1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "cil_write_ast.h"
54
55 const int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
56 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
57 {8, 8, 8, 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
58 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
59 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
60 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
61 };
62
63 char *CIL_KEY_CONS_T1;
64 char *CIL_KEY_CONS_T2;
65 char *CIL_KEY_CONS_T3;
66 char *CIL_KEY_CONS_R1;
67 char *CIL_KEY_CONS_R2;
68 char *CIL_KEY_CONS_R3;
69 char *CIL_KEY_CONS_U1;
70 char *CIL_KEY_CONS_U2;
71 char *CIL_KEY_CONS_U3;
72 char *CIL_KEY_CONS_L1;
73 char *CIL_KEY_CONS_L2;
74 char *CIL_KEY_CONS_H1;
75 char *CIL_KEY_CONS_H2;
76 char *CIL_KEY_AND;
77 char *CIL_KEY_OR;
78 char *CIL_KEY_NOT;
79 char *CIL_KEY_EQ;
80 char *CIL_KEY_NEQ;
81 char *CIL_KEY_CONS_DOM;
82 char *CIL_KEY_CONS_DOMBY;
83 char *CIL_KEY_CONS_INCOMP;
84 char *CIL_KEY_CONDTRUE;
85 char *CIL_KEY_CONDFALSE;
86 char *CIL_KEY_SELF;
87 char *CIL_KEY_NOTSELF;
88 char *CIL_KEY_OTHER;
89 char *CIL_KEY_OBJECT_R;
90 char *CIL_KEY_STAR;
91 char *CIL_KEY_TCP;
92 char *CIL_KEY_UDP;
93 char *CIL_KEY_DCCP;
94 char *CIL_KEY_SCTP;
95 char *CIL_KEY_AUDITALLOW;
96 char *CIL_KEY_TUNABLEIF;
97 char *CIL_KEY_ALLOW;
98 char *CIL_KEY_DONTAUDIT;
99 char *CIL_KEY_TYPETRANSITION;
100 char *CIL_KEY_TYPECHANGE;
101 char *CIL_KEY_CALL;
102 char *CIL_KEY_TUNABLE;
103 char *CIL_KEY_XOR;
104 char *CIL_KEY_ALL;
105 char *CIL_KEY_RANGE;
106 char *CIL_KEY_GLOB;
107 char *CIL_KEY_FILE;
108 char *CIL_KEY_DIR;
109 char *CIL_KEY_CHAR;
110 char *CIL_KEY_BLOCK;
111 char *CIL_KEY_SOCKET;
112 char *CIL_KEY_PIPE;
113 char *CIL_KEY_SYMLINK;
114 char *CIL_KEY_ANY;
115 char *CIL_KEY_XATTR;
116 char *CIL_KEY_TASK;
117 char *CIL_KEY_TRANS;
118 char *CIL_KEY_TYPE;
119 char *CIL_KEY_ROLE;
120 char *CIL_KEY_USER;
121 char *CIL_KEY_USERATTRIBUTE;
122 char *CIL_KEY_USERATTRIBUTESET;
123 char *CIL_KEY_SENSITIVITY;
124 char *CIL_KEY_CATEGORY;
125 char *CIL_KEY_CATSET;
126 char *CIL_KEY_LEVEL;
127 char *CIL_KEY_LEVELRANGE;
128 char *CIL_KEY_CLASS;
129 char *CIL_KEY_IPADDR;
130 char *CIL_KEY_MAP_CLASS;
131 char *CIL_KEY_CLASSPERMISSION;
132 char *CIL_KEY_BOOL;
133 char *CIL_KEY_STRING;
134 char *CIL_KEY_NAME;
135 char *CIL_KEY_SOURCE;
136 char *CIL_KEY_TARGET;
137 char *CIL_KEY_LOW;
138 char *CIL_KEY_HIGH;
139 char *CIL_KEY_LOW_HIGH;
140 char *CIL_KEY_GLBLUB;
141 char *CIL_KEY_HANDLEUNKNOWN;
142 char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
143 char *CIL_KEY_HANDLEUNKNOWN_DENY;
144 char *CIL_KEY_HANDLEUNKNOWN_REJECT;
145 char *CIL_KEY_MACRO;
146 char *CIL_KEY_IN;
147 char *CIL_KEY_IN_BEFORE;
148 char *CIL_KEY_IN_AFTER;
149 char *CIL_KEY_MLS;
150 char *CIL_KEY_DEFAULTRANGE;
151 char *CIL_KEY_BLOCKINHERIT;
152 char *CIL_KEY_BLOCKABSTRACT;
153 char *CIL_KEY_CLASSORDER;
154 char *CIL_KEY_CLASSMAPPING;
155 char *CIL_KEY_CLASSPERMISSIONSET;
156 char *CIL_KEY_COMMON;
157 char *CIL_KEY_CLASSCOMMON;
158 char *CIL_KEY_SID;
159 char *CIL_KEY_SIDCONTEXT;
160 char *CIL_KEY_SIDORDER;
161 char *CIL_KEY_USERLEVEL;
162 char *CIL_KEY_USERRANGE;
163 char *CIL_KEY_USERBOUNDS;
164 char *CIL_KEY_USERPREFIX;
165 char *CIL_KEY_SELINUXUSER;
166 char *CIL_KEY_SELINUXUSERDEFAULT;
167 char *CIL_KEY_TYPEATTRIBUTE;
168 char *CIL_KEY_TYPEATTRIBUTESET;
169 char *CIL_KEY_EXPANDTYPEATTRIBUTE;
170 char *CIL_KEY_TYPEALIAS;
171 char *CIL_KEY_TYPEALIASACTUAL;
172 char *CIL_KEY_TYPEBOUNDS;
173 char *CIL_KEY_TYPEPERMISSIVE;
174 char *CIL_KEY_RANGETRANSITION;
175 char *CIL_KEY_USERROLE;
176 char *CIL_KEY_ROLETYPE;
177 char *CIL_KEY_ROLETRANSITION;
178 char *CIL_KEY_ROLEALLOW;
179 char *CIL_KEY_ROLEATTRIBUTE;
180 char *CIL_KEY_ROLEATTRIBUTESET;
181 char *CIL_KEY_ROLEBOUNDS;
182 char *CIL_KEY_BOOLEANIF;
183 char *CIL_KEY_NEVERALLOW;
184 char *CIL_KEY_TYPEMEMBER;
185 char *CIL_KEY_SENSALIAS;
186 char *CIL_KEY_SENSALIASACTUAL;
187 char *CIL_KEY_CATALIAS;
188 char *CIL_KEY_CATALIASACTUAL;
189 char *CIL_KEY_CATORDER;
190 char *CIL_KEY_SENSITIVITYORDER;
191 char *CIL_KEY_SENSCAT;
192 char *CIL_KEY_CONSTRAIN;
193 char *CIL_KEY_MLSCONSTRAIN;
194 char *CIL_KEY_VALIDATETRANS;
195 char *CIL_KEY_MLSVALIDATETRANS;
196 char *CIL_KEY_CONTEXT;
197 char *CIL_KEY_FILECON;
198 char *CIL_KEY_IBPKEYCON;
199 char *CIL_KEY_IBENDPORTCON;
200 char *CIL_KEY_PORTCON;
201 char *CIL_KEY_NODECON;
202 char *CIL_KEY_GENFSCON;
203 char *CIL_KEY_NETIFCON;
204 char *CIL_KEY_PIRQCON;
205 char *CIL_KEY_IOMEMCON;
206 char *CIL_KEY_IOPORTCON;
207 char *CIL_KEY_PCIDEVICECON;
208 char *CIL_KEY_DEVICETREECON;
209 char *CIL_KEY_FSUSE;
210 char *CIL_KEY_POLICYCAP;
211 char *CIL_KEY_OPTIONAL;
212 char *CIL_KEY_DEFAULTUSER;
213 char *CIL_KEY_DEFAULTROLE;
214 char *CIL_KEY_DEFAULTTYPE;
215 char *CIL_KEY_ROOT;
216 char *CIL_KEY_NODE;
217 char *CIL_KEY_PERM;
218 char *CIL_KEY_ALLOWX;
219 char *CIL_KEY_AUDITALLOWX;
220 char *CIL_KEY_DONTAUDITX;
221 char *CIL_KEY_NEVERALLOWX;
222 char *CIL_KEY_PERMISSIONX;
223 char *CIL_KEY_IOCTL;
224 char *CIL_KEY_UNORDERED;
225 char *CIL_KEY_SRC_INFO;
226 char *CIL_KEY_SRC_CIL;
227 char *CIL_KEY_SRC_HLL_LMS;
228 char *CIL_KEY_SRC_HLL_LMX;
229 char *CIL_KEY_SRC_HLL_LME;
230 char *CIL_KEY_DENY_RULE;
231
cil_init_keys(void)232 static void cil_init_keys(void)
233 {
234 /* Initialize CIL Keys into strpool */
235 CIL_KEY_CONS_T1 = cil_strpool_add("t1");
236 CIL_KEY_CONS_T2 = cil_strpool_add("t2");
237 CIL_KEY_CONS_T3 = cil_strpool_add("t3");
238 CIL_KEY_CONS_R1 = cil_strpool_add("r1");
239 CIL_KEY_CONS_R2 = cil_strpool_add("r2");
240 CIL_KEY_CONS_R3 = cil_strpool_add("r3");
241 CIL_KEY_CONS_U1 = cil_strpool_add("u1");
242 CIL_KEY_CONS_U2 = cil_strpool_add("u2");
243 CIL_KEY_CONS_U3 = cil_strpool_add("u3");
244 CIL_KEY_CONS_L1 = cil_strpool_add("l1");
245 CIL_KEY_CONS_L2 = cil_strpool_add("l2");
246 CIL_KEY_CONS_H1 = cil_strpool_add("h1");
247 CIL_KEY_CONS_H2 = cil_strpool_add("h2");
248 CIL_KEY_AND = cil_strpool_add("and");
249 CIL_KEY_OR = cil_strpool_add("or");
250 CIL_KEY_NOT = cil_strpool_add("not");
251 CIL_KEY_EQ = cil_strpool_add("eq");
252 CIL_KEY_NEQ = cil_strpool_add("neq");
253 CIL_KEY_CONS_DOM = cil_strpool_add("dom");
254 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
255 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
256 CIL_KEY_CONDTRUE = cil_strpool_add("true");
257 CIL_KEY_CONDFALSE = cil_strpool_add("false");
258 CIL_KEY_SELF = cil_strpool_add("self");
259 CIL_KEY_NOTSELF = cil_strpool_add("notself");
260 CIL_KEY_OTHER = cil_strpool_add("other");
261 CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
262 CIL_KEY_STAR = cil_strpool_add("*");
263 CIL_KEY_UDP = cil_strpool_add("udp");
264 CIL_KEY_TCP = cil_strpool_add("tcp");
265 CIL_KEY_DCCP = cil_strpool_add("dccp");
266 CIL_KEY_SCTP = cil_strpool_add("sctp");
267 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
268 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
269 CIL_KEY_ALLOW = cil_strpool_add("allow");
270 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
271 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
272 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
273 CIL_KEY_CALL = cil_strpool_add("call");
274 CIL_KEY_TUNABLE = cil_strpool_add("tunable");
275 CIL_KEY_XOR = cil_strpool_add("xor");
276 CIL_KEY_ALL = cil_strpool_add("all");
277 CIL_KEY_RANGE = cil_strpool_add("range");
278 CIL_KEY_TYPE = cil_strpool_add("type");
279 CIL_KEY_ROLE = cil_strpool_add("role");
280 CIL_KEY_USER = cil_strpool_add("user");
281 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
282 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
283 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
284 CIL_KEY_CATEGORY = cil_strpool_add("category");
285 CIL_KEY_CATSET = cil_strpool_add("categoryset");
286 CIL_KEY_LEVEL = cil_strpool_add("level");
287 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
288 CIL_KEY_CLASS = cil_strpool_add("class");
289 CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
290 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
291 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
292 CIL_KEY_BOOL = cil_strpool_add("boolean");
293 CIL_KEY_STRING = cil_strpool_add("string");
294 CIL_KEY_NAME = cil_strpool_add("name");
295 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
296 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
297 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
298 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
299 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
300 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
301 CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
302 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
303 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
304 CIL_KEY_COMMON = cil_strpool_add("common");
305 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
306 CIL_KEY_SID = cil_strpool_add("sid");
307 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
308 CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
309 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
310 CIL_KEY_USERRANGE = cil_strpool_add("userrange");
311 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
312 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
313 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
314 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
315 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
316 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
317 CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute");
318 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
319 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
320 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
321 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
322 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
323 CIL_KEY_USERROLE = cil_strpool_add("userrole");
324 CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
325 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
326 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
327 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
328 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
329 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
330 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
331 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
332 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
333 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
334 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
335 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
336 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
337 CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
338 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
339 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
