// SPDX-License-Identifier: GPL-2.0-only /* * Implementation of the policy database. * * Author : Stephen Smalley, <[email protected]> */ /* * Updated: Trusted Computer Solutions, Inc. <[email protected]> * Support for enhanced MLS infrastructure. * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * * Updated: Frank Mayer <[email protected]> and * Karl MacMillan <[email protected]> * Added conditional policy language extensions * Copyright (C) 2003-2004 Tresys Technology, LLC * * Updated: Hewlett-Packard <[email protected]> * Added support for the policy capability bitmap * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. * * Update: Mellanox Techonologies * Added Infiniband support * Copyright (C) 2016 Mellanox Techonologies */ #include <linux/kernel.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/string.h> #include <linux/errno.h> #include <linux/audit.h> #include "security.h" #include "policydb.h" #include "conditional.h" #include "mls.h" #include "services.h" #ifdef CONFIG_SECURITY_SELINUX_DEBUG /* clang-format off */ static const char *const symtab_name[SYM_NUM] = …; /* clang-format off */ #endif struct policydb_compat_info { … }; /* These need to be updated if SYM_NUM or OCON_NUM changes */ static const struct policydb_compat_info policydb_compat[] = …; static const struct policydb_compat_info * policydb_lookup_compat(unsigned int version) { … } /* * The following *_destroy functions are used to * free any memory allocated for each kind of * symbol data in the policy database. */ static int perm_destroy(void *key, void *datum, void *p) { … } static int common_destroy(void *key, void *datum, void *p) { … } static void constraint_expr_destroy(struct constraint_expr *expr) { … } static int cls_destroy(void *key, void *datum, void *p) { … } static int role_destroy(void *key, void *datum, void *p) { … } static int type_destroy(void *key, void *datum, void *p) { … } static int user_destroy(void *key, void *datum, void *p) { … } static int sens_destroy(void *key, void *datum, void *p) { … } static int cat_destroy(void *key, void *datum, void *p) { … } /* clang-format off */ static int (*const destroy_f[SYM_NUM])(void *key, void *datum, void *datap) = …; /* clang-format on */ static int filenametr_destroy(void *key, void *datum, void *p) { … } static int range_tr_destroy(void *key, void *datum, void *p) { … } static int role_tr_destroy(void *key, void *datum, void *p) { … } static void ocontext_destroy(struct ocontext *c, unsigned int i) { … } /* * Initialize the role table. */ static int roles_init(struct policydb *p) { … } static u32 filenametr_hash(const void *k) { … } static int filenametr_cmp(const void *k1, const void *k2) { … } static const struct hashtab_key_params filenametr_key_params = …; struct filename_trans_datum * policydb_filenametr_search(struct policydb *p, struct filename_trans_key *key) { … } static u32 rangetr_hash(const void *k) { … } static int rangetr_cmp(const void *k1, const void *k2) { … } static const struct hashtab_key_params rangetr_key_params = …; struct mls_range *policydb_rangetr_search(struct policydb *p, struct range_trans *key) { … } static u32 role_trans_hash(const void *k) { … } static int role_trans_cmp(const void *k1, const void *k2) { … } static const struct hashtab_key_params roletr_key_params = …; struct role_trans_datum *policydb_roletr_search(struct policydb *p, struct role_trans_key *key) { … } /* * Initialize a policy database structure. */ static void policydb_init(struct policydb *p) { … } /* * The following *_index functions are used to * define the val_to_name and val_to_struct arrays * in a policy database structure. The val_to_name * arrays are used when converting security context * structures into string representations. The * val_to_struct arrays are used when the attributes * of a class, role, or user are needed. */ static int common_index(void *key, void *datum, void *datap) { … } static int class_index(void *key, void *datum, void *datap) { … } static int role_index(void *key, void *datum, void *datap) { … } static int type_index(void *key, void *datum, void *datap) { … } static int user_index(void *key, void *datum, void *datap) { … } static int sens_index(void *key, void *datum, void *datap) { … } static int cat_index(void *key, void *datum, void *datap) { … } /* clang-format off */ static int (*const index_f[SYM_NUM])(void *key, void *datum, void *datap) = …; /* clang-format on */ #ifdef CONFIG_SECURITY_SELINUX_DEBUG static void hash_eval(struct hashtab *h, const char *hash_name, const char *hash_details) { … } static void symtab_hash_eval(struct symtab *s) { … } #else static inline void hash_eval(struct hashtab *h, const char *hash_name, const char *hash_details) { } static inline void symtab_hash_eval(struct symtab *s) { } #endif /* CONFIG_SECURITY_SELINUX_DEBUG */ /* * Define the other val_to_name and val_to_struct arrays * in a policy database structure. * * Caller must clean up on failure. */ static int policydb_index(struct policydb *p) { … } /* * Free any memory allocated by a policy database structure. */ void policydb_destroy(struct policydb *p) { … } /* * Load the initial SIDs specified in a policy database * structure into a SID table. */ int policydb_load_isids(struct policydb *p, struct sidtab *s) { … } int policydb_class_isvalid(struct