1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * Implementation of the access vector table type.
4 *
5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
6 */
7
8/* Updated: Frank Mayer <mayerf@tresys.com> and
9 * Karl MacMillan <kmacmillan@tresys.com>
10 * Added conditional policy language extensions
11 * Copyright (C) 2003 Tresys Technology, LLC
12 *
13 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
14 * Tuned number of hash slots for avtab to reduce memory usage
15 */
16
17#include <linux/bitops.h>
18#include <linux/kernel.h>
19#include <linux/slab.h>
20#include <linux/errno.h>
21#include "avtab.h"
22#include "policydb.h"
23
24static struct kmem_cache *avtab_node_cachep __ro_after_init;
25static struct kmem_cache *avtab_xperms_cachep __ro_after_init;
26
27/* Based on MurmurHash3, written by Austin Appleby and placed in the
28 * public domain.
29 */
30static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask)
31{
32 static const u32 c1 = 0xcc9e2d51;
33 static const u32 c2 = 0x1b873593;
34 static const u32 r1 = 15;
35 static const u32 r2 = 13;
36 static const u32 m = 5;
37 static const u32 n = 0xe6546b64;
38
39 u32 hash = 0;
40
41#define mix(input) \
42 do { \
43 u32 v = input; \
44 v *= c1; \
45 v = (v << r1) | (v >> (32 - r1)); \
46 v *= c2; \
47 hash ^= v; \
48 hash = (hash << r2) | (hash >> (32 - r2)); \
49 hash = hash * m + n; \
50 } while (0)
51
52 mix(keyp->target_class);
53 mix(keyp->target_type);
54 mix(keyp->source_type);
55
56#undef mix
57
58 hash ^= hash >> 16;
59 hash *= 0x85ebca6b;
60 hash ^= hash >> 13;
61 hash *= 0xc2b2ae35;
62 hash ^= hash >> 16;
63
64 return hash & mask;
65}
66
67static struct avtab_node *avtab_insert_node(struct avtab *h,
68 struct avtab_node **dst,
69 const struct avtab_key *key,
70 const struct avtab_datum *datum)
71{
72 struct avtab_node *newnode;
73 struct avtab_extended_perms *xperms;
74 newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
75 if (newnode == NULL)
76 return NULL;
77 newnode->key = *key;
78
79 if (key->specified & AVTAB_XPERMS) {
80 xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL);
81 if (xperms == NULL) {
82 kmem_cache_free(s: avtab_node_cachep, objp: newnode);
83 return NULL;
84 }
85 *xperms = *(datum->u.xperms);
86 newnode->datum.u.xperms = xperms;
87 } else {
88 newnode->datum.u.data = datum->u.data;
89 }
90
91 newnode->next = *dst;
92 *dst = newnode;
93
94 h->nel++;
95 return newnode;
96}
97
98static int avtab_node_cmp(const struct avtab_key *key1,
99 const struct avtab_key *key2)
100{
101 u16 specified = key1->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
102
103 if (key1->source_type == key2->source_type &&
104 key1->target_type == key2->target_type &&
105 key1->target_class == key2->target_class &&
106 (specified & key2->specified))
107 return 0;
108 if (key1->source_type < key2->source_type)
109 return -1;
110 if (key1->source_type == key2->source_type &&
111 key1->target_type < key2->target_type)
112 return -1;
113 if (key1->source_type == key2->source_type &&
114 key1->target_type == key2->target_type &&
115 key1->target_class < key2->target_class)
116 return -1;
117 return 1;
118}
119
120static int avtab_insert(struct avtab *h, const struct avtab_key *key,
121 const struct avtab_datum *datum)
122{
123 u32 hvalue;
124 struct avtab_node *prev, *cur, *newnode;
125 int cmp;
126
127 if (!h || !h->nslot || h->nel == U32_MAX)
128 return -EINVAL;
129
130 hvalue = avtab_hash(keyp: key, mask: h->mask);
131 for (prev = NULL, cur = h->htable[hvalue]; cur;
132 prev = cur, cur = cur->next) {
133 cmp = avtab_node_cmp(key1: key, key2: &cur->key);
134 /* extended perms may not be unique */
135 if (cmp == 0 && !(key->specified & AVTAB_XPERMS))
136 return -EEXIST;
137 if (cmp <= 0)
138 break;
139 }
140
141 newnode = avtab_insert_node(h, dst: prev ? &prev->next : &h->htable[hvalue],
142 key, datum);
143 if (!newnode)
144 return -ENOMEM;
145
146 return 0;
147}
148
149/* Unlike avtab_insert(), this function allow multiple insertions of the same
150 * key/specified mask into the table, as needed by the conditional avtab.
