[linux-block.git] / security / selinux / ss / conditional.c

/* Authors: Karl MacMillan <kmacmillan@tresys.com>
 *	    Frank Mayer <mayerf@tresys.com>
 *
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
 *	This program is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation, version 2.
 */

#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/spinlock.h>
#include <linux/slab.h>

#include "security.h"
#include "conditional.h"
#include "services.h"

/*
 * cond_evaluate_expr evaluates a conditional expr
 * in reverse polish notation. It returns true (1), false (0),
 * or undefined (-1). Undefined occurs when the expression
 * exceeds the stack depth of COND_EXPR_MAXDEPTH.
 */
static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
{

	struct cond_expr *cur;
	int s[COND_EXPR_MAXDEPTH];
	int sp = -1;

	for (cur = expr; cur; cur = cur->next) {
		switch (cur->expr_type) {
		case COND_BOOL:
			if (sp == (COND_EXPR_MAXDEPTH - 1))
				return -1;
			sp++;
			s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
			break;
		case COND_NOT:
			if (sp < 0)
				return -1;
			s[sp] = !s[sp];
			break;
		case COND_OR:
			if (sp < 1)
				return -1;
			sp--;
			s[sp] |= s[sp + 1];
			break;
		case COND_AND:
			if (sp < 1)
				return -1;
			sp--;
			s[sp] &= s[sp + 1];
			break;
		case COND_XOR:
			if (sp < 1)
				return -1;
			sp--;
			s[sp] ^= s[sp + 1];
			break;
		case COND_EQ:
			if (sp < 1)
				return -1;
			sp--;
			s[sp] = (s[sp] == s[sp + 1]);
			break;
		case COND_NEQ:
			if (sp < 1)
				return -1;
			sp--;
			s[sp] = (s[sp] != s[sp + 1]);
			break;
		default:
			return -1;
		}
	}
	return s[0];
}

/*
 * evaluate_cond_node evaluates the conditional stored in
 * a struct cond_node and if the result is different than the
 * current state of the node it sets the rules in the true/false
 * list appropriately. If the result of the expression is undefined
 * all of the rules are disabled for safety.
 */
int evaluate_cond_node(struct policydb *p, struct cond_node *node)
{
	int new_state;
	struct cond_av_list *cur;

	new_state = cond_evaluate_expr(p, node->expr);
	if (new_state != node->cur_state) {
		node->cur_state = new_state;
		if (new_state == -1)
			printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
		/* turn the rules on or off */
		for (cur = node->true_list; cur; cur = cur->next) {
			if (new_state <= 0)
				cur->node->key.specified &= ~AVTAB_ENABLED;
			else
				cur->node->key.specified |= AVTAB_ENABLED;
		}

		for (cur = node->false_list; cur; cur = cur->next) {
			/* -1 or 1 */
			if (new_state)
				cur->node->key.specified &= ~AVTAB_ENABLED;
			else
				cur->node->key.specified |= AVTAB_ENABLED;
		}
	}
	return 0;
}

int cond_policydb_init(struct policydb *p)
{
	int rc;

	p->bool_val_to_struct = NULL;
	p->cond_list = NULL;

	rc = avtab_init(&p->te_cond_avtab);
	if (rc)
		return rc;

	return 0;
}

static void cond_av_list_destroy(struct cond_av_list *list)
{
	struct cond_av_list *cur, *next;
	for (cur = list; cur; cur = next) {
		next = cur->next;
		/* the avtab_ptr_t node is destroy by the avtab */
		kfree(cur);
	}
}

static void cond_node_destroy(struct cond_node *node)
{
	struct cond_expr *cur_expr, *next_expr;

	for (cur_expr = node->expr; cur_expr; cur_expr = next_expr) {
		next_expr = cur_expr->next;
		kfree(cur_expr);
	}
	cond_av_list_destroy(node->true_list);
	cond_av_list_destroy(node->false_list);
	kfree(node);
}

static void cond_list_destroy(struct cond_node *list)
{
	struct cond_node *next, *cur;

	if (list == NULL)
		return;

	for (cur = list; cur; cur = next) {
		next = cur->next;
		cond_node_destroy(cur);
	}
}

void cond_policydb_destroy(struct policydb *p)
{
	kfree(p->bool_val_to_struct);
	avtab_destroy(&p->te_cond_avtab);
	cond_list_destroy(p->cond_list);
}

int cond_init_bool_indexes(struct policydb *p)
{
	kfree(p->bool_val_to_struct);
	p->bool_val_to_struct = kmalloc_array(p->p_bools.nprim,
					      sizeof(*p->bool_val_to_struct),
					      GFP_KERNEL);
	if (!p->bool_val_to_struct)
		return -ENOMEM;
	return 0;
}

int cond_destroy_bool(void *key, void *datum, void *p)
{
	kfree(key);
	kfree(datum);
	return 0;
}

int cond_index_bool(void *key, void *datum, void *datap)
{
	struct policydb *p;
	struct cond_bool_datum *booldatum;
	struct flex_array *fa;

	booldatum = datum;
	p = datap;

	if (!booldatum->value || booldatum->value > p->p_bools.nprim)
		return -EINVAL;

	fa = p->sym_val_to_name[SYM_BOOLS];
	if (flex_array_put_ptr(fa, booldatum->value - 1, key,
			       GFP_KERNEL | __GFP_ZERO))
		BUG();
	p->bool_val_to_struct[booldatum->value - 1] = booldatum;

