libsepol/src/policydb.c

*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* Author : Stephen Smalley, <[email protected]> */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Updated: Trusted Computer Solutions, Inc. <[email protected]>
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker *	Support for enhanced MLS infrastructure.
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker * Updated: Frank Mayer <[email protected]> and Karl MacMillan <[email protected]>
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker * 	Added conditional policy language extensions
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker * Updated: Red Hat, Inc.  James Morris <[email protected]>
*2d543d20SAndroid Build Coastguard Worker *      Fine-grained netlink support
*2d543d20SAndroid Build Coastguard Worker *      IPv6 support
*2d543d20SAndroid Build Coastguard Worker *      Code cleanup
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2003 - 2005 Tresys Technology, LLC
*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2003 - 2007 Red Hat, Inc.
*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2017 Mellanox Technologies Inc.
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker *  This library is free software; you can redistribute it and/or
*2d543d20SAndroid Build Coastguard Worker *  modify it under the terms of the GNU Lesser General Public
*2d543d20SAndroid Build Coastguard Worker *  License as published by the Free Software Foundation; either
*2d543d20SAndroid Build Coastguard Worker *  version 2.1 of the License, or (at your option) any later version.
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker *  This library is distributed in the hope that it will be useful,
*2d543d20SAndroid Build Coastguard Worker *  but WITHOUT ANY WARRANTY; without even the implied warranty of
*2d543d20SAndroid Build Coastguard Worker *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
*2d543d20SAndroid Build Coastguard Worker *  Lesser General Public License for more details.
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker *  You should have received a copy of the GNU Lesser General Public
*2d543d20SAndroid Build Coastguard Worker *  License along with this library; if not, write to the Free Software
*2d543d20SAndroid Build Coastguard Worker *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* FLASK */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Implementation of the policy database.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker#include <assert.h>
*2d543d20SAndroid Build Coastguard Worker#include <stdlib.h>
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker#include <sepol/policydb/policydb.h>
*2d543d20SAndroid Build Coastguard Worker#include <sepol/policydb/expand.h>
*2d543d20SAndroid Build Coastguard Worker#include <sepol/policydb/conditional.h>
*2d543d20SAndroid Build Coastguard Worker#include <sepol/policydb/avrule_block.h>
*2d543d20SAndroid Build Coastguard Worker#include <sepol/policydb/util.h>
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker#include "kernel_to_common.h"
*2d543d20SAndroid Build Coastguard Worker#include "private.h"
*2d543d20SAndroid Build Coastguard Worker#include "debug.h"
*2d543d20SAndroid Build Coastguard Worker#include "mls.h"
*2d543d20SAndroid Build Coastguard Worker#include "policydb_validate.h"
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker#define POLICYDB_TARGET_SZ   ARRAY_SIZE(policydb_target_strings)
*2d543d20SAndroid Build Coastguard Workerconst char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* These need to be updated if SYM_NUM or OCON_NUM changes */
*2d543d20SAndroid Build Coastguard Workerstatic const struct policydb_compat_info policydb_compat[] = {
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_BOUNDARY,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_XEN_PCIDEVICE + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_XEN,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_XEN_DEVICETREE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_XEN_DEVICETREE + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_XEN,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM - 3,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_FSUSE + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_BOOL,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM - 2,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_FSUSE + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_IPV6,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM - 2,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_NLCLASS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM - 2,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_MLS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_AVTAB,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_RANGETRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_POLCAP,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_PERMISSIVE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker        {
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_BOUNDARY,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_FILENAME_TRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_ROLETRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_DEFAULT_TYPE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_XPERMS_IOCTL,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_INFINIBAND,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_IBENDPORT + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_GLBLUB,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_IBENDPORT + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_KERN,
*2d543d20SAndroid Build Coastguard Worker	 .version = POLICYDB_VERSION_COMP_FTRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_IBENDPORT + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_MLS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_MLS_USERS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_POLCAP,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_BOUNDARY,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_ROLETRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_NODE6 + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_INFINIBAND,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_IBENDPORT + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_GLBLUB,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_IBENDPORT + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = OCON_IBENDPORT + 1,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_BASE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_MLS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_MLS_USERS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_POLCAP,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	 },
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_BOUNDARY,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_ROLETRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_INFINIBAND,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_GLBLUB,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker	{
*2d543d20SAndroid Build Coastguard Worker	 .type = POLICY_MOD,
*2d543d20SAndroid Build Coastguard Worker	 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS,
*2d543d20SAndroid Build Coastguard Worker	 .sym_num = SYM_NUM,
*2d543d20SAndroid Build Coastguard Worker	 .ocon_num = 0,
*2d543d20SAndroid Build Coastguard Worker	 .target_platform = SEPOL_TARGET_SELINUX,
*2d543d20SAndroid Build Coastguard Worker	},
*2d543d20SAndroid Build Coastguard Worker};
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker#if 0
*2d543d20SAndroid Build Coastguard Workerstatic char *symtab_name[SYM_NUM] = {
*2d543d20SAndroid Build Coastguard Worker	"common prefixes",
*2d543d20SAndroid Build Coastguard Worker	"classes",
*2d543d20SAndroid Build Coastguard Worker	"roles",
*2d543d20SAndroid Build Coastguard Worker	"types",
*2d543d20SAndroid Build Coastguard Worker	"users",
*2d543d20SAndroid Build Coastguard Worker	"bools" mls_symtab_names cond_symtab_names
*2d543d20SAndroid Build Coastguard Worker};
*2d543d20SAndroid Build Coastguard Worker#endif
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic const unsigned int symtab_sizes[SYM_NUM] = {
*2d543d20SAndroid Build Coastguard Worker	2,
*2d543d20SAndroid Build Coastguard Worker	32,
*2d543d20SAndroid Build Coastguard Worker	16,
*2d543d20SAndroid Build Coastguard Worker	512,
*2d543d20SAndroid Build Coastguard Worker	128,
*2d543d20SAndroid Build Coastguard Worker	16,
*2d543d20SAndroid Build Coastguard Worker	16,
*2d543d20SAndroid Build Coastguard Worker	16,
*2d543d20SAndroid Build Coastguard Worker};
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerconst struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
*2d543d20SAndroid Build Coastguard Worker						          unsigned int type,
*2d543d20SAndroid Build Coastguard Worker						          unsigned int target_platform)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	const struct policydb_compat_info *info = NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
*2d543d20SAndroid Build Coastguard Worker		if (policydb_compat[i].version == version &&
*2d543d20SAndroid Build Coastguard Worker		    policydb_compat[i].type == type &&
*2d543d20SAndroid Build Coastguard Worker		    policydb_compat[i].target_platform == target_platform) {
*2d543d20SAndroid Build Coastguard Worker			info = &policydb_compat[i];
*2d543d20SAndroid Build Coastguard Worker			break;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return info;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid type_set_init(type_set_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(type_set_t));
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->types);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->negset);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid type_set_destroy(type_set_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->types);
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->negset);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_set_init(role_set_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(role_set_t));
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->roles);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_set_destroy(role_set_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&x->roles);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_datum_init(role_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(role_datum_t));
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->dominates);
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->types);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->cache);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->roles);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_datum_destroy(role_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->dominates);
*2d543d20SAndroid Build Coastguard Worker		type_set_destroy(&x->types);
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->cache);
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->roles);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid type_datum_init(type_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(*x));
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->types);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid type_datum_destroy(type_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->types);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid user_datum_init(user_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(user_datum_t));
*2d543d20SAndroid Build Coastguard Worker	role_set_init(&x->roles);
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_range_init(&x->range);
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_level_init(&x->dfltlevel);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->cache);
*2d543d20SAndroid Build Coastguard Worker	mls_range_init(&x->exp_range);
*2d543d20SAndroid Build Coastguard Worker	mls_level_init(&x->exp_dfltlevel);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid user_datum_destroy(user_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		role_set_destroy(&x->roles);
*2d543d20SAndroid Build Coastguard Worker		mls_semantic_range_destroy(&x->range);
*2d543d20SAndroid Build Coastguard Worker		mls_semantic_level_destroy(&x->dfltlevel);
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->cache);
*2d543d20SAndroid Build Coastguard Worker		mls_range_destroy(&x->exp_range);
*2d543d20SAndroid Build Coastguard Worker		mls_level_destroy(&x->exp_dfltlevel);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid level_datum_init(level_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(level_datum_t));
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	/* the mls_level_t referenced by the level_datum is managed
*2d543d20SAndroid Build Coastguard Worker	 * separately for now, so there is nothing to destroy */
*2d543d20SAndroid Build Coastguard Worker	return;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid cat_datum_init(cat_datum_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(cat_datum_t));
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	/* it's currently a simple struct - really nothing to destroy */
*2d543d20SAndroid Build Coastguard Worker	return;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid class_perm_node_init(class_perm_node_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(class_perm_node_t));
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid avrule_init(avrule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(avrule_t));
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->stypes);
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->ttypes);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid avrule_destroy(avrule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	class_perm_node_t *cur, *next;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (x == NULL) {
*2d543d20SAndroid Build Coastguard Worker		return;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(&x->stypes);
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(&x->ttypes);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(x->source_filename);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	next = x->perms;
*2d543d20SAndroid Build Coastguard Worker	while (next) {
*2d543d20SAndroid Build Coastguard Worker		cur = next;
*2d543d20SAndroid Build Coastguard Worker		next = cur->next;
*2d543d20SAndroid Build Coastguard Worker		free(cur);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(x->xperms);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_trans_rule_init(role_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(*x));
*2d543d20SAndroid Build Coastguard Worker	role_set_init(&x->roles);
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->types);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->classes);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic void role_trans_rule_destroy(role_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		role_set_destroy(&x->roles);
*2d543d20SAndroid Build Coastguard Worker		type_set_destroy(&x->types);
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&x->classes);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_trans_rule_list_destroy(role_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	while (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		role_trans_rule_t *next = x->next;
*2d543d20SAndroid Build Coastguard Worker		role_trans_rule_destroy(x);
*2d543d20SAndroid Build Coastguard Worker		free(x);
*2d543d20SAndroid Build Coastguard Worker		x = next;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid filename_trans_rule_init(filename_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(*x));
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->stypes);
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->ttypes);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic void filename_trans_rule_destroy(filename_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (!x)
*2d543d20SAndroid Build Coastguard Worker		return;
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(&x->stypes);
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(&x->ttypes);
*2d543d20SAndroid Build Coastguard Worker	free(x->name);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid filename_trans_rule_list_destroy(filename_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	filename_trans_rule_t *next;
*2d543d20SAndroid Build Coastguard Worker	while (x) {
*2d543d20SAndroid Build Coastguard Worker		next = x->next;
*2d543d20SAndroid Build Coastguard Worker		filename_trans_rule_destroy(x);
*2d543d20SAndroid Build Coastguard Worker		free(x);
*2d543d20SAndroid Build Coastguard Worker		x = next;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_allow_rule_init(role_allow_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(x, 0, sizeof(role_allow_rule_t));
*2d543d20SAndroid Build Coastguard Worker	role_set_init(&x->roles);
*2d543d20SAndroid Build Coastguard Worker	role_set_init(&x->new_roles);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_allow_rule_destroy(role_allow_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	role_set_destroy(&x->roles);
*2d543d20SAndroid Build Coastguard Worker	role_set_destroy(&x->new_roles);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid role_allow_rule_list_destroy(role_allow_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	while (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		role_allow_rule_t *next = x->next;
*2d543d20SAndroid Build Coastguard Worker		role_allow_rule_destroy(x);
*2d543d20SAndroid Build Coastguard Worker		free(x);
*2d543d20SAndroid Build Coastguard Worker		x = next;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid range_trans_rule_init(range_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->stypes);
*2d543d20SAndroid Build Coastguard Worker	type_set_init(&x->ttypes);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&x->tclasses);
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_range_init(&x->trange);
*2d543d20SAndroid Build Coastguard Worker	x->next = NULL;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid range_trans_rule_destroy(range_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(&x->stypes);
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(&x->ttypes);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&x->tclasses);
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_range_destroy(&x->trange);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid range_trans_rule_list_destroy(range_trans_rule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	while (x != NULL) {
*2d543d20SAndroid Build Coastguard Worker		range_trans_rule_t *next = x->next;
*2d543d20SAndroid Build Coastguard Worker		range_trans_rule_destroy(x);
*2d543d20SAndroid Build Coastguard Worker		free(x);
*2d543d20SAndroid Build Coastguard Worker		x = next;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid avrule_list_destroy(avrule_t * x)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	avrule_t *next, *cur;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!x)
*2d543d20SAndroid Build Coastguard Worker		return;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	next = x;
*2d543d20SAndroid Build Coastguard Worker	while (next) {
*2d543d20SAndroid Build Coastguard Worker		cur = next;
*2d543d20SAndroid Build Coastguard Worker		next = next->next;
*2d543d20SAndroid Build Coastguard Worker		avrule_destroy(cur);
*2d543d20SAndroid Build Coastguard Worker		free(cur);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Initialize the role table by implicitly adding role 'object_r'.  If
*2d543d20SAndroid Build Coastguard Worker * the policy is a module, set object_r's scope to be SCOPE_REQ,
*2d543d20SAndroid Build Coastguard Worker * otherwise set it to SCOPE_DECL.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic int roles_init(policydb_t * p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker	role_datum_t *role;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	role = calloc(1, sizeof(role_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!role) {
*2d543d20SAndroid Build Coastguard Worker		rc = -ENOMEM;
*2d543d20SAndroid Build Coastguard Worker		goto out;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	key = strdup(OBJECT_R);
