds_sanity_check(struct policydb * p)1756 static int policydb_bounds_sanity_check(struct policydb *p)
1757 {
1758 	int rc;
1759 
1760 	if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1761 		return 0;
1762 
1763 	rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p);
1764 	if (rc)
1765 		return rc;
1766 
1767 	rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p);
1768 	if (rc)
1769 		return rc;
1770 
1771 	rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p);
1772 	if (rc)
1773 		return rc;
1774 
1775 	return 0;
1776 }
1777 
string_to_security_class(struct policydb * p,const char * name)1778 u16 string_to_security_class(struct policydb *p, const char *name)
1779 {
1780 	struct class_datum *cladatum;
1781 
1782 	cladatum = symtab_search(&p->p_classes, name);
1783 	if (!cladatum)
1784 		return 0;
1785 
1786 	return cladatum->value;
1787 }
1788 
string_to_av_perm(struct policydb * p,u16 tclass,const char * name)1789 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1790 {
1791 	struct class_datum *cladatum;
1792 	struct perm_datum *perdatum = NULL;
1793 	struct common_datum *comdatum;
1794 
1795 	if (!tclass || tclass > p->p_classes.nprim)
1796 		return 0;
1797 
1798 	cladatum = p->class_val_to_struct[tclass-1];
1799 	comdatum = cladatum->comdatum;
1800 	if (comdatum)
1801 		perdatum = symtab_search(&comdatum->permissions, name);
1802 	if (!perdatum)
1803 		perdatum = symtab_search(&cladatum->permissions, name);
1804 	if (!perdatum)
1805 		return 0;
1806 
1807 	return 1U << (perdatum->value-1);
1808 }
1809 
range_read(struct policydb * p,void * fp)1810 static int range_read(struct policydb *p, void *fp)
1811 {
1812 	struct range_trans *rt = NULL;
1813 	struct mls_range *r = NULL;
1814 	int rc;
1815 	__le32 buf[2];
1816 	u32 i, nel;
1817 
1818 	if (p->policyvers < POLICYDB_VERSION_MLS)
1819 		return 0;
1820 
1821 	rc = next_entry(buf, fp, sizeof(u32));
1822 	if (rc)
1823 		return rc;
1824 
1825 	nel = le32_to_cpu(buf[0]);
1826 
1827 	rc = hashtab_init(&p->range_tr, nel);
1828 	if (rc)
1829 		return rc;
1830 
1831 	for (i = 0; i < nel; i++) {
1832 		rc = -ENOMEM;
1833 		rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1834 		if (!rt)
1835 			goto out;
1836 
1837 		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1838 		if (rc)
1839 			goto out;
1840 
1841 		rt->source_type = le32_to_cpu(buf[0]);
1842 		rt->target_type = le32_to_cpu(buf[1]);
1843 		if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1844 			rc = next_entry(buf, fp, sizeof(u32));
1845 			if (rc)
1846 				goto out;
1847 			rt->target_class = le32_to_cpu(buf[0]);
1848 		} else
1849 			rt->target_class = p->process_class;
1850 
1851 		rc = -EINVAL;
1852 		if (!policydb_type_isvalid(p, rt->source_type) ||
1853 		    !policydb_type_isvalid(p, rt->target_type) ||
1854 		    !policydb_class_isvalid(p, rt->target_class))
1855 			goto out;
1856 
1857 		rc = -ENOMEM;
1858 		r = kzalloc(sizeof(*r), GFP_KERNEL);
1859 		if (!r)
1860 			goto out;
1861 
1862 		rc = mls_read_range_helper(r, fp);
1863 		if (rc)
1864 			goto out;
1865 
1866 		rc = -EINVAL;
1867 		if (!mls_range_isvalid(p, r)) {
1868 			pr_warn("SELinux:  rangetrans:  invalid range\n");
1869 			goto out;
1870 		}
1871 
1872 		rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params);
1873 		if (rc)
1874 			goto out;
1875 
1876 		rt = NULL;
1877 		r = NULL;
1878 	}
1879 	hash_eval(&p->range_tr, "rangetr");
1880 	rc = 0;
1881 out:
1882 	kfree(rt);
1883 	kfree(r);
1884 	return rc;
1885 }
1886 
filename_trans_read_helper_compat(struct policydb * p,void * fp)1887 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1888 {
1889 	struct filename_trans_key key, *ft = NULL;
1890 	struct filename_trans_datum *last, *datum = NULL;
1891 	char *name = NULL;
1892 	u32 len, stype, otype;
1893 	__le32 buf[4];
1894 	int rc;
1895 
1896 	/* length of the path component string */
1897 	rc = next_entry(buf, fp, sizeof(u32));
1898 	if (rc)
1899 		return rc;
1900 	len = le32_to_cpu(buf[0]);
1901 
1902 	/* path component string */
1903 	rc = str_read(&name, GFP_KERNEL, fp, len);
1904 	if (rc)
1905 		return rc;
1906 
1907 	rc = next_entry(buf, fp, sizeof(u32) * 4);
1908 	if (rc)
1909 		goto out;
1910 
1911 	stype = le32_to_cpu(buf[0]);
1912 	key.ttype = le32_to_cpu(buf[1]);
1913 	key.tclass = le32_to_cpu(buf[2]);
1914 	key.name = name;
1915 
1916 	otype = le32_to_cpu(buf[3]);
1917 
1918 	last = NULL;
1919 	datum = policydb_filenametr_search(p, &key);
1920 	while (datum) {
1921 		if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1922 			/* conflicting/duplicate rules are ignored */
1923 			datum = NULL;
1924 			goto out;
1925 		}
1926 		if (likely(datum->otype == otype))
1927 			break;
1928 		last = datum;
1929 		datum = datum->next;
1930 	}
1931 	if (!datum) {
1932 		rc = -ENOMEM;
1933 		datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1934 		if (!datum)
1935 			goto out;
1936 
1937 		ebitmap_init(&datum->stypes);
1938 		datum->otype = otype;
1939 		datum->next = NULL;
1940 
1941 		if (unlikely(last)) {
1942 			last->next = datum;
1943 		} else {
1944 			rc = -ENOMEM;
1945 			ft = kmemdup(&key, sizeof(key), GFP_KERNEL);
1946 			if (!ft)
1947 				goto out;
1948 
1949 			rc = hashtab_insert(&p->filename_trans, ft, datum,
1950 					    filenametr_key_params);
1951 			if (rc)
1952 				goto out;
1953 			name = NULL;
1954 
1955 			rc = ebitmap_set_bit(&p->filename_trans_ttypes,
1956 					     key.ttype, 1);
1957 			if (rc)
1958 				return rc;
1959 		}
1960 	}
1961 	kfree(name);
1962 	return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
1963 
1964 out:
1965 	kfree(ft);
1966 	kfree(name);
1967 	kfree(datum);
1968 	return rc;
1969 }
1970 
filename_trans_read_helper(struct policydb * p,void * fp)1971 static int filename_trans_read_helper(struct policydb *p, void *fp)
1972 {
1973 	struct filename_trans_key *ft = NULL;
1974 	struct filename_trans_datum **dst, *datum, *first = NULL;
1975 	char *name = NULL;
1976 	u32 len, ttype, tclass, ndatum, i;
1977 	__le32 buf[3];
1978 	int rc;
1979 
1980 	/* length of the path component string */
1981 	rc = next_entry(buf, fp, sizeof(u32));
1982 	if (rc)
1983 		return rc;
1984 	len = le32_to_cpu(buf[0]);
1985 
1986 	/* path component string */
1987 	rc = str_read(&name, GFP_KERNEL, fp, len);
1988 	if (rc)
1989 		return rc;
1990 
1991 	rc = next_entry(buf, fp, sizeof(u32) * 3);
1992 	if (rc)
1993 		goto out;
1994 
1995 	ttype = le32_to_cpu(buf[0]);
1996 	tclass = le32_to_cpu(buf[1]);
1997 
1998 	ndatum = le32_to_cpu(buf[2]);
1999 	if (ndatum == 0) {
2000 		pr_err("SELinux:  Filename transition key with no datum\n");
2001 		rc = -ENOENT;