340 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
341 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
342 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
343 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
344 CIL_KEY_CONTEXT = cil_strpool_add("context");
345 CIL_KEY_FILECON = cil_strpool_add("filecon");
346 CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon");
347 CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon");
348 CIL_KEY_PORTCON = cil_strpool_add("portcon");
349 CIL_KEY_NODECON = cil_strpool_add("nodecon");
350 CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
351 CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
352 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
353 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
354 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
355 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
356 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
357 CIL_KEY_FSUSE = cil_strpool_add("fsuse");
358 CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
359 CIL_KEY_OPTIONAL = cil_strpool_add("optional");
360 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
361 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
362 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
363 CIL_KEY_MACRO = cil_strpool_add("macro");
364 CIL_KEY_IN = cil_strpool_add("in");
365 CIL_KEY_IN_BEFORE = cil_strpool_add("before");
366 CIL_KEY_IN_AFTER = cil_strpool_add("after");
367 CIL_KEY_MLS = cil_strpool_add("mls");
368 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
369 CIL_KEY_GLOB = cil_strpool_add("*");
370 CIL_KEY_FILE = cil_strpool_add("file");
371 CIL_KEY_DIR = cil_strpool_add("dir");
372 CIL_KEY_CHAR = cil_strpool_add("char");
373 CIL_KEY_BLOCK = cil_strpool_add("block");
374 CIL_KEY_SOCKET = cil_strpool_add("socket");
375 CIL_KEY_PIPE = cil_strpool_add("pipe");
376 CIL_KEY_SYMLINK = cil_strpool_add("symlink");
377 CIL_KEY_ANY = cil_strpool_add("any");
378 CIL_KEY_XATTR = cil_strpool_add("xattr");
379 CIL_KEY_TASK = cil_strpool_add("task");
380 CIL_KEY_TRANS = cil_strpool_add("trans");
381 CIL_KEY_SOURCE = cil_strpool_add("source");
382 CIL_KEY_TARGET = cil_strpool_add("target");
383 CIL_KEY_LOW = cil_strpool_add("low");
384 CIL_KEY_HIGH = cil_strpool_add("high");
385 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
386 CIL_KEY_GLBLUB = cil_strpool_add("glblub");
387 CIL_KEY_ROOT = cil_strpool_add("<root>");
388 CIL_KEY_NODE = cil_strpool_add("<node>");
389 CIL_KEY_PERM = cil_strpool_add("perm");
390 CIL_KEY_ALLOWX = cil_strpool_add("allowx");
391 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
392 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
393 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
394 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
395 CIL_KEY_IOCTL = cil_strpool_add("ioctl");
396 CIL_KEY_UNORDERED = cil_strpool_add("unordered");
397 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
398 CIL_KEY_SRC_CIL = cil_strpool_add("cil");
399 CIL_KEY_SRC_HLL_LMS = cil_strpool_add("lms");
400 CIL_KEY_SRC_HLL_LMX = cil_strpool_add("lmx");
401 CIL_KEY_SRC_HLL_LME = cil_strpool_add("lme");
402 CIL_KEY_DENY_RULE = cil_strpool_add("deny");
403 }
404
cil_db_init(struct cil_db ** db)405 void cil_db_init(struct cil_db **db)
406 {
407 *db = cil_malloc(sizeof(**db));
408
409 cil_strpool_init();
410 cil_init_keys();
411
412 cil_tree_init(&(*db)->parse);
413 cil_tree_init(&(*db)->ast);
414 cil_root_init((struct cil_root **)&(*db)->ast->root->data);
415 (*db)->sidorder = NULL;
416 (*db)->classorder = NULL;
417 (*db)->catorder = NULL;
418 (*db)->sensitivityorder = NULL;
419 cil_sort_init(&(*db)->netifcon);
420 cil_sort_init(&(*db)->genfscon);
421 cil_sort_init(&(*db)->filecon);
422 cil_sort_init(&(*db)->nodecon);
423 cil_sort_init(&(*db)->ibpkeycon);
424 cil_sort_init(&(*db)->ibendportcon);
425 cil_sort_init(&(*db)->portcon);
426 cil_sort_init(&(*db)->pirqcon);
427 cil_sort_init(&(*db)->iomemcon);
428 cil_sort_init(&(*db)->ioportcon);
429 cil_sort_init(&(*db)->pcidevicecon);
430 cil_sort_init(&(*db)->devicetreecon);
431 cil_sort_init(&(*db)->fsuse);
432 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
433 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
434 cil_list_init(&(*db)->declared_strings, CIL_LIST_ITEM);
435
436 cil_type_init(&(*db)->selftype);
437 (*db)->selftype->datum.name = CIL_KEY_SELF;
438 (*db)->selftype->datum.fqn = CIL_KEY_SELF;
439 cil_type_init(&(*db)->notselftype);
440 (*db)->notselftype->datum.name = CIL_KEY_NOTSELF;
441 (*db)->notselftype->datum.fqn = CIL_KEY_NOTSELF;
442 cil_type_init(&(*db)->othertype);
443 (*db)->othertype->datum.name = CIL_KEY_OTHER;
444 (*db)->othertype->datum.fqn = CIL_KEY_OTHER;
445 (*db)->num_types_and_attrs = 0;
446 (*db)->num_classes = 0;
447 (*db)->num_types = 0;
448 (*db)->num_roles = 0;
449 (*db)->num_users = 0;
450 (*db)->num_cats = 0;
451 (*db)->val_to_type = NULL;
452 (*db)->val_to_role = NULL;
453 (*db)->val_to_user = NULL;
454
455 (*db)->disable_dontaudit = CIL_FALSE;
456 (*db)->disable_neverallow = CIL_FALSE;
457 (*db)->attrs_expand_generated = CIL_FALSE;
458 (*db)->attrs_expand_size = 1;
459 (*db)->preserve_tunables = CIL_FALSE;
460 (*db)->handle_unknown = -1;
461 (*db)->mls = -1;
462 (*db)->multiple_decls = CIL_FALSE;
463 (*db)->qualified_names = CIL_FALSE;
464 (*db)->target_platform = SEPOL_TARGET_SELINUX;
465 (*db)->policy_version = POLICYDB_VERSION_MAX;
466 }
467
cil_declared_strings_list_destroy(struct cil_list ** strings)468 static void cil_declared_strings_list_destroy(struct cil_list **strings)
469 {
470 struct cil_list_item *i;
471
472 cil_list_for_each(i, *strings) {
473 struct cil_symtab_datum *d = i->data;
474 cil_symtab_datum_destroy(d);
475 free(d);
476 }
477 cil_list_destroy(strings, CIL_FALSE);
478 }
479
cil_db_destroy(struct cil_db ** db)480 void cil_db_destroy(struct cil_db **db)
481 {
482 if (db == NULL || *db == NULL) {
483 return;
484 }
485
486 cil_tree_destroy(&(*db)->parse);
487 cil_tree_destroy(&(*db)->ast);
488 cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
489 cil_list_destroy(&(*db)->classorder, CIL_FALSE);
490 cil_list_destroy(&(*db)->catorder, CIL_FALSE);
491 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
492 cil_sort_destroy(&(*db)->netifcon);
493 cil_sort_destroy(&(*db)->genfscon);
494 cil_sort_destroy(&(*db)->filecon);
495 cil_sort_destroy(&(*db)->nodecon);
496 cil_sort_destroy(&(*db)->ibpkeycon);
497 cil_sort_destroy(&(*db)->ibendportcon);
498 cil_sort_destroy(&(*db)->portcon);
499 cil_sort_destroy(&(*db)->pirqcon);
500 cil_sort_destroy(&(*db)->iomemcon);
501 cil_sort_destroy(&(*db)->ioportcon);
502 cil_sort_destroy(&(*db)->pcidevicecon);
503 cil_sort_destroy(&(*db)->devicetreecon);
504 cil_sort_destroy(&(*db)->fsuse);
505 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
506 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
507
508 cil_declared_strings_list_destroy(&(*db)->declared_strings);
509
510 cil_destroy_type((*db)->selftype);
511 cil_destroy_type((*db)->notselftype);
512 cil_destroy_type((*db)->othertype);
513
514 cil_strpool_destroy();
515 free((*db)->val_to_type);
516 free((*db)->val_to_role);
517 free((*db)->val_to_user);
518
519 free(*db);
520 *db = NULL;
521 }
522
cil_root_init(struct cil_root ** root)523 void cil_root_init(struct cil_root **root)
524 {
525 struct cil_root *r = cil_malloc(sizeof(*r));
526 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
527
528 *root = r;
529 }
530
cil_root_destroy(struct cil_root * root)531 void cil_root_destroy(struct cil_root *root)
532 {
533 if (root == NULL) {
534 return;
535 }
536 cil_symtab_array_destroy(root->symtab);
537 free(root);
538 }
539
cil_add_file(cil_db_t * db,const char * name,const char * data,size_t size)540 int cil_add_file(cil_db_t *db, const char *name, const char *data, size_t size)
541 {
542 char *buffer = NULL;
543 int rc;
544
545 cil_log(CIL_INFO, "Parsing %s\n", name);
546
547 buffer = cil_malloc(size + 2);
548 memcpy(buffer, data, size);
549 memset(buffer + size, 0, 2);
550
551 rc = cil_parser(name, buffer, size + 2, &db->parse);
552 if (rc != SEPOL_OK) {
553 cil_log(CIL_INFO, "Failed to parse %s\n", name);
554 goto exit;
555 }
556
557 free(buffer);
558 buffer = NULL;
559
560 rc = SEPOL_OK;
561
562 exit:
563 free(buffer);
564
565 return rc;
566 }
567
cil_compile(struct cil_db * db)568 int cil_compile(struct cil_db *db)
569 {
570 int rc = SEPOL_ERR;
571
572 if (db == NULL) {
573 goto exit;
574 }
575
576 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
577 rc = cil_build_ast(db, db->parse->root, db->ast->root);
578 if (rc != SEPOL_OK) {
579 cil_log(CIL_ERR, "Failed to build AST\n");
580 goto exit;
581 }
582
583 cil_log(CIL_INFO, "Destroying Parse Tree\n");
584 cil_tree_destroy(&db->parse);
585
586 cil_log(CIL_INFO, "Resolving AST\n");
587 rc = cil_resolve_ast(db, db->ast->root);
588 if (rc != SEPOL_OK) {
589 cil_log(CIL_ERR, "Failed to resolve AST\n");
590 goto exit;
591 }
592
593 cil_log(CIL_INFO, "Qualifying Names\n");
594 rc = cil_fqn_qualify(db->ast->root);
595 if (rc != SEPOL_OK) {
596 cil_log(CIL_ERR, "Failed to qualify names\n");
597 goto exit;
598 }
599
600 cil_log(CIL_INFO, "Compile post process\n");
601 rc = cil_post_process(db);
602 if (rc != SEPOL_OK ) {
603 cil_log(CIL_ERR, "Post process failed\n");
604 goto exit;
605 }
606
607 exit:
608
609 return rc;
610 }
611
cil_write_parse_ast(FILE * out,cil_db_t * db)612 int cil_write_parse_ast(FILE *out, cil_db_t *db)
613 {
614 int rc = SEPOL_ERR;
615
616 if (db == NULL) {
617 goto exit;
618 }
619
620 cil_log(CIL_INFO, "Writing Parse AST\n");
621 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_PARSE, db->parse->root);
622 if (rc != SEPOL_OK) {
623 cil_log(CIL_ERR, "Failed to write parse ast\n");
624 goto exit;
625 }
626
627 exit:
628 return rc;
629 }
630
cil_write_build_ast(FILE * out,cil_db_t * db)631 int cil_write_build_ast(FILE *out, cil_db_t *db)
632 {
633 int rc = SEPOL_ERR;
634
635 if (db == NULL) {
636 goto exit;
637 }
638
639 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
640 rc = cil_build_ast(db, db->parse->root, db->ast->root);
641 if (rc != SEPOL_OK) {
642 cil_log(CIL_ERR, "Failed to build ast\n");
643 goto exit;
644 }
645
646 cil_log(CIL_INFO, "Destroying Parse Tree\n");
647 cil_tree_destroy(&db->parse);
648
649 cil_log(CIL_INFO, "Writing Build AST\n");
650 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_BUILD, db->ast->root);
651 if (rc != SEPOL_OK) {
652 cil_log(CIL_ERR, "Failed to write build ast\n");
653 goto exit;
654 }
655
656 exit:
657 return rc;
658 }
659
cil_write_resolve_ast(FILE * out,cil_db_t * db)660 int cil_write_resolve_ast(FILE *out, cil_db_t *db)
661 {
662 int rc = SEPOL_ERR;
663
664 if (db == NULL) {
665 goto exit;
