« back to all changes in this revision
Viewing changes to policydb.c
- browse files at revision 3
- compare with another revision
- download diff
- download tarball
- view history from revision 3
- Committer: Bazaar Package Importer
- Author(s): Manoj Srivastava
- Date: 2004-11-24 14:01:41 UTC
- mfrom: (1.1.1 upstream)
- Revision ID: james.westby@ubuntu.com-20041124140141-2w64gbhqynveunlv
Tags: 1.18-2
Update download location and copyright file, since the locations we
were pointing to are now forbidden (return a code 403).
were pointing to are now forbidden (return a code 403).
added
removed
policydb.c
1
2
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
3
4
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
5
*
6
* Added conditional policy language extensions
7
*
8
* Copyright (C) 2003 - 2004 Tresys Technology, LLC
9
* This program is free software; you can redistribute it and/or modify
10
* it under the terms of the GNU General Public License as published by
11
* the Free Software Foundation, version 2.
12
*/
13
14
/* FLASK */
15
16
/*
17
* Implementation of the policy database.
18
*/
19
20
#include "policydb.h"
21
#include "mls.h"
22
#include "conditional.h"
23
24
/* These need to be updated if SYM_NUM or OCON_NUM changes */
25
struct policydb_compat_info policydb_compat[] = {
26
{
27
.version = POLICYDB_VERSION_BASE,
28
.sym_num = SYM_NUM - 1,
29
.ocon_num = OCON_NUM - 1,
30
},
31
{
32
.version = POLICYDB_VERSION_BOOL,
33
.sym_num = SYM_NUM,
34
.ocon_num = OCON_NUM - 1,
35
},
36
{
37
.version = POLICYDB_VERSION_IPV6,
38
.sym_num = SYM_NUM,
39
.ocon_num = OCON_NUM,
40
},
41
};
42
43
#if 0
44
static char *symtab_name[SYM_NUM] = {
45
"common prefixes",
46
"classes",
47
"roles",
48
"types",
49
"users",
50
"bools"
51
mls_symtab_names
52
cond_symtab_names
53
};
54
#endif
55
56
static unsigned int symtab_sizes[SYM_NUM] = {
57
2,
58
32,
59
16,
60
512,
61
128,
62
mls_symtab_sizes
63
16
64
};
65
66
struct policydb_compat_info *policydb_lookup_compat(int version)
67
{
68
int i;
69
struct policydb_compat_info *info = NULL;
70
71
for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) {
72
if (policydb_compat[i].version == version) {
73
info = &policydb_compat[i];
74
break;
75
}
76
}
77
return info;
78
}
79
80
/*
81
* Initialize the role table.
82
*/
83
int roles_init(policydb_t *p)
84
{
85
char *key = 0;
86
int rc;
87
role_datum_t *role;
88
89
role = kmalloc(sizeof(role_datum_t),GFP_KERNEL);
90
if (!role) {
91
rc = -ENOMEM;
92
goto out;
93
}
94
memset(role, 0, sizeof(role_datum_t));
95
role->value = ++p->p_roles.nprim;
96
if (role->value != OBJECT_R_VAL) {
97
rc = -EINVAL;
98
goto out_free_role;
99
}
100
key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL);
101
if (!key) {
102
rc = -ENOMEM;
103
goto out_free_role;
104
}
105
strcpy(key, OBJECT_R);
106
rc = hashtab_insert(p->p_roles.table, key, role);
107
if (rc)
108
goto out_free_key;
109
out:
110
return rc;
111
112
out_free_key:
113
kfree(key);
114
out_free_role:
115
kfree(role);
116
goto out;
117
}
118
119
120
/*
121
* Initialize a policy database structure.
122
*/
123
int policydb_init(policydb_t * p)
124
{
125
int i, rc;
126
127
memset(p, 0, sizeof(policydb_t));
128
129
for (i = 0; i < SYM_NUM; i++) {
130
p->sym_val_to_name[i] = NULL;
131
rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
132
if (rc)
133
goto out_free_symtab;
134
}
135
136
rc = avtab_init(&p->te_avtab);
137
if (rc)
138
goto out_free_symtab;
139
140
rc = roles_init(p);
141
if (rc)
142
goto out_free_avtab;
143
144
rc = cond_policydb_init(p);
145
if (rc)
146
goto out_free_avtab;
147
out:
148
return rc;
149
150
out_free_avtab:
151
avtab_destroy(&p->te_avtab);
152
153
out_free_symtab:
154
for (i = 0; i < SYM_NUM; i++)
155
hashtab_destroy(p->symtab[i].table);
156
goto out;
157
}
158
159
160
/*
161
* The following *_index functions are used to
162
* define the val_to_name and val_to_struct arrays
163
* in a policy database structure. The val_to_name
164
* arrays are used when converting security context
165
* structures into string representations. The
166
* val_to_struct arrays are used when the attributes
167
* of a class, role, or user are needed.
