1
/*
2
 * Implementation of the policy database.
3
 *
4
 * Author : Stephen Smalley, <[email protected]>
5
 */
6

7
/*
8
 * Updated: Trusted Computer Solutions, Inc. <[email protected]>
9
 *
10
 *	Support for enhanced MLS infrastructure.
11
 *
12
 * Updated: Frank Mayer <[email protected]> and Karl MacMillan <[email protected]>
13
 *
14
 *	Added conditional policy language extensions
15
 *
16
 * Updated: Hewlett-Packard <[email protected]>
17
 *
18
 *      Added support for the policy capability bitmap
19
 *
20
 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
21
 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
22
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
23
 *	This program is free software; you can redistribute it and/or modify
24
 *	it under the terms of the GNU General Public License as published by
25
 *	the Free Software Foundation, version 2.
26
 */
27

28
#include <linux/kernel.h>
29
#include <linux/sched.h>
30
#include <linux/slab.h>
31
#include <linux/string.h>
32
#include <linux/errno.h>
33
#include <linux/audit.h>
34
#include <linux/flex_array.h>
35
#include "security.h"
36

37
#include "policydb.h"
38
#include "conditional.h"
39
#include "mls.h"
40
#include "services.h"
41

42
#define _DEBUG_HASHES
43

44
#ifdef DEBUG_HASHES
45
static const char *symtab_name[SYM_NUM] = {
46
	"common prefixes",
47
	"classes",
48
	"roles",
49
	"types",
50
	"users",
51
	"bools",
52
	"levels",
53
	"categories",
54
};
55
#endif
56

57
static unsigned int symtab_sizes[SYM_NUM] = {
58
	2,
59
	32,
60
	16,
61
	512,
62
	128,
63
	16,
64
	16,
65
	16,
66
};
67

68
struct policydb_compat_info {
69
	int version;
70
	int sym_num;
71
	int ocon_num;
72
};
73

74
/* These need to be updated if SYM_NUM or OCON_NUM changes */
75
static struct policydb_compat_info policydb_compat[] = {
76
	{
77
		.version	= POLICYDB_VERSION_BASE,
78
		.sym_num	= SYM_NUM - 3,
79
		.ocon_num	= OCON_NUM - 1,
80
	},
81
	{
82
		.version	= POLICYDB_VERSION_BOOL,
83
		.sym_num	= SYM_NUM - 2,
84
		.ocon_num	= OCON_NUM - 1,
85
	},
86
	{
87
		.version	= POLICYDB_VERSION_IPV6,
88
		.sym_num	= SYM_NUM - 2,
89
		.ocon_num	= OCON_NUM,
90
	},
91
	{
92
		.version	= POLICYDB_VERSION_NLCLASS,
93
		.sym_num	= SYM_NUM - 2,
94
		.ocon_num	= OCON_NUM,
95
	},
96
	{
97
		.version	= POLICYDB_VERSION_MLS,
98
		.sym_num	= SYM_NUM,
99
		.ocon_num	= OCON_NUM,
100
	},
101
	{
102
		.version	= POLICYDB_VERSION_AVTAB,
103
		.sym_num	= SYM_NUM,
104
		.ocon_num	= OCON_NUM,
105
	},
106
	{
107
		.version	= POLICYDB_VERSION_RANGETRANS,
108
		.sym_num	= SYM_NUM,
109
		.ocon_num	= OCON_NUM,
110
	},
111
	{
112
		.version	= POLICYDB_VERSION_POLCAP,
113
		.sym_num	= SYM_NUM,
114
		.ocon_num	= OCON_NUM,
115
	},
116
	{
117
		.version	= POLICYDB_VERSION_PERMISSIVE,
118
		.sym_num	= SYM_NUM,
119
		.ocon_num	= OCON_NUM,
120
	},
121
	{
122
		.version	= POLICYDB_VERSION_BOUNDARY,
123
		.sym_num	= SYM_NUM,
124
		.ocon_num	= OCON_NUM,
125
	},
126
	{
127
		.version	= POLICYDB_VERSION_FILENAME_TRANS,
128
		.sym_num	= SYM_NUM,
129
		.ocon_num	= OCON_NUM,
130
	},
131
	{
132
		.version	= POLICYDB_VERSION_ROLETRANS,
133
		.sym_num	= SYM_NUM,
134
		.ocon_num	= OCON_NUM,
135
	},
136
};
137

138
static struct policydb_compat_info *policydb_lookup_compat(int version)
139
{
140
	int i;
141
	struct policydb_compat_info *info = NULL;
142

143
	for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
144
		if (policydb_compat[i].version == version) {
145
			info = &policydb_compat[i];
146
			break;
147
		}
148
	}
149
	return info;
150
}
151

152
/*
153
 * Initialize the role table.
154
 */
155
static int roles_init(struct policydb *p)
156
{
157
	char *key = NULL;
158
	int rc;
159
	struct role_datum *role;
160

161
	rc = -ENOMEM;
162
	role = kzalloc(sizeof(*role), GFP_KERNEL);
163
	if (!role)
164
		goto out;
165

166
	rc = -EINVAL;
167
	role->value = ++p->p_roles.nprim;
168
	if (role->value != OBJECT_R_VAL)
169
		goto out;
170

171
	rc = -ENOMEM;
172
	key = kstrdup(OBJECT_R, GFP_KERNEL);
173
	if (!key)
174
		goto out;
175

176
	rc = hashtab_insert(p->p_roles.table, key, role);
177
	if (rc)
178
		goto out;
179

180
	return 0;
181
out:
182
	kfree(key);
183
	kfree(role);
184
	return rc;
185
}
186

187
static u32 filenametr_hash(struct hashtab *h, const void *k)
188
{
189
	const struct filename_trans *ft = k;
190
	unsigned long hash;
191
	unsigned int byte_num;
192
	unsigned char focus;
193

194
	hash = ft->stype ^ ft->ttype ^ ft->tclass;
195

196
	byte_num = 0;
197
	while ((focus = ft->name[byte_num++]))
198
		hash = partial_name_hash(focus, hash);
199
	return hash & (h->size - 1);
200
}
201

202
static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2)
203
{
204
	const struct filename_trans *ft1 = k1;
205
	const struct filename_trans *ft2 = k2;
206
	int v;
207

208
	v = ft1->stype - ft2->stype;
209
	if (v)
210
		return v;
211

212
	v = ft1->ttype - ft2->ttype;
213
	if (v)
214
		return v;
215

216
	v = ft1->tclass - ft2->tclass;
217
	if (v)
218
		return v;
219

220
	return strcmp(ft1->name, ft2->name);
221

222
}
223

224
static u32 rangetr_hash(struct hashtab *h, const void *k)
225
{
226
	const struct range_trans *key = k;
227
	return (key->source_type + (key->target_type << 3) +
228
		(key->target_class << 5)) & (h->size - 1);
229
}
230

231
static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
232
{
233
	const struct range_trans *key1 = k1, *key2 = k2;
234
	int v;
235

236
	v = key1->source_type - key2->source_type;
237
	if (v)
238
		return v;
239

240
	v = key1->target_type - key2->target_type;
241
	if (v)
242
		return v;
243

244
	v = key1->target_class - key2->target_class;
245

246
	return v;
247
}
248

249
/*
250
 * Initialize a policy database structure.
251
 */
252
static int policydb_init(struct policydb *p)
253
{
254
	int i, rc;
255

256
	memset(p, 0, sizeof(*p));
257

258
	for (i = 0; i < SYM_NUM; i++) {
259
		rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
260
		if (rc)
261
			goto out;
262
	}
263

264
	rc = avtab_init(&p->te_avtab);
265
	if (rc)
266
		goto out;
267

268
	rc = roles_init(p);
269
	if (rc)
270
		goto out;
271

272
	rc = cond_policydb_init(p);
273
	if (rc)
274
		goto out;
275

276
	p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
277
	if (!p->filename_trans)
278
		goto out;
279

280
	p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
281
	if (!p->range_tr)
282
		goto out;
283

284
	ebitmap_init(&p->filename_trans_ttypes);
285
	ebitmap_init(&p->policycaps);
286
	ebitmap_init(&p->permissive_map);
287

288
	return 0;
289
out:
290
	hashtab_destroy(p->filename_trans);
291
	hashtab_destroy(p->range_tr);
292
	for (i = 0; i < SYM_NUM; i++)
293
		hashtab_destroy(p->symtab[i].table);
294
	return rc;
295
}
296

297
/*
298
 * The following *_index functions are used to
299
 * define the val_to_name and val_to_struct arrays
300
 * in a policy database structure.  The val_to_name
301
 * arrays are used when converting security context
302
 * structures into string representations.  The
303
 * val_to_struct arrays are used when the attributes
304
 * of a class, role, or user are needed.
305
 */
306

307
static int common_index(void *key, void *datum, void *datap)
308
{
309
	struct policydb *p;
310
	struct common_datum *comdatum;
311
	struct flex_array *fa;
312

313
	comdatum = datum;
314
	p = datap;
315
	if (!comdatum->value || comdatum->value > p->p_commons.nprim)
316
		return -EINVAL;
317

318
	fa = p->sym_val_to_name[SYM_COMMONS];
319
	if (flex_array_put_ptr(fa, comdatum->value - 1, key,
320
			       GFP_KERNEL | __GFP_ZERO))
321
		BUG();
322
	return 0;
323
}
324

325
static int class_index(void *key, void *datum, void *datap)
326
{
327
	struct policydb *p;
328
	struct class_datum *cladatum;
329
	struct flex_array *fa;
330

331
	cladatum = datum;
332
	p = datap;
333
	if (!cladatum->value || cladatum->value > p->p_classes.nprim)
334
		return -EINVAL;
335
	fa = p->sym_val_to_name[SYM_CLASSES];
336
	if (flex_array_put_ptr(fa, cladatum->value - 1, key,
337
			       GFP_KERNEL | __GFP_ZERO))
338
		BUG();
339
	p->class_val_to_struct[cladatum->value - 1] = cladatum;
340
	return 0;
341
}
342

343
static int role_index(void *key, void *datum, void *datap)
344
{
345
	struct policydb *p;
346
	struct role_datum *role;
347
	struct flex_array *fa;
348

349
	role = datum;
350
	p = datap;
351
	if (!role->value
352
	    || role->value > p->p_roles.nprim
353
	    || role->bounds > p->p_roles.nprim)
354
		return -EINVAL;
355

356
	fa = p->sym_val_to_name[SYM_ROLES];
357
	if (flex_array_put_ptr(fa, role->value - 1, key,
358
			       GFP_KERNEL | __GFP_ZERO))
359
		BUG();
360
	p->role_val_to_struct[role->value - 1] = role;
361
	return 0;
362
}
363

364
static int type_index(void *key, void *datum, void *datap)
365
{
366
	struct policydb *p;
367
	struct type_datum *typdatum;
368
	struct flex_array *fa;
369

370
	typdatum = datum;
371
	p = datap;
372

373
	if (typdatum->primary) {
374
		if (!typdatum->value
375
		    || typdatum->value > p->p_types.nprim
376
		    || typdatum->bounds > p->p_types.nprim)
377
			return -EINVAL;
378
		fa = p->sym_val_to_name[SYM_TYPES];
379
		if (flex_array_put_ptr(fa, typdatum->value - 1, key,
380
				       GFP_KERNEL | __GFP_ZERO))
381
			BUG();
382

383
		fa = p->type_val_to_struct_array;
384
		if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum,
385
				       GFP_KERNEL | __GFP_ZERO))
386
			BUG();
387
	}
388

389
	return 0;
390
}
391

392
static int user_index(void *key, void *datum, void *datap)
393
{
394
	struct policydb *p;
395
	struct user_datum *usrdatum;
396
	struct flex_array *fa;
397

398
	usrdatum = datum;
399
	p = datap;
400
	if (!usrdatum->value
401
	    || usrdatum->value > p->p_users.nprim
402
	    || usrdatum->bounds > p->p_users.nprim)
403
		return -EINVAL;
404

405
	fa = p->sym_val_to_name[SYM_USERS];
406
	if (flex_array_put_ptr(fa, usrdatum->value - 1, key,
407
			       GFP_KERNEL | __GFP_ZERO))
408
		BUG();
409
	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
410
	return 0;
411
}
412

413
static int sens_index(void *key, void *datum, void *datap)
414
{
415
	struct policydb *p;
416
	struct level_datum *levdatum;
417
	struct flex_array *fa;
418

419
	levdatum = datum;
420
	p = datap;
421

422
	if (!levdatum->isalias) {
423
		if (!levdatum->level->sens ||
424
		    levdatum->level->sens > p->p_levels.nprim)
425
			return -EINVAL;
426
		fa = p->sym_val_to_name[SYM_LEVELS];
427
		if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key,
428
				       GFP_KERNEL | __GFP_ZERO))
429
			BUG();
430
	}
431

432
	return 0;
433
}
434

435
static int cat_index(void *key, void *datum, void *datap)
436
{
437
	struct policydb *p;
438
	struct cat_datum *catdatum;
439
	struct flex_array *fa;
440

441
	catdatum = datum;
442
	p = datap;
443

444
	if (!catdatum->isalias) {
445
		if (!catdatum->value || catdatum->value > p->p_cats.nprim)
446
			return -EINVAL;
447
		fa = p->sym_val_to_name[SYM_CATS];
448
		if (flex_array_put_ptr(fa, catdatum->value - 1, key,
449
				       GFP_KERNEL | __GFP_ZERO))
450
			BUG();
451
	}
452