	return 0;
}

static int bool_isvalid(struct cond_bool_datum *b)
{
	if (!(b->state == 0 || b->state == 1))
		return 0;
	return 1;
}

int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
{
	char *key = NULL;
	struct cond_bool_datum *booldatum;
	__le32 buf[3];
	u32 len;
	int rc;

	booldatum = kzalloc(sizeof(*booldatum), GFP_KERNEL);
	if (!booldatum)
		return -ENOMEM;

	rc = next_entry(buf, fp, sizeof buf);
	if (rc)
		goto err;

	booldatum->value = le32_to_cpu(buf[0]);
	booldatum->state = le32_to_cpu(buf[1]);

	rc = -EINVAL;
	if (!bool_isvalid(booldatum))
		goto err;

	len = le32_to_cpu(buf[2]);
	if (((len == 0) || (len == (u32)-1)))
		goto err;

	rc = -ENOMEM;
	key = kmalloc(len + 1, GFP_KERNEL);
	if (!key)
		goto err;
	rc = next_entry(key, fp, len);
	if (rc)
		goto err;
	key[len] = '\0';
	rc = hashtab_insert(h, key, booldatum);
	if (rc)
		goto err;

	return 0;
err:
	cond_destroy_bool(key, booldatum, NULL);
	return rc;
}

struct cond_insertf_data {
	struct policydb *p;
	struct cond_av_list *other;
	struct cond_av_list *head;
	struct cond_av_list *tail;
};

static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *ptr)
{
	struct cond_insertf_data *data = ptr;
	struct policydb *p = data->p;
	struct cond_av_list *other = data->other, *list, *cur;
	struct avtab_node *node_ptr;
	u8 found;
	int rc = -EINVAL;

	/*
	 * For type rules we have to make certain there aren't any
	 * conflicting rules by searching the te_avtab and the
	 * cond_te_avtab.
	 */
	if (k->specified & AVTAB_TYPE) {
		if (avtab_search(&p->te_avtab, k)) {
			printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
			goto err;
		}
		/*
		 * If we are reading the false list other will be a pointer to
		 * the true list. We can have duplicate entries if there is only
		 * 1 other entry and it is in our true list.
		 *
		 * If we are reading the true list (other == NULL) there shouldn't
		 * be any other entries.
		 */
		if (other) {
			node_ptr = avtab_search_node(&p->te_cond_avtab, k);
			if (node_ptr) {
				if (avtab_search_node_next(node_ptr, k->specified)) {
					printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
					goto err;
				}
				found = 0;
				for (cur = other; cur; cur = cur->next) {
					if (cur->node == node_ptr) {
						found = 1;
						break;
					}
				}
				if (!found) {
					printk(KERN_ERR "SELinux: conflicting type rules.\n");
					goto err;
				}
			}
		} else {
			if (avtab_search(&p->te_cond_avtab, k)) {
				printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
				goto err;
			}
		}
	}

	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
	if (!node_ptr) {
		printk(KERN_ERR "SELinux: could not insert rule.\n");
		rc = -ENOMEM;
		goto err;
	}

	list = kzalloc(sizeof(*list), GFP_KERNEL);
	if (!list) {
		rc = -ENOMEM;
		goto err;
	}

	list->node = node_ptr;
	if (!data->head)
		data->head = list;
	else
		data->tail->next = list;
	data->tail = list;
	return 0;

err:
	cond_av_list_destroy(data->head);
	data->head = NULL;
	return rc;
}

static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other)
{
	int i, rc;
	__le32 buf[1];
	u32 len;
	struct cond_insertf_data data;

	*ret_list = NULL;

	rc = next_entry(buf, fp, sizeof(u32));
	if (rc)
		return rc;

	len = le32_to_cpu(buf[0]);
	if (len == 0)
		return 0;

	data.p = p;
	data.other = other;
	data.head = NULL;
	data.tail = NULL;
	for (i = 0; i < len; i++) {
		rc = avtab_read_item(&p->te_cond_avtab, fp, p, cond_insertf,
				     &data);
		if (rc)
			return rc;
	}

	*ret_list = data.head;
	return 0;
}

static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
{
	if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
		printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
		return 0;
	}

	if (expr->bool > p->p_bools.nprim) {
		printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
		return 0;
	}
	return 1;
}

static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
{
	__le32 buf[2];
	u32 len, i;
	int rc;
	struct cond_expr *expr = NULL, *last = NULL;

	rc = next_entry(buf, fp, sizeof(u32) * 2);
	if (rc)
		goto err;

	node->cur_state = le32_to_cpu(buf[0]);