2002 		goto out;
2003 	}
2004 
2005 	dst = &first;
2006 	for (i = 0; i < ndatum; i++) {
2007 		rc = -ENOMEM;
2008 		datum = kmalloc(sizeof(*datum), GFP_KERNEL);
2009 		if (!datum)
2010 			goto out;
2011 
2012 		datum->next = NULL;
2013 		*dst = datum;
2014 
2015 		/* ebitmap_read() will at least init the bitmap */
2016 		rc = ebitmap_read(&datum->stypes, fp);
2017 		if (rc)
2018 			goto out;
2019 
2020 		rc = next_entry(buf, fp, sizeof(u32));
2021 		if (rc)
2022 			goto out;
2023 
2024 		datum->otype = le32_to_cpu(buf[0]);
2025 
2026 		dst = &datum->next;
2027 	}
2028 
2029 	rc = -ENOMEM;
2030 	ft = kmalloc(sizeof(*ft), GFP_KERNEL);
2031 	if (!ft)
2032 		goto out;
2033 
2034 	ft->ttype = ttype;
2035 	ft->tclass = tclass;
2036 	ft->name = name;
2037 
2038 	rc = hashtab_insert(&p->filename_trans, ft, first,
2039 			    filenametr_key_params);
2040 	if (rc == -EEXIST)
2041 		pr_err("SELinux:  Duplicate filename transition key\n");
2042 	if (rc)
2043 		goto out;
2044 
2045 	return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1);
2046 
2047 out:
2048 	kfree(ft);
2049 	kfree(name);
2050 	while (first) {
2051 		datum = first;
2052 		first = first->next;
2053 
2054 		ebitmap_destroy(&datum->stypes);
2055 		kfree(datum);
2056 	}
2057 	return rc;
2058 }
2059 
filename_trans_read(struct policydb * p,void * fp)2060 static int filename_trans_read(struct policydb *p, void *fp)
2061 {
2062 	u32 nel, i;
2063 	__le32 buf[1];
2064 	int rc;
2065 
2066 	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
2067 		return 0;
2068 
2069 	rc = next_entry(buf, fp, sizeof(u32));
2070 	if (rc)
2071 		return rc;
2072 	nel = le32_to_cpu(buf[0]);
2073 
2074 	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2075 		p->compat_filename_trans_count = nel;
2076 
2077 		rc = hashtab_init(&p->filename_trans, (1 << 11));
2078 		if (rc)
2079 			return rc;
2080 
2081 		for (i = 0; i < nel; i++) {
2082 			rc = filename_trans_read_helper_compat(p, fp);
2083 			if (rc)
2084 				return rc;
2085 		}
2086 	} else {
2087 		rc = hashtab_init(&p->filename_trans, nel);
2088 		if (rc)
2089 			return rc;
2090 
2091 		for (i = 0; i < nel; i++) {
2092 			rc = filename_trans_read_helper(p, fp);
2093 			if (rc)
2094 				return rc;
2095 		}
2096 	}
2097 	hash_eval(&p->filename_trans, "filenametr");
2098 	return 0;
2099 }
2100 
genfs_read(struct policydb * p,void * fp)2101 static int genfs_read(struct policydb *p, void *fp)
2102 {
2103 	int rc;
2104 	u32 i, j, nel, nel2, len, len2;
2105 	__le32 buf[1];
2106 	struct ocontext *l, *c;
2107 	struct ocontext *newc = NULL;
2108 	struct genfs *genfs_p, *genfs;
2109 	struct genfs *newgenfs = NULL;
2110 
2111 	rc = next_entry(buf, fp, sizeof(u32));
2112 	if (rc)
2113 		return rc;
2114 	nel = le32_to_cpu(buf[0]);
2115 
2116 	for (i = 0; i < nel; i++) {
2117 		rc = next_entry(buf, fp, sizeof(u32));
2118 		if (rc)
2119 			goto out;
2120 		len = le32_to_cpu(buf[0]);
2121 
2122 		rc = -ENOMEM;
2123 		newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2124 		if (!newgenfs)
2125 			goto out;
2126 
2127 		rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len);
2128 		if (rc)
2129 			goto out;
2130 
2131 		for (genfs_p = NULL, genfs = p->genfs; genfs;
2132 		     genfs_p = genfs, genfs = genfs->next) {
2133 			rc = -EINVAL;
2134 			if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2135 				pr_err("SELinux:  dup genfs fstype %s\n",
2136 				       newgenfs->fstype);
2137 				goto out;
2138 			}
2139 			if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2140 				break;
2141 		}
2142 		newgenfs->next = genfs;
2143 		if (genfs_p)
2144 			genfs_p->next = newgenfs;
2145 		else
2146 			p->genfs = newgenfs;
2147 		genfs = newgenfs;
2148 		newgenfs = NULL;
2149 
2150 		rc = next_entry(buf, fp, sizeof(u32));
2151 		if (rc)
2152 			goto out;
2153 
2154 		nel2 = le32_to_cpu(buf[0]);
2155 		for (j = 0; j < nel2; j++) {
2156 			rc = next_entry(buf, fp, sizeof(u32));
2157 			if (rc)
2158 				goto out;
2159 			len = le32_to_cpu(buf[0]);
2160 
2161 			rc = -ENOMEM;
2162 			newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2163 			if (!newc)
2164 				goto out;
2165 
2166 			rc = str_read(&newc->u.name, GFP_KERNEL, fp, len);
2167 			if (rc)
2168 				goto out;
2169 
2170 			rc = next_entry(buf, fp, sizeof(u32));
2171 			if (rc)
2172 				goto out;
2173 
2174 			newc->v.sclass = le32_to_cpu(buf[0]);
2175 			rc = context_read_and_validate(&newc->context[0], p, fp);
2176 			if (rc)
2177 				goto out;
2178 
2179 			for (l = NULL, c = genfs->head; c;
2180 			     l = c, c = c->next) {
2181 				rc = -EINVAL;
2182 				if (!strcmp(newc->u.name, c->u.name) &&
2183 				    (!c->v.sclass || !newc->v.sclass ||
2184 				     newc->v.sclass == c->v.sclass)) {
2185 					pr_err("SELinux:  dup genfs entry (%s,%s)\n",
2186 					       genfs->fstype, c->u.name);
2187 					goto out;
2188 				}
2189 				len = strlen(newc->u.name);
2190 				len2 = strlen(c->u.name);
2191 				if (len > len2)
2192 					break;
2193 			}
2194 
2195 			newc->next = c;
2196 			if (l)
2197 				l->next = newc;
2198 			else
2199 				genfs->head = newc;
2200 			newc = NULL;
2201 		}
2202 	}
2203 	rc = 0;
2204 out:
2205 	if (newgenfs) {
2206 		kfree(newgenfs->fstype);
2207 		kfree(newgenfs);
2208 	}
2209 	ocontext_destroy(newc, OCON_FSUSE);
2210 
2211 	return rc;
2212 }
2213 
ocontext_read(struct policydb * p,const struct policydb_compat_info * info,void * fp)2214 static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info,
2215 			 void *fp)
2216 {
2217 	int rc;
2218 	unsigned int i;
2219 	u32 j, nel, len;
2220 	__be64 prefixbuf[1];
2221 	__le32 buf[3];
2222 	struct ocontext *l, *c;
2223 	u32 nodebuf[8];
2224 
2225 	for (i = 0; i < info->ocon_num; i++) {
2226 		rc = next_entry(buf, fp, sizeof(u32));
2227 		if (rc)
2228 			goto out;
2229 		nel = le32_to_cpu(buf[0]);
2230 
2231 		l = NULL;
2232 		for (j = 0; j < nel; j++) {
2233 			rc = -ENOMEM;
2234 			c = kzalloc(sizeof(*c), GFP_KERNEL);
2235 			if (!c)
2236 				goto out;
2237 			if (l)
2238 				l->next = c;
2239 			else
2240 				p->ocontexts[i] = c;
2241 			l = c;
2242 
2243 			switch (i) {
2244 			case OCON_ISID:
2245 				rc = next_entry(buf, fp, sizeof(u32));
2246 				if (rc)
2247 					goto out;
2248 
2249 				c->sid[0] = le32_to_cpu(buf[0]);
2250 				rc = context_read_and_validate(&c->context[0], p, fp);
2251 				if (rc)
2252 					goto out;
2253 				break;
2254 			case OCON_FS:
2255 			case OCON_NETIF:
2256 				rc = next_entry(buf, fp, sizeof(u32));
2257 				if (rc)
2258 					goto out;
2259 				len = le32_to_cpu(buf[0]);
2260 
2261 				rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2262 				if (rc)
