2 * Implementation of the policy database.
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 * Support for enhanced MLS infrastructure.
12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14 * Added conditional policy language extensions
16 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation, version 2.
23 #include <linux/kernel.h>
24 #include <linux/slab.h>
25 #include <linux/string.h>
26 #include <linux/errno.h>
30 #include "conditional.h"
36 static char *symtab_name
[SYM_NUM
] = {
48 int selinux_mls_enabled
= 0;
50 static unsigned int symtab_sizes
[SYM_NUM
] = {
61 struct policydb_compat_info
{
67 /* These need to be updated if SYM_NUM or OCON_NUM changes */
68 static struct policydb_compat_info policydb_compat
[] = {
70 .version
= POLICYDB_VERSION_BASE
,
71 .sym_num
= SYM_NUM
- 3,
72 .ocon_num
= OCON_NUM
- 1,
75 .version
= POLICYDB_VERSION_BOOL
,
76 .sym_num
= SYM_NUM
- 2,
77 .ocon_num
= OCON_NUM
- 1,
80 .version
= POLICYDB_VERSION_IPV6
,
81 .sym_num
= SYM_NUM
- 2,
85 .version
= POLICYDB_VERSION_NLCLASS
,
86 .sym_num
= SYM_NUM
- 2,
90 .version
= POLICYDB_VERSION_MLS
,
95 .version
= POLICYDB_VERSION_AVTAB
,
100 .version
= POLICYDB_VERSION_RANGETRANS
,
102 .ocon_num
= OCON_NUM
,
106 static struct policydb_compat_info
*policydb_lookup_compat(int version
)
109 struct policydb_compat_info
*info
= NULL
;
111 for (i
= 0; i
< ARRAY_SIZE(policydb_compat
); i
++) {
112 if (policydb_compat
[i
].version
== version
) {
113 info
= &policydb_compat
[i
];
121 * Initialize the role table.
123 static int roles_init(struct policydb
*p
)
127 struct role_datum
*role
;
129 role
= kzalloc(sizeof(*role
), GFP_KERNEL
);
134 role
->value
= ++p
->p_roles
.nprim
;
135 if (role
->value
!= OBJECT_R_VAL
) {
139 key
= kmalloc(strlen(OBJECT_R
)+1,GFP_KERNEL
);
144 strcpy(key
, OBJECT_R
);
145 rc
= hashtab_insert(p
->p_roles
.table
, key
, role
);
159 * Initialize a policy database structure.
161 static int policydb_init(struct policydb
*p
)
165 memset(p
, 0, sizeof(*p
));
167 for (i
= 0; i
< SYM_NUM
; i
++) {
168 rc
= symtab_init(&p
->symtab
[i
], symtab_sizes
[i
]);
170 goto out_free_symtab
;
173 rc
= avtab_init(&p
->te_avtab
);
175 goto out_free_symtab
;
181 rc
= cond_policydb_init(p
);
189 avtab_destroy(&p
->te_avtab
);
192 for (i
= 0; i
< SYM_NUM
; i
++)
193 hashtab_destroy(p
->symtab
[i
].table
);
198 * The following *_index functions are used to
199 * define the val_to_name and val_to_struct arrays
200 * in a policy database structure. The val_to_name
201 * arrays are used when converting security context
202 * structures into string representations. The
203 * val_to_struct arrays are used when the attributes
204 * of a class, role, or user are needed.
207 static int common_index(void *key
, void *datum
, void *datap
)
210 struct common_datum
*comdatum
;
214 if (!comdatum
->value
|| comdatum
->value
> p
->p_commons
.nprim
)
216 p
->p_common_val_to_name
[comdatum
->value
- 1] = key
;
220 static int class_index(void *key
, void *datum
, void *datap
)
223 struct class_datum
*cladatum
;
227 if (!cladatum
->value
|| cladatum
->value
> p
->p_classes
.nprim
)
229 p
->p_class_val_to_name
[cladatum
->value
- 1] = key
;
230 p
->class_val_to_struct
[cladatum
->value
- 1] = cladatum
;
234 static int role_index(void *key
, void *datum
, void *datap
)
237 struct role_datum
*role
;
241 if (!role
->value
|| role
->value
> p
->p_roles
.nprim
)
243 p
->p_role_val_to_name
[role
->value
- 1] = key
;
244 p
->role_val_to_struct
[role
->value
- 1] = role
;
248 static int type_index(void *key
, void *datum
, void *datap
)
251 struct type_datum
*typdatum
;
256 if (typdatum
->primary
) {
257 if (!typdatum
->value
|| typdatum
->value
> p
->p_types
.nprim
)
259 p
->p_type_val_to_name
[typdatum
->value
- 1] = key
;
265 static int user_index(void *key
, void *datum
, void *datap
)
268 struct user_datum
*usrdatum
;
272 if (!usrdatum
->value
|| usrdatum
->value
> p
->p_users
.nprim
)
274 p
->p_user_val_to_name
[usrdatum
->value
- 1] = key
;
275 p
->user_val_to_struct
[usrdatum
->value
- 1] = usrdatum
;
279 static int sens_index(void *key
, void *datum
, void *datap
)
282 struct level_datum
*levdatum
;
287 if (!levdatum
->isalias
) {
288 if (!levdatum
->level
->sens
||
289 levdatum
->level
->sens
> p
->p_levels
.nprim
)
291 p
->p_sens_val_to_name
[levdatum
->level
->sens
- 1] = key
;
297 static int cat_index(void *key
, void *datum
, void *datap
)
300 struct cat_datum
*catdatum
;
305 if (!catdatum
->isalias
) {
306 if (!catdatum
->value
|| catdatum
->value
> p
->p_cats
.nprim
)
308 p
->p_cat_val_to_name
[catdatum
->value
- 1] = key
;
314 static int (*index_f
[SYM_NUM
]) (void *key
, void *datum
, void *datap
) =
327 * Define the common val_to_name array and the class
328 * val_to_name and val_to_struct arrays in a policy
329 * database structure.
