34 	avrule_t *avrule;  member
39 static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule,  in report_failure()  argument
43 	if (avrule->source_filename) {  in report_failure()
45 		    avrule->source_line, avrule->source_filename, avrule->line,  in report_failure()
50 	} else if (avrule->line) {  in report_failure()
52 		    avrule->line, p->p_type_val_to_name[stype],  in report_failure()
141 				policydb_t *p, const avrule_t *avrule,  in report_assertion_extended_permissions()  argument
176 				rc = check_extended_permissions(avrule->xperms, xperms);  in report_assertion_extended_permissions()
179 					extended_permissions_violated(&error, avrule->xperms, xperms);  in report_assertion_extended_permissions()
182 							avrule->source_line, avrule->source_filename, avrule->line,  in report_assertion_extended_permissions()
199 				avrule->source_line, avrule->source_filename, avrule->line,  in report_assertion_extended_permissions()
218 	avrule_t *avrule = a->avrule;  in report_assertion_avtab_matches()  local
228 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))  in report_assertion_avtab_matches()
236 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,  in report_assertion_avtab_matches()
244 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);  in report_assertion_avtab_matches()
248 	if (avrule->flags == RULE_SELF) {  in report_assertion_avtab_matches()
252 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);  in report_assertion_avtab_matches()
266 	for (cp = avrule->perms; cp; cp = cp->next) {  in report_assertion_avtab_matches()
280 				if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {  in report_assertion_avtab_matches()
281 					a->errors += report_assertion_extended_permissions(handle,p, avrule,  in report_assertion_avtab_matches()
285 					report_failure(handle, p, avrule, i, j, cp, perms);  in report_assertion_avtab_matches()
303 int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avrule_t *avrule)  in report_assertion_failures()  argument
310 	args.avrule = avrule;  in report_assertion_failures()
331 static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t *avtab,  in check_assertion_extended_permissions_avtab()  argument
338 	av_extended_perms_t *neverallow_xperms = avrule->xperms;  in check_assertion_extended_permissions_avtab()
390 static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab,  in check_assertion_extended_permissions()  argument
405 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,  in check_assertion_extended_permissions()
413 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types,  in check_assertion_extended_permissions()
418 	if (avrule->flags == RULE_SELF) {  in check_assertion_extended_permissions()
423 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);  in check_assertion_extended_permissions()
437 	for (cp = avrule->perms; cp; cp = cp->next) {  in check_assertion_extended_permissions()
448 						avrule, avtab, i, j, k, p);  in check_assertion_extended_permissions()
471 	avrule_t *avrule = a->avrule;  in check_assertion_avtab_match()  local
477 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))  in check_assertion_avtab_match()
480 	rc = ebitmap_match_any(&avrule->stypes.types, &p->attr_type_map[k->source_type - 1]);  in check_assertion_avtab_match()
484 	if (avrule->flags == RULE_SELF) {  in check_assertion_avtab_match()
496 		rc2 = ebitmap_match_any(&avrule->stypes.types, &match);  in check_assertion_avtab_match()
501 	rc = ebitmap_match_any(&avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);  in check_assertion_avtab_match()
505 	if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {  in check_assertion_avtab_match()
506 		rc = check_assertion_extended_permissions(avrule, avtab, k, p);  in check_assertion_avtab_match()
520 int check_assertion(policydb_t *p, avrule_t *avrule)  in check_assertion()  argument
527 	args.avrule = avrule;  in check_assertion()