2 * Implementation of the policy database.
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 * Support for enhanced MLS infrastructure.
12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14 * Added conditional policy language extensions
16 * Updated: Hewlett-Packard <paul.moore@hp.com>
18 * Added support for the policy capability bitmap
20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
23 * This program is free software; you can redistribute it and/or modify
24 * it under the terms of the GNU General Public License as published by
25 * the Free Software Foundation, version 2.
28 #include <linux/kernel.h>
29 #include <linux/sched.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <linux/errno.h>
36 #include "conditional.h"
42 static char *symtab_name[SYM_NUM] = {
54 int selinux_mls_enabled;
56 static unsigned int symtab_sizes[SYM_NUM] = {
67 struct policydb_compat_info {
73 /* These need to be updated if SYM_NUM or OCON_NUM changes */
74 static struct policydb_compat_info policydb_compat[] = {
76 .version = POLICYDB_VERSION_BASE,
77 .sym_num = SYM_NUM - 3,
78 .ocon_num = OCON_NUM - 1,
81 .version = POLICYDB_VERSION_BOOL,
82 .sym_num = SYM_NUM - 2,
83 .ocon_num = OCON_NUM - 1,
86 .version = POLICYDB_VERSION_IPV6,
87 .sym_num = SYM_NUM - 2,
91 .version = POLICYDB_VERSION_NLCLASS,
92 .sym_num = SYM_NUM - 2,
96 .version = POLICYDB_VERSION_MLS,
101 .version = POLICYDB_VERSION_AVTAB,
103 .ocon_num = OCON_NUM,
106 .version = POLICYDB_VERSION_RANGETRANS,
108 .ocon_num = OCON_NUM,
111 .version = POLICYDB_VERSION_POLCAP,
113 .ocon_num = OCON_NUM,
116 .version = POLICYDB_VERSION_PERMISSIVE,
118 .ocon_num = OCON_NUM,
122 static struct policydb_compat_info *policydb_lookup_compat(int version)
125 struct policydb_compat_info *info = NULL;
127 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
128 if (policydb_compat[i].version == version) {
129 info = &policydb_compat[i];
137 * Initialize the role table.
139 static int roles_init(struct policydb *p)
143 struct role_datum *role;
145 role = kzalloc(sizeof(*role), GFP_KERNEL);
150 role->value = ++p->p_roles.nprim;
151 if (role->value != OBJECT_R_VAL) {
155 key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL);
160 strcpy(key, OBJECT_R);
161 rc = hashtab_insert(p->p_roles.table, key, role);
175 * Initialize a policy database structure.
177 static int policydb_init(struct policydb *p)
181 memset(p, 0, sizeof(*p));
183 for (i = 0; i < SYM_NUM; i++) {
184 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
186 goto out_free_symtab;
189 rc = avtab_init(&p->te_avtab);
191 goto out_free_symtab;
195 goto out_free_symtab;
197 rc = cond_policydb_init(p);
199 goto out_free_symtab;
201 ebitmap_init(&p->policycaps);
202 ebitmap_init(&p->permissive_map);
208 for (i = 0; i < SYM_NUM; i++)
209 hashtab_destroy(p->symtab[i].table);
214 * The following *_index functions are used to
215 * define the val_to_name and val_to_struct arrays
216 * in a policy database structure. The val_to_name
217 * arrays are used when converting security context
218 * structures into string representations. The
219 * val_to_struct arrays are used when the attributes
220 * of a class, role, or user are needed.