666 }
667
668 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
669 rc = cil_build_ast(db, db->parse->root, db->ast->root);
670 if (rc != SEPOL_OK) {
671 cil_log(CIL_ERR, "Failed to build ast\n");
672 goto exit;
673 }
674
675 cil_log(CIL_INFO, "Destroying Parse Tree\n");
676 cil_tree_destroy(&db->parse);
677
678 cil_log(CIL_INFO, "Resolving AST\n");
679 rc = cil_resolve_ast(db, db->ast->root);
680 if (rc != SEPOL_OK) {
681 cil_log(CIL_ERR, "Failed to resolve ast\n");
682 goto exit;
683 }
684
685 cil_log(CIL_INFO, "Qualifying Names\n");
686 rc = cil_fqn_qualify(db->ast->root);
687 if (rc != SEPOL_OK) {
688 cil_log(CIL_ERR, "Failed to qualify names\n");
689 goto exit;
690 }
691
692 cil_log(CIL_INFO, "Writing Resolve AST\n");
693 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_RESOLVE, db->ast->root);
694 if (rc != SEPOL_OK) {
695 cil_log(CIL_ERR, "Failed to write resolve ast\n");
696 goto exit;
697 }
698
699 exit:
700 return rc;
701 }
702
cil_write_post_ast(FILE * out,cil_db_t * db)703 int cil_write_post_ast(FILE *out, cil_db_t *db)
704 {
705 int rc = SEPOL_ERR;
706
707 if (db == NULL) {
708 goto exit;
709 }
710
711 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
712 rc = cil_build_ast(db, db->parse->root, db->ast->root);
713 if (rc != SEPOL_OK) {
714 cil_log(CIL_ERR, "Failed to build ast\n");
715 goto exit;
716 }
717
718 cil_log(CIL_INFO, "Destroying Parse Tree\n");
719 cil_tree_destroy(&db->parse);
720
721 cil_log(CIL_INFO, "Resolving AST\n");
722 rc = cil_resolve_ast(db, db->ast->root);
723 if (rc != SEPOL_OK) {
724 cil_log(CIL_ERR, "Failed to resolve ast\n");
725 goto exit;
726 }
727
728 cil_log(CIL_INFO, "Qualifying Names\n");
729 rc = cil_fqn_qualify(db->ast->root);
730 if (rc != SEPOL_OK) {
731 cil_log(CIL_ERR, "Failed to qualify names\n");
732 goto exit;
733 }
734
735 cil_log(CIL_INFO, "Compile post process\n");
736 rc = cil_post_process(db);
737 if (rc != SEPOL_OK ) {
738 cil_log(CIL_ERR, "Post process failed\n");
739 goto exit;
740 }
741
742 cil_log(CIL_INFO, "Writing Post AST\n");
743 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_POST, db->ast->root);
744 if (rc != SEPOL_OK) {
745 cil_log(CIL_ERR, "Failed to write post ast\n");
746 goto exit;
747 }
748
749 exit:
750 return rc;
751 }
752
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)753 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
754 {
755 int rc;
756
757 cil_log(CIL_INFO, "Building policy binary\n");
758 rc = cil_binary_create(db, sepol_db);
759 if (rc != SEPOL_OK) {
760 cil_log(CIL_ERR, "Failed to generate binary\n");
761 goto exit;
762 }
763
764 exit:
765 return rc;
766 }
767
cil_write_policy_conf(FILE * out,struct cil_db * db)768 void cil_write_policy_conf(FILE *out, struct cil_db *db)
769 {
770 cil_log(CIL_INFO, "Writing policy.conf file\n");
771 cil_gen_policy(out, db);
772 }
773
cil_destroy_data(void ** data,enum cil_flavor flavor)774 void cil_destroy_data(void **data, enum cil_flavor flavor)
775 {
776 if (*data == NULL) {
777 return;
778 }
779
780 switch(flavor) {
781 case CIL_NONE:
782 break;
783 case CIL_ROOT:
784 cil_root_destroy(*data);
785 break;
786 case CIL_NODE:
787 break;
788 case CIL_STRING:
789 break;
790 case CIL_DATUM:
791 break;
792 case CIL_LIST:
793 cil_list_destroy(*data, CIL_FALSE);
794 break;
795 case CIL_LIST_ITEM:
796 break;
797 case CIL_PARAM:
798 cil_destroy_param(*data);
799 break;
800 case CIL_ARGS:
801 cil_destroy_args(*data);
802 break;
803 case CIL_BLOCK:
804 cil_destroy_block(*data);
805 break;
806 case CIL_BLOCKINHERIT:
807 cil_destroy_blockinherit(*data);
808 break;
809 case CIL_BLOCKABSTRACT:
810 cil_destroy_blockabstract(*data);
811 break;
812 case CIL_IN:
813 cil_destroy_in(*data);
814 break;
815 case CIL_MACRO:
816 cil_destroy_macro(*data);
817 break;
818 case CIL_CALL:
819 cil_destroy_call(*data);
820 break;
821 case CIL_OPTIONAL:
822 cil_destroy_optional(*data);
823 break;
824 case CIL_BOOL:
825 cil_destroy_bool(*data);
826 break;
827 case CIL_BOOLEANIF:
828 cil_destroy_boolif(*data);
829 break;
830 case CIL_TUNABLE:
831 cil_destroy_tunable(*data);
832 break;
833 case CIL_TUNABLEIF:
834 cil_destroy_tunif(*data);
835 break;
836 case CIL_CONDBLOCK:
837 cil_destroy_condblock(*data);
838 break;
839 case CIL_CONDTRUE:
840 break;
841 case CIL_CONDFALSE:
842 break;
843 case CIL_PERM:
844 case CIL_MAP_PERM:
845 cil_destroy_perm(*data);
846 break;
847 case CIL_COMMON:
848 case CIL_CLASS:
849 case CIL_MAP_CLASS:
850 cil_destroy_class(*data);
851 break;
852 case CIL_CLASSORDER:
853 cil_destroy_ordered(*data);
854 break;
855 case CIL_CLASSPERMISSION:
856 cil_destroy_classpermission(*data);
857 break;
858 case CIL_CLASSCOMMON:
859 cil_destroy_classcommon(*data);
860 break;
861 case CIL_CLASSMAPPING:
862 cil_destroy_classmapping(*data);
863 break;
864 case CIL_CLASSPERMS:
865 cil_destroy_classperms(*data);
866 break;
867 case CIL_CLASSPERMS_SET:
868 cil_destroy_classperms_set(*data);
869 break;
870 case CIL_CLASSPERMISSIONSET:
871 cil_destroy_classpermissionset(*data);
872 break;
873 case CIL_USER:
874 cil_destroy_user(*data);
875 break;
876 case CIL_USERATTRIBUTE:
877 cil_destroy_userattribute(*data);
878 break;
879 case CIL_USERATTRIBUTESET:
880 cil_destroy_userattributeset(*data);
881 break;
882 case CIL_USERPREFIX:
883 cil_destroy_userprefix(*data);
884 break;
885 case CIL_USERROLE:
886 cil_destroy_userrole(*data);
887 break;
888 case CIL_USERLEVEL:
889 cil_destroy_userlevel(*data);
890 break;
891 case CIL_USERRANGE:
892 cil_destroy_userrange(*data);
893 break;
894 case CIL_USERBOUNDS:
895 cil_destroy_bounds(*data);
896 break;
897 case CIL_SELINUXUSER:
898 case CIL_SELINUXUSERDEFAULT:
899 cil_destroy_selinuxuser(*data);
900 break;
901 case CIL_ROLE:
902 cil_destroy_role(*data);
903 break;
904 case CIL_ROLEATTRIBUTE:
905 cil_destroy_roleattribute(*data);
906 break;
907 case CIL_ROLEATTRIBUTESET:
908 cil_destroy_roleattributeset(*data);
909 break;
910 case CIL_ROLETYPE:
911 cil_destroy_roletype(*data);
912 break;
913 case CIL_ROLEBOUNDS:
914 cil_destroy_bounds(*data);
915 break;
916 case CIL_TYPE:
917 cil_destroy_type(*data);
918 break;
919 case CIL_TYPEATTRIBUTE:
920 cil_destroy_typeattribute(*data);
921 break;
922 case CIL_TYPEALIAS:
923 cil_destroy_alias(*data);
924 break;
925 case CIL_TYPEATTRIBUTESET:
926 cil_destroy_typeattributeset(*data);
927 break;
928 case CIL_EXPANDTYPEATTRIBUTE:
929 cil_destroy_expandtypeattribute(*data);
930 break;
931 case CIL_TYPEALIASACTUAL:
932 cil_destroy_aliasactual(*data);
933 break;
934 case CIL_TYPEBOUNDS:
935 cil_destroy_bounds(*data);
936 break;
937 case CIL_TYPEPERMISSIVE:
938 cil_destroy_typepermissive(*data);
939 break;
940 case CIL_SENS:
941 cil_destroy_sensitivity(*data);
942 break;
943 case CIL_SENSALIAS:
944 cil_destroy_alias(*data);
945 break;
946 case CIL_SENSALIASACTUAL:
947 cil_destroy_aliasactual(*data);
948 break;
949 case CIL_SENSITIVITYORDER:
950 cil_destroy_ordered(*data);
951 break;
952 case CIL_SENSCAT:
953 cil_destroy_senscat(*data);
954 break;
955 case CIL_CAT:
956 cil_destroy_category(*data);
957 break;
958 case CIL_CATSET:
959 cil_destroy_catset(*data);
960 break;
961 case CIL_CATALIAS:
962 cil_destroy_alias(*data);
963 break;
964 case CIL_CATALIASACTUAL:
965 cil_destroy_aliasactual(*data);
966 break;
967 case CIL_CATORDER:
968 cil_destroy_ordered(*data);
969 break;
970 case CIL_LEVEL:
971 cil_destroy_level(*data);
972 break;
973 case CIL_LEVELRANGE:
974 cil_destroy_levelrange(*data);
975 break;
976 case CIL_SID:
977 cil_destroy_sid(*data);
978 break;
979 case CIL_SIDORDER:
980 cil_destroy_ordered(*data);
981 break;
982 case CIL_ROLEALLOW:
983 cil_destroy_roleallow(*data);
984 break;
985 case CIL_AVRULE:
986 case CIL_AVRULEX:
987 cil_destroy_avrule(*data);
988 break;
989 case CIL_PERMISSIONX:
990 cil_destroy_permissionx(*data);
991 break;
992 case CIL_DENY_RULE:
993 cil_destroy_deny_rule(*data);
994 break;
995 case CIL_ROLETRANSITION:
996 cil_destroy_roletransition(*data);
997 break;
998 case CIL_TYPE_RULE:
999 cil_destroy_type_rule(*data);
1000 break;
1001 case CIL_NAMETYPETRANSITION:
1002 cil_destroy_typetransition(*data);
1003 break;
1004 case CIL_RANGETRANSITION:
1005 cil_destroy_rangetransition(*data);
1006 break;
1007 case CIL_CONSTRAIN:
1008 cil_destroy_constrain(*data);
1009 break;
1010 case CIL_MLSCONSTRAIN:
1011 cil_destroy_constrain(*data);
1012 break;
1013 case CIL_VALIDATETRANS:
1014 case CIL_MLSVALIDATETRANS:
1015 cil_destroy_validatetrans(*data);
1016 break;
1017 case CIL_CONTEXT:
1018 cil_destroy_context(*data);
1019 break;
1020 case CIL_IPADDR:
1021 cil_destroy_ipaddr(*data);
1022 break;
1023 case CIL_DECLARED_STRING:
1024 break;
1025 case CIL_SIDCONTEXT:
1026 cil_destroy_sidcontext(*data);
1027 break;
1028 case CIL_FSUSE:
1029 cil_destroy_fsuse(*data);
1030 break;
1031 case CIL_FILECON:
1032 cil_destroy_filecon(*data);
1033 break;
1034 case CIL_IBPKEYCON:
1035 cil_destroy_ibpkeycon(*data);
1036 break;
1037 case CIL_PORTCON:
1038 cil_destroy_portcon(*data);
1039 break;
1040 case CIL_IBENDPORTCON:
1041 cil_destroy_ibendportcon(*data);
1042 break;
1043 case CIL_NODECON:
1044 cil_destroy_nodecon(*data);
1045 break;
1046 case CIL_GENFSCON:
1047 cil_destroy_genfscon(*data);
1048 break;
1049 case CIL_NETIFCON:
1050 cil_destroy_netifcon(*data);
1051 break;
1052 case CIL_PIRQCON:
1053 cil_destroy_pirqcon(*data);
1054 break;
1055 case CIL_IOMEMCON:
1056 cil_destroy_iomemcon(*data);
1057 break;
1058 case CIL_IOPORTCON:
1059 cil_destroy_ioportcon(*data);
1060 break;
1061 case CIL_PCIDEVICECON:
1062 cil_destroy_pcidevicecon(*data);
1063 break;
1064 case CIL_DEVICETREECON:
1065 cil_destroy_devicetreecon(*data);
1066 break;
1067 case CIL_POLICYCAP:
1068 cil_destroy_policycap(*data);
1069 break;
1070 case CIL_DEFAULTUSER:
1071 case CIL_DEFAULTROLE:
1072 case CIL_DEFAULTTYPE:
1073 cil_destroy_default(*data);
1074 break;
1075 case CIL_DEFAULTRANGE:
1076 cil_destroy_defaultrange(*data);
1077 break;
1078 case CIL_HANDLEUNKNOWN:
1079 cil_destroy_handleunknown(*data);
1080 break;
1081 case CIL_MLS:
1082 cil_destroy_mls(*data);
1083 break;
1084 case CIL_SRC_INFO:
1085 cil_destroy_src_info(*data);
1086 break;
1087 case CIL_OP:
1088 case CIL_CONS_OPERAND:
1089 break;
1090 default:
1091 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
1092 break;
1093 }
1094
1095 *data = NULL;
1096 }
1097
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)1098 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
1099 {
1100 if (flavor < CIL_MIN_DECLARATIVE) {
1101 return SEPOL_ERR;
1102 }
1103
1104 switch(flavor) {
1105 case CIL_BLOCK:
1106 *sym_index = CIL_SYM_BLOCKS;
1107 break;
1108 case CIL_MACRO:
1109 *sym_index = CIL_SYM_BLOCKS;
1110 break;
1111 case CIL_OPTIONAL:
1112 *sym_index = CIL_SYM_BLOCKS;
1113 break;
1114 case CIL_BOOL:
1115 *sym_index = CIL_SYM_BOOLS;
1116 break;
