Merge branch 'block-dir' of git://brick.kernel.dk/data/git/linux-2.6-block
[linux-2.6] / security / selinux / ss / policydb.c
1 /*
2  * Implementation of the policy database.
3  *
4  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5  */
6
7 /*
8  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9  *
10  *      Support for enhanced MLS infrastructure.
11  *
12  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
13  *
14  *      Added conditional policy language extensions
15  *
16  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
17  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
18  *      This program is free software; you can redistribute it and/or modify
19  *      it under the terms of the GNU General Public License as published by
20  *      the Free Software Foundation, version 2.
21  */
22
23 #include <linux/kernel.h>
24 #include <linux/slab.h>
25 #include <linux/string.h>
26 #include <linux/errno.h>
27 #include "security.h"
28
29 #include "policydb.h"
30 #include "conditional.h"
31 #include "mls.h"
32
33 #define _DEBUG_HASHES
34
35 #ifdef DEBUG_HASHES
36 static char *symtab_name[SYM_NUM] = {
37         "common prefixes",
38         "classes",
39         "roles",
40         "types",
41         "users",
42         "bools",
43         "levels",
44         "categories",
45 };
46 #endif
47
48 int selinux_mls_enabled = 0;
49
50 static unsigned int symtab_sizes[SYM_NUM] = {
51         2,
52         32,
53         16,
54         512,
55         128,
56         16,
57         16,
58         16,
59 };
60
61 struct policydb_compat_info {
62         int version;
63         int sym_num;
64         int ocon_num;
65 };
66
67 /* These need to be updated if SYM_NUM or OCON_NUM changes */
68 static struct policydb_compat_info policydb_compat[] = {
69         {
70                 .version        = POLICYDB_VERSION_BASE,
71                 .sym_num        = SYM_NUM - 3,
72                 .ocon_num       = OCON_NUM - 1,
73         },
74         {
75                 .version        = POLICYDB_VERSION_BOOL,
76                 .sym_num        = SYM_NUM - 2,
77                 .ocon_num       = OCON_NUM - 1,
78         },
79         {
80                 .version        = POLICYDB_VERSION_IPV6,
81                 .sym_num        = SYM_NUM - 2,
82                 .ocon_num       = OCON_NUM,
83         },
84         {
85                 .version        = POLICYDB_VERSION_NLCLASS,
86                 .sym_num        = SYM_NUM - 2,
87                 .ocon_num       = OCON_NUM,
88         },
89         {
90                 .version        = POLICYDB_VERSION_MLS,
91                 .sym_num        = SYM_NUM,
92                 .ocon_num       = OCON_NUM,
93         },
94         {
95                 .version        = POLICYDB_VERSION_AVTAB,
96                 .sym_num        = SYM_NUM,
97                 .ocon_num       = OCON_NUM,
98         },
99 };
100
101 static struct policydb_compat_info *policydb_lookup_compat(int version)
102 {
103         int i;
104         struct policydb_compat_info *info = NULL;
105
106         for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) {
107                 if (policydb_compat[i].version == version) {
108                         info = &policydb_compat[i];
109                         break;
110                 }
111         }
112         return info;
113 }
114
115 /*
116  * Initialize the role table.
117  */
118 static int roles_init(struct policydb *p)
119 {
120         char *key = NULL;
121         int rc;
122         struct role_datum *role;
123
124         role = kzalloc(sizeof(*role), GFP_KERNEL);
125         if (!role) {
126                 rc = -ENOMEM;
127                 goto out;
128         }
129         role->value = ++p->p_roles.nprim;
130         if (role->value != OBJECT_R_VAL) {
131                 rc = -EINVAL;
132                 goto out_free_role;
133         }
134         key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL);
135         if (!key) {
136                 rc = -ENOMEM;
137                 goto out_free_role;
138         }
139         strcpy(key, OBJECT_R);
140         rc = hashtab_insert(p->p_roles.table, key, role);
141         if (rc)
142                 goto out_free_key;
143 out:
144         return rc;
145
146 out_free_key:
147         kfree(key);
148 out_free_role:
149         kfree(role);
150         goto out;
151 }
152
153 /*
154  * Initialize a policy database structure.
155  */
156 static int policydb_init(struct policydb *p)
157 {
158         int i, rc;
159
160         memset(p, 0, sizeof(*p));
161
162         for (i = 0; i < SYM_NUM; i++) {
163                 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
164                 if (rc)
165                         goto out_free_symtab;
166         }
167
168         rc = avtab_init(&p->te_avtab);
169         if (rc)
170                 goto out_free_symtab;
171
172         rc = roles_init(p);
173         if (rc)
174                 goto out_free_avtab;
175
176         rc = cond_policydb_init(p);
177         if (rc)
178                 goto out_free_avtab;
179
180 out:
181         return rc;
182
183 out_free_avtab:
184         avtab_destroy(&p->te_avtab);
185
186 out_free_symtab:
187         for (i = 0; i < SYM_NUM; i++)
188                 hashtab_destroy(p->symtab[i].table);
189         goto out;
190 }
191
192 /*
193  * The following *_index functions are used to
194  * define the val_to_name and val_to_struct arrays
195  * in a policy database structure.  The val_to_name
196  * arrays are used when converting security context
197  * structures into string representations.  The
198  * val_to_struct arrays are used when the attributes
199  * of a class, role, or user are needed.
200  */
201
202 static int common_index(void *key, void *datum, void *datap)
203 {
204         struct policydb *p;
205         struct common_datum *comdatum;
206
207         comdatum = datum;
208         p = datap;
209         if (!comdatum->value || comdatum->value > p->p_commons.nprim)
210                 return -EINVAL;
211         p->p_common_val_to_name[comdatum->value - 1] = key;
212         return 0;
213 }
214
215 static int class_index(void *key, void *datum, void *datap)
216 {
217         struct policydb *p;
218         struct class_datum *cladatum;
219
220         cladatum = datum;
221         p = datap;
222         if (!cladatum->value || cladatum->value > p->p_classes.nprim)
223                 return -EINVAL;
224         p->p_class_val_to_name[cladatum->value - 1] = key;
225         p->class_val_to_struct[cladatum->value - 1] = cladatum;
226         return 0;
227 }
228
229 static int role_index(void *key, void *datum, void *datap)
230 {
231         struct policydb *p;
232         struct role_datum *role;
233
234         role = datum;
235         p = datap;
236         if (!role->value || role->value > p->p_roles.nprim)
237                 return -EINVAL;
238         p->p_role_val_to_name[role->value - 1] = key;
239         p->role_val_to_struct[role->value - 1] = role;
240         return 0;
241 }
242
243 static int type_index(void *key, void *datum, void *datap)
244 {
245         struct policydb *p;
246         struct type_datum *typdatum;
247
248         typdatum = datum;
249         p = datap;
250
251         if (typdatum->primary) {
252                 if (!typdatum->value || typdatum->value > p->p_types.nprim)
253                         return -EINVAL;
254                 p->p_type_val_to_name[typdatum->value - 1] = key;
255         }
256
257         return 0;
258 }
259
260 static int user_index(void *key, void *datum, void *datap)
261 {
262         struct policydb *p;
263         struct user_datum *usrdatum;
264
265         usrdatum = datum;
266         p = datap;
267         if (!usrdatum->value || usrdatum->value > p->p_users.nprim)
268                 return -EINVAL;
269         p->p_user_val_to_name[usrdatum->value - 1] = key;
270         p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
271         return 0;
272 }
273
274 static int sens_index(void *key, void *datum, void *datap)
275 {
276         struct policydb *p;
277         struct level_datum *levdatum;
278
279         levdatum = datum;
280         p = datap;
281
282         if (!levdatum->isalias) {
283                 if (!levdatum->level->sens ||
284                     levdatum->level->sens > p->p_levels.nprim)
285                         return -EINVAL;
286                 p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
287         }
288
289         return 0;
290 }
291
292 static int cat_index(void *key, void *datum, void *datap)
293 {
294         struct policydb *p;
295         struct cat_datum *catdatum;
296
297         catdatum = datum;
298         p = datap;
299
300         if (!catdatum->isalias) {
301                 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
302                         return -EINVAL;
303                 p->p_cat_val_to_name[catdatum->value - 1] = key;
304         }
305
306         return 0;
307 }
308
309 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
310 {
311         common_index,
312         class_index,
313         role_index,
314         type_index,
315         user_index,
316         cond_index_bool,
317         sens_index,
318         cat_index,
319 };
320
321 /*
322  * Define the common val_to_name array and the class
323  * val_to_name and val_to_struct arrays in a policy
324  * database structure.