223 static int common_index(void *key, void *datum, void *datap)
226 struct common_datum *comdatum;
230 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
232 p->p_common_val_to_name[comdatum->value - 1] = key;
236 static int class_index(void *key, void *datum, void *datap)
239 struct class_datum *cladatum;
243 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
245 p->p_class_val_to_name[cladatum->value - 1] = key;
246 p->class_val_to_struct[cladatum->value - 1] = cladatum;
250 static int role_index(void *key, void *datum, void *datap)
253 struct role_datum *role;
257 if (!role->value || role->value > p->p_roles.nprim)
259 p->p_role_val_to_name[role->value - 1] = key;
260 p->role_val_to_struct[role->value - 1] = role;
264 static int type_index(void *key, void *datum, void *datap)
267 struct type_datum *typdatum;
272 if (typdatum->primary) {
273 if (!typdatum->value || typdatum->value > p->p_types.nprim)
275 p->p_type_val_to_name[typdatum->value - 1] = key;
281 static int user_index(void *key, void *datum, void *datap)
284 struct user_datum *usrdatum;
288 if (!usrdatum->value || usrdatum->value > p->p_users.nprim)
290 p->p_user_val_to_name[usrdatum->value - 1] = key;
291 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
295 static int sens_index(void *key, void *datum, void *datap)
298 struct level_datum *levdatum;
303 if (!levdatum->isalias) {
304 if (!levdatum->level->sens ||
305 levdatum->level->sens > p->p_levels.nprim)
307 p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
313 static int cat_index(void *key, void *datum, void *datap)
316 struct cat_datum *catdatum;
321 if (!catdatum->isalias) {
322 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
324 p->p_cat_val_to_name[catdatum->value - 1] = key;
330 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
343 * Define the common val_to_name array and the class
344 * val_to_name and val_to_struct arrays in a policy
345 * database structure.
347 * Caller must clean up upon failure.
349 static int policydb_index_classes(struct policydb *p)
353 p->p_common_val_to_name =
354 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
355 if (!p->p_common_val_to_name) {
360 rc = hashtab_map(p->p_commons.table, common_index, p);
364 p->class_val_to_struct =
365 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
366 if (!p->class_val_to_struct) {
371 p->p_class_val_to_name =
372 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
373 if (!p->p_class_val_to_name) {
378 rc = hashtab_map(p->p_classes.table, class_index, p);
384 static void symtab_hash_eval(struct symtab *s)
388 for (i = 0; i < SYM_NUM; i++) {
389 struct hashtab *h = s[i].table;
390 struct hashtab_info info;
392 hashtab_stat(h, &info);
393 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
394 "longest chain length %d\n", symtab_name[i], h->nel,
395 info.slots_used, h->size, info.max_chain_len);
401 * Define the other val_to_name and val_to_struct arrays
402 * in a policy database structure.
404 * Caller must clean up on failure.
406 static int policydb_index_others(struct policydb *p)
410 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
411 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
412 if (selinux_mls_enabled)
413 printk(", %d sens, %d cats", p->p_levels.nprim,
417 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
418 p->p_classes.nprim, p->te_avtab.nel);
421 avtab_hash_eval(&p->te_avtab, "rules");
422 symtab_hash_eval(p->symtab);
425 p->role_val_to_struct =
426 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
428 if (!p->role_val_to_struct) {
433 p->user_val_to_struct =
434 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
436 if (!p->user_val_to_struct) {
441 if (cond_init_bool_indexes(p)) {
446 for (i = SYM_ROLES; i < SYM_NUM; i++) {
447 p->sym_val_to_name[i] =
448 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
449 if (!p->sym_val_to_name[i]) {
453 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
463 * The following *_destroy functions are used to
464 * free any memory allocated for each kind of
465 * symbol data in the policy database.
468 static int perm_destroy(void *key, void *datum, void *p)
475 static int common_destroy(void *key, void *datum, void *p)
477 struct common_datum *comdatum;
481 hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
482 hashtab_destroy(comdatum->permissions.table);
487 static int cls_destroy(void *key, void *datum, void *p)
489 struct class_datum *cladatum;
490 struct constraint_node *constraint, *ctemp;
491 struct constraint_expr *e, *etmp;
495 hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
496 hashtab_destroy(cladatum->permissions.table);
497 constraint = cladatum->constraints;
499 e = constraint->expr;
501 ebitmap_destroy(&e->names);
507 constraint = constraint->next;
511 constraint = cladatum->validatetrans;
513 e = constraint->expr;
515 ebitmap_destroy(&e->names);
521 constraint = constraint->next;
525 kfree(cladatum->comkey);
530 static int role_destroy(void *key, void *datum, void *p)
532 struct role_datum *role;
536 ebitmap_destroy(&role->dominates);
537 ebitmap_destroy(&role->types);
542 static int type_destroy(void *key, void *datum, void *p)
549 static int user_destroy(void *key, void *datum, void *p)
551 struct user_datum *usrdatum;
555 ebitmap_destroy(&usrdatum->roles);
556 ebitmap_destroy(&usrdatum->range.level[0].cat);
557 ebitmap_destroy(&usrdatum->range.level[1].cat);
558 ebitmap_destroy(&usrdatum->dfltlevel.cat);
563 static int sens_destroy(void *key, void *datum, void *p)
565 struct level_datum *levdatum;
569 ebitmap_destroy(&levdatum->level->cat);
570 kfree(levdatum->level);
575 static int cat_destroy(void *key, void *datum, void *p)
582 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
594 static void ocontext_destroy(struct ocontext *c, int i)
596 context_destroy(&c->context[0]);
597 context_destroy(&c->context[1]);
598 if (i == OCON_ISID || i == OCON_FS ||
599 i == OCON_NETIF || i == OCON_FSUSE)
605 * Free any memory allocated by a policy database structure.