2263 					goto out;
2264 
2265 				if (i == OCON_FS)
2266 					pr_warn("SELinux:  void and deprecated fs ocon %s\n",
2267 						c->u.name);
2268 
2269 				rc = context_read_and_validate(&c->context[0], p, fp);
2270 				if (rc)
2271 					goto out;
2272 				rc = context_read_and_validate(&c->context[1], p, fp);
2273 				if (rc)
2274 					goto out;
2275 				break;
2276 			case OCON_PORT:
2277 				rc = next_entry(buf, fp, sizeof(u32)*3);
2278 				if (rc)
2279 					goto out;
2280 				c->u.port.protocol = le32_to_cpu(buf[0]);
2281 				c->u.port.low_port = le32_to_cpu(buf[1]);
2282 				c->u.port.high_port = le32_to_cpu(buf[2]);
2283 				rc = context_read_and_validate(&c->context[0], p, fp);
2284 				if (rc)
2285 					goto out;
2286 				break;
2287 			case OCON_NODE:
2288 				rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2289 				if (rc)
2290 					goto out;
2291 				c->u.node.addr = nodebuf[0]; /* network order */
2292 				c->u.node.mask = nodebuf[1]; /* network order */
2293 				rc = context_read_and_validate(&c->context[0], p, fp);
2294 				if (rc)
2295 					goto out;
2296 				break;
2297 			case OCON_FSUSE:
2298 				rc = next_entry(buf, fp, sizeof(u32)*2);
2299 				if (rc)
2300 					goto out;
2301 
2302 				rc = -EINVAL;
2303 				c->v.behavior = le32_to_cpu(buf[0]);
2304 				/* Determined at runtime, not in policy DB. */
2305 				if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2306 					goto out;
2307 				if (c->v.behavior > SECURITY_FS_USE_MAX)
2308 					goto out;
2309 
2310 				len = le32_to_cpu(buf[1]);
2311 				rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2312 				if (rc)
2313 					goto out;
2314 
2315 				rc = context_read_and_validate(&c->context[0], p, fp);
2316 				if (rc)
2317 					goto out;
2318 				break;
2319 			case OCON_NODE6: {
2320 				int k;
2321 
2322 				rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2323 				if (rc)
2324 					goto out;
2325 				for (k = 0; k < 4; k++)
2326 					c->u.node6.addr[k] = nodebuf[k];
2327 				for (k = 0; k < 4; k++)
2328 					c->u.node6.mask[k] = nodebuf[k+4];
2329 				rc = context_read_and_validate(&c->context[0], p, fp);
2330 				if (rc)
2331 					goto out;
2332 				break;
2333 			}
2334 			case OCON_IBPKEY: {
2335 				u32 pkey_lo, pkey_hi;
2336 
2337 				rc = next_entry(prefixbuf, fp, sizeof(u64));
2338 				if (rc)
2339 					goto out;
2340 
2341 				/* we need to have subnet_prefix in CPU order */
2342 				c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]);
2343 
2344 				rc = next_entry(buf, fp, sizeof(u32) * 2);
2345 				if (rc)
2346 					goto out;
2347 
2348 				pkey_lo = le32_to_cpu(buf[0]);
2349 				pkey_hi = le32_to_cpu(buf[1]);
2350 
2351 				if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) {
2352 					rc = -EINVAL;
2353 					goto out;
2354 				}
2355 
2356 				c->u.ibpkey.low_pkey  = pkey_lo;
2357 				c->u.ibpkey.high_pkey = pkey_hi;
2358 
2359 				rc = context_read_and_validate(&c->context[0],
2360 							       p,
2361 							       fp);
2362 				if (rc)
2363 					goto out;
2364 				break;
2365 			}
2366 			case OCON_IBENDPORT: {
2367 				u32 port;
2368 
2369 				rc = next_entry(buf, fp, sizeof(u32) * 2);
2370 				if (rc)
2371 					goto out;
2372 				len = le32_to_cpu(buf[0]);
2373 
2374 				rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2375 				if (rc)
2376 					goto out;
2377 
2378 				port = le32_to_cpu(buf[1]);
2379 				if (port > U8_MAX || port == 0) {
2380 					rc = -EINVAL;
2381 					goto out;
2382 				}
2383 
2384 				c->u.ibendport.port = port;
2385 
2386 				rc = context_read_and_validate(&c->context[0],
2387 							       p,
2388 							       fp);
2389 				if (rc)
2390 					goto out;
2391 				break;
2392 			} /* end case */
2393 			} /* end switch */
2394 		}
2395 	}
2396 	rc = 0;
2397 out:
2398 	return rc;
2399 }
2400 
2401 /*
2402  * Read the configuration data from a policy database binary
2403  * representation file into a policy database structure.
2404  */
policydb_read(struct policydb * p,void * fp)2405 int policydb_read(struct policydb *p, void *fp)
2406 {
2407 	struct role_allow *ra, *lra;
2408 	struct role_trans_key *rtk = NULL;
2409 	struct role_trans_datum *rtd = NULL;
2410 	int rc;
2411 	__le32 buf[4];
2412 	u32 i, j, len, nprim, nel, perm;
2413 
2414 	char *policydb_str;
2415 	const struct policydb_compat_info *info;
2416 
2417 	policydb_init(p);
2418 
2419 	/* Read the magic number and string length. */
2420 	rc = next_entry(buf, fp, sizeof(u32) * 2);
2421 	if (rc)
2422 		goto bad;
2423 
2424 	rc = -EINVAL;
2425 	if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2426 		pr_err("SELinux:  policydb magic number 0x%x does "
2427 		       "not match expected magic number 0x%x\n",
2428 		       le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2429 		goto bad;
2430 	}
2431 
2432 	rc = -EINVAL;
2433 	len = le32_to_cpu(buf[1]);
2434 	if (len != strlen(POLICYDB_STRING)) {
2435 		pr_err("SELinux:  policydb string length %d does not "
2436 		       "match expected length %zu\n",
2437 		       len, strlen(POLICYDB_STRING));
2438 		goto bad;
2439 	}
2440 
2441 	rc = -ENOMEM;
2442 	policydb_str = kmalloc(len + 1, GFP_KERNEL);
2443 	if (!policydb_str) {
2444 		pr_err("SELinux:  unable to allocate memory for policydb "
2445 		       "string of length %d\n", len);
2446 		goto bad;
2447 	}
2448 
2449 	rc = next_entry(policydb_str, fp, len);
2450 	if (rc) {
2451 		pr_err("SELinux:  truncated policydb string identifier\n");
2452 		kfree(policydb_str);
2453 		goto bad;
2454 	}
2455 
2456 	rc = -EINVAL;
2457 	policydb_str[len] = '\0';
2458 	if (strcmp(policydb_str, POLICYDB_STRING)) {
2459 		pr_err("SELinux:  policydb string %s does not match "
2460 		       "my string %s\n", policydb_str, POLICYDB_STRING);
2461 		kfree(policydb_str);
2462 		goto bad;
2463 	}
2464 	/* Done with policydb_str. */
2465 	kfree(policydb_str);
2466 	policydb_str = NULL;
2467 
2468 	/* Read the version and table sizes. */
2469 	rc = next_entry(buf, fp, sizeof(u32)*4);
2470 	if (rc)
2471 		goto bad;
2472 
2473 	rc = -EINVAL;
2474 	p->policyvers = le32_to_cpu(buf[0]);
2475 	if (p->policyvers < POLICYDB_VERSION_MIN ||
2476 	    p->policyvers > POLICYDB_VERSION_MAX) {
2477 		pr_err("SELinux:  policydb version %d does not match "
2478 		       "my version range %d-%d\n",
2479 		       le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2480 		goto bad;
2481 	}
2482 
2483 	if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2484 		p->mls_enabled = 1;
2485 
2486 		rc = -EINVAL;
2487 		if (p->policyvers < POLICYDB_VERSION_MLS) {
2488 			pr_err("SELinux: security policydb version %d "