331 * Caller must clean up upon failure.
333 static int policydb_index_classes(struct policydb
*p
)
337 p
->p_common_val_to_name
=
338 kmalloc(p
->p_commons
.nprim
* sizeof(char *), GFP_KERNEL
);
339 if (!p
->p_common_val_to_name
) {
344 rc
= hashtab_map(p
->p_commons
.table
, common_index
, p
);
348 p
->class_val_to_struct
=
349 kmalloc(p
->p_classes
.nprim
* sizeof(*(p
->class_val_to_struct
)), GFP_KERNEL
);
350 if (!p
->class_val_to_struct
) {
355 p
->p_class_val_to_name
=
356 kmalloc(p
->p_classes
.nprim
* sizeof(char *), GFP_KERNEL
);
357 if (!p
->p_class_val_to_name
) {
362 rc
= hashtab_map(p
->p_classes
.table
, class_index
, p
);
368 static void symtab_hash_eval(struct symtab
*s
)
372 for (i
= 0; i
< SYM_NUM
; i
++) {
373 struct hashtab
*h
= s
[i
].table
;
374 struct hashtab_info info
;
376 hashtab_stat(h
, &info
);
377 printk(KERN_INFO
"%s: %d entries and %d/%d buckets used, "
378 "longest chain length %d\n", symtab_name
[i
], h
->nel
,
379 info
.slots_used
, h
->size
, info
.max_chain_len
);
385 * Define the other val_to_name and val_to_struct arrays
386 * in a policy database structure.
388 * Caller must clean up on failure.
390 static int policydb_index_others(struct policydb
*p
)
394 printk(KERN_INFO
"security: %d users, %d roles, %d types, %d bools",
395 p
->p_users
.nprim
, p
->p_roles
.nprim
, p
->p_types
.nprim
, p
->p_bools
.nprim
);
396 if (selinux_mls_enabled
)
397 printk(", %d sens, %d cats", p
->p_levels
.nprim
,
401 printk(KERN_INFO
"security: %d classes, %d rules\n",
402 p
->p_classes
.nprim
, p
->te_avtab
.nel
);
405 avtab_hash_eval(&p
->te_avtab
, "rules");
406 symtab_hash_eval(p
->symtab
);
409 p
->role_val_to_struct
=
410 kmalloc(p
->p_roles
.nprim
* sizeof(*(p
->role_val_to_struct
)),
412 if (!p
->role_val_to_struct
) {
417 p
->user_val_to_struct
=
418 kmalloc(p
->p_users
.nprim
* sizeof(*(p
->user_val_to_struct
)),
420 if (!p
->user_val_to_struct
) {
425 if (cond_init_bool_indexes(p
)) {
430 for (i
= SYM_ROLES
; i
< SYM_NUM
; i
++) {
431 p
->sym_val_to_name
[i
] =
432 kmalloc(p
->symtab
[i
].nprim
* sizeof(char *), GFP_KERNEL
);
433 if (!p
->sym_val_to_name
[i
]) {
437 rc
= hashtab_map(p
->symtab
[i
].table
, index_f
[i
], p
);
447 * The following *_destroy functions are used to
448 * free any memory allocated for each kind of
449 * symbol data in the policy database.