151 * It also returns a pointer to the node inserted.
152 */
153struct avtab_node *avtab_insert_nonunique(struct avtab *h,
154 const struct avtab_key *key,
155 const struct avtab_datum *datum)
156{
157 u32 hvalue;
158 struct avtab_node *prev, *cur;
159 int cmp;
160
161 if (!h || !h->nslot || h->nel == U32_MAX)
162 return NULL;
163 hvalue = avtab_hash(keyp: key, mask: h->mask);
164 for (prev = NULL, cur = h->htable[hvalue]; cur;
165 prev = cur, cur = cur->next) {
166 cmp = avtab_node_cmp(key1: key, key2: &cur->key);
167 if (cmp <= 0)
168 break;
169 }
170 return avtab_insert_node(h, dst: prev ? &prev->next : &h->htable[hvalue],
171 key, datum);
172}
173
174/* This search function returns a node pointer, and can be used in
175 * conjunction with avtab_search_next_node()
176 */
177struct avtab_node *avtab_search_node(struct avtab *h,
178 const struct avtab_key *key)
179{
180 u32 hvalue;
181 struct avtab_node *cur;
182 int cmp;
183
184 if (!h || !h->nslot)
185 return NULL;
186
187 hvalue = avtab_hash(keyp: key, mask: h->mask);
188 for (cur = h->htable[hvalue]; cur; cur = cur->next) {
189 cmp = avtab_node_cmp(key1: key, key2: &cur->key);
190 if (cmp == 0)
191 return cur;
192 if (cmp < 0)
193 break;
194 }
195 return NULL;
196}
197
198struct avtab_node *avtab_search_node_next(struct avtab_node *node,
199 u16 specified)
200{
201 struct avtab_key tmp_key;
202 struct avtab_node *cur;
203 int cmp;
204
205 if (!node)
206 return NULL;
207 tmp_key = node->key;
208 tmp_key.specified = specified;
209 for (cur = node->next; cur; cur = cur->next) {
210 cmp = avtab_node_cmp(key1: &tmp_key, key2: &cur->key);
211 if (cmp == 0)
212 return cur;
213 if (cmp < 0)
214 break;
215 }
216 return NULL;
217}
218
219void avtab_destroy(struct avtab *h)
220{
221 u32 i;
222 struct avtab_node *cur, *temp;
223
224 if (!h)
225 return;
226
227 for (i = 0; i < h->nslot; i++) {
228 cur = h->htable[i];
229 while (cur) {
230 temp = cur;
231 cur = cur->next;
232 if (temp->key.specified & AVTAB_XPERMS)
233 kmem_cache_free(s: avtab_xperms_cachep,
234 objp: temp->datum.u.xperms);
235 kmem_cache_free(s: avtab_node_cachep, objp: temp);
236 }
237 }
238 kvfree(addr: h->htable);
239 h->htable = NULL;
240 h->nel = 0;
241 h->nslot = 0;
242 h->mask = 0;
243}
244
245void avtab_init(struct avtab *h)
246{
247 h->htable = NULL;
248 h->nel = 0;
249 h->nslot = 0;
250 h->mask = 0;
251}
252
253static int avtab_alloc_common(struct avtab *h, u32 nslot)
254{
255 if (!nslot)
256 return 0;
257
258 h->htable = kvcalloc(nslot, sizeof(void *), GFP_KERNEL);
259 if (!h->htable)
260 return -ENOMEM;
261
262 h->nslot = nslot;
263 h->mask = nslot - 1;
264 return 0;
265}
266
267int avtab_alloc(struct avtab *h, u32 nrules)
268{
269 int rc;
270 u32 nslot = 0;
271
272 if (nrules != 0) {
273 nslot = nrules > 3 ? rounddown_pow_of_two(nrules / 2) : 2;
274 if (nslot > MAX_AVTAB_HASH_BUCKETS)
275 nslot = MAX_AVTAB_HASH_BUCKETS;
276
277 rc = avtab_alloc_common(h, nslot);
278 if (rc)
279 return rc;
280 }
281
282 pr_debug("SELinux: %d avtab hash slots, %d rules.\n", nslot, nrules);
283 return 0;
284}
285
286int avtab_alloc_dup(struct avtab *new, const struct avtab *orig)