325  *
326  * Caller must clean up upon failure.
327  */
328 static int policydb_index_classes(struct policydb *p)
329 {
330         int rc;
331
332         p->p_common_val_to_name =
333                 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
334         if (!p->p_common_val_to_name) {
335                 rc = -ENOMEM;
336                 goto out;
337         }
338
339         rc = hashtab_map(p->p_commons.table, common_index, p);
340         if (rc)
341                 goto out;
342
343         p->class_val_to_struct =
344                 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
345         if (!p->class_val_to_struct) {
346                 rc = -ENOMEM;
347                 goto out;
348         }
349
350         p->p_class_val_to_name =
351                 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
352         if (!p->p_class_val_to_name) {
353                 rc = -ENOMEM;
354                 goto out;
355         }
356
357         rc = hashtab_map(p->p_classes.table, class_index, p);
358 out:
359         return rc;
360 }
361
362 #ifdef DEBUG_HASHES
363 static void symtab_hash_eval(struct symtab *s)
364 {
365         int i;
366
367         for (i = 0; i < SYM_NUM; i++) {
368                 struct hashtab *h = s[i].table;
369                 struct hashtab_info info;
370
371                 hashtab_stat(h, &info);
372                 printk(KERN_INFO "%s:  %d entries and %d/%d buckets used, "
373                        "longest chain length %d\n", symtab_name[i], h->nel,
374                        info.slots_used, h->size, info.max_chain_len);
375         }
376 }
377 #endif
378
379 /*
380  * Define the other val_to_name and val_to_struct arrays
381  * in a policy database structure.
382  *
383  * Caller must clean up on failure.
384  */
385 static int policydb_index_others(struct policydb *p)
386 {
387         int i, rc = 0;
388
389         printk(KERN_INFO "security:  %d users, %d roles, %d types, %d bools",
390                p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
391         if (selinux_mls_enabled)
392                 printk(", %d sens, %d cats", p->p_levels.nprim,
393                        p->p_cats.nprim);
394         printk("\n");
395
396         printk(KERN_INFO "security:  %d classes, %d rules\n",
397                p->p_classes.nprim, p->te_avtab.nel);
398
399 #ifdef DEBUG_HASHES
400         avtab_hash_eval(&p->te_avtab, "rules");
401         symtab_hash_eval(p->symtab);
402 #endif
403
404         p->role_val_to_struct =
405                 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
406                         GFP_KERNEL);
407         if (!p->role_val_to_struct) {
408                 rc = -ENOMEM;
409                 goto out;
410         }
411
412         p->user_val_to_struct =
413                 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
414                         GFP_KERNEL);
415         if (!p->user_val_to_struct) {
416                 rc = -ENOMEM;
417                 goto out;
418         }
419
420         if (cond_init_bool_indexes(p)) {
421                 rc = -ENOMEM;
422                 goto out;
423         }
424
425         for (i = SYM_ROLES; i < SYM_NUM; i++) {
426                 p->sym_val_to_name[i] =
427                         kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
428                 if (!p->sym_val_to_name[i]) {
429                         rc = -ENOMEM;
430                         goto out;
431                 }
432                 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
433                 if (rc)
434                         goto out;
435         }
436
437 out:
438         return rc;
439 }
440
441 /*
442  * The following *_destroy functions are used to
443  * free any memory allocated for each kind of
444  * symbol data in the policy database.
445  */
446
447 static int perm_destroy(void *key, void *datum, void *p)
448 {
449         kfree(key);
450         kfree(datum);
451         return 0;
452 }
453
454 static int common_destroy(void *key, void *datum, void *p)
455 {
456         struct common_datum *comdatum;
457
458         kfree(key);
459         comdatum = datum;
460         hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
461         hashtab_destroy(comdatum->permissions.table);
462         kfree(datum);
463         return 0;
464 }
465
466 static int class_destroy(void *key, void *datum, void *p)
467 {
468         struct class_datum *cladatum;
469         struct constraint_node *constraint, *ctemp;
470         struct constraint_expr *e, *etmp;
471
472         kfree(key);
473         cladatum = datum;
474         hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
475         hashtab_destroy(cladatum->permissions.table);
476         constraint = cladatum->constraints;
477         while (constraint) {
478                 e = constraint->expr;
479                 while (e) {
480                         ebitmap_destroy(&e->names);
481                         etmp = e;
482                         e = e->next;
483                         kfree(etmp);
484                 }
485                 ctemp = constraint;
486                 constraint = constraint->next;
487                 kfree(ctemp);
488         }
489
490         constraint = cladatum->validatetrans;
491         while (constraint) {
492                 e = constraint->expr;
493                 while (e) {
494                         ebitmap_destroy(&e->names);
495                         etmp = e;
496                         e = e->next;
497                         kfree(etmp);
498                 }
499                 ctemp = constraint;
500                 constraint = constraint->next;
501                 kfree(ctemp);
502         }
503
504         kfree(cladatum->comkey);
505         kfree(datum);
506         return 0;
507 }
508
509 static int role_destroy(void *key, void *datum, void *p)
510 {
511         struct role_datum *role;
512
513         kfree(key);
514         role = datum;
515         ebitmap_destroy(&role->dominates);
516         ebitmap_destroy(&role->types);
517         kfree(datum);
518         return 0;
519 }
520
521 static int type_destroy(void *key, void *datum, void *p)
522 {
523         kfree(key);
524         kfree(datum);
525         return 0;
526 }
527
528 static int user_destroy(void *key, void *datum, void *p)
529 {
530         struct user_datum *usrdatum;
531
532         kfree(key);
533         usrdatum = datum;
534         ebitmap_destroy(&usrdatum->roles);
535         ebitmap_destroy(&usrdatum->range.level[0].cat);
536         ebitmap_destroy(&usrdatum->range.level[1].cat);
537         ebitmap_destroy(&usrdatum->dfltlevel.cat);
538         kfree(datum);
539         return 0;
540 }
541
542 static int sens_destroy(void *key, void *datum, void *p)
543 {
544         struct level_datum *levdatum;
545
546         kfree(key);
547         levdatum = datum;
548         ebitmap_destroy(&levdatum->level->cat);
549         kfree(levdatum->level);
550         kfree(datum);
551         return 0;
552 }
553
554 static int cat_destroy(void *key, void *datum, void *p)
555 {
556         kfree(key);
557         kfree(datum);
558         return 0;
559 }
560
561 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
562 {
563         common_destroy,
564         class_destroy,
565         role_destroy,
566         type_destroy,
567         user_destroy,
568         cond_destroy_bool,
569         sens_destroy,
570         cat_destroy,
571 };
572
573 static void ocontext_destroy(struct ocontext *c, int i)
574 {
575         context_destroy(&c->context[0]);
576         context_destroy(&c->context[1]);
577         if (i == OCON_ISID || i == OCON_FS ||
578             i == OCON_NETIF || i == OCON_FSUSE)
579                 kfree(c->u.name);
580         kfree(c);
581 }
582
583 /*
584  * Free any memory allocated by a policy database structure.