452 static int perm_destroy(void *key
, void *datum
, void *p
)
459 static int common_destroy(void *key
, void *datum
, void *p
)
461 struct common_datum
*comdatum
;
465 hashtab_map(comdatum
->permissions
.table
, perm_destroy
, NULL
);
466 hashtab_destroy(comdatum
->permissions
.table
);
471 static int class_destroy(void *key
, void *datum
, void *p
)
473 struct class_datum
*cladatum
;
474 struct constraint_node
*constraint
, *ctemp
;
475 struct constraint_expr
*e
, *etmp
;
479 hashtab_map(cladatum
->permissions
.table
, perm_destroy
, NULL
);
480 hashtab_destroy(cladatum
->permissions
.table
);
481 constraint
= cladatum
->constraints
;
483 e
= constraint
->expr
;
485 ebitmap_destroy(&e
->names
);
491 constraint
= constraint
->next
;
495 constraint
= cladatum
->validatetrans
;
497 e
= constraint
->expr
;
499 ebitmap_destroy(&e
->names
);
505 constraint
= constraint
->next
;
509 kfree(cladatum
->comkey
);
514 static int role_destroy(void *key
, void *datum
, void *p
)
516 struct role_datum
*role
;
520 ebitmap_destroy(&role
->dominates
);
521 ebitmap_destroy(&role
->types
);
526 static int type_destroy(void *key
, void *datum
, void *p
)
533 static int user_destroy(void *key
, void *datum
, void *p
)
535 struct user_datum
*usrdatum
;
539 ebitmap_destroy(&usrdatum
->roles
);
540 ebitmap_destroy(&usrdatum
->range
.level
[0].cat
);
541 ebitmap_destroy(&usrdatum
->range
.level
[1].cat
);
542 ebitmap_destroy(&usrdatum
->dfltlevel
.cat
);
547 static int sens_destroy(void *key
, void *datum
, void *p
)
549 struct level_datum
*levdatum
;
553 ebitmap_destroy(&levdatum
->level
->cat
);
554 kfree(levdatum
->level
);
559 static int cat_destroy(void *key
, void *datum
, void *p
)
566 static int (*destroy_f
[SYM_NUM
]) (void *key
, void *datum
, void *datap
) =
578 static void ocontext_destroy(struct ocontext
*c
, int i
)
580 context_destroy(&c
->context
[0]);
581 context_destroy(&c
->context
[1]);
582 if (i
== OCON_ISID
|| i
== OCON_FS
||
583 i
== OCON_NETIF
|| i
== OCON_FSUSE
)
589 * Free any memory allocated by a policy database structure.
591 void policydb_destroy(struct policydb
*p
)
593 struct ocontext
*c
, *ctmp
;
594 struct genfs
*g
, *gtmp
;
596 struct role_allow
*ra
, *lra
= NULL
;
597 struct role_trans
*tr
, *ltr
= NULL
;
598 struct range_trans
*rt
, *lrt
= NULL
;
600 for (i
= 0; i
< SYM_NUM
; i
++) {
601 hashtab_map(p
->symtab
[i
].table
, destroy_f
[i
], NULL
);
602 hashtab_destroy(p
->symtab
[i
].table
);
605 for (i
= 0; i
< SYM_NUM
; i
++)
606 kfree(p
->sym_val_to_name
[i
]);
608 kfree(p
->class_val_to_struct
);
609 kfree(p
->role_val_to_struct
);
610 kfree(p
->user_val_to_struct
);
612 avtab_destroy(&p
->te_avtab
);
614 for (i
= 0; i
< OCON_NUM
; i
++) {
619 ocontext_destroy(ctmp
,i
);
630 ocontext_destroy(ctmp
,OCON_FSUSE
);
637 cond_policydb_destroy(p
);
639 for (tr
= p
->role_tr
; tr
; tr
= tr
->next
) {
645 for (ra
= p
->role_allow
; ra
; ra
= ra
-> next
) {
651 for (rt
= p
->range_tr
; rt
; rt
= rt
-> next
) {
653 ebitmap_destroy(&lrt
->target_range
.level
[0].cat
);
654 ebitmap_destroy(&lrt
->target_range
.level
[1].cat
);
660 ebitmap_destroy(&lrt
->target_range
.level
[0].cat
);
661 ebitmap_destroy(&lrt
->target_range
.level
[1].cat
);
665 if (p
->type_attr_map
) {
666 for (i
= 0; i
< p
->p_types
.nprim
; i
++)
667 ebitmap_destroy(&p
->type_attr_map
[i
]);
669 kfree(p
->type_attr_map
);
675 * Load the initial SIDs specified in a policy database
676 * structure into a SID table.
678 int policydb_load_isids(struct policydb
*p
, struct sidtab
*s
)
680 struct ocontext
*head
, *c
;
685 printk(KERN_ERR
"security: out of memory on SID table init\n");
689 head
= p
->ocontexts
[OCON_ISID
];
690 for (c
= head
; c
; c
= c
->next
) {
691 if (!c
->context
[0].user
) {
692 printk(KERN_ERR
"security: SID %s was never "
693 "defined.\n", c
->u
.name
);
697 if (sidtab_insert(s
, c
->sid
[0], &c
->context
[0])) {
698 printk(KERN_ERR
"security: unable to load initial "
699 "SID %s.\n", c
->u
.name
);
709 * Return 1 if the fields in the security context
710 * structure `c' are valid. Return 0 otherwise.
712 int policydb_context_isvalid(struct policydb
*p
, struct context
*c
)
714 struct role_datum
*role
;
715 struct user_datum
*usrdatum
;
717 if (!c
->role
|| c
->role
> p
->p_roles
.nprim
)
720 if (!c
->user
|| c
->user
> p
->p_users
.nprim
)
723 if (!c
->type
|| c
->type
> p
->p_types
.nprim
)
726 if (c
->role
!= OBJECT_R_VAL
) {
728 * Role must be authorized for the type.
