xref: /linux/security/selinux/ss/policydb.h (revision dffb641bea1d0c5a4017771aafb39513701095be) 
1a10e763bSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-only */
21da177e4SLinus Torvalds /*
31da177e4SLinus Torvalds  * A policy database (policydb) specifies the
41da177e4SLinus Torvalds  * configuration data for the security policy.
51da177e4SLinus Torvalds  *
60fe53224SStephen Smalley  * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
71da177e4SLinus Torvalds  */
81da177e4SLinus Torvalds 
91da177e4SLinus Torvalds /*
101da177e4SLinus Torvalds  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
111da177e4SLinus Torvalds  *          Support for enhanced MLS infrastructure.
121da177e4SLinus Torvalds  *          Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
13a32582dbSPaul Moore  *
14a32582dbSPaul Moore  * Updated: Frank Mayer <mayerf@tresys.com> and
15a32582dbSPaul Moore  *          Karl MacMillan <kmacmillan@tresys.com>
16a32582dbSPaul Moore  *          Added conditional policy language extensions
171da177e4SLinus Torvalds  *          Copyright (C) 2003-2004 Tresys Technology, LLC
181da177e4SLinus Torvalds  */
191da177e4SLinus Torvalds 
201da177e4SLinus Torvalds #ifndef _SS_POLICYDB_H_
211da177e4SLinus Torvalds #define _SS_POLICYDB_H_
221da177e4SLinus Torvalds 
231da177e4SLinus Torvalds #include "symtab.h"
241da177e4SLinus Torvalds #include "avtab.h"
251da177e4SLinus Torvalds #include "sidtab.h"
260719aaf5SGuido Trentalancia #include "ebitmap.h"
270719aaf5SGuido Trentalancia #include "mls_types.h"
281da177e4SLinus Torvalds #include "context.h"
291da177e4SLinus Torvalds #include "constraint.h"
301da177e4SLinus Torvalds 
311da177e4SLinus Torvalds /*
321da177e4SLinus Torvalds  * A datum type is defined for each kind of symbol
331da177e4SLinus Torvalds  * in the configuration data:  individual permissions,
341da177e4SLinus Torvalds  * common prefixes for access vectors, classes,
351da177e4SLinus Torvalds  * users, roles, types, sensitivities, categories, etc.
361da177e4SLinus Torvalds  */
371da177e4SLinus Torvalds 
381da177e4SLinus Torvalds /* Permission attributes */
391da177e4SLinus Torvalds struct perm_datum {
401da177e4SLinus Torvalds 	u32 value; /* permission bit + 1 */
411da177e4SLinus Torvalds };
421da177e4SLinus Torvalds 
431da177e4SLinus Torvalds /* Attributes of a common prefix for access vectors */
441da177e4SLinus Torvalds struct common_datum {
451da177e4SLinus Torvalds 	u32 value; /* internal common value */
461da177e4SLinus Torvalds 	struct symtab permissions; /* common permissions */
471da177e4SLinus Torvalds };
481da177e4SLinus Torvalds 
491da177e4SLinus Torvalds /* Class attributes */
501da177e4SLinus Torvalds struct class_datum {
511da177e4SLinus Torvalds 	u32 value; /* class value */
521da177e4SLinus Torvalds 	char *comkey; /* common name */
531da177e4SLinus Torvalds 	struct common_datum *comdatum; /* common datum */
541da177e4SLinus Torvalds 	struct symtab permissions; /* class-specific permission symbol table */
55a32582dbSPaul Moore 	struct constraint_node *constraints; /* constraints on class perms */
561da177e4SLinus Torvalds 	struct constraint_node *validatetrans; /* special transition rules */
57eed7795dSEric Paris /* Options how a new object user, role, and type should be decided */
58aa893269SEric Paris #define DEFAULT_SOURCE 1
59aa893269SEric Paris #define DEFAULT_TARGET 2
60aa893269SEric Paris 	char default_user;
61aa893269SEric Paris 	char default_role;
62eed7795dSEric Paris 	char default_type;
63aa893269SEric Paris /* Options how a new object range should be decided */
64aa893269SEric Paris #define DEFAULT_SOURCE_LOW	1
65aa893269SEric Paris #define DEFAULT_SOURCE_HIGH	2
66aa893269SEric Paris #define DEFAULT_SOURCE_LOW_HIGH 3
67aa893269SEric Paris #define DEFAULT_TARGET_LOW	4
68aa893269SEric Paris #define DEFAULT_TARGET_HIGH	5
69aa893269SEric Paris #define DEFAULT_TARGET_LOW_HIGH 6
7042345b68SJoshua Brindle #define DEFAULT_GLBLUB		7
71aa893269SEric Paris 	char default_range;
721da177e4SLinus Torvalds };
731da177e4SLinus Torvalds 
741da177e4SLinus Torvalds /* Role attributes */
751da177e4SLinus Torvalds struct role_datum {
761da177e4SLinus Torvalds 	u32 value; /* internal role value */