*2d543d20SAndroid Build Coastguard Worker	if (!key) {
*2d543d20SAndroid Build Coastguard Worker		rc = -ENOMEM;
*2d543d20SAndroid Build Coastguard Worker		goto out_free_role;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	rc = symtab_insert(p, SYM_ROLES, key, role,
*2d543d20SAndroid Build Coastguard Worker			   (p->policy_type ==
*2d543d20SAndroid Build Coastguard Worker			    POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
*2d543d20SAndroid Build Coastguard Worker			   &role->s.value);
*2d543d20SAndroid Build Coastguard Worker	if (rc)
*2d543d20SAndroid Build Coastguard Worker		goto out_free_key;
*2d543d20SAndroid Build Coastguard Worker	if (role->s.value != OBJECT_R_VAL) {
*2d543d20SAndroid Build Coastguard Worker		rc = -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		goto out_free_role;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker      out:
*2d543d20SAndroid Build Coastguard Worker	return rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      out_free_key:
*2d543d20SAndroid Build Coastguard Worker	free(key);
*2d543d20SAndroid Build Coastguard Worker      out_free_role:
*2d543d20SAndroid Build Coastguard Worker	free(role);
*2d543d20SAndroid Build Coastguard Worker	goto out;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerignore_unsigned_overflow_
*2d543d20SAndroid Build Coastguard Workerstatic inline unsigned long
*2d543d20SAndroid Build Coastguard Workerpartial_name_hash(unsigned long c, unsigned long prevhash)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	return (prevhash + (c << 4) + (c >> 4)) * 11;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	const filename_trans_key_t *ft = (const filename_trans_key_t *)k;
*2d543d20SAndroid Build Coastguard Worker	unsigned long hash;
*2d543d20SAndroid Build Coastguard Worker	unsigned int byte_num;
*2d543d20SAndroid Build Coastguard Worker	unsigned char focus;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	hash = ft->ttype ^ ft->tclass;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	byte_num = 0;
*2d543d20SAndroid Build Coastguard Worker	while ((focus = ft->name[byte_num++]))
*2d543d20SAndroid Build Coastguard Worker		hash = partial_name_hash(focus, hash);
*2d543d20SAndroid Build Coastguard Worker	return hash & (h->size - 1);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
*2d543d20SAndroid Build Coastguard Worker			  const_hashtab_key_t k1, const_hashtab_key_t k2)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	const filename_trans_key_t *ft1 = (const filename_trans_key_t *)k1;
*2d543d20SAndroid Build Coastguard Worker	const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
*2d543d20SAndroid Build Coastguard Worker	int v;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	v = spaceship_cmp(ft1->ttype, ft2->ttype);
*2d543d20SAndroid Build Coastguard Worker	if (v)
*2d543d20SAndroid Build Coastguard Worker		return v;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	v = spaceship_cmp(ft1->tclass, ft2->tclass);
*2d543d20SAndroid Build Coastguard Worker	if (v)
*2d543d20SAndroid Build Coastguard Worker		return v;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return strcmp(ft1->name, ft2->name);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	const struct range_trans *key = (const struct range_trans *)k;
*2d543d20SAndroid Build Coastguard Worker	return (key->source_type + (key->target_type << 3) +
*2d543d20SAndroid Build Coastguard Worker		(key->target_class << 5)) & (h->size - 1);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
*2d543d20SAndroid Build Coastguard Worker		       const_hashtab_key_t k1, const_hashtab_key_t k2)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	const struct range_trans *key1 = (const struct range_trans *)k1;
*2d543d20SAndroid Build Coastguard Worker	const struct range_trans *key2 = (const struct range_trans *)k2;
*2d543d20SAndroid Build Coastguard Worker	int v;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	v = spaceship_cmp(key1->source_type, key2->source_type);
*2d543d20SAndroid Build Coastguard Worker	if (v)
*2d543d20SAndroid Build Coastguard Worker		return v;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	v = spaceship_cmp(key1->target_type, key2->target_type);
*2d543d20SAndroid Build Coastguard Worker	if (v)
*2d543d20SAndroid Build Coastguard Worker		return v;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	v = spaceship_cmp(key1->target_class, key2->target_class);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return v;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Initialize a policy database structure.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint policydb_init(policydb_t * p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int i, rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	memset(p, 0, sizeof(policydb_t));
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < SYM_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		p->sym_val_to_name[i] = NULL;
*2d543d20SAndroid Build Coastguard Worker		rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
*2d543d20SAndroid Build Coastguard Worker		if (rc)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* initialize the module stuff */
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < SYM_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		if (symtab_init(&p->scope[i], symtab_sizes[i])) {
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if ((p->global = avrule_block_create()) == NULL ||
*2d543d20SAndroid Build Coastguard Worker	    (p->global->branch_list = avrule_decl_create(1)) == NULL) {
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	p->decl_val_to_struct = NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = avtab_init(&p->te_avtab);
*2d543d20SAndroid Build Coastguard Worker	if (rc)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = roles_init(p);
*2d543d20SAndroid Build Coastguard Worker	if (rc)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = cond_policydb_init(p);
*2d543d20SAndroid Build Coastguard Worker	if (rc)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
*2d543d20SAndroid Build Coastguard Worker	if (!p->filename_trans) {
*2d543d20SAndroid Build Coastguard Worker		rc = -ENOMEM;
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
*2d543d20SAndroid Build Coastguard Worker	if (!p->range_tr) {
*2d543d20SAndroid Build Coastguard Worker		rc = -ENOMEM;
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&p->policycaps);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&p->permissive_map);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Workererr:
*2d543d20SAndroid Build Coastguard Worker	hashtab_destroy(p->filename_trans);
*2d543d20SAndroid Build Coastguard Worker	hashtab_destroy(p->range_tr);
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < SYM_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		hashtab_destroy(p->symtab[i].table);
*2d543d20SAndroid Build Coastguard Worker		hashtab_destroy(p->scope[i].table);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	avrule_block_list_destroy(p->global);
*2d543d20SAndroid Build Coastguard Worker	return rc;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint policydb_role_cache(hashtab_key_t key
*2d543d20SAndroid Build Coastguard Worker			__attribute__ ((unused)), hashtab_datum_t datum,
*2d543d20SAndroid Build Coastguard Worker			void *arg)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	role_datum_t *role;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	role = (role_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) arg;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&role->cache);
*2d543d20SAndroid Build Coastguard Worker	if (type_set_expand(&role->types, &role->cache, p, 1)) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint policydb_user_cache(hashtab_key_t key
*2d543d20SAndroid Build Coastguard Worker			__attribute__ ((unused)), hashtab_datum_t datum,
*2d543d20SAndroid Build Coastguard Worker			void *arg)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	user_datum_t *user;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	user = (user_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) arg;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&user->cache);
*2d543d20SAndroid Build Coastguard Worker	if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* we do not expand user's MLS info in kernel policies because the
*2d543d20SAndroid Build Coastguard Worker	 * semantic representation is not present and we do not expand user's
*2d543d20SAndroid Build Coastguard Worker	 * MLS info in module policies because all of the necessary mls
*2d543d20SAndroid Build Coastguard Worker	 * information is not present */
*2d543d20SAndroid Build Coastguard Worker	if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
*2d543d20SAndroid Build Coastguard Worker		mls_range_destroy(&user->exp_range);
*2d543d20SAndroid Build Coastguard Worker		if (mls_semantic_range_expand(&user->range,
*2d543d20SAndroid Build Coastguard Worker					      &user->exp_range, p, NULL)) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		mls_level_destroy(&user->exp_dfltlevel);
*2d543d20SAndroid Build Coastguard Worker		if (mls_semantic_level_expand(&user->dfltlevel,
*2d543d20SAndroid Build Coastguard Worker					      &user->exp_dfltlevel, p, NULL)) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * The following *_index functions are used to
*2d543d20SAndroid Build Coastguard Worker * define the val_to_name and val_to_struct arrays
*2d543d20SAndroid Build Coastguard Worker * in a policy database structure.  The val_to_name
*2d543d20SAndroid Build Coastguard Worker * arrays are used when converting security context
*2d543d20SAndroid Build Coastguard Worker * structures into string representations.  The
*2d543d20SAndroid Build Coastguard Worker * val_to_struct arrays are used when the attributes
*2d543d20SAndroid Build Coastguard Worker * of a class, role, or user are needed.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	common_datum_t *comdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	comdatum = (common_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) datap;
*2d543d20SAndroid Build Coastguard Worker	if (!value_isvalid(comdatum->s.value, p->p_commons.nprim))
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL)
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	class_datum_t *cladatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	cladatum = (class_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) datap;
*2d543d20SAndroid Build Coastguard Worker	if (!value_isvalid(cladatum->s.value, p->p_classes.nprim))
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL)
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
*2d543d20SAndroid Build Coastguard Worker	p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	role_datum_t *role;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	role = (role_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) datap;
*2d543d20SAndroid Build Coastguard Worker	if (!value_isvalid(role->s.value, p->p_roles.nprim))
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	if (p->p_role_val_to_name[role->s.value - 1] != NULL)
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	p->p_role_val_to_name[role->s.value - 1] = (char *)key;
*2d543d20SAndroid Build Coastguard Worker	p->role_val_to_struct[role->s.value - 1] = role;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	type_datum_t *typdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	typdatum = (type_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) datap;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (typdatum->primary) {
*2d543d20SAndroid Build Coastguard Worker		if (!value_isvalid(typdatum->s.value, p->p_types.nprim))
*2d543d20SAndroid Build Coastguard Worker			return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL)
*2d543d20SAndroid Build Coastguard Worker			return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
*2d543d20SAndroid Build Coastguard Worker		p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	user_datum_t *usrdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	usrdatum = (user_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) datap;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!value_isvalid(usrdatum->s.value, p->p_users.nprim))
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL)
*2d543d20SAndroid Build Coastguard Worker		return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker	p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
*2d543d20SAndroid Build Coastguard Worker	p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	level_datum_t *levdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	levdatum = (level_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) datap;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!levdatum->isalias) {
*2d543d20SAndroid Build Coastguard Worker		if (!value_isvalid(levdatum->level->sens, p->p_levels.nprim))
*2d543d20SAndroid Build Coastguard Worker			return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL)
*2d543d20SAndroid Build Coastguard Worker			return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p;
*2d543d20SAndroid Build Coastguard Worker	cat_datum_t *catdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	catdatum = (cat_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	p = (policydb_t *) datap;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!catdatum->isalias) {
*2d543d20SAndroid Build Coastguard Worker		if (!value_isvalid(catdatum->s.value, p->p_cats.nprim))
*2d543d20SAndroid Build Coastguard Worker			return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL)
*2d543d20SAndroid Build Coastguard Worker			return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int (*const index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
*2d543d20SAndroid Build Coastguard Worker				void *datap) = {
*2d543d20SAndroid Build Coastguard Workercommon_index, class_index, role_index, type_index, user_index,
*2d543d20SAndroid Build Coastguard Worker	    cond_index_bool, sens_index, cat_index,};
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Define the common val_to_name array and the class
*2d543d20SAndroid Build Coastguard Worker * val_to_name and val_to_struct arrays in a policy
*2d543d20SAndroid Build Coastguard Worker * database structure.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint policydb_index_classes(policydb_t * p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	free(p->p_common_val_to_name);
*2d543d20SAndroid Build Coastguard Worker	p->p_common_val_to_name = (char **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_commons.nprim, sizeof(char *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->p_common_val_to_name)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_map(p->p_commons.table, common_index, p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(p->class_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	p->class_val_to_struct = (class_datum_t **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_classes.nprim, sizeof(class_datum_t *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->class_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(p->p_class_val_to_name);
*2d543d20SAndroid Build Coastguard Worker	p->p_class_val_to_name = (char **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_classes.nprim, sizeof(char *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->p_class_val_to_name)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_map(p->p_classes.table, class_index, p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint policydb_index_bools(policydb_t * p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (cond_init_bool_indexes(p) == -1)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	p->p_bool_val_to_name = (char **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_bools.nprim, sizeof(char *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->p_bool_val_to_name)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_map(p->p_bools.table, cond_index_bool, p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int policydb_index_decls(sepol_handle_t * handle, policydb_t * p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	avrule_block_t *curblock;
*2d543d20SAndroid Build Coastguard Worker	avrule_decl_t *decl;
*2d543d20SAndroid Build Coastguard Worker	unsigned int num_decls = 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(p->decl_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
*2d543d20SAndroid Build Coastguard Worker		for (decl = curblock->branch_list; decl != NULL;
*2d543d20SAndroid Build Coastguard Worker		     decl = decl->next) {
*2d543d20SAndroid Build Coastguard Worker			num_decls++;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	p->decl_val_to_struct =
*2d543d20SAndroid Build Coastguard Worker	    calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
*2d543d20SAndroid Build Coastguard Worker	if (!p->decl_val_to_struct) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
*2d543d20SAndroid Build Coastguard Worker		for (decl = curblock->branch_list; decl != NULL;
*2d543d20SAndroid Build Coastguard Worker		     decl = decl->next) {
*2d543d20SAndroid Build Coastguard Worker			if (!value_isvalid(decl->decl_id, num_decls)) {
*2d543d20SAndroid Build Coastguard Worker				ERR(handle, "invalid decl ID %u", decl->decl_id);
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) {
*2d543d20SAndroid Build Coastguard Worker				ERR(handle, "duplicated decl ID %u", decl->decl_id);
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			p->decl_val_to_struct[decl->decl_id - 1] = decl;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Define the other val_to_name and val_to_struct arrays
*2d543d20SAndroid Build Coastguard Worker * in a policy database structure.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint policydb_index_others(sepol_handle_t * handle,
*2d543d20SAndroid Build Coastguard Worker			  policydb_t * p, unsigned verbose)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int i;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (verbose) {
*2d543d20SAndroid Build Coastguard Worker		INFO(handle,
*2d543d20SAndroid Build Coastguard Worker		     "security:  %d users, %d roles, %d types, %d bools",
*2d543d20SAndroid Build Coastguard Worker		     p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
*2d543d20SAndroid Build Coastguard Worker		     p->p_bools.nprim);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (p->mls)
*2d543d20SAndroid Build Coastguard Worker			INFO(handle, "security: %d sens, %d cats",
*2d543d20SAndroid Build Coastguard Worker			     p->p_levels.nprim, p->p_cats.nprim);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		INFO(handle, "security:  %d classes, %d rules, %d cond rules",
*2d543d20SAndroid Build Coastguard Worker		     p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker#if 0
*2d543d20SAndroid Build Coastguard Worker	avtab_hash_eval(&p->te_avtab, "rules");
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < SYM_NUM; i++)
*2d543d20SAndroid Build Coastguard Worker		hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
*2d543d20SAndroid Build Coastguard Worker#endif
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(p->role_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	p->role_val_to_struct = (role_datum_t **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_roles.nprim, sizeof(role_datum_t *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->role_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(p->user_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	p->user_val_to_struct = (user_datum_t **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_users.nprim, sizeof(user_datum_t *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->user_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(p->type_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	p->type_val_to_struct = (type_datum_t **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_types.nprim, sizeof(type_datum_t *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->type_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (cond_init_bool_indexes(p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = SYM_ROLES; i < SYM_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		free(p->sym_val_to_name[i]);