453
	return 0;
454
}
455

456
static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
457
{
458
	common_index,
459
	class_index,
460
	role_index,
461
	type_index,
462
	user_index,
463
	cond_index_bool,
464
	sens_index,
465
	cat_index,
466
};
467

468
#ifdef DEBUG_HASHES
469
static void hash_eval(struct hashtab *h, const char *hash_name)
470
{
471
	struct hashtab_info info;
472

473
	hashtab_stat(h, &info);
474
	printk(KERN_DEBUG "SELinux: %s:  %d entries and %d/%d buckets used, "
475
	       "longest chain length %d\n", hash_name, h->nel,
476
	       info.slots_used, h->size, info.max_chain_len);
477
}
478

479
static void symtab_hash_eval(struct symtab *s)
480
{
481
	int i;
482

483
	for (i = 0; i < SYM_NUM; i++)
484
		hash_eval(s[i].table, symtab_name[i]);
485
}
486

487
#else
488
static inline void hash_eval(struct hashtab *h, char *hash_name)
489
{
490
}
491
#endif
492

493
/*
494
 * Define the other val_to_name and val_to_struct arrays
495
 * in a policy database structure.
496
 *
497
 * Caller must clean up on failure.
498
 */
499
static int policydb_index(struct policydb *p)
500
{
501
	int i, rc;
502

503
	printk(KERN_DEBUG "SELinux:  %d users, %d roles, %d types, %d bools",
504
	       p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
505
	if (p->mls_enabled)
506
		printk(", %d sens, %d cats", p->p_levels.nprim,
507
		       p->p_cats.nprim);
508
	printk("\n");
509

510
	printk(KERN_DEBUG "SELinux:  %d classes, %d rules\n",
511
	       p->p_classes.nprim, p->te_avtab.nel);
512

513
#ifdef DEBUG_HASHES
514
	avtab_hash_eval(&p->te_avtab, "rules");
515
	symtab_hash_eval(p->symtab);
516
#endif
517

518
	rc = -ENOMEM;
519
	p->class_val_to_struct =
520
		kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)),
521
			GFP_KERNEL);
522
	if (!p->class_val_to_struct)
523
		goto out;
524

525
	rc = -ENOMEM;
526
	p->role_val_to_struct =
527
		kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
528
			GFP_KERNEL);
529
	if (!p->role_val_to_struct)
530
		goto out;
531

532
	rc = -ENOMEM;
533
	p->user_val_to_struct =
534
		kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
535
			GFP_KERNEL);
536
	if (!p->user_val_to_struct)
537
		goto out;
538

539
	/* Yes, I want the sizeof the pointer, not the structure */
540
	rc = -ENOMEM;
541
	p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *),
542
						       p->p_types.nprim,
543
						       GFP_KERNEL | __GFP_ZERO);
544
	if (!p->type_val_to_struct_array)
545
		goto out;
546

547
	rc = flex_array_prealloc(p->type_val_to_struct_array, 0,
548
				 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO);
549
	if (rc)
550
		goto out;
551

552
	rc = cond_init_bool_indexes(p);
553
	if (rc)
554
		goto out;
555

556
	for (i = 0; i < SYM_NUM; i++) {
557
		rc = -ENOMEM;
558
		p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *),
559
							 p->symtab[i].nprim,
560
							 GFP_KERNEL | __GFP_ZERO);
561
		if (!p->sym_val_to_name[i])
562
			goto out;
563

564
		rc = flex_array_prealloc(p->sym_val_to_name[i],
565
					 0, p->symtab[i].nprim,
566
					 GFP_KERNEL | __GFP_ZERO);
567
		if (rc)
568
			goto out;
569

570
		rc = hashtab_map(p->symtab[i].table, index_f[i], p);
571
		if (rc)
572
			goto out;
573
	}
574
	rc = 0;
575
out:
576
	return rc;
577
}
578

579
/*
580
 * The following *_destroy functions are used to
581
 * free any memory allocated for each kind of
582
 * symbol data in the policy database.
583
 */
584

585
static int perm_destroy(void *key, void *datum, void *p)
586
{
587
	kfree(key);
588
	kfree(datum);
589
	return 0;
590
}
591

592
static int common_destroy(void *key, void *datum, void *p)
593
{
594
	struct common_datum *comdatum;
595

596
	kfree(key);
597
	if (datum) {
598
		comdatum = datum;
599
		hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
600
		hashtab_destroy(comdatum->permissions.table);
601
	}
602
	kfree(datum);
603
	return 0;
604
}
605

606
static int cls_destroy(void *key, void *datum, void *p)
607
{
608
	struct class_datum *cladatum;
609
	struct constraint_node *constraint, *ctemp;
610
	struct constraint_expr *e, *etmp;
611

612
	kfree(key);
613
	if (datum) {
614
		cladatum = datum;
615
		hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
616
		hashtab_destroy(cladatum->permissions.table);
617
		constraint = cladatum->constraints;
618
		while (constraint) {
619
			e = constraint->expr;
620
			while (e) {
621
				ebitmap_destroy(&e->names);
622
				etmp = e;
623
				e = e->next;
624
				kfree(etmp);
625
			}
626
			ctemp = constraint;
627
			constraint = constraint->next;
628
			kfree(ctemp);
629
		}
630

631
		constraint = cladatum->validatetrans;
632
		while (constraint) {
633
			e = constraint->expr;
634
			while (e) {
635
				ebitmap_destroy(&e->names);
636
				etmp = e;
637
				e = e->next;
638
				kfree(etmp);
639
			}
640
			ctemp = constraint;
641
			constraint = constraint->next;
642
			kfree(ctemp);
643
		}
644

645
		kfree(cladatum->comkey);
646
	}
647
	kfree(datum);
648
	return 0;
649
}
650

651
static int role_destroy(void *key, void *datum, void *p)
652
{
653
	struct role_datum *role;
654

655
	kfree(key);
656
	if (datum) {
657
		role = datum;
658
		ebitmap_destroy(&role->dominates);
659
		ebitmap_destroy(&role->types);
660
	}
661
	kfree(datum);
662
	return 0;
663
}
664

665
static int type_destroy(void *key, void *datum, void *p)
666
{
667
	kfree(key);
668
	kfree(datum);
669
	return 0;
670
}
671

672
static int user_destroy(void *key, void *datum, void *p)
673
{
674
	struct user_datum *usrdatum;
675

676
	kfree(key);
677
	if (datum) {
678
		usrdatum = datum;
679
		ebitmap_destroy(&usrdatum->roles);
680
		ebitmap_destroy(&usrdatum->range.level[0].cat);
681
		ebitmap_destroy(&usrdatum->range.level[1].cat);
682
		ebitmap_destroy(&usrdatum->dfltlevel.cat);
683
	}
684
	kfree(datum);
685
	return 0;
686
}
687

688
static int sens_destroy(void *key, void *datum, void *p)
689
{
690
	struct level_datum *levdatum;
691

692
	kfree(key);
693
	if (datum) {
694
		levdatum = datum;
695
		ebitmap_destroy(&levdatum->level->cat);
696
		kfree(levdatum->level);
697
	}
698
	kfree(datum);
699
	return 0;
700
}
701

702
static int cat_destroy(void *key, void *datum, void *p)
703
{
704
	kfree(key);
705
	kfree(datum);
706
	return 0;
707
}
708

709
static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
710
{
711
	common_destroy,
712
	cls_destroy,
713
	role_destroy,
714
	type_destroy,
715
	user_destroy,
716
	cond_destroy_bool,
717
	sens_destroy,
718
	cat_destroy,
719
};
720

721
static int filenametr_destroy(void *key, void *datum, void *p)
722
{
723
	struct filename_trans *ft = key;
724
	kfree(ft->name);
725
	kfree(key);
726
	kfree(datum);
727
	cond_resched();
728
	return 0;
729
}
730

731
static int range_tr_destroy(void *key, void *datum, void *p)
732
{
733
	struct mls_range *rt = datum;
734
	kfree(key);
735
	ebitmap_destroy(&rt->level[0].cat);
736
	ebitmap_destroy(&rt->level[1].cat);
737
	kfree(datum);
738
	cond_resched();
739
	return 0;
740
}
741

742
static void ocontext_destroy(struct ocontext *c, int i)
743
{
744
	if (!c)
745
		return;
746

747
	context_destroy(&c->context[0]);
748
	context_destroy(&c->context[1]);
749
	if (i == OCON_ISID || i == OCON_FS ||
750
	    i == OCON_NETIF || i == OCON_FSUSE)
751
		kfree(c->u.name);
752
	kfree(c);
753
}
754

755
/*
756
 * Free any memory allocated by a policy database structure.
757
 */
758
void policydb_destroy(struct policydb *p)
759
{
760
	struct ocontext *c, *ctmp;
761
	struct genfs *g, *gtmp;
762
	int i;
763
	struct role_allow *ra, *lra = NULL;
764
	struct role_trans *tr, *ltr = NULL;
765

766
	for (i = 0; i < SYM_NUM; i++) {
767
		cond_resched();
768
		hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
769
		hashtab_destroy(p->symtab[i].table);
770
	}
771

772
	for (i = 0; i < SYM_NUM; i++) {
773
		if (p->sym_val_to_name[i])
774
			flex_array_free(p->sym_val_to_name[i]);
775
	}
776

777
	kfree(p->class_val_to_struct);
778
	kfree(p->role_val_to_struct);
779
	kfree(p->user_val_to_struct);
780
	if (p->type_val_to_struct_array)
781
		flex_array_free(p->type_val_to_struct_array);
782

783
	avtab_destroy(&p->te_avtab);
784

785
	for (i = 0; i < OCON_NUM; i++) {
786
		cond_resched();
787
		c = p->ocontexts[i];
788
		while (c) {
789
			ctmp = c;
790
			c = c->next;
791
			ocontext_destroy(ctmp, i);
792
		}
793
		p->ocontexts[i] = NULL;
794
	}
795

796
	g = p->genfs;
797
	while (g) {
798
		cond_resched();
799
		kfree(g->fstype);
800
		c = g->head;
801
		while (c) {
802
			ctmp = c;
803
			c = c->next;
804
			ocontext_destroy(ctmp, OCON_FSUSE);
805
		}
806
		gtmp = g;
807
		g = g->next;
808
		kfree(gtmp);
809
	}
810
	p->genfs = NULL;
811

812
	cond_policydb_destroy(p);
813

814
	for (tr = p->role_tr; tr; tr = tr->next) {
815
		cond_resched();
816
		kfree(ltr);
817
		ltr = tr;
818
	}
819
	kfree(ltr);
820

821
	for (ra = p->role_allow; ra; ra = ra->next) {
822
		cond_resched();
823
		kfree(lra);
824
		lra = ra;
825
	}
826
	kfree(lra);
827

828
	hashtab_map(p->filename_trans, filenametr_destroy, NULL);
829
	hashtab_destroy(p->filename_trans);
830

831
	hashtab_map(p->range_tr, range_tr_destroy, NULL);
832
	hashtab_destroy(p->range_tr);
833

834
	if (p->type_attr_map_array) {
835
		for (i = 0; i < p->p_types.nprim; i++) {
836
			struct ebitmap *e;
837

838
			e = flex_array_get(p->type_attr_map_array, i);
839
			if (!e)
840
				continue;
841
			ebitmap_destroy(e);
842
		}
843
		flex_array_free(p->type_attr_map_array);
844
	}
845

846
	ebitmap_destroy(&p->filename_trans_ttypes);
847
	ebitmap_destroy(&p->policycaps);
848
	ebitmap_destroy(&p->permissive_map);
849

850
	return;
851
}
852

853
/*
854
 * Load the initial SIDs specified in a policy database
855
 * structure into a SID table.
856
 */
857
int policydb_load_isids(struct policydb *p, struct sidtab *s)
858
{
859
	struct ocontext *head, *c;
860
	int rc;
861

862
	rc = sidtab_init(s);
863
	if (rc) {
864
		printk(KERN_ERR "SELinux:  out of memory on SID table init\n");
865
		goto out;
866
	}
867

868
	head = p->ocontexts[OCON_ISID];
869
	for (c = head; c; c = c->next) {
870
		rc = -EINVAL;
871
		if (!c->context[0].user) {
872
			printk(KERN_ERR "SELinux:  SID %s was never defined.\n",
873
				c->u.name);
874
			goto out;
875
		}
876

877
		rc = sidtab_insert(s, c->sid[0], &c->context[0]);
878
		if (rc) {
879
			printk(KERN_ERR "SELinux:  unable to load initial SID %s.\n",
880
				c->u.name);
881
			goto out;
882
		}
883
	}
884
	rc = 0;
885
out:
886
	return rc;
887
}
888

889
int policydb_class_isvalid(struct policydb *p, unsigned int class)
890
{
891
	if (!class || class > p->p_classes.nprim)
892
		return 0;
893
	return 1;
894
}
895

896
int policydb_role_isvalid(struct policydb *p, unsigned int role)
897
{
898
	if (!role || role > p->p_roles.nprim)
899
		return 0;
900
	return 1;
901
}
902

