325551cd7fc7c16570339eed2363eb945dcb8ad3
[linux-3.10.git] / security / selinux / ss / policydb.c
1 /*
2  * Implementation of the policy database.
3  *
4  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5  */
6
7 /*
8  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9  *
10  *      Support for enhanced MLS infrastructure.
11  *
12  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
13  *
14  *      Added conditional policy language extensions
15  *
16  * Updated: Hewlett-Packard <paul.moore@hp.com>
17  *
18  *      Added support for the policy capability bitmap
19  *
20  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
21  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
22  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
23  *      This program is free software; you can redistribute it and/or modify
24  *      it under the terms of the GNU General Public License as published by
25  *      the Free Software Foundation, version 2.
26  */
27
28 #include <linux/kernel.h>
29 #include <linux/sched.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <linux/errno.h>
33 #include "security.h"
34
35 #include "policydb.h"
36 #include "conditional.h"
37 #include "mls.h"
38
39 #define _DEBUG_HASHES
40
41 #ifdef DEBUG_HASHES
42 static char *symtab_name[SYM_NUM] = {
43         "common prefixes",
44         "classes",
45         "roles",
46         "types",
47         "users",
48         "bools",
49         "levels",
50         "categories",
51 };
52 #endif
53
54 int selinux_mls_enabled = 0;
55
56 static unsigned int symtab_sizes[SYM_NUM] = {
57         2,
58         32,
59         16,
60         512,
61         128,
62         16,
63         16,
64         16,
65 };
66
67 struct policydb_compat_info {
68         int version;
69         int sym_num;
70         int ocon_num;
71 };
72
73 /* These need to be updated if SYM_NUM or OCON_NUM changes */
74 static struct policydb_compat_info policydb_compat[] = {
75         {
76                 .version        = POLICYDB_VERSION_BASE,
77                 .sym_num        = SYM_NUM - 3,
78                 .ocon_num       = OCON_NUM - 1,
79         },
80         {
81                 .version        = POLICYDB_VERSION_BOOL,
82                 .sym_num        = SYM_NUM - 2,
83                 .ocon_num       = OCON_NUM - 1,
84         },
85         {
86                 .version        = POLICYDB_VERSION_IPV6,
87                 .sym_num        = SYM_NUM - 2,
88                 .ocon_num       = OCON_NUM,
89         },
90         {
91                 .version        = POLICYDB_VERSION_NLCLASS,
92                 .sym_num        = SYM_NUM - 2,
93                 .ocon_num       = OCON_NUM,
94         },
95         {
96                 .version        = POLICYDB_VERSION_MLS,
97                 .sym_num        = SYM_NUM,
98                 .ocon_num       = OCON_NUM,
99         },
100         {
101                 .version        = POLICYDB_VERSION_AVTAB,
102                 .sym_num        = SYM_NUM,
103                 .ocon_num       = OCON_NUM,
104         },
105         {
106                 .version        = POLICYDB_VERSION_RANGETRANS,
107                 .sym_num        = SYM_NUM,
108                 .ocon_num       = OCON_NUM,
109         },
110         {
111                 .version        = POLICYDB_VERSION_POLCAP,
112                 .sym_num        = SYM_NUM,
113                 .ocon_num       = OCON_NUM,
114         }
115 };
116
117 static struct policydb_compat_info *policydb_lookup_compat(int version)
118 {
119         int i;
120         struct policydb_compat_info *info = NULL;
121
122         for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
123                 if (policydb_compat[i].version == version) {
124                         info = &policydb_compat[i];
125                         break;
126                 }
127         }
128         return info;
129 }
130
131 /*
132  * Initialize the role table.
133  */
134 static int roles_init(struct policydb *p)
135 {
136         char *key = NULL;
137         int rc;
138         struct role_datum *role;
139
140         role = kzalloc(sizeof(*role), GFP_KERNEL);
141         if (!role) {
142                 rc = -ENOMEM;
143                 goto out;
144         }
145         role->value = ++p->p_roles.nprim;
146         if (role->value != OBJECT_R_VAL) {
147                 rc = -EINVAL;
148                 goto out_free_role;
149         }
150         key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL);
151         if (!key) {
152                 rc = -ENOMEM;
153                 goto out_free_role;
154         }
155         strcpy(key, OBJECT_R);
156         rc = hashtab_insert(p->p_roles.table, key, role);
157         if (rc)
158                 goto out_free_key;
159 out:
160         return rc;
161
162 out_free_key:
163         kfree(key);
164 out_free_role:
165         kfree(role);
166         goto out;
167 }
168
169 /*
170  * Initialize a policy database structure.
171  */
172 static int policydb_init(struct policydb *p)
173 {
174         int i, rc;
175
176         memset(p, 0, sizeof(*p));
177
178         for (i = 0; i < SYM_NUM; i++) {
179                 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
180                 if (rc)
181                         goto out_free_symtab;
182         }
183
184         rc = avtab_init(&p->te_avtab);
185         if (rc)
186                 goto out_free_symtab;
187
188         rc = roles_init(p);
189         if (rc)
190                 goto out_free_symtab;
191
192         rc = cond_policydb_init(p);
193         if (rc)
194                 goto out_free_symtab;
195
196         ebitmap_init(&p->policycaps);
197
198 out:
199         return rc;
200
201 out_free_symtab:
202         for (i = 0; i < SYM_NUM; i++)
203                 hashtab_destroy(p->symtab[i].table);
204         goto out;
205 }
206
207 /*
208  * The following *_index functions are used to
209  * define the val_to_name and val_to_struct arrays
210  * in a policy database structure.  The val_to_name
211  * arrays are used when converting security context
212  * structures into string representations.  The
213  * val_to_struct arrays are used when the attributes
214  * of a class, role, or user are needed.
215  */
216
217 static int common_index(void *key, void *datum, void *datap)
218 {
219         struct policydb *p;
220         struct common_datum *comdatum;
221
222         comdatum = datum;
223         p = datap;
224         if (!comdatum->value || comdatum->value > p->p_commons.nprim)
225                 return -EINVAL;
226         p->p_common_val_to_name[comdatum->value - 1] = key;
227         return 0;
228 }
229
230 static int class_index(void *key, void *datum, void *datap)
231 {
232         struct policydb *p;
233         struct class_datum *cladatum;
234
235         cladatum = datum;
236         p = datap;
237         if (!cladatum->value || cladatum->value > p->p_classes.nprim)
238                 return -EINVAL;
239         p->p_class_val_to_name[cladatum->value - 1] = key;
240         p->class_val_to_struct[cladatum->value - 1] = cladatum;
241         return 0;
242 }
243
244 static int role_index(void *key, void *datum, void *datap)
245 {
246         struct policydb *p;
247         struct role_datum *role;
248
249         role = datum;
250         p = datap;
251         if (!role->value || role->value > p->p_roles.nprim)
252                 return -EINVAL;
253         p->p_role_val_to_name[role->value - 1] = key;
254         p->role_val_to_struct[role->value - 1] = role;
255         return 0;
256 }
257
258 static int type_index(void *key, void *datum, void *datap)
259 {
260         struct policydb *p;
261         struct type_datum *typdatum;
262
263         typdatum = datum;
264         p = datap;
265
266         if (typdatum->primary) {
267                 if (!typdatum->value || typdatum->value > p->p_types.nprim)
268                         return -EINVAL;
269                 p->p_type_val_to_name[typdatum->value - 1] = key;
270         }
271
272         return 0;
273 }
274
275 static int user_index(void *key, void *datum, void *datap)
276 {
277         struct policydb *p;
278         struct user_datum *usrdatum;
279
280         usrdatum = datum;
281         p = datap;
282         if (!usrdatum->value || usrdatum->value > p->p_users.nprim)
283                 return -EINVAL;
284         p->p_user_val_to_name[usrdatum->value - 1] = key;
285         p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
286         return 0;
287 }
288
289 static int sens_index(void *key, void *datum, void *datap)
290 {
291         struct policydb *p;
292         struct level_datum *levdatum;
293
294         levdatum = datum;
295         p = datap;
296
297         if (!levdatum->isalias) {
298                 if (!levdatum->level->sens ||
299                     levdatum->level->sens > p->p_levels.nprim)
300                         return -EINVAL;
301                 p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
302         }
303
304         return 0;
305 }
306
307 static int cat_index(void *key, void *datum, void *datap)
308 {
309         struct policydb *p;
310         struct cat_datum *catdatum;
311
312         catdatum = datum;
313         p = datap;
314
315         if (!catdatum->isalias) {
316                 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
317                         return -EINVAL;
318                 p->p_cat_val_to_name[catdatum->value - 1] = key;
319         }
320
321         return 0;
322 }
323
324 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
325 {
326         common_index,
327         class_index,
328         role_index,
329         type_index,
330         user_index,
331         cond_index_bool,
332         sens_index,
333         cat_index,
334 };
335
336 /*
337  * Define the common val_to_name array and the class
338  * val_to_name and val_to_struct arrays in a policy
339  * database structure.