*2d543d20SAndroid Build Coastguard Worker		p->sym_val_to_name[i] = NULL;
*2d543d20SAndroid Build Coastguard Worker		if (p->symtab[i].nprim) {
*2d543d20SAndroid Build Coastguard Worker			p->sym_val_to_name[i] = (char **)
*2d543d20SAndroid Build Coastguard Worker			    calloc(p->symtab[i].nprim, sizeof(char *));
*2d543d20SAndroid Build Coastguard Worker			if (!p->sym_val_to_name[i])
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			if (hashtab_map(p->symtab[i].table, index_f[i], p))
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* This pre-expands the roles and users for context validity checking */
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_map(p->p_users.table, policydb_user_cache, p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * The following *_destroy functions are used to
*2d543d20SAndroid Build Coastguard Worker * free any memory allocated for each kind of
*2d543d20SAndroid Build Coastguard Worker * symbol data in the policy database.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker			__attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (key)
*2d543d20SAndroid Build Coastguard Worker		free(key);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker			  __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	common_datum_t *comdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (key)
*2d543d20SAndroid Build Coastguard Worker		free(key);
*2d543d20SAndroid Build Coastguard Worker	comdatum = (common_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	(void)hashtab_map(comdatum->permissions.table, perm_destroy, 0);
*2d543d20SAndroid Build Coastguard Worker	hashtab_destroy(comdatum->permissions.table);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker			 __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	class_datum_t *cladatum;
*2d543d20SAndroid Build Coastguard Worker	constraint_node_t *constraint, *ctemp;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (key)
*2d543d20SAndroid Build Coastguard Worker		free(key);
*2d543d20SAndroid Build Coastguard Worker	cladatum = (class_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	if (cladatum == NULL) {
*2d543d20SAndroid Build Coastguard Worker		return 0;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	(void)hashtab_map(cladatum->permissions.table, perm_destroy, 0);
*2d543d20SAndroid Build Coastguard Worker	hashtab_destroy(cladatum->permissions.table);
*2d543d20SAndroid Build Coastguard Worker	constraint = cladatum->constraints;
*2d543d20SAndroid Build Coastguard Worker	while (constraint) {
*2d543d20SAndroid Build Coastguard Worker		constraint_expr_destroy(constraint->expr);
*2d543d20SAndroid Build Coastguard Worker		ctemp = constraint;
*2d543d20SAndroid Build Coastguard Worker		constraint = constraint->next;
*2d543d20SAndroid Build Coastguard Worker		free(ctemp);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	constraint = cladatum->validatetrans;
*2d543d20SAndroid Build Coastguard Worker	while (constraint) {
*2d543d20SAndroid Build Coastguard Worker		constraint_expr_destroy(constraint->expr);
*2d543d20SAndroid Build Coastguard Worker		ctemp = constraint;
*2d543d20SAndroid Build Coastguard Worker		constraint = constraint->next;
*2d543d20SAndroid Build Coastguard Worker		free(ctemp);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (cladatum->comkey)
*2d543d20SAndroid Build Coastguard Worker		free(cladatum->comkey);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker			__attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	free(key);
*2d543d20SAndroid Build Coastguard Worker	role_datum_destroy((role_datum_t *) datum);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker			__attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	free(key);
*2d543d20SAndroid Build Coastguard Worker	type_datum_destroy((type_datum_t *) datum);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker			__attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	free(key);
*2d543d20SAndroid Build Coastguard Worker	user_datum_destroy((user_datum_t *) datum);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker			__attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	level_datum_t *levdatum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (key)
*2d543d20SAndroid Build Coastguard Worker		free(key);
*2d543d20SAndroid Build Coastguard Worker	levdatum = (level_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	if (!levdatum->isalias || !levdatum->notdefined) {
*2d543d20SAndroid Build Coastguard Worker		mls_level_destroy(levdatum->level);
*2d543d20SAndroid Build Coastguard Worker		free(levdatum->level);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	level_datum_destroy(levdatum);
*2d543d20SAndroid Build Coastguard Worker	free(levdatum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker		       __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (key)
*2d543d20SAndroid Build Coastguard Worker		free(key);
*2d543d20SAndroid Build Coastguard Worker	cat_datum_destroy((cat_datum_t *) datum);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int (*const destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
*2d543d20SAndroid Build Coastguard Worker				  void *datap) = {
*2d543d20SAndroid Build Coastguard Workercommon_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
*2d543d20SAndroid Build Coastguard Worker	    cond_destroy_bool, sens_destroy, cat_destroy,};
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum,
*2d543d20SAndroid Build Coastguard Worker			      void *p __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	filename_trans_key_t *ft = (filename_trans_key_t *)key;
*2d543d20SAndroid Build Coastguard Worker	filename_trans_datum_t *fd = datum, *next;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	free(ft->name);
*2d543d20SAndroid Build Coastguard Worker	free(key);
*2d543d20SAndroid Build Coastguard Worker	do {
*2d543d20SAndroid Build Coastguard Worker		next = fd->next;
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&fd->stypes);
*2d543d20SAndroid Build Coastguard Worker		free(fd);
*2d543d20SAndroid Build Coastguard Worker		fd = next;
*2d543d20SAndroid Build Coastguard Worker	} while (fd);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum,
*2d543d20SAndroid Build Coastguard Worker			    void *p __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	struct mls_range *rt = (struct mls_range *)datum;
*2d543d20SAndroid Build Coastguard Worker	free(key);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&rt->level[0].cat);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&rt->level[1].cat);
*2d543d20SAndroid Build Coastguard Worker	free(datum);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic void ocontext_selinux_free(ocontext_t **ocontexts)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	ocontext_t *c, *ctmp;
*2d543d20SAndroid Build Coastguard Worker	int i;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < OCON_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		c = ocontexts[i];
*2d543d20SAndroid Build Coastguard Worker		while (c) {
*2d543d20SAndroid Build Coastguard Worker			ctmp = c;
*2d543d20SAndroid Build Coastguard Worker			c = c->next;
*2d543d20SAndroid Build Coastguard Worker			context_destroy(&ctmp->context[0]);
*2d543d20SAndroid Build Coastguard Worker			context_destroy(&ctmp->context[1]);
*2d543d20SAndroid Build Coastguard Worker			if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
*2d543d20SAndroid Build Coastguard Worker				|| i == OCON_FSUSE)
*2d543d20SAndroid Build Coastguard Worker				free(ctmp->u.name);
*2d543d20SAndroid Build Coastguard Worker			else if (i == OCON_IBENDPORT)
*2d543d20SAndroid Build Coastguard Worker				free(ctmp->u.ibendport.dev_name);
*2d543d20SAndroid Build Coastguard Worker			free(ctmp);
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic void ocontext_xen_free(ocontext_t **ocontexts)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	ocontext_t *c, *ctmp;
*2d543d20SAndroid Build Coastguard Worker	int i;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < OCON_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		c = ocontexts[i];
*2d543d20SAndroid Build Coastguard Worker		while (c) {
*2d543d20SAndroid Build Coastguard Worker			ctmp = c;
*2d543d20SAndroid Build Coastguard Worker			c = c->next;
*2d543d20SAndroid Build Coastguard Worker			context_destroy(&ctmp->context[0]);
*2d543d20SAndroid Build Coastguard Worker			context_destroy(&ctmp->context[1]);
*2d543d20SAndroid Build Coastguard Worker			if (i == OCON_ISID || i == OCON_XEN_DEVICETREE)
*2d543d20SAndroid Build Coastguard Worker				free(ctmp->u.name);
*2d543d20SAndroid Build Coastguard Worker			free(ctmp);
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Free any memory allocated by a policy database structure.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workervoid policydb_destroy(policydb_t * p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	ocontext_t *c, *ctmp;
*2d543d20SAndroid Build Coastguard Worker	genfs_t *g, *gtmp;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	role_allow_t *ra, *lra = NULL;
*2d543d20SAndroid Build Coastguard Worker	role_trans_t *tr, *ltr = NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!p)
*2d543d20SAndroid Build Coastguard Worker		return;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&p->policycaps);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&p->permissive_map);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	symtabs_destroy(p->symtab);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < SYM_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		if (p->sym_val_to_name[i])
*2d543d20SAndroid Build Coastguard Worker			free(p->sym_val_to_name[i]);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->class_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		free(p->class_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	if (p->role_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		free(p->role_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	if (p->user_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		free(p->user_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	if (p->type_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		free(p->type_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	free(p->decl_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < SYM_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		(void)hashtab_map(p->scope[i].table, scope_destroy, 0);
*2d543d20SAndroid Build Coastguard Worker		hashtab_destroy(p->scope[i].table);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	avrule_block_list_destroy(p->global);
*2d543d20SAndroid Build Coastguard Worker	free(p->name);
*2d543d20SAndroid Build Coastguard Worker	free(p->version);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	avtab_destroy(&p->te_avtab);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->target_platform == SEPOL_TARGET_SELINUX)
*2d543d20SAndroid Build Coastguard Worker		ocontext_selinux_free(p->ocontexts);
*2d543d20SAndroid Build Coastguard Worker	else if (p->target_platform == SEPOL_TARGET_XEN)
*2d543d20SAndroid Build Coastguard Worker		ocontext_xen_free(p->ocontexts);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	g = p->genfs;
*2d543d20SAndroid Build Coastguard Worker	while (g) {
*2d543d20SAndroid Build Coastguard Worker		free(g->fstype);
*2d543d20SAndroid Build Coastguard Worker		c = g->head;
*2d543d20SAndroid Build Coastguard Worker		while (c) {
*2d543d20SAndroid Build Coastguard Worker			ctmp = c;
*2d543d20SAndroid Build Coastguard Worker			c = c->next;
*2d543d20SAndroid Build Coastguard Worker			context_destroy(&ctmp->context[0]);
*2d543d20SAndroid Build Coastguard Worker			free(ctmp->u.name);
*2d543d20SAndroid Build Coastguard Worker			free(ctmp);
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		gtmp = g;
*2d543d20SAndroid Build Coastguard Worker		g = g->next;
*2d543d20SAndroid Build Coastguard Worker		free(gtmp);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	cond_policydb_destroy(p);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (tr = p->role_tr; tr; tr = tr->next) {
*2d543d20SAndroid Build Coastguard Worker		if (ltr)
*2d543d20SAndroid Build Coastguard Worker			free(ltr);
*2d543d20SAndroid Build Coastguard Worker		ltr = tr;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (ltr)
*2d543d20SAndroid Build Coastguard Worker		free(ltr);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (ra = p->role_allow; ra; ra = ra->next) {
*2d543d20SAndroid Build Coastguard Worker		if (lra)
*2d543d20SAndroid Build Coastguard Worker			free(lra);
*2d543d20SAndroid Build Coastguard Worker		lra = ra;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (lra)
*2d543d20SAndroid Build Coastguard Worker		free(lra);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	hashtab_map(p->filename_trans, filenametr_destroy, NULL);
*2d543d20SAndroid Build Coastguard Worker	hashtab_destroy(p->filename_trans);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	hashtab_map(p->range_tr, range_tr_destroy, NULL);
*2d543d20SAndroid Build Coastguard Worker	hashtab_destroy(p->range_tr);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->type_attr_map) {
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < p->p_types.nprim; i++) {
*2d543d20SAndroid Build Coastguard Worker			ebitmap_destroy(&p->type_attr_map[i]);
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		free(p->type_attr_map);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->attr_type_map) {
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < p->p_types.nprim; i++) {
*2d543d20SAndroid Build Coastguard Worker			ebitmap_destroy(&p->attr_type_map[i]);
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		free(p->attr_type_map);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid symtabs_destroy(symtab_t * symtab)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int i;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < SYM_NUM; i++) {
*2d543d20SAndroid Build Coastguard Worker		(void)hashtab_map(symtab[i].table, destroy_f[i], 0);
*2d543d20SAndroid Build Coastguard Worker		hashtab_destroy(symtab[i].table);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
*2d543d20SAndroid Build Coastguard Worker		  __attribute__ ((unused)))
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	scope_datum_t *cur = (scope_datum_t *) datum;
*2d543d20SAndroid Build Coastguard Worker	free(key);
*2d543d20SAndroid Build Coastguard Worker	if (cur != NULL) {
*2d543d20SAndroid Build Coastguard Worker		free(cur->decl_ids);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	free(cur);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Load the initial SIDs specified in a policy database
*2d543d20SAndroid Build Coastguard Worker * structure into a SID table.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint policydb_load_isids(policydb_t * p, sidtab_t * s)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	ocontext_t *head, *c;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (sepol_sidtab_init(s)) {
*2d543d20SAndroid Build Coastguard Worker		ERR(NULL, "out of memory on SID table init");
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	head = p->ocontexts[OCON_ISID];
*2d543d20SAndroid Build Coastguard Worker	for (c = head; c; c = c->next) {
*2d543d20SAndroid Build Coastguard Worker		if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
*2d543d20SAndroid Build Coastguard Worker			ERR(NULL, "unable to load initial SID %s", c->u.name);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* Declare a symbol for a certain avrule_block context.  Insert it
*2d543d20SAndroid Build Coastguard Worker * into a symbol table for a policy.  This function will handle
*2d543d20SAndroid Build Coastguard Worker * inserting the appropriate scope information in addition to
*2d543d20SAndroid Build Coastguard Worker * inserting the symbol into the hash table.
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker * arguments:
*2d543d20SAndroid Build Coastguard Worker *   policydb_t *pol       module policy to modify
*2d543d20SAndroid Build Coastguard Worker *   uint32_t sym          the symbole table for insertion (SYM_*)
*2d543d20SAndroid Build Coastguard Worker *   hashtab_key_t key     the key for the symbol - not cloned
*2d543d20SAndroid Build Coastguard Worker *   hashtab_datum_t data  the data for the symbol - not cloned
*2d543d20SAndroid Build Coastguard Worker *   scope                 scope of this symbol, either SCOPE_REQ or SCOPE_DECL
*2d543d20SAndroid Build Coastguard Worker *   avrule_decl_id        identifier for this symbol's encapsulating declaration
*2d543d20SAndroid Build Coastguard Worker *   value (out)           assigned value to the symbol (if value is not NULL)
*2d543d20SAndroid Build Coastguard Worker *
*2d543d20SAndroid Build Coastguard Worker * returns:
*2d543d20SAndroid Build Coastguard Worker *   0                     success
*2d543d20SAndroid Build Coastguard Worker *   1                     success, but symbol already existed as a requirement
*2d543d20SAndroid Build Coastguard Worker *                         (datum was not inserted and needs to be free()d)
*2d543d20SAndroid Build Coastguard Worker *   -1                    general error
*2d543d20SAndroid Build Coastguard Worker *   -2                    scope conflicted
*2d543d20SAndroid Build Coastguard Worker *   -ENOMEM               memory error
*2d543d20SAndroid Build Coastguard Worker *   error codes from hashtab_insert
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint symtab_insert(policydb_t * pol, uint32_t sym,
*2d543d20SAndroid Build Coastguard Worker		  hashtab_key_t key, hashtab_datum_t datum,
*2d543d20SAndroid Build Coastguard Worker		  uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int rc, retval = 0;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	scope_datum_t *scope_datum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* check if the symbol is already there.  multiple
*2d543d20SAndroid Build Coastguard Worker	 * declarations of non-roles/non-users are illegal, but
*2d543d20SAndroid Build Coastguard Worker	 * multiple requires are allowed. */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* FIX ME - the failures after the hashtab_insert will leave
*2d543d20SAndroid Build Coastguard Worker	 * the policy in a inconsistent state. */
*2d543d20SAndroid Build Coastguard Worker	rc = hashtab_insert(pol->symtab[sym].table, key, datum);
*2d543d20SAndroid Build Coastguard Worker	if (rc == SEPOL_OK) {
*2d543d20SAndroid Build Coastguard Worker		/* if no value is passed in the symbol is not primary
*2d543d20SAndroid Build Coastguard Worker		 * (i.e. aliases) */
*2d543d20SAndroid Build Coastguard Worker		if (value)
*2d543d20SAndroid Build Coastguard Worker			*value = ++pol->symtab[sym].nprim;
*2d543d20SAndroid Build Coastguard Worker	} else if (rc == SEPOL_EEXIST) {
*2d543d20SAndroid Build Coastguard Worker		retval = 1;	/* symbol not added -- need to free() later */
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		return rc;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* get existing scope information; if there is not one then
*2d543d20SAndroid Build Coastguard Worker	 * create it */
*2d543d20SAndroid Build Coastguard Worker	scope_datum =
*2d543d20SAndroid Build Coastguard Worker	    (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
*2d543d20SAndroid Build Coastguard Worker	if (scope_datum == NULL) {
*2d543d20SAndroid Build Coastguard Worker		hashtab_key_t key2 = strdup((char *)key);
*2d543d20SAndroid Build Coastguard Worker		if (!key2)
*2d543d20SAndroid Build Coastguard Worker			return -ENOMEM;
*2d543d20SAndroid Build Coastguard Worker		if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
*2d543d20SAndroid Build Coastguard Worker			free(key2);
*2d543d20SAndroid Build Coastguard Worker			return -ENOMEM;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		scope_datum->scope = scope;
*2d543d20SAndroid Build Coastguard Worker		scope_datum->decl_ids = NULL;
*2d543d20SAndroid Build Coastguard Worker		scope_datum->decl_ids_len = 0;
*2d543d20SAndroid Build Coastguard Worker		if ((rc =
*2d543d20SAndroid Build Coastguard Worker		     hashtab_insert(pol->scope[sym].table, key2,
*2d543d20SAndroid Build Coastguard Worker				    scope_datum)) != 0) {