168
*/
169
170
static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
171
{
172
policydb_t *p;
173
common_datum_t *comdatum;
174
175
176
comdatum = (common_datum_t *) datum;
177
p = (policydb_t *) datap;
178
if (!comdatum->value || comdatum->value > p->p_commons.nprim)
179
return -EINVAL;
180
p->p_common_val_to_name[comdatum->value - 1] = (char *) key;
181
182
return 0;
183
}
184
185
186
static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
187
{
188
policydb_t *p;
189
class_datum_t *cladatum;
190
191
192
cladatum = (class_datum_t *) datum;
193
p = (policydb_t *) datap;
194
if (!cladatum->value || cladatum->value > p->p_classes.nprim)
195
return -EINVAL;
196
p->p_class_val_to_name[cladatum->value - 1] = (char *) key;
197
p->class_val_to_struct[cladatum->value - 1] = cladatum;
198
199
return 0;
200
}
201
202
203
static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
204
{
205
policydb_t *p;
206
role_datum_t *role;
207
208
209
role = (role_datum_t *) datum;
210
p = (policydb_t *) datap;
211
if (!role->value || role->value > p->p_roles.nprim)
212
return -EINVAL;
213
p->p_role_val_to_name[role->value - 1] = (char *) key;
214
p->role_val_to_struct[role->value - 1] = role;
215
216
return 0;
217
}
218
219
220
static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
221
{
222
policydb_t *p;
223
type_datum_t *typdatum;
224
225
226
typdatum = (type_datum_t *) datum;
227
p = (policydb_t *) datap;
228
229
if (typdatum->primary) {
230
if (!typdatum->value || typdatum->value > p->p_types.nprim)
231
return -EINVAL;
232
p->p_type_val_to_name[typdatum->value - 1] = (char *) key;
233
}
234
235
return 0;
236
}
237
238
static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
239
{
240
policydb_t *p;
241
user_datum_t *usrdatum;
242
243
244
usrdatum = (user_datum_t *) datum;
245
p = (policydb_t *) datap;
246
247
if (!usrdatum->value || usrdatum->value > p->p_users.nprim)
248
return -EINVAL;
249
250
p->p_user_val_to_name[usrdatum->value - 1] = (char *) key;
251
p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
252
253
return 0;
254
}
255
256
static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
257
{
258
common_index,
259
class_index,
260
role_index,
261
type_index,
262
user_index,
263
mls_index_f
264
cond_index_bool
265
};
266
267
268
/*
269
* Define the common val_to_name array and the class
270
* val_to_name and val_to_struct arrays in a policy
271
* database structure.
272
*/
273
int policydb_index_classes(policydb_t * p)
274
{
275
p->p_common_val_to_name = (char **)
276
kmalloc(p->p_commons.nprim * sizeof(char *),GFP_KERNEL);
277
if (!p->p_common_val_to_name)
278
return -1;
279
280
if (hashtab_map(p->p_commons.table, common_index, p))
281
return -1;
282
283
p->class_val_to_struct = (class_datum_t **)
284
kmalloc(p->p_classes.nprim * sizeof(class_datum_t *),GFP_KERNEL);
285
if (!p->class_val_to_struct)
286
return -1;
287
288
p->p_class_val_to_name = (char **)
289
kmalloc(p->p_classes.nprim * sizeof(char *),GFP_KERNEL);
290
if (!p->p_class_val_to_name)
291
return -1;
292
293
if (hashtab_map(p->p_classes.table, class_index, p))
294
return -1;
295
296
return 0;
297
}
298
299
int policydb_index_bools(policydb_t * p)
300
{
301
302
if (cond_init_bool_indexes(p) == -1)
303
return -1;
304
p->p_bool_val_to_name = (char **)
305
kmalloc(p->p_bools.nprim * sizeof(char *),GFP_KERNEL);
306
if (!p->p_bool_val_to_name)
307
return -1;
308
if (hashtab_map(
309
p->p_bools.table,
310
cond_index_bool,
311
p))
312
return -1;
313
return 0;
314
}
315
316
/*
317
* Define the other val_to_name and val_to_struct arrays
318
* in a policy database structure.
319
*/
320
int policydb_index_others(policydb_t * p)
321
{
322
int i;
323
324
325
printk("security: %d users, %d roles, %d types, %d bools",
326
p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
327
mls_policydb_index_others(p);
328
printk("\n");
329
330
printk("security: %d classes, %d rules\n",
331
p->p_classes.nprim, p->te_avtab.nel);
332
333
#if 0
334
avtab_hash_eval(&p->te_avtab, "rules");
335
for (i = 0; i < SYM_NUM; i++)
336
hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
337
#endif
338
339
p->role_val_to_struct = (role_datum_t **)
340
kmalloc(p->p_roles.nprim * sizeof(role_datum_t *),GFP_KERNEL);
341
if (!p->role_val_to_struct)
342
return -1;
343
344
p->user_val_to_struct = (user_datum_t **)
345
kmalloc(p->p_users.nprim * sizeof(user_datum_t *),GFP_KERNEL);
346
if (!p->user_val_to_struct)
347
return -1;
348
349
cond_init_bool_indexes(p);
350
351
for (i = SYM_ROLES; i < SYM_NUM; i++) {
352
if (p->sym_val_to_name[i])
353
kfree(p->sym_val_to_name[i]);
354
p->sym_val_to_name[i] = (char **)
355
kmalloc(p->symtab[i].nprim * sizeof(char *),GFP_KERNEL);
356
if (!p->sym_val_to_name[i])
357
return -1;
358
if (hashtab_map(p->symtab[i].table, index_f[i], p))
359
return -1;
360
}
361
362
return 0;
363
}
364
365
366
/*
367
* The following *_destroy functions are used to
368
* free any memory allocated for each kind of
369
* symbol data in the policy database.