2489 				"(MLS) not backwards compatible\n",
2490 				p->policyvers);
2491 			goto bad;
2492 		}
2493 	}
2494 	p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2495 	p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2496 
2497 	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2498 		rc = ebitmap_read(&p->policycaps, fp);
2499 		if (rc)
2500 			goto bad;
2501 	}
2502 
2503 	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2504 		rc = ebitmap_read(&p->permissive_map, fp);
2505 		if (rc)
2506 			goto bad;
2507 	}
2508 
2509 	rc = -EINVAL;
2510 	info = policydb_lookup_compat(p->policyvers);
2511 	if (!info) {
2512 		pr_err("SELinux:  unable to find policy compat info "
2513 		       "for version %d\n", p->policyvers);
2514 		goto bad;
2515 	}
2516 
2517 	rc = -EINVAL;
2518 	if (le32_to_cpu(buf[2]) != info->sym_num ||
2519 		le32_to_cpu(buf[3]) != info->ocon_num) {
2520 		pr_err("SELinux:  policydb table sizes (%d,%d) do "
2521 		       "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2522 			le32_to_cpu(buf[3]),
2523 		       info->sym_num, info->ocon_num);
2524 		goto bad;
2525 	}
2526 
2527 	for (i = 0; i < info->sym_num; i++) {
2528 		rc = next_entry(buf, fp, sizeof(u32)*2);
2529 		if (rc)
2530 			goto bad;
2531 		nprim = le32_to_cpu(buf[0]);
2532 		nel = le32_to_cpu(buf[1]);
2533 
2534 		rc = symtab_init(&p->symtab[i], nel);
2535 		if (rc)
2536 			goto out;
2537 
2538 		if (i == SYM_ROLES) {
2539 			rc = roles_init(p);
2540 			if (rc)
2541 				goto out;
2542 		}
2543 
2544 		for (j = 0; j < nel; j++) {
2545 			rc = read_f[i](p, &p->symtab[i], fp);
2546 			if (rc)
2547 				goto bad;
2548 		}
2549 
2550 		p->symtab[i].nprim = nprim;
2551 	}
2552 
2553 	rc = -EINVAL;
2554 	p->process_class = string_to_security_class(p, "process");
2555 	if (!p->process_class) {
2556 		pr_err("SELinux: process class is required, not defined in policy\n");
2557 		goto bad;
2558 	}
2559 
2560 	rc = avtab_read(&p->te_avtab, fp, p);
2561 	if (rc)
2562 		goto bad;
2563 
2564 	if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2565 		rc = cond_read_list(p, fp);
2566 		if (rc)
2567 			goto bad;
2568 	}
2569 
2570 	rc = next_entry(buf, fp, sizeof(u32));
2571 	if (rc)
2572 		goto bad;
2573 	nel = le32_to_cpu(buf[0]);
2574 
2575 	rc = hashtab_init(&p->role_tr, nel);
2576 	if (rc)
2577 		goto bad;
2578 	for (i = 0; i < nel; i++) {
2579 		rc = -ENOMEM;
2580 		rtk = kmalloc(sizeof(*rtk), GFP_KERNEL);
2581 		if (!rtk)
2582 			goto bad;
2583 
2584 		rc = -ENOMEM;
2585 		rtd = kmalloc(sizeof(*rtd), GFP_KERNEL);
2586 		if (!rtd)
2587 			goto bad;
2588 
2589 		rc = next_entry(buf, fp, sizeof(u32)*3);
2590 		if (rc)
2591 			goto bad;
2592 
2593 		rtk->role = le32_to_cpu(buf[0]);
2594 		rtk->type = le32_to_cpu(buf[1]);
2595 		rtd->new_role = le32_to_cpu(buf[2]);
2596 		if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2597 			rc = next_entry(buf, fp, sizeof(u32));
2598 			if (rc)
2599 				goto bad;
2600 			rtk->tclass = le32_to_cpu(buf[0]);
2601 		} else
2602 			rtk->tclass = p->process_class;
2603 
2604 		rc = -EINVAL;
2605 		if (!policydb_role_isvalid(p, rtk->role) ||
2606 		    !policydb_type_isvalid(p, rtk->type) ||
2607 		    !policydb_class_isvalid(p, rtk->tclass) ||
2608 		    !policydb_role_isvalid(p, rtd->new_role))
2609 			goto bad;
2610 
2611 		rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params);
2612 		if (rc)
2613 			goto bad;
2614 
2615 		rtk = NULL;
2616 		rtd = NULL;
2617 	}
2618 
2619 	rc = next_entry(buf, fp, sizeof(u32));
2620 	if (rc)
2621 		goto bad;
2622 	nel = le32_to_cpu(buf[0]);
2623 	lra = NULL;
2624 	for (i = 0; i < nel; i++) {
2625 		rc = -ENOMEM;
2626 		ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2627 		if (!ra)
2628 			goto bad;
2629 		if (lra)
2630 			lra->next = ra;
2631 		else
2632 			p->role_allow = ra;
2633 		rc = next_entry(buf, fp, sizeof(u32)*2);
2634 		if (rc)
2635 			goto bad;
2636 
2637 		rc = -EINVAL;
2638 		ra->role = le32_to_cpu(buf[0]);
2639 		ra->new_role = le32_to_cpu(buf[1]);
2640 		if (!policydb_role_isvalid(p, ra->role) ||
2641 		    !policydb_role_isvalid(p, ra->new_role))
2642 			goto bad;
2643 		lra = ra;
2644 	}
2645 
2646 	rc = filename_trans_read(p, fp);
2647 	if (rc)
2648 		goto bad;
2649 
2650 	rc = policydb_index(p);
2651 	if (rc)
2652 		goto bad;
2653 
2654 	rc = -EINVAL;
2655 	perm = string_to_av_perm(p, p->process_class, "transition");
2656 	if (!perm) {
2657 		pr_err("SELinux: process transition permission is required, not defined in policy\n");
2658 		goto bad;
2659 	}
2660 	p->process_trans_perms = perm;
2661 	perm = string_to_av_perm(p, p->process_class, "dyntransition");
2662 	if (!perm) {
2663 		pr_err("SELinux: process dyntransition permission is required, not defined in policy\n");
2664 		goto bad;
2665 	}
2666 	p->process_trans_perms |= perm;
2667 
2668 	rc = ocontext_read(p, info, fp);
2669 	if (rc)
2670 		goto bad;
2671 
2672 	rc = genfs_read(p, fp);
2673 	if (rc)
2674 		goto bad;
2675 
2676 	rc = range_read(p, fp);
2677 	if (rc)
2678 		goto bad;
2679 
2680 	rc = -ENOMEM;
2681 	p->type_attr_map_array = kvcalloc(p->p_types.nprim,
2682 					  sizeof(*p->type_attr_map_array),
2683 					  GFP_KERNEL);
2684 	if (!p->type_attr_map_array)
2685 		goto bad;
2686 
2687 	/* just in case ebitmap_init() becomes more than just a memset(0): */
2688 	for (i = 0; i < p->p_types.nprim; i++)
2689 		ebitmap_init(&p->type_attr_map_array[i]);
2690 
2691 	for (i = 0; i < p->p_types.nprim; i++) {
2692 		struct ebitmap *e = &p->type_attr_map_array[i];
2693 
2694 		if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2695 			rc = ebitmap_read(e, fp);
2696 			if (rc)
2697 				goto bad;
2698 		}
2699 		/* add the type itself as the degenerate case */
2700 		rc = ebitmap_set_bit(e, i, 1);
2701 		if (rc)
2702 			goto bad;
2703 	}
2704 
2705 	rc = policydb_bounds_sanity_check(p);
2706 	if (rc)
2707 		goto bad;
2708 
2709 	rc = 0;
2710 out:
2711 	return rc;
2712 bad:
2713 	kfree(rtk);
2714 	kfree(rtd);
2715 	policydb_destroy(p);
2716 	goto out;
2717 }
2718 
2719 /*
2720  * Write a MLS level structure to a policydb binary
2721  * representation file.
2722  */
mls_write_level(struct mls_level * l,void * fp)2723 static int mls_write_level(struct mls_level *l, void *fp)
2724 {
2725 	__le32 buf[1];
2726 	int rc;
2727 
2728 	buf[0] = cpu_to_le32(l->sens);
2729 	rc = put_entry(buf, sizeof(u32), 1, fp);
2730 	if (rc)
2731 		return rc;
2732 
2733 	rc = ebitmap_write(&l->cat, fp);
2734 	if (rc)
2735 		return rc;
2736 
2737 	return 0;
2738 }
2739 
2740 /*
2741  * Write a MLS range structure to a policydb binary
2742  * representation file.