*2d543d20SAndroid Build Coastguard Worker			free(key2);
*2d543d20SAndroid Build Coastguard Worker			free(scope_datum);
*2d543d20SAndroid Build Coastguard Worker			return rc;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
*2d543d20SAndroid Build Coastguard Worker		/* disallow multiple declarations for non-roles/users */
*2d543d20SAndroid Build Coastguard Worker		if (sym != SYM_ROLES && sym != SYM_USERS) {
*2d543d20SAndroid Build Coastguard Worker			return -2;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		/* Further confine that a role attribute can't have the same
*2d543d20SAndroid Build Coastguard Worker		 * name as another regular role, and a role attribute can't
*2d543d20SAndroid Build Coastguard Worker		 * be declared more than once. */
*2d543d20SAndroid Build Coastguard Worker		if (sym == SYM_ROLES) {
*2d543d20SAndroid Build Coastguard Worker			role_datum_t *base_role;
*2d543d20SAndroid Build Coastguard Worker			role_datum_t *cur_role = (role_datum_t *)datum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			base_role = (role_datum_t *)
*2d543d20SAndroid Build Coastguard Worker					hashtab_search(pol->symtab[sym].table,
*2d543d20SAndroid Build Coastguard Worker						       key);
*2d543d20SAndroid Build Coastguard Worker			assert(base_role != NULL);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			if (!((base_role->flavor == ROLE_ROLE) &&
*2d543d20SAndroid Build Coastguard Worker			    (cur_role->flavor == ROLE_ROLE))) {
*2d543d20SAndroid Build Coastguard Worker				/* Only regular roles are allowed to have
*2d543d20SAndroid Build Coastguard Worker				 * multiple declarations. */
*2d543d20SAndroid Build Coastguard Worker				return -2;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
*2d543d20SAndroid Build Coastguard Worker		scope_datum->scope = SCOPE_DECL;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* search through the pre-existing list to avoid adding duplicates */
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < scope_datum->decl_ids_len; i++) {
*2d543d20SAndroid Build Coastguard Worker		if (scope_datum->decl_ids[i] == avrule_decl_id) {
*2d543d20SAndroid Build Coastguard Worker			/* already there, so don't modify its scope */
*2d543d20SAndroid Build Coastguard Worker			return retval;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (add_i_to_a(avrule_decl_id,
*2d543d20SAndroid Build Coastguard Worker		       &scope_datum->decl_ids_len,
*2d543d20SAndroid Build Coastguard Worker		       &scope_datum->decl_ids) == -1) {
*2d543d20SAndroid Build Coastguard Worker		return -ENOMEM;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) {
*2d543d20SAndroid Build Coastguard Worker		/* Need to keep the decl at the end of the list */
*2d543d20SAndroid Build Coastguard Worker		uint32_t len, tmp;
*2d543d20SAndroid Build Coastguard Worker		len = scope_datum->decl_ids_len;
*2d543d20SAndroid Build Coastguard Worker		if (len < 2) {
*2d543d20SAndroid Build Coastguard Worker			/* This should be impossible here */
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		tmp = scope_datum->decl_ids[len-2];
*2d543d20SAndroid Build Coastguard Worker		scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1];
*2d543d20SAndroid Build Coastguard Worker		scope_datum->decl_ids[len-1] = tmp;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return retval;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int type_set_or(type_set_t * dst, const type_set_t * a, const type_set_t * b)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	type_set_init(dst);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_or(&dst->types, &a->types, &b->types)) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	dst->flags |= a->flags;
*2d543d20SAndroid Build Coastguard Worker	dst->flags |= b->flags;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint type_set_cpy(type_set_t * dst, const type_set_t * src)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	type_set_init(dst);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	dst->flags = src->flags;
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_cpy(&dst->types, &src->types))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_cpy(&dst->negset, &src->negset))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint type_set_or_eq(type_set_t * dst, const type_set_t * other)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int ret;
*2d543d20SAndroid Build Coastguard Worker	type_set_t tmp;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (type_set_or(&tmp, dst, other))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(dst);
*2d543d20SAndroid Build Coastguard Worker	ret = type_set_cpy(dst, &tmp);
*2d543d20SAndroid Build Coastguard Worker	type_set_destroy(&tmp);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return ret;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/***********************************************************************/
*2d543d20SAndroid Build Coastguard Worker/* everything below is for policy reads */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* The following are read functions for module structures */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_set_read(role_set_t * r, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1];
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_read(&r->roles, fp))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	r->flags = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int type_set_read(type_set_t * t, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1];
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_read(&t->types, fp))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_read(&t->negset, fp))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	t->flags = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Read a MLS range structure from a policydb binary
*2d543d20SAndroid Build Coastguard Worker * representation file.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2], items;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto out;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	items = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	if (items > ARRAY_SIZE(buf)) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "range overflow");
*2d543d20SAndroid Build Coastguard Worker		rc = -EINVAL;
*2d543d20SAndroid Build Coastguard Worker		goto out;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * items);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "truncated range");
*2d543d20SAndroid Build Coastguard Worker		goto out;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	r->level[0].sens = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	if (items > 1)
*2d543d20SAndroid Build Coastguard Worker		r->level[1].sens = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	else
*2d543d20SAndroid Build Coastguard Worker		r->level[1].sens = r->level[0].sens;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = ebitmap_read(&r->level[0].cat, fp);
*2d543d20SAndroid Build Coastguard Worker	if (rc) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "error reading low categories");
*2d543d20SAndroid Build Coastguard Worker		goto out;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (items > 1) {
*2d543d20SAndroid Build Coastguard Worker		rc = ebitmap_read(&r->level[1].cat, fp);
*2d543d20SAndroid Build Coastguard Worker		if (rc) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "error reading high categories");
*2d543d20SAndroid Build Coastguard Worker			goto bad_high;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
*2d543d20SAndroid Build Coastguard Worker		if (rc) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "out of memory");
*2d543d20SAndroid Build Coastguard Worker			goto bad_high;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = 0;
*2d543d20SAndroid Build Coastguard Worker      out:
*2d543d20SAndroid Build Coastguard Worker	return rc;
*2d543d20SAndroid Build Coastguard Worker      bad_high:
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&r->level[0].cat);
*2d543d20SAndroid Build Coastguard Worker	goto out;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Read a semantic MLS level structure from a policydb binary
*2d543d20SAndroid Build Coastguard Worker * representation file.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic int mls_read_semantic_level_helper(mls_semantic_level_t * l,
*2d543d20SAndroid Build Coastguard Worker					  struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2], ncat;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_cat_t *cat;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_level_init(l);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "truncated level");
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	l->sens = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ncat = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < ncat; i++) {
*2d543d20SAndroid Build Coastguard Worker		cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
*2d543d20SAndroid Build Coastguard Worker		if (!cat) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "out of memory");
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		mls_semantic_cat_init(cat);
*2d543d20SAndroid Build Coastguard Worker		cat->next = l->cat;
*2d543d20SAndroid Build Coastguard Worker		l->cat = cat;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "error reading level categories");
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		cat->low = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		cat->high = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Read a semantic MLS range structure from a policydb binary
*2d543d20SAndroid Build Coastguard Worker * representation file.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic int mls_read_semantic_range_helper(mls_semantic_range_t * r,
*2d543d20SAndroid Build Coastguard Worker					  struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = mls_read_semantic_level_helper(&r->level[0], fp);
*2d543d20SAndroid Build Coastguard Worker	if (rc)
*2d543d20SAndroid Build Coastguard Worker		return rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = mls_read_semantic_level_helper(&r->level[1], fp);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return rc;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	ebitmap_node_t *cnode;
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_cat_t *open_cat = NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	mls_semantic_level_init(sl);
*2d543d20SAndroid Build Coastguard Worker	sl->sens = l->sens;
*2d543d20SAndroid Build Coastguard Worker	ebitmap_for_each_bit(&l->cat, cnode, i) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_node_get_bit(cnode, i)) {
*2d543d20SAndroid Build Coastguard Worker			if (open_cat)
*2d543d20SAndroid Build Coastguard Worker				continue;
*2d543d20SAndroid Build Coastguard Worker			open_cat = (mls_semantic_cat_t *)
*2d543d20SAndroid Build Coastguard Worker			    malloc(sizeof(mls_semantic_cat_t));
*2d543d20SAndroid Build Coastguard Worker			if (!open_cat)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			mls_semantic_cat_init(open_cat);
*2d543d20SAndroid Build Coastguard Worker			open_cat->low = i + 1;
*2d543d20SAndroid Build Coastguard Worker			open_cat->next = sl->cat;
*2d543d20SAndroid Build Coastguard Worker			sl->cat = open_cat;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			if (!open_cat)
*2d543d20SAndroid Build Coastguard Worker				continue;
*2d543d20SAndroid Build Coastguard Worker			open_cat->high = i;
*2d543d20SAndroid Build Coastguard Worker			open_cat = NULL;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (open_cat)
*2d543d20SAndroid Build Coastguard Worker		open_cat->high = i;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Read and validate a security context structure
*2d543d20SAndroid Build Coastguard Worker * from a policydb binary representation file.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic int context_read_and_validate(context_struct_t * c,
*2d543d20SAndroid Build Coastguard Worker				     policydb_t * p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3];
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "context truncated");
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	c->user = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	c->role = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	c->type = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker	if ((p->policy_type == POLICY_KERN
*2d543d20SAndroid Build Coastguard Worker	     && p->policyvers >= POLICYDB_VERSION_MLS)
*2d543d20SAndroid Build Coastguard Worker	    || (p->policy_type == POLICY_BASE
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
*2d543d20SAndroid Build Coastguard Worker		if (mls_read_range_helper(&c->range, fp)) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "error reading MLS range "
*2d543d20SAndroid Build Coastguard Worker			    "of context");
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!policydb_context_isvalid(p, c)) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "invalid security context");
*2d543d20SAndroid Build Coastguard Worker		context_destroy(c);
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * The following *_read functions are used to
*2d543d20SAndroid Build Coastguard Worker * read the symbol data from a policy database
*2d543d20SAndroid Build Coastguard Worker * binary representation file.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int perm_read(policydb_t * p
*2d543d20SAndroid Build Coastguard Worker		     __attribute__ ((unused)), hashtab_t h,
*2d543d20SAndroid Build Coastguard Worker		     struct policy_file *fp, uint32_t nprim)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	perm_datum_t *perdatum;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2];
*2d543d20SAndroid Build Coastguard Worker	size_t len;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	perdatum = calloc(1, sizeof(perm_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!perdatum)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	if(str_read(&key, fp, len))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	perdatum->s.value = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	if (!value_isvalid(perdatum->s.value, nprim))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, perdatum))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	perm_destroy(key, perdatum, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	common_datum_t *comdatum;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[4];
*2d543d20SAndroid Build Coastguard Worker	size_t len, nel;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	comdatum = calloc(1, sizeof(common_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!comdatum)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	comdatum->s.value = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker	if (comdatum->permissions.nprim > PERM_SYMTAB_SIZE)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[3]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		if (perm_read(p, comdatum->permissions.table, fp, comdatum->permissions.nprim))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, comdatum))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	common_destroy(key, comdatum, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
*2d543d20SAndroid Build Coastguard Worker			    unsigned int ncons,
*2d543d20SAndroid Build Coastguard Worker			    int allowxtarget, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	constraint_node_t *c, *lc;
*2d543d20SAndroid Build Coastguard Worker	constraint_expr_t *e, *le;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3];
*2d543d20SAndroid Build Coastguard Worker	size_t nexpr;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i, j;
*2d543d20SAndroid Build Coastguard Worker	int rc, depth;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	lc = NULL;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < ncons; i++) {
*2d543d20SAndroid Build Coastguard Worker		c = calloc(1, sizeof(constraint_node_t));
*2d543d20SAndroid Build Coastguard Worker		if (!c)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (lc)
*2d543d20SAndroid Build Coastguard Worker			lc->next = c;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			*nodep = c;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		c->permissions = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		nexpr = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		le = NULL;
*2d543d20SAndroid Build Coastguard Worker		depth = -1;
*2d543d20SAndroid Build Coastguard Worker		for (j = 0; j < nexpr; j++) {
*2d543d20SAndroid Build Coastguard Worker			e = malloc(sizeof(constraint_expr_t));
*2d543d20SAndroid Build Coastguard Worker			if (!e)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			if (constraint_expr_init(e) == -1) {
*2d543d20SAndroid Build Coastguard Worker				free(e);
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			if (le) {
*2d543d20SAndroid Build Coastguard Worker				le->next = e;
*2d543d20SAndroid Build Coastguard Worker			} else {
*2d543d20SAndroid Build Coastguard Worker				c->expr = e;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			e->expr_type = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker			e->attr = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker			e->op = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			switch (e->expr_type) {
*2d543d20SAndroid Build Coastguard Worker			case CEXPR_NOT:
*2d543d20SAndroid Build Coastguard Worker				if (depth < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case CEXPR_AND:
*2d543d20SAndroid Build Coastguard Worker			case CEXPR_OR:
*2d543d20SAndroid Build Coastguard Worker				if (depth < 1)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				depth--;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case CEXPR_ATTR:
*2d543d20SAndroid Build Coastguard Worker				if (depth == (CEXPR_MAXDEPTH - 1))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				depth++;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case CEXPR_NAMES:
*2d543d20SAndroid Build Coastguard Worker				if (!allowxtarget && (e->attr & CEXPR_XTARGET))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				if (depth == (CEXPR_MAXDEPTH - 1))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				depth++;
*2d543d20SAndroid Build Coastguard Worker				if (ebitmap_read(&e->names, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				if (p->policy_type != POLICY_KERN &&
*2d543d20SAndroid Build Coastguard Worker				    type_set_read(e->type_names, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				else if (p->policy_type == POLICY_KERN &&
*2d543d20SAndroid Build Coastguard Worker					 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
*2d543d20SAndroid Build Coastguard Worker					 type_set_read(e->type_names, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			default:
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			le = e;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		if (depth != 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		lc = c;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	class_datum_t *cladatum;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[6];
*2d543d20SAndroid Build Coastguard Worker	size_t len, len2, ncons, nel;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!cladatum)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len2 = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	cladatum->s.value = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker	if (cladatum->s.value > UINT16_MAX)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
*2d543d20SAndroid Build Coastguard Worker	if (cladatum->permissions.nprim > PERM_SYMTAB_SIZE)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[4]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ncons = le32_to_cpu(buf[5]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (len2) {
*2d543d20SAndroid Build Coastguard Worker		rc = str_read(&cladatum->comkey, fp, len2);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		cladatum->comdatum = hashtab_search(p->p_commons.table,
*2d543d20SAndroid Build Coastguard Worker						    cladatum->comkey);
*2d543d20SAndroid Build Coastguard Worker		if (!cladatum->comdatum) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "unknown common %s", cladatum->comkey);
