[linux-block.git] / security / selinux / ss / avtab.c

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * Implementation of the access vector table type.
 *
 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
 */

/* Updated: Frank Mayer <mayerf@tresys.com> and
 *          Karl MacMillan <kmacmillan@tresys.com>
 *          Added conditional policy language extensions
 *          Copyright (C) 2003 Tresys Technology, LLC
 *
 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
 *          Tuned number of hash slots for avtab to reduce memory usage
 */

#include <linux/bitops.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/errno.h>
#include "avtab.h"
#include "policydb.h"

static struct kmem_cache *avtab_node_cachep __ro_after_init;
static struct kmem_cache *avtab_xperms_cachep __ro_after_init;

/* Based on MurmurHash3, written by Austin Appleby and placed in the
 * public domain.
 */
static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask)
{
	static const u32 c1 = 0xcc9e2d51;
	static const u32 c2 = 0x1b873593;
	static const u32 r1 = 15;
	static const u32 r2 = 13;
	static const u32 m = 5;
	static const u32 n = 0xe6546b64;

	u32 hash = 0;

#define mix(input)                                         \
	do {                                               \
		u32 v = input;                             \
		v *= c1;                                   \
		v = (v << r1) | (v >> (32 - r1));          \
		v *= c2;                                   \
		hash ^= v;                                 \
		hash = (hash << r2) | (hash >> (32 - r2)); \
		hash = hash * m + n;                       \
	} while (0)

	mix(keyp->target_class);
	mix(keyp->target_type);
	mix(keyp->source_type);

#undef mix

	hash ^= hash >> 16;
	hash *= 0x85ebca6b;
	hash ^= hash >> 13;
	hash *= 0xc2b2ae35;
	hash ^= hash >> 16;

	return hash & mask;
}

static struct avtab_node *avtab_insert_node(struct avtab *h,
					    struct avtab_node **dst,
					    const struct avtab_key *key,
					    const struct avtab_datum *datum)
{
	struct avtab_node *newnode;
	struct avtab_extended_perms *xperms;
	newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
	if (newnode == NULL)
		return NULL;
	newnode->key = *key;

	if (key->specified & AVTAB_XPERMS) {
		xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL);
		if (xperms == NULL) {
			kmem_cache_free(avtab_node_cachep, newnode);
			return NULL;
		}
		*xperms = *(datum->u.xperms);
		newnode->datum.u.xperms = xperms;
	} else {
		newnode->datum.u.data = datum->u.data;
	}

	newnode->next = *dst;
	*dst = newnode;

	h->nel++;
	return newnode;
}

static int avtab_node_cmp(const struct avtab_key *key1,
			  const struct avtab_key *key2)
{
	u16 specified = key1->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);

	if (key1->source_type == key2->source_type &&
	    key1->target_type == key2->target_type &&
	    key1->target_class == key2->target_class &&
	    (specified & key2->specified))
		return 0;
	if (key1->source_type < key2->source_type)
		return -1;
	if (key1->source_type == key2->source_type &&
	    key1->target_type < key2->target_type)
		return -1;
	if (key1->source_type == key2->source_type &&
	    key1->target_type == key2->target_type &&
	    key1->target_class < key2->target_class)
		return -1;
	return 1;
}

static int avtab_insert(struct avtab *h, const struct avtab_key *key,
			const struct avtab_datum *datum)
{
	u32 hvalue;
	struct avtab_node *prev, *cur, *newnode;
	int cmp;

	if (!h || !h->nslot || h->nel == U32_MAX)
		return -EINVAL;

	hvalue = avtab_hash(key, h->mask);
	for (prev = NULL, cur = h->htable[hvalue]; cur;
	     prev = cur, cur = cur->next) {
		cmp = avtab_node_cmp(key, &cur->key);
		/* extended perms may not be unique */
		if (cmp == 0 && !(key->specified & AVTAB_XPERMS))
			return -EEXIST;
		if (cmp <= 0)
			break;
	}

	newnode = avtab_insert_node(h, prev ? &prev->next : &h->htable[hvalue],
				    key, datum);
	if (!newnode)
		return -ENOMEM;

	return 0;
}

/* Unlike avtab_insert(), this function allow multiple insertions of the same
 * key/specified mask into the table, as needed by the conditional avtab.
 * It also returns a pointer to the node inserted.
 */
struct avtab_node *avtab_insert_nonunique(struct avtab *h,
					  const struct avtab_key *key,
					  const struct avtab_datum *datum)
{
	u32 hvalue;
	struct avtab_node *prev, *cur;
	int cmp;

	if (!h || !h->nslot || h->nel == U32_MAX)
		return NULL;
	hvalue = avtab_hash(key, h->mask);
	for (prev = NULL, cur = h->htable[hvalue]; cur;
	     prev = cur, cur = cur->next) {
		cmp = avtab_node_cmp(key, &cur->key);
		if (cmp <= 0)
			break;
	}
	return avtab_insert_node(h, prev ? &prev->next : &h->htable[hvalue],
				 key, datum);
}