607 void policydb_destroy(struct policydb *p)
609 struct ocontext *c, *ctmp;
610 struct genfs *g, *gtmp;
612 struct role_allow *ra, *lra = NULL;
613 struct role_trans *tr, *ltr = NULL;
614 struct range_trans *rt, *lrt = NULL;
616 for (i = 0; i < SYM_NUM; i++) {
618 hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
619 hashtab_destroy(p->symtab[i].table);
622 for (i = 0; i < SYM_NUM; i++)
623 kfree(p->sym_val_to_name[i]);
625 kfree(p->class_val_to_struct);
626 kfree(p->role_val_to_struct);
627 kfree(p->user_val_to_struct);
629 avtab_destroy(&p->te_avtab);
631 for (i = 0; i < OCON_NUM; i++) {
637 ocontext_destroy(ctmp, i);
639 p->ocontexts[i] = NULL;
650 ocontext_destroy(ctmp, OCON_FSUSE);
658 cond_policydb_destroy(p);
660 for (tr = p->role_tr; tr; tr = tr->next) {
667 for (ra = p->role_allow; ra; ra = ra->next) {
674 for (rt = p->range_tr; rt; rt = rt->next) {
677 ebitmap_destroy(&lrt->target_range.level[0].cat);
678 ebitmap_destroy(&lrt->target_range.level[1].cat);
684 ebitmap_destroy(&lrt->target_range.level[0].cat);
685 ebitmap_destroy(&lrt->target_range.level[1].cat);
689 if (p->type_attr_map) {
690 for (i = 0; i < p->p_types.nprim; i++)
691 ebitmap_destroy(&p->type_attr_map[i]);
693 kfree(p->type_attr_map);
694 kfree(p->undefined_perms);
695 ebitmap_destroy(&p->policycaps);
696 ebitmap_destroy(&p->permissive_map);
702 * Load the initial SIDs specified in a policy database
703 * structure into a SID table.
705 int policydb_load_isids(struct policydb *p, struct sidtab *s)
707 struct ocontext *head, *c;
712 printk(KERN_ERR "SELinux: out of memory on SID table init\n");
716 head = p->ocontexts[OCON_ISID];
717 for (c = head; c; c = c->next) {
718 if (!c->context[0].user) {
719 printk(KERN_ERR "SELinux: SID %s was never "
720 "defined.\n", c->u.name);
724 if (sidtab_insert(s, c->sid[0], &c->context[0])) {
725 printk(KERN_ERR "SELinux: unable to load initial "
726 "SID %s.\n", c->u.name);
735 int policydb_class_isvalid(struct policydb *p, unsigned int class)
737 if (!class || class > p->p_classes.nprim)
742 int policydb_role_isvalid(struct policydb *p, unsigned int role)
744 if (!role || role > p->p_roles.nprim)
749 int policydb_type_isvalid(struct policydb *p, unsigned int type)
751 if (!type || type > p->p_types.nprim)
757 * Return 1 if the fields in the security context
758 * structure `c' are valid. Return 0 otherwise.
760 int policydb_context_isvalid(struct policydb *p, struct context *c)
762 struct role_datum *role;
763 struct user_datum *usrdatum;
765 if (!c->role || c->role > p->p_roles.nprim)
768 if (!c->user || c->user > p->p_users.nprim)
771 if (!c->type || c->type > p->p_types.nprim)
774 if (c->role != OBJECT_R_VAL) {
776 * Role must be authorized for the type.