77d9250deaSKaiGai Kohei 	u32 bounds; /* boundary of role */
781da177e4SLinus Torvalds 	struct ebitmap dominates; /* set of roles dominated by this role */
791da177e4SLinus Torvalds 	struct ebitmap types; /* set of authorized types for role */
801da177e4SLinus Torvalds };
811da177e4SLinus Torvalds 
82e67b2ec9SOndrej Mosnacek struct role_trans_key {
831da177e4SLinus Torvalds 	u32 role; /* current role */
848023976cSHarry Ciao 	u32 type; /* program executable type, or new object type */
858023976cSHarry Ciao 	u32 tclass; /* process class, or new object class */
86e67b2ec9SOndrej Mosnacek };
87e67b2ec9SOndrej Mosnacek 
88e67b2ec9SOndrej Mosnacek struct role_trans_datum {
891da177e4SLinus Torvalds 	u32 new_role; /* new role */
901da177e4SLinus Torvalds };
911da177e4SLinus Torvalds 
92c3a27611SOndrej Mosnacek struct filename_trans_key {
93652bb9b0SEric Paris 	u32 ttype; /* parent dir context */
94652bb9b0SEric Paris 	u16 tclass; /* class of new object */
95652bb9b0SEric Paris 	const char *name; /* last path component */
962463c26dSEric Paris };
972463c26dSEric Paris 
982463c26dSEric Paris struct filename_trans_datum {
99c3a27611SOndrej Mosnacek 	struct ebitmap stypes; /* bitmap of source types for this otype */
100c3a27611SOndrej Mosnacek 	u32 otype; /* resulting type of new object */
101c3a27611SOndrej Mosnacek 	struct filename_trans_datum *next; /* record for next otype*/
102652bb9b0SEric Paris };
103652bb9b0SEric Paris 
1041da177e4SLinus Torvalds struct role_allow {
1051da177e4SLinus Torvalds 	u32 role; /* current role */
1061da177e4SLinus Torvalds 	u32 new_role; /* new role */
1071da177e4SLinus Torvalds 	struct role_allow *next;
1081da177e4SLinus Torvalds };
1091da177e4SLinus Torvalds 
1101da177e4SLinus Torvalds /* Type attributes */
1111da177e4SLinus Torvalds struct type_datum {
1121da177e4SLinus Torvalds 	u32 value; /* internal type value */
113d9250deaSKaiGai Kohei 	u32 bounds; /* boundary of type */
1141da177e4SLinus Torvalds 	unsigned char primary; /* primary name? */
115d9250deaSKaiGai Kohei 	unsigned char attribute; /* attribute ?*/
1161da177e4SLinus Torvalds };
1171da177e4SLinus Torvalds 
1181da177e4SLinus Torvalds /* User attributes */
1191da177e4SLinus Torvalds struct user_datum {
1201da177e4SLinus Torvalds 	u32 value; /* internal user value */
121d9250deaSKaiGai Kohei 	u32 bounds; /* bounds of user */
1221da177e4SLinus Torvalds 	struct ebitmap roles; /* set of authorized roles for user */
1231da177e4SLinus Torvalds 	struct mls_range range; /* MLS range (min - max) for user */
1241da177e4SLinus Torvalds 	struct mls_level dfltlevel; /* default login MLS level for user */
1251da177e4SLinus Torvalds };
1261da177e4SLinus Torvalds 
1271da177e4SLinus Torvalds /* Sensitivity attributes */
1281da177e4SLinus Torvalds struct level_datum {
12974915363SChristian Göttsche 	struct mls_level level; /* sensitivity and associated categories */
1301da177e4SLinus Torvalds 	unsigned char isalias; /* is this sensitivity an alias for another? */
1311da177e4SLinus Torvalds };
1321da177e4SLinus Torvalds 
1331da177e4SLinus Torvalds /* Category attributes */
1341da177e4SLinus Torvalds struct cat_datum {
1351da177e4SLinus Torvalds 	u32 value; /* internal category bit + 1 */
1361da177e4SLinus Torvalds 	unsigned char isalias; /* is this category an alias for another? */
1371da177e4SLinus Torvalds };
1381da177e4SLinus Torvalds 
1391da177e4SLinus Torvalds struct range_trans {
140f3f87714SDarrel Goeddel 	u32 source_type;
141f3f87714SDarrel Goeddel 	u32 target_type;
142f3f87714SDarrel Goeddel 	u32 target_class;
1431da177e4SLinus Torvalds };
1441da177e4SLinus Torvalds 
1451da177e4SLinus Torvalds /* Boolean data type */
1461da177e4SLinus Torvalds struct cond_bool_datum {
147046b85a9SChristian Göttsche 	u32 value; /* internal type value */
1481da177e4SLinus Torvalds 	int state;
1491da177e4SLinus Torvalds };
1501da177e4SLinus Torvalds 
1511da177e4SLinus Torvalds struct cond_node;
1521da177e4SLinus Torvalds 
1531da177e4SLinus Torvalds /*
154a660bec1SRichard Haines  * type set preserves data needed to determine constraint info from
155a660bec1SRichard Haines  * policy source. This is not used by the kernel policy but allows
156a660bec1SRichard Haines  * utilities such as audit2allow to determine constraint denials.