370
*/
371
372
static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p __attribute__ ((unused)))
373
{
374
if (key)
375
kfree(key);
376
kfree(datum);
377
return 0;
378
}
379
380
381
static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p __attribute__ ((unused)))
382
{
383
common_datum_t *comdatum;
384
385
if (key)
386
kfree(key);
387
comdatum = (common_datum_t *) datum;
388
hashtab_map(comdatum->permissions.table, perm_destroy, 0);
389
hashtab_destroy(comdatum->permissions.table);
390
kfree(datum);
391
return 0;
392
}
393
394
395
static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p __attribute__ ((unused)))
396
{
397
class_datum_t *cladatum;
398
constraint_node_t *constraint, *ctemp;
399
constraint_expr_t *e, *etmp;
400
401
if (key)
402
kfree(key);
403
cladatum = (class_datum_t *) datum;
404
hashtab_map(cladatum->permissions.table, perm_destroy, 0);
405
hashtab_destroy(cladatum->permissions.table);
406
constraint = cladatum->constraints;
407
while (constraint) {
408
e = constraint->expr;
409
while (e) {
410
ebitmap_destroy(&e->names);
411
etmp = e;
412
e = e->next;
413
kfree(etmp);
414
}
415
ctemp = constraint;
416
constraint = constraint->next;
417
kfree(ctemp);
418
}
419
if (cladatum->comkey)
420
kfree(cladatum->comkey);
421
kfree(datum);
422
return 0;
423
}
424
425
static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p __attribute__ ((unused)))
426
{
427
role_datum_t *role;
428
429
if (key)
430
kfree(key);
431
role = (role_datum_t *) datum;
432
ebitmap_destroy(&role->dominates);
433
ebitmap_destroy(&role->types);
434
kfree(datum);
435
return 0;
436
}
437
438
static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p __attribute__ ((unused)))
439
{
440
if (key)
441
kfree(key);
442
kfree(datum);
443
return 0;
444
}
445
446
static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p __attribute__ ((unused)))
447
{
448
user_datum_t *usrdatum;
449
450
if (key)
451
kfree(key);
452
usrdatum = (user_datum_t *) datum;
453
ebitmap_destroy(&usrdatum->roles);
454
mls_user_destroy(usrdatum);
455
kfree(datum);
456
return 0;
457
}
458
459
460
static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *datap) =
461
{
462
common_destroy,
463
class_destroy,
464
role_destroy,
465
type_destroy,
466
user_destroy,
467
mls_destroy_f
468
cond_destroy_bool
469
};
470
471
472
/*
473
* Free any memory allocated by a policy database structure.
474
*/
475
void policydb_destroy(policydb_t * p)
476
{
477
ocontext_t *c, *ctmp;
478
genfs_t *g, *gtmp;
479
int i;
480
481
for (i = 0; i < SYM_NUM; i++) {
482
hashtab_map(p->symtab[i].table, destroy_f[i], 0);
483
hashtab_destroy(p->symtab[i].table);
484
}
485
486
for (i = 0; i < SYM_NUM; i++) {
487
if (p->sym_val_to_name[i])
488
kfree(p->sym_val_to_name[i]);
489
}
490
491
if (p->class_val_to_struct)
492
kfree(p->class_val_to_struct);
493
if (p->role_val_to_struct)
494
kfree(p->role_val_to_struct);
495
if (p->user_val_to_struct)
496
kfree(p->user_val_to_struct);
497
498
avtab_destroy(&p->te_avtab);
499
500
for (i = 0; i < OCON_NUM; i++) {
501
c = p->ocontexts[i];
502
while (c) {
503
ctmp = c;
504
c = c->next;
505
context_destroy(&ctmp->context[0]);
506
context_destroy(&ctmp->context[1]);
507
if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || i == OCON_FSUSE)
508
kfree(ctmp->u.name);
509
kfree(ctmp);
510
}
511
}
512
513
g = p->genfs;
514
while (g) {
515
kfree(g->fstype);
516
c = g->head;
517
while (c) {
518
ctmp = c;
519
c = c->next;
520
context_destroy(&ctmp->context[0]);
521
kfree(ctmp->u.name);
522
kfree(ctmp);
523
}
524
gtmp = g;
525
g = g->next;
526
kfree(gtmp);
527
}
528
cond_policydb_destroy(p);
529
return;
530
}
531
532
533
/*
534
* Load the initial SIDs specified in a policy database
535
* structure into a SID table.
536
*/
537
int policydb_load_isids(policydb_t *p, sidtab_t *s)
538
{
539
ocontext_t *head, *c;
540
541
if (sidtab_init(s)) {
542
printk("security: out of memory on SID table init\n");
543
return -1;
544
}
545
546
head = p->ocontexts[OCON_ISID];
547
for (c = head; c; c = c->next) {
548
if (!c->context[0].user) {
549
printk("security: SID %s was never defined.\n",
550
c->u.name);
551
return -1;
552
}
553
if (sidtab_insert(s, c->sid[0], &c->context[0])) {
554
printk("security: unable to load initial SID %s.\n",
555
c->u.name);
556
return -1;
557
}
558
}
559
560
return 0;
561
}
562
563
564
/*
565
* Return 1 if the fields in the security context
566
* structure `c' are valid. Return 0 otherwise.
567
*/
568
int policydb_context_isvalid(policydb_t *p, context_struct_t *c)
569
{
570
role_datum_t *role;
571
user_datum_t *usrdatum;
572
573
574
if (!c->role || c->role > p->p_roles.nprim)
575
return 0;
576
577
if (!c->user || c->user > p->p_users.nprim)
578
return 0;
579
580
if (!c->type || c->type > p->p_types.nprim)
581
return 0;
582
583
if (c->role != OBJECT_R_VAL) {
584
/*
585
* Role must be authorized for the type.