1117 case CIL_TUNABLE:
1118 *sym_index = CIL_SYM_TUNABLES;
1119 break;
1120 case CIL_PERM:
1121 case CIL_MAP_PERM:
1122 *sym_index = CIL_SYM_PERMS;
1123 break;
1124 case CIL_COMMON:
1125 *sym_index = CIL_SYM_COMMONS;
1126 break;
1127 case CIL_CLASS:
1128 case CIL_MAP_CLASS:
1129 *sym_index = CIL_SYM_CLASSES;
1130 break;
1131 case CIL_CLASSPERMISSION:
1132 case CIL_CLASSPERMISSIONSET:
1133 *sym_index = CIL_SYM_CLASSPERMSETS;
1134 break;
1135 case CIL_USER:
1136 case CIL_USERATTRIBUTE:
1137 *sym_index = CIL_SYM_USERS;
1138 break;
1139 case CIL_ROLE:
1140 case CIL_ROLEATTRIBUTE:
1141 *sym_index = CIL_SYM_ROLES;
1142 break;
1143 case CIL_TYPE:
1144 case CIL_TYPEALIAS:
1145 case CIL_TYPEATTRIBUTE:
1146 *sym_index = CIL_SYM_TYPES;
1147 break;
1148 case CIL_SENS:
1149 case CIL_SENSALIAS:
1150 *sym_index = CIL_SYM_SENS;
1151 break;
1152 case CIL_CAT:
1153 case CIL_CATSET:
1154 case CIL_CATALIAS:
1155 *sym_index = CIL_SYM_CATS;
1156 break;
1157 case CIL_LEVEL:
1158 *sym_index = CIL_SYM_LEVELS;
1159 break;
1160 case CIL_LEVELRANGE:
1161 *sym_index = CIL_SYM_LEVELRANGES;
1162 break;
1163 case CIL_SID:
1164 *sym_index = CIL_SYM_SIDS;
1165 break;
1166 case CIL_DECLARED_STRING:
1167 *sym_index = CIL_SYM_STRINGS;
1168 break;
1169 case CIL_CONTEXT:
1170 *sym_index = CIL_SYM_CONTEXTS;
1171 break;
1172 case CIL_IPADDR:
1173 *sym_index = CIL_SYM_IPADDRS;
1174 break;
1175 case CIL_POLICYCAP:
1176 *sym_index = CIL_SYM_POLICYCAPS;
1177 break;
1178 case CIL_PERMISSIONX:
1179 *sym_index = CIL_SYM_PERMX;
1180 break;
1181 default:
1182 *sym_index = CIL_SYM_UNKNOWN;
1183 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
1184 return SEPOL_ERR;
1185 }
1186
1187 return SEPOL_OK;
1188 }
1189
cil_node_to_string(struct cil_tree_node * node)1190 const char * cil_node_to_string(struct cil_tree_node *node)
1191 {
1192 switch (node->flavor) {
1193 case CIL_NONE:
1194 return "<none>";
1195 case CIL_ROOT:
1196 return CIL_KEY_ROOT;
1197 case CIL_NODE:
1198 return CIL_KEY_NODE;
1199 case CIL_STRING:
1200 return CIL_KEY_STRING;
1201 case CIL_DATUM:
1202 return "<datum>";
1203 case CIL_LIST:
1204 return "<list>";
1205 case CIL_LIST_ITEM:
1206 return "<list_item>";
1207 case CIL_PARAM:
1208 return "<param>";
1209 case CIL_ARGS:
1210 return "<args>";
1211 case CIL_BLOCK:
1212 return CIL_KEY_BLOCK;
1213 case CIL_BLOCKINHERIT:
1214 return CIL_KEY_BLOCKINHERIT;
1215 case CIL_BLOCKABSTRACT:
1216 return CIL_KEY_BLOCKABSTRACT;
1217 case CIL_IN:
1218 return CIL_KEY_IN;
1219 case CIL_MACRO:
1220 return CIL_KEY_MACRO;
1221 case CIL_CALL:
1222 return CIL_KEY_CALL;
1223 case CIL_OPTIONAL:
1224 return CIL_KEY_OPTIONAL;
1225 case CIL_BOOL:
1226 return CIL_KEY_BOOL;
1227 case CIL_BOOLEANIF:
1228 return CIL_KEY_BOOLEANIF;
1229 case CIL_TUNABLE:
1230 return CIL_KEY_TUNABLE;
1231 case CIL_TUNABLEIF:
1232 return CIL_KEY_TUNABLEIF;
1233 case CIL_CONDBLOCK:
1234 switch (((struct cil_condblock*)node->data)->flavor) {
1235 case CIL_CONDTRUE:
1236 return CIL_KEY_CONDTRUE;
1237 case CIL_CONDFALSE:
1238 return CIL_KEY_CONDFALSE;
1239 default:
1240 break;
1241 }
1242 break;
1243 case CIL_CONDTRUE:
1244 return CIL_KEY_CONDTRUE;
1245 case CIL_CONDFALSE:
1246 return CIL_KEY_CONDFALSE;
1247 case CIL_PERM:
1248 return CIL_KEY_PERM;
1249 case CIL_COMMON:
1250 return CIL_KEY_COMMON;
1251 case CIL_CLASS:
1252 return CIL_KEY_CLASS;
1253 case CIL_CLASSORDER:
1254 return CIL_KEY_CLASSORDER;
1255 case CIL_MAP_CLASS:
1256 return CIL_KEY_MAP_CLASS;
1257 case CIL_CLASSPERMISSION:
1258 return CIL_KEY_CLASSPERMISSION;
1259 case CIL_CLASSCOMMON:
1260 return CIL_KEY_CLASSCOMMON;
1261 case CIL_CLASSMAPPING:
1262 return CIL_KEY_CLASSMAPPING;
1263 case CIL_CLASSPERMISSIONSET:
1264 return CIL_KEY_CLASSPERMISSIONSET;
1265 case CIL_USER:
1266 return CIL_KEY_USER;
1267 case CIL_USERATTRIBUTE:
1268 return CIL_KEY_USERATTRIBUTE;
1269 case CIL_USERATTRIBUTESET:
1270 return CIL_KEY_USERATTRIBUTESET;
1271 case CIL_USERPREFIX:
1272 return CIL_KEY_USERPREFIX;
1273 case CIL_USERROLE:
1274 return CIL_KEY_USERROLE;
1275 case CIL_USERLEVEL:
1276 return CIL_KEY_USERLEVEL;
1277 case CIL_USERRANGE:
1278 return CIL_KEY_USERRANGE;
1279 case CIL_USERBOUNDS:
1280 return CIL_KEY_USERBOUNDS;
1281 case CIL_SELINUXUSER:
1282 return CIL_KEY_SELINUXUSER;
1283 case CIL_SELINUXUSERDEFAULT:
1284 return CIL_KEY_SELINUXUSERDEFAULT;
1285 case CIL_ROLE:
1286 return CIL_KEY_ROLE;
1287 case CIL_ROLEATTRIBUTE:
1288 return CIL_KEY_ROLEATTRIBUTE;
1289 case CIL_ROLEATTRIBUTESET:
1290 return CIL_KEY_ROLEATTRIBUTESET;
1291 case CIL_ROLETYPE:
1292 return CIL_KEY_ROLETYPE;
1293 case CIL_ROLEBOUNDS:
1294 return CIL_KEY_ROLEBOUNDS;
1295 case CIL_TYPE:
1296 return CIL_KEY_TYPE;
1297 case CIL_TYPEATTRIBUTE:
1298 return CIL_KEY_TYPEATTRIBUTE;
1299 case CIL_TYPEALIAS:
1300 return CIL_KEY_TYPEALIAS;
1301 case CIL_TYPEATTRIBUTESET:
1302 return CIL_KEY_TYPEATTRIBUTESET;
1303 case CIL_EXPANDTYPEATTRIBUTE:
1304 return CIL_KEY_EXPANDTYPEATTRIBUTE;
1305 case CIL_TYPEALIASACTUAL:
1306 return CIL_KEY_TYPEALIASACTUAL;
1307 case CIL_TYPEBOUNDS:
1308 return CIL_KEY_TYPEBOUNDS;
1309 case CIL_TYPEPERMISSIVE:
1310 return CIL_KEY_TYPEPERMISSIVE;
1311 case CIL_SENS:
1312 return CIL_KEY_SENSITIVITY;
1313 case CIL_SENSALIAS:
1314 return CIL_KEY_SENSALIAS;
1315 case CIL_SENSALIASACTUAL:
1316 return CIL_KEY_SENSALIASACTUAL;
1317 case CIL_SENSITIVITYORDER:
1318 return CIL_KEY_SENSITIVITYORDER;
1319 case CIL_SENSCAT:
1320 return CIL_KEY_SENSCAT;
1321 case CIL_CAT:
1322 return CIL_KEY_CATEGORY;
1323 case CIL_CATSET:
1324 return CIL_KEY_CATSET;
1325 case CIL_CATALIAS:
1326 return CIL_KEY_CATALIAS;
1327 case CIL_CATALIASACTUAL:
1328 return CIL_KEY_CATALIASACTUAL;
1329 case CIL_CATORDER:
1330 return CIL_KEY_CATORDER;
1331 case CIL_LEVEL:
1332 return CIL_KEY_LEVEL;
1333 case CIL_LEVELRANGE:
1334 return CIL_KEY_LEVELRANGE;
1335 case CIL_SID:
1336 return CIL_KEY_SID;
1337 case CIL_SIDORDER:
1338 return CIL_KEY_SIDORDER;
1339 case CIL_ROLEALLOW:
1340 return CIL_KEY_ROLEALLOW;
1341 case CIL_AVRULE:
1342 switch (((struct cil_avrule *)node->data)->rule_kind) {
1343 case CIL_AVRULE_ALLOWED:
1344 return CIL_KEY_ALLOW;
1345 case CIL_AVRULE_AUDITALLOW:
1346 return CIL_KEY_AUDITALLOW;
1347 case CIL_AVRULE_DONTAUDIT:
1348 return CIL_KEY_DONTAUDIT;
1349 case CIL_AVRULE_NEVERALLOW:
1350 return CIL_KEY_NEVERALLOW;
1351 default:
1352 break;
1353 }
1354 break;
1355 case CIL_AVRULEX:
1356 switch (((struct cil_avrule *)node->data)->rule_kind) {
1357 case CIL_AVRULE_ALLOWED:
1358 return CIL_KEY_ALLOWX;
1359 case CIL_AVRULE_AUDITALLOW:
1360 return CIL_KEY_AUDITALLOWX;
1361 case CIL_AVRULE_DONTAUDIT:
1362 return CIL_KEY_DONTAUDITX;
1363 case CIL_AVRULE_NEVERALLOW:
1364 return CIL_KEY_NEVERALLOWX;
1365 default:
1366 break;
1367 }
1368 break;
1369 case CIL_PERMISSIONX:
1370 return CIL_KEY_PERMISSIONX;
1371 case CIL_DENY_RULE:
1372 return CIL_KEY_DENY_RULE;
1373 case CIL_ROLETRANSITION:
1374 return CIL_KEY_ROLETRANSITION;
1375 case CIL_TYPE_RULE:
1376 switch (((struct cil_type_rule *)node->data)->rule_kind) {
1377 case CIL_TYPE_TRANSITION:
1378 return CIL_KEY_TYPETRANSITION;
1379 case CIL_TYPE_MEMBER:
1380 return CIL_KEY_TYPEMEMBER;
1381 case CIL_TYPE_CHANGE:
1382 return CIL_KEY_TYPECHANGE;
1383 default:
1384 break;
1385 }
1386 break;
1387 case CIL_NAMETYPETRANSITION:
1388 return CIL_KEY_TYPETRANSITION;
1389 case CIL_RANGETRANSITION:
1390 return CIL_KEY_RANGETRANSITION;
1391 case CIL_CONSTRAIN:
1392 return CIL_KEY_CONSTRAIN;
1393 case CIL_MLSCONSTRAIN:
1394 return CIL_KEY_MLSCONSTRAIN;
1395 case CIL_VALIDATETRANS:
1396 return CIL_KEY_VALIDATETRANS;
1397 case CIL_MLSVALIDATETRANS:
1398 return CIL_KEY_MLSVALIDATETRANS;
1399 case CIL_CONTEXT:
1400 return CIL_KEY_CONTEXT;
1401 case CIL_IPADDR:
1402 return CIL_KEY_IPADDR;
1403 case CIL_SIDCONTEXT:
1404 return CIL_KEY_SIDCONTEXT;
1405 case CIL_FSUSE:
1406 return CIL_KEY_FSUSE;
1407 case CIL_FILECON:
1408 return CIL_KEY_FILECON;
1409 case CIL_IBPKEYCON:
1410 return CIL_KEY_IBPKEYCON;
1411 case CIL_IBENDPORTCON:
1412 return CIL_KEY_IBENDPORTCON;
1413 case CIL_PORTCON:
1414 return CIL_KEY_PORTCON;
1415 case CIL_NODECON:
1416 return CIL_KEY_NODECON;
1417 case CIL_GENFSCON:
1418 return CIL_KEY_GENFSCON;
1419 case CIL_NETIFCON:
1420 return CIL_KEY_NETIFCON;
1421 case CIL_PIRQCON:
1422 return CIL_KEY_PIRQCON;
1423 case CIL_IOMEMCON:
1424 return CIL_KEY_IOMEMCON;
1425 case CIL_IOPORTCON:
1426 return CIL_KEY_IOPORTCON;
1427 case CIL_PCIDEVICECON:
1428 return CIL_KEY_PCIDEVICECON;
1429 case CIL_DEVICETREECON:
1430 return CIL_KEY_DEVICETREECON;
1431 case CIL_POLICYCAP:
1432 return CIL_KEY_POLICYCAP;
1433 case CIL_DEFAULTUSER:
1434 return CIL_KEY_DEFAULTUSER;
1435 case CIL_DEFAULTROLE:
1436 return CIL_KEY_DEFAULTROLE;
1437 case CIL_DEFAULTTYPE:
1438 return CIL_KEY_DEFAULTTYPE;
1439 case CIL_DEFAULTRANGE:
1440 return CIL_KEY_DEFAULTRANGE;
1441 case CIL_HANDLEUNKNOWN:
1442 return CIL_KEY_HANDLEUNKNOWN;
1443 case CIL_MLS:
1444 return CIL_KEY_MLS;
1445 case CIL_SRC_INFO:
1446 return CIL_KEY_SRC_INFO;
1447 case CIL_ALL:
1448 return CIL_KEY_ALL;
1449 case CIL_RANGE:
1450 return CIL_KEY_RANGE;
1451 case CIL_AND:
1452 return CIL_KEY_AND;
1453 case CIL_OR:
1454 return CIL_KEY_OR;
1455 case CIL_XOR:
1456 return CIL_KEY_XOR;
1457 case CIL_NOT:
1458 return CIL_KEY_NOT;
1459 case CIL_EQ:
1460 return CIL_KEY_EQ;
1461 case CIL_NEQ:
1462 return CIL_KEY_NEQ;
1463 case CIL_CONS_DOM:
1464 return CIL_KEY_CONS_DOM;
1465 case CIL_CONS_DOMBY:
1466 return CIL_KEY_CONS_DOMBY;
1467 case CIL_CONS_INCOMP:
1468 return CIL_KEY_CONS_INCOMP;
1469 case CIL_CONS_U1:
1470 return CIL_KEY_CONS_U1;
1471 case CIL_CONS_U2:
1472 return CIL_KEY_CONS_U2;
1473 case CIL_CONS_U3:
1474 return CIL_KEY_CONS_U3;
1475 case CIL_CONS_T1:
1476 return CIL_KEY_CONS_T1;
1477 case CIL_CONS_T2:
1478 return CIL_KEY_CONS_T2;
1479 case CIL_CONS_T3:
1480 return CIL_KEY_CONS_T3;
1481 case CIL_CONS_R1:
1482 return CIL_KEY_CONS_R1;
1483 case CIL_CONS_R2:
1484 return CIL_KEY_CONS_R2;
1485 case CIL_CONS_R3:
1486 return CIL_KEY_CONS_R3;
1487 case CIL_CONS_L1:
1488 return CIL_KEY_CONS_L1;
1489 case CIL_CONS_L2:
1490 return CIL_KEY_CONS_L2;
1491 case CIL_CONS_H1:
1492 return CIL_KEY_CONS_H1;
1493 case CIL_CONS_H2:
1494 return CIL_KEY_CONS_H2;
1495
1496 default:
1497 break;
1498 }
1499
1500 return "<unknown>";
1501 }
1502
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1503 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1504 {
1505 int rc = SEPOL_ERR;
1506 size_t str_len = 0;
1507 int buf_pos = 0;
1508 char *str_tmp = NULL;
1509 struct cil_list_item *curr;
1510 struct cil_userprefix *userprefix = NULL;
1511 struct cil_user *user = NULL;
1512
1513 *out = NULL;
1514
1515 if (db->userprefixes->head == NULL) {
1516 rc = SEPOL_OK;
1517 *size = 0;
1518 goto exit;
1519 }
1520
1521 cil_list_for_each(curr, db->userprefixes) {
1522 userprefix = curr->data;
1523 user = userprefix->user;