585  */
586 void policydb_destroy(struct policydb *p)
587 {
588         struct ocontext *c, *ctmp;
589         struct genfs *g, *gtmp;
590         int i;
591         struct role_allow *ra, *lra = NULL;
592         struct role_trans *tr, *ltr = NULL;
593         struct range_trans *rt, *lrt = NULL;
594
595         for (i = 0; i < SYM_NUM; i++) {
596                 hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
597                 hashtab_destroy(p->symtab[i].table);
598         }
599
600         for (i = 0; i < SYM_NUM; i++)
601                 kfree(p->sym_val_to_name[i]);
602
603         kfree(p->class_val_to_struct);
604         kfree(p->role_val_to_struct);
605         kfree(p->user_val_to_struct);
606
607         avtab_destroy(&p->te_avtab);
608
609         for (i = 0; i < OCON_NUM; i++) {
610                 c = p->ocontexts[i];
611                 while (c) {
612                         ctmp = c;
613                         c = c->next;
614                         ocontext_destroy(ctmp,i);
615                 }
616         }
617
618         g = p->genfs;
619         while (g) {
620                 kfree(g->fstype);
621                 c = g->head;
622                 while (c) {
623                         ctmp = c;
624                         c = c->next;
625                         ocontext_destroy(ctmp,OCON_FSUSE);
626                 }
627                 gtmp = g;
628                 g = g->next;
629                 kfree(gtmp);
630         }
631
632         cond_policydb_destroy(p);
633
634         for (tr = p->role_tr; tr; tr = tr->next) {
635                 kfree(ltr);
636                 ltr = tr;
637         }
638         kfree(ltr);
639
640         for (ra = p->role_allow; ra; ra = ra -> next) {
641                 kfree(lra);
642                 lra = ra;
643         }
644         kfree(lra);
645
646         for (rt = p->range_tr; rt; rt = rt -> next) {
647                 kfree(lrt);
648                 lrt = rt;
649         }
650         kfree(lrt);
651
652         if (p->type_attr_map) {
653                 for (i = 0; i < p->p_types.nprim; i++)
654                         ebitmap_destroy(&p->type_attr_map[i]);
655         }
656         kfree(p->type_attr_map);
657
658         return;
659 }
660
661 /*
662  * Load the initial SIDs specified in a policy database
663  * structure into a SID table.
664  */
665 int policydb_load_isids(struct policydb *p, struct sidtab *s)
666 {
667         struct ocontext *head, *c;
668         int rc;
669
670         rc = sidtab_init(s);
671         if (rc) {
672                 printk(KERN_ERR "security:  out of memory on SID table init\n");
673                 goto out;
674         }
675
676         head = p->ocontexts[OCON_ISID];
677         for (c = head; c; c = c->next) {
678                 if (!c->context[0].user) {
679                         printk(KERN_ERR "security:  SID %s was never "
680                                "defined.\n", c->u.name);
681                         rc = -EINVAL;
682                         goto out;
683                 }
684                 if (sidtab_insert(s, c->sid[0], &c->context[0])) {
685                         printk(KERN_ERR "security:  unable to load initial "
686                                "SID %s.\n", c->u.name);
687                         rc = -EINVAL;
688                         goto out;
689                 }
690         }
691 out:
692         return rc;
693 }
694
695 /*
696  * Return 1 if the fields in the security context
697  * structure `c' are valid.  Return 0 otherwise.
698  */
699 int policydb_context_isvalid(struct policydb *p, struct context *c)
700 {
701         struct role_datum *role;
702         struct user_datum *usrdatum;
703
704         if (!c->role || c->role > p->p_roles.nprim)
705                 return 0;
706
707         if (!c->user || c->user > p->p_users.nprim)
708                 return 0;
709
710         if (!c->type || c->type > p->p_types.nprim)
711                 return 0;
712
713         if (c->role != OBJECT_R_VAL) {
714                 /*
715                  * Role must be authorized for the type.
716                  */
717                 role = p->role_val_to_struct[c->role - 1];
718                 if (!ebitmap_get_bit(&role->types,
719                                      c->type - 1))
720                         /* role may not be associated with type */
721                         return 0;
722
723                 /*
724                  * User must be authorized for the role.
725                  */
726                 usrdatum = p->user_val_to_struct[c->user - 1];
727                 if (!usrdatum)
728                         return 0;
729
730                 if (!ebitmap_get_bit(&usrdatum->roles,
731                                      c->role - 1))
732                         /* user may not be associated with role */
733                         return 0;
734         }
735
736         if (!mls_context_isvalid(p, c))
737                 return 0;
738
739         return 1;
740 }
741
742 /*
743  * Read a MLS range structure from a policydb binary
744  * representation file.
745  */
746 static int mls_read_range_helper(struct mls_range *r, void *fp)
747 {
748         __le32 buf[2];
749         u32 items;
750         int rc;
751
752         rc = next_entry(buf, fp, sizeof(u32));
753         if (rc < 0)
754                 goto out;
755
756         items = le32_to_cpu(buf[0]);
757         if (items > ARRAY_SIZE(buf)) {
758                 printk(KERN_ERR "security: mls:  range overflow\n");
759                 rc = -EINVAL;
760                 goto out;
761         }
762         rc = next_entry(buf, fp, sizeof(u32) * items);
763         if (rc < 0) {
764                 printk(KERN_ERR "security: mls:  truncated range\n");
765                 goto out;
766         }
767         r->level[0].sens = le32_to_cpu(buf[0]);
768         if (items > 1)
769                 r->level[1].sens = le32_to_cpu(buf[1]);
770         else
771                 r->level[1].sens = r->level[0].sens;
772
773         rc = ebitmap_read(&r->level[0].cat, fp);
774         if (rc) {
775                 printk(KERN_ERR "security: mls:  error reading low "
776                        "categories\n");
777                 goto out;
778         }
779         if (items > 1) {
780                 rc = ebitmap_read(&r->level[1].cat, fp);
781                 if (rc) {
782                         printk(KERN_ERR "security: mls:  error reading high "
783                                "categories\n");
784                         goto bad_high;
785                 }
786         } else {
787                 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
788                 if (rc) {
789                         printk(KERN_ERR "security: mls:  out of memory\n");
790                         goto bad_high;
791                 }
792         }
793
794         rc = 0;
795 out:
796         return rc;
797 bad_high:
798         ebitmap_destroy(&r->level[0].cat);
799         goto out;
800 }
801
802 /*
803  * Read and validate a security context structure
804  * from a policydb binary representation file.