287{
288 return avtab_alloc_common(h: new, nslot: orig->nslot);
289}
290
291#ifdef CONFIG_SECURITY_SELINUX_DEBUG
292void avtab_hash_eval(struct avtab *h, const char *tag)
293{
294 u32 i, chain_len, slots_used, max_chain_len;
295 unsigned long long chain2_len_sum;
296 struct avtab_node *cur;
297
298 slots_used = 0;
299 max_chain_len = 0;
300 chain2_len_sum = 0;
301 for (i = 0; i < h->nslot; i++) {
302 cur = h->htable[i];
303 if (cur) {
304 slots_used++;
305 chain_len = 0;
306 while (cur) {
307 chain_len++;
308 cur = cur->next;
309 }
310
311 if (chain_len > max_chain_len)
312 max_chain_len = chain_len;
313 chain2_len_sum +=
314 (unsigned long long)chain_len * chain_len;
315 }
316 }
317
318 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
319 "longest chain length %d, sum of chain length^2 %llu\n",
320 tag, h->nel, slots_used, h->nslot, max_chain_len,
321 chain2_len_sum);
322}
323#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
324
325/* clang-format off */
326static const uint16_t spec_order[] = {
327 AVTAB_ALLOWED,
328 AVTAB_AUDITDENY,
329 AVTAB_AUDITALLOW,
330 AVTAB_TRANSITION,
331 AVTAB_CHANGE,
332 AVTAB_MEMBER,
333 AVTAB_XPERMS_ALLOWED,
334 AVTAB_XPERMS_AUDITALLOW,
335 AVTAB_XPERMS_DONTAUDIT
336};
337/* clang-format on */
338
339int avtab_read_item(struct avtab *a, struct policy_file *fp, struct policydb *pol,
340 int (*insertf)(struct avtab *a, const struct avtab_key *k,
341 const struct avtab_datum *d, void *p),
342 void *p, bool conditional)
343{
344 __le16 buf16[4];
345 u16 enabled;
346 u32 items, items2, val, i;
347 struct avtab_key key;
348 struct avtab_datum datum;
349 struct avtab_extended_perms xperms;
350 __le32 buf32[ARRAY_SIZE(xperms.perms.p)];
351 int rc;
352 unsigned int set, vers = pol->policyvers;
353
354 memset(s: &key, c: 0, n: sizeof(struct avtab_key));
355 memset(s: &datum, c: 0, n: sizeof(struct avtab_datum));
356
357 if (vers < POLICYDB_VERSION_AVTAB) {
358 rc = next_entry(buf: buf32, fp, bytes: sizeof(u32));
359 if (rc) {
360 pr_err("SELinux: avtab: truncated entry\n");
361 return rc;
362 }
363 items2 = le32_to_cpu(buf32[0]);
364 if (items2 > ARRAY_SIZE(buf32)) {
365 pr_err("SELinux: avtab: entry overflow\n");
366 return -EINVAL;
367 }
368 rc = next_entry(buf: buf32, fp, bytes: sizeof(u32) * items2);
369 if (rc) {
370 pr_err("SELinux: avtab: truncated entry\n");
371 return rc;
372 }
373 items = 0;
374
375 val = le32_to_cpu(buf32[items++]);
376 key.source_type = (u16)val;
377 if (key.source_type != val) {
378 pr_err("SELinux: avtab: truncated source type\n");
379 return -EINVAL;
380 }
381 val = le32_to_cpu(buf32[items++]);
382 key.target_type = (u16)val;
383 if (key.target_type != val) {
384 pr_err("SELinux: avtab: truncated target type\n");
385 return -EINVAL;
386 }
387 val = le32_to_cpu(buf32[items++]);
388 key.target_class = (u16)val;
389 if (key.target_class != val) {
390 pr_err("SELinux: avtab: truncated target class\n");
391 return -EINVAL;
392 }
393
394 val = le32_to_cpu(buf32[items++]);
395 enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
396
397 if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
