2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Implementation of the policy database.
|
|
|
|
*
|
|
|
|
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
|
|
|
*
|
|
|
|
* Support for enhanced MLS infrastructure.
|
|
|
|
*
|
|
|
|
* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
|
|
|
|
*
|
2008-04-18 01:37:12 +08:00
|
|
|
* Added conditional policy language extensions
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
2008-01-29 21:38:19 +08:00
|
|
|
* Updated: Hewlett-Packard <paul.moore@hp.com>
|
|
|
|
*
|
|
|
|
* Added support for the policy capability bitmap
|
|
|
|
*
|
|
|
|
* Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
|
2005-04-17 06:20:36 +08:00
|
|
|
* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
|
|
|
|
* Copyright (C) 2003 - 2004 Tresys Technology, LLC
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
2008-04-18 01:37:12 +08:00
|
|
|
* it under the terms of the GNU General Public License as published by
|
2005-04-17 06:20:36 +08:00
|
|
|
* the Free Software Foundation, version 2.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/kernel.h>
|
2007-06-05 05:41:22 +08:00
|
|
|
#include <linux/sched.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/string.h>
|
|
|
|
#include <linux/errno.h>
|
2008-08-28 15:35:57 +08:00
|
|
|
#include <linux/audit.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include "security.h"
|
|
|
|
|
|
|
|
#include "policydb.h"
|
|
|
|
#include "conditional.h"
|
|
|
|
#include "mls.h"
|
|
|
|
|
|
|
|
#define _DEBUG_HASHES
|
|
|
|
|
|
|
|
#ifdef DEBUG_HASHES
|
|
|
|
static char *symtab_name[SYM_NUM] = {
|
|
|
|
"common prefixes",
|
|
|
|
"classes",
|
|
|
|
"roles",
|
|
|
|
"types",
|
|
|
|
"users",
|
|
|
|
"bools",
|
|
|
|
"levels",
|
|
|
|
"categories",
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
int selinux_mls_enabled;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
static unsigned int symtab_sizes[SYM_NUM] = {
|
|
|
|
2,
|
|
|
|
32,
|
|
|
|
16,
|
|
|
|
512,
|
|
|
|
128,
|
|
|
|
16,
|
|
|
|
16,
|
|
|
|
16,
|
|
|
|
};
|
|
|
|
|
|
|
|
struct policydb_compat_info {
|
|
|
|
int version;
|
|
|
|
int sym_num;
|
|
|
|
int ocon_num;
|
|
|
|
};
|
|
|
|
|
|
|
|
/* These need to be updated if SYM_NUM or OCON_NUM changes */
|
|
|
|
static struct policydb_compat_info policydb_compat[] = {
|
|
|
|
{
|
2008-04-18 01:37:12 +08:00
|
|
|
.version = POLICYDB_VERSION_BASE,
|
|
|
|
.sym_num = SYM_NUM - 3,
|
|
|
|
.ocon_num = OCON_NUM - 1,
|
2005-04-17 06:20:36 +08:00
|
|
|
},
|
|
|
|
{
|
2008-04-18 01:37:12 +08:00
|
|
|
.version = POLICYDB_VERSION_BOOL,
|
|
|
|
.sym_num = SYM_NUM - 2,
|
|
|
|
.ocon_num = OCON_NUM - 1,
|
2005-04-17 06:20:36 +08:00
|
|
|
},
|
|
|
|
{
|
2008-04-18 01:37:12 +08:00
|
|
|
.version = POLICYDB_VERSION_IPV6,
|
|
|
|
.sym_num = SYM_NUM - 2,
|
|
|
|
.ocon_num = OCON_NUM,
|
2005-04-17 06:20:36 +08:00
|
|
|
},
|
|
|
|
{
|
2008-04-18 01:37:12 +08:00
|
|
|
.version = POLICYDB_VERSION_NLCLASS,
|
|
|
|
.sym_num = SYM_NUM - 2,
|
|
|
|
.ocon_num = OCON_NUM,
|
2005-04-17 06:20:36 +08:00
|
|
|
},
|
|
|
|
{
|
2008-04-18 01:37:12 +08:00
|
|
|
.version = POLICYDB_VERSION_MLS,
|
|
|
|
.sym_num = SYM_NUM,
|
|
|
|
.ocon_num = OCON_NUM,
|
2005-04-17 06:20:36 +08:00
|
|
|
},
|
2005-09-04 06:55:16 +08:00
|
|
|
{
|
2008-04-18 01:37:12 +08:00
|
|
|
.version = POLICYDB_VERSION_AVTAB,
|
|
|
|
.sym_num = SYM_NUM,
|
|
|
|
.ocon_num = OCON_NUM,
|
2005-09-04 06:55:16 +08:00
|
|
|
},
|
2006-09-26 14:31:59 +08:00
|
|
|
{
|
2008-04-18 01:37:12 +08:00
|
|
|
.version = POLICYDB_VERSION_RANGETRANS,
|
|
|
|
.sym_num = SYM_NUM,
|
|
|
|
.ocon_num = OCON_NUM,
|
2006-09-26 14:31:59 +08:00
|
|
|
},
|
2008-01-29 21:38:19 +08:00
|
|
|
{
|
|
|
|
.version = POLICYDB_VERSION_POLCAP,
|
|
|
|
.sym_num = SYM_NUM,
|
|
|
|
.ocon_num = OCON_NUM,
|
2008-03-31 09:17:33 +08:00
|
|
|
},
|
|
|
|
{
|
|
|
|
.version = POLICYDB_VERSION_PERMISSIVE,
|
|
|
|
.sym_num = SYM_NUM,
|
|
|
|
.ocon_num = OCON_NUM,
|
2008-08-28 15:35:57 +08:00
|
|
|
},
|
|
|
|
{
|
|
|
|
.version = POLICYDB_VERSION_BOUNDARY,
|
|
|
|
.sym_num = SYM_NUM,
|
|
|
|
.ocon_num = OCON_NUM,
|
|
|
|
},
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static struct policydb_compat_info *policydb_lookup_compat(int version)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
struct policydb_compat_info *info = NULL;
|
|
|
|
|
2006-01-06 16:11:23 +08:00
|
|
|
for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (policydb_compat[i].version == version) {
|
|
|
|
info = &policydb_compat[i];
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize the role table.
|
|
|
|
*/
|
|
|
|
static int roles_init(struct policydb *p)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
int rc;
|
|
|
|
struct role_datum *role;
|
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
role = kzalloc(sizeof(*role), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!role) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
role->value = ++p->p_roles.nprim;
|
|
|
|
if (role->value != OBJECT_R_VAL) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out_free_role;
|
|
|
|
}
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out_free_role;
|
|
|
|
}
|
|
|
|
strcpy(key, OBJECT_R);
|
|
|
|
rc = hashtab_insert(p->p_roles.table, key, role);
|
|
|
|
if (rc)
|
|
|
|
goto out_free_key;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
out_free_key:
|
|
|
|
kfree(key);
|
|
|
|
out_free_role:
|
|
|
|
kfree(role);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize a policy database structure.
