1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "cil_write_ast.h"
54
55 const int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
56 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
57 {8, 8, 8, 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
58 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
59 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
60 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
61 };
62
63 char *CIL_KEY_CONS_T1;
64 char *CIL_KEY_CONS_T2;
65 char *CIL_KEY_CONS_T3;
66 char *CIL_KEY_CONS_R1;
67 char *CIL_KEY_CONS_R2;
68 char *CIL_KEY_CONS_R3;
69 char *CIL_KEY_CONS_U1;
70 char *CIL_KEY_CONS_U2;
71 char *CIL_KEY_CONS_U3;
72 char *CIL_KEY_CONS_L1;
73 char *CIL_KEY_CONS_L2;
74 char *CIL_KEY_CONS_H1;
75 char *CIL_KEY_CONS_H2;
76 char *CIL_KEY_AND;
77 char *CIL_KEY_OR;
78 char *CIL_KEY_NOT;
79 char *CIL_KEY_EQ;
80 char *CIL_KEY_NEQ;
81 char *CIL_KEY_CONS_DOM;
82 char *CIL_KEY_CONS_DOMBY;
83 char *CIL_KEY_CONS_INCOMP;
84 char *CIL_KEY_CONDTRUE;
85 char *CIL_KEY_CONDFALSE;
86 char *CIL_KEY_SELF;
87 char *CIL_KEY_OBJECT_R;
88 char *CIL_KEY_STAR;
89 char *CIL_KEY_TCP;
90 char *CIL_KEY_UDP;
91 char *CIL_KEY_DCCP;
92 char *CIL_KEY_SCTP;
93 char *CIL_KEY_AUDITALLOW;
94 char *CIL_KEY_TUNABLEIF;
95 char *CIL_KEY_ALLOW;
96 char *CIL_KEY_DONTAUDIT;
97 char *CIL_KEY_TYPETRANSITION;
98 char *CIL_KEY_TYPECHANGE;
99 char *CIL_KEY_CALL;
100 char *CIL_KEY_TUNABLE;
101 char *CIL_KEY_XOR;
102 char *CIL_KEY_ALL;
103 char *CIL_KEY_RANGE;
104 char *CIL_KEY_GLOB;
105 char *CIL_KEY_FILE;
106 char *CIL_KEY_DIR;
107 char *CIL_KEY_CHAR;
108 char *CIL_KEY_BLOCK;
109 char *CIL_KEY_SOCKET;
110 char *CIL_KEY_PIPE;
111 char *CIL_KEY_SYMLINK;
112 char *CIL_KEY_ANY;
113 char *CIL_KEY_XATTR;
114 char *CIL_KEY_TASK;
115 char *CIL_KEY_TRANS;
116 char *CIL_KEY_TYPE;
117 char *CIL_KEY_ROLE;
118 char *CIL_KEY_USER;
119 char *CIL_KEY_USERATTRIBUTE;
120 char *CIL_KEY_USERATTRIBUTESET;
121 char *CIL_KEY_SENSITIVITY;
122 char *CIL_KEY_CATEGORY;
123 char *CIL_KEY_CATSET;
124 char *CIL_KEY_LEVEL;
125 char *CIL_KEY_LEVELRANGE;
126 char *CIL_KEY_CLASS;
127 char *CIL_KEY_IPADDR;
128 char *CIL_KEY_MAP_CLASS;
129 char *CIL_KEY_CLASSPERMISSION;
130 char *CIL_KEY_BOOL;
131 char *CIL_KEY_STRING;
132 char *CIL_KEY_NAME;
133 char *CIL_KEY_SOURCE;
134 char *CIL_KEY_TARGET;
135 char *CIL_KEY_LOW;
136 char *CIL_KEY_HIGH;
137 char *CIL_KEY_LOW_HIGH;
138 char *CIL_KEY_GLBLUB;
139 char *CIL_KEY_HANDLEUNKNOWN;
140 char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
141 char *CIL_KEY_HANDLEUNKNOWN_DENY;
142 char *CIL_KEY_HANDLEUNKNOWN_REJECT;
143 char *CIL_KEY_MACRO;
144 char *CIL_KEY_IN;
145 char *CIL_KEY_IN_BEFORE;
146 char *CIL_KEY_IN_AFTER;
147 char *CIL_KEY_MLS;
148 char *CIL_KEY_DEFAULTRANGE;
149 char *CIL_KEY_BLOCKINHERIT;
150 char *CIL_KEY_BLOCKABSTRACT;
151 char *CIL_KEY_CLASSORDER;
152 char *CIL_KEY_CLASSMAPPING;
153 char *CIL_KEY_CLASSPERMISSIONSET;
154 char *CIL_KEY_COMMON;
155 char *CIL_KEY_CLASSCOMMON;
156 char *CIL_KEY_SID;
157 char *CIL_KEY_SIDCONTEXT;
158 char *CIL_KEY_SIDORDER;
159 char *CIL_KEY_USERLEVEL;
160 char *CIL_KEY_USERRANGE;
161 char *CIL_KEY_USERBOUNDS;
162 char *CIL_KEY_USERPREFIX;
163 char *CIL_KEY_SELINUXUSER;
164 char *CIL_KEY_SELINUXUSERDEFAULT;
165 char *CIL_KEY_TYPEATTRIBUTE;
166 char *CIL_KEY_TYPEATTRIBUTESET;
167 char *CIL_KEY_EXPANDTYPEATTRIBUTE;
168 char *CIL_KEY_TYPEALIAS;
169 char *CIL_KEY_TYPEALIASACTUAL;
170 char *CIL_KEY_TYPEBOUNDS;
171 char *CIL_KEY_TYPEPERMISSIVE;
172 char *CIL_KEY_RANGETRANSITION;
173 char *CIL_KEY_USERROLE;
174 char *CIL_KEY_ROLETYPE;
175 char *CIL_KEY_ROLETRANSITION;
176 char *CIL_KEY_ROLEALLOW;