730 role
= p
->role_val_to_struct
[c
->role
- 1];
731 if (!ebitmap_get_bit(&role
->types
,
733 /* role may not be associated with type */
737 * User must be authorized for the role.
739 usrdatum
= p
->user_val_to_struct
[c
->user
- 1];
743 if (!ebitmap_get_bit(&usrdatum
->roles
,
745 /* user may not be associated with role */
749 if (!mls_context_isvalid(p
, c
))
756 * Read a MLS range structure from a policydb binary
757 * representation file.
759 static int mls_read_range_helper(struct mls_range
*r
, void *fp
)
765 rc
= next_entry(buf
, fp
, sizeof(u32
));
769 items
= le32_to_cpu(buf
[0]);
770 if (items
> ARRAY_SIZE(buf
)) {
771 printk(KERN_ERR
"security: mls: range overflow\n");
775 rc
= next_entry(buf
, fp
, sizeof(u32
) * items
);
777 printk(KERN_ERR
"security: mls: truncated range\n");
780 r
->level
[0].sens
= le32_to_cpu(buf
[0]);
782 r
->level
[1].sens
= le32_to_cpu(buf
[1]);
784 r
->level
[1].sens
= r
->level
[0].sens
;
786 rc
= ebitmap_read(&r
->level
[0].cat
, fp
);
788 printk(KERN_ERR
"security: mls: error reading low "
793 rc
= ebitmap_read(&r
->level
[1].cat
, fp
);
795 printk(KERN_ERR
"security: mls: error reading high "
800 rc
= ebitmap_cpy(&r
->level
[1].cat
, &r
->level
[0].cat
);
802 printk(KERN_ERR
"security: mls: out of memory\n");
811 ebitmap_destroy(&r
->level
[0].cat
);
816 * Read and validate a security context structure
817 * from a policydb binary representation file.
819 static int context_read_and_validate(struct context
*c
,
826 rc
= next_entry(buf
, fp
, sizeof buf
);
828 printk(KERN_ERR
"security: context truncated\n");
831 c
->user
= le32_to_cpu(buf
[0]);
832 c
->role
= le32_to_cpu(buf
[1]);
833 c
->type
= le32_to_cpu(buf
[2]);
834 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
835 if (mls_read_range_helper(&c
->range
, fp
)) {
836 printk(KERN_ERR
"security: error reading MLS range of "
843 if (!policydb_context_isvalid(p
, c
)) {
844 printk(KERN_ERR
"security: invalid security context\n");
853 * The following *_read functions are used to
854 * read the symbol data from a policy database
855 * binary representation file.
858 static int perm_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
861 struct perm_datum
*perdatum
;
866 perdatum
= kzalloc(sizeof(*perdatum
), GFP_KERNEL
);
872 rc
= next_entry(buf
, fp
, sizeof buf
);
876 len
= le32_to_cpu(buf
[0]);
877 perdatum
->value
= le32_to_cpu(buf
[1]);
879 key
= kmalloc(len
+ 1,GFP_KERNEL
);
884 rc
= next_entry(key
, fp
, len
);
889 rc
= hashtab_insert(h
, key
, perdatum
);
895 perm_destroy(key
, perdatum
, NULL
);
899 static int common_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
902 struct common_datum
*comdatum
;
907 comdatum
= kzalloc(sizeof(*comdatum
), GFP_KERNEL
);
913 rc
= next_entry(buf
, fp
, sizeof buf
);
917 len
= le32_to_cpu(buf
[0]);
918 comdatum
->value
= le32_to_cpu(buf
[1]);
920 rc
= symtab_init(&comdatum
->permissions
, PERM_SYMTAB_SIZE
);
923 comdatum
->permissions
.nprim
= le32_to_cpu(buf
[2]);
924 nel
= le32_to_cpu(buf
[3]);
926 key
= kmalloc(len
+ 1,GFP_KERNEL
);
931 rc
= next_entry(key
, fp
, len
);
936 for (i
= 0; i
< nel
; i
++) {
937 rc
= perm_read(p
, comdatum
->permissions
.table
, fp
);
942 rc
= hashtab_insert(h
, key
, comdatum
);
948 common_destroy(key
, comdatum
, NULL
);
952 static int read_cons_helper(struct constraint_node
**nodep
, int ncons
,
953 int allowxtarget
, void *fp
)
955 struct constraint_node
*c
, *lc
;
956 struct constraint_expr
*e
, *le
;
962 for (i
= 0; i
< ncons
; i