340  *
341  * Caller must clean up upon failure.
342  */
343 static int policydb_index_classes(struct policydb *p)
344 {
345         int rc;
346
347         p->p_common_val_to_name =
348                 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
349         if (!p->p_common_val_to_name) {
350                 rc = -ENOMEM;
351                 goto out;
352         }
353
354         rc = hashtab_map(p->p_commons.table, common_index, p);
355         if (rc)
356                 goto out;
357
358         p->class_val_to_struct =
359                 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
360         if (!p->class_val_to_struct) {
361                 rc = -ENOMEM;
362                 goto out;
363         }
364
365         p->p_class_val_to_name =
366                 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
367         if (!p->p_class_val_to_name) {
368                 rc = -ENOMEM;
369                 goto out;
370         }
371
372         rc = hashtab_map(p->p_classes.table, class_index, p);
373 out:
374         return rc;
375 }
376
377 #ifdef DEBUG_HASHES
378 static void symtab_hash_eval(struct symtab *s)
379 {
380         int i;
381
382         for (i = 0; i < SYM_NUM; i++) {
383                 struct hashtab *h = s[i].table;
384                 struct hashtab_info info;
385
386                 hashtab_stat(h, &info);
387                 printk(KERN_DEBUG "%s:  %d entries and %d/%d buckets used, "
388                        "longest chain length %d\n", symtab_name[i], h->nel,
389                        info.slots_used, h->size, info.max_chain_len);
390         }
391 }
392 #endif
393
394 /*
395  * Define the other val_to_name and val_to_struct arrays
396  * in a policy database structure.
397  *
398  * Caller must clean up on failure.
399  */
400 static int policydb_index_others(struct policydb *p)
401 {
402         int i, rc = 0;
403
404         printk(KERN_DEBUG "SELinux:  %d users, %d roles, %d types, %d bools",
405                p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
406         if (selinux_mls_enabled)
407                 printk(", %d sens, %d cats", p->p_levels.nprim,
408                        p->p_cats.nprim);
409         printk("\n");
410
411         printk(KERN_DEBUG "SELinux:  %d classes, %d rules\n",
412                p->p_classes.nprim, p->te_avtab.nel);
413
414 #ifdef DEBUG_HASHES
415         avtab_hash_eval(&p->te_avtab, "rules");
416         symtab_hash_eval(p->symtab);
417 #endif
418
419         p->role_val_to_struct =
420                 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
421                         GFP_KERNEL);
422         if (!p->role_val_to_struct) {
423                 rc = -ENOMEM;
424                 goto out;
425         }
426
427         p->user_val_to_struct =
428                 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
429                         GFP_KERNEL);
430         if (!p->user_val_to_struct) {
431                 rc = -ENOMEM;
432                 goto out;
433         }
434
435         if (cond_init_bool_indexes(p)) {
436                 rc = -ENOMEM;
437                 goto out;
438         }
439
440         for (i = SYM_ROLES; i < SYM_NUM; i++) {
441                 p->sym_val_to_name[i] =
442                         kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
443                 if (!p->sym_val_to_name[i]) {
444                         rc = -ENOMEM;
445                         goto out;
446                 }
447                 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
448                 if (rc)
449                         goto out;
450         }
451
452 out:
453         return rc;
454 }
455
456 /*
457  * The following *_destroy functions are used to
458  * free any memory allocated for each kind of
459  * symbol data in the policy database.
460  */
461
462 static int perm_destroy(void *key, void *datum, void *p)
463 {
464         kfree(key);
465         kfree(datum);
466         return 0;
467 }
468
469 static int common_destroy(void *key, void *datum, void *p)
470 {
471         struct common_datum *comdatum;
472
473         kfree(key);
474         comdatum = datum;
475         hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
476         hashtab_destroy(comdatum->permissions.table);
477         kfree(datum);
478         return 0;
479 }
480
481 static int cls_destroy(void *key, void *datum, void *p)
482 {
483         struct class_datum *cladatum;
484         struct constraint_node *constraint, *ctemp;
485         struct constraint_expr *e, *etmp;
486
487         kfree(key);
488         cladatum = datum;
489         hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
490         hashtab_destroy(cladatum->permissions.table);
491         constraint = cladatum->constraints;
492         while (constraint) {
493                 e = constraint->expr;
494                 while (e) {
495                         ebitmap_destroy(&e->names);
496                         etmp = e;
497                         e = e->next;
498                         kfree(etmp);
499                 }
500                 ctemp = constraint;
501                 constraint = constraint->next;
502                 kfree(ctemp);
503         }
504
505         constraint = cladatum->validatetrans;
506         while (constraint) {
507                 e = constraint->expr;
508                 while (e) {
509                         ebitmap_destroy(&e->names);
510                         etmp = e;
511                         e = e->next;
512                         kfree(etmp);
513                 }
514                 ctemp = constraint;
515                 constraint = constraint->next;
516                 kfree(ctemp);
517         }
518
519         kfree(cladatum->comkey);
520         kfree(datum);
521         return 0;
522 }
523
524 static int role_destroy(void *key, void *datum, void *p)
525 {
526         struct role_datum *role;
527
528         kfree(key);
529         role = datum;
530         ebitmap_destroy(&role->dominates);
531         ebitmap_destroy(&role->types);
532         kfree(datum);
533         return 0;
534 }
535
536 static int type_destroy(void *key, void *datum, void *p)
537 {
538         kfree(key);
539         kfree(datum);
540         return 0;
541 }
542
543 static int user_destroy(void *key, void *datum, void *p)
544 {
545         struct user_datum *usrdatum;
546
547         kfree(key);
548         usrdatum = datum;
549         ebitmap_destroy(&usrdatum->roles);
550         ebitmap_destroy(&usrdatum->range.level[0].cat);
551         ebitmap_destroy(&usrdatum->range.level[1].cat);
552         ebitmap_destroy(&usrdatum->dfltlevel.cat);
553         kfree(datum);
554         return 0;
555 }
556
557 static int sens_destroy(void *key, void *datum, void *p)
558 {
559         struct level_datum *levdatum;
560
561         kfree(key);
562         levdatum = datum;
563         ebitmap_destroy(&levdatum->level->cat);
564         kfree(levdatum->level);
565         kfree(datum);
566         return 0;
567 }
568
569 static int cat_destroy(void *key, void *datum, void *p)
570 {
571         kfree(key);
572         kfree(datum);
573         return 0;
574 }
575
576 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
577 {
578         common_destroy,
579         cls_destroy,
580         role_destroy,
581         type_destroy,
582         user_destroy,
583         cond_destroy_bool,
584         sens_destroy,
585         cat_destroy,
586 };
587
588 static void ocontext_destroy(struct ocontext *c, int i)
589 {
590         context_destroy(&c->context[0]);
591         context_destroy(&c->context[1]);
592         if (i == OCON_ISID || i == OCON_FS ||
593             i == OCON_NETIF || i == OCON_FSUSE)
594                 kfree(c->u.name);
595         kfree(c);
596 }
597
598 /*
599  * Free any memory allocated by a policy database structure.