	/* expr */
	len = le32_to_cpu(buf[1]);

	for (i = 0; i < len; i++) {
		rc = next_entry(buf, fp, sizeof(u32) * 2);
		if (rc)
			goto err;

		rc = -ENOMEM;
		expr = kzalloc(sizeof(*expr), GFP_KERNEL);
		if (!expr)
			goto err;

		expr->expr_type = le32_to_cpu(buf[0]);
		expr->bool = le32_to_cpu(buf[1]);

		if (!expr_isvalid(p, expr)) {
			rc = -EINVAL;
			kfree(expr);
			goto err;
		}

		if (i == 0)
			node->expr = expr;
		else
			last->next = expr;
		last = expr;
	}

	rc = cond_read_av_list(p, fp, &node->true_list, NULL);
	if (rc)
		goto err;
	rc = cond_read_av_list(p, fp, &node->false_list, node->true_list);
	if (rc)
		goto err;
	return 0;
err:
	cond_node_destroy(node);
	return rc;
}

int cond_read_list(struct policydb *p, void *fp)
{
	struct cond_node *node, *last = NULL;
	__le32 buf[1];
	u32 i, len;
	int rc;

	rc = next_entry(buf, fp, sizeof buf);
	if (rc)
		return rc;

	len = le32_to_cpu(buf[0]);

	rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
	if (rc)
		goto err;

	for (i = 0; i < len; i++) {
		rc = -ENOMEM;
		node = kzalloc(sizeof(*node), GFP_KERNEL);
		if (!node)
			goto err;

		rc = cond_read_node(p, node, fp);
		if (rc)
			goto err;

		if (i == 0)
			p->cond_list = node;
		else
			last->next = node;
		last = node;
	}
	return 0;
err:
	cond_list_destroy(p->cond_list);
	p->cond_list = NULL;
	return rc;
}

int cond_write_bool(void *vkey, void *datum, void *ptr)
{
	char *key = vkey;
	struct cond_bool_datum *booldatum = datum;
	struct policy_data *pd = ptr;
	void *fp = pd->fp;
	__le32 buf[3];
	u32 len;
	int rc;

	len = strlen(key);
	buf[0] = cpu_to_le32(booldatum->value);
	buf[1] = cpu_to_le32(booldatum->state);
	buf[2] = cpu_to_le32(len);
	rc = put_entry(buf, sizeof(u32), 3, fp);
	if (rc)
		return rc;
	rc = put_entry(key, 1, len, fp);
	if (rc)
		return rc;
	return 0;
}

/*
 * cond_write_cond_av_list doesn't write out the av_list nodes.
 * Instead it writes out the key/value pairs from the avtab. This
 * is necessary because there is no way to uniquely identifying rules
 * in the avtab so it is not possible to associate individual rules
 * in the avtab with a conditional without saving them as part of
 * the conditional. This means that the avtab with the conditional
 * rules will not be saved but will be rebuilt on policy load.
 */
static int cond_write_av_list(struct policydb *p,
			      struct cond_av_list *list, struct policy_file *fp)
{
	__le32 buf[1];
	struct cond_av_list *cur_list;
	u32 len;
	int rc;

	len = 0;
	for (cur_list = list; cur_list != NULL; cur_list = cur_list->next)
		len++;

	buf[0] = cpu_to_le32(len);
	rc = put_entry(buf, sizeof(u32), 1, fp);
	if (rc)
		return rc;

	if (len == 0)
		return 0;

	for (cur_list = list; cur_list != NULL; cur_list = cur_list->next) {
		rc = avtab_write_item(p, cur_list->node, fp);
		if (rc)
			return rc;
	}

	return 0;
}

static int cond_write_node(struct policydb *p, struct cond_node *node,
		    struct policy_file *fp)
{
	struct cond_expr *cur_expr;
	__le32 buf[2];
	int rc;
	u32 len = 0;

	buf[0] = cpu_to_le32(node->cur_state);
	rc = put_entry(buf, sizeof(u32), 1, fp);
	if (rc)
		return rc;

	for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next)
		len++;

	buf[0] = cpu_to_le32(len);
	rc = put_entry(buf, sizeof(u32), 1, fp);
	if (rc)
		return rc;

	for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
		buf[0] = cpu_to_le32(cur_expr->expr_type);
		buf[1] = cpu_to_le32(cur_expr->bool);
		rc = put_entry(buf, sizeof(u32), 2, fp);
		if (rc)
			return rc;
	}

	rc = cond_write_av_list(p, node->true_list, fp);
	if (rc)
		return rc;
	rc = cond_write_av_list(p, node->false_list, fp);
	if (rc)
		return rc;

	return 0;
}

int cond_write_list(struct policydb *p, struct cond_node *list, void *fp)
{
	struct cond_node *cur;
	u32 len;
	__le32 buf[1];
	int rc;

	len = 0;
	for (cur = list; cur != NULL; cur = cur->next)
		len++;
	buf[0] = cpu_to_le32(len);
	rc = put_entry(buf, sizeof(u32), 1, fp);
	if (rc)
		return rc;

	for (cur = list; cur != NULL; cur = cur->next) {
		rc = cond_write_node(p, cur, fp);
		if (rc)
			return rc;
	}

	return 0;
}

void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
		struct extended_perms_decision *xpermd)
{
	struct avtab_node *node;

	if (!ctab || !key || !xpermd)
		return;

	for (node = avtab_search_node(ctab, key); node;
			node = avtab_search_node_next(node, key->specified)) {
		if (node->key.specified & AVTAB_ENABLED)
			services_compute_xperms_decision(xpermd, node);
	}
	return;