157a660bec1SRichard Haines  */
158a660bec1SRichard Haines struct type_set {
159a660bec1SRichard Haines 	struct ebitmap types;
160a660bec1SRichard Haines 	struct ebitmap negset;
161a660bec1SRichard Haines 	u32 flags;
162a660bec1SRichard Haines };
163a660bec1SRichard Haines 
164a660bec1SRichard Haines /*
1651da177e4SLinus Torvalds  * The configuration data includes security contexts for
1661da177e4SLinus Torvalds  * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
1671da177e4SLinus Torvalds  * network interfaces, and nodes.  This structure stores the
1681da177e4SLinus Torvalds  * relevant data for one such entry.  Entries of the same kind
1691da177e4SLinus Torvalds  * (e.g. all initial SIDs) are linked together into a list.
1701da177e4SLinus Torvalds  */
1711da177e4SLinus Torvalds struct ocontext {
1721da177e4SLinus Torvalds 	union {
1731da177e4SLinus Torvalds 		char *name; /* name of initial SID, fs, netif, fstype, path */
1741da177e4SLinus Torvalds 		struct {
1751da177e4SLinus Torvalds 			u8 protocol;
1761da177e4SLinus Torvalds 			u16 low_port;
1771da177e4SLinus Torvalds 			u16 high_port;
1781da177e4SLinus Torvalds 		} port; /* TCP or UDP port information */
1791da177e4SLinus Torvalds 		struct {
1801da177e4SLinus Torvalds 			u32 addr;
1811da177e4SLinus Torvalds 			u32 mask;
1821da177e4SLinus Torvalds 		} node; /* node information */
1831da177e4SLinus Torvalds 		struct {
1841da177e4SLinus Torvalds 			u32 addr[4];
1851da177e4SLinus Torvalds 			u32 mask[4];
1861da177e4SLinus Torvalds 		} node6; /* IPv6 node information */
187a806f7a1SDaniel Jurgens 		struct {
188a806f7a1SDaniel Jurgens 			u64 subnet_prefix;
189a806f7a1SDaniel Jurgens 			u16 low_pkey;
190a806f7a1SDaniel Jurgens 			u16 high_pkey;
191a806f7a1SDaniel Jurgens 		} ibpkey;
192a806f7a1SDaniel Jurgens 		struct {
193a806f7a1SDaniel Jurgens 			char *dev_name;
194a806f7a1SDaniel Jurgens 			u8 port;
195a806f7a1SDaniel Jurgens 		} ibendport;
1961da177e4SLinus Torvalds 	} u;
1971da177e4SLinus Torvalds 	union {
1981da177e4SLinus Torvalds 		u32 sclass; /* security class for genfs */
1991da177e4SLinus Torvalds 		u32 behavior; /* labeling behavior for fs_use */
2001da177e4SLinus Torvalds 	} v;
2011da177e4SLinus Torvalds 	struct context context[2]; /* security context(s) */
2021da177e4SLinus Torvalds 	u32 sid[2]; /* SID(s) */
2031da177e4SLinus Torvalds 	struct ocontext *next;
2041da177e4SLinus Torvalds };
2051da177e4SLinus Torvalds 
2061da177e4SLinus Torvalds struct genfs {
2071da177e4SLinus Torvalds 	char *fstype;
2081da177e4SLinus Torvalds 	struct ocontext *head;
2091da177e4SLinus Torvalds 	struct genfs *next;
2101da177e4SLinus Torvalds };
2111da177e4SLinus Torvalds 
2121da177e4SLinus Torvalds /* symbol table array indices */
2131da177e4SLinus Torvalds #define SYM_COMMONS 0
2141da177e4SLinus Torvalds #define SYM_CLASSES 1
2151da177e4SLinus Torvalds #define SYM_ROLES   2
2161da177e4SLinus Torvalds #define SYM_TYPES   3
2171da177e4SLinus Torvalds #define SYM_USERS   4
2181da177e4SLinus Torvalds #define SYM_BOOLS   5
2191da177e4SLinus Torvalds #define SYM_LEVELS  6
2201da177e4SLinus Torvalds #define SYM_CATS    7
2211da177e4SLinus Torvalds #define SYM_NUM	    8
2221da177e4SLinus Torvalds 
2231da177e4SLinus Torvalds /* object context array indices */