1524 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1525 }
1526
1527 *size = str_len * sizeof(char);
1528 str_len++;
1529 str_tmp = cil_malloc(str_len * sizeof(char));
1530 *out = str_tmp;
1531
1532 cil_list_for_each(curr, db->userprefixes) {
1533 userprefix = curr->data;
1534 user = userprefix->user;
1535
1536 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1537 userprefix->prefix_str);
1538 if (buf_pos < 0) {
1539 free(str_tmp);
1540 *size = 0;
1541 *out = NULL;
1542 goto exit;
1543 }
1544 str_len -= buf_pos;
1545 str_tmp += buf_pos;
1546 }
1547
1548 rc = SEPOL_OK;
1549 exit:
1550 return rc;
1551
1552 }
1553
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1554 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1555 {
1556 int rc = SEPOL_ERR;
1557 struct cil_list_item *i;
1558 struct cil_list_item *j;
1559 struct cil_cat* cat;
1560 struct cil_catset *cs;
1561 struct cil_tree_node *node;
1562
1563 if (cats == NULL) {
1564 rc = SEPOL_OK;
1565 goto exit;
1566 }
1567
1568 cil_list_for_each(i, cats->datum_expr) {
1569 node = NODE(i->data);
1570 if (node->flavor == CIL_CATSET) {
1571 cs = (struct cil_catset*)i->data;
1572 cil_list_for_each(j, cs->cats->datum_expr) {
1573 cat = (struct cil_cat*)j->data;
1574 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1575 if (rc != SEPOL_OK) {
1576 goto exit;
1577 }
1578 }
1579 } else {
1580 cat = (struct cil_cat*)i->data;
1581 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1582 if (rc != SEPOL_OK) {
1583 goto exit;
1584 }
1585 }
1586 }
1587
1588 return SEPOL_OK;
1589
1590 exit:
1591 return rc;
1592 }
1593
cil_level_equals(struct cil_level * low,struct cil_level * high)1594 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1595 {
1596 int rc;
1597 struct ebitmap elow;
1598 struct ebitmap ehigh;
1599
1600 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1601 rc = 0;
1602 goto exit;
1603 }
1604
1605 ebitmap_init(&elow);
1606 ebitmap_init(&ehigh);
1607
1608 rc = cil_cats_to_ebitmap(low->cats, &elow);
1609 if (rc != SEPOL_OK) {
1610 goto exit;
1611 }
1612
1613 rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1614 if (rc != SEPOL_OK) {
1615 goto exit;
1616 }
1617
1618 rc = ebitmap_cmp(&elow, &ehigh);
1619 ebitmap_destroy(&elow);
1620 ebitmap_destroy(&ehigh);
1621
1622 exit:
1623 return rc;
1624 }
1625
__cil_level_strlen(struct cil_level * lvl)1626 static int __cil_level_strlen(struct cil_level *lvl)
1627 {
1628 struct cil_list_item *item;
1629 struct cil_cats *cats = lvl->cats;
1630 int str_len = 0;
1631 char *str1 = NULL;
1632 char *str2 = NULL;
1633 int first = -1;
1634 int last = -1;
1635
1636 str_len += strlen(lvl->sens->datum.fqn);
1637
1638 if (cats && cats->datum_expr != NULL) {
1639 str_len++; /* initial ":" */
1640 cil_list_for_each(item, cats->datum_expr) {
1641 struct cil_cat *cat = item->data;
1642 if (first == -1) {
1643 str1 = cat->datum.fqn;
1644 first = cat->value;
1645 last = first;
1646 } else if (cat->value == last + 1) {
1647 last++;
1648 str2 = cat->datum.fqn;
1649 } else {
1650 if (first == last) {
1651 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1652 } else if (last == first + 1) {
1653 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1654 } else {
1655 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1656 }
1657 first = -1;
1658 last = -1;
1659 if (item->next != NULL) {
1660 str_len++; /* space for "," after */
1661 }
1662 }
1663 }
1664 if (first != -1) {
1665 if (first == last) {
1666 str_len += strlen(str1);
1667 } else if (last == first + 1) {
1668 str_len += strlen(str1) + strlen(str2) + 1;
1669 } else {
1670 str_len += strlen(str1) + strlen(str2) + 1;
1671 }
1672 }
1673 }
1674
1675 return str_len;
1676 }
1677
__cil_level_to_string(struct cil_level * lvl,char * out)1678 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1679 {
1680 struct cil_list_item *item;
1681 struct cil_cats *cats = lvl->cats;
1682 int buf_pos = 0;
1683 char *str_tmp = out;
1684 char *str1 = NULL;
1685 char *str2 = NULL;
1686 int first = -1;
1687 int last = -1;
1688
1689 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1690 str_tmp += buf_pos;
1691
1692 if (cats && cats->datum_expr != NULL) {
1693 buf_pos = sprintf(str_tmp, ":");
1694 str_tmp += buf_pos;
1695
1696 cil_list_for_each(item, cats->datum_expr) {
1697 struct cil_cat *cat = item->data;
1698 if (first == -1) {
1699 str1 = cat->datum.fqn;
1700 first = cat->value;
1701 last = first;
1702 } else if (cat->value == last + 1) {
1703 last++;
1704 str2 = cat->datum.fqn;
1705 } else {
1706 if (first == last) {
1707 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1708 str_tmp += buf_pos;
1709 } else if (last == first + 1) {
1710 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1711 str_tmp += buf_pos;
1712 } else {
1713 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1714 str_tmp += buf_pos;
1715 }
1716 first = -1;
1717 last = -1;
1718 if (item->next != NULL) {
1719 buf_pos = sprintf(str_tmp, ",");
1720 str_tmp += buf_pos;
1721 }
1722 }
1723 }
1724 if (first != -1) {
1725 if (first == last) {
1726 buf_pos = sprintf(str_tmp, "%s", str1);
1727 str_tmp += buf_pos;
1728 } else if (last == first + 1) {
1729 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1730 str_tmp += buf_pos;
1731 } else {
1732 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1733 str_tmp += buf_pos;
1734 }
1735 }
1736 }
1737
1738 return str_tmp - out;
1739 }
1740
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1741 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1742 {
1743 size_t str_len = 0;
1744 int buf_pos = 0;
1745 char *str_tmp = NULL;
1746 struct cil_list_item *curr;
1747
1748 if (db->selinuxusers->head == NULL) {
1749 *size = 0;
1750 *out = NULL;
1751 return SEPOL_OK;
1752 }
1753
1754 cil_list_for_each(curr, db->selinuxusers) {
1755 struct cil_selinuxuser *selinuxuser = curr->data;
1756 struct cil_user *user = selinuxuser->user;
1757
1758 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1759
1760 if (db->mls == CIL_TRUE) {
1761 struct cil_levelrange *range = selinuxuser->range;
1762 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1763 }
1764
1765 str_len++;
1766 }
1767
1768 *size = str_len * sizeof(char);
1769 str_tmp = cil_malloc(*size+1);
1770 *out = str_tmp;
1771
1772 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1773 struct cil_selinuxuser *selinuxuser = curr->data;
1774 struct cil_user *user = selinuxuser->user;
1775
1776 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1777 str_tmp += buf_pos;
1778
1779 if (db->mls == CIL_TRUE) {
1780 struct cil_levelrange *range = selinuxuser->range;
1781 buf_pos = sprintf(str_tmp, ":");
1782 str_tmp += buf_pos;
1783 buf_pos = __cil_level_to_string(range->low, str_tmp);
1784 str_tmp += buf_pos;
1785 buf_pos = sprintf(str_tmp, "-");
1786 str_tmp += buf_pos;
1787 buf_pos = __cil_level_to_string(range->high, str_tmp);
1788 str_tmp += buf_pos;
1789 }
1790
1791 buf_pos = sprintf(str_tmp, "\n");
1792 str_tmp += buf_pos;
1793 }
1794
1795 return SEPOL_OK;
1796 }
1797
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1798 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1799 {
1800 uint32_t i = 0;
1801 int buf_pos = 0;
1802 size_t str_len = 0;
1803 char *str_tmp = NULL;
1804 struct cil_sort *filecons = db->filecon;
1805
1806 for (i = 0; i < filecons->count; i++) {
1807 struct cil_filecon *filecon = filecons->array[i];
1808 struct cil_context *ctx = filecon->context;
1809 char *path_str = filecon->path ? DATUM(filecon->path)->fqn : filecon->path_str;
1810 str_len += strlen(path_str);
1811
1812 if (filecon->type != CIL_FILECON_ANY) {
1813 /* If a type is specified,
1814 +2 for type string, +1 for tab */
1815 str_len += 3;
1816 }
1817
1818 if (ctx != NULL) {
1819 struct cil_user *user = ctx->user;
1820 struct cil_role *role = ctx->role;
1821 struct cil_type *type = ctx->type;
1822
1823 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1824
1825 if (db->mls == CIL_TRUE) {
1826 struct cil_levelrange *range = ctx->range;
1827 if (cil_level_equals(range->low, range->high)) {
1828 str_len += __cil_level_strlen(range->low) + 1;
1829 } else {
1830 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1831 }
1832 }
1833 } else {
1834 str_len += strlen("\t<<none>>");
1835 }
1836
1837 str_len++;
1838 }
1839
1840 *size = str_len * sizeof(char);
1841 str_tmp = cil_malloc(*size+1);
1842 *out = str_tmp;
1843
1844 for (i = 0; i < filecons->count; i++) {
1845 struct cil_filecon *filecon = filecons->array[i];
1846 struct cil_context *ctx = filecon->context;
1847 const char *str_type = NULL;
1848 char *path_str = filecon->path ? DATUM(filecon->path)->fqn : filecon->path_str;
1849 buf_pos = sprintf(str_tmp, "%s", path_str);
1850 str_tmp += buf_pos;
1851
1852 switch(filecon->type) {
1853 case CIL_FILECON_ANY:
1854 str_type = "";
1855 break;
1856 case CIL_FILECON_FILE:
1857 str_type = "\t--";
1858 break;
1859 case CIL_FILECON_DIR:
1860 str_type = "\t-d";
1861 break;
1862 case CIL_FILECON_CHAR:
1863 str_type = "\t-c";
1864 break;
1865 case CIL_FILECON_BLOCK:
1866 str_type = "\t-b";
1867 break;
1868 case CIL_FILECON_SOCKET:
1869 str_type = "\t-s";
1870 break;
1871 case CIL_FILECON_PIPE:
1872 str_type = "\t-p";
1873 break;
1874 case CIL_FILECON_SYMLINK:
1875 str_type = "\t-l";
1876 break;
1877 default:
1878 str_type = "";
1879 break;
1880 }
1881 buf_pos = sprintf(str_tmp, "%s", str_type);
1882 str_tmp += buf_pos;
1883
1884 if (ctx != NULL) {
1885 struct cil_user *user = ctx->user;
1886 struct cil_role *role = ctx->role;
1887 struct cil_type *type = ctx->type;
1888
1889 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1890 type->datum.fqn);
1891 str_tmp += buf_pos;
1892
1893 if (db->mls == CIL_TRUE) {
1894 struct cil_levelrange *range = ctx->range;
1895 buf_pos = sprintf(str_tmp, ":");
1896 str_tmp += buf_pos;
1897 buf_pos = __cil_level_to_string(range->low, str_tmp);
1898 str_tmp += buf_pos;
1899
1900 if (!cil_level_equals(range->low, range->high)) {
1901 buf_pos = sprintf(str_tmp, "-");
1902 str_tmp += buf_pos;
1903 buf_pos = __cil_level_to_string(range->high, str_tmp);
1904 str_tmp += buf_pos;
1905 }
1906 }
1907 } else {
1908 buf_pos = sprintf(str_tmp, "\t<<none>>");
1909 str_tmp += buf_pos;
1910 }
1911
1912 buf_pos = sprintf(str_tmp, "\n");
1913 str_tmp += buf_pos;
1914 }
1915
1916 return SEPOL_OK;
1917 }
1918
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1919 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1920 {
1921 db->disable_dontaudit = disable_dontaudit;
1922 }
1923
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1924 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1925 {
1926 db->disable_neverallow = disable_neverallow;
1927 }
1928
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1929 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1930 {