177 char *CIL_KEY_ROLEATTRIBUTE;
178 char *CIL_KEY_ROLEATTRIBUTESET;
179 char *CIL_KEY_ROLEBOUNDS;
180 char *CIL_KEY_BOOLEANIF;
181 char *CIL_KEY_NEVERALLOW;
182 char *CIL_KEY_TYPEMEMBER;
183 char *CIL_KEY_SENSALIAS;
184 char *CIL_KEY_SENSALIASACTUAL;
185 char *CIL_KEY_CATALIAS;
186 char *CIL_KEY_CATALIASACTUAL;
187 char *CIL_KEY_CATORDER;
188 char *CIL_KEY_SENSITIVITYORDER;
189 char *CIL_KEY_SENSCAT;
190 char *CIL_KEY_CONSTRAIN;
191 char *CIL_KEY_MLSCONSTRAIN;
192 char *CIL_KEY_VALIDATETRANS;
193 char *CIL_KEY_MLSVALIDATETRANS;
194 char *CIL_KEY_CONTEXT;
195 char *CIL_KEY_FILECON;
196 char *CIL_KEY_IBPKEYCON;
197 char *CIL_KEY_IBENDPORTCON;
198 char *CIL_KEY_PORTCON;
199 char *CIL_KEY_NODECON;
200 char *CIL_KEY_GENFSCON;
201 char *CIL_KEY_NETIFCON;
202 char *CIL_KEY_PIRQCON;
203 char *CIL_KEY_IOMEMCON;
204 char *CIL_KEY_IOPORTCON;
205 char *CIL_KEY_PCIDEVICECON;
206 char *CIL_KEY_DEVICETREECON;
207 char *CIL_KEY_FSUSE;
208 char *CIL_KEY_POLICYCAP;
209 char *CIL_KEY_OPTIONAL;
210 char *CIL_KEY_DEFAULTUSER;
211 char *CIL_KEY_DEFAULTROLE;
212 char *CIL_KEY_DEFAULTTYPE;
213 char *CIL_KEY_ROOT;
214 char *CIL_KEY_NODE;
215 char *CIL_KEY_PERM;
216 char *CIL_KEY_ALLOWX;
217 char *CIL_KEY_AUDITALLOWX;
218 char *CIL_KEY_DONTAUDITX;
219 char *CIL_KEY_NEVERALLOWX;
220 char *CIL_KEY_PERMISSIONX;
221 char *CIL_KEY_IOCTL;
222 char *CIL_KEY_UNORDERED;
223 char *CIL_KEY_SRC_INFO;
224 char *CIL_KEY_SRC_CIL;
225 char *CIL_KEY_SRC_HLL_LMS;
226 char *CIL_KEY_SRC_HLL_LMX;
227 char *CIL_KEY_SRC_HLL_LME;
228
cil_init_keys(void)229 static void cil_init_keys(void)
230 {
231 /* Initialize CIL Keys into strpool */
232 CIL_KEY_CONS_T1 = cil_strpool_add("t1");
233 CIL_KEY_CONS_T2 = cil_strpool_add("t2");
234 CIL_KEY_CONS_T3 = cil_strpool_add("t3");
235 CIL_KEY_CONS_R1 = cil_strpool_add("r1");
236 CIL_KEY_CONS_R2 = cil_strpool_add("r2");
237 CIL_KEY_CONS_R3 = cil_strpool_add("r3");
238 CIL_KEY_CONS_U1 = cil_strpool_add("u1");
239 CIL_KEY_CONS_U2 = cil_strpool_add("u2");
240 CIL_KEY_CONS_U3 = cil_strpool_add("u3");
241 CIL_KEY_CONS_L1 = cil_strpool_add("l1");
242 CIL_KEY_CONS_L2 = cil_strpool_add("l2");
243 CIL_KEY_CONS_H1 = cil_strpool_add("h1");
244 CIL_KEY_CONS_H2 = cil_strpool_add("h2");
245 CIL_KEY_AND = cil_strpool_add("and");
246 CIL_KEY_OR = cil_strpool_add("or");
247 CIL_KEY_NOT = cil_strpool_add("not");
248 CIL_KEY_EQ = cil_strpool_add("eq");
249 CIL_KEY_NEQ = cil_strpool_add("neq");
250 CIL_KEY_CONS_DOM = cil_strpool_add("dom");
251 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
252 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
253 CIL_KEY_CONDTRUE = cil_strpool_add("true");
254 CIL_KEY_CONDFALSE = cil_strpool_add("false");
255 CIL_KEY_SELF = cil_strpool_add("self");
256 CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
257 CIL_KEY_STAR = cil_strpool_add("*");
258 CIL_KEY_UDP = cil_strpool_add("udp");
259 CIL_KEY_TCP = cil_strpool_add("tcp");
260 CIL_KEY_DCCP = cil_strpool_add("dccp");
261 CIL_KEY_SCTP = cil_strpool_add("sctp");
262 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
263 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
264 CIL_KEY_ALLOW = cil_strpool_add("allow");
265 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
266 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
267 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
268 CIL_KEY_CALL = cil_strpool_add("call");
269 CIL_KEY_TUNABLE = cil_strpool_add("tunable");
270 CIL_KEY_XOR = cil_strpool_add("xor");
271 CIL_KEY_ALL = cil_strpool_add("all");
272 CIL_KEY_RANGE = cil_strpool_add("range");
273 CIL_KEY_TYPE = cil_strpool_add("type");
274 CIL_KEY_ROLE = cil_strpool_add("role");