586
*/
587
role = p->role_val_to_struct[c->role - 1];
588
if (!ebitmap_get_bit(&role->types,
589
c->type - 1))
590
/* role may not be associated with type */
591
return 0;
592
593
/*
594
* User must be authorized for the role.
595
*/
596
usrdatum = p->user_val_to_struct[c->user - 1];
597
if (!usrdatum)
598
return 0;
599
600
if (!ebitmap_get_bit(&usrdatum->roles,
601
c->role - 1))
602
/* user may not be associated with role */
603
return 0;
604
}
605
606
if (!mls_context_isvalid(p, c))
607
return 0;
608
609
return 1;
610
}
611
612
613
/*
614
* Read and validate a security context structure
615
* from a policydb binary representation file.
616
*/
617
static int context_read_and_validate(context_struct_t * c,
618
policydb_t * p,
619
struct policy_file * fp)
620
{
621
__u32 *buf;
622
623
buf = next_entry(fp, sizeof(__u32)*3);
624
if (!buf) {
625
printk("security: context truncated\n");
626
return -1;
627
}
628
c->user = le32_to_cpu(buf[0]);
629
c->role = le32_to_cpu(buf[1]);
630
c->type = le32_to_cpu(buf[2]);
631
if (mls_read_range(c, fp)) {
632
printk("security: error reading MLS range of context\n");
633
return -1;
634
}
635
636
if (!policydb_context_isvalid(p, c)) {
637
printk("security: invalid security context\n");
638
context_destroy(c);
639
return -1;
640
}
641
return 0;
642
}
643
644
645
/*
646
* The following *_read functions are used to
647
* read the symbol data from a policy database
648
* binary representation file.
649
*/
650
651
static int perm_read(policydb_t * p __attribute__ ((unused)), hashtab_t h, struct policy_file * fp)
652
{
653
char *key = 0;
654
perm_datum_t *perdatum;
655
__u32 *buf;
656
size_t len;
657
658
perdatum = kmalloc(sizeof(perm_datum_t),GFP_KERNEL);
659
if (!perdatum)
660
return -1;
661
memset(perdatum, 0, sizeof(perm_datum_t));
662
663
buf = next_entry(fp, sizeof(__u32)*2);
664
if (!buf)
665
goto bad;
666
667
len = le32_to_cpu(buf[0]);
668
perdatum->value = le32_to_cpu(buf[1]);
669
if (mls_read_perm(perdatum, fp))
670
goto bad;
671
672
buf = next_entry(fp, len);
673
if (!buf)
674
goto bad;
675
key = kmalloc(len + 1,GFP_KERNEL);
676
if (!key)
677
goto bad;
678
memcpy(key, buf, len);
679
key[len] = 0;
680
681
if (hashtab_insert(h, key, perdatum))
682
goto bad;
683
684
return 0;
685
686
bad:
687
perm_destroy(key, perdatum, NULL);
688
return -1;
689
}
690
691
692
static int common_read(policydb_t * p, hashtab_t h, struct policy_file * fp)
693
{
694
char *key = 0;
695
common_datum_t *comdatum;
696
__u32 *buf;
697
size_t len, nel;
698
unsigned int i;
699
700
comdatum = kmalloc(sizeof(common_datum_t),GFP_KERNEL);
701
if (!comdatum)
702
return -1;
703
memset(comdatum, 0, sizeof(common_datum_t));
704
705
buf = next_entry(fp, sizeof(__u32)*4);
706
if (!buf)
707
goto bad;
708
709
len = le32_to_cpu(buf[0]);
710
comdatum->value = le32_to_cpu(buf[1]);
711
712
if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
713
goto bad;
714
comdatum->permissions.nprim = le32_to_cpu(buf[2]);
715
nel = le32_to_cpu(buf[3]);
716
717
buf = next_entry(fp, len);
718
if (!buf)
719
goto bad;
720
key = kmalloc(len + 1,GFP_KERNEL);
721
if (!key)
722
goto bad;
723
memcpy(key, buf, len);
724
key[len] = 0;
725
726
for (i = 0; i < nel; i++) {
727
if (perm_read(p, comdatum->permissions.table, fp))
728
goto bad;
729
}
730
731
if (hashtab_insert(h, key, comdatum))
732
goto bad;
733
734
return 0;
735
736
bad:
737
common_destroy(key, comdatum, NULL);
738
return -1;
739
}
740
741
742
static int class_read(policydb_t * p, hashtab_t h, struct policy_file * fp)
743
{
744
char *key = 0;
745
class_datum_t *cladatum;
746
constraint_node_t *c, *lc;
747
constraint_expr_t *e, *le;
748
__u32 *buf;
749
size_t len, len2, ncons, nexpr, nel;
750
unsigned int i, j;
751
int depth;
752
753
cladatum = (class_datum_t *) kmalloc(sizeof(class_datum_t),GFP_KERNEL);
754
if (!cladatum)
755
return -1;
756
memset(cladatum, 0, sizeof(class_datum_t));
757
758
buf = next_entry(fp, sizeof(__u32)*6);
759
if (!buf)
760
goto bad;
761
762
len = le32_to_cpu(buf[0]);
763
len2 = le32_to_cpu(buf[1]);