903
int policydb_type_isvalid(struct policydb *p, unsigned int type)
904
{
905
	if (!type || type > p->p_types.nprim)
906
		return 0;
907
	return 1;
908
}
909

910
/*
911
 * Return 1 if the fields in the security context
912
 * structure `c' are valid.  Return 0 otherwise.
913
 */
914
int policydb_context_isvalid(struct policydb *p, struct context *c)
915
{
916
	struct role_datum *role;
917
	struct user_datum *usrdatum;
918

919
	if (!c->role || c->role > p->p_roles.nprim)
920
		return 0;
921

922
	if (!c->user || c->user > p->p_users.nprim)
923
		return 0;
924

925
	if (!c->type || c->type > p->p_types.nprim)
926
		return 0;
927

928
	if (c->role != OBJECT_R_VAL) {
929
		/*
930
		 * Role must be authorized for the type.
931
		 */
932
		role = p->role_val_to_struct[c->role - 1];
933
		if (!ebitmap_get_bit(&role->types, c->type - 1))
934
			/* role may not be associated with type */
935
			return 0;
936

937
		/*
938
		 * User must be authorized for the role.
939
		 */
940
		usrdatum = p->user_val_to_struct[c->user - 1];
941
		if (!usrdatum)
942
			return 0;
943

944
		if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
945
			/* user may not be associated with role */
946
			return 0;
947
	}
948

949
	if (!mls_context_isvalid(p, c))
950
		return 0;
951

952
	return 1;
953
}
954

955
/*
956
 * Read a MLS range structure from a policydb binary
957
 * representation file.
958
 */
959
static int mls_read_range_helper(struct mls_range *r, void *fp)
960
{
961
	__le32 buf[2];
962
	u32 items;
963
	int rc;
964

965
	rc = next_entry(buf, fp, sizeof(u32));
966
	if (rc)
967
		goto out;
968

969
	rc = -EINVAL;
970
	items = le32_to_cpu(buf[0]);
971
	if (items > ARRAY_SIZE(buf)) {
972
		printk(KERN_ERR "SELinux: mls:  range overflow\n");
973
		goto out;
974
	}
975

976
	rc = next_entry(buf, fp, sizeof(u32) * items);
977
	if (rc) {
978
		printk(KERN_ERR "SELinux: mls:  truncated range\n");
979
		goto out;
980
	}
981

982
	r->level[0].sens = le32_to_cpu(buf[0]);
983
	if (items > 1)
984
		r->level[1].sens = le32_to_cpu(buf[1]);
985
	else
986
		r->level[1].sens = r->level[0].sens;
987

988
	rc = ebitmap_read(&r->level[0].cat, fp);
989
	if (rc) {
990
		printk(KERN_ERR "SELinux: mls:  error reading low categories\n");
991
		goto out;
992
	}
993
	if (items > 1) {
994
		rc = ebitmap_read(&r->level[1].cat, fp);
995
		if (rc) {
996
			printk(KERN_ERR "SELinux: mls:  error reading high categories\n");
997
			goto bad_high;
998
		}
999
	} else {
1000
		rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1001
		if (rc) {
1002
			printk(KERN_ERR "SELinux: mls:  out of memory\n");
1003
			goto bad_high;
1004
		}
1005
	}
1006

1007
	return 0;
1008
bad_high:
1009
	ebitmap_destroy(&r->level[0].cat);
1010
out:
1011
	return rc;
1012
}
1013

1014
/*
1015
 * Read and validate a security context structure
1016
 * from a policydb binary representation file.
1017
 */
1018
static int context_read_and_validate(struct context *c,
1019
				     struct policydb *p,
1020
				     void *fp)
1021
{
1022
	__le32 buf[3];
1023
	int rc;
1024

1025
	rc = next_entry(buf, fp, sizeof buf);
1026
	if (rc) {
1027
		printk(KERN_ERR "SELinux: context truncated\n");
1028
		goto out;
1029
	}
1030
	c->user = le32_to_cpu(buf[0]);
1031
	c->role = le32_to_cpu(buf[1]);
1032
	c->type = le32_to_cpu(buf[2]);
1033
	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1034
		rc = mls_read_range_helper(&c->range, fp);
1035
		if (rc) {
1036
			printk(KERN_ERR "SELinux: error reading MLS range of context\n");
1037
			goto out;
1038
		}
1039
	}
1040

1041
	rc = -EINVAL;
1042
	if (!policydb_context_isvalid(p, c)) {
1043
		printk(KERN_ERR "SELinux:  invalid security context\n");
1044
		context_destroy(c);
1045
		goto out;
1046
	}
1047
	rc = 0;
1048
out:
1049
	return rc;
1050
}
1051

1052
/*
1053
 * The following *_read functions are used to
1054
 * read the symbol data from a policy database
1055
 * binary representation file.
1056
 */
1057

1058
static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
1059
{
1060
	char *key = NULL;
1061
	struct perm_datum *perdatum;
1062
	int rc;
1063
	__le32 buf[2];
1064
	u32 len;
1065

1066
	rc = -ENOMEM;
1067
	perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1068
	if (!perdatum)
1069
		goto bad;
1070

1071
	rc = next_entry(buf, fp, sizeof buf);
1072
	if (rc)
1073
		goto bad;
1074

1075
	len = le32_to_cpu(buf[0]);
1076
	perdatum->value = le32_to_cpu(buf[1]);
1077

1078
	rc = -ENOMEM;
1079
	key = kmalloc(len + 1, GFP_KERNEL);
1080
	if (!key)
1081
		goto bad;
1082

1083
	rc = next_entry(key, fp, len);
1084
	if (rc)
1085
		goto bad;
1086
	key[len] = '\0';
1087

1088
	rc = hashtab_insert(h, key, perdatum);
1089
	if (rc)
1090
		goto bad;
1091

1092
	return 0;
1093
bad:
1094
	perm_destroy(key, perdatum, NULL);
1095
	return rc;
1096
}
1097

1098
static int common_read(struct policydb *p, struct hashtab *h, void *fp)
1099
{
1100
	char *key = NULL;
1101
	struct common_datum *comdatum;
1102
	__le32 buf[4];
1103
	u32 len, nel;
1104
	int i, rc;
1105

1106
	rc = -ENOMEM;
1107
	comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1108
	if (!comdatum)
1109
		goto bad;
1110

1111
	rc = next_entry(buf, fp, sizeof buf);
1112
	if (rc)
1113
		goto bad;
1114

1115
	len = le32_to_cpu(buf[0]);
1116
	comdatum->value = le32_to_cpu(buf[1]);
1117

1118
	rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
1119
	if (rc)
1120
		goto bad;
1121
	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1122
	nel = le32_to_cpu(buf[3]);
1123

1124
	rc = -ENOMEM;
1125
	key = kmalloc(len + 1, GFP_KERNEL);
1126
	if (!key)
1127
		goto bad;
1128

1129
	rc = next_entry(key, fp, len);
1130
	if (rc)
1131
		goto bad;
1132
	key[len] = '\0';
1133

1134
	for (i = 0; i < nel; i++) {
1135
		rc = perm_read(p, comdatum->permissions.table, fp);
1136
		if (rc)
1137
			goto bad;
1138
	}
1139

1140
	rc = hashtab_insert(h, key, comdatum);
1141
	if (rc)
1142
		goto bad;
1143
	return 0;
1144
bad:
1145
	common_destroy(key, comdatum, NULL);
1146
	return rc;
1147
}
1148

1149
static int read_cons_helper(struct constraint_node **nodep, int ncons,
1150
			    int allowxtarget, void *fp)
1151
{
1152
	struct constraint_node *c, *lc;
1153
	struct constraint_expr *e, *le;
1154
	__le32 buf[3];
1155
	u32 nexpr;
1156
	int rc, i, j, depth;
1157

1158
	lc = NULL;
1159
	for (i = 0; i < ncons; i++) {
1160
		c = kzalloc(sizeof(*c), GFP_KERNEL);
1161
		if (!c)
1162
			return -ENOMEM;
1163

1164
		if (lc)
1165
			lc->next = c;
1166
		else
1167
			*nodep = c;
1168

1169
		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1170
		if (rc)
1171
			return rc;
1172
		c->permissions = le32_to_cpu(buf[0]);
1173
		nexpr = le32_to_cpu(buf[1]);
1174
		le = NULL;
1175
		depth = -1;
1176
		for (j = 0; j < nexpr; j++) {
1177
			e = kzalloc(sizeof(*e), GFP_KERNEL);
1178
			if (!e)
1179
				return -ENOMEM;
1180

1181
			if (le)
1182
				le->next = e;
1183
			else
1184
				c->expr = e;
1185

1186
			rc = next_entry(buf, fp, (sizeof(u32) * 3));
1187
			if (rc)
1188
				return rc;
1189
			e->expr_type = le32_to_cpu(buf[0]);
1190
			e->attr = le32_to_cpu(buf[1]);
1191
			e->op = le32_to_cpu(buf[2]);
1192

1193
			switch (e->expr_type) {
1194
			case CEXPR_NOT:
1195
				if (depth < 0)
1196
					return -EINVAL;
1197
				break;
1198
			case CEXPR_AND:
1199
			case CEXPR_OR:
1200
				if (depth < 1)
1201
					return -EINVAL;
1202
				depth--;
1203
				break;
1204
			case CEXPR_ATTR:
1205
				if (depth == (CEXPR_MAXDEPTH - 1))
1206
					return -EINVAL;
1207
				depth++;
1208
				break;
1209
			case CEXPR_NAMES:
1210
				if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1211
					return -EINVAL;
1212
				if (depth == (CEXPR_MAXDEPTH - 1))
1213
					return -EINVAL;
1214
				depth++;
1215
				rc = ebitmap_read(&e->names, fp);
1216
				if (rc)
1217
					return rc;
1218
				break;
1219
			default:
1220
				return -EINVAL;
1221
			}
1222
			le = e;
1223
		}
1224
		if (depth != 0)
1225
			return -EINVAL;
1226
		lc = c;
1227
	}
1228

1229
	return 0;
1230
}
1231

1232
static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1233
{
1234
	char *key = NULL;
1235
	struct class_datum *cladatum;
1236
	__le32 buf[6];
1237
	u32 len, len2, ncons, nel;
1238
	int i, rc;
1239

1240
	rc = -ENOMEM;
1241
	cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1242
	if (!cladatum)
1243
		goto bad;
1244

1245
	rc = next_entry(buf, fp, sizeof(u32)*6);
1246
	if (rc)
1247
		goto bad;
1248

1249
	len = le32_to_cpu(buf[0]);
1250
	len2 = le32_to_cpu(buf[1]);
1251
	cladatum->value = le32_to_cpu(buf[2]);
1252

1253
	rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1254
	if (rc)
1255
		goto bad;
1256
	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1257
	nel = le32_to_cpu(buf[4]);
1258

1259
	ncons = le32_to_cpu(buf[5]);
1260

1261
	rc = -ENOMEM;
1262
	key = kmalloc(len + 1, GFP_KERNEL);
1263
	if (!key)
1264
		goto bad;
1265

1266
	rc = next_entry(key, fp, len);
1267
	if (rc)
1268
		goto bad;
1269
	key[len] = '\0';
1270

1271
	if (len2) {
1272
		rc = -ENOMEM;
1273
		cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
1274
		if (!cladatum->comkey)
1275
			goto bad;
1276
		rc = next_entry(cladatum->comkey, fp, len2);
1277
		if (rc)
1278
			goto bad;
1279
		cladatum->comkey[len2] = '\0';
1280

1281
		rc = -EINVAL;
1282
		cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
1283
		if (!cladatum->comdatum) {
1284
			printk(KERN_ERR "SELinux:  unknown common %s\n", cladatum->comkey);
1285
			goto bad;
1286
		}
1287
	}
1288
	for (i = 0; i < nel; i++) {
1289
		rc = perm_read(p, cladatum->permissions.table, fp);
1290
		if (rc)
1291
			goto bad;
1292
	}
1293

1294
	rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1295
	if (rc)
1296
		goto bad;
1297

1298
	if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1299
		/* grab the validatetrans rules */
1300
		rc = next_entry(buf, fp, sizeof(u32));
1301
		if (rc)
1302
			goto bad;
1303
		ncons = le32_to_cpu(buf[0]);
1304
		rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1305
		if (rc)
1306
			goto bad;
1307
	}
1308

1309
	rc = hashtab_insert(h, key, cladatum);
1310
	if (rc)
1311
		goto bad;
1312

1313
	return 0;
1314
bad:
1315
	cls_destroy(key, cladatum, NULL);
1316
	return rc;
1317
}
1318

1319
static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1320
{
1321
	char *key = NULL;
1322
	struct role_datum *role;
1323
	int rc, to_read = 2;
1324
	__le32 buf[3];
1325
	u32 len;
1326

1327
	rc = -ENOMEM;
1328
	role = kzalloc(sizeof(*role), GFP_KERNEL);
1329
	if (!role)
1330
		goto bad;
1331

1332
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1333
		to_read = 3;
1334

1335
	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1336
	if (rc)
1337
		goto bad;
1338

1339
	len = le32_to_cpu(buf[0]);
1340
	role->value = le32_to_cpu(buf[1]);
1341
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1342
		role->bounds = le32_to_cpu(buf[2]);
1343