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		if (perm_read(p, cladatum->permissions.table, fp, cladatum->permissions.nprim))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if ((p->policy_type == POLICY_KERN
*2d543d20SAndroid Build Coastguard Worker	     && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
*2d543d20SAndroid Build Coastguard Worker	    || (p->policy_type == POLICY_BASE
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
*2d543d20SAndroid Build Coastguard Worker		/* grab the validatetrans rules */
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		ncons = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if ((p->policy_type == POLICY_KERN &&
*2d543d20SAndroid Build Coastguard Worker	     p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
*2d543d20SAndroid Build Coastguard Worker	    (p->policy_type == POLICY_BASE &&
*2d543d20SAndroid Build Coastguard Worker	     p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		cladatum->default_user = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		cladatum->default_role = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		cladatum->default_range = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if ((p->policy_type == POLICY_KERN &&
*2d543d20SAndroid Build Coastguard Worker	     p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) ||
*2d543d20SAndroid Build Coastguard Worker	    (p->policy_type == POLICY_BASE &&
*2d543d20SAndroid Build Coastguard Worker	     p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		cladatum->default_type = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, cladatum))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	class_destroy(key, cladatum, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	role_datum_t *role;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3];
*2d543d20SAndroid Build Coastguard Worker	size_t len;
*2d543d20SAndroid Build Coastguard Worker	int rc, to_read = 2;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	role = calloc(1, sizeof(role_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!role)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policydb_has_boundary_feature(p))
*2d543d20SAndroid Build Coastguard Worker		to_read = 3;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	role->s.value = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	if (policydb_has_boundary_feature(p))
*2d543d20SAndroid Build Coastguard Worker		role->bounds = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_read(&role->dominates, fp))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(&role->types.types, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		if (type_set_read(&role->types, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policy_type != POLICY_KERN &&
*2d543d20SAndroid Build Coastguard Worker	    p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		role->flavor = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(&role->roles, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (strcmp(key, OBJECT_R) == 0) {
*2d543d20SAndroid Build Coastguard Worker		if (role->s.value != OBJECT_R_VAL) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "role %s has wrong value %d",
*2d543d20SAndroid Build Coastguard Worker			    OBJECT_R, role->s.value);
*2d543d20SAndroid Build Coastguard Worker			role_destroy(key, role, NULL);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		role_destroy(key, role, NULL);
*2d543d20SAndroid Build Coastguard Worker		return 0;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, role))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	role_destroy(key, role, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	type_datum_t *typdatum;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[5];
*2d543d20SAndroid Build Coastguard Worker	size_t len;
*2d543d20SAndroid Build Coastguard Worker	int rc, to_read;
*2d543d20SAndroid Build Coastguard Worker	int pos = 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	typdatum = calloc(1, sizeof(type_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!typdatum)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policydb_has_boundary_feature(p)) {
*2d543d20SAndroid Build Coastguard Worker		if (p->policy_type != POLICY_KERN
*2d543d20SAndroid Build Coastguard Worker		    && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
*2d543d20SAndroid Build Coastguard Worker			to_read = 5;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			to_read = 4;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	else if (p->policy_type == POLICY_KERN)
*2d543d20SAndroid Build Coastguard Worker		to_read = 3;
*2d543d20SAndroid Build Coastguard Worker	else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
*2d543d20SAndroid Build Coastguard Worker		to_read = 5;
*2d543d20SAndroid Build Coastguard Worker	else
*2d543d20SAndroid Build Coastguard Worker		to_read = 4;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[pos]);
*2d543d20SAndroid Build Coastguard Worker	typdatum->s.value = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker	if (policydb_has_boundary_feature(p)) {
*2d543d20SAndroid Build Coastguard Worker		uint32_t properties;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (p->policy_type != POLICY_KERN
*2d543d20SAndroid Build Coastguard Worker		    && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
*2d543d20SAndroid Build Coastguard Worker			typdatum->primary = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker			properties = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		else {
*2d543d20SAndroid Build Coastguard Worker			properties = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			if (properties & TYPEDATUM_PROPERTY_PRIMARY)
*2d543d20SAndroid Build Coastguard Worker				typdatum->primary = 1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
*2d543d20SAndroid Build Coastguard Worker			typdatum->flavor = TYPE_ATTRIB;
*2d543d20SAndroid Build Coastguard Worker		if (properties & TYPEDATUM_PROPERTY_ALIAS
*2d543d20SAndroid Build Coastguard Worker		    && p->policy_type != POLICY_KERN)
*2d543d20SAndroid Build Coastguard Worker			typdatum->flavor = TYPE_ALIAS;
*2d543d20SAndroid Build Coastguard Worker		if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
*2d543d20SAndroid Build Coastguard Worker		    && p->policy_type != POLICY_KERN)
*2d543d20SAndroid Build Coastguard Worker			typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		typdatum->bounds = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		typdatum->primary = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker		if (p->policy_type != POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker			typdatum->flavor = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker			if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
*2d543d20SAndroid Build Coastguard Worker				typdatum->flags = le32_to_cpu(buf[++pos]);
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policy_type != POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(&typdatum->types, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, typdatum))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	type_destroy(key, typdatum, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_trans_read(policydb_t *p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	role_trans_t **t = &p->role_tr;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3], nel;
*2d543d20SAndroid Build Coastguard Worker	role_trans_t *tr, *ltr;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker	int new_roletr = (p->policy_type == POLICY_KERN &&
*2d543d20SAndroid Build Coastguard Worker			  p->policyvers >= POLICYDB_VERSION_ROLETRANS);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	ltr = NULL;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		tr = calloc(1, sizeof(struct role_trans));
*2d543d20SAndroid Build Coastguard Worker		if (!tr) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		if (ltr) {
*2d543d20SAndroid Build Coastguard Worker			ltr->next = tr;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			*t = tr;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		tr->role = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		tr->type = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		tr->new_role = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker		if (new_roletr) {
*2d543d20SAndroid Build Coastguard Worker			rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			tr->tclass = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		} else
*2d543d20SAndroid Build Coastguard Worker			tr->tclass = p->process_class;
*2d543d20SAndroid Build Coastguard Worker		ltr = tr;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_allow_read(role_allow_t ** r, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2], nel;
*2d543d20SAndroid Build Coastguard Worker	role_allow_t *ra, *lra;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	lra = NULL;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		ra = calloc(1, sizeof(struct role_allow));
*2d543d20SAndroid Build Coastguard Worker		if (!ra) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		if (lra) {
*2d543d20SAndroid Build Coastguard Worker			lra->next = ra;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			*r = ra;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		ra->role = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		ra->new_role = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		lra = ra;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint policydb_filetrans_insert(policydb_t *p, uint32_t stype, uint32_t ttype,
*2d543d20SAndroid Build Coastguard Worker			      uint32_t tclass, const char *name,
*2d543d20SAndroid Build Coastguard Worker			      char **name_alloc, uint32_t otype,
*2d543d20SAndroid Build Coastguard Worker			      uint32_t *present_otype)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	filename_trans_key_t *ft, key;
*2d543d20SAndroid Build Coastguard Worker	filename_trans_datum_t *datum, *last;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	key.ttype = ttype;
*2d543d20SAndroid Build Coastguard Worker	key.tclass = tclass;
*2d543d20SAndroid Build Coastguard Worker	key.name = (char *)name;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	last = NULL;
*2d543d20SAndroid Build Coastguard Worker	datum = hashtab_search(p->filename_trans, (hashtab_key_t)&key);
*2d543d20SAndroid Build Coastguard Worker	while (datum) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_get_bit(&datum->stypes, stype - 1)) {
*2d543d20SAndroid Build Coastguard Worker			if (present_otype)
*2d543d20SAndroid Build Coastguard Worker				*present_otype = datum->otype;
*2d543d20SAndroid Build Coastguard Worker			return SEPOL_EEXIST;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		if (datum->otype == otype)
*2d543d20SAndroid Build Coastguard Worker			break;
*2d543d20SAndroid Build Coastguard Worker		last = datum;
*2d543d20SAndroid Build Coastguard Worker		datum = datum->next;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (!datum) {
*2d543d20SAndroid Build Coastguard Worker		datum = malloc(sizeof(*datum));
*2d543d20SAndroid Build Coastguard Worker		if (!datum)
*2d543d20SAndroid Build Coastguard Worker			return SEPOL_ENOMEM;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		ebitmap_init(&datum->stypes);
*2d543d20SAndroid Build Coastguard Worker		datum->otype = otype;
*2d543d20SAndroid Build Coastguard Worker		datum->next = NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (last) {
*2d543d20SAndroid Build Coastguard Worker			last->next = datum;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			char *name_dup;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			if (name_alloc) {
*2d543d20SAndroid Build Coastguard Worker				name_dup = *name_alloc;
*2d543d20SAndroid Build Coastguard Worker				*name_alloc = NULL;
*2d543d20SAndroid Build Coastguard Worker			} else {
*2d543d20SAndroid Build Coastguard Worker				name_dup = strdup(name);
*2d543d20SAndroid Build Coastguard Worker				if (!name_dup) {
*2d543d20SAndroid Build Coastguard Worker					free(datum);
*2d543d20SAndroid Build Coastguard Worker					return SEPOL_ENOMEM;
*2d543d20SAndroid Build Coastguard Worker				}
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			ft = malloc(sizeof(*ft));
*2d543d20SAndroid Build Coastguard Worker			if (!ft) {
*2d543d20SAndroid Build Coastguard Worker				free(name_dup);
*2d543d20SAndroid Build Coastguard Worker				free(datum);
*2d543d20SAndroid Build Coastguard Worker				return SEPOL_ENOMEM;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			ft->ttype = ttype;
*2d543d20SAndroid Build Coastguard Worker			ft->tclass = tclass;
*2d543d20SAndroid Build Coastguard Worker			ft->name = name_dup;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			if (hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
*2d543d20SAndroid Build Coastguard Worker					   (hashtab_datum_t)datum)) {
*2d543d20SAndroid Build Coastguard Worker				free(name_dup);
*2d543d20SAndroid Build Coastguard Worker				free(datum);
*2d543d20SAndroid Build Coastguard Worker				free(ft);
*2d543d20SAndroid Build Coastguard Worker				return SEPOL_ENOMEM;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	p->filename_trans_count++;
*2d543d20SAndroid Build Coastguard Worker	return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[4], len, stype, ttype, tclass, otype;
*2d543d20SAndroid Build Coastguard Worker	char *name = NULL;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&name, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	stype = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	if (stype == 0)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ttype  = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	tclass = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker	otype  = le32_to_cpu(buf[3]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = policydb_filetrans_insert(p, stype, ttype, tclass, name, &name,
*2d543d20SAndroid Build Coastguard Worker				       otype, NULL);
*2d543d20SAndroid Build Coastguard Worker	if (rc) {
*2d543d20SAndroid Build Coastguard Worker		if (rc != SEPOL_EEXIST)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		/*
*2d543d20SAndroid Build Coastguard Worker		 * Some old policies were wrongly generated with
*2d543d20SAndroid Build Coastguard Worker		 * duplicate filename transition rules.  For backward
*2d543d20SAndroid Build Coastguard Worker		 * compatibility, do not reject such policies, just
*2d543d20SAndroid Build Coastguard Worker		 * ignore the duplicate.
*2d543d20SAndroid Build Coastguard Worker		 */
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	free(name);
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Workererr:
*2d543d20SAndroid Build Coastguard Worker	free(name);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int filename_trans_check_datum(filename_trans_datum_t *datum)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	ebitmap_t stypes, otypes;
*2d543d20SAndroid Build Coastguard Worker	int rc = -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&stypes);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_init(&otypes);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	while (datum) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_get_bit(&otypes, datum->otype))
*2d543d20SAndroid Build Coastguard Worker			goto out;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_set_bit(&otypes, datum->otype, 1))
*2d543d20SAndroid Build Coastguard Worker			goto out;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_match_any(&stypes, &datum->stypes))
*2d543d20SAndroid Build Coastguard Worker			goto out;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_union(&stypes, &datum->stypes))
*2d543d20SAndroid Build Coastguard Worker			goto out;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		datum = datum->next;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	rc = 0;
*2d543d20SAndroid Build Coastguard Workerout:
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&stypes);
*2d543d20SAndroid Build Coastguard Worker	ebitmap_destroy(&otypes);
*2d543d20SAndroid Build Coastguard Worker	return rc;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int filename_trans_read_one(policydb_t *p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	filename_trans_key_t *ft = NULL;
*2d543d20SAndroid Build Coastguard Worker	filename_trans_datum_t **dst, *datum, *first = NULL;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3], len, ttype, tclass, ndatum;
*2d543d20SAndroid Build Coastguard Worker	char *name = NULL;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&name, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ttype = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	tclass = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	ndatum = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker	if (ndatum == 0)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	dst = &first;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < ndatum; i++) {
*2d543d20SAndroid Build Coastguard Worker		datum = malloc(sizeof(*datum));
*2d543d20SAndroid Build Coastguard Worker		if (!datum)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		datum->next = NULL;
*2d543d20SAndroid Build Coastguard Worker		*dst = datum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		/* ebitmap_read() will at least init the bitmap */
*2d543d20SAndroid Build Coastguard Worker		rc = ebitmap_read(&datum->stypes, fp);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		datum->otype = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		p->filename_trans_count += ebitmap_cardinality(&datum->stypes);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		dst = &datum->next;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (ndatum > 1 && filename_trans_check_datum(first))
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ft = malloc(sizeof(*ft));
*2d543d20SAndroid Build Coastguard Worker	if (!ft)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	ft->ttype = ttype;
*2d543d20SAndroid Build Coastguard Worker	ft->tclass = tclass;
*2d543d20SAndroid Build Coastguard Worker	ft->name = name;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
*2d543d20SAndroid Build Coastguard Worker			    (hashtab_datum_t)first);
*2d543d20SAndroid Build Coastguard Worker	if (rc)
*2d543d20SAndroid Build Coastguard Worker		goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Workererr:
*2d543d20SAndroid Build Coastguard Worker	free(ft);
*2d543d20SAndroid Build Coastguard Worker	free(name);
*2d543d20SAndroid Build Coastguard Worker	while (first) {
*2d543d20SAndroid Build Coastguard Worker		datum = first;
*2d543d20SAndroid Build Coastguard Worker		first = first->next;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		ebitmap_destroy(&datum->stypes);
*2d543d20SAndroid Build Coastguard Worker		free(datum);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int filename_trans_read(policydb_t *p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1], nel;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker			rc = filename_trans_read_one_compat(p, fp);
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker			rc = filename_trans_read_one(p, fp);
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int ocontext_read_xen(const struct policydb_compat_info *info,
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i, j;
*2d543d20SAndroid Build Coastguard Worker	size_t nel, len;
*2d543d20SAndroid Build Coastguard Worker	ocontext_t *l, *c;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[8];
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < info->ocon_num; i++) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		l = NULL;
*2d543d20SAndroid Build Coastguard Worker		for (j = 0; j < nel; j++) {
*2d543d20SAndroid Build Coastguard Worker			c = calloc(1, sizeof(ocontext_t));
*2d543d20SAndroid Build Coastguard Worker			if (!c)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			if (l)
*2d543d20SAndroid Build Coastguard Worker				l->next = c;
*2d543d20SAndroid Build Coastguard Worker			else
*2d543d20SAndroid Build Coastguard Worker				p->ocontexts[i] = c;
*2d543d20SAndroid Build Coastguard Worker			l = c;
*2d543d20SAndroid Build Coastguard Worker			switch (i) {