|
|
|
|
*/
|
|
|
|
static int policydb_init(struct policydb *p)
|
|
|
|
{
|
|
|
|
int i, rc;
|
|
|
|
|
|
|
|
memset(p, 0, sizeof(*p));
|
|
|
|
|
|
|
|
for (i = 0; i < SYM_NUM; i++) {
|
|
|
|
rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
|
|
|
|
if (rc)
|
|
|
|
goto out_free_symtab;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = avtab_init(&p->te_avtab);
|
|
|
|
if (rc)
|
|
|
|
goto out_free_symtab;
|
|
|
|
|
|
|
|
rc = roles_init(p);
|
|
|
|
if (rc)
|
2007-08-24 10:55:11 +08:00
|
|
|
goto out_free_symtab;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = cond_policydb_init(p);
|
|
|
|
if (rc)
|
2007-08-24 10:55:11 +08:00
|
|
|
goto out_free_symtab;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-01-29 21:38:19 +08:00
|
|
|
ebitmap_init(&p->policycaps);
|
2008-03-31 09:17:33 +08:00
|
|
|
ebitmap_init(&p->permissive_map);
|
2008-01-29 21:38:19 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
out_free_symtab:
|
|
|
|
for (i = 0; i < SYM_NUM; i++)
|
|
|
|
hashtab_destroy(p->symtab[i].table);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The following *_index functions are used to
|
|
|
|
* define the val_to_name and val_to_struct arrays
|
|
|
|
* in a policy database structure. The val_to_name
|
|
|
|
* arrays are used when converting security context
|
|
|
|
* structures into string representations. The
|
|
|
|
* val_to_struct arrays are used when the attributes
|
|
|
|
* of a class, role, or user are needed.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int common_index(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct policydb *p;
|
|
|
|
struct common_datum *comdatum;
|
|
|
|
|
|
|
|
comdatum = datum;
|
|
|
|
p = datap;
|
|
|
|
if (!comdatum->value || comdatum->value > p->p_commons.nprim)
|
|
|
|
return -EINVAL;
|
|
|
|
p->p_common_val_to_name[comdatum->value - 1] = key;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int class_index(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct policydb *p;
|
|
|
|
struct class_datum *cladatum;
|
|
|
|
|
|
|
|
cladatum = datum;
|
|
|
|
p = datap;
|
|
|
|
if (!cladatum->value || cladatum->value > p->p_classes.nprim)
|
|
|
|
return -EINVAL;
|
|
|
|
p->p_class_val_to_name[cladatum->value - 1] = key;
|
|
|
|
p->class_val_to_struct[cladatum->value - 1] = cladatum;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int role_index(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct policydb *p;
|
|
|
|
struct role_datum *role;
|
|
|
|
|
|
|
|
role = datum;
|
|
|
|
p = datap;
|
2008-08-28 15:35:57 +08:00
|
|
|
if (!role->value
|
|
|
|
|| role->value > p->p_roles.nprim
|
|
|
|
|| role->bounds > p->p_roles.nprim)
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
p->p_role_val_to_name[role->value - 1] = key;
|
|
|
|
p->role_val_to_struct[role->value - 1] = role;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int type_index(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct policydb *p;
|
|
|
|
struct type_datum *typdatum;
|
|
|
|
|
|
|
|
typdatum = datum;
|
|
|
|
p = datap;
|
|
|
|
|
|
|
|
if (typdatum->primary) {
|
2008-08-28 15:35:57 +08:00
|
|
|
if (!typdatum->value
|
|
|
|
|| typdatum->value > p->p_types.nprim
|
|
|
|
|| typdatum->bounds > p->p_types.nprim)
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
p->p_type_val_to_name[typdatum->value - 1] = key;
|
2008-08-28 15:35:57 +08:00
|
|
|
p->type_val_to_struct[typdatum->value - 1] = typdatum;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int user_index(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct policydb *p;
|
|
|
|
struct user_datum *usrdatum;
|
|
|
|
|
|
|
|
usrdatum = datum;
|
|
|
|
p = datap;
|
2008-08-28 15:35:57 +08:00
|
|
|
if (!usrdatum->value
|
|
|
|
|| usrdatum->value > p->p_users.nprim
|
|
|
|
|| usrdatum->bounds > p->p_users.nprim)
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
p->p_user_val_to_name[usrdatum->value - 1] = key;
|
|
|
|
p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int sens_index(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct policydb *p;
|
|
|
|
struct level_datum *levdatum;
|
|
|
|
|
|
|
|
levdatum = datum;
|
|
|
|
p = datap;
|
|
|
|
|
|
|
|
if (!levdatum->isalias) {
|
|
|
|
if (!levdatum->level->sens ||
|
|
|
|
levdatum->level->sens > p->p_levels.nprim)
|
|
|
|
return -EINVAL;
|
|
|
|
p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int cat_index(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct policydb *p;
|
|
|
|
struct cat_datum *catdatum;
|
|
|
|
|
|
|
|
catdatum = datum;
|
|
|
|
p = datap;
|
|
|
|
|
|
|
|
if (!catdatum->isalias) {
|
|
|
|
if (!catdatum->value || catdatum->value > p->p_cats.nprim)
|
|
|
|
return -EINVAL;
|
|
|
|
p->p_cat_val_to_name[catdatum->value - 1] = key;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
|
|
|
|
{
|
|
|
|
common_index,
|
|
|
|
class_index,
|
|
|
|
role_index,
|
|
|
|
type_index,
|
|
|
|
user_index,
|
|
|
|
cond_index_bool,
|
|
|
|
sens_index,
|
|
|
|
cat_index,
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Define the common val_to_name array and the class
|
|
|
|
* val_to_name and val_to_struct arrays in a policy
|
|
|
|
* database structure.
|
|
|
|
*
|
|
|
|
* Caller must clean up upon failure.
|
|
|
|
*/
|
|
|
|
static int policydb_index_classes(struct policydb *p)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
p->p_common_val_to_name =
|
|
|
|
kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
|
|
|
|
if (!p->p_common_val_to_name) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = hashtab_map(p->p_commons.table, common_index, p);
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
p->class_val_to_struct =
|
|
|
|
kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
|
|
|
|
if (!p->class_val_to_struct) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
p->p_class_val_to_name =
|
|
|
|
kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
|
|
|
|
if (!p->p_class_val_to_name) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = hashtab_map(p->p_classes.table, class_index, p);
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef DEBUG_HASHES
|
|
|
|
static void symtab_hash_eval(struct symtab *s)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < SYM_NUM; i++) {
|
|
|
|
struct hashtab *h = s[i].table;
|
|
|
|
struct hashtab_info info;
|
|
|
|
|
|
|
|
hashtab_stat(h, &info);
|
2008-04-17 23:52:44 +08:00
|
|
|
printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
|
2005-04-17 06:20:36 +08:00
|
|
|
"longest chain length %d\n", symtab_name[i], h->nel,
|
|
|
|
info.slots_used, h->size, info.max_chain_len);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Define the other val_to_name and val_to_struct arrays
|
|
|
|
* in a policy database structure.
|
|
|
|
*
|
|
|
|
* Caller must clean up on failure.
|
|
|
|
*/
|
|
|
|
static int policydb_index_others(struct policydb *p)
|
|
|
|
{
|
|
|
|
int i, rc = 0;
|
|
|
|
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
|
2005-04-17 06:20:36 +08:00
|
|
|
p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
|
|
|
|
if (selinux_mls_enabled)
|
|
|
|
printk(", %d sens, %d cats", p->p_levels.nprim,
|
|
|
|
p->p_cats.nprim);
|
|
|
|
printk("\n");
|
|
|
|
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
|
2005-04-17 06:20:36 +08:00
|
|
|
p->p_classes.nprim, p->te_avtab.nel);
|
|
|
|
|
|
|
|
#ifdef DEBUG_HASHES
|
|
|
|
avtab_hash_eval(&p->te_avtab, "rules");
|
|
|
|
symtab_hash_eval(p->symtab);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
p->role_val_to_struct =
|
|
|
|
kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
|
2008-04-18 01:37:12 +08:00
|
|
|
GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!p->role_val_to_struct) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
p->user_val_to_struct =
|
|
|
|
kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
|
2008-04-18 01:37:12 +08:00
|
|
|
GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!p->user_val_to_struct) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2008-08-28 15:35:57 +08:00
|
|
|
p->type_val_to_struct =
|
|
|
|
kmalloc(p->p_types.nprim * sizeof(*(p->type_val_to_struct)),
|
|
|
|
GFP_KERNEL);
|
|
|
|
if (!p->type_val_to_struct) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (cond_init_bool_indexes(p)) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = SYM_ROLES; i < SYM_NUM; i++) {
|
|
|
|
p->sym_val_to_name[i] =
|
|
|
|
kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
|
|
|
|
if (!p->sym_val_to_name[i]) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = hashtab_map(p->symtab[i].table, index_f[i], p);
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The following *_destroy functions are used to
|
|
|
|
* free any memory allocated for each kind of
|
|
|
|
* symbol data in the policy database.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int perm_destroy(void *key, void *datum, void *p)
|
|
|
|
{
|
|
|
|
kfree(key);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int common_destroy(void *key, void *datum, void *p)
|
|
|
|
{
|
|
|
|
struct common_datum *comdatum;
|
|
|
|
|
|
|
|
kfree(key);
|
|
|
|
comdatum = datum;
|
|
|
|
hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
|
|
|
|
hashtab_destroy(comdatum->permissions.table);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-11-30 05:50:27 +08:00
|
|
|
static int cls_destroy(void *key, void *datum, void *p)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct class_datum *cladatum;
|
|
|
|
struct constraint_node *constraint, *ctemp;
|
|
|
|
struct constraint_expr *e, *etmp;
|
|
|
|
|
|
|
|
kfree(key);
|
|
|
|
cladatum = datum;
|
|
|
|
hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
|
|
|
|
hashtab_destroy(cladatum->permissions.table);
|
|
|
|
constraint = cladatum->constraints;
|
|
|
|
while (constraint) {
|
|
|
|
e = constraint->expr;
|
|
|
|
while (e) {
|
|
|
|
ebitmap_destroy(&e->names);
|
|
|
|
etmp = e;
|
|
|
|
e = e->next;
|
|
|
|
kfree(etmp);
|
|
|
|
}
|
|
|
|
ctemp = constraint;
|
|
|
|
constraint = constraint->next;
|
|
|
|
kfree(ctemp);
|
|
|
|
}
|
|
|
|
|
|
|
|
constraint = cladatum->validatetrans;
|
|
|
|
while (constraint) {
|
|
|
|
e = constraint->expr;
|
|
|
|
while (e) {
|
|
|
|
ebitmap_destroy(&e->names);
|
|
|
|
etmp = e;
|
|
|
|
e = e->next;
|
|
|
|
kfree(etmp);
|
|
|
|
}
|
|
|
|
ctemp = constraint;
|
|
|
|
constraint = constraint->next;
|
|
|
|
kfree(ctemp);
|
|
|
|
}
|
|
|
|
|
|
|
|
kfree(cladatum->comkey);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int role_destroy(void *key, void *datum, void *p)
|
|
|
|
{
|
|
|
|
struct role_datum *role;
|
|
|
|
|
|
|
|
kfree(key);
|
|
|
|
role = datum;
|
|
|
|
ebitmap_destroy(&role->dominates);
|
|
|
|
ebitmap_destroy(&role->types);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int type_destroy(void *key, void *datum, void *p)
|
|
|
|
{
|
|
|
|
kfree(key);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int user_destroy(void *key, void *datum, void *p)
|
|
|
|
{
|
|
|
|
struct user_datum *usrdatum;
|
|
|
|
|
|
|
|
kfree(key);
|
|
|
|
usrdatum = datum;
|
|
|
|
ebitmap_destroy(&usrdatum->roles);
|
|
|
|
ebitmap_destroy(&usrdatum->range.level[0].cat);
|
|
|
|
ebitmap_destroy(&usrdatum->range.level[1].cat);
|
|
|
|
ebitmap_destroy(&usrdatum->dfltlevel.cat);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int sens_destroy(void *key, void *datum, void *p)
|
|
|
|
{
|
|
|
|
struct level_datum *levdatum;
|
|
|
|
|
|
|
|
kfree(key);
|
|
|
|
levdatum = datum;
|
|
|
|
ebitmap_destroy(&levdatum->level->cat);
|
|
|
|
kfree(levdatum->level);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int cat_destroy(void *key, void *datum, void *p)
|
|
|
|
{
|
|
|
|
kfree(key);
|
|
|
|
kfree(datum);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
|
|
|
|
{
|
|
|
|
common_destroy,
|
2006-11-30 05:50:27 +08:00
|
|
|
cls_destroy,
|
2005-04-17 06:20:36 +08:00
|
|
|
role_destroy,
|
|
|
|
type_destroy,
|
|
|
|
user_destroy,
|
|
|
|
cond_destroy_bool,
|
|
|
|
sens_destroy,
|
|
|
|
cat_destroy,
|
|
|
|
};
|
|
|
|
|
|
|
|
static void ocontext_destroy(struct ocontext *c, int i)
|
|
|
|
{
|
|
|
|
context_destroy(&c->context[0]);
|
|
|
|
context_destroy(&c->context[1]);
|
|
|
|
if (i == OCON_ISID || i == OCON_FS ||
|
|
|
|
i == OCON_NETIF || i == OCON_FSUSE)
|
|
|
|
kfree(c->u.name);
|
|
|
|
kfree(c);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free any memory allocated by a policy database structure.