1344
	rc = -ENOMEM;
1345
	key = kmalloc(len + 1, GFP_KERNEL);
1346
	if (!key)
1347
		goto bad;
1348

1349
	rc = next_entry(key, fp, len);
1350
	if (rc)
1351
		goto bad;
1352
	key[len] = '\0';
1353

1354
	rc = ebitmap_read(&role->dominates, fp);
1355
	if (rc)
1356
		goto bad;
1357

1358
	rc = ebitmap_read(&role->types, fp);
1359
	if (rc)
1360
		goto bad;
1361

1362
	if (strcmp(key, OBJECT_R) == 0) {
1363
		rc = -EINVAL;
1364
		if (role->value != OBJECT_R_VAL) {
1365
			printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
1366
			       OBJECT_R, role->value);
1367
			goto bad;
1368
		}
1369
		rc = 0;
1370
		goto bad;
1371
	}
1372

1373
	rc = hashtab_insert(h, key, role);
1374
	if (rc)
1375
		goto bad;
1376
	return 0;
1377
bad:
1378
	role_destroy(key, role, NULL);
1379
	return rc;
1380
}
1381

1382
static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1383
{
1384
	char *key = NULL;
1385
	struct type_datum *typdatum;
1386
	int rc, to_read = 3;
1387
	__le32 buf[4];
1388
	u32 len;
1389

1390
	rc = -ENOMEM;
1391
	typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1392
	if (!typdatum)
1393
		goto bad;
1394

1395
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1396
		to_read = 4;
1397

1398
	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1399
	if (rc)
1400
		goto bad;
1401

1402
	len = le32_to_cpu(buf[0]);
1403
	typdatum->value = le32_to_cpu(buf[1]);
1404
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1405
		u32 prop = le32_to_cpu(buf[2]);
1406

1407
		if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1408
			typdatum->primary = 1;
1409
		if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1410
			typdatum->attribute = 1;
1411

1412
		typdatum->bounds = le32_to_cpu(buf[3]);
1413
	} else {
1414
		typdatum->primary = le32_to_cpu(buf[2]);
1415
	}
1416

1417
	rc = -ENOMEM;
1418
	key = kmalloc(len + 1, GFP_KERNEL);
1419
	if (!key)
1420
		goto bad;
1421
	rc = next_entry(key, fp, len);
1422
	if (rc)
1423
		goto bad;
1424
	key[len] = '\0';
1425

1426
	rc = hashtab_insert(h, key, typdatum);
1427
	if (rc)
1428
		goto bad;
1429
	return 0;
1430
bad:
1431
	type_destroy(key, typdatum, NULL);
1432
	return rc;
1433
}
1434

1435

1436
/*
1437
 * Read a MLS level structure from a policydb binary
1438
 * representation file.
1439
 */
1440
static int mls_read_level(struct mls_level *lp, void *fp)
1441
{
1442
	__le32 buf[1];
1443
	int rc;
1444

1445
	memset(lp, 0, sizeof(*lp));
1446

1447
	rc = next_entry(buf, fp, sizeof buf);
1448
	if (rc) {
1449
		printk(KERN_ERR "SELinux: mls: truncated level\n");
1450
		return rc;
1451
	}
1452
	lp->sens = le32_to_cpu(buf[0]);
1453

1454
	rc = ebitmap_read(&lp->cat, fp);
1455
	if (rc) {
1456
		printk(KERN_ERR "SELinux: mls:  error reading level categories\n");
1457
		return rc;
1458
	}
1459
	return 0;
1460
}
1461

1462
static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1463
{
1464
	char *key = NULL;
1465
	struct user_datum *usrdatum;
1466
	int rc, to_read = 2;
1467
	__le32 buf[3];
1468
	u32 len;
1469

1470
	rc = -ENOMEM;
1471
	usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1472
	if (!usrdatum)
1473
		goto bad;
1474

1475
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1476
		to_read = 3;
1477

1478
	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1479
	if (rc)
1480
		goto bad;
1481

1482
	len = le32_to_cpu(buf[0]);
1483
	usrdatum->value = le32_to_cpu(buf[1]);
1484
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1485
		usrdatum->bounds = le32_to_cpu(buf[2]);
1486

1487
	rc = -ENOMEM;
1488
	key = kmalloc(len + 1, GFP_KERNEL);
1489
	if (!key)
1490
		goto bad;
1491
	rc = next_entry(key, fp, len);
1492
	if (rc)
1493
		goto bad;
1494
	key[len] = '\0';
1495

1496
	rc = ebitmap_read(&usrdatum->roles, fp);
1497
	if (rc)
1498
		goto bad;
1499

1500
	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1501
		rc = mls_read_range_helper(&usrdatum->range, fp);
1502
		if (rc)
1503
			goto bad;
1504
		rc = mls_read_level(&usrdatum->dfltlevel, fp);
1505
		if (rc)
1506
			goto bad;
1507
	}
1508

1509
	rc = hashtab_insert(h, key, usrdatum);
1510
	if (rc)
1511
		goto bad;
1512
	return 0;
1513
bad:
1514
	user_destroy(key, usrdatum, NULL);
1515
	return rc;
1516
}
1517

1518
static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1519
{
1520
	char *key = NULL;
1521
	struct level_datum *levdatum;
1522
	int rc;
1523
	__le32 buf[2];
1524
	u32 len;
1525

1526
	rc = -ENOMEM;
1527
	levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1528
	if (!levdatum)
1529
		goto bad;
1530

1531
	rc = next_entry(buf, fp, sizeof buf);
1532
	if (rc)
1533
		goto bad;
1534

1535
	len = le32_to_cpu(buf[0]);
1536
	levdatum->isalias = le32_to_cpu(buf[1]);
1537

1538
	rc = -ENOMEM;
1539
	key = kmalloc(len + 1, GFP_ATOMIC);
1540
	if (!key)
1541
		goto bad;
1542
	rc = next_entry(key, fp, len);
1543
	if (rc)
1544
		goto bad;
1545
	key[len] = '\0';
1546

1547
	rc = -ENOMEM;
1548
	levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1549
	if (!levdatum->level)
1550
		goto bad;
1551

1552
	rc = mls_read_level(levdatum->level, fp);
1553
	if (rc)
1554
		goto bad;
1555

1556
	rc = hashtab_insert(h, key, levdatum);
1557
	if (rc)
1558
		goto bad;
1559
	return 0;
1560
bad:
1561
	sens_destroy(key, levdatum, NULL);
1562
	return rc;
1563
}
1564

1565
static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1566
{
1567
	char *key = NULL;
1568
	struct cat_datum *catdatum;
1569
	int rc;
1570
	__le32 buf[3];
1571
	u32 len;
1572

1573
	rc = -ENOMEM;
1574
	catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1575
	if (!catdatum)
1576
		goto bad;
1577

1578
	rc = next_entry(buf, fp, sizeof buf);
1579
	if (rc)
1580
		goto bad;
1581

1582
	len = le32_to_cpu(buf[0]);
1583
	catdatum->value = le32_to_cpu(buf[1]);
1584
	catdatum->isalias = le32_to_cpu(buf[2]);
1585

1586
	rc = -ENOMEM;
1587
	key = kmalloc(len + 1, GFP_ATOMIC);
1588
	if (!key)
1589
		goto bad;
1590
	rc = next_entry(key, fp, len);
1591
	if (rc)
1592
		goto bad;
1593
	key[len] = '\0';
1594

1595
	rc = hashtab_insert(h, key, catdatum);
1596
	if (rc)
1597
		goto bad;
1598
	return 0;
1599
bad:
1600
	cat_destroy(key, catdatum, NULL);
1601
	return rc;
1602
}
1603

1604
static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1605
{
1606
	common_read,
1607
	class_read,
1608
	role_read,
1609
	type_read,
1610
	user_read,
1611
	cond_read_bool,
1612
	sens_read,
1613
	cat_read,
1614
};
1615

1616
static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1617
{
1618
	struct user_datum *upper, *user;
1619
	struct policydb *p = datap;
1620
	int depth = 0;
1621

1622
	upper = user = datum;
1623
	while (upper->bounds) {
1624
		struct ebitmap_node *node;
1625
		unsigned long bit;
1626

1627
		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1628
			printk(KERN_ERR "SELinux: user %s: "
1629
			       "too deep or looped boundary",
1630
			       (char *) key);
1631
			return -EINVAL;
1632
		}
1633

1634
		upper = p->user_val_to_struct[upper->bounds - 1];
1635
		ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1636
			if (ebitmap_get_bit(&upper->roles, bit))
1637
				continue;
1638

1639
			printk(KERN_ERR
1640
			       "SELinux: boundary violated policy: "
1641
			       "user=%s role=%s bounds=%s\n",
1642
			       sym_name(p, SYM_USERS, user->value - 1),
1643
			       sym_name(p, SYM_ROLES, bit),
1644
			       sym_name(p, SYM_USERS, upper->value - 1));
1645

1646
			return -EINVAL;
1647
		}
1648
	}
1649

1650
	return 0;
1651
}
1652

1653
static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1654
{
1655
	struct role_datum *upper, *role;
1656
	struct policydb *p = datap;
1657
	int depth = 0;
1658

1659
	upper = role = datum;
1660
	while (upper->bounds) {
1661
		struct ebitmap_node *node;
1662
		unsigned long bit;
1663

1664
		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1665
			printk(KERN_ERR "SELinux: role %s: "
1666
			       "too deep or looped bounds\n",
1667
			       (char *) key);
1668
			return -EINVAL;
1669
		}
1670

1671
		upper = p->role_val_to_struct[upper->bounds - 1];
1672
		ebitmap_for_each_positive_bit(&role->types, node, bit) {
1673
			if (ebitmap_get_bit(&upper->types, bit))
1674
				continue;
1675

1676
			printk(KERN_ERR
1677
			       "SELinux: boundary violated policy: "
1678
			       "role=%s type=%s bounds=%s\n",
1679
			       sym_name(p, SYM_ROLES, role->value - 1),
1680
			       sym_name(p, SYM_TYPES, bit),
1681
			       sym_name(p, SYM_ROLES, upper->value - 1));
1682

1683
			return -EINVAL;
1684
		}
1685
	}
1686

1687
	return 0;
1688
}
1689

1690
static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1691
{
1692
	struct type_datum *upper;
1693
	struct policydb *p = datap;
1694
	int depth = 0;
1695

1696
	upper = datum;
1697
	while (upper->bounds) {
1698
		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1699
			printk(KERN_ERR "SELinux: type %s: "
1700
			       "too deep or looped boundary\n",
1701
			       (char *) key);
1702
			return -EINVAL;
1703
		}
1704

1705
		upper = flex_array_get_ptr(p->type_val_to_struct_array,
1706
					   upper->bounds - 1);
1707
		BUG_ON(!upper);
1708

1709
		if (upper->attribute) {
1710
			printk(KERN_ERR "SELinux: type %s: "
1711
			       "bounded by attribute %s",
1712
			       (char *) key,
1713
			       sym_name(p, SYM_TYPES, upper->value - 1));
1714
			return -EINVAL;
1715
		}
1716
	}
1717

1718
	return 0;
1719
}
1720

1721
static int policydb_bounds_sanity_check(struct policydb *p)
1722
{
1723
	int rc;
1724

1725
	if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1726
		return 0;
1727

1728
	rc = hashtab_map(p->p_users.table,
1729
			 user_bounds_sanity_check, p);
1730
	if (rc)
1731
		return rc;
1732

1733
	rc = hashtab_map(p->p_roles.table,
1734
			 role_bounds_sanity_check, p);
1735
	if (rc)
1736
		return rc;
1737

1738
	rc = hashtab_map(p->p_types.table,
1739
			 type_bounds_sanity_check, p);
1740
	if (rc)
1741
		return rc;
1742

1743
	return 0;
1744
}
1745

1746
extern int ss_initialized;
1747

1748
u16 string_to_security_class(struct policydb *p, const char *name)
1749
{
1750
	struct class_datum *cladatum;
1751

1752
	cladatum = hashtab_search(p->p_classes.table, name);
1753
	if (!cladatum)
1754
		return 0;
1755

1756
	return cladatum->value;
1757
}
1758

1759
u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1760
{
1761
	struct class_datum *cladatum;
1762
	struct perm_datum *perdatum = NULL;
1763
	struct common_datum *comdatum;
1764

1765
	if (!tclass || tclass > p->p_classes.nprim)
1766
		return 0;
1767

1768
	cladatum = p->class_val_to_struct[tclass-1];
1769
	comdatum = cladatum->comdatum;
1770
	if (comdatum)
1771
		perdatum = hashtab_search(comdatum->permissions.table,
1772
					  name);
1773
	if (!perdatum)
1774
		perdatum = hashtab_search(cladatum->permissions.table,
1775
					  name);
1776
	if (!perdatum)
1777
		return 0;
1778

1779
	return 1U << (perdatum->value-1);
1780
}
1781

1782
static int range_read(struct policydb *p, void *fp)
1783
{
1784
	struct range_trans *rt = NULL;
1785
	struct mls_range *r = NULL;
1786
	int i, rc;
1787
	__le32 buf[2];
1788
	u32 nel;
1789