}
/* Determine whether additional permissions are granted by the conditional
 * av table, and if so, add them to the result
 */
void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
		struct av_decision *avd, struct extended_perms *xperms)
{
	struct avtab_node *node;

	if (!ctab || !key || !avd)
		return;

	for (node = avtab_search_node(ctab, key); node;
				node = avtab_search_node_next(node, key->specified)) {
		if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) ==
		    (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
			avd->allowed |= node->datum.u.data;
		if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) ==
		    (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
			/* Since a '0' in an auditdeny mask represents a
			 * permission we do NOT want to audit (dontaudit), we use
			 * the '&' operand to ensure that all '0's in the mask
			 * are retained (much unlike the allow and auditallow cases).
			 */
			avd->auditdeny &= node->datum.u.data;
		if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
		    (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
			avd->auditallow |= node->datum.u.data;
		if (xperms && (node->key.specified & AVTAB_ENABLED) &&
				(node->key.specified & AVTAB_XPERMS))
			services_compute_xperms_drivers(xperms, node);
	}
}
Commit	Line	Data
1da177e4	1	/* Authors: Karl MacMillan <kmacmillan@tresys.com>
7c2b240e	2	* Frank Mayer <mayerf@tresys.com>
1da177e4 LT	3	*
	4	* Copyright (C) 2003 - 2004 Tresys Technology, LLC
	5	* This program is free software; you can redistribute it and/or modify
7c2b240e	6	* it under the terms of the GNU General Public License as published by
1da177e4 LT	7	* the Free Software Foundation, version 2.
	8	*/
	9
	10	#include <linux/kernel.h>
	11	#include <linux/errno.h>
	12	#include <linux/string.h>
	13	#include <linux/spinlock.h>
1da177e4 LT	14	#include <linux/slab.h>
	15
	16	#include "security.h"
	17	#include "conditional.h"
fa1aa143	18	#include "services.h"
1da177e4 LT	19
	20	/*
	21	* cond_evaluate_expr evaluates a conditional expr
	22	* in reverse polish notation. It returns true (1), false (0),
	23	* or undefined (-1). Undefined occurs when the expression
	24	* exceeds the stack depth of COND_EXPR_MAXDEPTH.
	25	*/
	26	static int cond_evaluate_expr(struct policydb p, struct cond_expr expr)
	27	{
	28
	29	struct cond_expr *cur;
	30	int s[COND_EXPR_MAXDEPTH];
	31	int sp = -1;
	32
dbc74c65	33	for (cur = expr; cur; cur = cur->next) {
1da177e4 LT	34	switch (cur->expr_type) {
	35	case COND_BOOL:
	36	if (sp == (COND_EXPR_MAXDEPTH - 1))
	37	return -1;
	38	sp++;
	39	s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
	40	break;
	41	case COND_NOT:
	42	if (sp < 0)
	43	return -1;
	44	s[sp] = !s[sp];
	45	break;
	46	case COND_OR:
	47	if (sp < 1)
	48	return -1;
	49	sp--;
	50	s[sp] \|= s[sp + 1];
	51	break;
	52	case COND_AND:
	53	if (sp < 1)
	54	return -1;
	55	sp--;
	56	s[sp] &= s[sp + 1];
	57	break;
	58	case COND_XOR:
	59	if (sp < 1)
	60	return -1;
	61	sp--;
	62	s[sp] ^= s[sp + 1];
	63	break;
	64	case COND_EQ:
	65	if (sp < 1)
	66	return -1;
	67	sp--;
	68	s[sp] = (s[sp] == s[sp + 1]);
	69	break;
	70	case COND_NEQ:
	71	if (sp < 1)
	72	return -1;
	73	sp--;
	74	s[sp] = (s[sp] != s[sp + 1]);
	75	break;
	76	default:
	77	return -1;
	78	}
	79	}
	80	return s[0];
	81	}
	82
	83	/*
	84	* evaluate_cond_node evaluates the conditional stored in
	85	* a struct cond_node and if the result is different than the
	86	* current state of the node it sets the rules in the true/false
	87	* list appropriately. If the result of the expression is undefined
	88	* all of the rules are disabled for safety.
	89	*/
	90	int evaluate_cond_node(struct policydb p, struct cond_node node)
	91	{
	92	int new_state;
7c2b240e	93	struct cond_av_list *cur;
1da177e4 LT	94
	95	new_state = cond_evaluate_expr(p, node->expr);
	96	if (new_state != node->cur_state) {
	97	node->cur_state = new_state;
	98	if (new_state == -1)
454d972c	99	printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
1da177e4	100	/* turn the rules on or off */
dbc74c65	101	for (cur = node->true_list; cur; cur = cur->next) {