|
|
|
|
*/
|
|
|
|
void policydb_destroy(struct policydb *p)
|
|
|
|
{
|
|
|
|
struct ocontext *c, *ctmp;
|
|
|
|
struct genfs *g, *gtmp;
|
|
|
|
int i;
|
2005-09-04 06:55:16 +08:00
|
|
|
struct role_allow *ra, *lra = NULL;
|
|
|
|
struct role_trans *tr, *ltr = NULL;
|
|
|
|
struct range_trans *rt, *lrt = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
for (i = 0; i < SYM_NUM; i++) {
|
2007-06-05 05:41:22 +08:00
|
|
|
cond_resched();
|
2005-04-17 06:20:36 +08:00
|
|
|
hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
|
|
|
|
hashtab_destroy(p->symtab[i].table);
|
|
|
|
}
|
|
|
|
|
2005-06-26 05:58:51 +08:00
|
|
|
for (i = 0; i < SYM_NUM; i++)
|
|
|
|
kfree(p->sym_val_to_name[i]);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-06-26 05:58:51 +08:00
|
|
|
kfree(p->class_val_to_struct);
|
|
|
|
kfree(p->role_val_to_struct);
|
|
|
|
kfree(p->user_val_to_struct);
|
2008-08-28 15:35:57 +08:00
|
|
|
kfree(p->type_val_to_struct);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
avtab_destroy(&p->te_avtab);
|
|
|
|
|
|
|
|
for (i = 0; i < OCON_NUM; i++) {
|
2007-06-05 05:41:22 +08:00
|
|
|
cond_resched();
|
2005-04-17 06:20:36 +08:00
|
|
|
c = p->ocontexts[i];
|
|
|
|
while (c) {
|
|
|
|
ctmp = c;
|
|
|
|
c = c->next;
|
2008-04-18 01:37:12 +08:00
|
|
|
ocontext_destroy(ctmp, i);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2006-10-07 04:09:52 +08:00
|
|
|
p->ocontexts[i] = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
g = p->genfs;
|
|
|
|
while (g) {
|
2007-06-05 05:41:22 +08:00
|
|
|
cond_resched();
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree(g->fstype);
|
|
|
|
c = g->head;
|
|
|
|
while (c) {
|
|
|
|
ctmp = c;
|
|
|
|
c = c->next;
|
2008-04-18 01:37:12 +08:00
|
|
|
ocontext_destroy(ctmp, OCON_FSUSE);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
gtmp = g;
|
|
|
|
g = g->next;
|
|
|
|
kfree(gtmp);
|
|
|
|
}
|
2006-10-07 04:09:52 +08:00
|
|
|
p->genfs = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
cond_policydb_destroy(p);
|
|
|
|
|
2005-09-04 06:55:16 +08:00
|
|
|
for (tr = p->role_tr; tr; tr = tr->next) {
|
2007-06-05 05:41:22 +08:00
|
|
|
cond_resched();
|
2005-11-07 17:01:35 +08:00
|
|
|
kfree(ltr);
|
2005-09-04 06:55:16 +08:00
|
|
|
ltr = tr;
|
|
|
|
}
|
2005-11-07 17:01:35 +08:00
|
|
|
kfree(ltr);
|
2005-09-04 06:55:16 +08:00
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
for (ra = p->role_allow; ra; ra = ra->next) {
|
2007-06-05 05:41:22 +08:00
|
|
|
cond_resched();
|
2005-11-07 17:01:35 +08:00
|
|
|
kfree(lra);
|
2005-09-04 06:55:16 +08:00
|
|
|
lra = ra;
|
|
|
|
}
|
2005-11-07 17:01:35 +08:00
|
|
|
kfree(lra);
|
2005-09-04 06:55:16 +08:00
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
for (rt = p->range_tr; rt; rt = rt->next) {
|
2007-06-05 05:41:22 +08:00
|
|
|
cond_resched();
|
2006-07-30 18:03:17 +08:00
|
|
|
if (lrt) {
|
2006-09-26 14:31:59 +08:00
|
|
|
ebitmap_destroy(&lrt->target_range.level[0].cat);
|
|
|
|
ebitmap_destroy(&lrt->target_range.level[1].cat);
|
2006-07-30 18:03:17 +08:00
|
|
|
kfree(lrt);
|
|
|
|
}
|
2005-09-04 06:55:16 +08:00
|
|
|
lrt = rt;
|
|
|
|
}
|
2006-07-30 18:03:17 +08:00
|
|
|
if (lrt) {
|
2006-09-26 14:31:59 +08:00
|
|
|
ebitmap_destroy(&lrt->target_range.level[0].cat);
|
|
|
|
ebitmap_destroy(&lrt->target_range.level[1].cat);
|
2006-07-30 18:03:17 +08:00
|
|
|
kfree(lrt);
|
|
|
|
}
|
2005-09-04 06:55:16 +08:00
|
|
|
|
2005-10-24 03:57:15 +08:00
|
|
|
if (p->type_attr_map) {
|
|
|
|
for (i = 0; i < p->p_types.nprim; i++)
|
|
|
|
ebitmap_destroy(&p->type_attr_map[i]);
|
|
|
|
}
|
2005-09-04 06:55:16 +08:00
|
|
|
kfree(p->type_attr_map);
|
2008-01-29 21:38:19 +08:00
|
|
|
ebitmap_destroy(&p->policycaps);
|
2008-03-31 09:17:33 +08:00
|
|
|
ebitmap_destroy(&p->permissive_map);
|
2007-09-22 02:37:10 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Load the initial SIDs specified in a policy database
|
|
|
|
* structure into a SID table.