2743  */
mls_write_range_helper(struct mls_range * r,void * fp)2744 static int mls_write_range_helper(struct mls_range *r, void *fp)
2745 {
2746 	__le32 buf[3];
2747 	size_t items;
2748 	int rc, eq;
2749 
2750 	eq = mls_level_eq(&r->level[1], &r->level[0]);
2751 
2752 	if (eq)
2753 		items = 2;
2754 	else
2755 		items = 3;
2756 	buf[0] = cpu_to_le32(items-1);
2757 	buf[1] = cpu_to_le32(r->level[0].sens);
2758 	if (!eq)
2759 		buf[2] = cpu_to_le32(r->level[1].sens);
2760 
2761 	BUG_ON(items > ARRAY_SIZE(buf));
2762 
2763 	rc = put_entry(buf, sizeof(u32), items, fp);
2764 	if (rc)
2765 		return rc;
2766 
2767 	rc = ebitmap_write(&r->level[0].cat, fp);
2768 	if (rc)
2769 		return rc;
2770 	if (!eq) {
2771 		rc = ebitmap_write(&r->level[1].cat, fp);
2772 		if (rc)
2773 			return rc;
2774 	}
2775 
2776 	return 0;
2777 }
2778 
sens_write(void * vkey,void * datum,void * ptr)2779 static int sens_write(void *vkey, void *datum, void *ptr)
2780 {
2781 	char *key = vkey;
2782 	struct level_datum *levdatum = datum;
2783 	struct policy_data *pd = ptr;
2784 	void *fp = pd->fp;
2785 	__le32 buf[2];
2786 	size_t len;
2787 	int rc;
2788 
2789 	len = strlen(key);
2790 	buf[0] = cpu_to_le32(len);
2791 	buf[1] = cpu_to_le32(levdatum->isalias);
2792 	rc = put_entry(buf, sizeof(u32), 2, fp);
2793 	if (rc)
2794 		return rc;
2795 
2796 	rc = put_entry(key, 1, len, fp);
2797 	if (rc)
2798 		return rc;
2799 
2800 	rc = mls_write_level(levdatum->level, fp);
2801 	if (rc)
2802 		return rc;
2803 
2804 	return 0;
2805 }
2806 
cat_write(void * vkey,void * datum,void * ptr)2807 static int cat_write(void *vkey, void *datum, void *ptr)
2808 {
2809 	char *key = vkey;
2810 	struct cat_datum *catdatum = datum;
2811 	struct policy_data *pd = ptr;
2812 	void *fp = pd->fp;
2813 	__le32 buf[3];
2814 	size_t len;
2815 	int rc;
2816 
2817 	len = strlen(key);
2818 	buf[0] = cpu_to_le32(len);
2819 	buf[1] = cpu_to_le32(catdatum->value);
2820 	buf[2] = cpu_to_le32(catdatum->isalias);
2821 	rc = put_entry(buf, sizeof(u32), 3, fp);
2822 	if (rc)
2823 		return rc;
2824 
2825 	rc = put_entry(key, 1, len, fp);
2826 	if (rc)
2827 		return rc;
2828 
2829 	return 0;
2830 }
2831 
role_trans_write_one(void * key,void * datum,void * ptr)2832 static int role_trans_write_one(void *key, void *datum, void *ptr)
2833 {
2834 	struct role_trans_key *rtk = key;
2835 	struct role_trans_datum *rtd = datum;
2836 	struct policy_data *pd = ptr;
2837 	void *fp = pd->fp;
2838 	struct policydb *p = pd->p;
2839 	__le32 buf[3];
2840 	int rc;
2841 
2842 	buf[0] = cpu_to_le32(rtk->role);
2843 	buf[1] = cpu_to_le32(rtk->type);
2844 	buf[2] = cpu_to_le32(rtd->new_role);
2845 	rc = put_entry(buf, sizeof(u32), 3, fp);
2846 	if (rc)
2847 		return rc;
2848 	if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2849 		buf[0] = cpu_to_le32(rtk->tclass);
2850 		rc = put_entry(buf, sizeof(u32), 1, fp);
2851 		if (rc)
2852 			return rc;
2853 	}
2854 	return 0;
2855 }
2856 
role_trans_write(struct policydb * p,void * fp)2857 static int role_trans_write(struct policydb *p, void *fp)
2858 {
2859 	struct policy_data pd = { .p = p, .fp = fp };
2860 	__le32 buf[1];
2861 	int rc;
2862 
2863 	buf[0] = cpu_to_le32(p->role_tr.nel);
2864 	rc = put_entry(buf, sizeof(u32), 1, fp);
2865 	if (rc)
2866 		return rc;
2867 
2868 	return hashtab_map(&p->role_tr, role_trans_write_one, &pd);
2869 }
2870 
role_allow_write(struct role_allow * r,void * fp)2871 static int role_allow_write(struct role_allow *r, void *fp)
2872 {
2873 	struct role_allow *ra;
2874 	__le32 buf[2];
2875 	size_t nel;
2876 	int rc;
2877 
2878 	nel = 0;
2879 	for (ra = r; ra; ra = ra->next)
2880 		nel++;
2881 	buf[0] = cpu_to_le32(nel);
2882 	rc = put_entry(buf, sizeof(u32), 1, fp);
2883 	if (rc)
2884 		return rc;
2885 	for (ra = r; ra; ra = ra->next) {
2886 		buf[0] = cpu_to_le32(ra->role);
2887 		buf[1] = cpu_to_le32(ra->new_role);
2888 		rc = put_entry(buf, sizeof(u32), 2, fp);
2889 		if (rc)
2890 			return rc;
2891 	}
2892 	return 0;
2893 }
2894 
2895 /*
2896  * Write a security context structure
2897  * to a policydb binary representation file.
2898  */
context_write(struct policydb * p,struct context * c,void * fp)2899 static int context_write(struct policydb *p, struct context *c,
2900 			 void *fp)
2901 {
2902 	int rc;
2903 	__le32 buf[3];
2904 
2905 	buf[0] = cpu_to_le32(c->user);
2906 	buf[1] = cpu_to_le32(c->role);
2907 	buf[2] = cpu_to_le32(c->type);
2908 
2909 	rc = put_entry(buf, sizeof(u32), 3, fp);
2910 	if (rc)
2911 		return rc;
2912 
2913 	rc = mls_write_range_helper(&c->range, fp);
2914 	if (rc)
2915 		return rc;
2916 
2917 	return 0;
2918 }
2919 
2920 /*
2921  * The following *_write functions are used to
2922  * write the symbol data to a policy database
2923  * binary representation file.
2924  */
2925 
perm_write(void * vkey,void * datum,void * fp)2926 static int perm_write(void *vkey, void *datum, void *fp)
2927 {
2928 	char *key = vkey;
2929 	struct perm_datum *perdatum = datum;
2930 	__le32 buf[2];
2931 	size_t len;
2932 	int rc;
2933 
2934 	len = strlen(key);
2935 	buf[0] = cpu_to_le32(len);
2936 	buf[1] = cpu_to_le32(perdatum->value);
2937 	rc = put_entry(buf, sizeof(u32), 2, fp);
2938 	if (rc)
2939 		return rc;
2940 
2941 	rc = put_entry(key, 1, len, fp);
2942 	if (rc)
2943 		return rc;
2944 
2945 	return 0;
2946 }
2947 
common_write(void * vkey,void * datum,void * ptr)2948 static int common_write(void *vkey, void *datum, void *ptr)
2949 {
2950 	char *key = vkey;
2951 	struct common_datum *comdatum = datum;
2952 	struct policy_data *pd = ptr;
2953 	void *fp = pd->fp;
2954 	__le32 buf[4];
2955 	size_t len;
2956 	int rc;
2957 
2958 	len = strlen(key);
2959 	buf[0] = cpu_to_le32(len);
2960 	buf[1] = cpu_to_le32(comdatum->value);
2961 	buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2962 	buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
2963 	rc = put_entry(buf, sizeof(u32), 4, fp);
2964 	if (rc)
2965 		return rc;
2966 
2967 	rc = put_entry(key, 1, len, fp);
2968 	if (rc)
2969 		return rc;
2970 
2971 	rc = hashtab_map(&comdatum->permissions.table, perm_write, fp);
2972 	if (rc)
2973 		return rc;
2974 
2975 	return 0;
2976 }
2977 
type_set_write(struct type_set * t,void * fp)2978 static int type_set_write(struct type_set *t, void *fp)
2979 {
2980 	int rc;
2981 	__le32 buf[1];
2982 
2983 	if (ebitmap_write(&t->types, fp))
2984 		return -EINVAL;
2985 	if (ebitmap_write(&t->negset, fp))
2986 		return -EINVAL;
2987 
2988 	buf[0] = cpu_to_le32(t->flags);
2989 	rc = put_entry(buf, sizeof(u32), 1, fp);
2990 	if (rc)
2991 		return -EINVAL;
2992 
2993 	return 0;
2994 }
2995 
write_cons_helper(struct policydb * p,struct constraint_node * node,void * fp)2996 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2997 			     void *fp)
2998 {
2999 	struct constraint_node *c;