7c2b240e	102	if (new_state <= 0)
782ebb99	103	cur->node->key.specified &= ~AVTAB_ENABLED;
7c2b240e	104	else
782ebb99	105	cur->node->key.specified \|= AVTAB_ENABLED;
1da177e4 LT	106	}
1da177e4 LT	107
dbc74c65	108	for (cur = node->false_list; cur; cur = cur->next) {
1da177e4	109	/* -1 or 1 */
7c2b240e	110	if (new_state)
782ebb99	111	cur->node->key.specified &= ~AVTAB_ENABLED;
7c2b240e	112	else
782ebb99	113	cur->node->key.specified \|= AVTAB_ENABLED;
1da177e4 LT	114	}
	115	}
	116	return 0;
	117	}
	118
	119	int cond_policydb_init(struct policydb *p)
	120	{
38184c52 DC	121	int rc;
38184c52 DC	122
1da177e4 LT	123	p->bool_val_to_struct = NULL;
1da177e4 LT	124	p->cond_list = NULL;
38184c52 DC	125
	126	rc = avtab_init(&p->te_cond_avtab);
	127	if (rc)
	128	return rc;
1da177e4 LT	129
	130	return 0;
	131	}
	132
	133	static void cond_av_list_destroy(struct cond_av_list *list)
	134	{
	135	struct cond_av_list cur, next;
dbc74c65	136	for (cur = list; cur; cur = next) {
1da177e4 LT	137	next = cur->next;
	138	/* the avtab_ptr_t node is destroy by the avtab */
	139	kfree(cur);
	140	}
	141	}
	142
	143	static void cond_node_destroy(struct cond_node *node)
	144	{
	145	struct cond_expr cur_expr, next_expr;
	146
dbc74c65	147	for (cur_expr = node->expr; cur_expr; cur_expr = next_expr) {
1da177e4 LT	148	next_expr = cur_expr->next;
	149	kfree(cur_expr);
	150	}
	151	cond_av_list_destroy(node->true_list);
	152	cond_av_list_destroy(node->false_list);
	153	kfree(node);
	154	}
	155
	156	static void cond_list_destroy(struct cond_node *list)
	157	{
	158	struct cond_node next, cur;
	159
	160	if (list == NULL)
	161	return;
	162
dbc74c65	163	for (cur = list; cur; cur = next) {
1da177e4 LT	164	next = cur->next;
	165	cond_node_destroy(cur);
	166	}
	167	}
	168
	169	void cond_policydb_destroy(struct policydb *p)
	170	{
9a5f04bf	171	kfree(p->bool_val_to_struct);
1da177e4 LT	172	avtab_destroy(&p->te_cond_avtab);
	173	cond_list_destroy(p->cond_list);
	174	}
	175
	176	int cond_init_bool_indexes(struct policydb *p)
	177	{
9a5f04bf	178	kfree(p->bool_val_to_struct);
f6076f70 ME	179	p->bool_val_to_struct = kmalloc_array(p->p_bools.nprim,
	180	sizeof(*p->bool_val_to_struct),
	181	GFP_KERNEL);
1da177e4	182	if (!p->bool_val_to_struct)
3ac285ff	183	return -ENOMEM;
1da177e4 LT	184	return 0;
	185	}
	186
	187	int cond_destroy_bool(void key, void datum, void *p)
	188	{
9a5f04bf	189	kfree(key);
1da177e4 LT	190	kfree(datum);
	191	return 0;
	192	}
	193
	194	int cond_index_bool(void key, void datum, void *datap)
	195	{
	196	struct policydb *p;
	197	struct cond_bool_datum *booldatum;
ac76c05b	198	struct flex_array *fa;
1da177e4 LT	199
	200	booldatum = datum;
	201	p = datap;
	202
	203	if (!booldatum->value \|\| booldatum->value > p->p_bools.nprim)
	204	return -EINVAL;
	205
ac76c05b EP	206	fa = p->sym_val_to_name[SYM_BOOLS];
	207	if (flex_array_put_ptr(fa, booldatum->value - 1, key,
	208	GFP_KERNEL \| __GFP_ZERO))
	209	BUG();
7c2b240e	210	p->bool_val_to_struct[booldatum->value - 1] = booldatum;
1da177e4 LT	211
	212	return 0;
	213	}
	214
	215	static int bool_isvalid(struct cond_bool_datum *b)
	216	{
	217	if (!(b->state == 0 \|\| b->state == 1))
	218	return 0;
	219	return 1;
	220	}
	221
	222	int cond_read_bool(struct policydb p, struct hashtab h, void *fp)
	223	{
	224	char *key = NULL;
	225	struct cond_bool_datum *booldatum;
b5bf6c55 AD	226	__le32 buf[3];
b5bf6c55 AD	227	u32 len;
1da177e4 LT	228	int rc;
1da177e4 LT	229
fb13a312	230	booldatum = kzalloc(sizeof(*booldatum), GFP_KERNEL);
1da177e4	231	if (!booldatum)
338437f6	232	return -ENOMEM;
1da177e4 LT	233
1da177e4 LT	234	rc = next_entry(buf, fp, sizeof buf);
338437f6	235	if (rc)
1da177e4 LT	236	goto err;
	237
	238	booldatum->value = le32_to_cpu(buf[0]);
	239	booldatum->state = le32_to_cpu(buf[1]);
	240
338437f6	241	rc = -EINVAL;
1da177e4 LT	242	if (!bool_isvalid(booldatum))
	243	goto err;
	244
	245	len = le32_to_cpu(buf[2]);
7c686af0 WR	246	if (((len == 0) \|\| (len == (u32)-1)))
7c686af0 WR	247	goto err;
1da177e4	248
338437f6	249	rc = -ENOMEM;
1da177e4 LT	250	key = kmalloc(len + 1, GFP_KERNEL);
	251	if (!key)
	252	goto err;