778 role = p->role_val_to_struct[c->role - 1];
779 if (!ebitmap_get_bit(&role->types,
781 /* role may not be associated with type */
785 * User must be authorized for the role.
787 usrdatum = p->user_val_to_struct[c->user - 1];
791 if (!ebitmap_get_bit(&usrdatum->roles,
793 /* user may not be associated with role */
797 if (!mls_context_isvalid(p, c))
804 * Read a MLS range structure from a policydb binary
805 * representation file.
807 static int mls_read_range_helper(struct mls_range *r, void *fp)
813 rc = next_entry(buf, fp, sizeof(u32));
817 items = le32_to_cpu(buf[0]);
818 if (items > ARRAY_SIZE(buf)) {
819 printk(KERN_ERR "SELinux: mls: range overflow\n");
823 rc = next_entry(buf, fp, sizeof(u32) * items);
825 printk(KERN_ERR "SELinux: mls: truncated range\n");
828 r->level[0].sens = le32_to_cpu(buf[0]);
830 r->level[1].sens = le32_to_cpu(buf[1]);
832 r->level[1].sens = r->level[0].sens;
834 rc = ebitmap_read(&r->level[0].cat, fp);
836 printk(KERN_ERR "SELinux: mls: error reading low "
841 rc = ebitmap_read(&r->level[1].cat, fp);
843 printk(KERN_ERR "SELinux: mls: error reading high "
848 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
850 printk(KERN_ERR "SELinux: mls: out of memory\n");
859 ebitmap_destroy(&r->level[0].cat);
864 * Read and validate a security context structure
865 * from a policydb binary representation file.
867 static int context_read_and_validate(struct context *c,
874 rc = next_entry(buf, fp, sizeof buf);
876 printk(KERN_ERR "SELinux: context truncated\n");
879 c->user = le32_to_cpu(buf[0]);
880 c->role = le32_to_cpu(buf[1]);
881 c->type = le32_to_cpu(buf[2]);
882 if (p->policyvers >= POLICYDB_VERSION_MLS) {
883 if (mls_read_range_helper(&c->range, fp)) {
884 printk(KERN_ERR "SELinux: error reading MLS range of "
891 if (!policydb_context_isvalid(p, c)) {
892 printk(KERN_ERR "SELinux: invalid security context\n");
901 * The following *_read functions are used to
902 * read the symbol data from a policy database
903 * binary representation file.
906 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
909 struct perm_datum *perdatum;
914 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
920 rc = next_entry(buf, fp, sizeof buf);
924 len = le32_to_cpu(buf[0]);
925 perdatum->value = le32_to_cpu(buf[1]);
927 key = kmalloc(len + 1, GFP_KERNEL);
932 rc = next_entry(key, fp, len);
937 rc = hashtab_insert(h, key, perdatum);
943 perm_destroy(key, perdatum, NULL);
947 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
950 struct common_datum *comdatum;
955 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
961 rc = next_entry(buf, fp, sizeof buf);
965 len = le32_to_cpu(buf[0]);
966 comdatum->value = le32_to_cpu(buf[1]);
968 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
971 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
972 nel = le32_to_cpu(buf[3]);
974 key = kmalloc(len + 1, GFP_KERNEL);
979 rc = next_entry(key, fp, len);
984 for (i = 0; i < nel; i++) {
985 rc = perm_read(p, comdatum->permissions.table, fp);
990 rc = hashtab_insert(h, key, comdatum);
996 common_destroy(key, comdatum, NULL);
1000 static int read_cons_helper(struct constraint_node **nodep, int ncons,
1001 int allowxtarget, void *fp)
1003 struct constraint_node *c, *lc;
1004 struct constraint_expr *e, *le;