764
cladatum->value = le32_to_cpu(buf[2]);
765
766
if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
767
goto bad;
768
cladatum->permissions.nprim = le32_to_cpu(buf[3]);
769
nel = le32_to_cpu(buf[4]);
770
771
ncons = le32_to_cpu(buf[5]);
772
773
buf = next_entry(fp, len);
774
if (!buf)
775
goto bad;
776
key = kmalloc(len + 1,GFP_KERNEL);
777
if (!key)
778
goto bad;
779
memcpy(key, buf, len);
780
key[len] = 0;
781
782
if (len2) {
783
cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL);
784
if (!cladatum->comkey)
785
goto bad;
786
buf = next_entry(fp, len2);
787
if (!buf)
788
goto bad;
789
memcpy(cladatum->comkey, buf, len2);
790
cladatum->comkey[len2] = 0;
791
792
cladatum->comdatum = hashtab_search(p->p_commons.table,
793
cladatum->comkey);
794
if (!cladatum->comdatum) {
795
printk("security: unknown common %s\n", cladatum->comkey);
796
goto bad;
797
}
798
}
799
for (i = 0; i < nel; i++) {
800
if (perm_read(p, cladatum->permissions.table, fp))
801
goto bad;
802
}
803
804
lc = NULL;
805
for (i = 0; i < ncons; i++) {
806
c = kmalloc(sizeof(constraint_node_t),GFP_KERNEL);
807
if (!c)
808
goto bad;
809
memset(c, 0, sizeof(constraint_node_t));
810
buf = next_entry(fp, sizeof(__u32)*2);
811
if (!buf)
812
goto bad;
813
c->permissions = le32_to_cpu(buf[0]);
814
nexpr = le32_to_cpu(buf[1]);
815
le = NULL;
816
depth = -1;
817
for (j = 0; j < nexpr; j++) {
818
e = kmalloc(sizeof(constraint_expr_t),GFP_KERNEL);
819
if (!e)
820
goto bad;
821
memset(e, 0, sizeof(constraint_expr_t));
822
buf = next_entry(fp, sizeof(__u32)*3);
823
if (!buf) {
824
kfree(e);
825
goto bad;
826
}
827
e->expr_type = le32_to_cpu(buf[0]);
828
e->attr = le32_to_cpu(buf[1]);
829
e->op = le32_to_cpu(buf[2]);
830
831
switch (e->expr_type) {
832
case CEXPR_NOT:
833
if (depth < 0) {
834
kfree(e);
835
goto bad;
836
}
837
break;
838
case CEXPR_AND:
839
case CEXPR_OR:
840
if (depth < 1) {
841
kfree(e);
842
goto bad;
843
}
844
depth--;
845
break;
846
case CEXPR_ATTR:
847
if (depth == (CEXPR_MAXDEPTH-1)) {
848
kfree(e);
849
goto bad;
850
}
851
depth++;
852
break;
853
case CEXPR_NAMES:
854
if (depth == (CEXPR_MAXDEPTH-1)) {
855
kfree(e);
856
goto bad;
857
}
858
depth++;
859
if (ebitmap_read(&e->names, fp)) {
860
kfree(e);
861
goto bad;
862
}
863
break;
864
default:
865
kfree(e);
866
goto bad;
867
break;
868
}
869
if (le) {
870
le->next = e;
871
} else {
872
c->expr = e;
873
}
874
le = e;
875
}
876
if (depth != 0)
877
goto bad;
878
if (lc) {
879
lc->next = c;
880
} else {
881
cladatum->constraints = c;
882
}
883
lc = c;
884
}
885
886
if (mls_read_class(cladatum, fp))
887
goto bad;
888
889
if (hashtab_insert(h, key, cladatum))
890
goto bad;
891
892
return 0;
893
894
bad:
895
class_destroy(key, cladatum, NULL);
896
return -1;
897
}
898
899
900
static int role_read(policydb_t * p __attribute__ ((unused)), hashtab_t h, struct policy_file * fp)
901
{
902
char *key = 0;
903
role_datum_t *role;
904
__u32 *buf;
905
size_t len;
906
907
role = kmalloc(sizeof(role_datum_t),GFP_KERNEL);
908
if (!role)
909
return -1;
910
memset(role, 0, sizeof(role_datum_t));
911
912
buf = next_entry(fp, sizeof(__u32)*2);
913
if (!buf)
914
goto bad;
915
916
len = le32_to_cpu(buf[0]);
917
role->value = le32_to_cpu(buf[1]);
918
919
buf = next_entry(fp, len);
920
if (!buf)
921
goto bad;
922
key = kmalloc(len + 1,GFP_KERNEL);
923
if (!key)
924
goto bad;
925
memcpy(key, buf, len);
926
key[len] = 0;
927
928
if (ebitmap_read(&role->dominates, fp))
929
goto bad;
930
931
if (ebitmap_read(&role->types, fp))
932
goto bad;
933
934
if (strcmp(key, OBJECT_R) == 0) {
935
if (role->value != OBJECT_R_VAL) {
936
printk("Role %s has wrong value %d\n",
937
OBJECT_R, role->value);
938
role_destroy(key, role, NULL);
939
return -1;
940
}
941
role_destroy(key, role, NULL);
942
return 0;
943
}
944
945
if (hashtab_insert(h, key, role))
946
goto bad;
947
948
return 0;
949
950
bad:
951
role_destroy(key, role, NULL);
952
return -1;
953
}
954
955
956
static int type_read(policydb_t * p __attribute__ ((unused)), hashtab_t h, struct policy_file * fp)
