34 	avrule_t *avrule;  member
39 static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule,  in report_failure()  argument
43 	if (avrule->source_filename) {  in report_failure()
45 		    avrule->source_line, avrule->source_filename, avrule->line,  in report_failure()
50 	} else if (avrule->line) {  in report_failure()
52 		    avrule->line, p->p_type_val_to_name[stype],  in report_failure()
141 				policydb_t *p, const avrule_t *avrule,  in report_assertion_extended_permissions()  argument
172 				rc = check_extended_permissions(avrule->xperms, xperms);  in report_assertion_extended_permissions()
175 					extended_permissions_violated(&error, avrule->xperms, xperms);  in report_assertion_extended_permissions()
178 							avrule->source_line, avrule->source_filename, avrule->line,  in report_assertion_extended_permissions()
195 				avrule->source_line, avrule->source_filename, avrule->line,  in report_assertion_extended_permissions()
214 	avrule_t *avrule = a->avrule;  in report_assertion_avtab_matches()  local
224 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))  in report_assertion_avtab_matches()
232 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,  in report_assertion_avtab_matches()
240 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);  in report_assertion_avtab_matches()
244 	if (avrule->flags == RULE_SELF) {  in report_assertion_avtab_matches()
248 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);  in report_assertion_avtab_matches()
262 	for (cp = avrule->perms; cp; cp = cp->next) {  in report_assertion_avtab_matches()
271 				if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {  in report_assertion_avtab_matches()
272 					a->errors += report_assertion_extended_permissions(handle,p, avrule,  in report_assertion_avtab_matches()
276 					report_failure(handle, p, avrule, i, j, cp, perms);  in report_assertion_avtab_matches()
294 int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avrule_t *avrule)  in report_assertion_failures()  argument
301 	args.avrule = avrule;  in report_assertion_failures()
322 static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t *avtab,  in check_assertion_extended_permissions_avtab()  argument
329 	av_extended_perms_t *neverallow_xperms = avrule->xperms;  in check_assertion_extended_permissions_avtab()
377 static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab,  in check_assertion_extended_permissions()  argument
392 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,  in check_assertion_extended_permissions()
400 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types,  in check_assertion_extended_permissions()
405 	if (avrule->flags == RULE_SELF) {  in check_assertion_extended_permissions()
410 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);  in check_assertion_extended_permissions()
424 	for (cp = avrule->perms; cp; cp = cp->next) {  in check_assertion_extended_permissions()
430 						avrule, avtab, i, j, k, p);  in check_assertion_extended_permissions()
453 	avrule_t *avrule = a->avrule;  in check_assertion_avtab_match()  local
459 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))  in check_assertion_avtab_match()
462 	rc = ebitmap_match_any(&avrule->stypes.types, &p->attr_type_map[k->source_type - 1]);  in check_assertion_avtab_match()
466 	if (avrule->flags == RULE_SELF) {  in check_assertion_avtab_match()
478 		rc2 = ebitmap_match_any(&avrule->stypes.types, &match);  in check_assertion_avtab_match()
483 	rc = ebitmap_match_any(&avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);  in check_assertion_avtab_match()
487 	if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {  in check_assertion_avtab_match()
488 		rc = check_assertion_extended_permissions(avrule, avtab, k, p);  in check_assertion_avtab_match()
502 int check_assertion(policydb_t *p, avrule_t *avrule)  in check_assertion()  argument
509 	args.avrule = avrule;  in check_assertion()