1007 int rc, i, j, depth;
1010 for (i = 0; i < ncons; i++) {
1011 c = kzalloc(sizeof(*c), GFP_KERNEL);
1020 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1023 c->permissions = le32_to_cpu(buf[0]);
1024 nexpr = le32_to_cpu(buf[1]);
1027 for (j = 0; j < nexpr; j++) {
1028 e = kzalloc(sizeof(*e), GFP_KERNEL);
1037 rc = next_entry(buf, fp, (sizeof(u32) * 3));
1040 e->expr_type = le32_to_cpu(buf[0]);
1041 e->attr = le32_to_cpu(buf[1]);
1042 e->op = le32_to_cpu(buf[2]);
1044 switch (e->expr_type) {
1056 if (depth == (CEXPR_MAXDEPTH - 1))
1061 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1063 if (depth == (CEXPR_MAXDEPTH - 1))
1066 if (ebitmap_read(&e->names, fp))
1082 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1085 struct class_datum *cladatum;
1087 u32 len, len2, ncons, nel;
1090 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1096 rc = next_entry(buf, fp, sizeof(u32)*6);
1100 len = le32_to_cpu(buf[0]);
1101 len2 = le32_to_cpu(buf[1]);
1102 cladatum->value = le32_to_cpu(buf[2]);
1104 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1107 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1108 nel = le32_to_cpu(buf[4]);
1110 ncons = le32_to_cpu(buf[5]);
1112 key = kmalloc(len + 1, GFP_KERNEL);
1117 rc = next_entry(key, fp, len);
1123 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
1124 if (!cladatum->comkey) {
1128 rc = next_entry(cladatum->comkey, fp, len2);
1131 cladatum->comkey[len2] = 0;
1133 cladatum->comdatum = hashtab_search(p->p_commons.table,
1135 if (!cladatum->comdatum) {
1136 printk(KERN_ERR "SELinux: unknown common %s\n",
1142 for (i = 0; i < nel; i++) {
1143 rc = perm_read(p, cladatum->permissions.table, fp);
1148 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1152 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1153 /* grab the validatetrans rules */
1154 rc = next_entry(buf, fp, sizeof(u32));
1157 ncons = le32_to_cpu(buf[0]);
1158 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1163 rc = hashtab_insert(h, key, cladatum);
1171 cls_destroy(key, cladatum, NULL);
1175 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1178 struct role_datum *role;
1183 role = kzalloc(sizeof(*role), GFP_KERNEL);
1189 rc = next_entry(buf, fp, sizeof buf);
1193 len = le32_to_cpu(buf[0]);
1194 role->value = le32_to_cpu(buf[1]);
1196 key = kmalloc(len + 1, GFP_KERNEL);
1201 rc = next_entry(key, fp, len);
1206 rc = ebitmap_read(&role->dominates, fp);
1210 rc = ebitmap_read(&role->types, fp);
1214 if (strcmp(key, OBJECT_R) == 0) {
1215 if (role->value != OBJECT_R_VAL) {
1216 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
1217 OBJECT_R, role->value);
1225 rc = hashtab_insert(h, key, role);
1231 role_destroy(key, role, NULL);
1235 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1238 struct type_datum *typdatum;
1243 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1249 rc = next_entry(buf, fp, sizeof buf);
1253 len = le32_to_cpu(buf[0]);
1254 typdatum->value = le32_to_cpu(buf[1]);
1255 typdatum->primary = le32_to_cpu(buf[2]);
1257 key = kmalloc(len + 1, GFP_KERNEL);
1262 rc = next_entry(key, fp, len);
1267 rc = hashtab_insert(h, key, typdatum);
1273 type_destroy(key, typdatum, NULL);
1279 * Read a MLS level structure from a policydb binary
1280 * representation file.