++) {
963 c
= kzalloc(sizeof(*c
), GFP_KERNEL
);
973 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 2));
976 c
->permissions
= le32_to_cpu(buf
[0]);
977 nexpr
= le32_to_cpu(buf
[1]);
980 for (j
= 0; j
< nexpr
; j
++) {
981 e
= kzalloc(sizeof(*e
), GFP_KERNEL
);
991 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 3));
994 e
->expr_type
= le32_to_cpu(buf
[0]);
995 e
->attr
= le32_to_cpu(buf
[1]);
996 e
->op
= le32_to_cpu(buf
[2]);
998 switch (e
->expr_type
) {
1010 if (depth
== (CEXPR_MAXDEPTH
- 1))
1015 if (!allowxtarget
&& (e
->attr
& CEXPR_XTARGET
))
1017 if (depth
== (CEXPR_MAXDEPTH
- 1))
1020 if (ebitmap_read(&e
->names
, fp
))
1036 static int class_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1039 struct class_datum
*cladatum
;
1041 u32 len
, len2
, ncons
, nel
;
1044 cladatum
= kzalloc(sizeof(*cladatum
), GFP_KERNEL
);
1050 rc
= next_entry(buf
, fp
, sizeof(u32
)*6);
1054 len
= le32_to_cpu(buf
[0]);
1055 len2
= le32_to_cpu(buf
[1]);
1056 cladatum
->value
= le32_to_cpu(buf
[2]);
1058 rc
= symtab_init(&cladatum
->permissions
, PERM_SYMTAB_SIZE
);
1061 cladatum
->permissions
.nprim
= le32_to_cpu(buf
[3]);
1062 nel
= le32_to_cpu(buf
[4]);
1064 ncons
= le32_to_cpu(buf
[5]);
1066 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1071 rc
= next_entry(key
, fp
, len
);
1077 cladatum
->comkey
= kmalloc(len2
+ 1,GFP_KERNEL
);
1078 if (!cladatum
->comkey
) {
1082 rc
= next_entry(cladatum
->comkey
, fp
, len2
);
1085 cladatum
->comkey
[len2
] = 0;
1087 cladatum
->comdatum
= hashtab_search(p
->p_commons
.table
,
1089 if (!cladatum
->comdatum
) {
1090 printk(KERN_ERR
"security: unknown common %s\n",
1096 for (i
= 0; i
< nel
; i
++) {
1097 rc
= perm_read(p
, cladatum
->permissions
.table
, fp
);
1102 rc
= read_cons_helper(&cladatum
->constraints
, ncons
, 0, fp
);
1106 if (p
->policyvers
>= POLICYDB_VERSION_VALIDATETRANS
) {
1107 /* grab the validatetrans rules */
1108 rc
= next_entry(buf
, fp
, sizeof(u32
));
1111 ncons
= le32_to_cpu(buf
[0]);
1112 rc
= read_cons_helper(&cladatum
->validatetrans
, ncons
, 1, fp
);
1117 rc
= hashtab_insert(h
, key
, cladatum
);
1125 class_destroy(key
, cladatum
, NULL
);
1129 static int role_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1132 struct role_datum
*role
;
1137 role
= kzalloc(sizeof(*role
), GFP_KERNEL
);
1143 rc
= next_entry(buf
, fp
, sizeof buf
);
1147 len
= le32_to_cpu(buf
[0]);
1148 role
->value
= le32_to_cpu(buf
[1]);
1150 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1155 rc
= next_entry(key
, fp
, len
);
1160 rc
= ebitmap_read(&role
->dominates
, fp
);
1164 rc
= ebitmap_read(&role
->types
, fp
);
1168 if (strcmp(key
, OBJECT_R
) == 0) {
1169 if (role
->value
!= OBJECT_R_VAL
) {
1170 printk(KERN_ERR
"Role %s has wrong value %d\n",
1171 OBJECT_R
, role
->value
);
1179 rc
= hashtab_insert(h
, key
, role
);
1185 role_destroy(key
, role
, NULL
);
1189 static int type_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1192 struct type_datum
*typdatum
;
1197 typdatum
= kzalloc(sizeof(*typdatum
),GFP_KERNEL
);
1203 rc
= next_entry(buf
, fp
, sizeof buf
);
1207 len
= le32_to_cpu(buf
[0]);
1208 typdatum
->value
= le32_to_cpu(buf
[1]);
1209 typdatum
->primary
= le32_to_cpu(buf
[2]);
1211 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1216 rc
= next_entry(key
, fp
, len
);
1221 rc
= hashtab_insert(h
, key
, typdatum
);
1227 type_destroy(key
, typdatum
, NULL
);
1233 * Read a MLS level structure from a policydb binary
1234 * representation file.