3000 	struct constraint_expr *e;
3001 	__le32 buf[3];
3002 	u32 nel;
3003 	int rc;
3004 
3005 	for (c = node; c; c = c->next) {
3006 		nel = 0;
3007 		for (e = c->expr; e; e = e->next)
3008 			nel++;
3009 		buf[0] = cpu_to_le32(c->permissions);
3010 		buf[1] = cpu_to_le32(nel);
3011 		rc = put_entry(buf, sizeof(u32), 2, fp);
3012 		if (rc)
3013 			return rc;
3014 		for (e = c->expr; e; e = e->next) {
3015 			buf[0] = cpu_to_le32(e->expr_type);
3016 			buf[1] = cpu_to_le32(e->attr);
3017 			buf[2] = cpu_to_le32(e->op);
3018 			rc = put_entry(buf, sizeof(u32), 3, fp);
3019 			if (rc)
3020 				return rc;
3021 
3022 			switch (e->expr_type) {
3023 			case CEXPR_NAMES:
3024 				rc = ebitmap_write(&e->names, fp);
3025 				if (rc)
3026 					return rc;
3027 				if (p->policyvers >=
3028 					POLICYDB_VERSION_CONSTRAINT_NAMES) {
3029 					rc = type_set_write(e->type_names, fp);
3030 					if (rc)
3031 						return rc;
3032 				}
3033 				break;
3034 			default:
3035 				break;
3036 			}
3037 		}
3038 	}
3039 
3040 	return 0;
3041 }
3042 
class_write(void * vkey,void * datum,void * ptr)3043 static int class_write(void *vkey, void *datum, void *ptr)
3044 {
3045 	char *key = vkey;
3046 	struct class_datum *cladatum = datum;
3047 	struct policy_data *pd = ptr;
3048 	void *fp = pd->fp;
3049 	struct policydb *p = pd->p;
3050 	struct constraint_node *c;
3051 	__le32 buf[6];
3052 	u32 ncons;
3053 	size_t len, len2;
3054 	int rc;
3055 
3056 	len = strlen(key);
3057 	if (cladatum->comkey)
3058 		len2 = strlen(cladatum->comkey);
3059 	else
3060 		len2 = 0;
3061 
3062 	ncons = 0;
3063 	for (c = cladatum->constraints; c; c = c->next)
3064 		ncons++;
3065 
3066 	buf[0] = cpu_to_le32(len);
3067 	buf[1] = cpu_to_le32(len2);
3068 	buf[2] = cpu_to_le32(cladatum->value);
3069 	buf[3] = cpu_to_le32(cladatum->permissions.nprim);
3070 	buf[4] = cpu_to_le32(cladatum->permissions.table.nel);
3071 	buf[5] = cpu_to_le32(ncons);
3072 	rc = put_entry(buf, sizeof(u32), 6, fp);
3073 	if (rc)
3074 		return rc;
3075 
3076 	rc = put_entry(key, 1, len, fp);
3077 	if (rc)
3078 		return rc;
3079 
3080 	if (cladatum->comkey) {
3081 		rc = put_entry(cladatum->comkey, 1, len2, fp);
3082 		if (rc)
3083 			return rc;
3084 	}
3085 
3086 	rc = hashtab_map(&cladatum->permissions.table, perm_write, fp);
3087 	if (rc)
3088 		return rc;
3089 
3090 	rc = write_cons_helper(p, cladatum->constraints, fp);
3091 	if (rc)
3092 		return rc;
3093 
3094 	/* write out the validatetrans rule */
3095 	ncons = 0;
3096 	for (c = cladatum->validatetrans; c; c = c->next)
3097 		ncons++;
3098 
3099 	buf[0] = cpu_to_le32(ncons);
3100 	rc = put_entry(buf, sizeof(u32), 1, fp);
3101 	if (rc)
3102 		return rc;
3103 
3104 	rc = write_cons_helper(p, cladatum->validatetrans, fp);
3105 	if (rc)
3106 		return rc;
3107 
3108 	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
3109 		buf[0] = cpu_to_le32(cladatum->default_user);
3110 		buf[1] = cpu_to_le32(cladatum->default_role);
3111 		buf[2] = cpu_to_le32(cladatum->default_range);
3112 
3113 		rc = put_entry(buf, sizeof(uint32_t), 3, fp);
3114 		if (rc)
3115 			return rc;
3116 	}
3117 
3118 	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
3119 		buf[0] = cpu_to_le32(cladatum->default_type);
3120 		rc = put_entry(buf, sizeof(uint32_t), 1, fp);
3121 		if (rc)
3122 			return rc;
3123 	}
3124 
3125 	return 0;
3126 }
3127 
role_write(void * vkey,void * datum,void * ptr)3128 static int role_write(void *vkey, void *datum, void *ptr)
3129 {
3130 	char *key = vkey;
3131 	struct role_datum *role = datum;
3132 	struct policy_data *pd = ptr;
3133 	void *fp = pd->fp;
3134 	struct policydb *p = pd->p;
3135 	__le32 buf[3];
3136 	size_t items, len;
3137 	int rc;
3138 
3139 	len = strlen(key);
3140 	items = 0;
3141 	buf[items++] = cpu_to_le32(len);
3142 	buf[items++] = cpu_to_le32(role->value);
3143 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3144 		buf[items++] = cpu_to_le32(role->bounds);
3145 
3146 	BUG_ON(items > ARRAY_SIZE(buf));
3147 
3148 	rc = put_entry(buf, sizeof(u32), items, fp);
3149 	if (rc)
3150 		return rc;
3151 
3152 	rc = put_entry(key, 1, len, fp);
3153 	if (rc)
3154 		return rc;
3155 
3156 	rc = ebitmap_write(&role->dominates, fp);
3157 	if (rc)
3158 		return rc;
3159 
3160 	rc = ebitmap_write(&role->types, fp);
3161 	if (rc)
3162 		return rc;
3163 
3164 	return 0;
3165 }
3166 
type_write(void * vkey,void * datum,void * ptr)3167 static int type_write(void *vkey, void *datum, void *ptr)
3168 {
3169 	char *key = vkey;
3170 	struct type_datum *typdatum = datum;
3171 	struct policy_data *pd = ptr;
3172 	struct policydb *p = pd->p;
3173 	void *fp = pd->fp;
3174 	__le32 buf[4];
3175 	int rc;
3176 	size_t items, len;
3177 
3178 	len = strlen(key);
3179 	items = 0;
3180 	buf[items++] = cpu_to_le32(len);
3181 	buf[items++] = cpu_to_le32(typdatum->value);
3182 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3183 		u32 properties = 0;
3184 
3185 		if (typdatum->primary)
3186 			properties |= TYPEDATUM_PROPERTY_PRIMARY;
3187 
3188 		if (typdatum->attribute)
3189 			properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3190 
3191 		buf[items++] = cpu_to_le32(properties);
3192 		buf[items++] = cpu_to_le32(typdatum->bounds);
3193 	} else {
3194 		buf[items++] = cpu_to_le32(typdatum->primary);
3195 	}
3196 	BUG_ON(items > ARRAY_SIZE(buf));
3197 	rc = put_entry(buf, sizeof(u32), items, fp);
3198 	if (rc)
3199 		return rc;
3200 
3201 	rc = put_entry(key, 1, len, fp);
3202 	if (rc)
3203 		return rc;
3204 
3205 	return 0;
3206 }
3207 
user_write(void * vkey,void * datum,void * ptr)3208 static int user_write(void *vkey, void *datum, void *ptr)
3209 {
3210 	char *key = vkey;
3211 	struct user_datum *usrdatum = datum;
3212 	struct policy_data *pd = ptr;
3213 	struct policydb *p = pd->p;
3214 	void *fp = pd->fp;
3215 	__le32 buf[3];
3216 	size_t items, len;
3217 	int rc;
3218 
3219 	len = strlen(key);
3220 	items = 0;
3221 	buf[items++] = cpu_to_le32(len);
3222 	buf[items++] = cpu_to_le32(usrdatum->value);
3223 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3224 		buf[items++] = cpu_to_le32(usrdatum->bounds);
3225 	BUG_ON(items > ARRAY_SIZE(buf));
3226 	rc = put_entry(buf, sizeof(u32), items, fp);
3227 	if (rc)
3228 		return rc;
3229 
3230 	rc = put_entry(key, 1, len, fp);
3231 	if (rc)
3232 		return rc;
3233 
3234 	rc = ebitmap_write(&usrdatum->roles, fp);
3235 	if (rc)
3236 		return rc;
3237 
3238 	rc = mls_write_range_helper(&usrdatum->range, fp);
3239 	if (rc)
3240 		return rc;
3241 
3242 	rc = mls_write_level(&usrdatum->dfltlevel, fp);
3243 	if (rc)
3244 		return rc;
3245 
3246 	return 0;
3247 }
3248 
3249 static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
3250 	common_write,
3251 	class_write,
3252 	role_write,
3253 	type_write,
3254 	user_write,
3255 	cond_write_bool,
3256 	sens_write,