2241da177e4SLinus Torvalds #define OCON_ISID      0 /* initial SIDs */
2258bfbd046SChristian Göttsche #define OCON_FS	       1 /* unlabeled file systems (deprecated) */
2261da177e4SLinus Torvalds #define OCON_PORT      2 /* TCP and UDP port numbers */
2271da177e4SLinus Torvalds #define OCON_NETIF     3 /* network interfaces */
2281da177e4SLinus Torvalds #define OCON_NODE      4 /* nodes */
2291da177e4SLinus Torvalds #define OCON_FSUSE     5 /* fs_use */
2301da177e4SLinus Torvalds #define OCON_NODE6     6 /* IPv6 nodes */
231a806f7a1SDaniel Jurgens #define OCON_IBPKEY    7 /* Infiniband PKeys */
232a806f7a1SDaniel Jurgens #define OCON_IBENDPORT 8 /* Infiniband end ports */
233a806f7a1SDaniel Jurgens #define OCON_NUM       9
2341da177e4SLinus Torvalds 
2351da177e4SLinus Torvalds /* The policy database */
2361da177e4SLinus Torvalds struct policydb {
2370719aaf5SGuido Trentalancia 	int mls_enabled;
2380719aaf5SGuido Trentalancia 
2391da177e4SLinus Torvalds 	/* symbol tables */
2401da177e4SLinus Torvalds 	struct symtab symtab[SYM_NUM];
2411da177e4SLinus Torvalds #define p_commons symtab[SYM_COMMONS]
2421da177e4SLinus Torvalds #define p_classes symtab[SYM_CLASSES]
2431da177e4SLinus Torvalds #define p_roles	  symtab[SYM_ROLES]
2441da177e4SLinus Torvalds #define p_types	  symtab[SYM_TYPES]
2451da177e4SLinus Torvalds #define p_users	  symtab[SYM_USERS]
2461da177e4SLinus Torvalds #define p_bools	  symtab[SYM_BOOLS]
2471da177e4SLinus Torvalds #define p_levels  symtab[SYM_LEVELS]
2481da177e4SLinus Torvalds #define p_cats	  symtab[SYM_CATS]
2491da177e4SLinus Torvalds 
2501da177e4SLinus Torvalds 	/* symbol names indexed by (value - 1) */
251acdf52d9SKent Overstreet 	char **sym_val_to_name[SYM_NUM];
2521da177e4SLinus Torvalds 
2531da177e4SLinus Torvalds 	/* class, role, and user attributes indexed by (value - 1) */
2541da177e4SLinus Torvalds 	struct class_datum **class_val_to_struct;
2551da177e4SLinus Torvalds 	struct role_datum **role_val_to_struct;
2561da177e4SLinus Torvalds 	struct user_datum **user_val_to_struct;
257f07ea1d4SOndrej Mosnacek 	struct type_datum **type_val_to_struct;
2581da177e4SLinus Torvalds 
2591da177e4SLinus Torvalds 	/* type enforcement access vectors and transitions */
2601da177e4SLinus Torvalds 	struct avtab te_avtab;
2611da177e4SLinus Torvalds 
2621da177e4SLinus Torvalds 	/* role transitions */
26303414a49SOndrej Mosnacek 	struct hashtab role_tr;
2641da177e4SLinus Torvalds 
2652463c26dSEric Paris 	/* file transitions with the last path component */
26603a4c018SEric Paris 	/* quickly exclude lookups when parent ttype has no rules */
26703a4c018SEric Paris 	struct ebitmap filename_trans_ttypes;
2682463c26dSEric Paris 	/* actual set of filename_trans rules */
26903414a49SOndrej Mosnacek 	struct hashtab filename_trans;
2709521eb3eSOndrej Mosnacek 	/* only used if policyvers < POLICYDB_VERSION_COMP_FTRANS */
2719521eb3eSOndrej Mosnacek 	u32 compat_filename_trans_count;
272652bb9b0SEric Paris 
2731da177e4SLinus Torvalds 	/* bools indexed by (value - 1) */
2741da177e4SLinus Torvalds 	struct cond_bool_datum **bool_val_to_struct;
2751da177e4SLinus Torvalds 	/* type enforcement conditional access vectors and transitions */
2761da177e4SLinus Torvalds 	struct avtab te_cond_avtab;