/* This search function returns a node pointer, and can be used in
 * conjunction with avtab_search_next_node()
 */
struct avtab_node *avtab_search_node(struct avtab *h,
				     const struct avtab_key *key)
{
	u32 hvalue;
	struct avtab_node *cur;
	int cmp;

	if (!h || !h->nslot)
		return NULL;

	hvalue = avtab_hash(key, h->mask);
	for (cur = h->htable[hvalue]; cur; cur = cur->next) {
		cmp = avtab_node_cmp(key, &cur->key);
		if (cmp == 0)
			return cur;
		if (cmp < 0)
			break;
	}
	return NULL;
}

struct avtab_node *avtab_search_node_next(struct avtab_node *node,
					  u16 specified)
{
	struct avtab_key tmp_key;
	struct avtab_node *cur;
	int cmp;

	if (!node)
		return NULL;
	tmp_key = node->key;
	tmp_key.specified = specified;
	for (cur = node->next; cur; cur = cur->next) {
		cmp = avtab_node_cmp(&tmp_key, &cur->key);
		if (cmp == 0)
			return cur;
		if (cmp < 0)
			break;
	}
	return NULL;
}

void avtab_destroy(struct avtab *h)
{
	u32 i;
	struct avtab_node *cur, *temp;

	if (!h)
		return;

	for (i = 0; i < h->nslot; i++) {
		cur = h->htable[i];
		while (cur) {
			temp = cur;
			cur = cur->next;
			if (temp->key.specified & AVTAB_XPERMS)
				kmem_cache_free(avtab_xperms_cachep,
						temp->datum.u.xperms);
			kmem_cache_free(avtab_node_cachep, temp);
		}
	}
	kvfree(h->htable);
	h->htable = NULL;
	h->nel = 0;
	h->nslot = 0;
	h->mask = 0;
}

void avtab_init(struct avtab *h)
{
	h->htable = NULL;
	h->nel = 0;
	h->nslot = 0;
	h->mask = 0;
}

static int avtab_alloc_common(struct avtab *h, u32 nslot)
{
	if (!nslot)
		return 0;

	h->htable = kvcalloc(nslot, sizeof(void *), GFP_KERNEL);
	if (!h->htable)
		return -ENOMEM;

	h->nslot = nslot;
	h->mask = nslot - 1;
	return 0;
}

int avtab_alloc(struct avtab *h, u32 nrules)
{
	int rc;
	u32 nslot = 0;

	if (nrules != 0) {
		nslot = nrules > 3 ? rounddown_pow_of_two(nrules / 2) : 2;
		if (nslot > MAX_AVTAB_HASH_BUCKETS)
			nslot = MAX_AVTAB_HASH_BUCKETS;

		rc = avtab_alloc_common(h, nslot);
		if (rc)
			return rc;
	}

	pr_debug("SELinux: %d avtab hash slots, %d rules.\n", nslot, nrules);
	return 0;
}

int avtab_alloc_dup(struct avtab *new, const struct avtab *orig)
{
	return avtab_alloc_common(new, orig->nslot);
}

#ifdef CONFIG_SECURITY_SELINUX_DEBUG
void avtab_hash_eval(struct avtab *h, const char *tag)
{
	u32 i, chain_len, slots_used, max_chain_len;
	unsigned long long chain2_len_sum;
	struct avtab_node *cur;

	slots_used = 0;
	max_chain_len = 0;
	chain2_len_sum = 0;
	for (i = 0; i < h->nslot; i++) {
		cur = h->htable[i];
		if (cur) {
			slots_used++;
			chain_len = 0;
			while (cur) {
				chain_len++;
				cur = cur->next;
			}

			if (chain_len > max_chain_len)
				max_chain_len = chain_len;
			chain2_len_sum +=
				(unsigned long long)chain_len * chain_len;
		}
	}

	pr_debug("SELinux: %s:  %d entries and %d/%d buckets used, "
		 "longest chain length %d, sum of chain length^2 %llu\n",
		 tag, h->nel, slots_used, h->nslot, max_chain_len,
		 chain2_len_sum);
}
#endif /* CONFIG_SECURITY_SELINUX_DEBUG */

/* clang-format off */
static const uint16_t spec_order[] = {
	AVTAB_ALLOWED,
	AVTAB_AUDITDENY,
	AVTAB_AUDITALLOW,
	AVTAB_TRANSITION,
	AVTAB_CHANGE,
	AVTAB_MEMBER,
	AVTAB_XPERMS_ALLOWED,
	AVTAB_XPERMS_AUDITALLOW,
	AVTAB_XPERMS_DONTAUDIT
};
/* clang-format on */

int avtab_read_item(struct avtab *a, struct policy_file *fp, struct policydb *pol,
		    int (*insertf)(struct avtab *a, const struct avtab_key *k,
				   const struct avtab_datum *d, void *p),
		    void *p, bool conditional)
{
	__le16 buf16[4];
	u16 enabled;
	u32 items, items2, val, i;
	struct avtab_key key;
	struct avtab_datum datum;
	struct avtab_extended_perms xperms;
	__le32 buf32[ARRAY_SIZE(xperms.perms.p)];
	int rc;
	unsigned int set, vers = pol->policyvers;

	memset(&key, 0, sizeof(struct avtab_key));
	memset(&datum, 0, sizeof(struct avtab_datum));

	if (vers < POLICYDB_VERSION_AVTAB) {
		rc = next_entry(buf32, fp, sizeof(u32));
		if (rc) {
			pr_err("SELinux: avtab: truncated entry\n");
			return rc;
		}
		items2 = le32_to_cpu(buf32[0]);
		if (items2 > ARRAY_SIZE(buf32)) {
			pr_err("SELinux: avtab: entry overflow\n");
			return -EINVAL;
		}
		rc = next_entry(buf32, fp, sizeof(u32) * items2);
		if (rc) {
			pr_err("SELinux: avtab: truncated entry\n");
			return rc;
		}
		items = 0;

		val = le32_to_cpu(buf32[items++]);
		key.source_type = (u16)val;
		if (key.source_type != val) {
			pr_err("SELinux: avtab: truncated source type\n");
			return -EINVAL;
		}
		val = le32_to_cpu(buf32[items++]);
		key.target_type = (u16)val;
		if (key.target_type != val) {
			pr_err("SELinux: avtab: truncated target type\n");
			return -EINVAL;
		}
		val = le32_to_cpu(buf32[items++]);
		key.target_class = (u16)val;
		if (key.target_class != val) {
			pr_err("SELinux: avtab: truncated target class\n");
			return -EINVAL;
		}

		val = le32_to_cpu(buf32[items++]);
		enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;