1236 static int mls_read_level(struct mls_level
*lp
, void *fp
)
1241 memset(lp
, 0, sizeof(*lp
));
1243 rc
= next_entry(buf
, fp
, sizeof buf
);
1245 printk(KERN_ERR
"security: mls: truncated level\n");
1248 lp
->sens
= le32_to_cpu(buf
[0]);
1250 if (ebitmap_read(&lp
->cat
, fp
)) {
1251 printk(KERN_ERR
"security: mls: error reading level "
1261 static int user_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1264 struct user_datum
*usrdatum
;
1269 usrdatum
= kzalloc(sizeof(*usrdatum
), GFP_KERNEL
);
1275 rc
= next_entry(buf
, fp
, sizeof buf
);
1279 len
= le32_to_cpu(buf
[0]);
1280 usrdatum
->value
= le32_to_cpu(buf
[1]);
1282 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1287 rc
= next_entry(key
, fp
, len
);
1292 rc
= ebitmap_read(&usrdatum
->roles
, fp
);
1296 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
1297 rc
= mls_read_range_helper(&usrdatum
->range
, fp
);
1300 rc
= mls_read_level(&usrdatum
->dfltlevel
, fp
);
1305 rc
= hashtab_insert(h
, key
, usrdatum
);
1311 user_destroy(key
, usrdatum
, NULL
);
1315 static int sens_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1318 struct level_datum
*levdatum
;
1323 levdatum
= kzalloc(sizeof(*levdatum
), GFP_ATOMIC
);
1329 rc
= next_entry(buf
, fp
, sizeof buf
);
1333 len
= le32_to_cpu(buf
[0]);
1334 levdatum
->isalias
= le32_to_cpu(buf
[1]);
1336 key
= kmalloc(len
+ 1,GFP_ATOMIC
);
1341 rc
= next_entry(key
, fp
, len
);
1346 levdatum
->level
= kmalloc(sizeof(struct mls_level
), GFP_ATOMIC
);
1347 if (!levdatum
->level
) {
1351 if (mls_read_level(levdatum
->level
, fp
)) {
1356 rc
= hashtab_insert(h
, key
, levdatum
);
1362 sens_destroy(key
, levdatum
, NULL
);
1366 static int cat_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1369 struct cat_datum
*catdatum
;
1374 catdatum
= kzalloc(sizeof(*catdatum
), GFP_ATOMIC
);
1380 rc
= next_entry(buf
, fp
, sizeof buf
);
1384 len
= le32_to_cpu(buf
[0]);
1385 catdatum
->value
= le32_to_cpu(buf
[1]);
1386 catdatum
->isalias
= le32_to_cpu(buf
[2]);
1388 key
= kmalloc(len
+ 1,GFP_ATOMIC
);
1393 rc
= next_entry(key
, fp
, len
);
1398 rc
= hashtab_insert(h
, key
, catdatum
);
1405 cat_destroy(key
, catdatum
, NULL
);
1409 static int (*read_f
[SYM_NUM
]) (struct policydb
*p
, struct hashtab
*h
, void *fp
) =
1421 extern int ss_initialized
;
1424 * Read the configuration data from a policy database binary
1425 * representation file into a policy database structure.
1427 int policydb_read(struct policydb
*p
, void *fp
)
1429 struct role_allow
*ra
, *lra
;
1430 struct role_trans
*tr
, *ltr
;
1431 struct ocontext
*l
, *c
, *newc
;
1432 struct genfs
*genfs_p
, *genfs
, *newgenfs
;
1435 u32 len
, len2
, config
, nprim
, nel
, nel2
;
1437 struct policydb_compat_info
*info
;
1438 struct range_trans
*rt
, *lrt
;
1442 rc
= policydb_init(p
);
1446 /* Read the magic number and string length. */
1447 rc
= next_entry(buf
, fp
, sizeof(u32
)* 2);
1451 if (le32_to_cpu(buf
[0]) != POLICYDB_MAGIC
) {
1452 printk(KERN_ERR
"security: policydb magic number 0x%x does "
1453 "not match expected magic number 0x%x\n",
1454 le32_to_cpu(buf
[0]), POLICYDB_MAGIC
);
1458 len
= le32_to_cpu(buf
[1]);
1459 if (len
!= strlen(POLICYDB_STRING
)) {
1460 printk(KERN_ERR
"security: policydb string length %d does not "
1461 "match expected length %Zu\n",
1462 len
, strlen(POLICYDB_STRING
));
1465 policydb_str
= kmalloc(len
+ 1,GFP_KERNEL
);
1466 if (!policydb_str
) {
1467 printk(KERN_ERR
"security: unable to allocate memory for policydb "
1468 "string of length %d\n", len
);
1472 rc
= next_entry(policydb_str
, fp
, len
);
1474 printk(KERN_ERR
"security: truncated policydb string identifier\n");
1475 kfree(policydb_str
);
1478 policydb_str
[len
] = 0;
1479 if (strcmp(policydb_str
, POLICYDB_STRING
)) {
1480 printk(KERN_ERR