1790
	if (p->policyvers < POLICYDB_VERSION_MLS)
1791
		return 0;
1792

1793
	rc = next_entry(buf, fp, sizeof(u32));
1794
	if (rc)
1795
		goto out;
1796

1797
	nel = le32_to_cpu(buf[0]);
1798
	for (i = 0; i < nel; i++) {
1799
		rc = -ENOMEM;
1800
		rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1801
		if (!rt)
1802
			goto out;
1803

1804
		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1805
		if (rc)
1806
			goto out;
1807

1808
		rt->source_type = le32_to_cpu(buf[0]);
1809
		rt->target_type = le32_to_cpu(buf[1]);
1810
		if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1811
			rc = next_entry(buf, fp, sizeof(u32));
1812
			if (rc)
1813
				goto out;
1814
			rt->target_class = le32_to_cpu(buf[0]);
1815
		} else
1816
			rt->target_class = p->process_class;
1817

1818
		rc = -EINVAL;
1819
		if (!policydb_type_isvalid(p, rt->source_type) ||
1820
		    !policydb_type_isvalid(p, rt->target_type) ||
1821
		    !policydb_class_isvalid(p, rt->target_class))
1822
			goto out;
1823

1824
		rc = -ENOMEM;
1825
		r = kzalloc(sizeof(*r), GFP_KERNEL);
1826
		if (!r)
1827
			goto out;
1828

1829
		rc = mls_read_range_helper(r, fp);
1830
		if (rc)
1831
			goto out;
1832

1833
		rc = -EINVAL;
1834
		if (!mls_range_isvalid(p, r)) {
1835
			printk(KERN_WARNING "SELinux:  rangetrans:  invalid range\n");
1836
			goto out;
1837
		}
1838

1839
		rc = hashtab_insert(p->range_tr, rt, r);
1840
		if (rc)
1841
			goto out;
1842

1843
		rt = NULL;
1844
		r = NULL;
1845
	}
1846
	hash_eval(p->range_tr, "rangetr");
1847
	rc = 0;
1848
out:
1849
	kfree(rt);
1850
	kfree(r);
1851
	return rc;
1852
}
1853

1854
static int filename_trans_read(struct policydb *p, void *fp)
1855
{
1856
	struct filename_trans *ft;
1857
	struct filename_trans_datum *otype;
1858
	char *name;
1859
	u32 nel, len;
1860
	__le32 buf[4];
1861
	int rc, i;
1862

1863
	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
1864
		return 0;
1865

1866
	rc = next_entry(buf, fp, sizeof(u32));
1867
	if (rc)
1868
		return rc;
1869
	nel = le32_to_cpu(buf[0]);
1870

1871
	for (i = 0; i < nel; i++) {
1872
		ft = NULL;
1873
		otype = NULL;
1874
		name = NULL;
1875

1876
		rc = -ENOMEM;
1877
		ft = kzalloc(sizeof(*ft), GFP_KERNEL);
1878
		if (!ft)
1879
			goto out;
1880

1881
		rc = -ENOMEM;
1882
		otype = kmalloc(sizeof(*otype), GFP_KERNEL);
1883
		if (!otype)
1884
			goto out;
1885

1886
		/* length of the path component string */
1887
		rc = next_entry(buf, fp, sizeof(u32));
1888
		if (rc)
1889
			goto out;
1890
		len = le32_to_cpu(buf[0]);
1891

1892
		rc = -ENOMEM;
1893
		name = kmalloc(len + 1, GFP_KERNEL);
1894
		if (!name)
1895
			goto out;
1896

1897
		ft->name = name;
1898

1899
		/* path component string */
1900
		rc = next_entry(name, fp, len);
1901
		if (rc)
1902
			goto out;
1903
		name[len] = 0;
1904

1905
		rc = next_entry(buf, fp, sizeof(u32) * 4);
1906
		if (rc)
1907
			goto out;
1908

1909
		ft->stype = le32_to_cpu(buf[0]);
1910
		ft->ttype = le32_to_cpu(buf[1]);
1911
		ft->tclass = le32_to_cpu(buf[2]);
1912

1913
		otype->otype = le32_to_cpu(buf[3]);
1914

1915
		rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1);
1916
		if (rc)
1917
			goto out;
1918

1919
		hashtab_insert(p->filename_trans, ft, otype);
1920
	}
1921
	hash_eval(p->filename_trans, "filenametr");
1922
	return 0;
1923
out:
1924
	kfree(ft);
1925
	kfree(name);
1926
	kfree(otype);
1927

1928
	return rc;
1929
}
1930

1931
static int genfs_read(struct policydb *p, void *fp)
1932
{
1933
	int i, j, rc;
1934
	u32 nel, nel2, len, len2;
1935
	__le32 buf[1];
1936
	struct ocontext *l, *c;
1937
	struct ocontext *newc = NULL;
1938
	struct genfs *genfs_p, *genfs;
1939
	struct genfs *newgenfs = NULL;
1940

1941
	rc = next_entry(buf, fp, sizeof(u32));
1942
	if (rc)
1943
		goto out;
1944
	nel = le32_to_cpu(buf[0]);
1945

1946
	for (i = 0; i < nel; i++) {
1947
		rc = next_entry(buf, fp, sizeof(u32));
1948
		if (rc)
1949
			goto out;
1950
		len = le32_to_cpu(buf[0]);
1951

1952
		rc = -ENOMEM;
1953
		newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1954
		if (!newgenfs)
1955
			goto out;
1956

1957
		rc = -ENOMEM;
1958
		newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL);
1959
		if (!newgenfs->fstype)
1960
			goto out;
1961

1962
		rc = next_entry(newgenfs->fstype, fp, len);
1963
		if (rc)
1964
			goto out;
1965

1966
		newgenfs->fstype[len] = 0;
1967

1968
		for (genfs_p = NULL, genfs = p->genfs; genfs;
1969
		     genfs_p = genfs, genfs = genfs->next) {
1970
			rc = -EINVAL;
1971
			if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1972
				printk(KERN_ERR "SELinux:  dup genfs fstype %s\n",
1973
				       newgenfs->fstype);
1974
				goto out;
1975
			}
1976
			if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1977
				break;
1978
		}
1979
		newgenfs->next = genfs;
1980
		if (genfs_p)
1981
			genfs_p->next = newgenfs;
1982
		else
1983
			p->genfs = newgenfs;
1984
		genfs = newgenfs;
1985
		newgenfs = NULL;
1986

1987
		rc = next_entry(buf, fp, sizeof(u32));
1988
		if (rc)
1989
			goto out;
1990

1991
		nel2 = le32_to_cpu(buf[0]);
1992
		for (j = 0; j < nel2; j++) {
1993
			rc = next_entry(buf, fp, sizeof(u32));
1994
			if (rc)
1995
				goto out;
1996
			len = le32_to_cpu(buf[0]);
1997

1998
			rc = -ENOMEM;
1999
			newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2000
			if (!newc)
2001
				goto out;
2002

2003
			rc = -ENOMEM;
2004
			newc->u.name = kmalloc(len + 1, GFP_KERNEL);
2005
			if (!newc->u.name)
2006
				goto out;
2007

2008
			rc = next_entry(newc->u.name, fp, len);
2009
			if (rc)
2010
				goto out;
2011
			newc->u.name[len] = 0;
2012

2013
			rc = next_entry(buf, fp, sizeof(u32));
2014
			if (rc)
2015
				goto out;
2016

2017
			newc->v.sclass = le32_to_cpu(buf[0]);
2018
			rc = context_read_and_validate(&newc->context[0], p, fp);
2019
			if (rc)
2020
				goto out;
2021

2022
			for (l = NULL, c = genfs->head; c;
2023
			     l = c, c = c->next) {
2024
				rc = -EINVAL;
2025
				if (!strcmp(newc->u.name, c->u.name) &&
2026
				    (!c->v.sclass || !newc->v.sclass ||
2027
				     newc->v.sclass == c->v.sclass)) {
2028
					printk(KERN_ERR "SELinux:  dup genfs entry (%s,%s)\n",
2029
					       genfs->fstype, c->u.name);
2030
					goto out;
2031
				}
2032
				len = strlen(newc->u.name);
2033
				len2 = strlen(c->u.name);
2034
				if (len > len2)
2035
					break;
2036
			}
2037

2038
			newc->next = c;
2039
			if (l)
2040
				l->next = newc;
2041
			else
2042
				genfs->head = newc;
2043
			newc = NULL;
2044
		}
2045
	}
2046
	rc = 0;
2047
out:
2048
	if (newgenfs)
2049
		kfree(newgenfs->fstype);
2050
	kfree(newgenfs);
2051
	ocontext_destroy(newc, OCON_FSUSE);
2052

2053
	return rc;
2054
}
2055

2056
static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
2057
			 void *fp)
2058
{
2059
	int i, j, rc;
2060
	u32 nel, len;
2061
	__le32 buf[3];
2062
	struct ocontext *l, *c;
2063
	u32 nodebuf[8];
2064

2065
	for (i = 0; i < info->ocon_num; i++) {
2066
		rc = next_entry(buf, fp, sizeof(u32));
2067
		if (rc)
2068
			goto out;
2069
		nel = le32_to_cpu(buf[0]);
2070

2071
		l = NULL;
2072
		for (j = 0; j < nel; j++) {
2073
			rc = -ENOMEM;
2074
			c = kzalloc(sizeof(*c), GFP_KERNEL);
2075
			if (!c)
2076
				goto out;
2077
			if (l)
2078
				l->next = c;
2079
			else
2080
				p->ocontexts[i] = c;
2081
			l = c;
2082

2083
			switch (i) {
2084
			case OCON_ISID:
2085
				rc = next_entry(buf, fp, sizeof(u32));
2086
				if (rc)
2087
					goto out;
2088

2089
				c->sid[0] = le32_to_cpu(buf[0]);
2090
				rc = context_read_and_validate(&c->context[0], p, fp);
2091
				if (rc)
2092
					goto out;
2093
				break;
2094
			case OCON_FS:
2095
			case OCON_NETIF:
2096
				rc = next_entry(buf, fp, sizeof(u32));
2097
				if (rc)
2098
					goto out;
2099
				len = le32_to_cpu(buf[0]);
2100

2101
				rc = -ENOMEM;
2102
				c->u.name = kmalloc(len + 1, GFP_KERNEL);
2103
				if (!c->u.name)
2104
					goto out;
2105

2106
				rc = next_entry(c->u.name, fp, len);
2107
				if (rc)
2108
					goto out;
2109

2110
				c->u.name[len] = 0;
2111
				rc = context_read_and_validate(&c->context[0], p, fp);
2112
				if (rc)
2113
					goto out;
2114
				rc = context_read_and_validate(&c->context[1], p, fp);
2115
				if (rc)
2116
					goto out;
2117
				break;
2118
			case OCON_PORT:
2119
				rc = next_entry(buf, fp, sizeof(u32)*3);
2120
				if (rc)
2121
					goto out;
2122
				c->u.port.protocol = le32_to_cpu(buf[0]);
2123
				c->u.port.low_port = le32_to_cpu(buf[1]);
2124
				c->u.port.high_port = le32_to_cpu(buf[2]);
2125
				rc = context_read_and_validate(&c->context[0], p, fp);
2126
				if (rc)
2127
					goto out;
2128
				break;
2129
			case OCON_NODE:
2130
				rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2131
				if (rc)
2132
					goto out;
2133
				c->u.node.addr = nodebuf[0]; /* network order */
2134
				c->u.node.mask = nodebuf[1]; /* network order */
2135
				rc = context_read_and_validate(&c->context[0], p, fp);
2136
				if (rc)
2137
					goto out;
2138
				break;
2139
			case OCON_FSUSE:
2140
				rc = next_entry(buf, fp, sizeof(u32)*2);
2141
				if (rc)
2142
					goto out;
2143

2144
				rc = -EINVAL;
2145
				c->v.behavior = le32_to_cpu(buf[0]);
2146
				if (c->v.behavior > SECURITY_FS_USE_NONE)
2147
					goto out;
2148

2149
				rc = -ENOMEM;
2150
				len = le32_to_cpu(buf[1]);
2151
				c->u.name = kmalloc(len + 1, GFP_KERNEL);
2152
				if (!c->u.name)
2153
					goto out;
2154

2155
				rc = next_entry(c->u.name, fp, len);
2156
				if (rc)
2157
					goto out;
2158
				c->u.name[len] = 0;
2159
				rc = context_read_and_validate(&c->context[0], p, fp);
2160
				if (rc)
2161
					goto out;
2162
				break;
2163
			case OCON_NODE6: {
2164
				int k;
2165

2166
				rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2167
				if (rc)
2168
					goto out;
2169
				for (k = 0; k < 4; k++)
2170
					c->u.node6.addr[k] = nodebuf[k];
2171
				for (k = 0; k < 4; k++)
2172
					c->u.node6.mask[k] = nodebuf[k+4];
2173
				rc = context_read_and_validate(&c->context[0], p, fp);
2174
				if (rc)
2175
					goto out;
2176
				break;
2177
			}
2178
			}
2179
		}
2180
	}
2181
	rc = 0;
2182
out:
2183
	return rc;
2184
}
2185

2186
/*
2187
 * Read the configuration data from a policy database binary
2188
 * representation file into a policy database structure.
2189
 */
2190
int policydb_read(struct policydb *p, void *fp)
2191
{
2192
	struct role_allow *ra, *lra;
2193
	struct role_trans *tr, *ltr;
2194
	int i, j, rc;
2195
	__le32 buf[4];
2196
	u32 len, nprim, nel;
2197