policydb *p, unsigned int class) { … } int policydb_role_isvalid(struct policydb *p, unsigned int role) { … } int policydb_type_isvalid(struct policydb *p, unsigned int type) { … } /* * Return 1 if the fields in the security context * structure `c' are valid. Return 0 otherwise. */ int policydb_context_isvalid(struct policydb *p, struct context *c) { … } /* * Read a MLS range structure from a policydb binary * representation file. */ static int mls_read_range_helper(struct mls_range *r, void *fp) { … } /* * Read and validate a security context structure * from a policydb binary representation file. */ static int context_read_and_validate(struct context *c, struct policydb *p, void *fp) { … } /* * The following *_read functions are used to * read the symbol data from a policy database * binary representation file. */ static int str_read(char **strp, gfp_t flags, void *fp, u32 len) { … } static int perm_read(struct policydb *p, struct symtab *s, void *fp) { … } static int common_read(struct policydb *p, struct symtab *s, void *fp) { … } static void type_set_init(struct type_set *t) { … } static int type_set_read(struct type_set *t, void *fp) { … } static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, u32 ncons, int allowxtarget, void *fp) { … } static int class_read(struct policydb *p, struct symtab *s, void *fp) { … } static int role_read(struct policydb *p, struct symtab *s, void *fp) { … } static int type_read(struct policydb *p, struct symtab *s, void *fp) { … } /* * Read a MLS level structure from a policydb binary * representation file. */ static int mls_read_level(struct mls_level *lp, void *fp) { … } static int user_read(struct policydb *p, struct symtab *s, void *fp) { … } static int sens_read(struct policydb *p, struct symtab *s, void *fp) { … } static int cat_read(struct policydb *p, struct symtab *s, void *fp) { … } /* clang-format off */ static int (*const read_f[SYM_NUM])(struct policydb *p, struct symtab *s, void *fp) = …; /* clang-format on */ static int user_bounds_sanity_check(void *key, void *datum, void *datap) { … } static int role_bounds_sanity_check(void *key, void *datum, void *datap) { … } static int type_bounds_sanity_check(void *key, void *datum, void *datap) { … } static int policydb_bounds_sanity_check(struct policydb *p) { … } u16 string_to_security_class(struct policydb *p, const char *name) { … } u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) { … } static int range_read(struct policydb *p, void *fp) { … } static int filename_trans_read_helper_compat(struct policydb *p, void *fp) { … } static int filename_trans_read_helper(struct policydb *p, void *fp) { … } static int filename_trans_read(struct policydb *p, void *fp) { … } static int genfs_read(struct policydb *p, void *fp) { … } static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info, void *fp) { … } /* * Read the configuration data from a policy database binary * representation file into a policy database structure. */ int policydb_read(struct policydb *p, void *fp) { … } /* * Write a MLS level structure to a policydb binary * representation file. */ static int mls_write_level(struct mls_level *l, void *fp) { … } /* * Write a MLS range structure to a policydb binary * representation file. */ static int mls_write_range_helper(struct mls_range *r, void *fp) { … } static int sens_write(void *vkey, void *datum, void *ptr) { … } static int cat_write(void *vkey, void *datum, void *ptr) { … } static int role_trans_write_one(void *key, void *datum, void *ptr) { … } static int role_trans_write(struct policydb *p, void *fp) { … } static int role_allow_write(struct role_allow *r, void *fp) { … } /* * Write a security context structure * to a policydb binary representation file. */ static int context_write(struct policydb *p, struct context *c, void *fp) { … } /* * The following *_write functions are used to * write the symbol data to a policy database * binary representation file. */ static int perm_write(void *vkey, void *datum, void *fp) { … } static int common_write(void *vkey, void *datum, void *ptr) { … } static int type_set_write(struct type_set *t, void *fp) { … } static int write_cons_helper(struct policydb *p, struct constraint_node *node, void *fp) { … } static int class_write(void *vkey, void *datum, void *ptr) { … } static int role_write(void *vkey, void *datum, void *ptr) { … } static int type_write(void *vkey, void *datum, void *ptr) { … } static int user_write(void *vkey, void *datum, void *ptr) { … } /* clang-format off */ static int (*const write_f[SYM_NUM])(void *key, void *datum, void *datap) = …; /* clang-format on */ static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info, void *fp) { … } static int genfs_write(struct policydb *p, void *fp) { … } static int range_write_helper(void *key, void *data, void *ptr) { … } static int range_write(struct policydb *p, void *fp) { … } static int filename_write_helper_compat(void *key, void *data, void *ptr) { … } static int filename_write_helper(void *key, void *data, void *ptr) { … } static int filename_trans_write(struct policydb *p, void *fp) { … } /* * Write the configuration data in a policy database * structure to a policy database binary representation * file. */ int policydb_write(struct policydb *p, void *fp) { … }
Codebase Browser
linux