1931 db->attrs_expand_generated = attrs_expand_generated;
1932 }
1933
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1934 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1935 {
1936 db->attrs_expand_size = attrs_expand_size;
1937 }
1938
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1939 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1940 {
1941 db->preserve_tunables = preserve_tunables;
1942 }
1943
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1944 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1945 {
1946 int rc = 0;
1947
1948 switch (handle_unknown) {
1949 case SEPOL_DENY_UNKNOWN:
1950 case SEPOL_REJECT_UNKNOWN:
1951 case SEPOL_ALLOW_UNKNOWN:
1952 db->handle_unknown = handle_unknown;
1953 break;
1954 default:
1955 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1956 rc = -1;
1957 }
1958
1959 return rc;
1960 }
1961
cil_set_mls(struct cil_db * db,int mls)1962 void cil_set_mls(struct cil_db *db, int mls)
1963 {
1964 db->mls = mls;
1965 }
1966
cil_set_multiple_decls(struct cil_db * db,int multiple_decls)1967 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
1968 {
1969 db->multiple_decls = multiple_decls;
1970 }
1971
cil_set_qualified_names(struct cil_db * db,int qualified_names)1972 void cil_set_qualified_names(struct cil_db *db, int qualified_names)
1973 {
1974 db->qualified_names = qualified_names;
1975 }
1976
cil_set_target_platform(struct cil_db * db,int target_platform)1977 void cil_set_target_platform(struct cil_db *db, int target_platform)
1978 {
1979 db->target_platform = target_platform;
1980 }
1981
cil_set_policy_version(struct cil_db * db,int policy_version)1982 void cil_set_policy_version(struct cil_db *db, int policy_version)
1983 {
1984 db->policy_version = policy_version;
1985 }
1986
cil_symtab_array_init(symtab_t symtab[],const int symtab_sizes[CIL_SYM_NUM])1987 void cil_symtab_array_init(symtab_t symtab[], const int symtab_sizes[CIL_SYM_NUM])
1988 {
1989 uint32_t i = 0;
1990 for (i = 0; i < CIL_SYM_NUM; i++) {
1991 cil_symtab_init(&symtab[i], symtab_sizes[i]);
1992 }
1993 }
1994
cil_symtab_array_destroy(symtab_t symtab[])1995 void cil_symtab_array_destroy(symtab_t symtab[])
1996 {
1997 int i = 0;
1998 for (i = 0; i < CIL_SYM_NUM; i++) {
1999 cil_symtab_destroy(&symtab[i]);
2000 }
2001 }
2002
cil_destroy_ast_symtabs(struct cil_tree_node * current)2003 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
2004 {
2005 while (current) {
2006 switch (current->flavor) {
2007 case CIL_BLOCK:
2008 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
2009 break;
2010 case CIL_IN:
2011 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
2012 break;
2013 case CIL_CLASS:
2014 case CIL_COMMON:
2015 case CIL_MAP_CLASS:
2016 cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
2017 break;
2018 case CIL_MACRO:
2019 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
2020 break;
2021 case CIL_CONDBLOCK:
2022 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
2023 break;
2024 default:
2025 break;
2026 }
2027
2028 if (current->cl_head) {
2029 cil_destroy_ast_symtabs(current->cl_head);
2030 }
2031
2032 current = current->next;
2033 }
2034 }
2035
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)2036 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
2037 {
2038 struct cil_tree_node *node = ast_node;
2039 *symtab = NULL;
2040
2041 if (sym_index == CIL_SYM_PERMS) {
2042 /* Class statements are not blocks, so the passed node should be the class */
2043 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
2044 node->flavor == CIL_COMMON) {
2045 *symtab = &((struct cil_class*)node->data)->perms;
2046 return SEPOL_OK;
2047 }
2048 goto exit;
2049 }
2050
2051 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
2052 cil_log(CIL_ERR, "Invalid symtab type\n");
2053 goto exit;
2054 }
2055
2056 while (node != NULL && *symtab == NULL) {
2057 switch (node->flavor) {
2058 case CIL_ROOT:
2059 *symtab = &((struct cil_root *)node->data)->symtab[sym_index];
2060 break;
2061 case CIL_BLOCK:
2062 *symtab = &((struct cil_block*)node->data)->symtab[sym_index];
2063 break;
2064 case CIL_MACRO:
2065 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
2066 break;
2067 case CIL_IN:
2068 /* In blocks only exist before resolving the AST */
2069 *symtab = &((struct cil_in*)node->data)->symtab[sym_index];
2070 break;
2071 case CIL_CONDBLOCK: {
2072 if (node->parent->flavor == CIL_TUNABLEIF) {
2073 /* Cond blocks only exist before resolving the AST */
2074 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
2075 } else if (node->parent->flavor == CIL_BOOLEANIF) {
2076 node = node->parent->parent;
2077 }
2078 break;
2079 }
2080 default:
2081 node = node->parent;
2082 }
2083 }
2084
2085 if (*symtab == NULL) {
2086 goto exit;
2087 }
2088
2089 return SEPOL_OK;
2090
2091 exit:
2092 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
2093 return SEPOL_ERR;
2094 }
2095
cil_string_to_uint32(const char * string,uint32_t * value,int base)2096 int cil_string_to_uint32(const char *string, uint32_t *value, int base)
2097 {
2098 unsigned long val;
2099 char *end = NULL;
2100 int rc = SEPOL_ERR;
2101
2102 if (string == NULL || value == NULL) {
2103 goto exit;
2104 }
2105
2106 errno = 0;
2107 val = strtoul(string, &end, base);
2108 if (errno != 0 || end == string || *end != '\0') {
2109 rc = SEPOL_ERR;
2110 goto exit;
2111 }
2112
2113 /* Ensure that the value fits a 32-bit integer without triggering -Wtype-limits */
2114 #if ULONG_MAX > UINT32_MAX
2115 if (val > UINT32_MAX) {
2116 rc = SEPOL_ERR;
2117 goto exit;
2118 }
2119 #endif
2120
2121 *value = val;
2122
2123 return SEPOL_OK;
2124
2125 exit:
2126 cil_log(CIL_ERR, "Failed to create uint32_t from string\n");
2127 return rc;
2128 }
2129
cil_string_to_uint64(const char * string,uint64_t * value,int base)2130 int cil_string_to_uint64(const char *string, uint64_t *value, int base)
2131 {
2132 char *end = NULL;
2133 int rc = SEPOL_ERR;
2134
2135 if (string == NULL || value == NULL) {
2136 goto exit;
2137 }
2138
2139 errno = 0;
2140 *value = strtoull(string, &end, base);
2141 if (errno != 0 || end == string || *end != '\0') {
2142 rc = SEPOL_ERR;
2143 goto exit;
2144 }
2145
2146 return SEPOL_OK;
2147
2148 exit:
2149 cil_log(CIL_ERR, "Failed to create uint64_t from string\n");
2150 return rc;
2151 }
2152
cil_sort_init(struct cil_sort ** sort)2153 void cil_sort_init(struct cil_sort **sort)
2154 {
2155 *sort = cil_malloc(sizeof(**sort));
2156
2157 (*sort)->flavor = CIL_NONE;
2158 (*sort)->count = 0;
2159 (*sort)->index = 0;
2160 (*sort)->array = NULL;
2161 }
2162
cil_sort_destroy(struct cil_sort ** sort)2163 void cil_sort_destroy(struct cil_sort **sort)
2164 {
2165 (*sort)->flavor = CIL_NONE;
2166 (*sort)->count = 0;
2167 (*sort)->index = 0;
2168 if ((*sort)->array != NULL) {
2169 free((*sort)->array);
2170 }
2171 (*sort)->array = NULL;
2172
2173 free(*sort);
2174 *sort = NULL;
2175 }
2176
cil_ordered_init(struct cil_ordered ** ordered)2177 void cil_ordered_init(struct cil_ordered **ordered)
2178 {
2179 *ordered = cil_malloc(sizeof(**ordered));
2180 (*ordered)->merged = CIL_FALSE;
2181 (*ordered)->strs = NULL;
2182 (*ordered)->datums = NULL;
2183 }
2184
cil_netifcon_init(struct cil_netifcon ** netifcon)2185 void cil_netifcon_init(struct cil_netifcon **netifcon)
2186 {
2187 *netifcon = cil_malloc(sizeof(**netifcon));
2188
2189 (*netifcon)->interface_str = NULL;
2190 (*netifcon)->if_context_str = NULL;
2191 (*netifcon)->if_context = NULL;
2192 (*netifcon)->packet_context_str = NULL;
2193 (*netifcon)->packet_context = NULL;
2194 (*netifcon)->context_str = NULL;
2195 }
2196
cil_ibendportcon_init(struct cil_ibendportcon ** ibendportcon)2197 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon)
2198 {
2199 *ibendportcon = cil_malloc(sizeof(**ibendportcon));
2200
2201 (*ibendportcon)->dev_name_str = NULL;
2202 (*ibendportcon)->port = 0;
2203 (*ibendportcon)->context_str = NULL;
2204 (*ibendportcon)->context = NULL;
2205 }
2206
cil_context_init(struct cil_context ** context)2207 void cil_context_init(struct cil_context **context)
2208 {
2209 *context = cil_malloc(sizeof(**context));
2210
2211 cil_symtab_datum_init(&(*context)->datum);
2212 (*context)->user_str = NULL;
2213 (*context)->user = NULL;
2214 (*context)->role_str = NULL;
2215 (*context)->role = NULL;
2216 (*context)->type_str = NULL;
2217 (*context)->type = NULL;
2218 (*context)->range_str = NULL;
2219 (*context)->range = NULL;
2220 }
2221
cil_level_init(struct cil_level ** level)2222 void cil_level_init(struct cil_level **level)
2223 {
2224 *level = cil_malloc(sizeof(**level));
2225
2226 cil_symtab_datum_init(&(*level)->datum);
2227 (*level)->sens_str = NULL;
2228 (*level)->sens = NULL;
2229 (*level)->cats = NULL;
2230 }
2231
cil_levelrange_init(struct cil_levelrange ** range)2232 void cil_levelrange_init(struct cil_levelrange **range)
2233 {
2234 *range = cil_malloc(sizeof(**range));
2235
2236 cil_symtab_datum_init(&(*range)->datum);
2237 (*range)->low_str = NULL;
2238 (*range)->low = NULL;
2239 (*range)->high_str = NULL;
2240 (*range)->high = NULL;
2241 }
2242
cil_sens_init(struct cil_sens ** sens)2243 void cil_sens_init(struct cil_sens **sens)
2244 {
2245 *sens = cil_malloc(sizeof(**sens));
2246
2247 cil_symtab_datum_init(&(*sens)->datum);
2248
2249 (*sens)->cats_list = NULL;
2250
2251 (*sens)->ordered = CIL_FALSE;
2252 }
2253
cil_block_init(struct cil_block ** block)2254 void cil_block_init(struct cil_block **block)
2255 {
2256 *block = cil_malloc(sizeof(**block));
2257
2258 cil_symtab_datum_init(&(*block)->datum);
2259
2260 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
2261
2262 (*block)->is_abstract = CIL_FALSE;
2263
2264 (*block)->bi_nodes = NULL;
2265 }
2266
cil_blockinherit_init(struct cil_blockinherit ** inherit)2267 void cil_blockinherit_init(struct cil_blockinherit **inherit)
2268 {
2269 *inherit = cil_malloc(sizeof(**inherit));
2270 (*inherit)->block_str = NULL;
2271 (*inherit)->block = NULL;
2272 }
2273
cil_blockabstract_init(struct cil_blockabstract ** abstract)2274 void cil_blockabstract_init(struct cil_blockabstract **abstract)
2275 {
2276 *abstract = cil_malloc(sizeof(**abstract));
2277 (*abstract)->block_str = NULL;
2278 (*abstract)->block = NULL;
2279 }
2280
cil_in_init(struct cil_in ** in)2281 void cil_in_init(struct cil_in **in)
2282 {
2283 *in = cil_malloc(sizeof(**in));
2284
2285 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
2286 (*in)->is_after = CIL_FALSE;
2287 (*in)->block_str = NULL;
2288 (*in)->block = NULL;
2289 }
2290
cil_class_init(struct cil_class ** class)2291 void cil_class_init(struct cil_class **class)
2292 {
2293 *class = cil_malloc(sizeof(**class));
2294
2295 cil_symtab_datum_init(&(*class)->datum);
2296
2297 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
2298
2299 (*class)->num_perms = 0;