		if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
			pr_err("SELinux: avtab: null entry\n");
			return -EINVAL;
		}
		if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) {
			pr_err("SELinux: avtab: entry has both access vectors and types\n");
			return -EINVAL;
		}
		if (val & AVTAB_XPERMS) {
			pr_err("SELinux: avtab: entry has extended permissions\n");
			return -EINVAL;
		}

		for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
			if (val & spec_order[i]) {
				key.specified = spec_order[i] | enabled;
				datum.u.data = le32_to_cpu(buf32[items++]);
				rc = insertf(a, &key, &datum, p);
				if (rc)
					return rc;
			}
		}

		if (items != items2) {
			pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
			       items2, items);
			return -EINVAL;
		}
		return 0;
	}

	rc = next_entry(buf16, fp, sizeof(u16) * 4);
	if (rc) {
		pr_err("SELinux: avtab: truncated entry\n");
		return rc;
	}

	items = 0;
	key.source_type = le16_to_cpu(buf16[items++]);
	key.target_type = le16_to_cpu(buf16[items++]);
	key.target_class = le16_to_cpu(buf16[items++]);
	key.specified = le16_to_cpu(buf16[items++]);

	if (!policydb_type_isvalid(pol, key.source_type) ||
	    !policydb_type_isvalid(pol, key.target_type) ||
	    !policydb_class_isvalid(pol, key.target_class)) {
		pr_err("SELinux: avtab: invalid type or class\n");
		return -EINVAL;
	}

	set = hweight16(key.specified & (AVTAB_XPERMS | AVTAB_TYPE | AVTAB_AV));
	if (!set || set > 1) {
		pr_err("SELinux:  avtab:  more than one specifier\n");
		return -EINVAL;
	}

	if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
	    (key.specified & AVTAB_XPERMS)) {
		pr_err("SELinux:  avtab:  policy version %u does not "
		       "support extended permissions rules and one "
		       "was specified\n",
		       vers);
		return -EINVAL;
	} else if ((vers < POLICYDB_VERSION_COND_XPERMS) &&
		   (key.specified & AVTAB_XPERMS) && conditional) {
		pr_err("SELinux:  avtab:  policy version %u does not "
		       "support extended permissions rules in conditional "
		       "policies and one was specified\n",
		       vers);
		return -EINVAL;
	} else if (key.specified & AVTAB_XPERMS) {
		memset(&xperms, 0, sizeof(struct avtab_extended_perms));
		rc = next_entry(&xperms.specified, fp, sizeof(u8));
		if (rc) {
			pr_err("SELinux: avtab: truncated entry\n");
			return rc;
		}
		rc = next_entry(&xperms.driver, fp, sizeof(u8));
		if (rc) {
			pr_err("SELinux: avtab: truncated entry\n");
			return rc;
		}
		rc = next_entry(buf32, fp,
				sizeof(u32) * ARRAY_SIZE(xperms.perms.p));
		if (rc) {
			pr_err("SELinux: avtab: truncated entry\n");
			return rc;
		}
		for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
			xperms.perms.p[i] = le32_to_cpu(buf32[i]);
		datum.u.xperms = &xperms;
	} else {
		rc = next_entry(buf32, fp, sizeof(u32));
		if (rc) {
			pr_err("SELinux: avtab: truncated entry\n");
			return rc;
		}
		datum.u.data = le32_to_cpu(*buf32);
	}
	if ((key.specified & AVTAB_TYPE) &&
	    !policydb_type_isvalid(pol, datum.u.data)) {
		pr_err("SELinux: avtab: invalid type\n");
		return -EINVAL;
	}
	return insertf(a, &key, &datum, p);
}

static int avtab_insertf(struct avtab *a, const struct avtab_key *k,
			 const struct avtab_datum *d, void *p)
{
	return avtab_insert(a, k, d);
}

int avtab_read(struct avtab *a, struct policy_file *fp, struct policydb *pol)
{
	int rc;
	__le32 buf[1];
	u32 nel, i;

	rc = next_entry(buf, fp, sizeof(u32));
	if (rc < 0) {
		pr_err("SELinux: avtab: truncated table\n");
		goto bad;
	}
	nel = le32_to_cpu(buf[0]);
	if (!nel) {
		pr_err("SELinux: avtab: table is empty\n");
		rc = -EINVAL;
		goto bad;
	}

	rc = avtab_alloc(a, nel);
	if (rc)
		goto bad;

	for (i = 0; i < nel; i++) {
		rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL, false);
		if (rc) {
			if (rc == -ENOMEM)
				pr_err("SELinux: avtab: out of memory\n");
			else if (rc == -EEXIST)
				pr_err("SELinux: avtab: duplicate entry\n");

			goto bad;
		}
	}

	rc = 0;
out:
	return rc;

bad:
	avtab_destroy(a);
	goto out;
}

int avtab_write_item(struct policydb *p, const struct avtab_node *cur, struct policy_file *fp)
{
	__le16 buf16[4];
	__le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)];
	int rc;
	unsigned int i;

	buf16[0] = cpu_to_le16(cur->key.source_type);
	buf16[1] = cpu_to_le16(cur->key.target_type);
	buf16[2] = cpu_to_le16(cur->key.target_class);
	buf16[3] = cpu_to_le16(cur->key.specified);
	rc = put_entry(buf16, sizeof(u16), 4, fp);
	if (rc)
		return rc;

	if (cur->key.specified & AVTAB_XPERMS) {
		rc = put_entry(&cur->datum.u.xperms->specified, sizeof(u8), 1,
			       fp);
		if (rc)
			return rc;
		rc = put_entry(&cur->datum.u.xperms->driver, sizeof(u8), 1, fp);
		if (rc)
			return rc;
		for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++)
			buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]);
		rc = put_entry(buf32, sizeof(u32),
			       ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp);
	} else {
		buf32[0] = cpu_to_le32(cur->datum.u.data);
		rc = put_entry(buf32, sizeof(u32), 1, fp);
	}
	if (rc)
		return rc;
	return 0;
}