1282 static int mls_read_level(struct mls_level *lp, void *fp)
1287 memset(lp, 0, sizeof(*lp));
1289 rc = next_entry(buf, fp, sizeof buf);
1291 printk(KERN_ERR "SELinux: mls: truncated level\n");
1294 lp->sens = le32_to_cpu(buf[0]);
1296 if (ebitmap_read(&lp->cat, fp)) {
1297 printk(KERN_ERR "SELinux: mls: error reading level "
1308 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1311 struct user_datum *usrdatum;
1316 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1322 rc = next_entry(buf, fp, sizeof buf);
1326 len = le32_to_cpu(buf[0]);
1327 usrdatum->value = le32_to_cpu(buf[1]);
1329 key = kmalloc(len + 1, GFP_KERNEL);
1334 rc = next_entry(key, fp, len);
1339 rc = ebitmap_read(&usrdatum->roles, fp);
1343 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1344 rc = mls_read_range_helper(&usrdatum->range, fp);
1347 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1352 rc = hashtab_insert(h, key, usrdatum);
1358 user_destroy(key, usrdatum, NULL);
1362 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1365 struct level_datum *levdatum;
1370 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1376 rc = next_entry(buf, fp, sizeof buf);
1380 len = le32_to_cpu(buf[0]);
1381 levdatum->isalias = le32_to_cpu(buf[1]);
1383 key = kmalloc(len + 1, GFP_ATOMIC);
1388 rc = next_entry(key, fp, len);
1393 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1394 if (!levdatum->level) {
1398 if (mls_read_level(levdatum->level, fp)) {
1403 rc = hashtab_insert(h, key, levdatum);
1409 sens_destroy(key, levdatum, NULL);
1413 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1416 struct cat_datum *catdatum;
1421 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1427 rc = next_entry(buf, fp, sizeof buf);
1431 len = le32_to_cpu(buf[0]);
1432 catdatum->value = le32_to_cpu(buf[1]);
1433 catdatum->isalias = le32_to_cpu(buf[2]);
1435 key = kmalloc(len + 1, GFP_ATOMIC);
1440 rc = next_entry(key, fp, len);
1445 rc = hashtab_insert(h, key, catdatum);
1452 cat_destroy(key, catdatum, NULL);
1456 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1468 extern int ss_initialized;
1471 * Read the configuration data from a policy database binary
1472 * representation file into a policy database structure.
1474 int policydb_read(struct policydb *p, void *fp)
1476 struct role_allow *ra, *lra;
1477 struct role_trans *tr, *ltr;
1478 struct ocontext *l, *c, *newc;
1479 struct genfs *genfs_p, *genfs, *newgenfs;
1482 u32 len, len2, config, nprim, nel, nel2;
1484 struct policydb_compat_info *info;
1485 struct range_trans *rt, *lrt;
1489 rc = policydb_init(p);
1493 /* Read the magic number and string length. */
1494 rc = next_entry(buf, fp, sizeof(u32) * 2);
1498 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
1499 printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
1500 "not match expected magic number 0x%x\n",
1501 le32_to_cpu(buf[0]), POLICYDB_MAGIC);
1505 len = le32_to_cpu(buf[1]);
1506 if (len != strlen(POLICYDB_STRING)) {
1507 printk(KERN_ERR "SELinux: policydb string length %d does not "
1508 "match expected length %Zu\n",
1509 len, strlen(POLICYDB_STRING));
1512 policydb_str = kmalloc(len + 1, GFP_KERNEL);
1513 if (!policydb_str) {
1514 printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
1515 "string of length %d\n", len);
1519 rc = next_entry(policydb_str, fp, len);
1521 printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
1522 kfree(policydb_str);
1525 policydb_str[len] = 0;
1526 if (strcmp(policydb_str, POLICYDB_STRING)) {
1527 printk(KERN_ERR "SELinux: policydb string %s does not match "
1528 "my string %s\n", policydb_str, POLICYDB_STRING);
1529 kfree(policydb_str);
1532 /* Done with policydb_str. */
1533 kfree(policydb_str);
1534 policydb_str = NULL;
1536 /* Read the version, config, and table sizes. */
1537 rc = next_entry(buf, fp, sizeof(u32)*4);