"security: policydb string %s does not match "
1481 "my string %s\n", policydb_str
, POLICYDB_STRING
);
1482 kfree(policydb_str
);
1485 /* Done with policydb_str. */
1486 kfree(policydb_str
);
1487 policydb_str
= NULL
;
1489 /* Read the version, config, and table sizes. */
1490 rc
= next_entry(buf
, fp
, sizeof(u32
)*4);
1494 p
->policyvers
= le32_to_cpu(buf
[0]);
1495 if (p
->policyvers
< POLICYDB_VERSION_MIN
||
1496 p
->policyvers
> POLICYDB_VERSION_MAX
) {
1497 printk(KERN_ERR
"security: policydb version %d does not match "
1498 "my version range %d-%d\n",
1499 le32_to_cpu(buf
[0]), POLICYDB_VERSION_MIN
, POLICYDB_VERSION_MAX
);
1503 if ((le32_to_cpu(buf
[1]) & POLICYDB_CONFIG_MLS
)) {
1504 if (ss_initialized
&& !selinux_mls_enabled
) {
1505 printk(KERN_ERR
"Cannot switch between non-MLS and MLS "
1509 selinux_mls_enabled
= 1;
1510 config
|= POLICYDB_CONFIG_MLS
;
1512 if (p
->policyvers
< POLICYDB_VERSION_MLS
) {
1513 printk(KERN_ERR
"security policydb version %d (MLS) "
1514 "not backwards compatible\n", p
->policyvers
);
1518 if (ss_initialized
&& selinux_mls_enabled
) {
1519 printk(KERN_ERR
"Cannot switch between MLS and non-MLS "
1525 info
= policydb_lookup_compat(p
->policyvers
);
1527 printk(KERN_ERR
"security: unable to find policy compat info "
1528 "for version %d\n", p
->policyvers
);
1532 if (le32_to_cpu(buf
[2]) != info
->sym_num
||
1533 le32_to_cpu(buf
[3]) != info
->ocon_num
) {
1534 printk(KERN_ERR
"security: policydb table sizes (%d,%d) do "
1535 "not match mine (%d,%d)\n", le32_to_cpu(buf
[2]),
1536 le32_to_cpu(buf
[3]),
1537 info
->sym_num
, info
->ocon_num
);
1541 for (i
= 0; i
< info
->sym_num
; i
++) {
1542 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1545 nprim
= le32_to_cpu(buf
[0]);
1546 nel
= le32_to_cpu(buf
[1]);
1547 for (j
= 0; j
< nel
; j
++) {
1548 rc
= read_f
[i
](p
, p
->symtab
[i
].table
, fp
);
1553 p
->symtab
[i
].nprim
= nprim
;
1556 rc
= avtab_read(&p
->te_avtab
, fp
, p
->policyvers
);
1560 if (p
->policyvers
>= POLICYDB_VERSION_BOOL
) {
1561 rc
= cond_read_list(p
, fp
);
1566 rc
= next_entry(buf
, fp
, sizeof(u32
));
1569 nel
= le32_to_cpu(buf
[0]);
1571 for (i
= 0; i
< nel
; i
++) {
1572 tr
= kzalloc(sizeof(*tr
), GFP_KERNEL
);
1582 rc
= next_entry(buf
, fp
, sizeof(u32
)*3);
1585 tr
->role
= le32_to_cpu(buf
[0]);
1586 tr
->type
= le32_to_cpu(buf
[1]);
1587 tr
->new_role
= le32_to_cpu(buf
[2]);
1591 rc
= next_entry(buf
, fp
, sizeof(u32
));
1594 nel
= le32_to_cpu(buf
[0]);
1596 for (i
= 0; i
< nel
; i
++) {
1597 ra
= kzalloc(sizeof(*ra
), GFP_KERNEL
);
1607 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1610 ra
->role
= le32_to_cpu(buf
[0]);
1611 ra
->new_role
= le32_to_cpu(buf
[1]);
1615 rc
= policydb_index_classes(p
);
1619 rc
= policydb_index_others(p
);
1623 for (i
= 0; i
< info
->ocon_num
; i
++) {
1624 rc
= next_entry(buf
, fp
, sizeof(u32
));
1627 nel
= le32_to_cpu(buf
[0]);
1629 for (j
= 0; j
< nel
; j
++) {
1630 c
= kzalloc(sizeof(*c
), GFP_KERNEL
);
1638 p
->ocontexts
[i
] = c
;
1644 rc
= next_entry(buf
, fp
, sizeof(u32
));
1647 c
->sid
[0] = le32_to_cpu(buf
[0]);
1648 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1654 rc
= next_entry(buf
, fp
, sizeof(u32
));
1657 len
= le32_to_cpu(buf
[0]);
1658 c
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1663 rc
= next_entry(c
->u
.name
, fp
, len
);
1667 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1670 rc
= context_read_and_validate(&c
->context
[1], p
, fp
);
1675 rc
= next_entry(buf
, fp
, sizeof(u32
)*3);
1678 c
->u
.port
.protocol
= le32_to_cpu(buf
[0]);
1679 c
->u
.port
.low_port
= le32_to_cpu(buf
[1]);
1680 c
->u
.port
.high_port
= le32_to_cpu(buf
[2]);
1681 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1686 rc
= next_entry(buf
, fp
, sizeof(u32
)* 2);
1689 c
->u
.node
.addr