	253	rc = next_entry(key, fp, len);
338437f6	254	if (rc)
1da177e4	255	goto err;
df4ea865	256	key[len] = '\0';
338437f6 DC	257	rc = hashtab_insert(h, key, booldatum);
338437f6 DC	258	if (rc)
1da177e4 LT	259	goto err;
	260
	261	return 0;
	262	err:
	263	cond_destroy_bool(key, booldatum, NULL);
338437f6	264	return rc;
1da177e4 LT	265	}
1da177e4 LT	266
7c2b240e	267	struct cond_insertf_data {
782ebb99 SS	268	struct policydb *p;
	269	struct cond_av_list *other;
	270	struct cond_av_list *head;
	271	struct cond_av_list *tail;
	272	};
	273
	274	static int cond_insertf(struct avtab a, struct avtab_key k, struct avtab_datum d, void ptr)
	275	{
	276	struct cond_insertf_data *data = ptr;
	277	struct policydb *p = data->p;
	278	struct cond_av_list other = data->other, list, *cur;
1da177e4	279	struct avtab_node *node_ptr;
1da177e4	280	u8 found;
9d623b17	281	int rc = -EINVAL;
1da177e4	282
782ebb99 SS	283	/*
	284	* For type rules we have to make certain there aren't any
	285	* conflicting rules by searching the te_avtab and the
	286	* cond_te_avtab.
	287	*/
	288	if (k->specified & AVTAB_TYPE) {
	289	if (avtab_search(&p->te_avtab, k)) {
744ba35e	290	printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
1da177e4	291	goto err;
782ebb99	292	}
1da177e4	293	/*
782ebb99 SS	294	* If we are reading the false list other will be a pointer to
	295	* the true list. We can have duplicate entries if there is only
	296	* 1 other entry and it is in our true list.
	297	*
	298	* If we are reading the true list (other == NULL) there shouldn't
	299	* be any other entries.
1da177e4	300	*/
782ebb99 SS	301	if (other) {
	302	node_ptr = avtab_search_node(&p->te_cond_avtab, k);
	303	if (node_ptr) {
	304	if (avtab_search_node_next(node_ptr, k->specified)) {
744ba35e	305	printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
782ebb99 SS	306	goto err;
	307	}
	308	found = 0;
dbc74c65	309	for (cur = other; cur; cur = cur->next) {
782ebb99 SS	310	if (cur->node == node_ptr) {
	311	found = 1;
	312	break;
1da177e4 LT	313	}
1da177e4 LT	314	}
782ebb99	315	if (!found) {
744ba35e	316	printk(KERN_ERR "SELinux: conflicting type rules.\n");
1da177e4 LT	317	goto err;
	318	}
	319	}
782ebb99 SS	320	} else {
782ebb99 SS	321	if (avtab_search(&p->te_cond_avtab, k)) {
744ba35e	322	printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
782ebb99 SS	323	goto err;
782ebb99 SS	324	}
1da177e4	325	}
782ebb99	326	}
1da177e4	327
782ebb99 SS	328	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
782ebb99 SS	329	if (!node_ptr) {
744ba35e	330	printk(KERN_ERR "SELinux: could not insert rule.\n");
9d623b17	331	rc = -ENOMEM;
782ebb99	332	goto err;
1da177e4 LT	333	}
1da177e4 LT	334
fb13a312	335	list = kzalloc(sizeof(*list), GFP_KERNEL);
9d623b17 DC	336	if (!list) {
9d623b17 DC	337	rc = -ENOMEM;
782ebb99	338	goto err;
9d623b17	339	}
782ebb99 SS	340
	341	list->node = node_ptr;
	342	if (!data->head)
	343	data->head = list;
	344	else
	345	data->tail->next = list;
	346	data->tail = list;
1da177e4	347	return 0;
782ebb99	348
1da177e4	349	err:
782ebb99 SS	350	cond_av_list_destroy(data->head);
782ebb99 SS	351	data->head = NULL;
9d623b17	352	return rc;
1da177e4 LT	353	}
1da177e4 LT	354
782ebb99 SS	355	static int cond_read_av_list(struct policydb p, void fp, struct cond_av_list *ret_list, struct cond_av_list other)
	356	{
	357	int i, rc;
b5bf6c55 AD	358	__le32 buf[1];
b5bf6c55 AD	359	u32 len;
782ebb99 SS	360	struct cond_insertf_data data;
	361
	362	*ret_list = NULL;
	363
782ebb99	364	rc = next_entry(buf, fp, sizeof(u32));
9d623b17 DC	365	if (rc)
9d623b17 DC	366	return rc;
782ebb99 SS	367
782ebb99 SS	368	len = le32_to_cpu(buf[0]);
7c2b240e	369	if (len == 0)
782ebb99	370	return 0;
782ebb99 SS	371
	372	data.p = p;
	373	data.other = other;
	374	data.head = NULL;
	375	data.tail = NULL;
	376	for (i = 0; i < len; i++) {
45e5421e SS	377	rc = avtab_read_item(&p->te_cond_avtab, fp, p, cond_insertf,
45e5421e SS	378	&data);
782ebb99 SS	379	if (rc)
782ebb99 SS	380	return rc;
782ebb99 SS	381	}
	382
	383	*ret_list = data.head;
	384	return 0;
	385	}
	386
1da177e4 LT	387	static int expr_isvalid(struct policydb p, struct cond_expr expr)