1541 p->policyvers = le32_to_cpu(buf[0]);
1542 if (p->policyvers < POLICYDB_VERSION_MIN ||
1543 p->policyvers > POLICYDB_VERSION_MAX) {
1544 printk(KERN_ERR "SELinux: policydb version %d does not match "
1545 "my version range %d-%d\n",
1546 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1550 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1551 if (ss_initialized && !selinux_mls_enabled) {
1552 printk(KERN_ERR "SELinux: Cannot switch between non-MLS"
1553 " and MLS policies\n");
1556 selinux_mls_enabled = 1;
1557 config |= POLICYDB_CONFIG_MLS;
1559 if (p->policyvers < POLICYDB_VERSION_MLS) {
1560 printk(KERN_ERR "SELinux: security policydb version %d "
1561 "(MLS) not backwards compatible\n",
1566 if (ss_initialized && selinux_mls_enabled) {
1567 printk(KERN_ERR "SELinux: Cannot switch between MLS and"
1568 " non-MLS policies\n");
1572 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
1573 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
1575 if (p->policyvers >= POLICYDB_VERSION_POLCAP &&
1576 ebitmap_read(&p->policycaps, fp) != 0)
1579 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
1580 ebitmap_read(&p->permissive_map, fp) != 0)
1583 info = policydb_lookup_compat(p->policyvers);
1585 printk(KERN_ERR "SELinux: unable to find policy compat info "
1586 "for version %d\n", p->policyvers);
1590 if (le32_to_cpu(buf[2]) != info->sym_num ||
1591 le32_to_cpu(buf[3]) != info->ocon_num) {
1592 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
1593 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
1594 le32_to_cpu(buf[3]),
1595 info->sym_num, info->ocon_num);
1599 for (i = 0; i < info->sym_num; i++) {
1600 rc = next_entry(buf, fp, sizeof(u32)*2);
1603 nprim = le32_to_cpu(buf[0]);
1604 nel = le32_to_cpu(buf[1]);
1605 for (j = 0; j < nel; j++) {
1606 rc = read_f[i](p, p->symtab[i].table, fp);
1611 p->symtab[i].nprim = nprim;
1614 rc = avtab_read(&p->te_avtab, fp, p);
1618 if (p->policyvers >= POLICYDB_VERSION_BOOL) {
1619 rc = cond_read_list(p, fp);
1624 rc = next_entry(buf, fp, sizeof(u32));
1627 nel = le32_to_cpu(buf[0]);
1629 for (i = 0; i < nel; i++) {
1630 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
1639 rc = next_entry(buf, fp, sizeof(u32)*3);
1642 tr->role = le32_to_cpu(buf[0]);
1643 tr->type = le32_to_cpu(buf[1]);
1644 tr->new_role = le32_to_cpu(buf[2]);
1645 if (!policydb_role_isvalid(p, tr->role) ||
1646 !policydb_type_isvalid(p, tr->type) ||
1647 !policydb_role_isvalid(p, tr->new_role)) {
1654 rc = next_entry(buf, fp, sizeof(u32));
1657 nel = le32_to_cpu(buf[0]);
1659 for (i = 0; i < nel; i++) {
1660 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
1669 rc = next_entry(buf, fp, sizeof(u32)*2);
1672 ra->role = le32_to_cpu(buf[0]);
1673 ra->new_role = le32_to_cpu(buf[1]);
1674 if (!policydb_role_isvalid(p, ra->role) ||
1675 !policydb_role_isvalid(p, ra->new_role)) {
1682 rc = policydb_index_classes(p);
1686 rc = policydb_index_others(p);
1690 for (i = 0; i < info->ocon_num; i++) {
1691 rc = next_entry(buf, fp, sizeof(u32));
1694 nel = le32_to_cpu(buf[0]);
1696 for (j = 0; j < nel; j++) {
1697 c = kzalloc(sizeof(*c), GFP_KERNEL);
1705 p->ocontexts[i] = c;
1710 rc = next_entry(buf, fp, sizeof(u32));
1713 c->sid[0] = le32_to_cpu(buf[0]);
1714 rc = context_read_and_validate(&c->context[0], p, fp);
1720 rc = next_entry(buf, fp, sizeof(u32));
1723 len = le32_to_cpu(buf[0]);
1724 c->u.name = kmalloc(len + 1, GFP_KERNEL);
1729 rc = next_entry(c->u.name, fp, len);
1733 rc = context_read_and_validate(&c->context[0], p, fp);
1736 rc = context_read_and_validate(&c->context[1], p, fp);
1741 rc = next_entry(buf, fp, sizeof(u32)*3);
1744 c->u.port.protocol = le32_to_cpu(buf[0]);
1745 c->u.port.low_port = le32_to_cpu(buf[1]);
1746 c->u.port.high_port = le32_to_cpu(buf[2]);
1747 rc = context_read_and_validate(&c->context[0], p, fp);
1752 rc = next_entry(buf, fp, sizeof(u32) * 2);