int avtab_write(struct policydb *p, struct avtab *a, struct policy_file *fp)
{
	u32 i;
	int rc = 0;
	struct avtab_node *cur;
	__le32 buf[1];

	buf[0] = cpu_to_le32(a->nel);
	rc = put_entry(buf, sizeof(u32), 1, fp);
	if (rc)
		return rc;

	for (i = 0; i < a->nslot; i++) {
		for (cur = a->htable[i]; cur; cur = cur->next) {
			rc = avtab_write_item(p, cur, fp);
			if (rc)
				return rc;
		}
	}

	return rc;
}

void __init avtab_cache_init(void)
{
	avtab_node_cachep = KMEM_CACHE(avtab_node, SLAB_PANIC);
	avtab_xperms_cachep = KMEM_CACHE(avtab_extended_perms, SLAB_PANIC);
}
Commit	Line	Data
00ddc591	1	/* SPDX-License-Identifier: GPL-2.0-only */
1da177e4 LT	2	/*
	3	* Implementation of the access vector table type.
	4	*
0fe53224	5	* Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
1da177e4 LT	6	*/
1da177e4 LT	7
00ddc591 PM	8	/* Updated: Frank Mayer <mayerf@tresys.com> and
	9	* Karl MacMillan <kmacmillan@tresys.com>
	10	* Added conditional policy language extensions
	11	* Copyright (C) 2003 Tresys Technology, LLC
3232c110 YN	12	*
3232c110 YN	13	* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
00ddc591	14	* Tuned number of hash slots for avtab to reduce memory usage
1da177e4 LT	15	*/
1da177e4 LT	16
9d140885	17	#include <linux/bitops.h>
1da177e4 LT	18	#include <linux/kernel.h>
1da177e4 LT	19	#include <linux/slab.h>
1da177e4	20	#include <linux/errno.h>
1da177e4 LT	21	#include "avtab.h"
	22	#include "policydb.h"
	23
cd2bb4cb OM	24	static struct kmem_cache *avtab_node_cachep __ro_after_init;
cd2bb4cb OM	25	static struct kmem_cache *avtab_xperms_cachep __ro_after_init;
1da177e4	26
33ebc193 JB	27	/* Based on MurmurHash3, written by Austin Appleby and placed in the
	28	* public domain.
	29	*/
df9d4749	30	static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask)
3232c110	31	{
33ebc193 JB	32	static const u32 c1 = 0xcc9e2d51;
	33	static const u32 c2 = 0x1b873593;
	34	static const u32 r1 = 15;
	35	static const u32 r2 = 13;
00ddc591 PM	36	static const u32 m = 5;
00ddc591 PM	37	static const u32 n = 0xe6546b64;
33ebc193 JB	38
	39	u32 hash = 0;
	40
00ddc591 PM	41	#define mix(input) \
	42	do { \
	43	u32 v = input; \
	44	v *= c1; \
	45	v = (v << r1) \| (v >> (32 - r1)); \
	46	v *= c2; \
	47	hash ^= v; \
1d4e8036	48	hash = (hash << r2) \| (hash >> (32 - r2)); \
00ddc591	49	hash = hash * m + n; \
1d4e8036	50	} while (0)
33ebc193 JB	51
	52	mix(keyp->target_class);
	53	mix(keyp->target_type);
	54	mix(keyp->source_type);
	55
	56	#undef mix
	57
	58	hash ^= hash >> 16;
	59	hash *= 0x85ebca6b;
	60	hash ^= hash >> 13;
	61	hash *= 0xc2b2ae35;
	62	hash ^= hash >> 16;
	63
	64	return hash & mask;
3232c110 YN	65	}
3232c110 YN	66
00ddc591 PM	67	static struct avtab_node avtab_insert_node(struct avtab h,
	68	struct avtab_node **dst,
	69	const struct avtab_key *key,
	70	const struct avtab_datum *datum)
1da177e4	71	{
eb5df9a7	72	struct avtab_node *newnode;
fa1aa143	73	struct avtab_extended_perms *xperms;
c3762229	74	newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
1da177e4 LT	75	if (newnode == NULL)
1da177e4 LT	76	return NULL;
1da177e4	77	newnode->key = *key;
fa1aa143 JVS	78
	79	if (key->specified & AVTAB_XPERMS) {
	80	xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL);
	81	if (xperms == NULL) {
	82	kmem_cache_free(avtab_node_cachep, newnode);
	83	return NULL;
	84	}
	85	xperms = (datum->u.xperms);
	86	newnode->datum.u.xperms = xperms;
	87	} else {
	88	newnode->datum.u.data = datum->u.data;
	89	}
	90
19c1c991 JS	91	newnode->next = *dst;
19c1c991 JS	92	*dst = newnode;
1da177e4 LT	93
	94	h->nel++;
	95	return newnode;
	96	}
	97
1712ed62 JS	98	static int avtab_node_cmp(const struct avtab_key *key1,
	99	const struct avtab_key *key2)
	100	{
00ddc591	101	u16 specified = key1->specified & ~(AVTAB_ENABLED \| AVTAB_ENABLED_OLD);
1712ed62 JS	102
	103	if (key1->source_type == key2->source_type &&
	104	key1->target_type == key2->target_type &&
	105	key1->target_class == key2->target_class &&
	106	(specified & key2->specified))
	107	return 0;
	108	if (key1->source_type < key2->source_type)
	109	return -1;
	110	if (key1->source_type == key2->source_type &&
	111	key1->target_type < key2->target_type)
	112	return -1;