3257 	cat_write,
3258 };
3259 
ocontext_write(struct policydb * p,const struct policydb_compat_info * info,void * fp)3260 static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info,
3261 			  void *fp)
3262 {
3263 	unsigned int i, j;
3264 	int rc;
3265 	size_t nel, len;
3266 	__be64 prefixbuf[1];
3267 	__le32 buf[3];
3268 	u32 nodebuf[8];
3269 	struct ocontext *c;
3270 	for (i = 0; i < info->ocon_num; i++) {
3271 		nel = 0;
3272 		for (c = p->ocontexts[i]; c; c = c->next)
3273 			nel++;
3274 		buf[0] = cpu_to_le32(nel);
3275 		rc = put_entry(buf, sizeof(u32), 1, fp);
3276 		if (rc)
3277 			return rc;
3278 		for (c = p->ocontexts[i]; c; c = c->next) {
3279 			switch (i) {
3280 			case OCON_ISID:
3281 				buf[0] = cpu_to_le32(c->sid[0]);
3282 				rc = put_entry(buf, sizeof(u32), 1, fp);
3283 				if (rc)
3284 					return rc;
3285 				rc = context_write(p, &c->context[0], fp);
3286 				if (rc)
3287 					return rc;
3288 				break;
3289 			case OCON_FS:
3290 			case OCON_NETIF:
3291 				len = strlen(c->u.name);
3292 				buf[0] = cpu_to_le32(len);
3293 				rc = put_entry(buf, sizeof(u32), 1, fp);
3294 				if (rc)
3295 					return rc;
3296 				rc = put_entry(c->u.name, 1, len, fp);
3297 				if (rc)
3298 					return rc;
3299 				rc = context_write(p, &c->context[0], fp);
3300 				if (rc)
3301 					return rc;
3302 				rc = context_write(p, &c->context[1], fp);
3303 				if (rc)
3304 					return rc;
3305 				break;
3306 			case OCON_PORT:
3307 				buf[0] = cpu_to_le32(c->u.port.protocol);
3308 				buf[1] = cpu_to_le32(c->u.port.low_port);
3309 				buf[2] = cpu_to_le32(c->u.port.high_port);
3310 				rc = put_entry(buf, sizeof(u32), 3, fp);
3311 				if (rc)
3312 					return rc;
3313 				rc = context_write(p, &c->context[0], fp);
3314 				if (rc)
3315 					return rc;
3316 				break;
3317 			case OCON_NODE:
3318 				nodebuf[0] = c->u.node.addr; /* network order */
3319 				nodebuf[1] = c->u.node.mask; /* network order */
3320 				rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3321 				if (rc)
3322 					return rc;
3323 				rc = context_write(p, &c->context[0], fp);
3324 				if (rc)
3325 					return rc;
3326 				break;
3327 			case OCON_FSUSE:
3328 				buf[0] = cpu_to_le32(c->v.behavior);
3329 				len = strlen(c->u.name);
3330 				buf[1] = cpu_to_le32(len);
3331 				rc = put_entry(buf, sizeof(u32), 2, fp);
3332 				if (rc)
3333 					return rc;
3334 				rc = put_entry(c->u.name, 1, len, fp);
3335 				if (rc)
3336 					return rc;
3337 				rc = context_write(p, &c->context[0], fp);
3338 				if (rc)
3339 					return rc;
3340 				break;
3341 			case OCON_NODE6:
3342 				for (j = 0; j < 4; j++)
3343 					nodebuf[j] = c->u.node6.addr[j]; /* network order */
3344 				for (j = 0; j < 4; j++)
3345 					nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3346 				rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3347 				if (rc)
3348 					return rc;
3349 				rc = context_write(p, &c->context[0], fp);
3350 				if (rc)
3351 					return rc;
3352 				break;
3353 			case OCON_IBPKEY:
3354 				/* subnet_prefix is in CPU order */
3355 				prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3356 
3357 				rc = put_entry(prefixbuf, sizeof(u64), 1, fp);
3358 				if (rc)
3359 					return rc;
3360 
3361 				buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey);
3362 				buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey);
3363 
3364 				rc = put_entry(buf, sizeof(u32), 2, fp);
3365 				if (rc)
3366 					return rc;
3367 				rc = context_write(p, &c->context[0], fp);
3368 				if (rc)
3369 					return rc;
3370 				break;
3371 			case OCON_IBENDPORT:
3372 				len = strlen(c->u.ibendport.dev_name);
3373 				buf[0] = cpu_to_le32(len);
3374 				buf[1] = cpu_to_le32(c->u.ibendport.port);
3375 				rc = put_entry(buf, sizeof(u32), 2, fp);
3376 				if (rc)
3377 					return rc;
3378 				rc = put_entry(c->u.ibendport.dev_name, 1, len, fp);
3379 				if (rc)
3380 					return rc;
3381 				rc = context_write(p, &c->context[0], fp);
3382 				if (rc)
3383 					return rc;
3384 				break;
3385 			}
3386 		}
3387 	}
3388 	return 0;
3389 }
3390 
genfs_write(struct policydb * p,void * fp)3391 static int genfs_write(struct policydb *p, void *fp)
3392 {
3393 	struct genfs *genfs;
3394 	struct ocontext *c;
3395 	size_t len;
3396 	__le32 buf[1];
3397 	int rc;
3398 
3399 	len = 0;
3400 	for (genfs = p->genfs; genfs; genfs = genfs->next)
3401 		len++;
3402 	buf[0] = cpu_to_le32(len);
3403 	rc = put_entry(buf, sizeof(u32), 1, fp);
3404 	if (rc)
3405 		return rc;
3406 	for (genfs = p->genfs; genfs; genfs = genfs->next) {
3407 		len = strlen(genfs->fstype);
3408 		buf[0] = cpu_to_le32(len);
3409 		rc = put_entry(buf, sizeof(u32), 1, fp);
3410 		if (rc)
3411 			return rc;
3412 		rc = put_entry(genfs->fstype, 1, len, fp);
3413 		if (rc)
3414 			return rc;
3415 		len = 0;
3416 		for (c = genfs->head; c; c = c->next)
3417 			len++;
3418 		buf[0] = cpu_to_le32(len);
3419 		rc = put_entry(buf, sizeof(u32), 1, fp);
3420 		if (rc)
3421 			return rc;
3422 		for (c = genfs->head; c; c = c->next) {
3423 			len = strlen(c->u.name);
3424 			buf[0] = cpu_to_le32(len);
3425 			rc = put_entry(buf, sizeof(u32), 1, fp);
3426 			if (rc)
3427 				return rc;
3428 			rc = put_entry(c->u.name, 1, len, fp);
3429 			if (rc)
3430 				return rc;
3431 			buf[0] = cpu_to_le32(c->v.sclass);
3432 			rc = put_entry(buf, sizeof(u32), 1, fp);
3433 			if (rc)
3434 				return rc;
3435 			rc = context_write(p, &c->context[0], fp);
3436 			if (rc)
3437 				return rc;
3438 		}
3439 	}
3440 	return 0;
3441 }
3442 
range_write_helper(void * key,void * data,void * ptr)3443 static int range_write_helper(void *key, void *data, void *ptr)
3444 {
3445 	__le32 buf[2];
3446 	struct range_trans *rt = key;
3447 	struct mls_range *r = data;
3448 	struct policy_data *pd = ptr;
3449 	void *fp = pd->fp;
3450 	struct policydb *p = pd->p;
3451 	int rc;
3452 
3453 	buf[0] = cpu_to_le32(rt->source_type);
3454 	buf[1] = cpu_to_le32(rt->target_type);
3455 	rc = put_entry(buf, sizeof(u32), 2, fp);
3456 	if (rc)
3457 		return rc;
3458 	if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3459 		buf[0] = cpu_to_le32(rt->target_class);
3460 		rc = put_entry(buf, sizeof(u32), 1, fp);
3461 		if (rc)
3462 			return rc;
3463 	}
3464 	rc = mls_write_range_helper(r, fp);
3465 	if (rc)
3466 		return rc;
3467 
3468 	return 0;
3469 }
3470 
range_write(struct policydb * p,void * fp)3471 static int range_write(struct policydb *p, void *fp)
3472 {
3473 	__le32 buf[1];
3474 	int rc;
3475 	struct policy_data pd;
3476 
3477 	pd.p = p;
3478 	pd.fp = fp;
3479 
3480 	buf[0] = cpu_to_le32(p->range_tr.nel);
3481 	rc = put_entry(buf, sizeof(u32), 1, fp);
3482 	if (rc)
3483 		return rc;
3484 
3485 	/* actually write all of the entries */
3486 	rc = hashtab_map(&p->range_tr, range_write_helper, &pd);