|
|
|
|
*/
|
|
|
|
int policydb_load_isids(struct policydb *p, struct sidtab *s)
|
|
|
|
{
|
|
|
|
struct ocontext *head, *c;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
rc = sidtab_init(s);
|
|
|
|
if (rc) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: out of memory on SID table init\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
head = p->ocontexts[OCON_ISID];
|
|
|
|
for (c = head; c; c = c->next) {
|
|
|
|
if (!c->context[0].user) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: SID %s was never "
|
2005-04-17 06:20:36 +08:00
|
|
|
"defined.\n", c->u.name);
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (sidtab_insert(s, c->sid[0], &c->context[0])) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: unable to load initial "
|
2005-04-17 06:20:36 +08:00
|
|
|
"SID %s.\n", c->u.name);
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2007-11-07 23:08:00 +08:00
|
|
|
int policydb_class_isvalid(struct policydb *p, unsigned int class)
|
|
|
|
{
|
|
|
|
if (!class || class > p->p_classes.nprim)
|
|
|
|
return 0;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int policydb_role_isvalid(struct policydb *p, unsigned int role)
|
|
|
|
{
|
|
|
|
if (!role || role > p->p_roles.nprim)
|
|
|
|
return 0;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int policydb_type_isvalid(struct policydb *p, unsigned int type)
|
|
|
|
{
|
|
|
|
if (!type || type > p->p_types.nprim)
|
|
|
|
return 0;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Return 1 if the fields in the security context
|
|
|
|
* structure `c' are valid. Return 0 otherwise.
|
|
|
|
*/
|
|
|
|
int policydb_context_isvalid(struct policydb *p, struct context *c)
|
|
|
|
{
|
|
|
|
struct role_datum *role;
|
|
|
|
struct user_datum *usrdatum;
|
|
|
|
|
|
|
|
if (!c->role || c->role > p->p_roles.nprim)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (!c->user || c->user > p->p_users.nprim)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (!c->type || c->type > p->p_types.nprim)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (c->role != OBJECT_R_VAL) {
|
|
|
|
/*
|
|
|
|
* Role must be authorized for the type.
|
|
|
|
*/
|
|
|
|
role = p->role_val_to_struct[c->role - 1];
|
|
|
|
if (!ebitmap_get_bit(&role->types,
|
|
|
|
c->type - 1))
|
|
|
|
/* role may not be associated with type */
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* User must be authorized for the role.
|
|
|
|
*/
|
|
|
|
usrdatum = p->user_val_to_struct[c->user - 1];
|
|
|
|
if (!usrdatum)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (!ebitmap_get_bit(&usrdatum->roles,
|
|
|
|
c->role - 1))
|
|
|
|
/* user may not be associated with role */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!mls_context_isvalid(p, c))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read a MLS range structure from a policydb binary
|
|
|
|
* representation file.
|
|
|
|
*/
|
|
|
|
static int mls_read_range_helper(struct mls_range *r, void *fp)
|
|
|
|
{
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[2];
|
|
|
|
u32 items;
|
2005-04-17 06:20:36 +08:00
|
|
|
int rc;
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
items = le32_to_cpu(buf[0]);
|
|
|
|
if (items > ARRAY_SIZE(buf)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: mls: range overflow\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32) * items);
|
|
|
|
if (rc < 0) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: mls: truncated range\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
r->level[0].sens = le32_to_cpu(buf[0]);
|
|
|
|
if (items > 1)
|
|
|
|
r->level[1].sens = le32_to_cpu(buf[1]);
|
|
|
|
else
|
|
|
|
r->level[1].sens = r->level[0].sens;
|
|
|
|
|
|
|
|
rc = ebitmap_read(&r->level[0].cat, fp);
|
|
|
|
if (rc) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: mls: error reading low "
|
2005-04-17 06:20:36 +08:00
|
|
|
"categories\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (items > 1) {
|
|
|
|
rc = ebitmap_read(&r->level[1].cat, fp);
|
|
|
|
if (rc) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: mls: error reading high "
|
2005-04-17 06:20:36 +08:00
|
|
|
"categories\n");
|
|
|
|
goto bad_high;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
|
|
|
|
if (rc) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: mls: out of memory\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto bad_high;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = 0;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad_high:
|
|
|
|
ebitmap_destroy(&r->level[0].cat);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read and validate a security context structure
|
|
|
|
* from a policydb binary representation file.
|
|
|
|
*/
|
|
|
|
static int context_read_and_validate(struct context *c,
|
|
|
|
struct policydb *p,
|
|
|
|
void *fp)
|
|
|
|
{
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[3];
|
2005-04-17 06:20:36 +08:00
|
|
|
int rc;
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof buf);
|
|
|
|
if (rc < 0) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: context truncated\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
c->user = le32_to_cpu(buf[0]);
|
|
|
|
c->role = le32_to_cpu(buf[1]);
|
|
|
|
c->type = le32_to_cpu(buf[2]);
|
|
|
|
if (p->policyvers >= POLICYDB_VERSION_MLS) {
|
|
|
|
if (mls_read_range_helper(&c->range, fp)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: error reading MLS range of "
|
2005-04-17 06:20:36 +08:00
|
|
|
"context\n");
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!policydb_context_isvalid(p, c)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: invalid security context\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
context_destroy(c);
|
|
|
|
rc = -EINVAL;
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The following *_read functions are used to
|
|
|
|
* read the symbol data from a policy database
|
|
|
|
* binary representation file.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct perm_datum *perdatum;
|
|
|
|
int rc;
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[2];
|
|
|
|
u32 len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!perdatum) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof buf);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
perdatum->value = le32_to_cpu(buf[1]);
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, perdatum);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad:
|
|
|
|
perm_destroy(key, perdatum, NULL);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int common_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct common_datum *comdatum;
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[4];
|
|
|
|
u32 len, nel;
|
2005-04-17 06:20:36 +08:00
|
|
|
int i, rc;
|
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!comdatum) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof buf);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
comdatum->value = le32_to_cpu(buf[1]);
|
|
|
|
|
|
|
|
rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
comdatum->permissions.nprim = le32_to_cpu(buf[2]);
|
|
|
|
nel = le32_to_cpu(buf[3]);
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
for (i = 0; i < nel; i++) {
|
|
|
|
rc = perm_read(p, comdatum->permissions.table, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, comdatum);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad:
|
|
|
|
common_destroy(key, comdatum, NULL);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int read_cons_helper(struct constraint_node **nodep, int ncons,
|
2008-04-18 01:37:12 +08:00
|
|
|
int allowxtarget, void *fp)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct constraint_node *c, *lc;
|
|
|
|
struct constraint_expr *e, *le;
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[3];
|
|
|
|
u32 nexpr;
|
2005-04-17 06:20:36 +08:00
|
|
|
int rc, i, j, depth;
|
|
|
|
|
|
|
|
lc = NULL;
|
|
|
|
for (i = 0; i < ncons; i++) {
|
2005-10-31 06:59:21 +08:00
|
|
|
c = kzalloc(sizeof(*c), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!c)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
if (lc)
|
2005-04-17 06:20:36 +08:00
|
|
|
lc->next = c;
|
2008-04-18 01:37:12 +08:00
|
|
|
else
|
2005-04-17 06:20:36 +08:00
|
|
|
*nodep = c;
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, (sizeof(u32) * 2));
|
|
|
|
if (rc < 0)
|
|
|
|
return rc;
|
|
|
|
c->permissions = le32_to_cpu(buf[0]);
|
|
|
|
nexpr = le32_to_cpu(buf[1]);
|
|
|
|
le = NULL;
|
|
|
|
depth = -1;
|
|
|
|
for (j = 0; j < nexpr; j++) {
|
2005-10-31 06:59:21 +08:00
|
|
|
e = kzalloc(sizeof(*e), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!e)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
if (le)
|
2005-04-17 06:20:36 +08:00
|
|
|
le->next = e;
|
2008-04-18 01:37:12 +08:00
|
|
|
else
|
2005-04-17 06:20:36 +08:00
|
|
|
c->expr = e;
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, (sizeof(u32) * 3));
|
|
|
|
if (rc < 0)
|
|
|
|
return rc;
|
|
|
|
e->expr_type = le32_to_cpu(buf[0]);
|
|
|
|
e->attr = le32_to_cpu(buf[1]);
|
|
|
|
e->op = le32_to_cpu(buf[2]);
|
|
|
|
|
|
|
|
switch (e->expr_type) {
|
|
|
|
case CEXPR_NOT:
|
|
|
|
if (depth < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
break;
|
|
|
|
case CEXPR_AND:
|
|
|
|
case CEXPR_OR:
|
|
|
|
if (depth < 1)
|
|
|
|
return -EINVAL;
|
|
|
|
depth--;
|
|
|
|
break;
|
|
|
|
case CEXPR_ATTR:
|
|
|
|
if (depth == (CEXPR_MAXDEPTH - 1))
|
|
|
|
return -EINVAL;
|
|
|
|
depth++;
|
|
|
|
break;
|
|
|
|
case CEXPR_NAMES:
|
|
|
|
if (!allowxtarget && (e->attr & CEXPR_XTARGET))
|
|
|
|
return -EINVAL;
|
|
|
|
if (depth == (CEXPR_MAXDEPTH - 1))
|
|
|
|
return -EINVAL;
|
|
|
|
depth++;
|
|
|
|
if (ebitmap_read(&e->names, fp))
|
|
|
|
return -EINVAL;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
le = e;
|
|
|
|
}
|
|
|
|
if (depth != 0)
|
|
|
|
return -EINVAL;
|
|
|
|
lc = c;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int class_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct class_datum *cladatum;
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[6];
|
|
|
|
u32 len, len2, ncons, nel;
|
2005-04-17 06:20:36 +08:00
|
|
|
int i, rc;
|
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!cladatum) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32)*6);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
len2 = le32_to_cpu(buf[1]);
|
|
|
|
cladatum->value = le32_to_cpu(buf[2]);
|
|
|
|
|
|
|
|
rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
cladatum->permissions.nprim = le32_to_cpu(buf[3]);
|
|
|
|
nel = le32_to_cpu(buf[4]);
|
|
|
|
|
|
|
|
ncons = le32_to_cpu(buf[5]);
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (len2) {
|
2008-04-18 01:37:12 +08:00
|
|
|
cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!cladatum->comkey) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(cladatum->comkey, fp, len2);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
cladatum->comkey[len2] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
cladatum->comdatum = hashtab_search(p->p_commons.table,
|
|
|
|
cladatum->comkey);
|
|
|
|