2300 (*class)->common = NULL;
2301 (*class)->ordered = CIL_FALSE;
2302 }
2303
cil_classcommon_init(struct cil_classcommon ** classcommon)2304 void cil_classcommon_init(struct cil_classcommon **classcommon)
2305 {
2306 *classcommon = cil_malloc(sizeof(**classcommon));
2307
2308 (*classcommon)->class_str = NULL;
2309 (*classcommon)->class = NULL;
2310 (*classcommon)->common_str = NULL;
2311 (*classcommon)->common = NULL;
2312 }
2313
cil_sid_init(struct cil_sid ** sid)2314 void cil_sid_init(struct cil_sid **sid)
2315 {
2316 *sid = cil_malloc(sizeof(**sid));
2317
2318 cil_symtab_datum_init(&(*sid)->datum);
2319
2320 (*sid)->ordered = CIL_FALSE;
2321 (*sid)->context = NULL;
2322 }
2323
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)2324 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
2325 {
2326 *sidcontext = cil_malloc(sizeof(**sidcontext));
2327
2328 (*sidcontext)->sid_str = NULL;
2329 (*sidcontext)->sid = NULL;
2330 (*sidcontext)->context_str = NULL;
2331 (*sidcontext)->context = NULL;
2332 }
2333
cil_userrole_init(struct cil_userrole ** userrole)2334 void cil_userrole_init(struct cil_userrole **userrole)
2335 {
2336 *userrole = cil_malloc(sizeof(**userrole));
2337
2338 (*userrole)->user_str = NULL;
2339 (*userrole)->user = NULL;
2340 (*userrole)->role_str = NULL;
2341 (*userrole)->role = NULL;
2342 }
2343
cil_userprefix_init(struct cil_userprefix ** userprefix)2344 void cil_userprefix_init(struct cil_userprefix **userprefix)
2345 {
2346 *userprefix = cil_malloc(sizeof(**userprefix));
2347
2348 (*userprefix)->user_str = NULL;
2349 (*userprefix)->user = NULL;
2350 (*userprefix)->prefix_str = NULL;
2351 }
2352
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)2353 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
2354 {
2355 *selinuxuser = cil_malloc(sizeof(**selinuxuser));
2356
2357 (*selinuxuser)->name_str = NULL;
2358 (*selinuxuser)->user_str = NULL;
2359 (*selinuxuser)->user = NULL;
2360 (*selinuxuser)->range_str = NULL;
2361 (*selinuxuser)->range = NULL;
2362 }
2363
cil_roletype_init(struct cil_roletype ** roletype)2364 void cil_roletype_init(struct cil_roletype **roletype)
2365 {
2366 *roletype = cil_malloc(sizeof(**roletype));
2367
2368 (*roletype)->role_str = NULL;
2369 (*roletype)->role = NULL;
2370 (*roletype)->type_str = NULL;
2371 (*roletype)->type = NULL;
2372 }
2373
cil_roleattribute_init(struct cil_roleattribute ** attr)2374 void cil_roleattribute_init(struct cil_roleattribute **attr)
2375 {
2376 *attr = cil_malloc(sizeof(**attr));
2377
2378 cil_symtab_datum_init(&(*attr)->datum);
2379
2380 (*attr)->expr_list = NULL;
2381 (*attr)->roles = NULL;
2382 }
2383
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2384 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2385 {
2386 *attrset = cil_malloc(sizeof(**attrset));
2387
2388 (*attrset)->attr_str = NULL;
2389 (*attrset)->attr = NULL;
2390 (*attrset)->str_expr = NULL;
2391 (*attrset)->datum_expr = NULL;
2392 }
2393
cil_typeattribute_init(struct cil_typeattribute ** attr)2394 void cil_typeattribute_init(struct cil_typeattribute **attr)
2395 {
2396 *attr = cil_malloc(sizeof(**attr));
2397
2398 cil_symtab_datum_init(&(*attr)->datum);
2399
2400 (*attr)->expr_list = NULL;
2401 (*attr)->types = NULL;
2402 (*attr)->used = CIL_FALSE;
2403 (*attr)->keep = CIL_FALSE;
2404 }
2405
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2406 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2407 {
2408 *attrset = cil_malloc(sizeof(**attrset));
2409
2410 (*attrset)->attr_str = NULL;
2411 (*attrset)->attr = NULL;
2412 (*attrset)->str_expr = NULL;
2413 (*attrset)->datum_expr = NULL;
2414 }
2415
cil_expandtypeattribute_init(struct cil_expandtypeattribute ** expandattr)2416 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr)
2417 {
2418 *expandattr = cil_malloc(sizeof(**expandattr));
2419
2420 (*expandattr)->attr_strs = NULL;
2421 (*expandattr)->attr_datums = NULL;
2422 (*expandattr)->expand = 0;
2423 }
2424
cil_alias_init(struct cil_alias ** alias)2425 void cil_alias_init(struct cil_alias **alias)
2426 {
2427 *alias = cil_malloc(sizeof(**alias));
2428
2429 (*alias)->actual = NULL;
2430
2431 cil_symtab_datum_init(&(*alias)->datum);
2432 }
2433
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2434 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2435 {
2436 *aliasactual = cil_malloc(sizeof(**aliasactual));
2437
2438 (*aliasactual)->alias_str = NULL;
2439 (*aliasactual)->alias = NULL;
2440 (*aliasactual)->actual_str = NULL;
2441 (*aliasactual)->actual = NULL;
2442 }
2443
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2444 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2445 {
2446 *typeperm = cil_malloc(sizeof(**typeperm));
2447
2448 (*typeperm)->type_str = NULL;
2449 (*typeperm)->type = NULL;
2450 }
2451
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2452 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2453 {
2454 *nametypetrans = cil_malloc(sizeof(**nametypetrans));
2455
2456 (*nametypetrans)->src_str = NULL;
2457 (*nametypetrans)->src = NULL;
2458 (*nametypetrans)->tgt_str = NULL;
2459 (*nametypetrans)->tgt = NULL;
2460 (*nametypetrans)->obj_str = NULL;
2461 (*nametypetrans)->obj = NULL;
2462 (*nametypetrans)->name_str = NULL;
2463 (*nametypetrans)->name = NULL;
2464 (*nametypetrans)->result_str = NULL;
2465 (*nametypetrans)->result = NULL;
2466 }
2467
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2468 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2469 {
2470 *rangetrans = cil_malloc(sizeof(**rangetrans));
2471
2472 (*rangetrans)->src_str = NULL;
2473 (*rangetrans)->src = NULL;
2474 (*rangetrans)->exec_str = NULL;
2475 (*rangetrans)->exec = NULL;
2476 (*rangetrans)->obj_str = NULL;
2477 (*rangetrans)->obj = NULL;
2478 (*rangetrans)->range_str = NULL;
2479 (*rangetrans)->range = NULL;
2480 }
2481
cil_bool_init(struct cil_bool ** cilbool)2482 void cil_bool_init(struct cil_bool **cilbool)
2483 {
2484 *cilbool = cil_malloc(sizeof(**cilbool));
2485
2486 cil_symtab_datum_init(&(*cilbool)->datum);
2487 (*cilbool)->value = 0;
2488 }
2489
cil_tunable_init(struct cil_tunable ** ciltun)2490 void cil_tunable_init(struct cil_tunable **ciltun)
2491 {
2492 *ciltun = cil_malloc(sizeof(**ciltun));
2493
2494 cil_symtab_datum_init(&(*ciltun)->datum);
2495 (*ciltun)->value = 0;
2496 }
2497
cil_condblock_init(struct cil_condblock ** cb)2498 void cil_condblock_init(struct cil_condblock **cb)
2499 {
2500 *cb = cil_malloc(sizeof(**cb));
2501
2502 (*cb)->flavor = CIL_NONE;
2503 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2504 }
2505
cil_boolif_init(struct cil_booleanif ** bif)2506 void cil_boolif_init(struct cil_booleanif **bif)
2507 {
2508 *bif = cil_malloc(sizeof(**bif));
2509
2510 (*bif)->str_expr = NULL;
2511 (*bif)->datum_expr = NULL;
2512 }
2513
cil_tunif_init(struct cil_tunableif ** tif)2514 void cil_tunif_init(struct cil_tunableif **tif)
2515 {
2516 *tif = cil_malloc(sizeof(**tif));
2517
2518 (*tif)->str_expr = NULL;
2519 (*tif)->datum_expr = NULL;
2520 }
2521
cil_avrule_init(struct cil_avrule ** avrule)2522 void cil_avrule_init(struct cil_avrule **avrule)
2523 {
2524 *avrule = cil_malloc(sizeof(**avrule));
2525
2526 (*avrule)->is_extended = 0;
2527 (*avrule)->rule_kind = CIL_NONE;
2528 (*avrule)->src_str = NULL;
2529 (*avrule)->src = NULL;
2530 (*avrule)->tgt_str = NULL;
2531 (*avrule)->tgt = NULL;
2532 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2533 }
2534
cil_permissionx_init(struct cil_permissionx ** permx)2535 void cil_permissionx_init(struct cil_permissionx **permx)
2536 {
2537 *permx = cil_malloc(sizeof(**permx));
2538
2539 cil_symtab_datum_init(&(*permx)->datum);
2540 (*permx)->kind = CIL_NONE;
2541 (*permx)->obj_str = NULL;
2542 (*permx)->obj = NULL;
2543 (*permx)->expr_str = NULL;
2544 (*permx)->perms = NULL;
2545 }
2546
cil_deny_rule_init(struct cil_deny_rule ** rule)2547 void cil_deny_rule_init(struct cil_deny_rule **rule)
2548 {
2549 *rule = cil_malloc(sizeof(**rule));
2550
2551 (*rule)->src_str = NULL;
2552 (*rule)->src = NULL;
2553 (*rule)->tgt_str = NULL;
2554 (*rule)->tgt = NULL;
2555 (*rule)->classperms = NULL;
2556 }
2557
cil_type_rule_init(struct cil_type_rule ** type_rule)2558 void cil_type_rule_init(struct cil_type_rule **type_rule)
2559 {
2560 *type_rule = cil_malloc(sizeof(**type_rule));
2561
2562 (*type_rule)->rule_kind = CIL_NONE;
2563 (*type_rule)->src_str = NULL;
2564 (*type_rule)->src = NULL;
2565 (*type_rule)->tgt_str = NULL;
2566 (*type_rule)->tgt = NULL;
2567 (*type_rule)->obj_str = NULL;
2568 (*type_rule)->obj = NULL;
2569 (*type_rule)->result_str = NULL;
2570 (*type_rule)->result = NULL;
2571 }
2572
cil_roletransition_init(struct cil_roletransition ** role_trans)2573 void cil_roletransition_init(struct cil_roletransition **role_trans)
2574 {
2575 *role_trans = cil_malloc(sizeof(**role_trans));
2576
2577 (*role_trans)->src_str = NULL;
2578 (*role_trans)->src = NULL;
2579 (*role_trans)->tgt_str = NULL;
2580 (*role_trans)->tgt = NULL;
2581 (*role_trans)->obj_str = NULL;
2582 (*role_trans)->obj = NULL;
2583 (*role_trans)->result_str = NULL;
2584 (*role_trans)->result = NULL;
2585 }
2586
cil_roleallow_init(struct cil_roleallow ** roleallow)2587 void cil_roleallow_init(struct cil_roleallow **roleallow)
2588 {
2589 *roleallow = cil_malloc(sizeof(**roleallow));
2590
2591 (*roleallow)->src_str = NULL;
2592 (*roleallow)->src = NULL;
2593 (*roleallow)->tgt_str = NULL;
2594 (*roleallow)->tgt = NULL;
2595 }
2596
cil_catset_init(struct cil_catset ** catset)2597 void cil_catset_init(struct cil_catset **catset)
2598 {
2599 *catset = cil_malloc(sizeof(**catset));
2600
2601 cil_symtab_datum_init(&(*catset)->datum);
2602 (*catset)->cats = NULL;
2603 }
2604
cil_senscat_init(struct cil_senscat ** senscat)2605 void cil_senscat_init(struct cil_senscat **senscat)
2606 {
2607 *senscat = cil_malloc(sizeof(**senscat));
2608
2609 (*senscat)->sens_str = NULL;
2610 (*senscat)->sens = NULL;
2611 (*senscat)->cats = NULL;
2612 }
2613
cil_cats_init(struct cil_cats ** cats)2614 void cil_cats_init(struct cil_cats **cats)
2615 {
2616 *cats = cil_malloc(sizeof(**cats));
2617
2618 (*cats)->evaluated = CIL_FALSE;
2619 (*cats)->str_expr = NULL;
2620 (*cats)->datum_expr = NULL;
2621 }
2622
cil_filecon_init(struct cil_filecon ** filecon)2623 void cil_filecon_init(struct cil_filecon **filecon)
2624 {
2625 *filecon = cil_malloc(sizeof(**filecon));
2626
2627 (*filecon)->path_str = NULL;
2628 (*filecon)->type = CIL_FILECON_ANY;
2629 (*filecon)->context_str = NULL;
2630 (*filecon)->context = NULL;
2631 }
2632
cil_ibpkeycon_init(struct cil_ibpkeycon ** ibpkeycon)2633 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon)
2634 {
2635 *ibpkeycon = cil_malloc(sizeof(**ibpkeycon));
2636
2637 (*ibpkeycon)->subnet_prefix_str = NULL;
2638 (*ibpkeycon)->pkey_low = 0;
2639 (*ibpkeycon)->pkey_high = 0;