600  */
601 void policydb_destroy(struct policydb *p)
602 {
603         struct ocontext *c, *ctmp;
604         struct genfs *g, *gtmp;
605         int i;
606         struct role_allow *ra, *lra = NULL;
607         struct role_trans *tr, *ltr = NULL;
608         struct range_trans *rt, *lrt = NULL;
609
610         for (i = 0; i < SYM_NUM; i++) {
611                 cond_resched();
612                 hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
613                 hashtab_destroy(p->symtab[i].table);
614         }
615
616         for (i = 0; i < SYM_NUM; i++)
617                 kfree(p->sym_val_to_name[i]);
618
619         kfree(p->class_val_to_struct);
620         kfree(p->role_val_to_struct);
621         kfree(p->user_val_to_struct);
622
623         avtab_destroy(&p->te_avtab);
624
625         for (i = 0; i < OCON_NUM; i++) {
626                 cond_resched();
627                 c = p->ocontexts[i];
628                 while (c) {
629                         ctmp = c;
630                         c = c->next;
631                         ocontext_destroy(ctmp,i);
632                 }
633                 p->ocontexts[i] = NULL;
634         }
635
636         g = p->genfs;
637         while (g) {
638                 cond_resched();
639                 kfree(g->fstype);
640                 c = g->head;
641                 while (c) {
642                         ctmp = c;
643                         c = c->next;
644                         ocontext_destroy(ctmp,OCON_FSUSE);
645                 }
646                 gtmp = g;
647                 g = g->next;
648                 kfree(gtmp);
649         }
650         p->genfs = NULL;
651
652         cond_policydb_destroy(p);
653
654         for (tr = p->role_tr; tr; tr = tr->next) {
655                 cond_resched();
656                 kfree(ltr);
657                 ltr = tr;
658         }
659         kfree(ltr);
660
661         for (ra = p->role_allow; ra; ra = ra -> next) {
662                 cond_resched();
663                 kfree(lra);
664                 lra = ra;
665         }
666         kfree(lra);
667
668         for (rt = p->range_tr; rt; rt = rt -> next) {
669                 cond_resched();
670                 if (lrt) {
671                         ebitmap_destroy(&lrt->target_range.level[0].cat);
672                         ebitmap_destroy(&lrt->target_range.level[1].cat);
673                         kfree(lrt);
674                 }
675                 lrt = rt;
676         }
677         if (lrt) {
678                 ebitmap_destroy(&lrt->target_range.level[0].cat);
679                 ebitmap_destroy(&lrt->target_range.level[1].cat);
680                 kfree(lrt);
681         }
682
683         if (p->type_attr_map) {
684                 for (i = 0; i < p->p_types.nprim; i++)
685                         ebitmap_destroy(&p->type_attr_map[i]);
686         }
687         kfree(p->type_attr_map);
688         kfree(p->undefined_perms);
689         ebitmap_destroy(&p->policycaps);
690
691         return;
692 }
693
694 /*
695  * Load the initial SIDs specified in a policy database
696  * structure into a SID table.
697  */
698 int policydb_load_isids(struct policydb *p, struct sidtab *s)
699 {
700         struct ocontext *head, *c;
701         int rc;
702
703         rc = sidtab_init(s);
704         if (rc) {
705                 printk(KERN_ERR "SELinux:  out of memory on SID table init\n");
706                 goto out;
707         }
708
709         head = p->ocontexts[OCON_ISID];
710         for (c = head; c; c = c->next) {
711                 if (!c->context[0].user) {
712                         printk(KERN_ERR "SELinux:  SID %s was never "
713                                "defined.\n", c->u.name);
714                         rc = -EINVAL;
715                         goto out;
716                 }
717                 if (sidtab_insert(s, c->sid[0], &c->context[0])) {
718                         printk(KERN_ERR "SELinux:  unable to load initial "
719                                "SID %s.\n", c->u.name);
720                         rc = -EINVAL;
721                         goto out;
722                 }
723         }
724 out:
725         return rc;
726 }
727
728 int policydb_class_isvalid(struct policydb *p, unsigned int class)
729 {
730         if (!class || class > p->p_classes.nprim)
731                 return 0;
732         return 1;
733 }
734
735 int policydb_role_isvalid(struct policydb *p, unsigned int role)
736 {
737         if (!role || role > p->p_roles.nprim)
738                 return 0;
739         return 1;
740 }
741
742 int policydb_type_isvalid(struct policydb *p, unsigned int type)
743 {
744         if (!type || type > p->p_types.nprim)
745                 return 0;
746         return 1;
747 }
748
749 /*
750  * Return 1 if the fields in the security context
751  * structure `c' are valid.  Return 0 otherwise.
752  */
753 int policydb_context_isvalid(struct policydb *p, struct context *c)
754 {
755         struct role_datum *role;
756         struct user_datum *usrdatum;
757
758         if (!c->role || c->role > p->p_roles.nprim)
759                 return 0;
760
761         if (!c->user || c->user > p->p_users.nprim)
762                 return 0;
763
764         if (!c->type || c->type > p->p_types.nprim)
765                 return 0;
766
767         if (c->role != OBJECT_R_VAL) {
768                 /*
769                  * Role must be authorized for the type.
770                  */
771                 role = p->role_val_to_struct[c->role - 1];
772                 if (!ebitmap_get_bit(&role->types,
773                                      c->type - 1))
774                         /* role may not be associated with type */
775                         return 0;
776
777                 /*
778                  * User must be authorized for the role.
779                  */
780                 usrdatum = p->user_val_to_struct[c->user - 1];
781                 if (!usrdatum)
782                         return 0;
783
784                 if (!ebitmap_get_bit(&usrdatum->roles,
785                                      c->role - 1))
786                         /* user may not be associated with role */
787                         return 0;
788         }
789
790         if (!mls_context_isvalid(p, c))
791                 return 0;
792
793         return 1;
794 }
795
796 /*
797  * Read a MLS range structure from a policydb binary
798  * representation file.