	113	if (key1->source_type == key2->source_type &&
	114	key1->target_type == key2->target_type &&
	115	key1->target_class < key2->target_class)
	116	return -1;
	117	return 1;
	118	}
	119
e1cce3a3 OM	120	static int avtab_insert(struct avtab h, const struct avtab_key key,
e1cce3a3 OM	121	const struct avtab_datum *datum)
1da177e4	122	{
df9d4749	123	u32 hvalue;
1da177e4	124	struct avtab_node prev, cur, *newnode;
1712ed62	125	int cmp;
1da177e4	126
f785c541	127	if (!h \|\| !h->nslot \|\| h->nel == U32_MAX)
1da177e4 LT	128	return -EINVAL;
1da177e4 LT	129
3232c110	130	hvalue = avtab_hash(key, h->mask);
00ddc591	131	for (prev = NULL, cur = h->htable[hvalue]; cur;
1da177e4	132	prev = cur, cur = cur->next) {
1712ed62 JS	133	cmp = avtab_node_cmp(key, &cur->key);
	134	/* extended perms may not be unique */
	135	if (cmp == 0 && !(key->specified & AVTAB_XPERMS))
1da177e4	136	return -EEXIST;
1712ed62	137	if (cmp <= 0)
1da177e4 LT	138	break;
	139	}
	140
19c1c991 JS	141	newnode = avtab_insert_node(h, prev ? &prev->next : &h->htable[hvalue],
19c1c991 JS	142	key, datum);
eb5df9a7	143	if (!newnode)
1da177e4 LT	144	return -ENOMEM;
	145
	146	return 0;
	147	}
	148
	149	/* Unlike avtab_insert(), this function allow multiple insertions of the same
	150	* key/specified mask into the table, as needed by the conditional avtab.
	151	* It also returns a pointer to the node inserted.
	152	*/
e1cce3a3 OM	153	struct avtab_node avtab_insert_nonunique(struct avtab h,
	154	const struct avtab_key *key,
	155	const struct avtab_datum *datum)
1da177e4	156	{
df9d4749	157	u32 hvalue;
0c0e186f	158	struct avtab_node prev, cur;
1712ed62	159	int cmp;
1da177e4	160
f785c541	161	if (!h \|\| !h->nslot \|\| h->nel == U32_MAX)
1da177e4	162	return NULL;
3232c110	163	hvalue = avtab_hash(key, h->mask);
00ddc591	164	for (prev = NULL, cur = h->htable[hvalue]; cur;
1da177e4	165	prev = cur, cur = cur->next) {
1712ed62 JS	166	cmp = avtab_node_cmp(key, &cur->key);
1712ed62 JS	167	if (cmp <= 0)
1da177e4 LT	168	break;
1da177e4 LT	169	}
19c1c991 JS	170	return avtab_insert_node(h, prev ? &prev->next : &h->htable[hvalue],
19c1c991 JS	171	key, datum);
1da177e4 LT	172	}
1da177e4 LT	173
1da177e4 LT	174	/* This search function returns a node pointer, and can be used in
	175	* conjunction with avtab_search_next_node()
	176	*/
e1cce3a3 OM	177	struct avtab_node avtab_search_node(struct avtab h,
e1cce3a3 OM	178	const struct avtab_key *key)
1da177e4	179	{
df9d4749	180	u32 hvalue;
1da177e4	181	struct avtab_node *cur;
1712ed62	182	int cmp;
1da177e4	183
442dc00f	184	if (!h \|\| !h->nslot)
1da177e4 LT	185	return NULL;
1da177e4 LT	186
3232c110	187	hvalue = avtab_hash(key, h->mask);
00ddc591	188	for (cur = h->htable[hvalue]; cur; cur = cur->next) {
1712ed62 JS	189	cmp = avtab_node_cmp(key, &cur->key);
1712ed62 JS	190	if (cmp == 0)
1da177e4	191	return cur;
1712ed62	192	if (cmp < 0)
1da177e4 LT	193	break;
	194	}
	195	return NULL;
	196	}
	197
00ddc591 PM	198	struct avtab_node avtab_search_node_next(struct avtab_node node,
00ddc591 PM	199	u16 specified)
1da177e4	200	{
1712ed62	201	struct avtab_key tmp_key;
1da177e4	202	struct avtab_node *cur;
1712ed62	203	int cmp;
1da177e4 LT	204
	205	if (!node)
	206	return NULL;
1712ed62 JS	207	tmp_key = node->key;
1712ed62 JS	208	tmp_key.specified = specified;
1da177e4	209	for (cur = node->next; cur; cur = cur->next) {
1712ed62 JS	210	cmp = avtab_node_cmp(&tmp_key, &cur->key);
1712ed62 JS	211	if (cmp == 0)
1da177e4	212	return cur;
1712ed62	213	if (cmp < 0)
1da177e4 LT	214	break;
	215	}
	216	return NULL;
	217	}
	218
	219	void avtab_destroy(struct avtab *h)
	220	{
df9d4749	221	u32 i;
1da177e4 LT	222	struct avtab_node cur, temp;
1da177e4 LT	223
acdf52d9	224	if (!h)
1da177e4 LT	225	return;
1da177e4 LT	226
3232c110	227	for (i = 0; i < h->nslot; i++) {
acdf52d9	228	cur = h->htable[i];
dbc74c65	229	while (cur) {
1da177e4 LT	230	temp = cur;
1da177e4 LT	231	cur = cur->next;
fa1aa143 JVS	232	if (temp->key.specified & AVTAB_XPERMS)
	233	kmem_cache_free(avtab_xperms_cachep,
	234	temp->datum.u.xperms);
1da177e4 LT	235	kmem_cache_free(avtab_node_cachep, temp);
1da177e4 LT	236	}
1da177e4	237	}
acdf52d9	238	kvfree(h->htable);
1da177e4	239	h->htable = NULL;
442dc00f	240	h->nel = 0;
3232c110 YN	241	h->nslot = 0;