2640 (*ibpkeycon)->context_str = NULL;
2641 (*ibpkeycon)->context = NULL;
2642 }
2643
cil_portcon_init(struct cil_portcon ** portcon)2644 void cil_portcon_init(struct cil_portcon **portcon)
2645 {
2646 *portcon = cil_malloc(sizeof(**portcon));
2647 (*portcon)->proto = 0;
2648 (*portcon)->port_low = 0;
2649 (*portcon)->port_high = 0;
2650 (*portcon)->context_str = NULL;
2651 (*portcon)->context = NULL;
2652 }
2653
cil_nodecon_init(struct cil_nodecon ** nodecon)2654 void cil_nodecon_init(struct cil_nodecon **nodecon)
2655 {
2656 *nodecon = cil_malloc(sizeof(**nodecon));
2657
2658 (*nodecon)->addr_str = NULL;
2659 (*nodecon)->addr = NULL;
2660 (*nodecon)->mask_str = NULL;
2661 (*nodecon)->mask = NULL;
2662 (*nodecon)->context_str = NULL;
2663 (*nodecon)->context = NULL;
2664 }
2665
cil_genfscon_init(struct cil_genfscon ** genfscon)2666 void cil_genfscon_init(struct cil_genfscon **genfscon)
2667 {
2668 *genfscon = cil_malloc(sizeof(**genfscon));
2669
2670 (*genfscon)->fs_str = NULL;
2671 (*genfscon)->path_str = NULL;
2672 (*genfscon)->file_type = CIL_FILECON_ANY;
2673 (*genfscon)->context_str = NULL;
2674 (*genfscon)->context = NULL;
2675 }
2676
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2677 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2678 {
2679 *pirqcon = cil_malloc(sizeof(**pirqcon));
2680
2681 (*pirqcon)->pirq = 0;
2682 (*pirqcon)->context_str = NULL;
2683 (*pirqcon)->context = NULL;
2684 }
2685
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2686 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2687 {
2688 *iomemcon = cil_malloc(sizeof(**iomemcon));
2689
2690 (*iomemcon)->iomem_low = 0;
2691 (*iomemcon)->iomem_high = 0;
2692 (*iomemcon)->context_str = NULL;
2693 (*iomemcon)->context = NULL;
2694 }
2695
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2696 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2697 {
2698 *ioportcon = cil_malloc(sizeof(**ioportcon));
2699
2700 (*ioportcon)->context_str = NULL;
2701 (*ioportcon)->context = NULL;
2702 }
2703
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2704 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2705 {
2706 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2707
2708 (*pcidevicecon)->dev = 0;
2709 (*pcidevicecon)->context_str = NULL;
2710 (*pcidevicecon)->context = NULL;
2711 }
2712
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2713 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2714 {
2715 *dtcon = cil_malloc(sizeof(**dtcon));
2716
2717 (*dtcon)->path = NULL;
2718 (*dtcon)->context_str = NULL;
2719 (*dtcon)->context = NULL;
2720 }
2721
cil_fsuse_init(struct cil_fsuse ** fsuse)2722 void cil_fsuse_init(struct cil_fsuse **fsuse)
2723 {
2724 *fsuse = cil_malloc(sizeof(**fsuse));
2725
2726 (*fsuse)->type = 0;
2727 (*fsuse)->fs_str = NULL;
2728 (*fsuse)->context_str = NULL;
2729 (*fsuse)->context = NULL;
2730 }
2731
cil_constrain_init(struct cil_constrain ** constrain)2732 void cil_constrain_init(struct cil_constrain **constrain)
2733 {
2734 *constrain = cil_malloc(sizeof(**constrain));
2735
2736 (*constrain)->classperms = NULL;
2737 (*constrain)->str_expr = NULL;
2738 (*constrain)->datum_expr = NULL;
2739 }
2740
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2741 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2742 {
2743 *validtrans = cil_malloc(sizeof(**validtrans));
2744
2745 (*validtrans)->class_str = NULL;
2746 (*validtrans)->class = NULL;
2747 (*validtrans)->str_expr = NULL;
2748 (*validtrans)->datum_expr = NULL;
2749 }
2750
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2751 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2752 {
2753 *ipaddr = cil_malloc(sizeof(**ipaddr));
2754
2755 cil_symtab_datum_init(&(*ipaddr)->datum);
2756 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2757 }
2758
cil_perm_init(struct cil_perm ** perm)2759 void cil_perm_init(struct cil_perm **perm)
2760 {
2761 *perm = cil_malloc(sizeof(**perm));
2762
2763 cil_symtab_datum_init(&(*perm)->datum);
2764 (*perm)->value = 0;
2765 (*perm)->classperms = NULL;
2766 }
2767
cil_classpermission_init(struct cil_classpermission ** cp)2768 void cil_classpermission_init(struct cil_classpermission **cp)
2769 {
2770 *cp = cil_malloc(sizeof(**cp));
2771
2772 cil_symtab_datum_init(&(*cp)->datum);
2773 (*cp)->classperms = NULL;
2774 }
2775
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2776 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2777 {
2778 *cps = cil_malloc(sizeof(**cps));
2779
2780 (*cps)->set_str = NULL;
2781 (*cps)->set = NULL;
2782 (*cps)->classperms = NULL;
2783 }
2784
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2785 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2786 {
2787 *cp_set = cil_malloc(sizeof(**cp_set));
2788 (*cp_set)->set_str = NULL;
2789 (*cp_set)->set = NULL;
2790 }
2791
cil_classperms_init(struct cil_classperms ** cp)2792 void cil_classperms_init(struct cil_classperms **cp)
2793 {
2794 *cp = cil_malloc(sizeof(**cp));
2795 (*cp)->class_str = NULL;
2796 (*cp)->class = NULL;
2797 (*cp)->perm_strs = NULL;
2798 (*cp)->perms = NULL;
2799 }
2800
cil_classmapping_init(struct cil_classmapping ** mapping)2801 void cil_classmapping_init(struct cil_classmapping **mapping)
2802 {
2803 *mapping = cil_malloc(sizeof(**mapping));
2804
2805 (*mapping)->map_class_str = NULL;
2806 (*mapping)->map_class = NULL;
2807 (*mapping)->map_perm_str = NULL;
2808 (*mapping)->map_perm = NULL;
2809 (*mapping)->classperms = NULL;
2810 }
2811
cil_user_init(struct cil_user ** user)2812 void cil_user_init(struct cil_user **user)
2813 {
2814 *user = cil_malloc(sizeof(**user));
2815
2816 cil_symtab_datum_init(&(*user)->datum);
2817 (*user)->bounds = NULL;
2818 (*user)->roles = NULL;
2819 (*user)->dftlevel = NULL;
2820 (*user)->range = NULL;
2821 (*user)->value = 0;
2822 }
2823
cil_userattribute_init(struct cil_userattribute ** attr)2824 void cil_userattribute_init(struct cil_userattribute **attr)
2825 {
2826 *attr = cil_malloc(sizeof(**attr));
2827
2828 cil_symtab_datum_init(&(*attr)->datum);
2829
2830 (*attr)->expr_list = NULL;
2831 (*attr)->users = NULL;
2832 }
2833
cil_userattributeset_init(struct cil_userattributeset ** attrset)2834 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2835 {
2836 *attrset = cil_malloc(sizeof(**attrset));
2837
2838 (*attrset)->attr_str = NULL;
2839 (*attrset)->attr = NULL;
2840 (*attrset)->str_expr = NULL;
2841 (*attrset)->datum_expr = NULL;
2842 }
2843
cil_userlevel_init(struct cil_userlevel ** usrlvl)2844 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2845 {
2846 *usrlvl = cil_malloc(sizeof(**usrlvl));
2847
2848 (*usrlvl)->user_str = NULL;
2849 (*usrlvl)->user = NULL;
2850 (*usrlvl)->level_str = NULL;
2851 (*usrlvl)->level = NULL;
2852 }
2853
cil_userrange_init(struct cil_userrange ** userrange)2854 void cil_userrange_init(struct cil_userrange **userrange)
2855 {
2856 *userrange = cil_malloc(sizeof(**userrange));
2857
2858 (*userrange)->user_str = NULL;
2859 (*userrange)->user = NULL;
2860 (*userrange)->range_str = NULL;
2861 (*userrange)->range = NULL;
2862 }
2863
cil_role_init(struct cil_role ** role)2864 void cil_role_init(struct cil_role **role)
2865 {
2866 *role = cil_malloc(sizeof(**role));
2867
2868 cil_symtab_datum_init(&(*role)->datum);
2869 (*role)->bounds = NULL;
2870 (*role)->types = NULL;
2871 (*role)->value = 0;
2872 }
2873
cil_type_init(struct cil_type ** type)2874 void cil_type_init(struct cil_type **type)
2875 {
2876 *type = cil_malloc(sizeof(**type));
2877
2878 cil_symtab_datum_init(&(*type)->datum);
2879 (*type)->bounds = NULL;
2880 (*type)->value = 0;
2881 }
2882
cil_cat_init(struct cil_cat ** cat)2883 void cil_cat_init(struct cil_cat **cat)
2884 {
2885 *cat = cil_malloc(sizeof(**cat));
2886
2887 cil_symtab_datum_init(&(*cat)->datum);
2888 (*cat)->ordered = CIL_FALSE;
2889 (*cat)->value = 0;
2890 }
2891
cil_args_init(struct cil_args ** args)2892 void cil_args_init(struct cil_args **args)
2893 {
2894 *args = cil_malloc(sizeof(**args));
2895 (*args)->arg_str = NULL;
2896 (*args)->arg = NULL;
2897 (*args)->param_str = NULL;
2898 (*args)->flavor = CIL_NONE;
2899 }
2900
cil_call_init(struct cil_call ** call)2901 void cil_call_init(struct cil_call **call)
2902 {
2903 *call = cil_malloc(sizeof(**call));
2904
2905 (*call)->macro_str = NULL;
2906 (*call)->macro = NULL;
2907 (*call)->args_tree = NULL;
2908 (*call)->args = NULL;
2909 (*call)->copied = 0;
2910 }
2911
cil_optional_init(struct cil_optional ** optional)2912 void cil_optional_init(struct cil_optional **optional)
2913 {
2914 *optional = cil_malloc(sizeof(**optional));
2915 cil_symtab_datum_init(&(*optional)->datum);
2916 }
2917
cil_param_init(struct cil_param ** param)2918 void cil_param_init(struct cil_param **param)
2919 {
2920 *param = cil_malloc(sizeof(**param));
2921
2922 (*param)->str = NULL;
2923 (*param)->flavor = CIL_NONE;
2924 }
2925
cil_macro_init(struct cil_macro ** macro)2926 void cil_macro_init(struct cil_macro **macro)
2927 {
2928 *macro = cil_malloc(sizeof(**macro));
2929
2930 cil_symtab_datum_init(&(*macro)->datum);
2931 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2932 (*macro)->params = NULL;
2933 }
2934
cil_policycap_init(struct cil_policycap ** policycap)2935 void cil_policycap_init(struct cil_policycap **policycap)
2936 {
2937 *policycap = cil_malloc(sizeof(**policycap));
2938
2939 cil_symtab_datum_init(&(*policycap)->datum);
2940 }
2941
cil_bounds_init(struct cil_bounds ** bounds)2942 void cil_bounds_init(struct cil_bounds **bounds)
2943 {
2944 *bounds = cil_malloc(sizeof(**bounds));
2945
2946 (*bounds)->parent_str = NULL;
2947 (*bounds)->parent = NULL;
2948 (*bounds)->child_str = NULL;
2949 (*bounds)->child = NULL;
2950 }
2951
cil_default_init(struct cil_default ** def)2952 void cil_default_init(struct cil_default **def)
2953 {
2954 *def = cil_malloc(sizeof(**def));
2955
2956 (*def)->flavor = CIL_NONE;
2957 (*def)->class_strs = NULL;
2958 (*def)->class_datums = NULL;
2959 }
2960
cil_defaultrange_init(struct cil_defaultrange ** def)2961 void cil_defaultrange_init(struct cil_defaultrange **def)
2962 {
2963 *def = cil_malloc(sizeof(**def));
2964
2965 (*def)->class_strs = NULL;
2966 (*def)->class_datums = NULL;
2967 }
2968
cil_handleunknown_init(struct cil_handleunknown ** unk)2969 void cil_handleunknown_init(struct cil_handleunknown **unk)
2970 {
2971 *unk = cil_malloc(sizeof(**unk));
2972 }
2973
cil_mls_init(struct cil_mls ** mls)2974 void cil_mls_init(struct cil_mls **mls)
2975 {
2976 *mls = cil_malloc(sizeof(**mls));
2977 (*mls)->value = 0;
2978 }
2979
cil_src_info_init(struct cil_src_info ** info)2980 void cil_src_info_init(struct cil_src_info **info)
2981 {
2982 *info = cil_malloc(sizeof(**info));
2983 (*info)->kind = NULL;
2984 (*info)->hll_line = 0;
2985 (*info)->path = NULL;
2986 }
2987