if (!cladatum->comdatum) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: unknown common %s\n",
|
2005-04-17 06:20:36 +08:00
|
|
|
cladatum->comkey);
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for (i = 0; i < nel; i++) {
|
|
|
|
rc = perm_read(p, cladatum->permissions.table, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
|
|
|
|
/* grab the validatetrans rules */
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
ncons = le32_to_cpu(buf[0]);
|
|
|
|
rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, cladatum);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
rc = 0;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad:
|
2006-11-30 05:50:27 +08:00
|
|
|
cls_destroy(key, cladatum, NULL);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int role_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct role_datum *role;
|
2008-08-28 15:35:57 +08:00
|
|
|
int rc, to_read = 2;
|
|
|
|
__le32 buf[3];
|
2005-09-04 06:55:17 +08:00
|
|
|
u32 len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
role = kzalloc(sizeof(*role), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!role) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2008-08-28 15:35:57 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
|
|
|
|
to_read = 3;
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
role->value = le32_to_cpu(buf[1]);
|
2008-08-28 15:35:57 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
|
|
|
|
role->bounds = le32_to_cpu(buf[2]);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = ebitmap_read(&role->dominates, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
rc = ebitmap_read(&role->types, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
if (strcmp(key, OBJECT_R) == 0) {
|
|
|
|
if (role->value != OBJECT_R_VAL) {
|
2008-04-17 23:52:44 +08:00
|
|
|
printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
|
2005-04-17 06:20:36 +08:00
|
|
|
OBJECT_R, role->value);
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = 0;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, role);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad:
|
|
|
|
role_destroy(key, role, NULL);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int type_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct type_datum *typdatum;
|
2008-08-28 15:35:57 +08:00
|
|
|
int rc, to_read = 3;
|
|
|
|
__le32 buf[4];
|
2005-09-04 06:55:17 +08:00
|
|
|
u32 len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!typdatum) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2008-08-28 15:35:57 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
|
|
|
|
to_read = 4;
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
typdatum->value = le32_to_cpu(buf[1]);
|
2008-08-28 15:35:57 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
|
|
|
|
u32 prop = le32_to_cpu(buf[2]);
|
|
|
|
|
|
|
|
if (prop & TYPEDATUM_PROPERTY_PRIMARY)
|
|
|
|
typdatum->primary = 1;
|
|
|
|
if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
|
|
|
|
typdatum->attribute = 1;
|
|
|
|
|
|
|
|
typdatum->bounds = le32_to_cpu(buf[3]);
|
|
|
|
} else {
|
|
|
|
typdatum->primary = le32_to_cpu(buf[2]);
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, typdatum);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad:
|
|
|
|
type_destroy(key, typdatum, NULL);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read a MLS level structure from a policydb binary
|
|
|
|
* representation file.
|
|
|
|
*/
|
|
|
|
static int mls_read_level(struct mls_level *lp, void *fp)
|
|
|
|
{
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[1];
|
2005-04-17 06:20:36 +08:00
|
|
|
int rc;
|
|
|
|
|
|
|
|
memset(lp, 0, sizeof(*lp));
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof buf);
|
|
|
|
if (rc < 0) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: mls: truncated level\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
lp->sens = le32_to_cpu(buf[0]);
|
|
|
|
|
|
|
|
if (ebitmap_read(&lp->cat, fp)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: mls: error reading level "
|
2005-04-17 06:20:36 +08:00
|
|
|
"categories\n");
|
|
|
|
goto bad;
|
|
|
|
}
|
2007-11-07 23:08:00 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
bad:
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int user_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct user_datum *usrdatum;
|
2008-08-28 15:35:57 +08:00
|
|
|
int rc, to_read = 2;
|
|
|
|
__le32 buf[3];
|
2005-09-04 06:55:17 +08:00
|
|
|
u32 len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!usrdatum) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2008-08-28 15:35:57 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
|
|
|
|
to_read = 3;
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
usrdatum->value = le32_to_cpu(buf[1]);
|
2008-08-28 15:35:57 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
|
|
|
|
usrdatum->bounds = le32_to_cpu(buf[2]);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = ebitmap_read(&usrdatum->roles, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
if (p->policyvers >= POLICYDB_VERSION_MLS) {
|
|
|
|
rc = mls_read_range_helper(&usrdatum->range, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
rc = mls_read_level(&usrdatum->dfltlevel, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, usrdatum);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad:
|
|
|
|
user_destroy(key, usrdatum, NULL);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct level_datum *levdatum;
|
|
|
|
int rc;
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[2];
|
|
|
|
u32 len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!levdatum) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof buf);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
levdatum->isalias = le32_to_cpu(buf[1]);
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_ATOMIC);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
|
|
|
|
if (!levdatum->level) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (mls_read_level(levdatum->level, fp)) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, levdatum);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad:
|
|
|
|
sens_destroy(key, levdatum, NULL);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
|
|
|
|
{
|
|
|
|
char *key = NULL;
|
|
|
|
struct cat_datum *catdatum;
|
|
|
|
int rc;
|
2005-09-04 06:55:17 +08:00
|
|
|
__le32 buf[3];
|
|
|
|
u32 len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!catdatum) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof buf);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
catdatum->value = le32_to_cpu(buf[1]);
|
|
|
|
catdatum->isalias = le32_to_cpu(buf[2]);
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
key = kmalloc(len + 1, GFP_ATOMIC);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!key) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(key, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-07-21 04:57:01 +08:00
|
|
|
key[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = hashtab_insert(h, key, catdatum);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
bad:
|
|
|
|
cat_destroy(key, catdatum, NULL);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
|
|
|
|
{
|
|
|
|
common_read,
|
|
|
|
class_read,
|
|
|
|
role_read,
|
|
|
|
type_read,
|
|
|
|
user_read,
|
|
|
|
cond_read_bool,
|
|
|
|
sens_read,
|
|
|
|
cat_read,
|
|
|
|
};
|
|
|
|
|
2008-08-28 15:35:57 +08:00
|
|
|
static int user_bounds_sanity_check(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct user_datum *upper, *user;
|
|
|
|
struct policydb *p = datap;
|
|
|
|
int depth = 0;
|
|
|
|
|
|
|
|
upper = user = datum;
|
|
|
|
while (upper->bounds) {
|
|
|
|
struct ebitmap_node *node;
|
|
|
|
unsigned long bit;
|
|
|
|
|
|
|
|
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
|
|
|
|
printk(KERN_ERR "SELinux: user %s: "
|
|
|
|
"too deep or looped boundary",
|
|
|
|
(char *) key);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
upper = p->user_val_to_struct[upper->bounds - 1];
|
|
|
|
ebitmap_for_each_positive_bit(&user->roles, node, bit) {
|
|
|
|
if (ebitmap_get_bit(&upper->roles, bit))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
printk(KERN_ERR
|
|
|
|
"SELinux: boundary violated policy: "
|
|
|
|
"user=%s role=%s bounds=%s\n",
|
|
|
|
p->p_user_val_to_name[user->value - 1],
|
|
|
|
p->p_role_val_to_name[bit],
|
|
|
|
p->p_user_val_to_name[upper->value - 1]);
|
|
|
|
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int role_bounds_sanity_check(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct role_datum *upper, *role;
|
|
|
|
struct policydb *p = datap;
|
|
|
|
int depth = 0;
|
|
|
|
|
|
|
|
upper = role = datum;
|
|
|
|
while (upper->bounds) {
|
|
|
|
struct ebitmap_node *node;
|
|
|
|
unsigned long bit;
|
|
|
|
|
|
|
|
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
|
|
|
|
printk(KERN_ERR "SELinux: role %s: "
|
|
|
|
"too deep or looped bounds\n",
|
|
|
|
(char *) key);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
upper = p->role_val_to_struct[upper->bounds - 1];
|
|
|
|
ebitmap_for_each_positive_bit(&role->types, node, bit) {
|
|
|
|
if (ebitmap_get_bit(&upper->types, bit))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
printk(KERN_ERR
|
|
|
|
"SELinux: boundary violated policy: "
|
|
|
|
"role=%s type=%s bounds=%s\n",
|
|
|
|
p->p_role_val_to_name[role->value - 1],
|
|
|
|
p->p_type_val_to_name[bit],
|
|
|
|
p->p_role_val_to_name[upper->value - 1]);
|
|
|
|
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int type_bounds_sanity_check(void *key, void *datum, void *datap)
|
|
|
|
{
|
|
|
|
struct type_datum *upper, *type;
|
|
|
|
struct policydb *p = datap;
|
|
|
|
int depth = 0;
|
|
|
|
|
|
|
|
upper = type = datum;
|
|
|
|
while (upper->bounds) {
|
|
|
|
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
|
|
|
|
printk(KERN_ERR "SELinux: type %s: "
|
|
|
|
"too deep or looped boundary\n",
|
|
|
|
(char *) key);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
upper = p->type_val_to_struct[upper->bounds - 1];
|
|
|
|
if (upper->attribute) {
|
|
|
|
printk(KERN_ERR "SELinux: type %s: "
|
|
|
|
"bounded by attribute %s",
|
|
|
|
(char *) key,
|
|
|
|
p->p_type_val_to_name[upper->value - 1]);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int policydb_bounds_sanity_check(struct policydb *p)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
rc = hashtab_map(p->p_users.table,
|
|
|
|
user_bounds_sanity_check, p);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
rc = hashtab_map(p->p_roles.table,
|
|
|
|
role_bounds_sanity_check, p);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
rc = hashtab_map(p->p_types.table,
|
|
|
|
type_bounds_sanity_check, p);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
extern int ss_initialized;
|
|
|
|
|
selinux: dynamic class/perm discovery
Modify SELinux to dynamically discover class and permission values
upon policy load, based on the dynamic object class/perm discovery
logic from libselinux. A mapping is created between kernel-private
class and permission indices used outside the security server and the
policy values used within the security server.