*2d543d20SAndroid Build Coastguard Worker			case OCON_XEN_ISID:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->sid[0] = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				if (is_saturated(c->sid[0]))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_XEN_PIRQ:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->u.pirq = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_XEN_IOPORT:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_XEN_IOMEM:
*2d543d20SAndroid Build Coastguard Worker				if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) {
*2d543d20SAndroid Build Coastguard Worker					uint64_t b64[2];
*2d543d20SAndroid Build Coastguard Worker					rc = next_entry(b64, fp, sizeof(uint64_t) * 2);
*2d543d20SAndroid Build Coastguard Worker					if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker						return -1;
*2d543d20SAndroid Build Coastguard Worker					c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
*2d543d20SAndroid Build Coastguard Worker					c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
*2d543d20SAndroid Build Coastguard Worker				} else {
*2d543d20SAndroid Build Coastguard Worker					rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker					if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker						return -1;
*2d543d20SAndroid Build Coastguard Worker					c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker					c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker				}
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_XEN_PCIDEVICE:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->u.device = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_XEN_DEVICETREE:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				rc = str_read(&c->u.name, fp, len);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			default:
*2d543d20SAndroid Build Coastguard Worker				/* should never get here */
*2d543d20SAndroid Build Coastguard Worker				ERR(fp->handle, "Unknown Xen ocontext");
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Workerstatic int ocontext_read_selinux(const struct policydb_compat_info *info,
*2d543d20SAndroid Build Coastguard Worker			 policydb_t * p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i, j;
*2d543d20SAndroid Build Coastguard Worker	size_t nel, len;
*2d543d20SAndroid Build Coastguard Worker	ocontext_t *l, *c;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[8];
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < info->ocon_num; i++) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		l = NULL;
*2d543d20SAndroid Build Coastguard Worker		for (j = 0; j < nel; j++) {
*2d543d20SAndroid Build Coastguard Worker			c = calloc(1, sizeof(ocontext_t));
*2d543d20SAndroid Build Coastguard Worker			if (!c) {
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			if (l) {
*2d543d20SAndroid Build Coastguard Worker				l->next = c;
*2d543d20SAndroid Build Coastguard Worker			} else {
*2d543d20SAndroid Build Coastguard Worker				p->ocontexts[i] = c;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			l = c;
*2d543d20SAndroid Build Coastguard Worker			switch (i) {
*2d543d20SAndroid Build Coastguard Worker			case OCON_ISID:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->sid[0] = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				if (is_saturated(c->sid[0]))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_FS:
*2d543d20SAndroid Build Coastguard Worker			case OCON_NETIF:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				if (len > 63)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				rc = str_read(&c->u.name, fp, len);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[1], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_IBPKEY: {
*2d543d20SAndroid Build Coastguard Worker				uint32_t pkey_lo, pkey_hi;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				pkey_lo = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker				pkey_hi = le32_to_cpu(buf[3]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				c->u.ibpkey.low_pkey  = pkey_lo;
*2d543d20SAndroid Build Coastguard Worker				c->u.ibpkey.high_pkey = pkey_hi;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				/* we want c->u.ibpkey.subnet_prefix in network
*2d543d20SAndroid Build Coastguard Worker				 * (big-endian) order, just memcpy it */
*2d543d20SAndroid Build Coastguard Worker				memcpy(&c->u.ibpkey.subnet_prefix, buf,
*2d543d20SAndroid Build Coastguard Worker				       sizeof(c->u.ibpkey.subnet_prefix));
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			case OCON_IBENDPORT: {
*2d543d20SAndroid Build Coastguard Worker				uint32_t port;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				port = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker				if (port > UINT8_MAX || port == 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				rc = str_read(&c->u.ibendport.dev_name, fp, len);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				c->u.ibendport.port = port;
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			case OCON_PORT:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->u.port.protocol = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				c->u.port.low_port = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker				c->u.port.high_port = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_NODE:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->u.node.addr = buf[0]; /* network order */
*2d543d20SAndroid Build Coastguard Worker				c->u.node.mask = buf[1]; /* network order */
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_FSUSE:
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				c->v.behavior = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker				len = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				rc = str_read(&c->u.name, fp, len);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			case OCON_NODE6:{
*2d543d20SAndroid Build Coastguard Worker				int k;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker				rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
*2d543d20SAndroid Build Coastguard Worker				if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				for (k = 0; k < 4; k++)
*2d543d20SAndroid Build Coastguard Worker					 /* network order */
*2d543d20SAndroid Build Coastguard Worker					c->u.node6.addr[k] = buf[k];
*2d543d20SAndroid Build Coastguard Worker				for (k = 0; k < 4; k++)
*2d543d20SAndroid Build Coastguard Worker					/* network order */
*2d543d20SAndroid Build Coastguard Worker					c->u.node6.mask[k] = buf[k + 4];
*2d543d20SAndroid Build Coastguard Worker				if (context_read_and_validate
*2d543d20SAndroid Build Coastguard Worker				    (&c->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker				}
*2d543d20SAndroid Build Coastguard Worker			default:{
*2d543d20SAndroid Build Coastguard Worker				ERR(fp->handle, "Unknown SELinux ocontext");
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker				}
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int ocontext_read(const struct policydb_compat_info *info,
*2d543d20SAndroid Build Coastguard Worker	policydb_t *p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int rc = -1;
*2d543d20SAndroid Build Coastguard Worker	switch (p->target_platform) {
*2d543d20SAndroid Build Coastguard Worker	case SEPOL_TARGET_SELINUX:
*2d543d20SAndroid Build Coastguard Worker		rc = ocontext_read_selinux(info, p, fp);
*2d543d20SAndroid Build Coastguard Worker		break;
*2d543d20SAndroid Build Coastguard Worker	case SEPOL_TARGET_XEN:
*2d543d20SAndroid Build Coastguard Worker		rc = ocontext_read_xen(info, p, fp);
*2d543d20SAndroid Build Coastguard Worker		break;
*2d543d20SAndroid Build Coastguard Worker	default:
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "Unknown target");
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return rc;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int genfs_read(policydb_t * p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1];
*2d543d20SAndroid Build Coastguard Worker	size_t nel, nel2, len, len2;
*2d543d20SAndroid Build Coastguard Worker	genfs_t *genfs_p, *newgenfs, *genfs;
*2d543d20SAndroid Build Coastguard Worker	size_t i, j;
*2d543d20SAndroid Build Coastguard Worker	ocontext_t *l, *c, *newc = NULL;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	genfs_p = NULL;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		newgenfs = calloc(1, sizeof(genfs_t));
*2d543d20SAndroid Build Coastguard Worker		if (!newgenfs)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = str_read(&newgenfs->fstype, fp, len);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker			free(newgenfs->fstype);
*2d543d20SAndroid Build Coastguard Worker			free(newgenfs);
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		for (genfs_p = NULL, genfs = p->genfs; genfs;
*2d543d20SAndroid Build Coastguard Worker		     genfs_p = genfs, genfs = genfs->next) {
*2d543d20SAndroid Build Coastguard Worker			if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
*2d543d20SAndroid Build Coastguard Worker				ERR(fp->handle, "dup genfs fstype %s",
*2d543d20SAndroid Build Coastguard Worker				    newgenfs->fstype);
*2d543d20SAndroid Build Coastguard Worker				free(newgenfs->fstype);
*2d543d20SAndroid Build Coastguard Worker				free(newgenfs);
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		newgenfs->next = genfs;
*2d543d20SAndroid Build Coastguard Worker		if (genfs_p)
*2d543d20SAndroid Build Coastguard Worker			genfs_p->next = newgenfs;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			p->genfs = newgenfs;
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		nel2 = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		for (j = 0; j < nel2; j++) {
*2d543d20SAndroid Build Coastguard Worker			newc = calloc(1, sizeof(ocontext_t));
*2d543d20SAndroid Build Coastguard Worker			if (!newc) {
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker			rc = str_read(&newc->u.name, fp, len);
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker			rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			newc->v.sclass = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker			if (context_read_and_validate(&newc->context[0], p, fp))
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			for (l = NULL, c = newgenfs->head; c;
*2d543d20SAndroid Build Coastguard Worker			     l = c, c = c->next) {
*2d543d20SAndroid Build Coastguard Worker				if (!strcmp(newc->u.name, c->u.name) &&
*2d543d20SAndroid Build Coastguard Worker				    (!c->v.sclass || !newc->v.sclass ||
*2d543d20SAndroid Build Coastguard Worker				     newc->v.sclass == c->v.sclass)) {
*2d543d20SAndroid Build Coastguard Worker					ERR(fp->handle, "dup genfs entry "
*2d543d20SAndroid Build Coastguard Worker					    "(%s,%s)", newgenfs->fstype,
*2d543d20SAndroid Build Coastguard Worker					    c->u.name);
*2d543d20SAndroid Build Coastguard Worker					goto bad;
*2d543d20SAndroid Build Coastguard Worker				}
*2d543d20SAndroid Build Coastguard Worker				len = strlen(newc->u.name);
*2d543d20SAndroid Build Coastguard Worker				len2 = strlen(c->u.name);
*2d543d20SAndroid Build Coastguard Worker				if (len > len2)
*2d543d20SAndroid Build Coastguard Worker					break;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			newc->next = c;
*2d543d20SAndroid Build Coastguard Worker			if (l)
*2d543d20SAndroid Build Coastguard Worker				l->next = newc;
*2d543d20SAndroid Build Coastguard Worker			else
*2d543d20SAndroid Build Coastguard Worker				newgenfs->head = newc;
*2d543d20SAndroid Build Coastguard Worker			/* clear newc after a new owner has the pointer */
*2d543d20SAndroid Build Coastguard Worker			newc = NULL;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	if (newc) {
*2d543d20SAndroid Build Coastguard Worker		context_destroy(&newc->context[0]);
*2d543d20SAndroid Build Coastguard Worker		context_destroy(&newc->context[1]);
*2d543d20SAndroid Build Coastguard Worker		free(newc->u.name);
*2d543d20SAndroid Build Coastguard Worker		free(newc);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Read a MLS level structure from a policydb binary
*2d543d20SAndroid Build Coastguard Worker * representation file.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic int mls_read_level(mls_level_t * lp, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1];
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	mls_level_init(lp);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "truncated level");
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	lp->sens = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (ebitmap_read(&lp->cat, fp)) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "error reading level categories");
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	return -EINVAL;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	user_datum_t *usrdatum;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3];
*2d543d20SAndroid Build Coastguard Worker	size_t len;
*2d543d20SAndroid Build Coastguard Worker	int rc, to_read = 2;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	usrdatum = calloc(1, sizeof(user_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!usrdatum)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policydb_has_boundary_feature(p))
*2d543d20SAndroid Build Coastguard Worker		to_read = 3;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	usrdatum->s.value = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	if (policydb_has_boundary_feature(p))
*2d543d20SAndroid Build Coastguard Worker		usrdatum->bounds = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(&usrdatum->roles.roles, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		if (role_set_read(&usrdatum->roles, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* users were not allowed in mls modules before version
*2d543d20SAndroid Build Coastguard Worker	 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
*2d543d20SAndroid Build Coastguard Worker	 * required - the mls fields will be empty.  user declarations in
*2d543d20SAndroid Build Coastguard Worker	 * non-mls modules will also have empty mls fields */
*2d543d20SAndroid Build Coastguard Worker	if ((p->policy_type == POLICY_KERN
*2d543d20SAndroid Build Coastguard Worker	     && p->policyvers >= POLICYDB_VERSION_MLS)
*2d543d20SAndroid Build Coastguard Worker	    || (p->policy_type == POLICY_MOD
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
*2d543d20SAndroid Build Coastguard Worker	    || (p->policy_type == POLICY_BASE
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
*2d543d20SAndroid Build Coastguard Worker		if (mls_read_range_helper(&usrdatum->exp_range, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		if (p->policy_type != POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker			if (mls_range_to_semantic(&usrdatum->exp_range,
*2d543d20SAndroid Build Coastguard Worker						  &usrdatum->range))
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
*2d543d20SAndroid Build Coastguard Worker						  &usrdatum->dfltlevel))
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else if ((p->policy_type == POLICY_MOD
*2d543d20SAndroid Build Coastguard Worker		    && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
*2d543d20SAndroid Build Coastguard Worker		   || (p->policy_type == POLICY_BASE
*2d543d20SAndroid Build Coastguard Worker		       && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
*2d543d20SAndroid Build Coastguard Worker		if (mls_read_semantic_range_helper(&usrdatum->range, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, usrdatum))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	user_destroy(key, usrdatum, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int sens_read(policydb_t * p
*2d543d20SAndroid Build Coastguard Worker		     __attribute__ ((unused)), hashtab_t h,
*2d543d20SAndroid Build Coastguard Worker		     struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	level_datum_t *levdatum;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2], len;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	levdatum = malloc(sizeof(level_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!levdatum)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	level_datum_init(levdatum);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	levdatum->isalias = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	levdatum->level = malloc(sizeof(mls_level_t));
*2d543d20SAndroid Build Coastguard Worker	if (!levdatum->level || mls_read_level(levdatum->level, fp))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, levdatum))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	sens_destroy(key, levdatum, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int cat_read(policydb_t * p
*2d543d20SAndroid Build Coastguard Worker		    __attribute__ ((unused)), hashtab_t h,
*2d543d20SAndroid Build Coastguard Worker		    struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char *key = 0;
*2d543d20SAndroid Build Coastguard Worker	cat_datum_t *catdatum;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3], len;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	catdatum = malloc(sizeof(cat_datum_t));
*2d543d20SAndroid Build Coastguard Worker	if (!catdatum)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	cat_datum_init(catdatum);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	catdatum->s.value = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	catdatum->isalias = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_insert(h, key, catdatum))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	cat_destroy(key, catdatum, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int (*const read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
*2d543d20SAndroid Build Coastguard Worker			       struct policy_file * fp) = {
*2d543d20SAndroid Build Coastguard Workercommon_read, class_read, role_read, type_read, user_read,
*2d543d20SAndroid Build Coastguard Worker	    cond_read_bool, sens_read, cat_read,};
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/************** module reading functions below **************/
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2], len;
*2d543d20SAndroid Build Coastguard Worker	class_perm_node_t *cur, *tail = NULL;
*2d543d20SAndroid Build Coastguard Worker	avrule_t *avrule;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	avrule = (avrule_t *) malloc(sizeof(avrule_t));
*2d543d20SAndroid Build Coastguard Worker	if (!avrule)
*2d543d20SAndroid Build Coastguard Worker		return NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	avrule_init(avrule);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	avrule->specified = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	avrule->flags = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (type_set_read(&avrule->stypes, fp))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (type_set_read(&avrule->ttypes, fp))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < len; i++) {
*2d543d20SAndroid Build Coastguard Worker		cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
*2d543d20SAndroid Build Coastguard Worker		if (!cur)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		class_perm_node_init(cur);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker			free(cur);
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		cur->tclass = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		cur->data = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (!tail) {
*2d543d20SAndroid Build Coastguard Worker			avrule->perms = cur;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			tail->next = cur;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		tail = cur;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (avrule->specified & AVRULE_XPERMS) {
*2d543d20SAndroid Build Coastguard Worker		uint8_t buf8;
*2d543d20SAndroid Build Coastguard Worker		size_t nel = ARRAY_SIZE(avrule->xperms->perms);
*2d543d20SAndroid Build Coastguard Worker		uint32_t buf32[nel];
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle,
*2d543d20SAndroid Build Coastguard Worker			    "module policy version %u does not support ioctl"
*2d543d20SAndroid Build Coastguard Worker			    " extended permissions rules and one was specified",
*2d543d20SAndroid Build Coastguard Worker			    p->policyvers);
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (p->target_platform != SEPOL_TARGET_SELINUX) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle,
*2d543d20SAndroid Build Coastguard Worker			    "Target platform %s does not support ioctl"