805  */
806 static int context_read_and_validate(struct context *c,
807                                      struct policydb *p,
808                                      void *fp)
809 {
810         __le32 buf[3];
811         int rc;
812
813         rc = next_entry(buf, fp, sizeof buf);
814         if (rc < 0) {
815                 printk(KERN_ERR "security: context truncated\n");
816                 goto out;
817         }
818         c->user = le32_to_cpu(buf[0]);
819         c->role = le32_to_cpu(buf[1]);
820         c->type = le32_to_cpu(buf[2]);
821         if (p->policyvers >= POLICYDB_VERSION_MLS) {
822                 if (mls_read_range_helper(&c->range, fp)) {
823                         printk(KERN_ERR "security: error reading MLS range of "
824                                "context\n");
825                         rc = -EINVAL;
826                         goto out;
827                 }
828         }
829
830         if (!policydb_context_isvalid(p, c)) {
831                 printk(KERN_ERR "security:  invalid security context\n");
832                 context_destroy(c);
833                 rc = -EINVAL;
834         }
835 out:
836         return rc;
837 }
838
839 /*
840  * The following *_read functions are used to
841  * read the symbol data from a policy database
842  * binary representation file.
843  */
844
845 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
846 {
847         char *key = NULL;
848         struct perm_datum *perdatum;
849         int rc;
850         __le32 buf[2];
851         u32 len;
852
853         perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
854         if (!perdatum) {
855                 rc = -ENOMEM;
856                 goto out;
857         }
858
859         rc = next_entry(buf, fp, sizeof buf);
860         if (rc < 0)
861                 goto bad;
862
863         len = le32_to_cpu(buf[0]);
864         perdatum->value = le32_to_cpu(buf[1]);
865
866         key = kmalloc(len + 1,GFP_KERNEL);
867         if (!key) {
868                 rc = -ENOMEM;
869                 goto bad;
870         }
871         rc = next_entry(key, fp, len);
872         if (rc < 0)
873                 goto bad;
874         key[len] = 0;
875
876         rc = hashtab_insert(h, key, perdatum);
877         if (rc)
878                 goto bad;
879 out:
880         return rc;
881 bad:
882         perm_destroy(key, perdatum, NULL);
883         goto out;
884 }
885
886 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
887 {
888         char *key = NULL;
889         struct common_datum *comdatum;
890         __le32 buf[4];
891         u32 len, nel;
892         int i, rc;
893
894         comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
895         if (!comdatum) {
896                 rc = -ENOMEM;
897                 goto out;
898         }
899
900         rc = next_entry(buf, fp, sizeof buf);
901         if (rc < 0)
902                 goto bad;
903
904         len = le32_to_cpu(buf[0]);
905         comdatum->value = le32_to_cpu(buf[1]);
906
907         rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
908         if (rc)
909                 goto bad;
910         comdatum->permissions.nprim = le32_to_cpu(buf[2]);
911         nel = le32_to_cpu(buf[3]);
912
913         key = kmalloc(len + 1,GFP_KERNEL);
914         if (!key) {
915                 rc = -ENOMEM;
916                 goto bad;
917         }
918         rc = next_entry(key, fp, len);
919         if (rc < 0)
920                 goto bad;
921         key[len] = 0;
922
923         for (i = 0; i < nel; i++) {
924                 rc = perm_read(p, comdatum->permissions.table, fp);
925                 if (rc)
926                         goto bad;
927         }
928
929         rc = hashtab_insert(h, key, comdatum);
930         if (rc)
931                 goto bad;
932 out:
933         return rc;
934 bad:
935         common_destroy(key, comdatum, NULL);
936         goto out;
937 }
938
939 static int read_cons_helper(struct constraint_node **nodep, int ncons,
940                             int allowxtarget, void *fp)
941 {
942         struct constraint_node *c, *lc;
943         struct constraint_expr *e, *le;
944         __le32 buf[3];
945         u32 nexpr;
946         int rc, i, j, depth;
947
948         lc = NULL;
949         for (i = 0; i < ncons; i++) {
950                 c = kzalloc(sizeof(*c), GFP_KERNEL);
951                 if (!c)
952                         return -ENOMEM;
953
954                 if (lc) {
955                         lc->next = c;
956                 } else {
957                         *nodep = c;
958                 }
959
960                 rc = next_entry(buf, fp, (sizeof(u32) * 2));
961                 if (rc < 0)
962                         return rc;
963                 c->permissions = le32_to_cpu(buf[0]);
964                 nexpr = le32_to_cpu(buf[1]);
965                 le = NULL;
966                 depth = -1;
967                 for (j = 0; j < nexpr; j++) {
968                         e = kzalloc(sizeof(*e), GFP_KERNEL);
969                         if (!e)
970                                 return -ENOMEM;
971
972                         if (le) {
973                                 le->next = e;
974                         } else {
975                                 c->expr = e;
976                         }
977
978                         rc = next_entry(buf, fp, (sizeof(u32) * 3));
979                         if (rc < 0)
980                                 return rc;
981                         e->expr_type = le32_to_cpu(buf[0]);
982                         e->attr = le32_to_cpu(buf[1]);
983                         e->op = le32_to_cpu(buf[2]);
984
985                         switch (e->expr_type) {
986                         case CEXPR_NOT:
987                                 if (depth < 0)
988                                         return -EINVAL;
989                                 break;
990                         case CEXPR_AND:
991                         case CEXPR_OR:
992                                 if (depth < 1)
993                                         return -EINVAL;
994                                 depth--;
995                                 break;
996                         case CEXPR_ATTR:
997                                 if (depth == (CEXPR_MAXDEPTH - 1))
998                                         return -EINVAL;
999                                 depth++;
1000                                 break;
1001                         case CEXPR_NAMES:
1002                                 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1003                                         return -EINVAL;
1004                                 if (depth == (CEXPR_MAXDEPTH - 1))
1005                                         return -EINVAL;