The mappings are only applied upon kernel-internal computations;
similar mappings for the private indices of userspace object managers
is handled on a per-object manager basis by the userspace AVC. The
interfaces for compute_av and transition_sid are split for kernel
vs. userspace; the userspace functions are distinguished by a _user
suffix.
The kernel-private class indices are no longer tied to the policy
values and thus do not need to skip indices for userspace classes;
thus the kernel class index values are compressed. The flask.h
definitions were regenerated by deleting the userspace classes from
refpolicy's definitions and then regenerating the headers. Going
forward, we can just maintain the flask.h, av_permissions.h, and
classmap.h definitions separately from policy as they are no longer
tied to the policy values. The next patch introduces a utility to
automate generation of flask.h and av_permissions.h from the
classmap.h definitions.
The older kernel class and permission string tables are removed and
replaced by a single security class mapping table that is walked at
policy load to generate the mapping. The old kernel class validation
logic is completely replaced by the mapping logic.
The handle unknown logic is reworked. reject_unknown=1 is handled
when the mappings are computed at policy load time, similar to the old
handling by the class validation logic. allow_unknown=1 is handled
when computing and mapping decisions - if the permission was not able
to be mapped (i.e. undefined, mapped to zero), then it is
automatically added to the allowed vector. If the class was not able
to be mapped (i.e. undefined, mapped to zero), then all permissions
are allowed for it if allow_unknown=1.
avc_audit leverages the new security class mapping table to lookup the
class and permission names from the kernel-private indices.
The mdp program is updated to use the new table when generating the
class definitions and allow rules for a minimal boot policy for the
kernel. It should be noted that this policy will not include any
userspace classes, nor will its policy index values for the kernel
classes correspond with the ones in refpolicy (they will instead match
the kernel-private indices).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2009-10-01 01:37:50 +08:00
|
|
|
u16 string_to_security_class(struct policydb *p, const char *name)
|
|
|
|
{
|
|
|
|
struct class_datum *cladatum;
|
|
|
|
|
|
|
|
cladatum = hashtab_search(p->p_classes.table, name);
|
|
|
|
if (!cladatum)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return cladatum->value;
|
|
|
|
}
|
|
|
|
|
|
|
|
u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
|
|
|
|
{
|
|
|
|
struct class_datum *cladatum;
|
|
|
|
struct perm_datum *perdatum = NULL;
|
|
|
|
struct common_datum *comdatum;
|
|
|
|
|
|
|
|
if (!tclass || tclass > p->p_classes.nprim)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
cladatum = p->class_val_to_struct[tclass-1];
|
|
|
|
comdatum = cladatum->comdatum;
|
|
|
|
if (comdatum)
|
|
|
|
perdatum = hashtab_search(comdatum->permissions.table,
|
|
|
|
name);
|
|
|
|
if (!perdatum)
|
|
|
|
perdatum = hashtab_search(cladatum->permissions.table,
|
|
|
|
name);
|
|
|
|
if (!perdatum)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return 1U << (perdatum->value-1);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Read the configuration data from a policy database binary
|
|
|
|
* representation file into a policy database structure.
|
|
|
|
*/
|
|
|
|
int policydb_read(struct policydb *p, void *fp)
|
|
|
|
{
|
|
|
|
struct role_allow *ra, *lra;
|
|
|
|
struct role_trans *tr, *ltr;
|
|
|
|
struct ocontext *l, *c, *newc;
|
|
|
|
struct genfs *genfs_p, *genfs, *newgenfs;
|
|
|
|
int i, j, rc;
|
2008-06-05 21:48:51 +08:00
|
|
|
__le32 buf[4];
|
|
|
|
u32 nodebuf[8];
|
2005-09-04 06:55:17 +08:00
|
|
|
u32 len, len2, config, nprim, nel, nel2;
|
2005-04-17 06:20:36 +08:00
|
|
|
char *policydb_str;
|
|
|
|
struct policydb_compat_info *info;
|
|
|
|
struct range_trans *rt, *lrt;
|
|
|
|
|
|
|
|
config = 0;
|
|
|
|
|
|
|
|
rc = policydb_init(p);
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* Read the magic number and string length. */
|
2008-04-18 01:37:12 +08:00
|
|
|
rc = next_entry(buf, fp, sizeof(u32) * 2);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
2005-09-04 06:55:17 +08:00
|
|
|
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
|
2005-04-17 06:20:36 +08:00
|
|
|
"not match expected magic number 0x%x\n",
|
2005-09-04 06:55:17 +08:00
|
|
|
le32_to_cpu(buf[0]), POLICYDB_MAGIC);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2005-09-04 06:55:17 +08:00
|
|
|
len = le32_to_cpu(buf[1]);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (len != strlen(POLICYDB_STRING)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: policydb string length %d does not "
|
2005-04-17 06:20:36 +08:00
|
|
|
"match expected length %Zu\n",
|
|
|
|
len, strlen(POLICYDB_STRING));
|
|
|
|
goto bad;
|
|
|
|
}
|
2008-04-18 01:37:12 +08:00
|
|
|
policydb_str = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!policydb_str) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
|
2005-04-17 06:20:36 +08:00
|
|
|
"string of length %d\n", len);
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(policydb_str, fp, len);
|
|
|
|
if (rc < 0) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree(policydb_str);
|
|
|
|
goto bad;
|
|
|
|
}
|
2008-07-21 04:57:01 +08:00
|
|
|
policydb_str[len] = '\0';
|
2005-04-17 06:20:36 +08:00
|
|
|
if (strcmp(policydb_str, POLICYDB_STRING)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: policydb string %s does not match "
|
2005-04-17 06:20:36 +08:00
|
|
|
"my string %s\n", policydb_str, POLICYDB_STRING);
|
|
|
|
kfree(policydb_str);
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
/* Done with policydb_str. */
|
|
|
|
kfree(policydb_str);
|
|
|
|
policydb_str = NULL;
|
|
|
|
|
|
|
|
/* Read the version, config, and table sizes. */
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32)*4);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
|
2005-09-04 06:55:17 +08:00
|
|
|
p->policyvers = le32_to_cpu(buf[0]);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (p->policyvers < POLICYDB_VERSION_MIN ||
|
|
|
|
p->policyvers > POLICYDB_VERSION_MAX) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: policydb version %d does not match "
|
2008-04-18 01:37:12 +08:00
|
|
|
"my version range %d-%d\n",
|
|
|
|
le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
|
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2005-09-04 06:55:17 +08:00
|
|
|
if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (ss_initialized && !selinux_mls_enabled) {
|
2008-04-17 23:52:44 +08:00
|
|
|
printk(KERN_ERR "SELinux: Cannot switch between non-MLS"
|
|
|
|
" and MLS policies\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
selinux_mls_enabled = 1;
|
|
|
|
config |= POLICYDB_CONFIG_MLS;
|
|
|
|
|
|
|
|
if (p->policyvers < POLICYDB_VERSION_MLS) {
|
2008-04-17 23:52:44 +08:00
|
|
|
printk(KERN_ERR "SELinux: security policydb version %d "
|
|
|
|
"(MLS) not backwards compatible\n",
|
|
|
|
p->policyvers);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (ss_initialized && selinux_mls_enabled) {
|
2008-04-17 23:52:44 +08:00
|
|
|
printk(KERN_ERR "SELinux: Cannot switch between MLS and"
|
|
|
|
" non-MLS policies\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
}
|
2007-09-22 02:37:10 +08:00
|
|
|
p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
|
|
|
|
p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-01-29 21:38:19 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_POLCAP &&
|
|
|
|
ebitmap_read(&p->policycaps, fp) != 0)
|
|
|
|
goto bad;
|
|
|
|
|
2008-03-31 09:17:33 +08:00
|
|
|
if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
|
|
|
|
ebitmap_read(&p->permissive_map, fp) != 0)
|
|
|
|
goto bad;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
info = policydb_lookup_compat(p->policyvers);
|
|
|
|
if (!info) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: unable to find policy compat info "
|
2005-04-17 06:20:36 +08:00
|
|
|
"for version %d\n", p->policyvers);
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2005-09-04 06:55:17 +08:00
|
|
|
if (le32_to_cpu(buf[2]) != info->sym_num ||
|
|
|
|
le32_to_cpu(buf[3]) != info->ocon_num) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
|
2005-09-04 06:55:17 +08:00
|
|
|
"not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
|
|
|
|
le32_to_cpu(buf[3]),
|
2005-04-17 06:20:36 +08:00
|
|
|
info->sym_num, info->ocon_num);
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < info->sym_num; i++) {