	388	{
	389	if (expr->expr_type <= 0 \|\| expr->expr_type > COND_LAST) {
744ba35e	390	printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
1da177e4 LT	391	return 0;
	392	}
	393
	394	if (expr->bool > p->p_bools.nprim) {
744ba35e	395	printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
1da177e4 LT	396	return 0;
	397	}
	398	return 1;
	399	}
	400
	401	static int cond_read_node(struct policydb p, struct cond_node node, void *fp)
	402	{
b5bf6c55 AD	403	__le32 buf[2];
b5bf6c55 AD	404	u32 len, i;
1da177e4 LT	405	int rc;
	406	struct cond_expr expr = NULL, last = NULL;
	407
f004afe6	408	rc = next_entry(buf, fp, sizeof(u32) * 2);
fc5c126e	409	if (rc)
6e51f9cb	410	goto err;
1da177e4 LT	411
	412	node->cur_state = le32_to_cpu(buf[0]);
	413
1da177e4	414	/* expr */
f004afe6	415	len = le32_to_cpu(buf[1]);
1da177e4	416
7c2b240e	417	for (i = 0; i < len; i++) {
1da177e4	418	rc = next_entry(buf, fp, sizeof(u32) * 2);
fc5c126e	419	if (rc)
1da177e4 LT	420	goto err;
1da177e4 LT	421
fc5c126e	422	rc = -ENOMEM;
fb13a312	423	expr = kzalloc(sizeof(*expr), GFP_KERNEL);
7c2b240e	424	if (!expr)
1da177e4	425	goto err;
1da177e4 LT	426
	427	expr->expr_type = le32_to_cpu(buf[0]);
	428	expr->bool = le32_to_cpu(buf[1]);
	429
	430	if (!expr_isvalid(p, expr)) {
fc5c126e	431	rc = -EINVAL;
1da177e4 LT	432	kfree(expr);
	433	goto err;
	434	}
	435
7c2b240e	436	if (i == 0)
1da177e4	437	node->expr = expr;
7c2b240e	438	else
1da177e4	439	last->next = expr;
1da177e4 LT	440	last = expr;
	441	}
	442
fc5c126e DC	443	rc = cond_read_av_list(p, fp, &node->true_list, NULL);
fc5c126e DC	444	if (rc)
1da177e4	445	goto err;
fc5c126e DC	446	rc = cond_read_av_list(p, fp, &node->false_list, node->true_list);
fc5c126e DC	447	if (rc)
1da177e4 LT	448	goto err;
	449	return 0;
	450	err:
	451	cond_node_destroy(node);
fc5c126e	452	return rc;
1da177e4 LT	453	}
	454
	455	int cond_read_list(struct policydb p, void fp)
	456	{
	457	struct cond_node node, last = NULL;
b5bf6c55 AD	458	__le32 buf[1];
b5bf6c55 AD	459	u32 i, len;
1da177e4 LT	460	int rc;
	461
	462	rc = next_entry(buf, fp, sizeof buf);
5241c107 DC	463	if (rc)
5241c107 DC	464	return rc;
1da177e4 LT	465
	466	len = le32_to_cpu(buf[0]);
	467
3232c110 YN	468	rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
	469	if (rc)
	470	goto err;
	471
1da177e4	472	for (i = 0; i < len; i++) {
5241c107	473	rc = -ENOMEM;
fb13a312	474	node = kzalloc(sizeof(*node), GFP_KERNEL);
1da177e4 LT	475	if (!node)
1da177e4 LT	476	goto err;
1da177e4	477
5241c107 DC	478	rc = cond_read_node(p, node, fp);
5241c107 DC	479	if (rc)
1da177e4 LT	480	goto err;
1da177e4 LT	481
7c2b240e	482	if (i == 0)
1da177e4	483	p->cond_list = node;
7c2b240e	484	else
1da177e4	485	last->next = node;
1da177e4 LT	486	last = node;
	487	}
	488	return 0;
	489	err:
	490	cond_list_destroy(p->cond_list);
782ebb99	491	p->cond_list = NULL;
5241c107	492	return rc;
1da177e4 LT	493	}
1da177e4 LT	494
cee74f47 EP	495	int cond_write_bool(void vkey, void datum, void *ptr)
	496	{
	497	char *key = vkey;
	498	struct cond_bool_datum *booldatum = datum;
	499	struct policy_data *pd = ptr;
	500	void *fp = pd->fp;
	501	__le32 buf[3];
	502	u32 len;
	503	int rc;
	504
	505	len = strlen(key);
	506	buf[0] = cpu_to_le32(booldatum->value);
	507	buf[1] = cpu_to_le32(booldatum->state);
	508	buf[2] = cpu_to_le32(len);
	509	rc = put_entry(buf, sizeof(u32), 3, fp);
	510	if (rc)
	511	return rc;
	512	rc = put_entry(key, 1, len, fp);
	513	if (rc)
	514	return rc;
	515	return 0;
	516	}
	517
	518	/*
	519	* cond_write_cond_av_list doesn't write out the av_list nodes.
	520	* Instead it writes out the key/value pairs from the avtab. This
	521	* is necessary because there is no way to uniquely identifying rules
	522	* in the avtab so it is not possible to associate individual rules
	523	* in the avtab with a conditional without saving them as part of
	524	* the conditional. This means that the avtab with the conditional
	525	* rules will not be saved but will be rebuilt on policy load.
	526	*/
	527	static int cond_write_av_list(struct policydb *p,
	528	struct cond_av_list list, struct policy_file fp)
	529	{