957
{
958
char *key = 0;
959
type_datum_t *typdatum;
960
__u32 *buf;
961
size_t len;
962
963
typdatum = kmalloc(sizeof(type_datum_t),GFP_KERNEL);
964
if (!typdatum)
965
return -1;
966
memset(typdatum, 0, sizeof(type_datum_t));
967
968
buf = next_entry(fp, sizeof(__u32)*3);
969
if (!buf)
970
goto bad;
971
972
len = le32_to_cpu(buf[0]);
973
typdatum->value = le32_to_cpu(buf[1]);
974
typdatum->primary = le32_to_cpu(buf[2]);
975
976
buf = next_entry(fp, len);
977
if (!buf)
978
goto bad;
979
key = kmalloc(len + 1,GFP_KERNEL);
980
if (!key)
981
goto bad;
982
memcpy(key, buf, len);
983
key[len] = 0;
984
985
if (hashtab_insert(h, key, typdatum))
986
goto bad;
987
988
return 0;
989
990
bad:
991
type_destroy(key, typdatum, NULL);
992
return -1;
993
}
994
995
static int user_read(policydb_t * p __attribute__ ((unused)), hashtab_t h, struct policy_file * fp)
996
{
997
char *key = 0;
998
user_datum_t *usrdatum;
999
__u32 *buf;
1000
size_t len;
1001
1002
1003
usrdatum = kmalloc(sizeof(user_datum_t),GFP_KERNEL);
1004
if (!usrdatum)
1005
return -1;
1006
memset(usrdatum, 0, sizeof(user_datum_t));
1007
1008
buf = next_entry(fp, sizeof(__u32)*2);
1009
if (!buf)
1010
goto bad;
1011
1012
len = le32_to_cpu(buf[0]);
1013
usrdatum->value = le32_to_cpu(buf[1]);
1014
1015
buf = next_entry(fp, len);
1016
if (!buf)
1017
goto bad;
1018
key = kmalloc(len + 1,GFP_KERNEL);
1019
if (!key)
1020
goto bad;
1021
memcpy(key, buf, len);
1022
key[len] = 0;
1023
1024
if (ebitmap_read(&usrdatum->roles, fp))
1025
goto bad;
1026
1027
if (mls_read_user(usrdatum, fp))
1028
goto bad;
1029
1030
if (hashtab_insert(h, key, usrdatum))
1031
goto bad;
1032
1033
return 0;
1034
1035
bad:
1036
user_destroy(key, usrdatum, NULL);
1037
return -1;
1038
}
1039
1040
1041
static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, struct policy_file * fp) =
1042
{
1043
common_read,
1044
class_read,
1045
role_read,
1046
type_read,
1047
user_read,
1048
mls_read_f
1049
cond_read_bool
1050
};
1051
1052
#define mls_config(x) \
1053
((x) & POLICYDB_CONFIG_MLS) ? "mls" : "no_mls"
1054
1055
/*
1056
* Read the configuration data from a policy database binary
1057
* representation file into a policy database structure.
1058
*/
1059
int policydb_read(policydb_t * p, struct policy_file * fp)
1060
{
1061
struct role_allow *ra, *lra;
1062
struct role_trans *tr, *ltr;
1063
ocontext_t *l, *c, *newc;
1064
genfs_t *genfs_p, *genfs, *newgenfs;
1065
unsigned int i, j, r_policyvers;
1066
__u32 *buf, config;
1067
size_t len, len2, nprim, nel, nel2;
1068
char *policydb_str;
1069
struct policydb_compat_info *info;
1070
1071
config = 0;
1072
mls_set_config(config);
1073
1074
if (policydb_init(p))
1075
return -1;
1076
1077
/* Read the magic number and string length. */
1078
buf = next_entry(fp, sizeof(__u32)* 2);
1079
if (!buf)
1080
goto bad;
1081
for (i = 0; i < 2; i++)
1082
buf[i] = le32_to_cpu(buf[i]);
1083
1084
if (buf[0] != POLICYDB_MAGIC) {
1085
printk("security: policydb magic number 0x%x does not match expected magic number 0x%x\n", buf[0], POLICYDB_MAGIC);
1086
goto bad;
1087
}
1088
1089
len = buf[1];
1090
if (len != strlen(POLICYDB_STRING)) {
1091
printk("security: policydb string length %zu does not match expected length %zu\n", len, strlen(POLICYDB_STRING));
1092
goto bad;
1093
}
1094
buf = next_entry(fp, len);
1095
if (!buf) {
1096
printk("security: truncated policydb string identifier\n");
1097
goto bad;
1098
}
1099
policydb_str = kmalloc(len + 1,GFP_KERNEL);
1100
if (!policydb_str) {
1101
printk("security: unable to allocate memory for policydb string of length %zu\n", len);
1102
goto bad;
1103
}
1104
memcpy(policydb_str, buf, len);
1105
policydb_str[len] = 0;
1106
if (strcmp(policydb_str, POLICYDB_STRING)) {
1107
printk("security: policydb string %s does not match my string %s\n", policydb_str, POLICYDB_STRING);
1108
kfree(policydb_str);
1109
goto bad;
1110
}
1111
/* Done with policydb_str. */
1112
kfree(policydb_str);
1113
policydb_str = NULL;
1114
1115
/* Read the version, config, and table sizes. */
1116