*2d543d20SAndroid Build Coastguard Worker			    " extended permissions rules and one was specified",
*2d543d20SAndroid Build Coastguard Worker			    policydb_target_strings[p->target_platform]);
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		avrule->xperms = calloc(1, sizeof(*avrule->xperms));
*2d543d20SAndroid Build Coastguard Worker		if (!avrule->xperms)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(&buf8, fp, sizeof(uint8_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "truncated entry");
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		avrule->xperms->specified = buf8;
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(&buf8, fp, sizeof(uint8_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "truncated entry");
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		avrule->xperms->driver = buf8;
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf32, fp, sizeof(uint32_t)*nel);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "truncated entry");
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < nel; i++)
*2d543d20SAndroid Build Coastguard Worker			avrule->xperms->perms[i] = le32_to_cpu(buf32[i]);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return avrule;
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	if (avrule) {
*2d543d20SAndroid Build Coastguard Worker		avrule_destroy(avrule);
*2d543d20SAndroid Build Coastguard Worker		free(avrule);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return NULL;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int range_read(policydb_t * p, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2], nel;
*2d543d20SAndroid Build Coastguard Worker	range_trans_t *rt = NULL;
*2d543d20SAndroid Build Coastguard Worker	struct mls_range *r = NULL;
*2d543d20SAndroid Build Coastguard Worker	range_trans_rule_t *rtr = NULL, *lrtr = NULL;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	int new_rangetr = (p->policy_type == POLICY_KERN &&
*2d543d20SAndroid Build Coastguard Worker			   p->policyvers >= POLICYDB_VERSION_RANGETRANS);
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		rt = calloc(1, sizeof(range_trans_t));
*2d543d20SAndroid Build Coastguard Worker		if (!rt)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		rt->source_type = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		if (!value_isvalid(rt->source_type, p->p_types.nprim))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		rt->target_type = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		if (!value_isvalid(rt->target_type, p->p_types.nprim))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		if (new_rangetr) {
*2d543d20SAndroid Build Coastguard Worker			rc = next_entry(buf, fp, (sizeof(uint32_t)));
*2d543d20SAndroid Build Coastguard Worker			if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker				goto err;
*2d543d20SAndroid Build Coastguard Worker			rt->target_class = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		} else
*2d543d20SAndroid Build Coastguard Worker			rt->target_class = p->process_class;
*2d543d20SAndroid Build Coastguard Worker		if (!value_isvalid(rt->target_class, p->p_classes.nprim))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		r = calloc(1, sizeof(*r));
*2d543d20SAndroid Build Coastguard Worker		if (!r)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		if (mls_read_range_helper(r, fp))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (p->policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker			rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r);
*2d543d20SAndroid Build Coastguard Worker			if (rc)
*2d543d20SAndroid Build Coastguard Worker				goto err;
*2d543d20SAndroid Build Coastguard Worker			rt = NULL;
*2d543d20SAndroid Build Coastguard Worker			r = NULL;
*2d543d20SAndroid Build Coastguard Worker			continue;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		/* Module policy: convert to range_trans_rule and discard. */
*2d543d20SAndroid Build Coastguard Worker		rtr = malloc(sizeof(range_trans_rule_t));
*2d543d20SAndroid Build Coastguard Worker		if (!rtr)
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker		range_trans_rule_init(rtr);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (mls_range_to_semantic(r, &rtr->trange))
*2d543d20SAndroid Build Coastguard Worker			goto err;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (lrtr)
*2d543d20SAndroid Build Coastguard Worker			lrtr->next = rtr;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			p->global->enabled->range_tr_rules = rtr;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		free(rt);
*2d543d20SAndroid Build Coastguard Worker		rt = NULL;
*2d543d20SAndroid Build Coastguard Worker		free(r);
*2d543d20SAndroid Build Coastguard Worker		r = NULL;
*2d543d20SAndroid Build Coastguard Worker		lrtr = rtr;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Workererr:
*2d543d20SAndroid Build Coastguard Worker	free(rt);
*2d543d20SAndroid Build Coastguard Worker	if (r) {
*2d543d20SAndroid Build Coastguard Worker		mls_range_destroy(r);
*2d543d20SAndroid Build Coastguard Worker		free(r);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (rtr) {
*2d543d20SAndroid Build Coastguard Worker		range_trans_rule_destroy(rtr);
*2d543d20SAndroid Build Coastguard Worker		free(rtr);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint avrule_read_list(policydb_t * p, avrule_t ** avrules,
*2d543d20SAndroid Build Coastguard Worker		     struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	avrule_t *cur, *tail;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1], len;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	*avrules = tail = NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < len; i++) {
*2d543d20SAndroid Build Coastguard Worker		cur = avrule_read(p, fp);
*2d543d20SAndroid Build Coastguard Worker		if (!cur) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (!tail) {
*2d543d20SAndroid Build Coastguard Worker			*avrules = cur;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			tail->next = cur;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		tail = cur;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
*2d543d20SAndroid Build Coastguard Worker				struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1], nel;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	role_trans_rule_t *tr, *ltr;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	ltr = NULL;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		tr = malloc(sizeof(role_trans_rule_t));
*2d543d20SAndroid Build Coastguard Worker		if (!tr) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		role_trans_rule_init(tr);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ltr) {
*2d543d20SAndroid Build Coastguard Worker			ltr->next = tr;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			*r = tr;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (role_set_read(&tr->roles, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (type_set_read(&tr->types, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
*2d543d20SAndroid Build Coastguard Worker			if (ebitmap_read(&tr->classes, fp))
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			if (!p->process_class)
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			if (ebitmap_set_bit(&tr->classes, p->process_class - 1, 1))
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		tr->new_role = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		ltr = tr;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1], nel;
*2d543d20SAndroid Build Coastguard Worker	role_allow_rule_t *ra, *lra;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	lra = NULL;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		ra = malloc(sizeof(role_allow_rule_t));
*2d543d20SAndroid Build Coastguard Worker		if (!ra) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		role_allow_rule_init(ra);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (lra) {
*2d543d20SAndroid Build Coastguard Worker			lra->next = ra;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			*r = ra;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (role_set_read(&ra->roles, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (role_set_read(&ra->new_roles, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		lra = ra;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int filename_trans_rule_read(policydb_t *p, filename_trans_rule_t **r,
*2d543d20SAndroid Build Coastguard Worker				    struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[3], nel, i, len;
*2d543d20SAndroid Build Coastguard Worker	unsigned int entries;
*2d543d20SAndroid Build Coastguard Worker	filename_trans_rule_t *ftr, *lftr;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	lftr = NULL;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		ftr = malloc(sizeof(*ftr));
*2d543d20SAndroid Build Coastguard Worker		if (!ftr)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		filename_trans_rule_init(ftr);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (lftr)
*2d543d20SAndroid Build Coastguard Worker			lftr->next = ftr;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			*r = ftr;
*2d543d20SAndroid Build Coastguard Worker		lftr = ftr;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = str_read(&ftr->name, fp, len);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (type_set_read(&ftr->stypes, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (type_set_read(&ftr->ttypes, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS)
*2d543d20SAndroid Build Coastguard Worker			entries = 3;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			entries = 2;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * entries);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		ftr->tclass = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		ftr->otype = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS)
*2d543d20SAndroid Build Coastguard Worker			ftr->flags = le32_to_cpu(buf[2]);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int range_trans_rule_read(range_trans_rule_t ** r,
*2d543d20SAndroid Build Coastguard Worker				 struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1], nel;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	range_trans_rule_t *rt, *lrt = NULL;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++) {
*2d543d20SAndroid Build Coastguard Worker		rt = malloc(sizeof(range_trans_rule_t));
*2d543d20SAndroid Build Coastguard Worker		if (!rt) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		range_trans_rule_init(rt);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (lrt)
*2d543d20SAndroid Build Coastguard Worker			lrt->next = rt;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			*r = rt;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (type_set_read(&rt->stypes, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (type_set_read(&rt->ttypes, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(&rt->tclasses, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (mls_read_semantic_range_helper(&rt->trange, fp))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		lrt = rt;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int scope_index_read(scope_index_t * scope_index,
*2d543d20SAndroid Build Coastguard Worker			    unsigned int num_scope_syms, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1];
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < num_scope_syms; i++) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(scope_index->scope + i, fp) < 0) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	scope_index->class_perms_len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	if (is_saturated(scope_index->class_perms_len) ||
*2d543d20SAndroid Build Coastguard Worker	    exceeds_available_bytes(fp, scope_index->class_perms_len, sizeof(uint32_t) * 3))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	if (scope_index->class_perms_len == 0) {
*2d543d20SAndroid Build Coastguard Worker		scope_index->class_perms_map = NULL;
*2d543d20SAndroid Build Coastguard Worker		return 0;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if ((scope_index->class_perms_map =
*2d543d20SAndroid Build Coastguard Worker	     calloc(scope_index->class_perms_len,
*2d543d20SAndroid Build Coastguard Worker		    sizeof(*scope_index->class_perms_map))) == NULL) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < scope_index->class_perms_len; i++) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
*2d543d20SAndroid Build Coastguard Worker			    unsigned int num_scope_syms, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2], nprim, nel;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i, j;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	decl->decl_id = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	decl->enabled = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
*2d543d20SAndroid Build Coastguard Worker	    avrule_read_list(p, &decl->avrules, fp) == -1 ||
*2d543d20SAndroid Build Coastguard Worker	    role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
*2d543d20SAndroid Build Coastguard Worker	    role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
*2d543d20SAndroid Build Coastguard Worker	    filename_trans_rule_read(p, &decl->filename_trans_rules, fp))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
*2d543d20SAndroid Build Coastguard Worker	    range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
*2d543d20SAndroid Build Coastguard Worker	    scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < num_scope_syms; i++) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		nprim = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		if (is_saturated(nprim))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		nel = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		for (j = 0; j < nel; j++) {
*2d543d20SAndroid Build Coastguard Worker			if (read_f[i] (p, decl->symtab[i].table, fp)) {
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		decl->symtab[i].nprim = nprim;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int avrule_block_read(policydb_t * p,
*2d543d20SAndroid Build Coastguard Worker			     avrule_block_t ** block,
*2d543d20SAndroid Build Coastguard Worker			     unsigned int num_scope_syms,
*2d543d20SAndroid Build Coastguard Worker			     struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	avrule_block_t *last_block = NULL, *curblock;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[1], num_blocks, nel;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	assert(*block == NULL);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	num_blocks = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	nel = num_blocks;
*2d543d20SAndroid Build Coastguard Worker	while (num_blocks > 0) {
*2d543d20SAndroid Build Coastguard Worker		avrule_decl_t *last_decl = NULL, *curdecl;
*2d543d20SAndroid Build Coastguard Worker		uint32_t num_decls;
*2d543d20SAndroid Build Coastguard Worker		if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker			free(curblock);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		/* if this is the first block its non-optional, else its optional */
*2d543d20SAndroid Build Coastguard Worker		if (num_blocks != nel)
*2d543d20SAndroid Build Coastguard Worker			curblock->flags |= AVRULE_OPTIONAL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		num_decls = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		while (num_decls > 0) {
*2d543d20SAndroid Build Coastguard Worker			if ((curdecl = avrule_decl_create(0)) == NULL) {
*2d543d20SAndroid Build Coastguard Worker				avrule_block_destroy(curblock);
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
*2d543d20SAndroid Build Coastguard Worker			    -1) {
*2d543d20SAndroid Build Coastguard Worker				avrule_decl_destroy(curdecl);
*2d543d20SAndroid Build Coastguard Worker				avrule_block_destroy(curblock);
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			if (curdecl->enabled) {
*2d543d20SAndroid Build Coastguard Worker				if (curblock->enabled != NULL) {
*2d543d20SAndroid Build Coastguard Worker					/* probably a corrupt file */
*2d543d20SAndroid Build Coastguard Worker					avrule_decl_destroy(curdecl);
*2d543d20SAndroid Build Coastguard Worker					avrule_block_destroy(curblock);
*2d543d20SAndroid Build Coastguard Worker					return -1;
*2d543d20SAndroid Build Coastguard Worker				}
*2d543d20SAndroid Build Coastguard Worker				curblock->enabled = curdecl;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			/* one must be careful to reconstruct the
*2d543d20SAndroid Build Coastguard Worker			 * decl chain in its correct order */
*2d543d20SAndroid Build Coastguard Worker			if (curblock->branch_list == NULL) {
*2d543d20SAndroid Build Coastguard Worker				curblock->branch_list = curdecl;
*2d543d20SAndroid Build Coastguard Worker			} else {
*2d543d20SAndroid Build Coastguard Worker				assert(last_decl);
*2d543d20SAndroid Build Coastguard Worker				last_decl->next = curdecl;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			last_decl = curdecl;
*2d543d20SAndroid Build Coastguard Worker			num_decls--;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (*block == NULL) {
*2d543d20SAndroid Build Coastguard Worker			*block = curblock;
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			assert(last_block);
*2d543d20SAndroid Build Coastguard Worker			last_block->next = curblock;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		last_block = curblock;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		num_blocks--;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	scope_datum_t *scope = NULL;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[2];
*2d543d20SAndroid Build Coastguard Worker	char *key = NULL;
*2d543d20SAndroid Build Coastguard Worker	size_t key_len;
*2d543d20SAndroid Build Coastguard Worker	unsigned int i;
*2d543d20SAndroid Build Coastguard Worker	hashtab_t h = p->scope[symnum].table;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t));
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker	key_len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = str_read(&key, fp, key_len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* ensure that there already exists a symbol with this key */
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if ((scope = calloc(1, sizeof(*scope))) == NULL) {
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker	scope->scope = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker	scope->decl_ids_len = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker	if (zero_or_saturated(scope->decl_ids_len) ||
*2d543d20SAndroid Build Coastguard Worker	    exceeds_available_bytes(fp, scope->decl_ids_len, sizeof(uint32_t))) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "invalid scope with no declaration");
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	if ((scope->decl_ids =
*2d543d20SAndroid Build Coastguard Worker	     calloc(scope->decl_ids_len, sizeof(uint32_t))) == NULL) {
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		goto cleanup;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < scope->decl_ids_len; i++) {
*2d543d20SAndroid Build Coastguard Worker		scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
*2d543d20SAndroid Build Coastguard Worker		/* object_r was already added to this table in roles_init() */
*2d543d20SAndroid Build Coastguard Worker		scope_destroy(key, scope, NULL);
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		if (hashtab_insert(h, key, scope)) {
*2d543d20SAndroid Build Coastguard Worker			goto cleanup;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker      cleanup:
*2d543d20SAndroid Build Coastguard Worker	scope_destroy(key, scope, NULL);
*2d543d20SAndroid Build Coastguard Worker	return -1;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic sepol_security_class_t policydb_string_to_security_class(
*2d543d20SAndroid Build Coastguard Worker	struct policydb *policydb,
*2d543d20SAndroid Build Coastguard Worker	const char *class_name)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	class_datum_t *tclass_datum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	tclass_datum = hashtab_search(policydb->p_classes.table,
*2d543d20SAndroid Build Coastguard Worker				      class_name);
*2d543d20SAndroid Build Coastguard Worker	if (!tclass_datum)
*2d543d20SAndroid Build Coastguard Worker		return 0;