27760abd318SOndrej Mosnacek 	/* array indexing te_cond_avtab by conditional */
2781da177e4SLinus Torvalds 	struct cond_node *cond_list;
27960abd318SOndrej Mosnacek 	u32 cond_list_len;
2801da177e4SLinus Torvalds 
2811da177e4SLinus Torvalds 	/* role allows */
2821da177e4SLinus Torvalds 	struct role_allow *role_allow;
2831da177e4SLinus Torvalds 
2841da177e4SLinus Torvalds 	/* security contexts of initial SIDs, unlabeled file systems,
2851da177e4SLinus Torvalds 	   TCP or UDP port numbers, network interfaces and nodes */
2861da177e4SLinus Torvalds 	struct ocontext *ocontexts[OCON_NUM];
2871da177e4SLinus Torvalds 
2881da177e4SLinus Torvalds 	/* security contexts for files in filesystems that cannot support
2891da177e4SLinus Torvalds 	   a persistent label mapping or use another
2901da177e4SLinus Torvalds 	   fixed labeling behavior. */
2911da177e4SLinus Torvalds 	struct genfs *genfs;
2921da177e4SLinus Torvalds 
2932f3e82d6SStephen Smalley 	/* range transitions table (range_trans_key -> mls_range) */
29403414a49SOndrej Mosnacek 	struct hashtab range_tr;
2951da177e4SLinus Torvalds 
296782ebb99SStephen Smalley 	/* type -> attribute reverse mapping */
297acdf52d9SKent Overstreet 	struct ebitmap *type_attr_map_array;
298782ebb99SStephen Smalley 
2993bb56b25SPaul Moore 	struct ebitmap policycaps;
3003bb56b25SPaul Moore 
30164dbf074SEric Paris 	struct ebitmap permissive_map;
30264dbf074SEric Paris 
303*11068961SStephen Smalley 	struct ebitmap neveraudit_map;
304*11068961SStephen Smalley 
305cee74f47SEric Paris 	/* length of this policy when it was loaded */
306cee74f47SEric Paris 	size_t len;
307cee74f47SEric Paris 
3081da177e4SLinus Torvalds 	unsigned int policyvers;
3093f12070eSEric Paris 
3103f12070eSEric Paris 	unsigned int reject_unknown : 1;
3113f12070eSEric Paris 	unsigned int allow_unknown : 1;
312c6d3aaa4SStephen Smalley 
313c6d3aaa4SStephen Smalley 	u16 process_class;
314c6d3aaa4SStephen Smalley 	u32 process_trans_perms;
3155c108d4eSStephen Smalley } __randomize_layout;
3161da177e4SLinus Torvalds 
317f0758616SChristian Göttsche struct policy_file {
318f0758616SChristian Göttsche 	char *data;
319f0758616SChristian Göttsche 	size_t len;
320f0758616SChristian Göttsche };
321f0758616SChristian Göttsche 
3221da177e4SLinus Torvalds extern void policydb_destroy(struct policydb *p);
3231da177e4SLinus Torvalds extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
3241da177e4SLinus Torvalds extern int policydb_context_isvalid(struct policydb *p, struct context *c);
32545e5421eSStephen Smalley extern int policydb_class_isvalid(struct policydb *p, unsigned int class);
32645e5421eSStephen Smalley extern int policydb_type_isvalid(struct policydb *p, unsigned int type);
32745e5421eSStephen Smalley extern int policydb_role_isvalid(struct policydb *p, unsigned int role);
328f0758616SChristian Göttsche extern int policydb_read(struct policydb *p, struct policy_file *fp);
329f0758616SChristian Göttsche extern int policydb_write(struct policydb *p, struct policy_file *fp);
3301da177e4SLinus Torvalds 
331a32582dbSPaul Moore extern struct filename_trans_datum *
332a32582dbSPaul Moore policydb_filenametr_search(struct policydb *p, struct filename_trans_key *key);
33324def7bbSOndrej Mosnacek 
334a32582dbSPaul Moore extern struct mls_range *policydb_rangetr_search(struct policydb *p,