buf = next_entry(fp, sizeof(__u32)*4);
1117
if (!buf)
1118
goto bad;
1119
for (i = 0; i < 4; i++)
1120
buf[i] = le32_to_cpu(buf[i]);
1121
1122
r_policyvers = buf[0];
1123
if (r_policyvers < POLICYDB_VERSION_MIN || r_policyvers > POLICYDB_VERSION_MAX) {
1124
printk("security: policydb version %d does not match "
1125
"my version range %d-%d\n", buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1126
goto bad;
1127
}
1128
1129
if (buf[1] != config) {
1130
printk("security: policydb configuration (%s) does not match my configuration (%s)\n",
1131
mls_config(buf[1]),
1132
mls_config(config));
1133
goto bad;
1134
}
1135
1136
info = policydb_lookup_compat(r_policyvers);
1137
if (!info) {
1138
printk("security: unable to find policy compat info for version %d\n", r_policyvers);
1139
goto bad;
1140
}
1141
1142
if (buf[2] != info->sym_num || buf[3] != info->ocon_num) {
1143
printk("security: policydb table sizes (%d,%d) do not match mine (%d,%d)\n",
1144
buf[2], buf[3], info->sym_num, info->ocon_num);
1145
goto bad;
1146
}
1147
1148
if (mls_read_nlevels(p, fp))
1149
goto bad;
1150
1151
for (i = 0; i < info->sym_num; i++) {
1152
buf = next_entry(fp, sizeof(__u32)*2);
1153
if (!buf)
1154
goto bad;
1155
nprim = le32_to_cpu(buf[0]);
1156
nel = le32_to_cpu(buf[1]);
1157
for (j = 0; j < nel; j++) {
1158
if (read_f[i] (p, p->symtab[i].table, fp))
1159
goto bad;
1160
}
1161
1162
p->symtab[i].nprim = nprim;
1163
}
1164
1165
if (avtab_read(&p->te_avtab, fp, config))
1166
goto bad;
1167
if (r_policyvers >= POLICYDB_VERSION_BOOL)
1168
if (cond_read_list(p, fp))
1169
goto bad;
1170
1171
buf = next_entry(fp, sizeof(__u32));
1172
if (!buf)
1173
goto bad;
1174
nel = le32_to_cpu(buf[0]);
1175
ltr = NULL;
1176
for (i = 0; i < nel; i++) {
1177
tr = kmalloc(sizeof(struct role_trans),GFP_KERNEL);
1178
if (!tr) {
1179
goto bad;
1180
}
1181
memset(tr, 0, sizeof(struct role_trans));
1182
if (ltr) {
1183
ltr->next = tr;
1184
} else {
1185
p->role_tr = tr;
1186
}
1187
buf = next_entry(fp, sizeof(__u32)*3);
1188
if (!buf)
1189
goto bad;
1190
tr->role = le32_to_cpu(buf[0]);
1191
tr->type = le32_to_cpu(buf[1]);
1192
tr->new_role = le32_to_cpu(buf[2]);
1193
ltr = tr;
1194
}
1195
1196
buf = next_entry(fp, sizeof(__u32));
1197
if (!buf)
1198
goto bad;
1199
nel = le32_to_cpu(buf[0]);
1200
lra = NULL;
1201
for (i = 0; i < nel; i++) {
1202
ra = kmalloc(sizeof(struct role_allow),GFP_KERNEL);
1203
if (!ra) {
1204
goto bad;
1205
}
1206
memset(ra, 0, sizeof(struct role_allow));
1207
if (lra) {
1208
lra->next = ra;
1209
} else {
1210
p->role_allow = ra;
1211
}
1212
buf = next_entry(fp, sizeof(__u32)*2);
1213
if (!buf)
1214
goto bad;
1215
ra->role = le32_to_cpu(buf[0]);
1216
ra->new_role = le32_to_cpu(buf[1]);
1217
lra = ra;
1218
}
1219
1220
if (policydb_index_classes(p))
1221
goto bad;
1222
1223
if (policydb_index_others(p))
1224
goto bad;
1225
1226
for (i = 0; i < info->ocon_num; i++) {
1227
buf = next_entry(fp, sizeof(__u32));
1228
if (!buf)
1229
goto bad;
1230
nel = le32_to_cpu(buf[0]);
1231
l = NULL;
1232
for (j = 0; j < nel; j++) {
1233
c = kmalloc(sizeof(ocontext_t),GFP_KERNEL);
1234
if (!c) {
1235
goto bad;
1236
}
1237
memset(c, 0, sizeof(ocontext_t));
1238
if (l) {
1239
l->next = c;
1240
} else {
1241
p->ocontexts[i] = c;
1242
}
1243
l = c;
1244
switch (i) {
1245
case OCON_ISID:
1246
buf = next_entry(fp, sizeof(__u32));
1247
if (!buf)
1248
goto bad;
1249
c->sid[0] = le32_to_cpu(buf[0]);
1250
if (context_read_and_validate(&c->context[0], p, fp))
1251
goto bad;
1252
break;
1253
case OCON_FS:
1254
case OCON_NETIF:
1255
buf = next_entry(fp, sizeof(__u32));
1256
if (!buf)
1257
goto bad;
1258
len = le32_to_cpu(buf[0]);
1259
buf = next_entry(fp, len);
1260
if (!buf)
1261
goto bad;
1262
c->u.name = kmalloc(len + 1,GFP_KERNEL);
1263
if (!c->u.name) {
1264
goto bad;
1265
}
1266
memcpy(c->u.name, buf, len);
1267
c->u.name[len] = 0;
1268
if (context_read_and_validate(&c->context[0], p, fp))
1269
goto bad;
1270
if (context_read_and_validate(&c->context[1], p, fp))
1271
goto bad;
1272
break;
1273
case OCON_PORT:
1274