398 pr_err("SELinux: avtab: null entry\n");
399 return -EINVAL;
400 }
401 if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) {
402 pr_err("SELinux: avtab: entry has both access vectors and types\n");
403 return -EINVAL;
404 }
405 if (val & AVTAB_XPERMS) {
406 pr_err("SELinux: avtab: entry has extended permissions\n");
407 return -EINVAL;
408 }
409
410 for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
411 if (val & spec_order[i]) {
412 key.specified = spec_order[i] | enabled;
413 datum.u.data = le32_to_cpu(buf32[items++]);
414 rc = insertf(a, &key, &datum, p);
415 if (rc)
416 return rc;
417 }
418 }
419
420 if (items != items2) {
421 pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
422 items2, items);
423 return -EINVAL;
424 }
425 return 0;
426 }
427
428 rc = next_entry(buf: buf16, fp, bytes: sizeof(u16) * 4);
429 if (rc) {
430 pr_err("SELinux: avtab: truncated entry\n");
431 return rc;
432 }
433
434 items = 0;
435 key.source_type = le16_to_cpu(buf16[items++]);
436 key.target_type = le16_to_cpu(buf16[items++]);
437 key.target_class = le16_to_cpu(buf16[items++]);
438 key.specified = le16_to_cpu(buf16[items++]);
439
440 if (!policydb_type_isvalid(p: pol, type: key.source_type) ||
441 !policydb_type_isvalid(p: pol, type: key.target_type) ||
442 !policydb_class_isvalid(p: pol, class: key.target_class)) {
443 pr_err("SELinux: avtab: invalid type or class\n");
444 return -EINVAL;
445 }
446
447 set = hweight16(key.specified & (AVTAB_XPERMS | AVTAB_TYPE | AVTAB_AV));
448 if (!set || set > 1) {
449 pr_err("SELinux: avtab: more than one specifier\n");
450 return -EINVAL;
451 }
452
453 if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
454 (key.specified & AVTAB_XPERMS)) {
455 pr_err("SELinux: avtab: policy version %u does not "
456 "support extended permissions rules and one "
457 "was specified\n",
458 vers);
459 return -EINVAL;
460 } else if ((vers < POLICYDB_VERSION_COND_XPERMS) &&
461 (key.specified & AVTAB_XPERMS) && conditional) {
462 pr_err("SELinux: avtab: policy version %u does not "
463 "support extended permissions rules in conditional "
464 "policies and one was specified\n",
465 vers);
466 return -EINVAL;
467 } else if (key.specified & AVTAB_XPERMS) {
468 memset(s: &xperms, c: 0, n: sizeof(struct avtab_extended_perms));
469 rc = next_entry(buf: &xperms.specified, fp, bytes: sizeof(u8));
470 if (rc) {
471 pr_err("SELinux: avtab: truncated entry\n");
472 return rc;
473 }
474 rc = next_entry(buf: &xperms.driver, fp, bytes: sizeof(u8));
475 if (rc) {
476 pr_err("SELinux: avtab: truncated entry\n");
477 return rc;
478 }
479 rc = next_entry(buf: buf32, fp,
480 bytes: sizeof(u32) * ARRAY_SIZE(xperms.perms.p));
481 if (rc) {
482 pr_err("SELinux: avtab: truncated entry\n");
483 return rc;
484 }
485 for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
486 xperms.perms.p[i] = le32_to_cpu(buf32[i]);
487 datum.u.xperms = &xperms;
488 } else {
489 rc = next_entry(buf: buf32, fp, bytes: sizeof(u32));
490 if (rc) {
491 pr_err("SELinux: avtab: truncated entry\n");
492 return rc;
493 }
494 datum.u.data = le32_to_cpu(*buf32);
495 }
496 if ((key.specified & AVTAB_TYPE) &&