335a32582dbSPaul Moore 						 struct range_trans *key);
33624def7bbSOndrej Mosnacek 
337a32582dbSPaul Moore extern struct role_trans_datum *
338a32582dbSPaul Moore policydb_roletr_search(struct policydb *p, struct role_trans_key *key);
33924def7bbSOndrej Mosnacek 
3401da177e4SLinus Torvalds #define POLICYDB_CONFIG_MLS 1
3411da177e4SLinus Torvalds 
3423f12070eSEric Paris /* the config flags related to unknown classes/perms are bits 2 and 3 */
3433f12070eSEric Paris #define REJECT_UNKNOWN 0x00000002
3443f12070eSEric Paris #define ALLOW_UNKNOWN  0x00000004
3453f12070eSEric Paris 
3461da177e4SLinus Torvalds #define OBJECT_R     "object_r"
3471da177e4SLinus Torvalds #define OBJECT_R_VAL 1
3481da177e4SLinus Torvalds 
3491da177e4SLinus Torvalds #define POLICYDB_MAGIC	SELINUX_MAGIC
3501da177e4SLinus Torvalds #define POLICYDB_STRING "SE Linux"
3511da177e4SLinus Torvalds 
352cee74f47SEric Paris struct policy_data {
353cee74f47SEric Paris 	struct policydb *p;
354f0758616SChristian Göttsche 	struct policy_file *fp;
355cee74f47SEric Paris };
356cee74f47SEric Paris 
next_entry(void * buf,struct policy_file * fp,size_t bytes)3571da177e4SLinus Torvalds static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes)
3581da177e4SLinus Torvalds {
3591da177e4SLinus Torvalds 	if (bytes > fp->len)
3601da177e4SLinus Torvalds 		return -EINVAL;
3611da177e4SLinus Torvalds 
3621da177e4SLinus Torvalds 	memcpy(buf, fp->data, bytes);
3631da177e4SLinus Torvalds 	fp->data += bytes;
3641da177e4SLinus Torvalds 	fp->len -= bytes;
3651da177e4SLinus Torvalds 	return 0;
3661da177e4SLinus Torvalds }
3671da177e4SLinus Torvalds 
put_entry(const void * buf,size_t bytes,size_t num,struct policy_file * fp)368a32582dbSPaul Moore static inline int put_entry(const void *buf, size_t bytes, size_t num,
369a32582dbSPaul Moore 			    struct policy_file *fp)
370cee74f47SEric Paris {
371bbea03f4SChristian Göttsche 	size_t len;
372bbea03f4SChristian Göttsche 
373bbea03f4SChristian Göttsche 	if (unlikely(check_mul_overflow(bytes, num, &len)))
374bbea03f4SChristian Göttsche 		return -EINVAL;
375cee74f47SEric Paris 
37615ec76fbSXiu Jianfeng 	if (len > fp->len)
37715ec76fbSXiu Jianfeng 		return -EINVAL;
378cee74f47SEric Paris 	memcpy(fp->data, buf, len);
379cee74f47SEric Paris 	fp->data += len;
380cee74f47SEric Paris 	fp->len -= len;
381cee74f47SEric Paris 
382cee74f47SEric Paris 	return 0;
383cee74f47SEric Paris }
384cee74f47SEric Paris 
sym_name(struct policydb * p,unsigned int sym_num,unsigned int element_nr)385a32582dbSPaul Moore static inline char *sym_name(struct policydb *p, unsigned int sym_num,
386a32582dbSPaul Moore 			     unsigned int element_nr)
387ac76c05bSEric Paris {
388acdf52d9SKent Overstreet 	return p->sym_val_to_name[sym_num][element_nr];
389ac76c05bSEric Paris }
390ac76c05bSEric Paris 
39101c2253aSChristian Göttsche extern int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len);
39201c2253aSChristian Göttsche 
393c6d3aaa4SStephen Smalley extern u16 string_to_security_class(struct policydb *p, const char *name);
394c6d3aaa4SStephen Smalley extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name);
395c6d3aaa4SStephen Smalley 
3961da177e4SLinus Torvalds #endif /* _SS_POLICYDB_H_ */
397