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32)*2);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
nprim = le32_to_cpu(buf[0]);
|
|
|
|
nel = le32_to_cpu(buf[1]);
|
|
|
|
for (j = 0; j < nel; j++) {
|
|
|
|
rc = read_f[i](p, p->symtab[i].table, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
p->symtab[i].nprim = nprim;
|
|
|
|
}
|
|
|
|
|
2007-11-07 23:08:00 +08:00
|
|
|
rc = avtab_read(&p->te_avtab, fp, p);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
if (p->policyvers >= POLICYDB_VERSION_BOOL) {
|
|
|
|
rc = cond_read_list(p, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
nel = le32_to_cpu(buf[0]);
|
|
|
|
ltr = NULL;
|
|
|
|
for (i = 0; i < nel; i++) {
|
2005-10-31 06:59:21 +08:00
|
|
|
tr = kzalloc(sizeof(*tr), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!tr) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
2008-04-18 01:37:12 +08:00
|
|
|
if (ltr)
|
2005-04-17 06:20:36 +08:00
|
|
|
ltr->next = tr;
|
2008-04-18 01:37:12 +08:00
|
|
|
else
|
2005-04-17 06:20:36 +08:00
|
|
|
p->role_tr = tr;
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32)*3);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
tr->role = le32_to_cpu(buf[0]);
|
|
|
|
tr->type = le32_to_cpu(buf[1]);
|
|
|
|
tr->new_role = le32_to_cpu(buf[2]);
|
2007-11-07 23:08:00 +08:00
|
|
|
if (!policydb_role_isvalid(p, tr->role) ||
|
|
|
|
!policydb_type_isvalid(p, tr->type) ||
|
|
|
|
!policydb_role_isvalid(p, tr->new_role)) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto bad;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
ltr = tr;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
nel = le32_to_cpu(buf[0]);
|
|
|
|
lra = NULL;
|
|
|
|
for (i = 0; i < nel; i++) {
|
2005-10-31 06:59:21 +08:00
|
|
|
ra = kzalloc(sizeof(*ra), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!ra) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
2008-04-18 01:37:12 +08:00
|
|
|
if (lra)
|
2005-04-17 06:20:36 +08:00
|
|
|
lra->next = ra;
|
2008-04-18 01:37:12 +08:00
|
|
|
else
|
2005-04-17 06:20:36 +08:00
|
|
|
p->role_allow = ra;
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32)*2);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
ra->role = le32_to_cpu(buf[0]);
|
|
|
|
ra->new_role = le32_to_cpu(buf[1]);
|
2007-11-07 23:08:00 +08:00
|
|
|
if (!policydb_role_isvalid(p, ra->role) ||
|
|
|
|
!policydb_role_isvalid(p, ra->new_role)) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto bad;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
lra = ra;
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = policydb_index_classes(p);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
rc = policydb_index_others(p);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
selinux: dynamic class/perm discovery
Modify SELinux to dynamically discover class and permission values
upon policy load, based on the dynamic object class/perm discovery
logic from libselinux. A mapping is created between kernel-private
class and permission indices used outside the security server and the
policy values used within the security server.
The mappings are only applied upon kernel-internal computations;
similar mappings for the private indices of userspace object managers
is handled on a per-object manager basis by the userspace AVC. The
interfaces for compute_av and transition_sid are split for kernel
vs. userspace; the userspace functions are distinguished by a _user
suffix.
The kernel-private class indices are no longer tied to the policy
values and thus do not need to skip indices for userspace classes;
thus the kernel class index values are compressed. The flask.h
definitions were regenerated by deleting the userspace classes from
refpolicy's definitions and then regenerating the headers. Going
forward, we can just maintain the flask.h, av_permissions.h, and
classmap.h definitions separately from policy as they are no longer
tied to the policy values. The next patch introduces a utility to
automate generation of flask.h and av_permissions.h from the
classmap.h definitions.
The older kernel class and permission string tables are removed and
replaced by a single security class mapping table that is walked at
policy load to generate the mapping. The old kernel class validation
logic is completely replaced by the mapping logic.
The handle unknown logic is reworked. reject_unknown=1 is handled
when the mappings are computed at policy load time, similar to the old
handling by the class validation logic. allow_unknown=1 is handled
when computing and mapping decisions - if the permission was not able
to be mapped (i.e. undefined, mapped to zero), then it is
automatically added to the allowed vector. If the class was not able
to be mapped (i.e. undefined, mapped to zero), then all permissions
are allowed for it if allow_unknown=1.
avc_audit leverages the new security class mapping table to lookup the
class and permission names from the kernel-private indices.
The mdp program is updated to use the new table when generating the
class definitions and allow rules for a minimal boot policy for the
kernel. It should be noted that this policy will not include any
userspace classes, nor will its policy index values for the kernel
classes correspond with the ones in refpolicy (they will instead match
the kernel-private indices).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2009-10-01 01:37:50 +08:00
|
|
|
p->process_class = string_to_security_class(p, "process");
|
|
|
|
if (!p->process_class)
|
|
|
|
goto bad;
|
|
|
|
p->process_trans_perms = string_to_av_perm(p, p->process_class,
|
|
|
|
"transition");
|
|
|
|
p->process_trans_perms |= string_to_av_perm(p, p->process_class,
|
|
|
|
"dyntransition");
|
|
|
|
if (!p->process_trans_perms)
|
|
|
|
goto bad;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
for (i = 0; i < info->ocon_num; i++) {
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
nel = le32_to_cpu(buf[0]);
|
|
|
|
l = NULL;
|
|
|
|
for (j = 0; j < nel; j++) {
|
2005-10-31 06:59:21 +08:00
|
|
|
c = kzalloc(sizeof(*c), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!c) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
2008-04-18 01:37:12 +08:00
|
|
|
if (l)
|
2005-04-17 06:20:36 +08:00
|
|
|
l->next = c;
|
2008-04-18 01:37:12 +08:00
|
|
|
else
|
2005-04-17 06:20:36 +08:00
|
|
|
p->ocontexts[i] = c;
|
|
|
|
l = c;
|
|
|
|
rc = -EINVAL;
|
|
|
|
switch (i) {
|
|
|
|
case OCON_ISID:
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
c->sid[0] = le32_to_cpu(buf[0]);
|
|
|
|
rc = context_read_and_validate(&c->context[0], p, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
case OCON_FS:
|
|
|
|
case OCON_NETIF:
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
len = le32_to_cpu(buf[0]);
|
2008-04-18 01:37:12 +08:00
|
|
|
c->u.name = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!c->u.name) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(c->u.name, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
c->u.name[len] = 0;
|
|
|
|
rc = context_read_and_validate(&c->context[0], p, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
rc = context_read_and_validate(&c->context[1], p, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
case OCON_PORT:
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32)*3);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
c->u.port.protocol = le32_to_cpu(buf[0]);
|
|
|
|
c->u.port.low_port = le32_to_cpu(buf[1]);
|
|
|
|
c->u.port.high_port = le32_to_cpu(buf[2]);
|
|
|
|
rc = context_read_and_validate(&c->context[0], p, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
case OCON_NODE:
|
2008-06-05 21:48:51 +08:00
|
|
|
rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2008-06-05 21:48:51 +08:00
|
|
|
c->u.node.addr = nodebuf[0]; /* network order */
|
|
|
|
c->u.node.mask = nodebuf[1]; /* network order */
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = context_read_and_validate(&c->context[0], p, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
case OCON_FSUSE:
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32)*2);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
c->v.behavior = le32_to_cpu(buf[0]);
|
|
|
|
if (c->v.behavior > SECURITY_FS_USE_NONE)
|
|
|
|
goto bad;
|
|
|
|
len = le32_to_cpu(buf[1]);
|
2008-04-18 01:37:12 +08:00
|
|
|
c->u.name = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!c->u.name) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(c->u.name, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
c->u.name[len] = 0;
|
|
|
|
rc = context_read_and_validate(&c->context[0], p, fp);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