2198
	char *policydb_str;
2199
	struct policydb_compat_info *info;
2200

2201
	rc = policydb_init(p);
2202
	if (rc)
2203
		return rc;
2204

2205
	/* Read the magic number and string length. */
2206
	rc = next_entry(buf, fp, sizeof(u32) * 2);
2207
	if (rc)
2208
		goto bad;
2209

2210
	rc = -EINVAL;
2211
	if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2212
		printk(KERN_ERR "SELinux:  policydb magic number 0x%x does "
2213
		       "not match expected magic number 0x%x\n",
2214
		       le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2215
		goto bad;
2216
	}
2217

2218
	rc = -EINVAL;
2219
	len = le32_to_cpu(buf[1]);
2220
	if (len != strlen(POLICYDB_STRING)) {
2221
		printk(KERN_ERR "SELinux:  policydb string length %d does not "
2222
		       "match expected length %Zu\n",
2223
		       len, strlen(POLICYDB_STRING));
2224
		goto bad;
2225
	}
2226

2227
	rc = -ENOMEM;
2228
	policydb_str = kmalloc(len + 1, GFP_KERNEL);
2229
	if (!policydb_str) {
2230
		printk(KERN_ERR "SELinux:  unable to allocate memory for policydb "
2231
		       "string of length %d\n", len);
2232
		goto bad;
2233
	}
2234

2235
	rc = next_entry(policydb_str, fp, len);
2236
	if (rc) {
2237
		printk(KERN_ERR "SELinux:  truncated policydb string identifier\n");
2238
		kfree(policydb_str);
2239
		goto bad;
2240
	}
2241

2242
	rc = -EINVAL;
2243
	policydb_str[len] = '\0';
2244
	if (strcmp(policydb_str, POLICYDB_STRING)) {
2245
		printk(KERN_ERR "SELinux:  policydb string %s does not match "
2246
		       "my string %s\n", policydb_str, POLICYDB_STRING);
2247
		kfree(policydb_str);
2248
		goto bad;
2249
	}
2250
	/* Done with policydb_str. */
2251
	kfree(policydb_str);
2252
	policydb_str = NULL;
2253

2254
	/* Read the version and table sizes. */
2255
	rc = next_entry(buf, fp, sizeof(u32)*4);
2256
	if (rc)
2257
		goto bad;
2258

2259
	rc = -EINVAL;
2260
	p->policyvers = le32_to_cpu(buf[0]);
2261
	if (p->policyvers < POLICYDB_VERSION_MIN ||
2262
	    p->policyvers > POLICYDB_VERSION_MAX) {
2263
		printk(KERN_ERR "SELinux:  policydb version %d does not match "
2264
		       "my version range %d-%d\n",
2265
		       le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2266
		goto bad;
2267
	}
2268

2269
	if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2270
		p->mls_enabled = 1;
2271

2272
		rc = -EINVAL;
2273
		if (p->policyvers < POLICYDB_VERSION_MLS) {
2274
			printk(KERN_ERR "SELinux: security policydb version %d "
2275
				"(MLS) not backwards compatible\n",
2276
				p->policyvers);
2277
			goto bad;
2278
		}
2279
	}
2280
	p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2281
	p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2282

2283
	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2284
		rc = ebitmap_read(&p->policycaps, fp);
2285
		if (rc)
2286
			goto bad;
2287
	}
2288

2289
	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2290
		rc = ebitmap_read(&p->permissive_map, fp);
2291
		if (rc)
2292
			goto bad;
2293
	}
2294

2295
	rc = -EINVAL;
2296
	info = policydb_lookup_compat(p->policyvers);
2297
	if (!info) {
2298
		printk(KERN_ERR "SELinux:  unable to find policy compat info "
2299
		       "for version %d\n", p->policyvers);
2300
		goto bad;
2301
	}
2302

2303
	rc = -EINVAL;
2304
	if (le32_to_cpu(buf[2]) != info->sym_num ||
2305
		le32_to_cpu(buf[3]) != info->ocon_num) {
2306
		printk(KERN_ERR "SELinux:  policydb table sizes (%d,%d) do "
2307
		       "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2308
			le32_to_cpu(buf[3]),
2309
		       info->sym_num, info->ocon_num);
2310
		goto bad;
2311
	}
2312

2313
	for (i = 0; i < info->sym_num; i++) {
2314
		rc = next_entry(buf, fp, sizeof(u32)*2);
2315
		if (rc)
2316
			goto bad;
2317
		nprim = le32_to_cpu(buf[0]);
2318
		nel = le32_to_cpu(buf[1]);
2319
		for (j = 0; j < nel; j++) {
2320
			rc = read_f[i](p, p->symtab[i].table, fp);
2321
			if (rc)
2322
				goto bad;
2323
		}
2324

2325
		p->symtab[i].nprim = nprim;
2326
	}
2327

2328
	rc = -EINVAL;
2329
	p->process_class = string_to_security_class(p, "process");
2330
	if (!p->process_class)
2331
		goto bad;
2332

2333
	rc = avtab_read(&p->te_avtab, fp, p);
2334
	if (rc)
2335
		goto bad;
2336

2337
	if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2338
		rc = cond_read_list(p, fp);
2339
		if (rc)
2340
			goto bad;
2341
	}
2342

2343
	rc = next_entry(buf, fp, sizeof(u32));
2344
	if (rc)
2345
		goto bad;
2346
	nel = le32_to_cpu(buf[0]);
2347
	ltr = NULL;
2348
	for (i = 0; i < nel; i++) {
2349
		rc = -ENOMEM;
2350
		tr = kzalloc(sizeof(*tr), GFP_KERNEL);
2351
		if (!tr)
2352
			goto bad;
2353
		if (ltr)
2354
			ltr->next = tr;
2355
		else
2356
			p->role_tr = tr;
2357
		rc = next_entry(buf, fp, sizeof(u32)*3);
2358
		if (rc)
2359
			goto bad;
2360

2361
		rc = -EINVAL;
2362
		tr->role = le32_to_cpu(buf[0]);
2363
		tr->type = le32_to_cpu(buf[1]);
2364
		tr->new_role = le32_to_cpu(buf[2]);
2365
		if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2366
			rc = next_entry(buf, fp, sizeof(u32));
2367
			if (rc)
2368
				goto bad;
2369
			tr->tclass = le32_to_cpu(buf[0]);
2370
		} else
2371
			tr->tclass = p->process_class;
2372

2373
		if (!policydb_role_isvalid(p, tr->role) ||
2374
		    !policydb_type_isvalid(p, tr->type) ||
2375
		    !policydb_class_isvalid(p, tr->tclass) ||
2376
		    !policydb_role_isvalid(p, tr->new_role))
2377
			goto bad;
2378
		ltr = tr;
2379
	}
2380

2381
	rc = next_entry(buf, fp, sizeof(u32));
2382
	if (rc)
2383
		goto bad;
2384
	nel = le32_to_cpu(buf[0]);
2385
	lra = NULL;
2386
	for (i = 0; i < nel; i++) {
2387
		rc = -ENOMEM;
2388
		ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2389
		if (!ra)
2390
			goto bad;
2391
		if (lra)
2392
			lra->next = ra;
2393
		else
2394
			p->role_allow = ra;
2395
		rc = next_entry(buf, fp, sizeof(u32)*2);
2396
		if (rc)
2397
			goto bad;
2398

2399
		rc = -EINVAL;
2400
		ra->role = le32_to_cpu(buf[0]);
2401
		ra->new_role = le32_to_cpu(buf[1]);
2402
		if (!policydb_role_isvalid(p, ra->role) ||
2403
		    !policydb_role_isvalid(p, ra->new_role))
2404
			goto bad;
2405
		lra = ra;
2406
	}
2407

2408
	rc = filename_trans_read(p, fp);
2409
	if (rc)
2410
		goto bad;
2411

2412
	rc = policydb_index(p);
2413
	if (rc)
2414
		goto bad;
2415

2416
	rc = -EINVAL;
2417
	p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
2418
	p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
2419
	if (!p->process_trans_perms)
2420
		goto bad;
2421

2422
	rc = ocontext_read(p, info, fp);
2423
	if (rc)
2424
		goto bad;
2425

2426
	rc = genfs_read(p, fp);
2427
	if (rc)
2428
		goto bad;
2429

2430
	rc = range_read(p, fp);
2431
	if (rc)
2432
		goto bad;
2433

2434
	rc = -ENOMEM;
2435
	p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap),
2436
						  p->p_types.nprim,
2437
						  GFP_KERNEL | __GFP_ZERO);
2438
	if (!p->type_attr_map_array)
2439
		goto bad;
2440

2441
	/* preallocate so we don't have to worry about the put ever failing */
2442
	rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim,
2443
				 GFP_KERNEL | __GFP_ZERO);
2444
	if (rc)
2445
		goto bad;
2446

2447
	for (i = 0; i < p->p_types.nprim; i++) {
2448
		struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
2449

2450
		BUG_ON(!e);
2451
		ebitmap_init(e);
2452
		if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2453
			rc = ebitmap_read(e, fp);
2454
			if (rc)
2455
				goto bad;
2456
		}
2457
		/* add the type itself as the degenerate case */
2458
		rc = ebitmap_set_bit(e, i, 1);
2459
		if (rc)
2460
			goto bad;
2461
	}
2462

2463
	rc = policydb_bounds_sanity_check(p);
2464
	if (rc)
2465
		goto bad;
2466

2467
	rc = 0;
2468
out:
2469
	return rc;
2470
bad:
2471
	policydb_destroy(p);
2472
	goto out;
2473
}
2474

2475
/*
2476
 * Write a MLS level structure to a policydb binary
2477
 * representation file.
2478
 */
2479
static int mls_write_level(struct mls_level *l, void *fp)
2480
{
2481
	__le32 buf[1];
2482
	int rc;
2483

2484
	buf[0] = cpu_to_le32(l->sens);
2485
	rc = put_entry(buf, sizeof(u32), 1, fp);
2486
	if (rc)
2487
		return rc;
2488

2489
	rc = ebitmap_write(&l->cat, fp);
2490
	if (rc)
2491
		return rc;
2492

2493
	return 0;
2494
}
2495

2496
/*
2497
 * Write a MLS range structure to a policydb binary
2498
 * representation file.
2499
 */
2500
static int mls_write_range_helper(struct mls_range *r, void *fp)
2501
{
2502
	__le32 buf[3];
2503
	size_t items;
2504
	int rc, eq;
2505

2506
	eq = mls_level_eq(&r->level[1], &r->level[0]);
2507

2508
	if (eq)
2509
		items = 2;
2510
	else
2511
		items = 3;
2512
	buf[0] = cpu_to_le32(items-1);
2513
	buf[1] = cpu_to_le32(r->level[0].sens);
2514
	if (!eq)
2515
		buf[2] = cpu_to_le32(r->level[1].sens);
2516

2517
	BUG_ON(items > (sizeof(buf)/sizeof(buf[0])));
2518

2519
	rc = put_entry(buf, sizeof(u32), items, fp);
2520
	if (rc)
2521
		return rc;
2522

2523
	rc = ebitmap_write(&r->level[0].cat, fp);
2524
	if (rc)
2525
		return rc;
2526
	if (!eq) {
2527
		rc = ebitmap_write(&r->level[1].cat, fp);
2528
		if (rc)
2529
			return rc;
2530
	}
2531

2532
	return 0;
2533
}
2534

2535
static int sens_write(void *vkey, void *datum, void *ptr)
2536
{
2537
	char *key = vkey;
2538
	struct level_datum *levdatum = datum;
2539
	struct policy_data *pd = ptr;
2540
	void *fp = pd->fp;
2541
	__le32 buf[2];
2542
	size_t len;
2543
	int rc;
2544

2545
	len = strlen(key);
2546
	buf[0] = cpu_to_le32(len);
2547
	buf[1] = cpu_to_le32(levdatum->isalias);
2548
	rc = put_entry(buf, sizeof(u32), 2, fp);
2549
	if (rc)
2550
		return rc;
2551

2552
	rc = put_entry(key, 1, len, fp);
2553
	if (rc)
2554
		return rc;
2555

2556
	rc = mls_write_level(levdatum->level, fp);
2557
	if (rc)
2558
		return rc;
2559

2560
	return 0;
2561
}
2562

2563
static int cat_write(void *vkey, void *datum, void *ptr)
2564
{
2565
	char *key = vkey;
2566
	struct cat_datum *catdatum = datum;
2567
	struct policy_data *pd = ptr;
2568
	void *fp = pd->fp;
2569
	__le32 buf[3];
2570
	size_t len;
2571
	int rc;
2572

2573
	len = strlen(key);
2574
	buf[0] = cpu_to_le32(len);
2575
	buf[1] = cpu_to_le32(catdatum->value);
2576
	buf[2] = cpu_to_le32(catdatum->isalias);
2577
	rc = put_entry(buf, sizeof(u32), 3, fp);
2578
	if (rc)
2579
		return rc;
2580

2581
	rc = put_entry(key, 1, len, fp);
2582
	if (rc)
2583
		return rc;
2584

2585
	return 0;
2586
}
2587

2588
static int role_trans_write(struct policydb *p, void *fp)
2589
{
2590
	struct role_trans *r = p->role_tr;
2591
	struct role_trans *tr;
2592
	u32 buf[3];
2593
	size_t nel;
2594
	int rc;
2595