1006                                 depth++;
1007                                 if (ebitmap_read(&e->names, fp))
1008                                         return -EINVAL;
1009                                 break;
1010                         default:
1011                                 return -EINVAL;
1012                         }
1013                         le = e;
1014                 }
1015                 if (depth != 0)
1016                         return -EINVAL;
1017                 lc = c;
1018         }
1019
1020         return 0;
1021 }
1022
1023 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1024 {
1025         char *key = NULL;
1026         struct class_datum *cladatum;
1027         __le32 buf[6];
1028         u32 len, len2, ncons, nel;
1029         int i, rc;
1030
1031         cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1032         if (!cladatum) {
1033                 rc = -ENOMEM;
1034                 goto out;
1035         }
1036
1037         rc = next_entry(buf, fp, sizeof(u32)*6);
1038         if (rc < 0)
1039                 goto bad;
1040
1041         len = le32_to_cpu(buf[0]);
1042         len2 = le32_to_cpu(buf[1]);
1043         cladatum->value = le32_to_cpu(buf[2]);
1044
1045         rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1046         if (rc)
1047                 goto bad;
1048         cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1049         nel = le32_to_cpu(buf[4]);
1050
1051         ncons = le32_to_cpu(buf[5]);
1052
1053         key = kmalloc(len + 1,GFP_KERNEL);
1054         if (!key) {
1055                 rc = -ENOMEM;
1056                 goto bad;
1057         }
1058         rc = next_entry(key, fp, len);
1059         if (rc < 0)
1060                 goto bad;
1061         key[len] = 0;
1062
1063         if (len2) {
1064                 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL);
1065                 if (!cladatum->comkey) {
1066                         rc = -ENOMEM;
1067                         goto bad;
1068                 }
1069                 rc = next_entry(cladatum->comkey, fp, len2);
1070                 if (rc < 0)
1071                         goto bad;
1072                 cladatum->comkey[len2] = 0;
1073
1074                 cladatum->comdatum = hashtab_search(p->p_commons.table,
1075                                                     cladatum->comkey);
1076                 if (!cladatum->comdatum) {
1077                         printk(KERN_ERR "security:  unknown common %s\n",
1078                                cladatum->comkey);
1079                         rc = -EINVAL;
1080                         goto bad;
1081                 }
1082         }
1083         for (i = 0; i < nel; i++) {
1084                 rc = perm_read(p, cladatum->permissions.table, fp);
1085                 if (rc)
1086                         goto bad;
1087         }
1088
1089         rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1090         if (rc)
1091                 goto bad;
1092
1093         if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1094                 /* grab the validatetrans rules */
1095                 rc = next_entry(buf, fp, sizeof(u32));
1096                 if (rc < 0)
1097                         goto bad;
1098                 ncons = le32_to_cpu(buf[0]);
1099                 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1100                 if (rc)
1101                         goto bad;
1102         }
1103
1104         rc = hashtab_insert(h, key, cladatum);
1105         if (rc)
1106                 goto bad;
1107
1108         rc = 0;
1109 out:
1110         return rc;
1111 bad:
1112         class_destroy(key, cladatum, NULL);
1113         goto out;
1114 }
1115
1116 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1117 {
1118         char *key = NULL;
1119         struct role_datum *role;
1120         int rc;
1121         __le32 buf[2];
1122         u32 len;
1123
1124         role = kzalloc(sizeof(*role), GFP_KERNEL);
1125         if (!role) {
1126                 rc = -ENOMEM;
1127                 goto out;
1128         }
1129
1130         rc = next_entry(buf, fp, sizeof buf);
1131         if (rc < 0)
1132                 goto bad;
1133
1134         len = le32_to_cpu(buf[0]);
1135         role->value = le32_to_cpu(buf[1]);
1136
1137         key = kmalloc(len + 1,GFP_KERNEL);
1138         if (!key) {
1139                 rc = -ENOMEM;
1140                 goto bad;
1141         }
1142         rc = next_entry(key, fp, len);
1143         if (rc < 0)
1144                 goto bad;
1145         key[len] = 0;
1146
1147         rc = ebitmap_read(&role->dominates, fp);
1148         if (rc)
1149                 goto bad;
1150
1151         rc = ebitmap_read(&role->types, fp);
1152         if (rc)
1153                 goto bad;
1154
1155         if (strcmp(key, OBJECT_R) == 0) {
1156                 if (role->value != OBJECT_R_VAL) {
1157                         printk(KERN_ERR "Role %s has wrong value %d\n",
1158                                OBJECT_R, role->value);
1159                         rc = -EINVAL;
1160                         goto bad;
1161                 }
1162                 rc = 0;
1163                 goto bad;
1164         }
1165
1166         rc = hashtab_insert(h, key, role);
1167         if (rc)
1168                 goto bad;
1169 out:
1170         return rc;
1171 bad:
1172         role_destroy(key, role, NULL);
1173         goto out;
1174 }
1175
1176 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1177 {
1178         char *key = NULL;
1179         struct type_datum *typdatum;
1180         int rc;
1181         __le32 buf[3];
1182         u32 len;
1183
1184         typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL);
1185         if (!typdatum) {
1186                 rc = -ENOMEM;
1187                 return rc;
1188         }
1189
1190         rc = next_entry(buf, fp, sizeof buf);
1191         if (rc < 0)
1192                 goto bad;
1193
1194         len = le32_to_cpu(buf[0]);
1195         typdatum->value = le32_to_cpu(buf[1]);
1196         typdatum->primary = le32_to_cpu(buf[2]);
1197
1198         key = kmalloc(len + 1,GFP_KERNEL);
1199         if (!key) {
1200                 rc = -ENOMEM;
1201                 goto bad;
1202         }
1203         rc = next_entry(key, fp, len);
1204         if (rc < 0)
1205                 goto bad;
1206         key[len] = 0;
1207
1208         rc = hashtab_insert(h, key, typdatum);
1209         if (rc)
1210                 goto bad;
1211 out:
1212         return rc;
1213 bad:
1214         type_destroy(key, typdatum, NULL);
1215         goto out;
1216 }
1217
1218
1219 /*
1220  * Read a MLS level structure from a policydb binary
1221  * representation file.