	530	__le32 buf[1];
	531	struct cond_av_list *cur_list;
	532	u32 len;
	533	int rc;
	534
	535	len = 0;
	536	for (cur_list = list; cur_list != NULL; cur_list = cur_list->next)
	537	len++;
	538
	539	buf[0] = cpu_to_le32(len);
	540	rc = put_entry(buf, sizeof(u32), 1, fp);
	541	if (rc)
	542	return rc;
	543
	544	if (len == 0)
	545	return 0;
	546
	547	for (cur_list = list; cur_list != NULL; cur_list = cur_list->next) {
	548	rc = avtab_write_item(p, cur_list->node, fp);
	549	if (rc)
	550	return rc;
	551	}
	552
	553	return 0;
	554	}
	555
7b98a585	556	static int cond_write_node(struct policydb p, struct cond_node node,
cee74f47 EP	557	struct policy_file *fp)
	558	{
	559	struct cond_expr *cur_expr;
	560	__le32 buf[2];
	561	int rc;
	562	u32 len = 0;
	563
	564	buf[0] = cpu_to_le32(node->cur_state);
	565	rc = put_entry(buf, sizeof(u32), 1, fp);
	566	if (rc)
	567	return rc;
	568
	569	for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next)
	570	len++;
	571
	572	buf[0] = cpu_to_le32(len);
	573	rc = put_entry(buf, sizeof(u32), 1, fp);
	574	if (rc)
	575	return rc;
	576
	577	for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
	578	buf[0] = cpu_to_le32(cur_expr->expr_type);
	579	buf[1] = cpu_to_le32(cur_expr->bool);
	580	rc = put_entry(buf, sizeof(u32), 2, fp);
	581	if (rc)
	582	return rc;
	583	}
	584
	585	rc = cond_write_av_list(p, node->true_list, fp);
	586	if (rc)
	587	return rc;
	588	rc = cond_write_av_list(p, node->false_list, fp);
	589	if (rc)
	590	return rc;
	591
	592	return 0;
	593	}
	594
	595	int cond_write_list(struct policydb p, struct cond_node list, void *fp)
	596	{
	597	struct cond_node *cur;
	598	u32 len;
	599	__le32 buf[1];
	600	int rc;
	601
	602	len = 0;
	603	for (cur = list; cur != NULL; cur = cur->next)
	604	len++;
	605	buf[0] = cpu_to_le32(len);
	606	rc = put_entry(buf, sizeof(u32), 1, fp);
	607	if (rc)
	608	return rc;
	609
	610	for (cur = list; cur != NULL; cur = cur->next) {
	611	rc = cond_write_node(p, cur, fp);
	612	if (rc)
	613	return rc;
	614	}
	615
	616	return 0;
	617	}
fa1aa143 JVS	618
	619	void cond_compute_xperms(struct avtab ctab, struct avtab_key key,
	620	struct extended_perms_decision *xpermd)
	621	{
	622	struct avtab_node *node;
	623
	624	if (!ctab \|\| !key \|\| !xpermd)
	625	return;
	626
	627	for (node = avtab_search_node(ctab, key); node;
	628	node = avtab_search_node_next(node, key->specified)) {
	629	if (node->key.specified & AVTAB_ENABLED)
	630	services_compute_xperms_decision(xpermd, node);
	631	}
	632	return;
	633
	634	}
1da177e4 LT	635	/* Determine whether additional permissions are granted by the conditional
	636	* av table, and if so, add them to the result
	637	*/
fa1aa143 JVS	638	void cond_compute_av(struct avtab ctab, struct avtab_key key,
fa1aa143 JVS	639	struct av_decision avd, struct extended_perms xperms)
1da177e4 LT	640	{
	641	struct avtab_node *node;
	642
f3bef679	643	if (!ctab \|\| !key \|\| !avd)
1da177e4 LT	644	return;
1da177e4 LT	645
dbc74c65	646	for (node = avtab_search_node(ctab, key); node;
782ebb99	647	node = avtab_search_node_next(node, key->specified)) {
7c2b240e EP	648	if ((u16)(AVTAB_ALLOWED\|AVTAB_ENABLED) ==
7c2b240e EP	649	(node->key.specified & (AVTAB_ALLOWED\|AVTAB_ENABLED)))
fa1aa143	650	avd->allowed \|= node->datum.u.data;
7c2b240e EP	651	if ((u16)(AVTAB_AUDITDENY\|AVTAB_ENABLED) ==
7c2b240e EP	652	(node->key.specified & (AVTAB_AUDITDENY\|AVTAB_ENABLED)))
1da177e4 LT	653	/* Since a '0' in an auditdeny mask represents a
	654	* permission we do NOT want to audit (dontaudit), we use
	655	* the '&' operand to ensure that all '0's in the mask
	656	* are retained (much unlike the allow and auditallow cases).
	657	*/
fa1aa143	658	avd->auditdeny &= node->datum.u.data;
7c2b240e EP	659	if ((u16)(AVTAB_AUDITALLOW\|AVTAB_ENABLED) ==
7c2b240e EP	660	(node->key.specified & (AVTAB_AUDITALLOW\|AVTAB_ENABLED)))
fa1aa143	661	avd->auditallow \|= node->datum.u.data;
f3bef679	662	if (xperms && (node->key.specified & AVTAB_ENABLED) &&
fa1aa143 JVS	663	(node->key.specified & AVTAB_XPERMS))
fa1aa143 JVS	664	services_compute_xperms_drivers(xperms, node);
1da177e4	665	}
1da177e4	666	}