1755 c->u.node.addr = le32_to_cpu(buf[0]);
1756 c->u.node.mask = le32_to_cpu(buf[1]);
1757 rc = context_read_and_validate(&c->context[0], p, fp);
1762 rc = next_entry(buf, fp, sizeof(u32)*2);
1765 c->v.behavior = le32_to_cpu(buf[0]);
1766 if (c->v.behavior > SECURITY_FS_USE_NONE)
1768 len = le32_to_cpu(buf[1]);
1769 c->u.name = kmalloc(len + 1, GFP_KERNEL);
1774 rc = next_entry(c->u.name, fp, len);
1778 rc = context_read_and_validate(&c->context[0], p, fp);
1785 rc = next_entry(buf, fp, sizeof(u32) * 8);
1788 for (k = 0; k < 4; k++)
1789 c->u.node6.addr[k] = le32_to_cpu(buf[k]);
1790 for (k = 0; k < 4; k++)
1791 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
1792 if (context_read_and_validate(&c->context[0], p, fp))
1800 rc = next_entry(buf, fp, sizeof(u32));
1803 nel = le32_to_cpu(buf[0]);
1806 for (i = 0; i < nel; i++) {
1807 rc = next_entry(buf, fp, sizeof(u32));
1810 len = le32_to_cpu(buf[0]);
1811 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1817 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL);
1818 if (!newgenfs->fstype) {
1823 rc = next_entry(newgenfs->fstype, fp, len);
1825 kfree(newgenfs->fstype);
1829 newgenfs->fstype[len] = 0;
1830 for (genfs_p = NULL, genfs = p->genfs; genfs;
1831 genfs_p = genfs, genfs = genfs->next) {
1832 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1833 printk(KERN_ERR "SELinux: dup genfs "
1834 "fstype %s\n", newgenfs->fstype);
1835 kfree(newgenfs->fstype);
1839 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1842 newgenfs->next = genfs;
1844 genfs_p->next = newgenfs;
1846 p->genfs = newgenfs;
1847 rc = next_entry(buf, fp, sizeof(u32));
1850 nel2 = le32_to_cpu(buf[0]);
1851 for (j = 0; j < nel2; j++) {
1852 rc = next_entry(buf, fp, sizeof(u32));
1855 len = le32_to_cpu(buf[0]);
1857 newc = kzalloc(sizeof(*newc), GFP_KERNEL);
1863 newc->u.name = kmalloc(len + 1, GFP_KERNEL);
1864 if (!newc->u.name) {
1868 rc = next_entry(newc->u.name, fp, len);
1871 newc->u.name[len] = 0;
1872 rc = next_entry(buf, fp, sizeof(u32));
1875 newc->v.sclass = le32_to_cpu(buf[0]);
1876 if (context_read_and_validate(&newc->context[0], p, fp))
1878 for (l = NULL, c = newgenfs->head; c;
1879 l = c, c = c->next) {
1880 if (!strcmp(newc->u.name, c->u.name) &&
1881 (!c->v.sclass || !newc->v.sclass ||
1882 newc->v.sclass == c->v.sclass)) {
1883 printk(KERN_ERR "SELinux: dup genfs "
1885 newgenfs->fstype, c->u.name);
1888 len = strlen(newc->u.name);
1889 len2 = strlen(c->u.name);
1898 newgenfs->head = newc;
1902 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1903 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS;
1904 rc = next_entry(buf, fp, sizeof(u32));
1907 nel = le32_to_cpu(buf[0]);
1909 for (i = 0; i < nel; i++) {
1910 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1919 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1922 rt->source_type = le32_to_cpu(buf[0]);
1923 rt->target_type = le32_to_cpu(buf[1]);
1925 rc = next_entry(buf, fp, sizeof(u32));
1928 rt->target_class = le32_to_cpu(buf[0]);
1930 rt->target_class = SECCLASS_PROCESS;
1931 if (!policydb_type_isvalid(p, rt->source_type) ||
1932 !policydb_type_isvalid(p, rt->target_type) ||
1933 !policydb_class_isvalid(p, rt->target_class)) {
1937 rc = mls_read_range_helper(&rt->target_range, fp);
1940 if (!mls_range_isvalid(p, &rt->target_range)) {
1941 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
1948 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
1949 if (!p->type_attr_map)
1952 for (i = 0; i < p->p_types.nprim; i++) {
1953 ebitmap_init(&p->type_attr_map[i]);
1954 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
1955 if (ebitmap_read(&p->type_attr_map[i], fp))
1958 /* add the type itself as the degenerate case */
1959 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
1967 ocontext_destroy(newc, OCON_FSUSE);
1971 policydb_destroy(p);