2596
	nel = 0;
2597
	for (tr = r; tr; tr = tr->next)
2598
		nel++;
2599
	buf[0] = cpu_to_le32(nel);
2600
	rc = put_entry(buf, sizeof(u32), 1, fp);
2601
	if (rc)
2602
		return rc;
2603
	for (tr = r; tr; tr = tr->next) {
2604
		buf[0] = cpu_to_le32(tr->role);
2605
		buf[1] = cpu_to_le32(tr->type);
2606
		buf[2] = cpu_to_le32(tr->new_role);
2607
		rc = put_entry(buf, sizeof(u32), 3, fp);
2608
		if (rc)
2609
			return rc;
2610
		if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2611
			buf[0] = cpu_to_le32(tr->tclass);
2612
			rc = put_entry(buf, sizeof(u32), 1, fp);
2613
			if (rc)
2614
				return rc;
2615
		}
2616
	}
2617

2618
	return 0;
2619
}
2620

2621
static int role_allow_write(struct role_allow *r, void *fp)
2622
{
2623
	struct role_allow *ra;
2624
	u32 buf[2];
2625
	size_t nel;
2626
	int rc;
2627

2628
	nel = 0;
2629
	for (ra = r; ra; ra = ra->next)
2630
		nel++;
2631
	buf[0] = cpu_to_le32(nel);
2632
	rc = put_entry(buf, sizeof(u32), 1, fp);
2633
	if (rc)
2634
		return rc;
2635
	for (ra = r; ra; ra = ra->next) {
2636
		buf[0] = cpu_to_le32(ra->role);
2637
		buf[1] = cpu_to_le32(ra->new_role);
2638
		rc = put_entry(buf, sizeof(u32), 2, fp);
2639
		if (rc)
2640
			return rc;
2641
	}
2642
	return 0;
2643
}
2644

2645
/*
2646
 * Write a security context structure
2647
 * to a policydb binary representation file.
2648
 */
2649
static int context_write(struct policydb *p, struct context *c,
2650
			 void *fp)
2651
{
2652
	int rc;
2653
	__le32 buf[3];
2654

2655
	buf[0] = cpu_to_le32(c->user);
2656
	buf[1] = cpu_to_le32(c->role);
2657
	buf[2] = cpu_to_le32(c->type);
2658

2659
	rc = put_entry(buf, sizeof(u32), 3, fp);
2660
	if (rc)
2661
		return rc;
2662

2663
	rc = mls_write_range_helper(&c->range, fp);
2664
	if (rc)
2665
		return rc;
2666

2667
	return 0;
2668
}
2669

2670
/*
2671
 * The following *_write functions are used to
2672
 * write the symbol data to a policy database
2673
 * binary representation file.
2674
 */
2675

2676
static int perm_write(void *vkey, void *datum, void *fp)
2677
{
2678
	char *key = vkey;
2679
	struct perm_datum *perdatum = datum;
2680
	__le32 buf[2];
2681
	size_t len;
2682
	int rc;
2683

2684
	len = strlen(key);
2685
	buf[0] = cpu_to_le32(len);
2686
	buf[1] = cpu_to_le32(perdatum->value);
2687
	rc = put_entry(buf, sizeof(u32), 2, fp);
2688
	if (rc)
2689
		return rc;
2690

2691
	rc = put_entry(key, 1, len, fp);
2692
	if (rc)
2693
		return rc;
2694

2695
	return 0;
2696
}
2697

2698
static int common_write(void *vkey, void *datum, void *ptr)
2699
{
2700
	char *key = vkey;
2701
	struct common_datum *comdatum = datum;
2702
	struct policy_data *pd = ptr;
2703
	void *fp = pd->fp;
2704
	__le32 buf[4];
2705
	size_t len;
2706
	int rc;
2707

2708
	len = strlen(key);
2709
	buf[0] = cpu_to_le32(len);
2710
	buf[1] = cpu_to_le32(comdatum->value);
2711
	buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2712
	buf[3] = cpu_to_le32(comdatum->permissions.table->nel);
2713
	rc = put_entry(buf, sizeof(u32), 4, fp);
2714
	if (rc)
2715
		return rc;
2716

2717
	rc = put_entry(key, 1, len, fp);
2718
	if (rc)
2719
		return rc;
2720

2721
	rc = hashtab_map(comdatum->permissions.table, perm_write, fp);
2722
	if (rc)
2723
		return rc;
2724

2725
	return 0;
2726
}
2727

2728
static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2729
			     void *fp)
2730
{
2731
	struct constraint_node *c;
2732
	struct constraint_expr *e;
2733
	__le32 buf[3];
2734
	u32 nel;
2735
	int rc;
2736

2737
	for (c = node; c; c = c->next) {
2738
		nel = 0;
2739
		for (e = c->expr; e; e = e->next)
2740
			nel++;
2741
		buf[0] = cpu_to_le32(c->permissions);
2742
		buf[1] = cpu_to_le32(nel);
2743
		rc = put_entry(buf, sizeof(u32), 2, fp);
2744
		if (rc)
2745
			return rc;
2746
		for (e = c->expr; e; e = e->next) {
2747
			buf[0] = cpu_to_le32(e->expr_type);
2748
			buf[1] = cpu_to_le32(e->attr);
2749
			buf[2] = cpu_to_le32(e->op);
2750
			rc = put_entry(buf, sizeof(u32), 3, fp);
2751
			if (rc)
2752
				return rc;
2753

2754
			switch (e->expr_type) {
2755
			case CEXPR_NAMES:
2756
				rc = ebitmap_write(&e->names, fp);
2757
				if (rc)
2758
					return rc;
2759
				break;
2760
			default:
2761
				break;
2762
			}
2763
		}
2764
	}
2765

2766
	return 0;
2767
}
2768

2769
static int class_write(void *vkey, void *datum, void *ptr)
2770
{
2771
	char *key = vkey;
2772
	struct class_datum *cladatum = datum;
2773
	struct policy_data *pd = ptr;
2774
	void *fp = pd->fp;
2775
	struct policydb *p = pd->p;
2776
	struct constraint_node *c;
2777
	__le32 buf[6];
2778
	u32 ncons;
2779
	size_t len, len2;
2780
	int rc;
2781

2782
	len = strlen(key);
2783
	if (cladatum->comkey)
2784
		len2 = strlen(cladatum->comkey);
2785
	else
2786
		len2 = 0;
2787

2788
	ncons = 0;
2789
	for (c = cladatum->constraints; c; c = c->next)
2790
		ncons++;
2791

2792
	buf[0] = cpu_to_le32(len);
2793
	buf[1] = cpu_to_le32(len2);
2794
	buf[2] = cpu_to_le32(cladatum->value);
2795
	buf[3] = cpu_to_le32(cladatum->permissions.nprim);
2796
	if (cladatum->permissions.table)
2797
		buf[4] = cpu_to_le32(cladatum->permissions.table->nel);
2798
	else
2799
		buf[4] = 0;
2800
	buf[5] = cpu_to_le32(ncons);
2801
	rc = put_entry(buf, sizeof(u32), 6, fp);
2802
	if (rc)
2803
		return rc;
2804

2805
	rc = put_entry(key, 1, len, fp);
2806
	if (rc)
2807
		return rc;
2808

2809
	if (cladatum->comkey) {
2810
		rc = put_entry(cladatum->comkey, 1, len2, fp);
2811
		if (rc)
2812
			return rc;
2813
	}
2814

2815
	rc = hashtab_map(cladatum->permissions.table, perm_write, fp);
2816
	if (rc)
2817
		return rc;
2818

2819
	rc = write_cons_helper(p, cladatum->constraints, fp);
2820
	if (rc)
2821
		return rc;
2822

2823
	/* write out the validatetrans rule */
2824
	ncons = 0;
2825
	for (c = cladatum->validatetrans; c; c = c->next)
2826
		ncons++;
2827

2828
	buf[0] = cpu_to_le32(ncons);
2829
	rc = put_entry(buf, sizeof(u32), 1, fp);
2830
	if (rc)
2831
		return rc;
2832

2833
	rc = write_cons_helper(p, cladatum->validatetrans, fp);
2834
	if (rc)
2835
		return rc;
2836

2837
	return 0;
2838
}
2839

2840
static int role_write(void *vkey, void *datum, void *ptr)
2841
{
2842
	char *key = vkey;
2843
	struct role_datum *role = datum;
2844
	struct policy_data *pd = ptr;
2845
	void *fp = pd->fp;
2846
	struct policydb *p = pd->p;
2847
	__le32 buf[3];
2848
	size_t items, len;
2849
	int rc;
2850

2851
	len = strlen(key);
2852
	items = 0;
2853
	buf[items++] = cpu_to_le32(len);
2854
	buf[items++] = cpu_to_le32(role->value);
2855
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
2856
		buf[items++] = cpu_to_le32(role->bounds);
2857

2858
	BUG_ON(items > (sizeof(buf)/sizeof(buf[0])));
2859

2860
	rc = put_entry(buf, sizeof(u32), items, fp);
2861
	if (rc)
2862
		return rc;
2863

2864
	rc = put_entry(key, 1, len, fp);
2865
	if (rc)
2866
		return rc;
2867

2868
	rc = ebitmap_write(&role->dominates, fp);
2869
	if (rc)
2870
		return rc;
2871

2872
	rc = ebitmap_write(&role->types, fp);
2873
	if (rc)
2874
		return rc;
2875

2876
	return 0;
2877
}
2878

2879
static int type_write(void *vkey, void *datum, void *ptr)
2880
{
2881
	char *key = vkey;
2882
	struct type_datum *typdatum = datum;
2883
	struct policy_data *pd = ptr;
2884
	struct policydb *p = pd->p;
2885
	void *fp = pd->fp;
2886
	__le32 buf[4];
2887
	int rc;
2888
	size_t items, len;
2889

2890
	len = strlen(key);
2891
	items = 0;
2892
	buf[items++] = cpu_to_le32(len);
2893
	buf[items++] = cpu_to_le32(typdatum->value);
2894
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
2895
		u32 properties = 0;
2896

2897
		if (typdatum->primary)
2898
			properties |= TYPEDATUM_PROPERTY_PRIMARY;
2899

2900
		if (typdatum->attribute)
2901
			properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
2902

2903
		buf[items++] = cpu_to_le32(properties);
2904
		buf[items++] = cpu_to_le32(typdatum->bounds);
2905
	} else {
2906
		buf[items++] = cpu_to_le32(typdatum->primary);
2907
	}
2908
	BUG_ON(items > (sizeof(buf) / sizeof(buf[0])));
2909
	rc = put_entry(buf, sizeof(u32), items, fp);
2910
	if (rc)
2911
		return rc;
2912

2913
	rc = put_entry(key, 1, len, fp);
2914
	if (rc)
2915
		return rc;
2916

2917
	return 0;
2918
}
2919

2920
static int user_write(void *vkey, void *datum, void *ptr)
2921
{
2922
	char *key = vkey;
2923
	struct user_datum *usrdatum = datum;
2924
	struct policy_data *pd = ptr;
2925
	struct policydb *p = pd->p;
2926
	void *fp = pd->fp;
2927
	__le32 buf[3];
2928
	size_t items, len;
2929
	int rc;
2930

2931
	len = strlen(key);
2932
	items = 0;
2933
	buf[items++] = cpu_to_le32(len);
2934
	buf[items++] = cpu_to_le32(usrdatum->value);
2935
	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
2936
		buf[items++] = cpu_to_le32(usrdatum->bounds);
2937
	BUG_ON(items > (sizeof(buf) / sizeof(buf[0])));
2938
	rc = put_entry(buf, sizeof(u32), items, fp);
2939
	if (rc)
2940
		return rc;
2941

2942
	rc = put_entry(key, 1, len, fp);
2943
	if (rc)
2944
		return rc;
2945

2946
	rc = ebitmap_write(&usrdatum->roles, fp);
2947
	if (rc)
2948
		return rc;
2949

2950
	rc = mls_write_range_helper(&usrdatum->range, fp);
2951
	if (rc)
2952
		return rc;
2953

2954
	rc = mls_write_level(&usrdatum->dfltlevel, fp);
2955
	if (rc)
2956
		return rc;
2957

2958
	return 0;
2959
}
2960

2961
static int (*write_f[SYM_NUM]) (void *key, void *datum,
2962
				void *datap) =
2963
{
2964
	common_write,
2965
	class_write,
2966
	role_write,
2967
	type_write,
2968
	user_write,
2969
	cond_write_bool,
2970
	sens_write,
2971
	cat_write,
2972
};
2973