497 !policydb_type_isvalid(p: pol, type: datum.u.data)) {
498 pr_err("SELinux: avtab: invalid type\n");
499 return -EINVAL;
500 }
501 return insertf(a, &key, &datum, p);
502}
503
504static int avtab_insertf(struct avtab *a, const struct avtab_key *k,
505 const struct avtab_datum *d, void *p)
506{
507 return avtab_insert(h: a, key: k, datum: d);
508}
509
510int avtab_read(struct avtab *a, struct policy_file *fp, struct policydb *pol)
511{
512 int rc;
513 __le32 buf[1];
514 u32 nel, i;
515
516 rc = next_entry(buf, fp, bytes: sizeof(u32));
517 if (rc < 0) {
518 pr_err("SELinux: avtab: truncated table\n");
519 goto bad;
520 }
521 nel = le32_to_cpu(buf[0]);
522 if (!nel) {
523 pr_err("SELinux: avtab: table is empty\n");
524 rc = -EINVAL;
525 goto bad;
526 }
527
528 rc = avtab_alloc(h: a, nrules: nel);
529 if (rc)
530 goto bad;
531
532 for (i = 0; i < nel; i++) {
533 rc = avtab_read_item(a, fp, pol, insertf: avtab_insertf, NULL, conditional: false);
534 if (rc) {
535 if (rc == -ENOMEM)
536 pr_err("SELinux: avtab: out of memory\n");
537 else if (rc == -EEXIST)
538 pr_err("SELinux: avtab: duplicate entry\n");
539
540 goto bad;
541 }
542 }
543
544 rc = 0;
545out:
546 return rc;
547
548bad:
549 avtab_destroy(h: a);
550 goto out;
551}
552
553int avtab_write_item(struct policydb *p, const struct avtab_node *cur, struct policy_file *fp)
554{
555 __le16 buf16[4];
556 __le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)];
557 int rc;
558 unsigned int i;
559
560 buf16[0] = cpu_to_le16(cur->key.source_type);
561 buf16[1] = cpu_to_le16(cur->key.target_type);
562 buf16[2] = cpu_to_le16(cur->key.target_class);
563 buf16[3] = cpu_to_le16(cur->key.specified);
564 rc = put_entry(buf: buf16, bytes: sizeof(u16), num: 4, fp);
565 if (rc)
566 return rc;
567
568 if (cur->key.specified & AVTAB_XPERMS) {
569 rc = put_entry(buf: &cur->datum.u.xperms->specified, bytes: sizeof(u8), num: 1,
570 fp);
571 if (rc)
572 return rc;
573 rc = put_entry(buf: &cur->datum.u.xperms->driver, bytes: sizeof(u8), num: 1, fp);
574 if (rc)
575 return rc;
576 for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++)
577 buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]);
578 rc = put_entry(buf: buf32, bytes: sizeof(u32),
579 ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp);
580 } else {
581 buf32[0] = cpu_to_le32(cur->datum.u.data);
582 rc = put_entry(buf: buf32, bytes: sizeof(u32), num: 1, fp);
583 }
584 if (rc)
585 return rc;
586 return 0;
587}
588
589int avtab_write(struct policydb *p, struct avtab *a, struct policy_file *fp)
590{
591 u32 i;
592 int rc = 0;
593 struct avtab_node *cur;
594 __le32 buf[1];
595
596 buf[0] = cpu_to_le32(a->nel);
597 rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
598 if (rc)
599 return rc;
600
601 for (i = 0; i < a->nslot; i++) {
602 for (cur = a->htable[i]; cur; cur = cur->next) {
603 rc = avtab_write_item(p, cur, fp);
604 if (rc)
605 return rc;
606 }
607 }
608
609 return rc;
610}
611
612void __init avtab_cache_init(void)
613{
614 avtab_node_cachep = KMEM_CACHE(avtab_node, SLAB_PANIC);
615 avtab_xperms_cachep = KMEM_CACHE(avtab_extended_perms, SLAB_PANIC);
616}
617