799  */
800 static int mls_read_range_helper(struct mls_range *r, void *fp)
801 {
802         __le32 buf[2];
803         u32 items;
804         int rc;
805
806         rc = next_entry(buf, fp, sizeof(u32));
807         if (rc < 0)
808                 goto out;
809
810         items = le32_to_cpu(buf[0]);
811         if (items > ARRAY_SIZE(buf)) {
812                 printk(KERN_ERR "SELinux: mls:  range overflow\n");
813                 rc = -EINVAL;
814                 goto out;
815         }
816         rc = next_entry(buf, fp, sizeof(u32) * items);
817         if (rc < 0) {
818                 printk(KERN_ERR "SELinux: mls:  truncated range\n");
819                 goto out;
820         }
821         r->level[0].sens = le32_to_cpu(buf[0]);
822         if (items > 1)
823                 r->level[1].sens = le32_to_cpu(buf[1]);
824         else
825                 r->level[1].sens = r->level[0].sens;
826
827         rc = ebitmap_read(&r->level[0].cat, fp);
828         if (rc) {
829                 printk(KERN_ERR "SELinux: mls:  error reading low "
830                        "categories\n");
831                 goto out;
832         }
833         if (items > 1) {
834                 rc = ebitmap_read(&r->level[1].cat, fp);
835                 if (rc) {
836                         printk(KERN_ERR "SELinux: mls:  error reading high "
837                                "categories\n");
838                         goto bad_high;
839                 }
840         } else {
841                 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
842                 if (rc) {
843                         printk(KERN_ERR "SELinux: mls:  out of memory\n");
844                         goto bad_high;
845                 }
846         }
847
848         rc = 0;
849 out:
850         return rc;
851 bad_high:
852         ebitmap_destroy(&r->level[0].cat);
853         goto out;
854 }
855
856 /*
857  * Read and validate a security context structure
858  * from a policydb binary representation file.
859  */
860 static int context_read_and_validate(struct context *c,
861                                      struct policydb *p,
862                                      void *fp)
863 {
864         __le32 buf[3];
865         int rc;
866
867         rc = next_entry(buf, fp, sizeof buf);
868         if (rc < 0) {
869                 printk(KERN_ERR "SELinux: context truncated\n");
870                 goto out;
871         }
872         c->user = le32_to_cpu(buf[0]);
873         c->role = le32_to_cpu(buf[1]);
874         c->type = le32_to_cpu(buf[2]);
875         if (p->policyvers >= POLICYDB_VERSION_MLS) {
876                 if (mls_read_range_helper(&c->range, fp)) {
877                         printk(KERN_ERR "SELinux: error reading MLS range of "
878                                "context\n");
879                         rc = -EINVAL;
880                         goto out;
881                 }
882         }
883
884         if (!policydb_context_isvalid(p, c)) {
885                 printk(KERN_ERR "SELinux:  invalid security context\n");
886                 context_destroy(c);
887                 rc = -EINVAL;
888         }
889 out:
890         return rc;
891 }
892
893 /*
894  * The following *_read functions are used to
895  * read the symbol data from a policy database
896  * binary representation file.
897  */
898
899 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
900 {
901         char *key = NULL;
902         struct perm_datum *perdatum;
903         int rc;
904         __le32 buf[2];
905         u32 len;
906
907         perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
908         if (!perdatum) {
909                 rc = -ENOMEM;
910                 goto out;
911         }
912
913         rc = next_entry(buf, fp, sizeof buf);
914         if (rc < 0)
915                 goto bad;
916
917         len = le32_to_cpu(buf[0]);
918         perdatum->value = le32_to_cpu(buf[1]);
919
920         key = kmalloc(len + 1,GFP_KERNEL);
921         if (!key) {
922                 rc = -ENOMEM;
923                 goto bad;
924         }
925         rc = next_entry(key, fp, len);
926         if (rc < 0)
927                 goto bad;
928         key[len] = 0;
929
930         rc = hashtab_insert(h, key, perdatum);
931         if (rc)
932                 goto bad;
933 out:
934         return rc;
935 bad:
936         perm_destroy(key, perdatum, NULL);
937         goto out;
938 }
939
940 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
941 {
942         char *key = NULL;
943         struct common_datum *comdatum;
944         __le32 buf[4];
945         u32 len, nel;
946         int i, rc;
947
948         comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
949         if (!comdatum) {
950                 rc = -ENOMEM;
951                 goto out;
952         }
953
954         rc = next_entry(buf, fp, sizeof buf);
955         if (rc < 0)
956                 goto bad;
957
958         len = le32_to_cpu(buf[0]);
959         comdatum->value = le32_to_cpu(buf[1]);
960
961         rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
962         if (rc)
963                 goto bad;
964         comdatum->permissions.nprim = le32_to_cpu(buf[2]);
965         nel = le32_to_cpu(buf[3]);
966
967         key = kmalloc(len + 1,GFP_KERNEL);
968         if (!key) {
969                 rc = -ENOMEM;
970                 goto bad;
971         }
972         rc = next_entry(key, fp, len);
973         if (rc < 0)
974                 goto bad;
975         key[len] = 0;
976
977         for (i = 0; i < nel; i++) {
978                 rc = perm_read(p, comdatum->permissions.table, fp);
979                 if (rc)
980                         goto bad;
981         }
982
983         rc = hashtab_insert(h, key, comdatum);
984         if (rc)
985                 goto bad;
986 out:
987         return rc;
988 bad:
989         common_destroy(key, comdatum, NULL);
990         goto out;
991 }
992
993 static int read_cons_helper(struct constraint_node **nodep, int ncons,
994                             int allowxtarget, void *fp)
995 {
996         struct constraint_node *c, *lc;
997         struct constraint_expr *e, *le;
998         __le32 buf[3];
999         u32 nexpr;
1000         int rc, i, j, depth;
1001
1002         lc = NULL;
1003         for (i = 0; i < ncons; i++) {
1004                 c = kzalloc(sizeof(*c), GFP_KERNEL);
1005                 if (!c)
1006                         return -ENOMEM;
1007
1008                 if (lc) {
1009                         lc->next = c;
1010                 } else {
1011                         *nodep = c;
1012                 }
1013
1014                 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1015                 if (rc < 0)
1016                         return rc;
1017                 c->permissions = le32_to_cpu(buf[0]);
1018                 nexpr = le32_to_cpu(buf[1]);
1019                 le = NULL;
1020                 depth = -1;
1021                 for (j = 0; j < nexpr; j++) {
1022                         e = kzalloc(sizeof(*e), GFP_KERNEL);
1023                         if (!e)
1024                                 return -ENOMEM;
1025
1026                         if (le) {
1027                                 le->next = e;
1028                         } else {
1029                                 c->expr = e;
1030                         }
1031
1032                         rc = next_entry(buf, fp, (sizeof(u32) * 3));
1033                         if (rc < 0)
1034                                 return rc;
1035                         e->expr_type = le32_to_cpu(buf[0]);
1036                         e->attr = le32_to_cpu(buf[1]);
1037                         e->op = le32_to_cpu(buf[2]);
1038
1039                         switch (e->expr_type) {
1040                         case CEXPR_NOT:
1041                                 if (depth < 0)
1042                                         return -EINVAL;
1043                                 break;
1044                         case CEXPR_AND:
1045                         case CEXPR_OR:
1046                                 if (depth < 1)
1047                                         return -EINVAL;
1048                                 depth--;
1049                                 break;
1050                         case CEXPR_ATTR:
1051                                 if (depth == (CEXPR_MAXDEPTH - 1))
1052                                         return -EINVAL;
1053                                 depth++;
1054                                 break;
1055                         case CEXPR_NAMES:
1056                                 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1057                                         return -EINVAL;
1058                                 if (depth == (CEXPR_MAXDEPTH - 1))
1059                                         return -EINVAL;
1060                                 depth++;
1061                                 if (ebitmap_read(&e->names, fp))
1062                                         return -EINVAL;
1063                                 break;
1064                         default:
1065                                 return -EINVAL;
1066                         }
1067                         le = e;
1068                 }
1069                 if (depth != 0)
1070                         return -EINVAL;
1071                 lc = c;
1072         }
1073
1074         return 0;
1075 }
1076
1077 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1078 {
1079         char *key = NULL;
1080         struct class_datum *cladatum;
1081         __le32 buf[6];
1082         u32 len, len2, ncons, nel;
1083         int i, rc;
1084
1085         cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1086         if (!cladatum) {
1087                 rc = -ENOMEM;
1088                 goto out;
1089         }
1090
1091         rc = next_entry(buf, fp, sizeof(u32)*6);
1092         if (rc < 0)
1093                 goto bad;
1094
1095         len = le32_to_cpu(buf[0]);
1096         len2 = le32_to_cpu(buf[1]);
1097         cladatum->value = le32_to_cpu(buf[2]);
1098
1099         rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1100         if (rc)
1101                 goto bad;
1102         cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1103         nel = le32_to_cpu(buf[4]);
1104
1105         ncons = le32_to_cpu(buf[5]);
1106
1107         key = kmalloc(len + 1,GFP_KERNEL);
1108         if (!key) {
1109                 rc = -ENOMEM;
1110                 goto bad;
1111         }
1112         rc = next_entry(key, fp, len);
1113         if (rc < 0)
1114                 goto bad;
1115         key[len] = 0;
1116
1117         if (len2) {
1118                 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL);
1119                 if (!cladatum->comkey) {
1120                         rc = -ENOMEM;
1121                         goto bad;
1122                 }
1123                 rc = next_entry(cladatum->comkey, fp, len2);
1124                 if (rc < 0)
1125                         goto bad;
1126                 cladatum->comkey[len2] = 0;
1127
1128                 cladatum->comdatum = hashtab_search(p->p_commons.table,
1129                                                     cladatum->comkey);
1130                 if (!cladatum->comdatum) {
1131                         printk(KERN_ERR "SELinux:  unknown common %s\n",
1132                                cladatum->comkey);
1133                         rc = -EINVAL;
1134                         goto bad;
1135                 }
1136         }
1137         for (i = 0; i < nel; i++) {
1138                 rc = perm_read(p, cladatum->permissions.table, fp);
1139                 if (rc)
1140                         goto bad;
1141         }
1142
1143         rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1144         if (rc)
1145                 goto bad;
1146
1147         if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1148                 /* grab the validatetrans rules */
1149                 rc = next_entry(buf, fp, sizeof(u32));
1150                 if (rc < 0)
1151                         goto bad;
1152                 ncons = le32_to_cpu(buf[0]);
1153                 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1154                 if (rc)
1155                         goto bad;
1156         }
1157
1158         rc = hashtab_insert(h, key, cladatum);
1159         if (rc)
1160                 goto bad;
1161
1162         rc = 0;
1163 out:
1164         return rc;
1165 bad:
1166         cls_destroy(key, cladatum, NULL);
1167         goto out;
1168 }
1169
1170 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1171 {
1172         char *key = NULL;
1173         struct role_datum *role;
1174         int rc;
1175         __le32 buf[2];
1176         u32 len;
1177
1178         role = kzalloc(sizeof(*role), GFP_KERNEL);
1179         if (!role) {
1180                 rc = -ENOMEM;
1181                 goto out;
1182         }
1183
1184         rc = next_entry(buf, fp, sizeof buf);
1185         if (rc < 0)
1186                 goto bad;
1187
1188         len = le32_to_cpu(buf[0]);
1189         role->value = le32_to_cpu(buf[1]);
1190
1191         key = kmalloc(len + 1,GFP_KERNEL);
1192         if (!key) {
1193                 rc = -ENOMEM;
1194                 goto bad;
1195         }
1196         rc = next_entry(key, fp, len);
1197         if (rc < 0)
1198                 goto bad;
1199         key[len] = 0;
1200
1201         rc = ebitmap_read(&role->dominates, fp);
1202         if (rc)
1203                 goto bad;
1204
1205         rc = ebitmap_read(&role->types, fp);
1206         if (rc)
1207                 goto bad;
1208
1209         if (strcmp(key, OBJECT_R) == 0) {
1210                 if (role->value != OBJECT_R_VAL) {
1211                         printk(KERN_ERR "Role %s has wrong value %d\n",
1212                                OBJECT_R, role->value);
1213                         rc = -EINVAL;
1214                         goto bad;
1215                 }
1216                 rc = 0;
1217                 goto bad;
1218         }
1219
1220         rc = hashtab_insert(h, key, role);
1221         if (rc)
1222                 goto bad;
1223 out:
1224         return rc;
1225 bad:
1226         role_destroy(key, role, NULL);
1227         goto out;
1228 }
1229
1230 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1231 {
1232         char *key = NULL;
1233         struct type_datum *typdatum;
1234         int rc;
1235         __le32 buf[3];
1236         u32 len;
1237
1238         typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL);
1239         if (!typdatum) {
1240                 rc = -ENOMEM;
1241                 return rc;
1242         }
1243
1244         rc = next_entry(buf, fp, sizeof buf);
1245         if (rc < 0)
1246                 goto bad;
1247
1248         len = le32_to_cpu(buf[0]);
1249         typdatum->value = le32_to_cpu(buf[1]);
1250         typdatum->primary = le32_to_cpu(buf[2]);
1251
1252         key = kmalloc(len + 1,GFP_KERNEL);
1253         if (!key) {
1254                 rc = -ENOMEM;
1255                 goto bad;
1256         }
1257         rc = next_entry(key, fp, len);
1258         if (rc < 0)
1259                 goto bad;
1260         key[len] = 0;
1261
1262         rc = hashtab_insert(h, key, typdatum);
1263         if (rc)
1264                 goto bad;
1265 out:
1266         return rc;
1267 bad:
1268         type_destroy(key, typdatum, NULL);
1269         goto out;
1270 }
1271
1272
1273 /*
1274  * Read a MLS level structure from a policydb binary
1275  * representation file.