2974
static int ocontext_write(struct policydb *p, struct policydb_compat_info *info,
2975
			  void *fp)
2976
{
2977
	unsigned int i, j, rc;
2978
	size_t nel, len;
2979
	__le32 buf[3];
2980
	u32 nodebuf[8];
2981
	struct ocontext *c;
2982
	for (i = 0; i < info->ocon_num; i++) {
2983
		nel = 0;
2984
		for (c = p->ocontexts[i]; c; c = c->next)
2985
			nel++;
2986
		buf[0] = cpu_to_le32(nel);
2987
		rc = put_entry(buf, sizeof(u32), 1, fp);
2988
		if (rc)
2989
			return rc;
2990
		for (c = p->ocontexts[i]; c; c = c->next) {
2991
			switch (i) {
2992
			case OCON_ISID:
2993
				buf[0] = cpu_to_le32(c->sid[0]);
2994
				rc = put_entry(buf, sizeof(u32), 1, fp);
2995
				if (rc)
2996
					return rc;
2997
				rc = context_write(p, &c->context[0], fp);
2998
				if (rc)
2999
					return rc;
3000
				break;
3001
			case OCON_FS:
3002
			case OCON_NETIF:
3003
				len = strlen(c->u.name);
3004
				buf[0] = cpu_to_le32(len);
3005
				rc = put_entry(buf, sizeof(u32), 1, fp);
3006
				if (rc)
3007
					return rc;
3008
				rc = put_entry(c->u.name, 1, len, fp);
3009
				if (rc)
3010
					return rc;
3011
				rc = context_write(p, &c->context[0], fp);
3012
				if (rc)
3013
					return rc;
3014
				rc = context_write(p, &c->context[1], fp);
3015
				if (rc)
3016
					return rc;
3017
				break;
3018
			case OCON_PORT:
3019
				buf[0] = cpu_to_le32(c->u.port.protocol);
3020
				buf[1] = cpu_to_le32(c->u.port.low_port);
3021
				buf[2] = cpu_to_le32(c->u.port.high_port);
3022
				rc = put_entry(buf, sizeof(u32), 3, fp);
3023
				if (rc)
3024
					return rc;
3025
				rc = context_write(p, &c->context[0], fp);
3026
				if (rc)
3027
					return rc;
3028
				break;
3029
			case OCON_NODE:
3030
				nodebuf[0] = c->u.node.addr; /* network order */
3031
				nodebuf[1] = c->u.node.mask; /* network order */
3032
				rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3033
				if (rc)
3034
					return rc;
3035
				rc = context_write(p, &c->context[0], fp);
3036
				if (rc)
3037
					return rc;
3038
				break;
3039
			case OCON_FSUSE:
3040
				buf[0] = cpu_to_le32(c->v.behavior);
3041
				len = strlen(c->u.name);
3042
				buf[1] = cpu_to_le32(len);
3043
				rc = put_entry(buf, sizeof(u32), 2, fp);
3044
				if (rc)
3045
					return rc;
3046
				rc = put_entry(c->u.name, 1, len, fp);
3047
				if (rc)
3048
					return rc;
3049
				rc = context_write(p, &c->context[0], fp);
3050
				if (rc)
3051
					return rc;
3052
				break;
3053
			case OCON_NODE6:
3054
				for (j = 0; j < 4; j++)
3055
					nodebuf[j] = c->u.node6.addr[j]; /* network order */
3056
				for (j = 0; j < 4; j++)
3057
					nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3058
				rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3059
				if (rc)
3060
					return rc;
3061
				rc = context_write(p, &c->context[0], fp);
3062
				if (rc)
3063
					return rc;
3064
				break;
3065
			}
3066
		}
3067
	}
3068
	return 0;
3069
}
3070

3071
static int genfs_write(struct policydb *p, void *fp)
3072
{
3073
	struct genfs *genfs;
3074
	struct ocontext *c;
3075
	size_t len;
3076
	__le32 buf[1];
3077
	int rc;
3078

3079
	len = 0;
3080
	for (genfs = p->genfs; genfs; genfs = genfs->next)
3081
		len++;
3082
	buf[0] = cpu_to_le32(len);
3083
	rc = put_entry(buf, sizeof(u32), 1, fp);
3084
	if (rc)
3085
		return rc;
3086
	for (genfs = p->genfs; genfs; genfs = genfs->next) {
3087
		len = strlen(genfs->fstype);
3088
		buf[0] = cpu_to_le32(len);
3089
		rc = put_entry(buf, sizeof(u32), 1, fp);
3090
		if (rc)
3091
			return rc;
3092
		rc = put_entry(genfs->fstype, 1, len, fp);
3093
		if (rc)
3094
			return rc;
3095
		len = 0;
3096
		for (c = genfs->head; c; c = c->next)
3097
			len++;
3098
		buf[0] = cpu_to_le32(len);
3099
		rc = put_entry(buf, sizeof(u32), 1, fp);
3100
		if (rc)
3101
			return rc;
3102
		for (c = genfs->head; c; c = c->next) {
3103
			len = strlen(c->u.name);
3104
			buf[0] = cpu_to_le32(len);
3105
			rc = put_entry(buf, sizeof(u32), 1, fp);
3106
			if (rc)
3107
				return rc;
3108
			rc = put_entry(c->u.name, 1, len, fp);
3109
			if (rc)
3110
				return rc;
3111
			buf[0] = cpu_to_le32(c->v.sclass);
3112
			rc = put_entry(buf, sizeof(u32), 1, fp);
3113
			if (rc)
3114
				return rc;
3115
			rc = context_write(p, &c->context[0], fp);
3116
			if (rc)
3117
				return rc;
3118
		}
3119
	}
3120
	return 0;
3121
}
3122

3123
static int hashtab_cnt(void *key, void *data, void *ptr)
3124
{
3125
	int *cnt = ptr;
3126
	*cnt = *cnt + 1;
3127

3128
	return 0;
3129
}
3130

3131
static int range_write_helper(void *key, void *data, void *ptr)
3132
{
3133
	__le32 buf[2];
3134
	struct range_trans *rt = key;
3135
	struct mls_range *r = data;
3136
	struct policy_data *pd = ptr;
3137
	void *fp = pd->fp;
3138
	struct policydb *p = pd->p;
3139
	int rc;
3140

3141
	buf[0] = cpu_to_le32(rt->source_type);
3142
	buf[1] = cpu_to_le32(rt->target_type);
3143
	rc = put_entry(buf, sizeof(u32), 2, fp);
3144
	if (rc)
3145
		return rc;
3146
	if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3147
		buf[0] = cpu_to_le32(rt->target_class);
3148
		rc = put_entry(buf, sizeof(u32), 1, fp);
3149
		if (rc)
3150
			return rc;
3151
	}
3152
	rc = mls_write_range_helper(r, fp);
3153
	if (rc)
3154
		return rc;
3155

3156
	return 0;
3157
}
3158

3159
static int range_write(struct policydb *p, void *fp)
3160
{
3161
	size_t nel;
3162
	__le32 buf[1];
3163
	int rc;
3164
	struct policy_data pd;
3165

3166
	pd.p = p;
3167
	pd.fp = fp;
3168

3169
	/* count the number of entries in the hashtab */
3170
	nel = 0;
3171
	rc = hashtab_map(p->range_tr, hashtab_cnt, &nel);
3172
	if (rc)
3173
		return rc;
3174

3175
	buf[0] = cpu_to_le32(nel);
3176
	rc = put_entry(buf, sizeof(u32), 1, fp);
3177
	if (rc)
3178
		return rc;
3179

3180
	/* actually write all of the entries */
3181
	rc = hashtab_map(p->range_tr, range_write_helper, &pd);
3182
	if (rc)
3183
		return rc;
3184

3185
	return 0;
3186
}
3187

3188
static int filename_write_helper(void *key, void *data, void *ptr)
3189
{
3190
	__le32 buf[4];
3191
	struct filename_trans *ft = key;
3192
	struct filename_trans_datum *otype = data;
3193
	void *fp = ptr;
3194
	int rc;
3195
	u32 len;
3196

3197
	len = strlen(ft->name);
3198
	buf[0] = cpu_to_le32(len);
3199
	rc = put_entry(buf, sizeof(u32), 1, fp);
3200
	if (rc)
3201
		return rc;
3202

3203
	rc = put_entry(ft->name, sizeof(char), len, fp);
3204
	if (rc)
3205
		return rc;
3206

3207
	buf[0] = ft->stype;
3208
	buf[1] = ft->ttype;
3209
	buf[2] = ft->tclass;
3210
	buf[3] = otype->otype;
3211

3212
	rc = put_entry(buf, sizeof(u32), 4, fp);
3213
	if (rc)
3214
		return rc;
3215

3216
	return 0;
3217
}
3218

3219
static int filename_trans_write(struct policydb *p, void *fp)
3220
{
3221
	u32 nel;
3222
	__le32 buf[1];
3223
	int rc;
3224

3225
	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3226
		return 0;
3227

3228
	nel = 0;
3229
	rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel);
3230
	if (rc)
3231
		return rc;
3232

3233
	buf[0] = cpu_to_le32(nel);
3234
	rc = put_entry(buf, sizeof(u32), 1, fp);
3235
	if (rc)
3236
		return rc;
3237

3238
	rc = hashtab_map(p->filename_trans, filename_write_helper, fp);
3239
	if (rc)
3240
		return rc;
3241

3242
	return 0;
3243
}
3244

3245
/*
3246
 * Write the configuration data in a policy database
3247
 * structure to a policy database binary representation
3248
 * file.
3249
 */
3250
int policydb_write(struct policydb *p, void *fp)
3251
{
3252
	unsigned int i, num_syms;
3253
	int rc;
3254
	__le32 buf[4];
3255
	u32 config;
3256
	size_t len;
3257
	struct policydb_compat_info *info;
3258

3259
	/*
3260
	 * refuse to write policy older than compressed avtab
3261
	 * to simplify the writer.  There are other tests dropped
3262
	 * since we assume this throughout the writer code.  Be
3263
	 * careful if you ever try to remove this restriction
3264
	 */
3265
	if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3266
		printk(KERN_ERR "SELinux: refusing to write policy version %d."
3267
		       "  Because it is less than version %d\n", p->policyvers,
3268
		       POLICYDB_VERSION_AVTAB);
3269
		return -EINVAL;
3270
	}
3271

3272
	config = 0;
3273
	if (p->mls_enabled)
3274
		config |= POLICYDB_CONFIG_MLS;
3275

3276
	if (p->reject_unknown)
3277
		config |= REJECT_UNKNOWN;
3278
	if (p->allow_unknown)
3279
		config |= ALLOW_UNKNOWN;
3280

3281
	/* Write the magic number and string identifiers. */
3282
	buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3283
	len = strlen(POLICYDB_STRING);
3284
	buf[1] = cpu_to_le32(len);
3285
	rc = put_entry(buf, sizeof(u32), 2, fp);
3286
	if (rc)
3287
		return rc;
3288
	rc = put_entry(POLICYDB_STRING, 1, len, fp);
3289
	if (rc)
3290
		return rc;
3291

3292
	/* Write the version, config, and table sizes. */
3293
	info = policydb_lookup_compat(p->policyvers);
3294
	if (!info) {
3295
		printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
3296
		    "version %d", p->policyvers);
3297
		return -EINVAL;
3298
	}
3299

3300
	buf[0] = cpu_to_le32(p->policyvers);
3301
	buf[1] = cpu_to_le32(config);
3302
	buf[2] = cpu_to_le32(info->sym_num);
3303
	buf[3] = cpu_to_le32(info->ocon_num);
3304

3305
	rc = put_entry(buf, sizeof(u32), 4, fp);
3306
	if (rc)
3307
		return rc;
3308

3309
	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3310
		rc = ebitmap_write(&p->policycaps, fp);
3311
		if (rc)
3312
			return rc;
3313
	}
3314

3315
	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3316
		rc = ebitmap_write(&p->permissive_map, fp);
3317
		if (rc)
3318
			return rc;
3319
	}
3320

3321
	num_syms = info->sym_num;
3322
	for (i = 0; i < num_syms; i++) {
3323
		struct policy_data pd;
3324

3325
		pd.fp = fp;
3326
		pd.p = p;
3327

3328
		buf[0] = cpu_to_le32(p->symtab[i].nprim);
3329
		buf[1] = cpu_to_le32(p->symtab[i].table->nel);
3330

3331
		rc = put_entry(buf, sizeof(u32), 2, fp);
3332
		if (rc)
3333
			return rc;
3334
		rc = hashtab_map(p->symtab[i].table, write_f[i], &pd);
3335
		if (rc)
3336
			return rc;
3337
	}
3338

3339
	rc = avtab_write(p, &p->te_avtab, fp);
3340
	if (rc)
3341
		return rc;
3342

3343
	rc = cond_write_list(p, p->cond_list, fp);
3344
	if (rc)
3345
		return rc;
3346

3347
	rc = role_trans_write(p, fp);
3348
	if (rc)
3349
		return rc;
3350

3351
	rc = role_allow_write(p->role_allow, fp);
3352
	if (rc)
3353
		return rc;
3354

3355
	rc = filename_trans_write(p, fp);
3356
	if (rc)
3357
		return rc;
3358

3359
	rc = ocontext_write(p, info, fp);
3360
	if (rc)
3361
		return rc;
3362

3363
	rc = genfs_write(p, fp);
3364
	if (rc)
3365
		return rc;
3366

3367
	rc = range_write(p, fp);
3368
	if (rc)
3369
		return rc;
3370

3371
	for (i = 0; i < p->p_types.nprim; i++) {
3372
		struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
3373

3374
		BUG_ON(!e);
3375
		rc = ebitmap_write(e, fp);
3376
		if (rc)
3377
			return rc;
3378
	}
3379

3380
	return 0;
3381
}
3382

3383