buf = next_entry(fp, sizeof(__u32)*3);
1275
if (!buf)
1276
goto bad;
1277
c->u.port.protocol = le32_to_cpu(buf[0]);
1278
c->u.port.low_port = le32_to_cpu(buf[1]);
1279
c->u.port.high_port = le32_to_cpu(buf[2]);
1280
if (context_read_and_validate(&c->context[0], p, fp))
1281
goto bad;
1282
break;
1283
case OCON_NODE:
1284
buf = next_entry(fp, sizeof(__u32)* 2);
1285
if (!buf)
1286
goto bad;
1287
c->u.node.addr = le32_to_cpu(buf[0]);
1288
c->u.node.mask = le32_to_cpu(buf[1]);
1289
if (context_read_and_validate(&c->context[0], p, fp))
1290
goto bad;
1291
break;
1292
case OCON_FSUSE:
1293
buf = next_entry(fp, sizeof(__u32)*2);
1294
if (!buf)
1295
goto bad;
1296
c->v.behavior = le32_to_cpu(buf[0]);
1297
len = le32_to_cpu(buf[1]);
1298
buf = next_entry(fp, len);
1299
if (!buf)
1300
goto bad;
1301
c->u.name = kmalloc(len + 1,GFP_KERNEL);
1302
if (!c->u.name) {
1303
goto bad;
1304
}
1305
memcpy(c->u.name, buf, len);
1306
c->u.name[len] = 0;
1307
if (context_read_and_validate(&c->context[0], p, fp))
1308
goto bad;
1309
break;
1310
case OCON_NODE6: {
1311
int k;
1312
1313
buf = next_entry(fp, sizeof(__u32) * 8);
1314
if (!buf)
1315
goto bad;
1316
for (k = 0; k < 4; k++)
1317
c->u.node6.addr[k] = le32_to_cpu(buf[k]);
1318
for (k = 0; k < 4; k++)
1319
c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
1320
if (context_read_and_validate(&c->context[0], p, fp))
1321
goto bad;
1322
break;
1323
}
1324
}
1325
}
1326
}
1327
1328
buf = next_entry(fp, sizeof(__u32));
1329
if (!buf)
1330
goto bad;
1331
nel = le32_to_cpu(buf[0]);
1332
genfs_p = NULL;
1333
for (i = 0; i < nel; i++) {
1334
newgenfs = kmalloc(sizeof(genfs_t),GFP_KERNEL);
1335
if (!newgenfs) {
1336
goto bad;
1337
}
1338
memset(newgenfs, 0, sizeof(genfs_t));
1339
buf = next_entry(fp, sizeof(__u32));
1340
if (!buf)
1341
goto bad;
1342
len = le32_to_cpu(buf[0]);
1343
buf = next_entry(fp, len);
1344
if (!buf)
1345
goto bad;
1346
newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
1347
if (!newgenfs->fstype) {
1348
goto bad;
1349
}
1350
memcpy(newgenfs->fstype, buf, len);
1351
newgenfs->fstype[len] = 0;
1352
for (genfs_p = NULL, genfs = p->genfs; genfs;
1353
genfs_p = genfs, genfs = genfs->next) {
1354
if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1355
printk("security: dup genfs fstype %s\n", newgenfs->fstype);
1356
goto bad;
1357
}
1358
if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1359
break;
1360
}
1361
newgenfs->next = genfs;
1362
if (genfs_p)
1363
genfs_p->next = newgenfs;
1364
else
1365
p->genfs = newgenfs;
1366
buf = next_entry(fp, sizeof(__u32));
1367
if (!buf)
1368
goto bad;
1369
nel2 = le32_to_cpu(buf[0]);
1370
for (j = 0; j < nel2; j++) {
1371
newc = kmalloc(sizeof(ocontext_t),GFP_KERNEL);
1372
if (!newc) {
1373
goto bad;
1374
}
1375
memset(newc, 0, sizeof(ocontext_t));
1376
buf = next_entry(fp, sizeof(__u32));
1377
if (!buf)
1378
goto bad;
1379
len = le32_to_cpu(buf[0]);
1380
buf = next_entry(fp, len);
1381
if (!buf)
1382
goto bad;
1383
newc->u.name = kmalloc(len + 1,GFP_KERNEL);
1384
if (!newc->u.name) {
1385
goto bad;
1386
}
1387
memcpy(newc->u.name, buf, len);
1388
newc->u.name[len] = 0;
1389
buf = next_entry(fp, sizeof(__u32));
1390
if (!buf)
1391
goto bad;
1392
newc->v.sclass = le32_to_cpu(buf[0]);
1393
if (context_read_and_validate(&newc->context[0], p, fp))
1394
goto bad;
1395
for (l = NULL, c = newgenfs->head; c;
1396
l = c, c = c->next) {
1397
if (!strcmp(newc->u.name, c->u.name) &&
1398
(!c->v.sclass || !newc->v.sclass || newc->v.sclass == c->v.sclass)) {
1399
printk("security: dup genfs entry (%s,%s)\n", newgenfs->fstype, c->u.name);
1400
goto bad;
1401
}
1402
len = strlen(newc->u.name);
1403
len2 = strlen(c->u.name);
1404
if (len > len2)
1405
break;
1406
}
1407
newc->next = c;
1408
if (l)
1409
l->next = newc;
1410
else
1411
newgenfs->head = newc;
1412
}
1413
}
1414
1415
if (mls_read_trusted(p, fp))
1416
goto bad;
1417
1418
return 0;
1419
bad:
1420
policydb_destroy(p);
1421
return -1;
1422
}
1423
1424
1425
Loggerhead is a web-based interface for Breezy
Version: 2.0.1