1222  */
1223 static int mls_read_level(struct mls_level *lp, void *fp)
1224 {
1225         __le32 buf[1];
1226         int rc;
1227
1228         memset(lp, 0, sizeof(*lp));
1229
1230         rc = next_entry(buf, fp, sizeof buf);
1231         if (rc < 0) {
1232                 printk(KERN_ERR "security: mls: truncated level\n");
1233                 goto bad;
1234         }
1235         lp->sens = le32_to_cpu(buf[0]);
1236
1237         if (ebitmap_read(&lp->cat, fp)) {
1238                 printk(KERN_ERR "security: mls:  error reading level "
1239                        "categories\n");
1240                 goto bad;
1241         }
1242         return 0;
1243
1244 bad:
1245         return -EINVAL;
1246 }
1247
1248 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1249 {
1250         char *key = NULL;
1251         struct user_datum *usrdatum;
1252         int rc;
1253         __le32 buf[2];
1254         u32 len;
1255
1256         usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1257         if (!usrdatum) {
1258                 rc = -ENOMEM;
1259                 goto out;
1260         }
1261
1262         rc = next_entry(buf, fp, sizeof buf);
1263         if (rc < 0)
1264                 goto bad;
1265
1266         len = le32_to_cpu(buf[0]);
1267         usrdatum->value = le32_to_cpu(buf[1]);
1268
1269         key = kmalloc(len + 1,GFP_KERNEL);
1270         if (!key) {
1271                 rc = -ENOMEM;
1272                 goto bad;
1273         }
1274         rc = next_entry(key, fp, len);
1275         if (rc < 0)
1276                 goto bad;
1277         key[len] = 0;
1278
1279         rc = ebitmap_read(&usrdatum->roles, fp);
1280         if (rc)
1281                 goto bad;
1282
1283         if (p->policyvers >= POLICYDB_VERSION_MLS) {
1284                 rc = mls_read_range_helper(&usrdatum->range, fp);
1285                 if (rc)
1286                         goto bad;
1287                 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1288                 if (rc)
1289                         goto bad;
1290         }
1291
1292         rc = hashtab_insert(h, key, usrdatum);
1293         if (rc)
1294                 goto bad;
1295 out:
1296         return rc;
1297 bad:
1298         user_destroy(key, usrdatum, NULL);
1299         goto out;
1300 }
1301
1302 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1303 {
1304         char *key = NULL;
1305         struct level_datum *levdatum;
1306         int rc;
1307         __le32 buf[2];
1308         u32 len;
1309
1310         levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1311         if (!levdatum) {
1312                 rc = -ENOMEM;
1313                 goto out;
1314         }
1315
1316         rc = next_entry(buf, fp, sizeof buf);
1317         if (rc < 0)
1318                 goto bad;
1319
1320         len = le32_to_cpu(buf[0]);
1321         levdatum->isalias = le32_to_cpu(buf[1]);
1322
1323         key = kmalloc(len + 1,GFP_ATOMIC);
1324         if (!key) {
1325                 rc = -ENOMEM;
1326                 goto bad;
1327         }
1328         rc = next_entry(key, fp, len);
1329         if (rc < 0)
1330                 goto bad;
1331         key[len] = 0;
1332
1333         levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1334         if (!levdatum->level) {
1335                 rc = -ENOMEM;
1336                 goto bad;
1337         }
1338         if (mls_read_level(levdatum->level, fp)) {
1339                 rc = -EINVAL;
1340                 goto bad;
1341         }
1342
1343         rc = hashtab_insert(h, key, levdatum);
1344         if (rc)
1345                 goto bad;
1346 out:
1347         return rc;
1348 bad:
1349         sens_destroy(key, levdatum, NULL);
1350         goto out;
1351 }
1352
1353 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1354 {
1355         char *key = NULL;
1356         struct cat_datum *catdatum;
1357         int rc;
1358         __le32 buf[3];
1359         u32 len;
1360
1361         catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1362         if (!catdatum) {
1363                 rc = -ENOMEM;
1364                 goto out;
1365         }
1366
1367         rc = next_entry(buf, fp, sizeof buf);
1368         if (rc < 0)
1369                 goto bad;
1370
1371         len = le32_to_cpu(buf[0]);
1372         catdatum->value = le32_to_cpu(buf[1]);
1373         catdatum->isalias = le32_to_cpu(buf[2]);
1374
1375         key = kmalloc(len + 1,GFP_ATOMIC);
1376         if (!key) {
1377                 rc = -ENOMEM;
1378                 goto bad;
1379         }
1380         rc = next_entry(key, fp, len);
1381         if (rc < 0)
1382                 goto bad;
1383         key[len] = 0;
1384
1385         rc = hashtab_insert(h, key, catdatum);
1386         if (rc)
1387                 goto bad;
1388 out:
1389         return rc;
1390
1391 bad:
1392         cat_destroy(key, catdatum, NULL);
1393         goto out;
1394 }
1395
1396 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1397 {
1398         common_read,
1399         class_read,
1400         role_read,
1401         type_read,
1402         user_read,
1403         cond_read_bool,
1404         sens_read,
1405         cat_read,
1406 };
1407
1408 extern int ss_initialized;
1409
1410 /*
1411  * Read the configuration data from a policy database binary
1412  * representation file into a policy database structure.
1413  */
1414 int policydb_read(struct policydb *p, void *fp)
1415 {
1416         struct role_allow *ra, *lra;
1417         struct role_trans *tr, *ltr;
1418         struct ocontext *l, *c, *newc;
1419         struct genfs *genfs_p, *genfs, *newgenfs;
1420         int i, j, rc;
1421         __le32 buf[8];
1422         u32 len, len2, config, nprim, nel, nel2;
1423         char *policydb_str;
1424         struct policydb_compat_info *info;
1425         struct range_trans *rt, *lrt;
1426
1427         config = 0;
1428
1429         rc = policydb_init(p);
1430         if (rc)
1431                 goto out;
1432
1433         /* Read the magic number and string length. */
1434         rc = next_entry(buf, fp, sizeof(u32)* 2);
1435         if (rc < 0)
1436                 goto bad;
1437
1438         if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
1439                 printk(KERN_ERR "security:  policydb magic number 0x%x does "
1440                        "not match expected magic number 0x%x\n",
1441                        le32_to_cpu(buf[0]), POLICYDB_MAGIC);
1442                 goto bad;
1443         }
1444
1445         len = le32_to_cpu(buf[1]);
1446         if (len != strlen(POLICYDB_STRING)) {
1447                 printk(KERN_ERR "security:  policydb string length %d does not "
1448                        "match expected length %Zu\n",
1449                        len, strlen(POLICYDB_STRING));
1450                 goto bad;
1451         }
1452         policydb_str = kmalloc(len + 1,GFP_KERNEL);
1453         if (!policydb_str) {
1454                 printk(KERN_ERR "security:  unable to allocate memory for policydb "
1455                        "string of length %d\n", len);
1456                 rc = -ENOMEM;
1457                 goto bad;
1458         }
1459         rc = next_entry(policydb_str, fp, len);
1460         if (rc < 0) {
1461                 printk(KERN_ERR "security:  truncated policydb string identifier\n");
1462                 kfree(policydb_str);
1463                 goto bad;
1464         }
1465         policydb_str[len] = 0;
1466         if (strcmp(policydb_str, POLICYDB_STRING)) {
1467                 printk(KERN_ERR "security:  policydb string %s does not match "
1468                        "my string %s\n", policydb_str, POLICYDB_STRING);
1469                 kfree(policydb_str);
1470                 goto bad;
1471         }
1472         /* Done with policydb_str. */
1473         kfree(policydb_str);
1474         policydb_str = NULL;
1475
1476         /* Read the version, config, and table sizes. */
1477         rc = next_entry(buf, fp, sizeof(u32)*4);
1478         if (rc < 0)
1479                 goto bad;
1480
1481         p->policyvers = le32_to_cpu(buf[0]);
1482         if (p->policyvers < POLICYDB_VERSION_MIN ||
1483             p->policyvers > POLICYDB_VERSION_MAX) {
1484                 printk(KERN_ERR "security:  policydb version %d does not match "
1485                        "my version range %d-%d\n",
1486                        le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1487                 goto bad;
1488         }
1489
1490         if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1491                 if (ss_initialized && !selinux_mls_enabled) {
1492                         printk(KERN_ERR "Cannot switch between non-MLS and MLS "
1493                                "policies\n");
1494                         goto bad;