1276  */
1277 static int mls_read_level(struct mls_level *lp, void *fp)
1278 {
1279         __le32 buf[1];
1280         int rc;
1281
1282         memset(lp, 0, sizeof(*lp));
1283
1284         rc = next_entry(buf, fp, sizeof buf);
1285         if (rc < 0) {
1286                 printk(KERN_ERR "SELinux: mls: truncated level\n");
1287                 goto bad;
1288         }
1289         lp->sens = le32_to_cpu(buf[0]);
1290
1291         if (ebitmap_read(&lp->cat, fp)) {
1292                 printk(KERN_ERR "SELinux: mls:  error reading level "
1293                        "categories\n");
1294                 goto bad;
1295         }
1296
1297         return 0;
1298
1299 bad:
1300         return -EINVAL;
1301 }
1302
1303 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1304 {
1305         char *key = NULL;
1306         struct user_datum *usrdatum;
1307         int rc;
1308         __le32 buf[2];
1309         u32 len;
1310
1311         usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1312         if (!usrdatum) {
1313                 rc = -ENOMEM;
1314                 goto out;
1315         }
1316
1317         rc = next_entry(buf, fp, sizeof buf);
1318         if (rc < 0)
1319                 goto bad;
1320
1321         len = le32_to_cpu(buf[0]);
1322         usrdatum->value = le32_to_cpu(buf[1]);
1323
1324         key = kmalloc(len + 1,GFP_KERNEL);
1325         if (!key) {
1326                 rc = -ENOMEM;
1327                 goto bad;
1328         }
1329         rc = next_entry(key, fp, len);
1330         if (rc < 0)
1331                 goto bad;
1332         key[len] = 0;
1333
1334         rc = ebitmap_read(&usrdatum->roles, fp);
1335         if (rc)
1336                 goto bad;
1337
1338         if (p->policyvers >= POLICYDB_VERSION_MLS) {
1339                 rc = mls_read_range_helper(&usrdatum->range, fp);
1340                 if (rc)
1341                         goto bad;
1342                 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1343                 if (rc)
1344                         goto bad;
1345         }
1346
1347         rc = hashtab_insert(h, key, usrdatum);
1348         if (rc)
1349                 goto bad;
1350 out:
1351         return rc;
1352 bad:
1353         user_destroy(key, usrdatum, NULL);
1354         goto out;
1355 }
1356
1357 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1358 {
1359         char *key = NULL;
1360         struct level_datum *levdatum;
1361         int rc;
1362         __le32 buf[2];
1363         u32 len;
1364
1365         levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1366         if (!levdatum) {
1367                 rc = -ENOMEM;
1368                 goto out;
1369         }
1370
1371         rc = next_entry(buf, fp, sizeof buf);
1372         if (rc < 0)
1373                 goto bad;
1374
1375         len = le32_to_cpu(buf[0]);
1376         levdatum->isalias = le32_to_cpu(buf[1]);
1377
1378         key = kmalloc(len + 1,GFP_ATOMIC);
1379         if (!key) {
1380                 rc = -ENOMEM;
1381                 goto bad;
1382         }
1383         rc = next_entry(key, fp, len);
1384         if (rc < 0)
1385                 goto bad;
1386         key[len] = 0;
1387
1388         levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1389         if (!levdatum->level) {
1390                 rc = -ENOMEM;
1391                 goto bad;
1392         }
1393         if (mls_read_level(levdatum->level, fp)) {
1394                 rc = -EINVAL;
1395                 goto bad;
1396         }
1397
1398         rc = hashtab_insert(h, key, levdatum);
1399         if (rc)
1400                 goto bad;
1401 out:
1402         return rc;
1403 bad:
1404         sens_destroy(key, levdatum, NULL);
1405         goto out;
1406 }
1407
1408 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1409 {
1410         char *key = NULL;
1411         struct cat_datum *catdatum;
1412         int rc;
1413         __le32 buf[3];
1414         u32 len;
1415
1416         catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1417         if (!catdatum) {
1418                 rc = -ENOMEM;
1419                 goto out;
1420         }
1421
1422         rc = next_entry(buf, fp, sizeof buf);
1423         if (rc < 0)
1424                 goto bad;
1425
1426         len = le32_to_cpu(buf[0]);
1427         catdatum->value = le32_to_cpu(buf[1]);
1428         catdatum->isalias = le32_to_cpu(buf[2]);
1429
1430         key = kmalloc(len + 1,GFP_ATOMIC);
1431         if (!key) {
1432                 rc = -ENOMEM;
1433                 goto bad;
1434         }
1435         rc = next_entry(key, fp, len);
1436         if (rc < 0)
1437                 goto bad;
1438         key[len] = 0;
1439
1440         rc = hashtab_insert(h, key, catdatum);
1441         if (rc)
1442                 goto bad;
1443 out:
1444         return rc;
1445
1446 bad:
1447         cat_destroy(key, catdatum, NULL);
1448         goto out;
1449 }
1450
1451 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1452 {
1453         common_read,
1454         class_read,
1455         role_read,
1456         type_read,
1457         user_read,
1458         cond_read_bool,
1459         sens_read,
1460         cat_read,
1461 };
1462
1463 extern int ss_initialized;
1464
1465 /*
1466  * Read the configuration data from a policy database binary
1467  * representation file into a policy database structure.
1468  */
1469 int policydb_read(struct policydb *p, void *fp)
1470 {
1471         struct role_allow *ra, *lra;
1472         struct role_trans *tr, *ltr;
1473         struct ocontext *l, *c, *newc;
1474         struct genfs *genfs_p, *genfs, *newgenfs;
1475         int i, j, rc;
1476         __le32 buf[8];
1477         u32 len, len2, config, nprim, nel, nel2;
1478         char *policydb_str;
1479         struct policydb_compat_info *info;
1480         struct range_trans *rt, *lrt;
1481
1482         config = 0;
1483
1484         rc = policydb_init(p);
1485         if (rc)
1486                 goto out;
1487
1488         /* Read the magic number and string length. */
1489         rc = next_entry(buf, fp, sizeof(u32)* 2);
1490         if (rc < 0)
1491                 goto bad;
1492
1493         if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
1494                 printk(KERN_ERR "SELinux:  policydb magic number 0x%x does "
1495                        "not match expected magic number 0x%x\n",
1496                        le32_to_cpu(buf[0]), POLICYDB_MAGIC);
1497                 goto bad;
1498         }
1499
1500         len = le32_to_cpu(buf[1]);
1501         if (len != strlen(POLICYDB_STRING)) {
1502                 printk(KERN_ERR "SELinux:  policydb string length %d does not "
1503                        "match expected length %Zu\n",
1504                        len, strlen(POLICYDB_STRING));
1505                 goto bad;
1506         }
1507         policydb_str = kmalloc(len + 1,GFP_KERNEL);
1508         if (!policydb_str) {
1509                 printk(KERN_ERR "SELinux:  unable to allocate memory for policydb "
1510                        "string of length %d\n", len);
1511                 rc = -ENOMEM;
1512                 goto bad;
1513         }
1514         rc = next_entry(policydb_str, fp, len);
1515         if (rc < 0) {
1516                 printk(KERN_ERR "SELinux:  truncated policydb string identifier\n");
1517                 kfree(policydb_str);
1518                 goto bad;
1519         }
1520         policydb_str[len] = 0;
1521         if (strcmp(policydb_str, POLICYDB_STRING)) {
1522                 printk(KERN_ERR "SELinux:  policydb string %s does not match "
1523                        "my string %s\n", policydb_str, POLICYDB_STRING);
1524                 kfree(policydb_str);
1525                 goto bad;
1526         }
1527         /* Done with policydb_str. */
1528         kfree(policydb_str);
1529         policydb_str = NULL;
1530
1531         /* Read the version, config, and table sizes. */
1532         rc = next_entry(buf, fp, sizeof(u32)*4);
1533         if (rc < 0)
1534                 goto bad;
1535
1536         p->policyvers = le32_to_cpu(buf[0]);
1537         if (p->policyvers < POLICYDB_VERSION_MIN ||
1538             p->policyvers > POLICYDB_VERSION_MAX) {
1539                 printk(KERN_ERR "SELinux:  policydb version %d does not match "
1540                        "my version range %d-%d\n",
1541                        le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1542                 goto bad;
1543         }
1544
1545         if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1546                 if (ss_initialized && !selinux_mls_enabled) {
1547                         printk(KERN_ERR "Cannot switch between non-MLS and MLS "
1548                                "policies\n");
1549                         goto bad;
1550                 }
1551                 selinux_mls_enabled = 1;
1552                 config |= POLICYDB_CONFIG_MLS;
1553
1554                 if (p->policyvers < POLICYDB_VERSION_MLS) {
1555                         printk(KERN_ERR "security policydb version %d (MLS) "
1556                                "not backwards compatible\n", p->policyvers);
1557                         goto bad;
1558                 }
1559         } else {
1560                 if (ss_initialized && selinux_mls_enabled) {
1561                         printk(KERN_ERR "Cannot switch between MLS and non-MLS "
1562                                "policies\n");