3487 	if (rc)
3488 		return rc;
3489 
3490 	return 0;
3491 }
3492 
filename_write_helper_compat(void * key,void * data,void * ptr)3493 static int filename_write_helper_compat(void *key, void *data, void *ptr)
3494 {
3495 	struct filename_trans_key *ft = key;
3496 	struct filename_trans_datum *datum = data;
3497 	struct ebitmap_node *node;
3498 	void *fp = ptr;
3499 	__le32 buf[4];
3500 	int rc;
3501 	u32 bit, len = strlen(ft->name);
3502 
3503 	do {
3504 		ebitmap_for_each_positive_bit(&datum->stypes, node, bit) {
3505 			buf[0] = cpu_to_le32(len);
3506 			rc = put_entry(buf, sizeof(u32), 1, fp);
3507 			if (rc)
3508 				return rc;
3509 
3510 			rc = put_entry(ft->name, sizeof(char), len, fp);
3511 			if (rc)
3512 				return rc;
3513 
3514 			buf[0] = cpu_to_le32(bit + 1);
3515 			buf[1] = cpu_to_le32(ft->ttype);
3516 			buf[2] = cpu_to_le32(ft->tclass);
3517 			buf[3] = cpu_to_le32(datum->otype);
3518 
3519 			rc = put_entry(buf, sizeof(u32), 4, fp);
3520 			if (rc)
3521 				return rc;
3522 		}
3523 
3524 		datum = datum->next;
3525 	} while (unlikely(datum));
3526 
3527 	return 0;
3528 }
3529 
filename_write_helper(void * key,void * data,void * ptr)3530 static int filename_write_helper(void *key, void *data, void *ptr)
3531 {
3532 	struct filename_trans_key *ft = key;
3533 	struct filename_trans_datum *datum;
3534 	void *fp = ptr;
3535 	__le32 buf[3];
3536 	int rc;
3537 	u32 ndatum, len = strlen(ft->name);
3538 
3539 	buf[0] = cpu_to_le32(len);
3540 	rc = put_entry(buf, sizeof(u32), 1, fp);
3541 	if (rc)
3542 		return rc;
3543 
3544 	rc = put_entry(ft->name, sizeof(char), len, fp);
3545 	if (rc)
3546 		return rc;
3547 
3548 	ndatum = 0;
3549 	datum = data;
3550 	do {
3551 		ndatum++;
3552 		datum = datum->next;
3553 	} while (unlikely(datum));
3554 
3555 	buf[0] = cpu_to_le32(ft->ttype);
3556 	buf[1] = cpu_to_le32(ft->tclass);
3557 	buf[2] = cpu_to_le32(ndatum);
3558 	rc = put_entry(buf, sizeof(u32), 3, fp);
3559 	if (rc)
3560 		return rc;
3561 
3562 	datum = data;
3563 	do {
3564 		rc = ebitmap_write(&datum->stypes, fp);
3565 		if (rc)
3566 			return rc;
3567 
3568 		buf[0] = cpu_to_le32(datum->otype);
3569 		rc = put_entry(buf, sizeof(u32), 1, fp);
3570 		if (rc)
3571 			return rc;
3572 
3573 		datum = datum->next;
3574 	} while (unlikely(datum));
3575 
3576 	return 0;
3577 }
3578 
filename_trans_write(struct policydb * p,void * fp)3579 static int filename_trans_write(struct policydb *p, void *fp)
3580 {
3581 	__le32 buf[1];
3582 	int rc;
3583 
3584 	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3585 		return 0;
3586 
3587 	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
3588 		buf[0] = cpu_to_le32(p->compat_filename_trans_count);
3589 		rc = put_entry(buf, sizeof(u32), 1, fp);
3590 		if (rc)
3591 			return rc;
3592 
3593 		rc = hashtab_map(&p->filename_trans,
3594 				 filename_write_helper_compat, fp);
3595 	} else {
3596 		buf[0] = cpu_to_le32(p->filename_trans.nel);
3597 		rc = put_entry(buf, sizeof(u32), 1, fp);
3598 		if (rc)
3599 			return rc;
3600 
3601 		rc = hashtab_map(&p->filename_trans, filename_write_helper, fp);
3602 	}
3603 	return rc;
3604 }
3605 
3606 /*
3607  * Write the configuration data in a policy database
3608  * structure to a policy database binary representation
3609  * file.
3610  */
policydb_write(struct policydb * p,void * fp)3611 int policydb_write(struct policydb *p, void *fp)
3612 {
3613 	unsigned int num_syms;
3614 	int rc;
3615 	__le32 buf[4];
3616 	u32 config, i;
3617 	size_t len;
3618 	const struct policydb_compat_info *info;
3619 
3620 	/*
3621 	 * refuse to write policy older than compressed avtab
3622 	 * to simplify the writer.  There are other tests dropped
3623 	 * since we assume this throughout the writer code.  Be
3624 	 * careful if you ever try to remove this restriction
3625 	 */
3626 	if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3627 		pr_err("SELinux: refusing to write policy version %d."
3628 		       "  Because it is less than version %d\n", p->policyvers,
3629 		       POLICYDB_VERSION_AVTAB);
3630 		return -EINVAL;
3631 	}
3632 
3633 	config = 0;
3634 	if (p->mls_enabled)
3635 		config |= POLICYDB_CONFIG_MLS;
3636 
3637 	if (p->reject_unknown)
3638 		config |= REJECT_UNKNOWN;
3639 	if (p->allow_unknown)
3640 		config |= ALLOW_UNKNOWN;
3641 
3642 	/* Write the magic number and string identifiers. */
3643 	buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3644 	len = strlen(POLICYDB_STRING);
3645 	buf[1] = cpu_to_le32(len);
3646 	rc = put_entry(buf, sizeof(u32), 2, fp);
3647 	if (rc)
3648 		return rc;
3649 	rc = put_entry(POLICYDB_STRING, 1, len, fp);
3650 	if (rc)
3651 		return rc;
3652 
3653 	/* Write the version, config, and table sizes. */
3654 	info = policydb_lookup_compat(p->policyvers);
3655 	if (!info) {
3656 		pr_err("SELinux: compatibility lookup failed for policy "
3657 		    "version %d\n", p->policyvers);
3658 		return -EINVAL;
3659 	}
3660 
3661 	buf[0] = cpu_to_le32(p->policyvers);
3662 	buf[1] = cpu_to_le32(config);
3663 	buf[2] = cpu_to_le32(info->sym_num);
3664 	buf[3] = cpu_to_le32(info->ocon_num);
3665 
3666 	rc = put_entry(buf, sizeof(u32), 4, fp);
3667 	if (rc)
3668 		return rc;
3669 
3670 	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3671 		rc = ebitmap_write(&p->policycaps, fp);
3672 		if (rc)
3673 			return rc;
3674 	}
3675 
3676 	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3677 		rc = ebitmap_write(&p->permissive_map, fp);
3678 		if (rc)
3679 			return rc;
3680 	}
3681 
3682 	num_syms = info->sym_num;
3683 	for (i = 0; i < num_syms; i++) {
3684 		struct policy_data pd;
3685 
3686 		pd.fp = fp;
3687 		pd.p = p;
3688 
3689 		buf[0] = cpu_to_le32(p->symtab[i].nprim);
3690 		buf[1] = cpu_to_le32(p->symtab[i].table.nel);
3691 
3692 		rc = put_entry(buf, sizeof(u32), 2, fp);
3693 		if (rc)
3694 			return rc;
3695 		rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd);
3696 		if (rc)
3697 			return rc;
3698 	}
3699 
3700 	rc = avtab_write(p, &p->te_avtab, fp);
3701 	if (rc)
3702 		return rc;
3703 
3704 	rc = cond_write_list(p, fp);
3705 	if (rc)
3706 		return rc;
3707 
3708 	rc = role_trans_write(p, fp);
3709 	if (rc)
3710 		return rc;
3711 
3712 	rc = role_allow_write(p->role_allow, fp);
3713 	if (rc)
3714 		return rc;
3715 
3716 	rc = filename_trans_write(p, fp);
3717 	if (rc)
3718 		return rc;
3719 
3720 	rc = ocontext_write(p, info, fp);
3721 	if (rc)
3722 		return rc;
3723 
3724 	rc = genfs_write(p, fp);
3725 	if (rc)
3726 		return rc;
3727 
3728 	rc = range_write(p, fp);
3729 	if (rc)
3730 		return rc;
3731 
3732 	for (i = 0; i < p->p_types.nprim; i++) {
3733 		struct ebitmap *e = &p->type_attr_map_array[i];
3734 
3735 		rc = ebitmap_write(e, fp);
3736 		if (rc)
3737 			return rc;
3738 	}
3739 
3740 	return 0;
3741 }
3742