1495                 }
1496                 selinux_mls_enabled = 1;
1497                 config |= POLICYDB_CONFIG_MLS;
1498
1499                 if (p->policyvers < POLICYDB_VERSION_MLS) {
1500                         printk(KERN_ERR "security policydb version %d (MLS) "
1501                                "not backwards compatible\n", p->policyvers);
1502                         goto bad;
1503                 }
1504         } else {
1505                 if (ss_initialized && selinux_mls_enabled) {
1506                         printk(KERN_ERR "Cannot switch between MLS and non-MLS "
1507                                "policies\n");
1508                         goto bad;
1509                 }
1510         }
1511
1512         info = policydb_lookup_compat(p->policyvers);
1513         if (!info) {
1514                 printk(KERN_ERR "security:  unable to find policy compat info "
1515                        "for version %d\n", p->policyvers);
1516                 goto bad;
1517         }
1518
1519         if (le32_to_cpu(buf[2]) != info->sym_num ||
1520                 le32_to_cpu(buf[3]) != info->ocon_num) {
1521                 printk(KERN_ERR "security:  policydb table sizes (%d,%d) do "
1522                        "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
1523                         le32_to_cpu(buf[3]),
1524                        info->sym_num, info->ocon_num);
1525                 goto bad;
1526         }
1527
1528         for (i = 0; i < info->sym_num; i++) {
1529                 rc = next_entry(buf, fp, sizeof(u32)*2);
1530                 if (rc < 0)
1531                         goto bad;
1532                 nprim = le32_to_cpu(buf[0]);
1533                 nel = le32_to_cpu(buf[1]);
1534                 for (j = 0; j < nel; j++) {
1535                         rc = read_f[i](p, p->symtab[i].table, fp);
1536                         if (rc)
1537                                 goto bad;
1538                 }
1539
1540                 p->symtab[i].nprim = nprim;
1541         }
1542
1543         rc = avtab_read(&p->te_avtab, fp, p->policyvers);
1544         if (rc)
1545                 goto bad;
1546
1547         if (p->policyvers >= POLICYDB_VERSION_BOOL) {
1548                 rc = cond_read_list(p, fp);
1549                 if (rc)
1550                         goto bad;
1551         }
1552
1553         rc = next_entry(buf, fp, sizeof(u32));
1554         if (rc < 0)
1555                 goto bad;
1556         nel = le32_to_cpu(buf[0]);
1557         ltr = NULL;
1558         for (i = 0; i < nel; i++) {
1559                 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
1560                 if (!tr) {
1561                         rc = -ENOMEM;
1562                         goto bad;
1563                 }
1564                 if (ltr) {
1565                         ltr->next = tr;
1566                 } else {
1567                         p->role_tr = tr;
1568                 }
1569                 rc = next_entry(buf, fp, sizeof(u32)*3);
1570                 if (rc < 0)
1571                         goto bad;
1572                 tr->role = le32_to_cpu(buf[0]);
1573                 tr->type = le32_to_cpu(buf[1]);
1574                 tr->new_role = le32_to_cpu(buf[2]);
1575                 ltr = tr;
1576         }
1577
1578         rc = next_entry(buf, fp, sizeof(u32));
1579         if (rc < 0)
1580                 goto bad;
1581         nel = le32_to_cpu(buf[0]);
1582         lra = NULL;
1583         for (i = 0; i < nel; i++) {
1584                 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
1585                 if (!ra) {
1586                         rc = -ENOMEM;
1587                         goto bad;
1588                 }
1589                 if (lra) {
1590                         lra->next = ra;
1591                 } else {
1592                         p->role_allow = ra;
1593                 }
1594                 rc = next_entry(buf, fp, sizeof(u32)*2);
1595                 if (rc < 0)
1596                         goto bad;
1597                 ra->role = le32_to_cpu(buf[0]);
1598                 ra->new_role = le32_to_cpu(buf[1]);
1599                 lra = ra;
1600         }
1601
1602         rc = policydb_index_classes(p);
1603         if (rc)
1604                 goto bad;
1605
1606         rc = policydb_index_others(p);
1607         if (rc)
1608                 goto bad;
1609
1610         for (i = 0; i < info->ocon_num; i++) {
1611                 rc = next_entry(buf, fp, sizeof(u32));
1612                 if (rc < 0)
1613                         goto bad;
1614                 nel = le32_to_cpu(buf[0]);
1615                 l = NULL;
1616                 for (j = 0; j < nel; j++) {
1617                         c = kzalloc(sizeof(*c), GFP_KERNEL);
1618                         if (!c) {
1619                                 rc = -ENOMEM;
1620                                 goto bad;
1621                         }
1622                         if (l) {
1623                                 l->next = c;
1624                         } else {
1625                                 p->ocontexts[i] = c;
1626                         }
1627                         l = c;
1628                         rc = -EINVAL;
1629                         switch (i) {
1630                         case OCON_ISID:
1631                                 rc = next_entry(buf, fp, sizeof(u32));
1632                                 if (rc < 0)
1633                                         goto bad;
1634                                 c->sid[0] = le32_to_cpu(buf[0]);
1635                                 rc = context_read_and_validate(&c->context[0], p, fp);
1636                                 if (rc)
1637                                         goto bad;
1638                                 break;
1639                         case OCON_FS:
1640                         case OCON_NETIF:
1641                                 rc = next_entry(buf, fp, sizeof(u32));
1642                                 if (rc < 0)
1643                                         goto bad;
1644                                 len = le32_to_cpu(buf[0]);
1645                                 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1646                                 if (!c->u.name) {
1647                                         rc = -ENOMEM;
1648                                         goto bad;
1649                                 }
1650                                 rc = next_entry(c->u.name, fp, len);
1651                                 if (rc < 0)
1652                                         goto bad;
1653                                 c->u.name[len] = 0;
1654                                 rc = context_read_and_validate(&c->context[0], p, fp);
1655                                 if (rc)
1656                                         goto bad;
1657                                 rc = context_read_and_validate(&c->context[1], p, fp);
1658                                 if (rc)
1659                                         goto bad;
1660                                 break;
1661                         case OCON_PORT:
1662                                 rc = next_entry(buf, fp, sizeof(u32)*3);
1663                                 if (rc < 0)
1664                                         goto bad;
1665                                 c->u.port.protocol = le32_to_cpu(buf[0]);
1666                                 c->u.port.low_port = le32_to_cpu(buf[1]);
1667                                 c->u.port.high_port = le32_to_cpu(buf[2]);
1668                                 rc = context_read_and_validate(&c->context[0], p, fp);
1669                                 if (rc)
1670                                         goto bad;
1671                                 break;
1672                         case OCON_NODE:
1673                                 rc = next_entry(buf, fp, sizeof(u32)* 2);
1674                                 if (rc < 0)
1675                                         goto bad;
1676                                 c->u.node.addr = le32_to_cpu(buf[0]);
1677                                 c->u.node.mask = le32_to_cpu(buf[1]);
1678                                 rc = context_read_and_validate(&c->context[0], p, fp);
1679                                 if (rc)
1680                                         goto bad;
1681                                 break;
1682                         case OCON_FSUSE:
1683                                 rc = next_entry(buf, fp, sizeof(u32)*2);
1684                                 if (rc < 0)
1685                                         goto bad;
1686                                 c->v.behavior = le32_to_cpu(buf[0]);
1687                                 if (c->v.behavior > SECURITY_FS_USE_NONE)
1688                                         goto bad;