case OCON_NODE6: {
|
|
|
|
int k;
|
|
|
|
|
2008-06-05 21:48:51 +08:00
|
|
|
rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
for (k = 0; k < 4; k++)
|
2008-06-05 21:48:51 +08:00
|
|
|
c->u.node6.addr[k] = nodebuf[k];
|
2005-04-17 06:20:36 +08:00
|
|
|
for (k = 0; k < 4; k++)
|
2008-06-05 21:48:51 +08:00
|
|
|
c->u.node6.mask[k] = nodebuf[k+4];
|
2005-04-17 06:20:36 +08:00
|
|
|
if (context_read_and_validate(&c->context[0], p, fp))
|
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
nel = le32_to_cpu(buf[0]);
|
|
|
|
genfs_p = NULL;
|
|
|
|
rc = -EINVAL;
|
|
|
|
for (i = 0; i < nel; i++) {
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
len = le32_to_cpu(buf[0]);
|
2005-10-31 06:59:21 +08:00
|
|
|
newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!newgenfs) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!newgenfs->fstype) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
kfree(newgenfs);
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
rc = next_entry(newgenfs->fstype, fp, len);
|
|
|
|
if (rc < 0) {
|
|
|
|
kfree(newgenfs->fstype);
|
|
|
|
kfree(newgenfs);
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
newgenfs->fstype[len] = 0;
|
|
|
|
for (genfs_p = NULL, genfs = p->genfs; genfs;
|
|
|
|
genfs_p = genfs, genfs = genfs->next) {
|
|
|
|
if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: dup genfs "
|
2005-04-17 06:20:36 +08:00
|
|
|
"fstype %s\n", newgenfs->fstype);
|
|
|
|
kfree(newgenfs->fstype);
|
|
|
|
kfree(newgenfs);
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
newgenfs->next = genfs;
|
|
|
|
if (genfs_p)
|
|
|
|
genfs_p->next = newgenfs;
|
|
|
|
else
|
|
|
|
p->genfs = newgenfs;
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
nel2 = le32_to_cpu(buf[0]);
|
|
|
|
for (j = 0; j < nel2; j++) {
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
len = le32_to_cpu(buf[0]);
|
|
|
|
|
2005-10-31 06:59:21 +08:00
|
|
|
newc = kzalloc(sizeof(*newc), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!newc) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2008-04-18 01:37:12 +08:00
|
|
|
newc->u.name = kmalloc(len + 1, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!newc->u.name) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad_newc;
|
|
|
|
}
|
|
|
|
rc = next_entry(newc->u.name, fp, len);
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad_newc;
|
|
|
|
newc->u.name[len] = 0;
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad_newc;
|
|
|
|
newc->v.sclass = le32_to_cpu(buf[0]);
|
|
|
|
if (context_read_and_validate(&newc->context[0], p, fp))
|
|
|
|
goto bad_newc;
|
|
|
|
for (l = NULL, c = newgenfs->head; c;
|
|
|
|
l = c, c = c->next) {
|
|
|
|
if (!strcmp(newc->u.name, c->u.name) &&
|
|
|
|
(!c->v.sclass || !newc->v.sclass ||
|
|
|
|
newc->v.sclass == c->v.sclass)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_ERR "SELinux: dup genfs "
|
2005-04-17 06:20:36 +08:00
|
|
|
"entry (%s,%s)\n",
|
|
|
|
newgenfs->fstype, c->u.name);
|
|
|
|
goto bad_newc;
|
|
|
|
}
|
|
|
|
len = strlen(newc->u.name);
|
|
|
|
len2 = strlen(c->u.name);
|
|
|
|
if (len > len2)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
newc->next = c;
|
|
|
|
if (l)
|
|
|
|
l->next = newc;
|
|
|
|
else
|
|
|
|
newgenfs->head = newc;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->policyvers >= POLICYDB_VERSION_MLS) {
|
2006-09-26 14:31:59 +08:00
|
|
|
int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS;
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
nel = le32_to_cpu(buf[0]);
|
|
|
|
lrt = NULL;
|
|
|
|
for (i = 0; i < nel; i++) {
|
2005-10-31 06:59:21 +08:00
|
|
|
rt = kzalloc(sizeof(*rt), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!rt) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (lrt)
|
|
|
|
lrt->next = rt;
|
|
|
|
else
|
|
|
|
p->range_tr = rt;
|
|
|
|
rc = next_entry(buf, fp, (sizeof(u32) * 2));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
2006-09-26 14:31:59 +08:00
|
|
|
rt->source_type = le32_to_cpu(buf[0]);
|
|
|
|
rt->target_type = le32_to_cpu(buf[1]);
|
|
|
|
if (new_rangetr) {
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
if (rc < 0)
|
|
|
|
goto bad;
|
|
|
|
rt->target_class = le32_to_cpu(buf[0]);
|
|
|
|
} else
|
selinux: dynamic class/perm discovery
Modify SELinux to dynamically discover class and permission values
upon policy load, based on the dynamic object class/perm discovery
logic from libselinux. A mapping is created between kernel-private
class and permission indices used outside the security server and the
policy values used within the security server.
The mappings are only applied upon kernel-internal computations;
similar mappings for the private indices of userspace object managers
is handled on a per-object manager basis by the userspace AVC. The
interfaces for compute_av and transition_sid are split for kernel
vs. userspace; the userspace functions are distinguished by a _user
suffix.
The kernel-private class indices are no longer tied to the policy
values and thus do not need to skip indices for userspace classes;
thus the kernel class index values are compressed. The flask.h
definitions were regenerated by deleting the userspace classes from
refpolicy's definitions and then regenerating the headers. Going
forward, we can just maintain the flask.h, av_permissions.h, and
classmap.h definitions separately from policy as they are no longer
tied to the policy values. The next patch introduces a utility to
automate generation of flask.h and av_permissions.h from the
classmap.h definitions.
The older kernel class and permission string tables are removed and
replaced by a single security class mapping table that is walked at
policy load to generate the mapping. The old kernel class validation
logic is completely replaced by the mapping logic.
The handle unknown logic is reworked. reject_unknown=1 is handled
when the mappings are computed at policy load time, similar to the old
handling by the class validation logic. allow_unknown=1 is handled
when computing and mapping decisions - if the permission was not able
to be mapped (i.e. undefined, mapped to zero), then it is
automatically added to the allowed vector. If the class was not able
to be mapped (i.e. undefined, mapped to zero), then all permissions
are allowed for it if allow_unknown=1.
avc_audit leverages the new security class mapping table to lookup the
class and permission names from the kernel-private indices.
The mdp program is updated to use the new table when generating the
class definitions and allow rules for a minimal boot policy for the
kernel. It should be noted that this policy will not include any
userspace classes, nor will its policy index values for the kernel
classes correspond with the ones in refpolicy (they will instead match
the kernel-private indices).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2009-10-01 01:37:50 +08:00
|
|
|
rt->target_class = p->process_class;
|
2007-11-07 23:08:00 +08:00
|
|
|
if (!policydb_type_isvalid(p, rt->source_type) ||
|
|
|
|
!policydb_type_isvalid(p, rt->target_type) ||
|
|
|
|
!policydb_class_isvalid(p, rt->target_class)) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto bad;
|
|
|
|
}
|
2006-09-26 14:31:59 +08:00
|
|
|
rc = mls_read_range_helper(&rt->target_range, fp);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc)
|
|
|
|
goto bad;
|
2007-11-07 23:08:00 +08:00
|
|
|
if (!mls_range_isvalid(p, &rt->target_range)) {
|
2008-02-26 17:42:02 +08:00
|
|
|
printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
|
2007-11-07 23:08:00 +08:00
|
|
|
goto bad;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
lrt = rt;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-09-04 06:55:16 +08:00
|
|
|
p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
|
|
|
|
if (!p->type_attr_map)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
for (i = 0; i < p->p_types.nprim; i++) {
|
|
|
|
ebitmap_init(&p->type_attr_map[i]);
|
|
|
|
if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
|
|
|
|
if (ebitmap_read(&p->type_attr_map[i], fp))
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
/* add the type itself as the degenerate case */
|
|
|
|
if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2008-08-28 15:35:57 +08:00
|
|
|
rc = policydb_bounds_sanity_check(p);
|
|
|
|
if (rc)
|
|
|
|
goto bad;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = 0;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
bad_newc:
|
2008-04-18 01:37:12 +08:00
|
|
|
ocontext_destroy(newc, OCON_FSUSE);
|
2005-04-17 06:20:36 +08:00
|
|
|
bad:
|
|
|
|
if (!rc)
|
|
|
|
rc = -EINVAL;
|
|
|
|
policydb_destroy(p);
|
|
|
|
goto out;
|
|
|
|
}
|