= le32_to_cpu(buf
[0]);
1690 c
->u
.node
.mask
= le32_to_cpu(buf
[1]);
1691 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1696 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1699 c
->v
.behavior
= le32_to_cpu(buf
[0]);
1700 if (c
->v
.behavior
> SECURITY_FS_USE_NONE
)
1702 len
= le32_to_cpu(buf
[1]);
1703 c
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1708 rc
= next_entry(c
->u
.name
, fp
, len
);
1712 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1719 rc
= next_entry(buf
, fp
, sizeof(u32
) * 8);
1722 for (k
= 0; k
< 4; k
++)
1723 c
->u
.node6
.addr
[k
] = le32_to_cpu(buf
[k
]);
1724 for (k
= 0; k
< 4; k
++)
1725 c
->u
.node6
.mask
[k
] = le32_to_cpu(buf
[k
+4]);
1726 if (context_read_and_validate(&c
->context
[0], p
, fp
))
1734 rc
= next_entry(buf
, fp
, sizeof(u32
));
1737 nel
= le32_to_cpu(buf
[0]);
1740 for (i
= 0; i
< nel
; i
++) {
1741 rc
= next_entry(buf
, fp
, sizeof(u32
));
1744 len
= le32_to_cpu(buf
[0]);
1745 newgenfs
= kzalloc(sizeof(*newgenfs
), GFP_KERNEL
);
1751 newgenfs
->fstype
= kmalloc(len
+ 1,GFP_KERNEL
);
1752 if (!newgenfs
->fstype
) {
1757 rc
= next_entry(newgenfs
->fstype
, fp
, len
);
1759 kfree(newgenfs
->fstype
);
1763 newgenfs
->fstype
[len
] = 0;
1764 for (genfs_p
= NULL
, genfs
= p
->genfs
; genfs
;
1765 genfs_p
= genfs
, genfs
= genfs
->next
) {
1766 if (strcmp(newgenfs
->fstype
, genfs
->fstype
) == 0) {
1767 printk(KERN_ERR
"security: dup genfs "
1768 "fstype %s\n", newgenfs
->fstype
);
1769 kfree(newgenfs
->fstype
);
1773 if (strcmp(newgenfs
->fstype
, genfs
->fstype
) < 0)
1776 newgenfs
->next
= genfs
;
1778 genfs_p
->next
= newgenfs
;
1780 p
->genfs
= newgenfs
;
1781 rc
= next_entry(buf
, fp
, sizeof(u32
));
1784 nel2
= le32_to_cpu(buf
[0]);
1785 for (j
= 0; j
< nel2
; j
++) {
1786 rc
= next_entry(buf
, fp
, sizeof(u32
));
1789 len
= le32_to_cpu(buf
[0]);
1791 newc
= kzalloc(sizeof(*newc
), GFP_KERNEL
);
1797 newc
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1798 if (!newc
->u
.name
) {
1802 rc
= next_entry(newc
->u
.name
, fp
, len
);
1805 newc
->u
.name
[len
] = 0;
1806 rc
= next_entry(buf
, fp
, sizeof(u32
));
1809 newc
->v
.sclass
= le32_to_cpu(buf
[0]);
1810 if (context_read_and_validate(&newc
->context
[0], p
, fp
))
1812 for (l
= NULL
, c
= newgenfs
->head
; c
;
1813 l
= c
, c
= c
->next
) {
1814 if (!strcmp(newc
->u
.name
, c
->u
.name
) &&
1815 (!c
->v
.sclass
|| !newc
->v
.sclass
||
1816 newc
->v
.sclass
== c
->v
.sclass
)) {
1817 printk(KERN_ERR
"security: dup genfs "
1819 newgenfs
->fstype
, c
->u
.name
);
1822 len
= strlen(newc
->u
.name
);
1823 len2
= strlen(c
->u
.name
);
1832 newgenfs
->head
= newc
;
1836 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
1837 int new_rangetr
= p
->policyvers
>= POLICYDB_VERSION_RANGETRANS
;
1838 rc
= next_entry(buf
, fp
, sizeof(u32
));
1841 nel
= le32_to_cpu(buf
[0]);
1843 for (i
= 0; i
< nel
; i
++) {
1844 rt
= kzalloc(sizeof(*rt
), GFP_KERNEL
);
1853 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 2));
1856 rt
->source_type
= le32_to_cpu(buf
[0]);
1857 rt
->target_type
= le32_to_cpu(buf
[1]);
1859 rc
= next_entry(buf
, fp
, sizeof(u32
));
1862 rt
->target_class
= le32_to_cpu(buf
[0]);
1864 rt
->target_class
= SECCLASS_PROCESS
;
1865 rc
= mls_read_range_helper(&rt
->target_range
, fp
);
1872 p
->type_attr_map
= kmalloc(p
->p_types
.nprim
*sizeof(struct ebitmap
), GFP_KERNEL
);
1873 if (!p
->type_attr_map
)
1876 for (i
= 0; i
< p
->p_types
.nprim
; i
++) {
1877 ebitmap_init(&p
->type_attr_map
[i
]);
1878 if (p
->policyvers
>= POLICYDB_VERSION_AVTAB
) {
1879 if (ebitmap_read(&p
->type_attr_map
[i
], fp
))
1882 /* add the type itself as the degenerate case */
1883 if (ebitmap_set_bit(&p
->type_attr_map
[i
], i
, 1))
1891 ocontext_destroy(newc
,OCON_FSUSE
);
1895 policydb_destroy(p
);