*2d543d20SAndroid Build Coastguard Worker	return tclass_datum->s.value;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerstatic sepol_access_vector_t policydb_string_to_av_perm(
*2d543d20SAndroid Build Coastguard Worker	struct policydb *policydb,
*2d543d20SAndroid Build Coastguard Worker	sepol_security_class_t tclass,
*2d543d20SAndroid Build Coastguard Worker	const char *perm_name)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	class_datum_t *tclass_datum;
*2d543d20SAndroid Build Coastguard Worker	perm_datum_t *perm_datum;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!tclass || tclass > policydb->p_classes.nprim)
*2d543d20SAndroid Build Coastguard Worker		return 0;
*2d543d20SAndroid Build Coastguard Worker	tclass_datum = policydb->class_val_to_struct[tclass - 1];
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	perm_datum = (perm_datum_t *)
*2d543d20SAndroid Build Coastguard Worker			hashtab_search(tclass_datum->permissions.table,
*2d543d20SAndroid Build Coastguard Worker			perm_name);
*2d543d20SAndroid Build Coastguard Worker	if (perm_datum != NULL)
*2d543d20SAndroid Build Coastguard Worker		return UINT32_C(1) << (perm_datum->s.value - 1);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (tclass_datum->comdatum == NULL)
*2d543d20SAndroid Build Coastguard Worker		return 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	perm_datum = (perm_datum_t *)
*2d543d20SAndroid Build Coastguard Worker			hashtab_search(tclass_datum->comdatum->permissions.table,
*2d543d20SAndroid Build Coastguard Worker			perm_name);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (perm_datum != NULL)
*2d543d20SAndroid Build Coastguard Worker		return UINT32_C(1) << (perm_datum->s.value - 1);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/*
*2d543d20SAndroid Build Coastguard Worker * Read the configuration data from a policy database binary
*2d543d20SAndroid Build Coastguard Worker * representation file into a policy database structure.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	unsigned int i, j, r_policyvers;
*2d543d20SAndroid Build Coastguard Worker	uint32_t buf[5], nprim;
*2d543d20SAndroid Build Coastguard Worker	size_t len, nel;
*2d543d20SAndroid Build Coastguard Worker	char *policydb_str;
*2d543d20SAndroid Build Coastguard Worker	const struct policydb_compat_info *info;
*2d543d20SAndroid Build Coastguard Worker	unsigned int policy_type, bufindex;
*2d543d20SAndroid Build Coastguard Worker	ebitmap_node_t *tnode;
*2d543d20SAndroid Build Coastguard Worker	int rc;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* Read the magic number and string length. */
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < 2; i++)
*2d543d20SAndroid Build Coastguard Worker		buf[i] = le32_to_cpu(buf[i]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (buf[0] == POLICYDB_MAGIC) {
*2d543d20SAndroid Build Coastguard Worker		policy_type = POLICY_KERN;
*2d543d20SAndroid Build Coastguard Worker	} else if (buf[0] == POLICYDB_MOD_MAGIC) {
*2d543d20SAndroid Build Coastguard Worker		policy_type = POLICY_MOD;
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "policydb magic number %#08x does not "
*2d543d20SAndroid Build Coastguard Worker		    "match expected magic number %#08x or %#08x",
*2d543d20SAndroid Build Coastguard Worker		    buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
*2d543d20SAndroid Build Coastguard Worker		return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	len = buf[1];
*2d543d20SAndroid Build Coastguard Worker	if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero");
*2d543d20SAndroid Build Coastguard Worker		return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	policydb_str = malloc(len + 1);
*2d543d20SAndroid Build Coastguard Worker	if (!policydb_str) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "unable to allocate memory for policydb "
*2d543d20SAndroid Build Coastguard Worker		    "string of length %zu", len);
*2d543d20SAndroid Build Coastguard Worker		return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(policydb_str, fp, len);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "truncated policydb string identifier");
*2d543d20SAndroid Build Coastguard Worker		free(policydb_str);
*2d543d20SAndroid Build Coastguard Worker		return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	policydb_str[len] = 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
*2d543d20SAndroid Build Coastguard Worker			if ((strcmp(policydb_str, policydb_target_strings[i])
*2d543d20SAndroid Build Coastguard Worker				== 0)) {
*2d543d20SAndroid Build Coastguard Worker				policydb_set_target_platform(p, i);
*2d543d20SAndroid Build Coastguard Worker				break;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (i == POLICYDB_TARGET_SZ) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "cannot find a valid target for policy "
*2d543d20SAndroid Build Coastguard Worker				"string %s", policydb_str);
*2d543d20SAndroid Build Coastguard Worker			free(policydb_str);
*2d543d20SAndroid Build Coastguard Worker			return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "invalid string identifier %s",
*2d543d20SAndroid Build Coastguard Worker				policydb_str);
*2d543d20SAndroid Build Coastguard Worker			free(policydb_str);
*2d543d20SAndroid Build Coastguard Worker			return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* Done with policydb_str. */
*2d543d20SAndroid Build Coastguard Worker	free(policydb_str);
*2d543d20SAndroid Build Coastguard Worker	policydb_str = NULL;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* Read the version, config, and table sizes (and policy type if it's a module). */
*2d543d20SAndroid Build Coastguard Worker	if (policy_type == POLICY_KERN)
*2d543d20SAndroid Build Coastguard Worker		nel = 4;
*2d543d20SAndroid Build Coastguard Worker	else
*2d543d20SAndroid Build Coastguard Worker		nel = 5;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
*2d543d20SAndroid Build Coastguard Worker	if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker		return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < nel; i++)
*2d543d20SAndroid Build Coastguard Worker		buf[i] = le32_to_cpu(buf[i]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	bufindex = 0;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policy_type == POLICY_MOD) {
*2d543d20SAndroid Build Coastguard Worker		/* We know it's a module but not whether it's a base
*2d543d20SAndroid Build Coastguard Worker		   module or regular binary policy module.  buf[0]
*2d543d20SAndroid Build Coastguard Worker		   tells us which. */
*2d543d20SAndroid Build Coastguard Worker		policy_type = buf[bufindex];
*2d543d20SAndroid Build Coastguard Worker		if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "unknown module type: %#08x",
*2d543d20SAndroid Build Coastguard Worker			    policy_type);
*2d543d20SAndroid Build Coastguard Worker			return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		bufindex++;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	r_policyvers = buf[bufindex];
*2d543d20SAndroid Build Coastguard Worker	if (policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		if (r_policyvers < POLICYDB_VERSION_MIN ||
*2d543d20SAndroid Build Coastguard Worker		    r_policyvers > POLICYDB_VERSION_MAX) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "policydb version %d does not match "
*2d543d20SAndroid Build Coastguard Worker			    "my version range %d-%d", buf[bufindex],
*2d543d20SAndroid Build Coastguard Worker			    POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
*2d543d20SAndroid Build Coastguard Worker			return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
*2d543d20SAndroid Build Coastguard Worker		if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
*2d543d20SAndroid Build Coastguard Worker		    r_policyvers > MOD_POLICYDB_VERSION_MAX) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "policydb module version %d does "
*2d543d20SAndroid Build Coastguard Worker			    "not match my version range %d-%d",
*2d543d20SAndroid Build Coastguard Worker			    buf[bufindex], MOD_POLICYDB_VERSION_MIN,
*2d543d20SAndroid Build Coastguard Worker			    MOD_POLICYDB_VERSION_MAX);
*2d543d20SAndroid Build Coastguard Worker			return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		assert(0);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker	bufindex++;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* Set the policy type and version from the read values. */
*2d543d20SAndroid Build Coastguard Worker	p->policy_type = policy_type;
*2d543d20SAndroid Build Coastguard Worker	p->policyvers = r_policyvers;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
*2d543d20SAndroid Build Coastguard Worker		p->mls = 1;
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		p->mls = 0;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	bufindex++;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	info = policydb_lookup_compat(r_policyvers, policy_type,
*2d543d20SAndroid Build Coastguard Worker					p->target_platform);
*2d543d20SAndroid Build Coastguard Worker	if (!info) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle, "unable to find policy compat info "
*2d543d20SAndroid Build Coastguard Worker		    "for version %d", r_policyvers);
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (buf[bufindex] != info->sym_num
*2d543d20SAndroid Build Coastguard Worker	    || buf[bufindex + 1] != info->ocon_num) {
*2d543d20SAndroid Build Coastguard Worker		ERR(fp->handle,
*2d543d20SAndroid Build Coastguard Worker		    "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
*2d543d20SAndroid Build Coastguard Worker		    buf[bufindex], buf[bufindex + 1], info->sym_num,
*2d543d20SAndroid Build Coastguard Worker		    info->ocon_num);
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policy_type == POLICY_MOD) {
*2d543d20SAndroid Build Coastguard Worker		/* Get the module name and version */
*2d543d20SAndroid Build Coastguard Worker		if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		rc = str_read(&p->name, fp, len);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		len = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		rc = str_read(&p->version, fp, len);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
*2d543d20SAndroid Build Coastguard Worker	     p->policy_type == POLICY_KERN) ||
*2d543d20SAndroid Build Coastguard Worker	    (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
*2d543d20SAndroid Build Coastguard Worker	     p->policy_type == POLICY_BASE) ||
*2d543d20SAndroid Build Coastguard Worker	    (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
*2d543d20SAndroid Build Coastguard Worker	     p->policy_type == POLICY_MOD)) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(&p->policycaps, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
*2d543d20SAndroid Build Coastguard Worker	    p->policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		if (ebitmap_read(&p->permissive_map, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; i < info->sym_num; i++) {
*2d543d20SAndroid Build Coastguard Worker		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
*2d543d20SAndroid Build Coastguard Worker		if (rc < 0)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		nprim = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker		if (is_saturated(nprim) ||
*2d543d20SAndroid Build Coastguard Worker		    exceeds_available_bytes(fp, nprim, sizeof(uint32_t) * 3))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		nel = le32_to_cpu(buf[1]);
*2d543d20SAndroid Build Coastguard Worker		if (nel && !nprim) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "unexpected items in symbol table with no symbol");
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		for (j = 0; j < nel; j++) {
*2d543d20SAndroid Build Coastguard Worker			if (read_f[i] (p, p->symtab[i].table, fp))
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		p->symtab[i].nprim = nprim;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	switch (p->target_platform) {
*2d543d20SAndroid Build Coastguard Worker	case SEPOL_TARGET_SELINUX:
*2d543d20SAndroid Build Coastguard Worker		p->process_class = policydb_string_to_security_class(p, "process");
*2d543d20SAndroid Build Coastguard Worker		p->dir_class = policydb_string_to_security_class(p, "dir");
*2d543d20SAndroid Build Coastguard Worker		break;
*2d543d20SAndroid Build Coastguard Worker	case SEPOL_TARGET_XEN:
*2d543d20SAndroid Build Coastguard Worker		p->process_class = policydb_string_to_security_class(p, "domain");
*2d543d20SAndroid Build Coastguard Worker		break;
*2d543d20SAndroid Build Coastguard Worker	default:
*2d543d20SAndroid Build Coastguard Worker		break;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		if (avtab_read(&p->te_avtab, fp, r_policyvers))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		if (r_policyvers >= POLICYDB_VERSION_BOOL)
*2d543d20SAndroid Build Coastguard Worker			if (cond_read_list(p, &p->cond_list, fp))
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker		if (role_trans_read(p, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		if (role_allow_read(&p->role_allow, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
*2d543d20SAndroid Build Coastguard Worker		    filename_trans_read(p, fp))
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		/* first read the AV rule blocks, then the scope tables */
*2d543d20SAndroid Build Coastguard Worker		avrule_block_destroy(p->global);
*2d543d20SAndroid Build Coastguard Worker		p->global = NULL;
*2d543d20SAndroid Build Coastguard Worker		if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		if (p->global == NULL) {
*2d543d20SAndroid Build Coastguard Worker			ERR(fp->handle, "no avrule block in policy");
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < info->sym_num; i++) {
*2d543d20SAndroid Build Coastguard Worker			if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			nel = le32_to_cpu(buf[0]);
*2d543d20SAndroid Build Coastguard Worker			for (j = 0; j < nel; j++) {
*2d543d20SAndroid Build Coastguard Worker				if (scope_read(p, i, fp))
*2d543d20SAndroid Build Coastguard Worker					goto bad;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policydb_index_decls(fp->handle, p))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policydb_index_classes(p))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	switch (p->target_platform) {
*2d543d20SAndroid Build Coastguard Worker	case SEPOL_TARGET_SELINUX:
*2d543d20SAndroid Build Coastguard Worker		/* fall through */
*2d543d20SAndroid Build Coastguard Worker	case SEPOL_TARGET_XEN:
*2d543d20SAndroid Build Coastguard Worker		p->process_trans = policydb_string_to_av_perm(p, p->process_class,
*2d543d20SAndroid Build Coastguard Worker							      "transition");
*2d543d20SAndroid Build Coastguard Worker		p->process_trans_dyntrans = p->process_trans |
*2d543d20SAndroid Build Coastguard Worker			policydb_string_to_av_perm(p, p->process_class,
*2d543d20SAndroid Build Coastguard Worker						   "dyntransition");
*2d543d20SAndroid Build Coastguard Worker		break;
*2d543d20SAndroid Build Coastguard Worker	default:
*2d543d20SAndroid Build Coastguard Worker		break;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policydb_index_others(fp->handle, p, verbose))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (ocontext_read(info, p, fp) == -1) {
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (genfs_read(p, fp) == -1) {
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if ((p->policy_type == POLICY_KERN
*2d543d20SAndroid Build Coastguard Worker	     && p->policyvers >= POLICYDB_VERSION_MLS)
*2d543d20SAndroid Build Coastguard Worker	    || (p->policy_type == POLICY_BASE
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
*2d543d20SAndroid Build Coastguard Worker		&& p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
*2d543d20SAndroid Build Coastguard Worker		if (range_read(p, fp)) {
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policy_type == POLICY_KERN) {
*2d543d20SAndroid Build Coastguard Worker		p->type_attr_map = calloc(p->p_types.nprim, sizeof(ebitmap_t));
*2d543d20SAndroid Build Coastguard Worker		p->attr_type_map = calloc(p->p_types.nprim, sizeof(ebitmap_t));
*2d543d20SAndroid Build Coastguard Worker		if (!p->type_attr_map || !p->attr_type_map)
*2d543d20SAndroid Build Coastguard Worker			goto bad;
*2d543d20SAndroid Build Coastguard Worker		for (i = 0; i < p->p_types.nprim; i++) {
*2d543d20SAndroid Build Coastguard Worker			if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
*2d543d20SAndroid Build Coastguard Worker				if (ebitmap_read(&p->type_attr_map[i], fp))
*2d543d20SAndroid Build Coastguard Worker					goto bad;
*2d543d20SAndroid Build Coastguard Worker				ebitmap_for_each_positive_bit(&p->type_attr_map[i],
*2d543d20SAndroid Build Coastguard Worker							 tnode, j) {
*2d543d20SAndroid Build Coastguard Worker					if (i == j)
*2d543d20SAndroid Build Coastguard Worker						continue;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker					if (j >= p->p_types.nprim)
*2d543d20SAndroid Build Coastguard Worker						goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker					if (ebitmap_set_bit
*2d543d20SAndroid Build Coastguard Worker					    (&p->attr_type_map[j], i, 1))
*2d543d20SAndroid Build Coastguard Worker						goto bad;
*2d543d20SAndroid Build Coastguard Worker				}
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker			/* add the type itself as the degenerate case */
*2d543d20SAndroid Build Coastguard Worker			if (p->type_val_to_struct[i] && ebitmap_set_bit(&p->type_attr_map[i], i, 1))
*2d543d20SAndroid Build Coastguard Worker				goto bad;
*2d543d20SAndroid Build Coastguard Worker			if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
*2d543d20SAndroid Build Coastguard Worker				if (ebitmap_set_bit(&p->attr_type_map[i], i, 1))
*2d543d20SAndroid Build Coastguard Worker					goto bad;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (policydb_validate(fp->handle, p))
*2d543d20SAndroid Build Coastguard Worker		goto bad;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return POLICYDB_SUCCESS;
*2d543d20SAndroid Build Coastguard Worker      bad:
*2d543d20SAndroid Build Coastguard Worker	return POLICYDB_ERROR;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint policydb_reindex_users(policydb_t * p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	unsigned int i = SYM_USERS;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (p->user_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		free(p->user_val_to_struct);
*2d543d20SAndroid Build Coastguard Worker	if (p->sym_val_to_name[i])
*2d543d20SAndroid Build Coastguard Worker		free(p->sym_val_to_name[i]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	p->user_val_to_struct = (user_datum_t **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->p_users.nprim, sizeof(user_datum_t *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->user_val_to_struct)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	p->sym_val_to_name[i] = (char **)
*2d543d20SAndroid Build Coastguard Worker	    calloc(p->symtab[i].nprim, sizeof(char *));
*2d543d20SAndroid Build Coastguard Worker	if (!p->sym_val_to_name[i])
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_map(p->symtab[i].table, index_f[i], p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* Expand user roles for context validity checking */
*2d543d20SAndroid Build Coastguard Worker	if (hashtab_map(p->p_users.table, policydb_user_cache, p))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workervoid policy_file_init(policy_file_t *pf)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	memset(pf, 0, sizeof(policy_file_t));
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint policydb_set_target_platform(policydb_t *p, int platform)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	if (platform == SEPOL_TARGET_SELINUX)
*2d543d20SAndroid Build Coastguard Worker		p->target_platform = SEPOL_TARGET_SELINUX;
*2d543d20SAndroid Build Coastguard Worker	else if (platform == SEPOL_TARGET_XEN)
*2d543d20SAndroid Build Coastguard Worker		p->target_platform = SEPOL_TARGET_XEN;
*2d543d20SAndroid Build Coastguard Worker	else
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Workerint policydb_sort_ocontexts(policydb_t *p)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	return sort_ocontexts(p);
*2d543d20SAndroid Build Coastguard Worker}