3232c110 YN	242	h->mask = 0;
1da177e4 LT	243	}
1da177e4 LT	244
5e729e11	245	void avtab_init(struct avtab *h)
1da177e4	246	{
3232c110 YN	247	h->htable = NULL;
3232c110 YN	248	h->nel = 0;
442dc00f OM	249	h->nslot = 0;
442dc00f OM	250	h->mask = 0;
3232c110 YN	251	}
3232c110 YN	252
d8f5f0ea	253	static int avtab_alloc_common(struct avtab *h, u32 nslot)
3232c110	254	{
d8f5f0ea OM	255	if (!nslot)
d8f5f0ea OM	256	return 0;
3232c110	257
acdf52d9	258	h->htable = kvcalloc(nslot, sizeof(void *), GFP_KERNEL);
1da177e4 LT	259	if (!h->htable)
1da177e4 LT	260	return -ENOMEM;
3232c110	261
3232c110	262	h->nslot = nslot;
442dc00f	263	h->mask = nslot - 1;
1da177e4 LT	264	return 0;
	265	}
	266
d8f5f0ea	267	int avtab_alloc(struct avtab *h, u32 nrules)
c7c556f1	268	{
d8f5f0ea OM	269	int rc;
	270	u32 nslot = 0;
	271
	272	if (nrules != 0) {
7969ba57	273	nslot = nrules > 3 ? rounddown_pow_of_two(nrules / 2) : 2;
d8f5f0ea OM	274	if (nslot > MAX_AVTAB_HASH_BUCKETS)
	275	nslot = MAX_AVTAB_HASH_BUCKETS;
	276
	277	rc = avtab_alloc_common(h, nslot);
	278	if (rc)
	279	return rc;
c7c556f1 SS	280	}
c7c556f1 SS	281
d8f5f0ea	282	pr_debug("SELinux: %d avtab hash slots, %d rules.\n", nslot, nrules);
c7c556f1	283	return 0;
d8f5f0ea OM	284	}
	285
	286	int avtab_alloc_dup(struct avtab new, const struct avtab orig)
	287	{
	288	return avtab_alloc_common(new, orig->nslot);
c7c556f1 SS	289	}
c7c556f1 SS	290
f01dd590	291	#ifdef CONFIG_SECURITY_SELINUX_DEBUG
4595ae8c	292	void avtab_hash_eval(struct avtab h, const char tag)
1da177e4	293	{
df9d4749	294	u32 i, chain_len, slots_used, max_chain_len;
3232c110	295	unsigned long long chain2_len_sum;
1da177e4 LT	296	struct avtab_node *cur;
	297
	298	slots_used = 0;
	299	max_chain_len = 0;
3232c110 YN	300	chain2_len_sum = 0;
3232c110 YN	301	for (i = 0; i < h->nslot; i++) {
acdf52d9	302	cur = h->htable[i];
1da177e4 LT	303	if (cur) {
	304	slots_used++;
	305	chain_len = 0;
	306	while (cur) {
	307	chain_len++;
	308	cur = cur->next;
	309	}
	310
	311	if (chain_len > max_chain_len)
	312	max_chain_len = chain_len;
00ddc591 PM	313	chain2_len_sum +=
00ddc591 PM	314	(unsigned long long)chain_len * chain_len;
1da177e4 LT	315	}
	316	}
	317
c87a7e75	318	pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
00ddc591 PM	319	"longest chain length %d, sum of chain length^2 %llu\n",
	320	tag, h->nel, slots_used, h->nslot, max_chain_len,
	321	chain2_len_sum);
1da177e4	322	}
f01dd590	323	#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
1da177e4	324
00ddc591	325	/* clang-format off */
ded34574	326	static const uint16_t spec_order[] = {
782ebb99 SS	327	AVTAB_ALLOWED,
	328	AVTAB_AUDITDENY,
	329	AVTAB_AUDITALLOW,
	330	AVTAB_TRANSITION,
	331	AVTAB_CHANGE,
fa1aa143 JVS	332	AVTAB_MEMBER,
	333	AVTAB_XPERMS_ALLOWED,
	334	AVTAB_XPERMS_AUDITALLOW,
	335	AVTAB_XPERMS_DONTAUDIT
782ebb99	336	};
00ddc591	337	/* clang-format on */
782ebb99	338
f0758616	339	int avtab_read_item(struct avtab a, struct policy_file fp, struct policydb *pol,
e1cce3a3 OM	340	int (insertf)(struct avtab a, const struct avtab_key *k,
e1cce3a3 OM	341	const struct avtab_datum d, void p),
4aa17619	342	void *p, bool conditional)
1da177e4	343	{
b5bf6c55 AD	344	__le16 buf16[4];
b5bf6c55 AD	345	u16 enabled;
df9d4749	346	u32 items, items2, val, i;
782ebb99 SS	347	struct avtab_key key;
782ebb99 SS	348	struct avtab_datum datum;
fa1aa143 JVS	349	struct avtab_extended_perms xperms;
fa1aa143 JVS	350	__le32 buf32[ARRAY_SIZE(xperms.perms.p)];
df9d4749 CG	351	int rc;
df9d4749 CG	352	unsigned int set, vers = pol->policyvers;
782ebb99 SS	353
	354	memset(&key, 0, sizeof(struct avtab_key));
	355	memset(&datum, 0, sizeof(struct avtab_datum));
	356
	357	if (vers < POLICYDB_VERSION_AVTAB) {
	358	rc = next_entry(buf32, fp, sizeof(u32));
9e0bd4cb	359	if (rc) {
c87a7e75	360	pr_err("SELinux: avtab: truncated entry\n");
9e0bd4cb	361	return rc;
782ebb99 SS	362	}
	363	items2 = le32_to_cpu(buf32[0]);
	364	if (items2 > ARRAY_SIZE(buf32)) {
c87a7e75	365	pr_err("SELinux: avtab: entry overflow\n");
9e0bd4cb	366	return -EINVAL;
782ebb99	367	}
00ddc591	368	rc = next_entry(buf32, fp, sizeof(u32) * items2);
9e0bd4cb	369	if (rc) {
c87a7e75	370	pr_err("SELinux: avtab: truncated entry\n");