1563                         goto bad;
1564                 }
1565         }
1566         p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
1567         p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
1568
1569         if (p->policyvers >= POLICYDB_VERSION_POLCAP &&
1570             ebitmap_read(&p->policycaps, fp) != 0)
1571                 goto bad;
1572
1573         info = policydb_lookup_compat(p->policyvers);
1574         if (!info) {
1575                 printk(KERN_ERR "SELinux:  unable to find policy compat info "
1576                        "for version %d\n", p->policyvers);
1577                 goto bad;
1578         }
1579
1580         if (le32_to_cpu(buf[2]) != info->sym_num ||
1581                 le32_to_cpu(buf[3]) != info->ocon_num) {
1582                 printk(KERN_ERR "SELinux:  policydb table sizes (%d,%d) do "
1583                        "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
1584                         le32_to_cpu(buf[3]),
1585                        info->sym_num, info->ocon_num);
1586                 goto bad;
1587         }
1588
1589         for (i = 0; i < info->sym_num; i++) {
1590                 rc = next_entry(buf, fp, sizeof(u32)*2);
1591                 if (rc < 0)
1592                         goto bad;
1593                 nprim = le32_to_cpu(buf[0]);
1594                 nel = le32_to_cpu(buf[1]);
1595                 for (j = 0; j < nel; j++) {
1596                         rc = read_f[i](p, p->symtab[i].table, fp);
1597                         if (rc)
1598                                 goto bad;
1599                 }
1600
1601                 p->symtab[i].nprim = nprim;
1602         }
1603
1604         rc = avtab_read(&p->te_avtab, fp, p);
1605         if (rc)
1606                 goto bad;
1607
1608         if (p->policyvers >= POLICYDB_VERSION_BOOL) {
1609                 rc = cond_read_list(p, fp);
1610                 if (rc)
1611                         goto bad;
1612         }
1613
1614         rc = next_entry(buf, fp, sizeof(u32));
1615         if (rc < 0)
1616                 goto bad;
1617         nel = le32_to_cpu(buf[0]);
1618         ltr = NULL;
1619         for (i = 0; i < nel; i++) {
1620                 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
1621                 if (!tr) {
1622                         rc = -ENOMEM;
1623                         goto bad;
1624                 }
1625                 if (ltr) {
1626                         ltr->next = tr;
1627                 } else {
1628                         p->role_tr = tr;
1629                 }
1630                 rc = next_entry(buf, fp, sizeof(u32)*3);
1631                 if (rc < 0)
1632                         goto bad;
1633                 tr->role = le32_to_cpu(buf[0]);
1634                 tr->type = le32_to_cpu(buf[1]);
1635                 tr->new_role = le32_to_cpu(buf[2]);
1636                 if (!policydb_role_isvalid(p, tr->role) ||
1637                     !policydb_type_isvalid(p, tr->type) ||
1638                     !policydb_role_isvalid(p, tr->new_role)) {
1639                         rc = -EINVAL;
1640                         goto bad;
1641                 }
1642                 ltr = tr;
1643         }
1644
1645         rc = next_entry(buf, fp, sizeof(u32));
1646         if (rc < 0)
1647                 goto bad;
1648         nel = le32_to_cpu(buf[0]);
1649         lra = NULL;
1650         for (i = 0; i < nel; i++) {
1651                 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
1652                 if (!ra) {
1653                         rc = -ENOMEM;
1654                         goto bad;
1655                 }
1656                 if (lra) {
1657                         lra->next = ra;
1658                 } else {
1659                         p->role_allow = ra;
1660                 }
1661                 rc = next_entry(buf, fp, sizeof(u32)*2);
1662                 if (rc < 0)
1663                         goto bad;
1664                 ra->role = le32_to_cpu(buf[0]);
1665                 ra->new_role = le32_to_cpu(buf[1]);
1666                 if (!policydb_role_isvalid(p, ra->role) ||
1667                     !policydb_role_isvalid(p, ra->new_role)) {
1668                         rc = -EINVAL;
1669                         goto bad;
1670                 }
1671                 lra = ra;
1672         }
1673
1674         rc = policydb_index_classes(p);
1675         if (rc)
1676                 goto bad;
1677
1678         rc = policydb_index_others(p);
1679         if (rc)
1680                 goto bad;
1681
1682         for (i = 0; i < info->ocon_num; i++) {
1683                 rc = next_entry(buf, fp, sizeof(u32));
1684                 if (rc < 0)
1685                         goto bad;
1686                 nel = le32_to_cpu(buf[0]);
1687                 l = NULL;
1688                 for (j = 0; j < nel; j++) {
1689                         c = kzalloc(sizeof(*c), GFP_KERNEL);
1690                         if (!c) {
1691                                 rc = -ENOMEM;
1692                                 goto bad;
1693                         }
1694                         if (l) {
1695                                 l->next = c;
1696                         } else {
1697                                 p->ocontexts[i] = c;
1698                         }
1699                         l = c;
1700                         rc = -EINVAL;
1701                         switch (i) {
1702                         case OCON_ISID:
1703                                 rc = next_entry(buf, fp, sizeof(u32));
1704                                 if (rc < 0)
1705                                         goto bad;
1706                                 c->sid[0] = le32_to_cpu(buf[0]);
1707                                 rc = context_read_and_validate(&c->context[0], p, fp);
1708                                 if (rc)
1709                                         goto bad;
1710                                 break;
1711                         case OCON_FS:
1712                         case OCON_NETIF:
1713                                 rc = next_entry(buf, fp, sizeof(u32));
1714                                 if (rc < 0)
1715                                         goto bad;
1716                                 len = le32_to_cpu(buf[0]);
1717                                 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1718                                 if (!c->u.name) {
1719                                         rc = -ENOMEM;
1720                                         goto bad;
1721                                 }
1722                                 rc = next_entry(c->u.name, fp, len);
1723                                 if (rc < 0)
1724                                         goto bad;
1725                                 c->u.name[len] = 0;
1726                                 rc = context_read_and_validate(&c->context[0], p, fp);
1727                                 if (rc)
1728                                         goto bad;
1729                                 rc = context_read_and_validate(&c->context[1], p, fp);
1730                                 if (rc)
1731                                         goto bad;
1732                                 break;
1733                         case OCON_PORT:
1734                                 rc = next_entry(buf, fp, sizeof(u32)*3);
1735                                 if (rc < 0)
1736                                         goto bad;
1737                                 c->u.port.protocol = le32_to_cpu(buf[0]);
1738                                 c->u.port.low_port = le32_to_cpu(buf[1]);
1739                                 c->u.port.high_port = le32_to_cpu(buf[2]);
1740                                 rc = context_read_and_validate(&c->context[0], p, fp);
1741                                 if (rc)
1742                                         goto bad;
1743                                 break;
1744                         case OCON_NODE:
1745                                 rc = next_entry(buf, fp, sizeof(u32)* 2);
1746                                 if (rc < 0)
1747                                         goto bad;
1748                                 c->u.node.addr = le32_to_cpu(buf[0]);
1749                                 c->u.node.mask = le32_to_cpu(buf[1]);
1750                                 rc = context_read_and_validate(&c->context[0], p, fp);
1751                                 if (rc)
1752                                         goto bad;
1753                                 break;
1754                         case OCON_FSUSE:
1755                                 rc = next_entry(buf, fp, sizeof(u32)*2);
1756                                 if (rc < 0)
1757                                         goto bad;
1758                                 c->v.behavior = le32_to_cpu(buf[0]);
1759                                 if (c->v.behavior > SECURITY_FS_USE_NONE)
1760                                         goto bad;
1761                                 len = le32_to_cpu(buf[1]);
1762                                 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1763                                 if (!c->u.name) {
1764                                         rc = -ENOMEM;
1765                                         goto bad;
1766                                 }
1767                                 rc = next_entry(c->u.name, fp, len);
1768                                 if (rc < 0)