1689                                 len = le32_to_cpu(buf[1]);
1690                                 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1691                                 if (!c->u.name) {
1692                                         rc = -ENOMEM;
1693                                         goto bad;
1694                                 }
1695                                 rc = next_entry(c->u.name, fp, len);
1696                                 if (rc < 0)
1697                                         goto bad;
1698                                 c->u.name[len] = 0;
1699                                 rc = context_read_and_validate(&c->context[0], p, fp);
1700                                 if (rc)
1701                                         goto bad;
1702                                 break;
1703                         case OCON_NODE6: {
1704                                 int k;
1705
1706                                 rc = next_entry(buf, fp, sizeof(u32) * 8);
1707                                 if (rc < 0)
1708                                         goto bad;
1709                                 for (k = 0; k < 4; k++)
1710                                         c->u.node6.addr[k] = le32_to_cpu(buf[k]);
1711                                 for (k = 0; k < 4; k++)
1712                                         c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
1713                                 if (context_read_and_validate(&c->context[0], p, fp))
1714                                         goto bad;
1715                                 break;
1716                         }
1717                         }
1718                 }
1719         }
1720
1721         rc = next_entry(buf, fp, sizeof(u32));
1722         if (rc < 0)
1723                 goto bad;
1724         nel = le32_to_cpu(buf[0]);
1725         genfs_p = NULL;
1726         rc = -EINVAL;
1727         for (i = 0; i < nel; i++) {
1728                 rc = next_entry(buf, fp, sizeof(u32));
1729                 if (rc < 0)
1730                         goto bad;
1731                 len = le32_to_cpu(buf[0]);
1732                 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1733                 if (!newgenfs) {
1734                         rc = -ENOMEM;
1735                         goto bad;
1736                 }
1737
1738                 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
1739                 if (!newgenfs->fstype) {
1740                         rc = -ENOMEM;
1741                         kfree(newgenfs);
1742                         goto bad;
1743                 }
1744                 rc = next_entry(newgenfs->fstype, fp, len);
1745                 if (rc < 0) {
1746                         kfree(newgenfs->fstype);
1747                         kfree(newgenfs);
1748                         goto bad;
1749                 }
1750                 newgenfs->fstype[len] = 0;
1751                 for (genfs_p = NULL, genfs = p->genfs; genfs;
1752                      genfs_p = genfs, genfs = genfs->next) {
1753                         if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1754                                 printk(KERN_ERR "security:  dup genfs "
1755                                        "fstype %s\n", newgenfs->fstype);
1756                                 kfree(newgenfs->fstype);
1757                                 kfree(newgenfs);
1758                                 goto bad;
1759                         }
1760                         if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1761                                 break;
1762                 }
1763                 newgenfs->next = genfs;
1764                 if (genfs_p)
1765                         genfs_p->next = newgenfs;
1766                 else
1767                         p->genfs = newgenfs;
1768                 rc = next_entry(buf, fp, sizeof(u32));
1769                 if (rc < 0)
1770                         goto bad;
1771                 nel2 = le32_to_cpu(buf[0]);
1772                 for (j = 0; j < nel2; j++) {
1773                         rc = next_entry(buf, fp, sizeof(u32));
1774                         if (rc < 0)
1775                                 goto bad;
1776                         len = le32_to_cpu(buf[0]);
1777
1778                         newc = kzalloc(sizeof(*newc), GFP_KERNEL);
1779                         if (!newc) {
1780                                 rc = -ENOMEM;
1781                                 goto bad;
1782                         }
1783
1784                         newc->u.name = kmalloc(len + 1,GFP_KERNEL);
1785                         if (!newc->u.name) {
1786                                 rc = -ENOMEM;
1787                                 goto bad_newc;
1788                         }
1789                         rc = next_entry(newc->u.name, fp, len);
1790                         if (rc < 0)
1791                                 goto bad_newc;
1792                         newc->u.name[len] = 0;
1793                         rc = next_entry(buf, fp, sizeof(u32));
1794                         if (rc < 0)
1795                                 goto bad_newc;
1796                         newc->v.sclass = le32_to_cpu(buf[0]);
1797                         if (context_read_and_validate(&newc->context[0], p, fp))
1798                                 goto bad_newc;
1799                         for (l = NULL, c = newgenfs->head; c;
1800                              l = c, c = c->next) {
1801                                 if (!strcmp(newc->u.name, c->u.name) &&
1802                                     (!c->v.sclass || !newc->v.sclass ||
1803                                      newc->v.sclass == c->v.sclass)) {
1804                                         printk(KERN_ERR "security:  dup genfs "
1805                                                "entry (%s,%s)\n",
1806                                                newgenfs->fstype, c->u.name);
1807                                         goto bad_newc;
1808                                 }
1809                                 len = strlen(newc->u.name);
1810                                 len2 = strlen(c->u.name);
1811                                 if (len > len2)
1812                                         break;
1813                         }
1814
1815                         newc->next = c;
1816                         if (l)
1817                                 l->next = newc;
1818                         else
1819                                 newgenfs->head = newc;
1820                 }
1821         }
1822
1823         if (p->policyvers >= POLICYDB_VERSION_MLS) {
1824                 rc = next_entry(buf, fp, sizeof(u32));
1825                 if (rc < 0)
1826                         goto bad;
1827                 nel = le32_to_cpu(buf[0]);
1828                 lrt = NULL;
1829                 for (i = 0; i < nel; i++) {
1830                         rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1831                         if (!rt) {
1832                                 rc = -ENOMEM;
1833                                 goto bad;
1834                         }
1835                         if (lrt)
1836                                 lrt->next = rt;
1837                         else
1838                                 p->range_tr = rt;
1839                         rc = next_entry(buf, fp, (sizeof(u32) * 2));
1840                         if (rc < 0)
1841                                 goto bad;
1842                         rt->dom = le32_to_cpu(buf[0]);
1843                         rt->type = le32_to_cpu(buf[1]);
1844                         rc = mls_read_range_helper(&rt->range, fp);
1845                         if (rc)
1846                                 goto bad;
1847                         lrt = rt;
1848                 }
1849         }
1850
1851         p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
1852         if (!p->type_attr_map)
1853                 goto bad;
1854
1855         for (i = 0; i < p->p_types.nprim; i++) {
1856                 ebitmap_init(&p->type_attr_map[i]);
1857                 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
1858                         if (ebitmap_read(&p->type_attr_map[i], fp))
1859                                 goto bad;
1860                 }
1861                 /* add the type itself as the degenerate case */
1862                 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
1863                                 goto bad;
1864         }
1865
1866         rc = 0;
1867 out:
1868         return rc;
1869 bad_newc:
1870         ocontext_destroy(newc,OCON_FSUSE);
1871 bad:
1872         if (!rc)
1873                 rc = -EINVAL;
1874         policydb_destroy(p);
1875         goto out;
1876 }