9e0bd4cb	371	return rc;
782ebb99 SS	372	}
782ebb99 SS	373	items = 0;
1da177e4	374
782ebb99 SS	375	val = le32_to_cpu(buf32[items++]);
	376	key.source_type = (u16)val;
	377	if (key.source_type != val) {
c87a7e75	378	pr_err("SELinux: avtab: truncated source type\n");
9e0bd4cb	379	return -EINVAL;
782ebb99 SS	380	}
	381	val = le32_to_cpu(buf32[items++]);
	382	key.target_type = (u16)val;
	383	if (key.target_type != val) {
c87a7e75	384	pr_err("SELinux: avtab: truncated target type\n");
9e0bd4cb	385	return -EINVAL;
782ebb99 SS	386	}
	387	val = le32_to_cpu(buf32[items++]);
	388	key.target_class = (u16)val;
	389	if (key.target_class != val) {
c87a7e75	390	pr_err("SELinux: avtab: truncated target class\n");
9e0bd4cb	391	return -EINVAL;
782ebb99 SS	392	}
	393
	394	val = le32_to_cpu(buf32[items++]);
	395	enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
	396
	397	if (!(val & (AVTAB_AV \| AVTAB_TYPE))) {
c87a7e75	398	pr_err("SELinux: avtab: null entry\n");
9e0bd4cb	399	return -EINVAL;
782ebb99	400	}
00ddc591	401	if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) {
c87a7e75	402	pr_err("SELinux: avtab: entry has both access vectors and types\n");
9e0bd4cb	403	return -EINVAL;
782ebb99	404	}
fa1aa143	405	if (val & AVTAB_XPERMS) {
c87a7e75	406	pr_err("SELinux: avtab: entry has extended permissions\n");
fa1aa143 JVS	407	return -EINVAL;
fa1aa143 JVS	408	}
782ebb99	409
32725ad8	410	for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
782ebb99 SS	411	if (val & spec_order[i]) {
782ebb99 SS	412	key.specified = spec_order[i] \| enabled;
fa1aa143	413	datum.u.data = le32_to_cpu(buf32[items++]);
782ebb99	414	rc = insertf(a, &key, &datum, p);
eb5df9a7 EP	415	if (rc)
eb5df9a7 EP	416	return rc;
782ebb99 SS	417	}
	418	}
	419
	420	if (items != items2) {
c87a7e75	421	pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
c87a7e75	422	items2, items);
9e0bd4cb	423	return -EINVAL;
782ebb99 SS	424	}
782ebb99 SS	425	return 0;
1da177e4	426	}
782ebb99	427
00ddc591	428	rc = next_entry(buf16, fp, sizeof(u16) * 4);
9e0bd4cb	429	if (rc) {
c87a7e75	430	pr_err("SELinux: avtab: truncated entry\n");
9e0bd4cb	431	return rc;
1da177e4	432	}
782ebb99	433
1da177e4	434	items = 0;
782ebb99 SS	435	key.source_type = le16_to_cpu(buf16[items++]);
	436	key.target_type = le16_to_cpu(buf16[items++]);
	437	key.target_class = le16_to_cpu(buf16[items++]);
	438	key.specified = le16_to_cpu(buf16[items++]);
	439
45e5421e SS	440	if (!policydb_type_isvalid(pol, key.source_type) \|\|
	441	!policydb_type_isvalid(pol, key.target_type) \|\|
	442	!policydb_class_isvalid(pol, key.target_class)) {
c87a7e75	443	pr_err("SELinux: avtab: invalid type or class\n");
9e0bd4cb	444	return -EINVAL;
45e5421e SS	445	}
45e5421e SS	446
9d140885	447	set = hweight16(key.specified & (AVTAB_XPERMS \| AVTAB_TYPE \| AVTAB_AV));
45e5421e	448	if (!set \|\| set > 1) {
c87a7e75	449	pr_err("SELinux: avtab: more than one specifier\n");
9e0bd4cb	450	return -EINVAL;
45e5421e SS	451	}
45e5421e SS	452
fa1aa143	453	if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
00ddc591	454	(key.specified & AVTAB_XPERMS)) {
c87a7e75	455	pr_err("SELinux: avtab: policy version %u does not "
00ddc591 PM	456	"support extended permissions rules and one "
	457	"was specified\n",
	458	vers);
fa1aa143	459	return -EINVAL;
4aa17619 CG	460	} else if ((vers < POLICYDB_VERSION_COND_XPERMS) &&
	461	(key.specified & AVTAB_XPERMS) && conditional) {
	462	pr_err("SELinux: avtab: policy version %u does not "
	463	"support extended permissions rules in conditional "
	464	"policies and one was specified\n",
	465	vers);
	466	return -EINVAL;
fa1aa143 JVS	467	} else if (key.specified & AVTAB_XPERMS) {
	468	memset(&xperms, 0, sizeof(struct avtab_extended_perms));
	469	rc = next_entry(&xperms.specified, fp, sizeof(u8));
	470	if (rc) {
c87a7e75	471	pr_err("SELinux: avtab: truncated entry\n");
fa1aa143 JVS	472	return rc;
	473	}
	474	rc = next_entry(&xperms.driver, fp, sizeof(u8));
	475	if (rc) {
c87a7e75	476	pr_err("SELinux: avtab: truncated entry\n");
fa1aa143 JVS	477	return rc;
fa1aa143 JVS	478	}
00ddc591 PM	479	rc = next_entry(buf32, fp,
00ddc591 PM	480	sizeof(u32) * ARRAY_SIZE(xperms.perms.p));
fa1aa143	481	if (rc) {