1769                                         goto bad;
1770                                 c->u.name[len] = 0;
1771                                 rc = context_read_and_validate(&c->context[0], p, fp);
1772                                 if (rc)
1773                                         goto bad;
1774                                 break;
1775                         case OCON_NODE6: {
1776                                 int k;
1777
1778                                 rc = next_entry(buf, fp, sizeof(u32) * 8);
1779                                 if (rc < 0)
1780                                         goto bad;
1781                                 for (k = 0; k < 4; k++)
1782                                         c->u.node6.addr[k] = le32_to_cpu(buf[k]);
1783                                 for (k = 0; k < 4; k++)
1784                                         c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
1785                                 if (context_read_and_validate(&c->context[0], p, fp))
1786                                         goto bad;
1787                                 break;
1788                         }
1789                         }
1790                 }
1791         }
1792
1793         rc = next_entry(buf, fp, sizeof(u32));
1794         if (rc < 0)
1795                 goto bad;
1796         nel = le32_to_cpu(buf[0]);
1797         genfs_p = NULL;
1798         rc = -EINVAL;
1799         for (i = 0; i < nel; i++) {
1800                 rc = next_entry(buf, fp, sizeof(u32));
1801                 if (rc < 0)
1802                         goto bad;
1803                 len = le32_to_cpu(buf[0]);
1804                 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1805                 if (!newgenfs) {
1806                         rc = -ENOMEM;
1807                         goto bad;
1808                 }
1809
1810                 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
1811                 if (!newgenfs->fstype) {
1812                         rc = -ENOMEM;
1813                         kfree(newgenfs);
1814                         goto bad;
1815                 }
1816                 rc = next_entry(newgenfs->fstype, fp, len);
1817                 if (rc < 0) {
1818                         kfree(newgenfs->fstype);
1819                         kfree(newgenfs);
1820                         goto bad;
1821                 }
1822                 newgenfs->fstype[len] = 0;
1823                 for (genfs_p = NULL, genfs = p->genfs; genfs;
1824                      genfs_p = genfs, genfs = genfs->next) {
1825                         if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1826                                 printk(KERN_ERR "SELinux:  dup genfs "
1827                                        "fstype %s\n", newgenfs->fstype);
1828                                 kfree(newgenfs->fstype);
1829                                 kfree(newgenfs);
1830                                 goto bad;
1831                         }
1832                         if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1833                                 break;
1834                 }
1835                 newgenfs->next = genfs;
1836                 if (genfs_p)
1837                         genfs_p->next = newgenfs;
1838                 else
1839                         p->genfs = newgenfs;
1840                 rc = next_entry(buf, fp, sizeof(u32));
1841                 if (rc < 0)
1842                         goto bad;
1843                 nel2 = le32_to_cpu(buf[0]);
1844                 for (j = 0; j < nel2; j++) {
1845                         rc = next_entry(buf, fp, sizeof(u32));
1846                         if (rc < 0)
1847                                 goto bad;
1848                         len = le32_to_cpu(buf[0]);
1849
1850                         newc = kzalloc(sizeof(*newc), GFP_KERNEL);
1851                         if (!newc) {
1852                                 rc = -ENOMEM;
1853                                 goto bad;
1854                         }
1855
1856                         newc->u.name = kmalloc(len + 1,GFP_KERNEL);
1857                         if (!newc->u.name) {
1858                                 rc = -ENOMEM;
1859                                 goto bad_newc;
1860                         }
1861                         rc = next_entry(newc->u.name, fp, len);
1862                         if (rc < 0)
1863                                 goto bad_newc;
1864                         newc->u.name[len] = 0;
1865                         rc = next_entry(buf, fp, sizeof(u32));
1866                         if (rc < 0)
1867                                 goto bad_newc;
1868                         newc->v.sclass = le32_to_cpu(buf[0]);
1869                         if (context_read_and_validate(&newc->context[0], p, fp))
1870                                 goto bad_newc;
1871                         for (l = NULL, c = newgenfs->head; c;
1872                              l = c, c = c->next) {
1873                                 if (!strcmp(newc->u.name, c->u.name) &&
1874                                     (!c->v.sclass || !newc->v.sclass ||
1875                                      newc->v.sclass == c->v.sclass)) {
1876                                         printk(KERN_ERR "SELinux:  dup genfs "
1877                                                "entry (%s,%s)\n",
1878                                                newgenfs->fstype, c->u.name);
1879                                         goto bad_newc;
1880                                 }
1881                                 len = strlen(newc->u.name);
1882                                 len2 = strlen(c->u.name);
1883                                 if (len > len2)
1884                                         break;
1885                         }
1886
1887                         newc->next = c;
1888                         if (l)
1889                                 l->next = newc;
1890                         else
1891                                 newgenfs->head = newc;
1892                 }
1893         }
1894
1895         if (p->policyvers >= POLICYDB_VERSION_MLS) {
1896                 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS;
1897                 rc = next_entry(buf, fp, sizeof(u32));
1898                 if (rc < 0)
1899                         goto bad;
1900                 nel = le32_to_cpu(buf[0]);
1901                 lrt = NULL;
1902                 for (i = 0; i < nel; i++) {
1903                         rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1904                         if (!rt) {
1905                                 rc = -ENOMEM;
1906                                 goto bad;
1907                         }
1908                         if (lrt)
1909                                 lrt->next = rt;
1910                         else
1911                                 p->range_tr = rt;
1912                         rc = next_entry(buf, fp, (sizeof(u32) * 2));
1913                         if (rc < 0)
1914                                 goto bad;
1915                         rt->source_type = le32_to_cpu(buf[0]);
1916                         rt->target_type = le32_to_cpu(buf[1]);
1917                         if (new_rangetr) {
1918                                 rc = next_entry(buf, fp, sizeof(u32));
1919                                 if (rc < 0)
1920                                         goto bad;
1921                                 rt->target_class = le32_to_cpu(buf[0]);
1922                         } else
1923                                 rt->target_class = SECCLASS_PROCESS;
1924                         if (!policydb_type_isvalid(p, rt->source_type) ||
1925                             !policydb_type_isvalid(p, rt->target_type) ||
1926                             !policydb_class_isvalid(p, rt->target_class)) {
1927                                 rc = -EINVAL;
1928                                 goto bad;
1929                         }
1930                         rc = mls_read_range_helper(&rt->target_range, fp);
1931                         if (rc)
1932                                 goto bad;
1933                         if (!mls_range_isvalid(p, &rt->target_range)) {
1934                                 printk(KERN_WARNING "SELinux:  rangetrans:  invalid range\n");
1935                                 goto bad;
1936                         }
1937                         lrt = rt;
1938                 }
1939         }
1940
1941         p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
1942         if (!p->type_attr_map)
1943                 goto bad;
1944
1945         for (i = 0; i < p->p_types.nprim; i++) {
1946                 ebitmap_init(&p->type_attr_map[i]);
1947                 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
1948                         if (ebitmap_read(&p->type_attr_map[i], fp))
1949                                 goto bad;
1950                 }
1951                 /* add the type itself as the degenerate case */
1952                 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
1953                                 goto bad;
1954         }
1955
1956         rc = 0;
1957 out:
1958         return rc;
1959 bad_newc:
1960         ocontext_destroy(newc,OCON_FSUSE);
1961 bad:
1962         if (!rc)
1963                 rc = -EINVAL;
1964         policydb_destroy(p);
1965         goto out;
1966 }