c87a7e75	482	pr_err("SELinux: avtab: truncated entry\n");
fa1aa143 JVS	483	return rc;
	484	}
	485	for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
	486	xperms.perms.p[i] = le32_to_cpu(buf32[i]);
	487	datum.u.xperms = &xperms;
	488	} else {
	489	rc = next_entry(buf32, fp, sizeof(u32));
	490	if (rc) {
c87a7e75	491	pr_err("SELinux: avtab: truncated entry\n");
fa1aa143 JVS	492	return rc;
	493	}
	494	datum.u.data = le32_to_cpu(*buf32);
1da177e4	495	}
45e5421e	496	if ((key.specified & AVTAB_TYPE) &&
fa1aa143	497	!policydb_type_isvalid(pol, datum.u.data)) {
c87a7e75	498	pr_err("SELinux: avtab: invalid type\n");
9e0bd4cb	499	return -EINVAL;
45e5421e	500	}
782ebb99 SS	501	return insertf(a, &key, &datum, p);
782ebb99 SS	502	}
1da177e4	503
e1cce3a3 OM	504	static int avtab_insertf(struct avtab a, const struct avtab_key k,
e1cce3a3 OM	505	const struct avtab_datum d, void p)
782ebb99 SS	506	{
782ebb99 SS	507	return avtab_insert(a, k, d);
1da177e4 LT	508	}
1da177e4 LT	509
f0758616	510	int avtab_read(struct avtab a, struct policy_file fp, struct policydb *pol)
1da177e4 LT	511	{
1da177e4 LT	512	int rc;
b5bf6c55	513	__le32 buf[1];
1da177e4 LT	514	u32 nel, i;
1da177e4 LT	515
1da177e4 LT	516	rc = next_entry(buf, fp, sizeof(u32));
1da177e4 LT	517	if (rc < 0) {
c87a7e75	518	pr_err("SELinux: avtab: truncated table\n");
1da177e4 LT	519	goto bad;
	520	}
	521	nel = le32_to_cpu(buf[0]);
	522	if (!nel) {
c87a7e75	523	pr_err("SELinux: avtab: table is empty\n");
1da177e4 LT	524	rc = -EINVAL;
	525	goto bad;
	526	}
3232c110 YN	527
	528	rc = avtab_alloc(a, nel);
	529	if (rc)
	530	goto bad;
	531
1da177e4	532	for (i = 0; i < nel; i++) {
4aa17619	533	rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL, false);
1da177e4 LT	534	if (rc) {
1da177e4 LT	535	if (rc == -ENOMEM)
c87a7e75	536	pr_err("SELinux: avtab: out of memory\n");
782ebb99	537	else if (rc == -EEXIST)
c87a7e75	538	pr_err("SELinux: avtab: duplicate entry\n");
9e0bd4cb	539
1da177e4 LT	540	goto bad;
	541	}
	542	}
	543
	544	rc = 0;
	545	out:
	546	return rc;
	547
	548	bad:
	549	avtab_destroy(a);
	550	goto out;
	551	}
	552
f0758616	553	int avtab_write_item(struct policydb p, const struct avtab_node cur, struct policy_file *fp)
cee74f47 EP	554	{
cee74f47 EP	555	__le16 buf16[4];
fa1aa143	556	__le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)];
cee74f47	557	int rc;
fa1aa143	558	unsigned int i;
cee74f47 EP	559
	560	buf16[0] = cpu_to_le16(cur->key.source_type);
	561	buf16[1] = cpu_to_le16(cur->key.target_type);
	562	buf16[2] = cpu_to_le16(cur->key.target_class);
	563	buf16[3] = cpu_to_le16(cur->key.specified);
	564	rc = put_entry(buf16, sizeof(u16), 4, fp);
	565	if (rc)
	566	return rc;
fa1aa143 JVS	567
fa1aa143 JVS	568	if (cur->key.specified & AVTAB_XPERMS) {
00ddc591 PM	569	rc = put_entry(&cur->datum.u.xperms->specified, sizeof(u8), 1,
00ddc591 PM	570	fp);
fa1aa143 JVS	571	if (rc)
	572	return rc;
	573	rc = put_entry(&cur->datum.u.xperms->driver, sizeof(u8), 1, fp);
	574	if (rc)
	575	return rc;
	576	for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++)
	577	buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]);
	578	rc = put_entry(buf32, sizeof(u32),
00ddc591	579	ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp);
fa1aa143 JVS	580	} else {
	581	buf32[0] = cpu_to_le32(cur->datum.u.data);
	582	rc = put_entry(buf32, sizeof(u32), 1, fp);
	583	}
cee74f47 EP	584	if (rc)
	585	return rc;
	586	return 0;
	587	}
	588
f0758616	589	int avtab_write(struct policydb p, struct avtab a, struct policy_file *fp)
cee74f47	590	{
df9d4749	591	u32 i;
cee74f47 EP	592	int rc = 0;
	593	struct avtab_node *cur;
	594	__le32 buf[1];
	595
	596	buf[0] = cpu_to_le32(a->nel);
	597	rc = put_entry(buf, sizeof(u32), 1, fp);
	598	if (rc)
	599	return rc;
	600
	601	for (i = 0; i < a->nslot; i++) {
00ddc591	602	for (cur = a->htable[i]; cur; cur = cur->next) {
cee74f47 EP	603	rc = avtab_write_item(p, cur, fp);
	604	if (rc)
	605	return rc;
	606	}
	607	}
	608
	609	return rc;
	610	}
aa8e712c SS	611
aa8e712c SS	612	void __init avtab_cache_init(void)
1da177e4	613	{
4ad858bd ES	614	avtab_node_cachep = KMEM_CACHE(avtab_node, SLAB_PANIC);
4ad858bd ES	615	avtab_xperms_cachep = KMEM_CACHE(avtab_extended_perms, SLAB_PANIC);
1da177e4	616	}