275 CIL_KEY_USER = cil_strpool_add("user");
276 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
277 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
278 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
279 CIL_KEY_CATEGORY = cil_strpool_add("category");
280 CIL_KEY_CATSET = cil_strpool_add("categoryset");
281 CIL_KEY_LEVEL = cil_strpool_add("level");
282 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
283 CIL_KEY_CLASS = cil_strpool_add("class");
284 CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
285 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
286 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
287 CIL_KEY_BOOL = cil_strpool_add("boolean");
288 CIL_KEY_STRING = cil_strpool_add("string");
289 CIL_KEY_NAME = cil_strpool_add("name");
290 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
291 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
292 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
293 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
294 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
295 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
296 CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
297 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
298 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
299 CIL_KEY_COMMON = cil_strpool_add("common");
300 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
301 CIL_KEY_SID = cil_strpool_add("sid");
302 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
303 CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
304 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
305 CIL_KEY_USERRANGE = cil_strpool_add("userrange");
306 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
307 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
308 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
309 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
310 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
311 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
312 CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute");
313 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
314 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
315 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
316 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
317 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
318 CIL_KEY_USERROLE = cil_strpool_add("userrole");
319 CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
320 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
321 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
322 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
323 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
324 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
325 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
326 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
327 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
328 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
329 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
330 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
331 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
332 CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
333 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
334 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
335 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
336 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
337 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
338 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
339 CIL_KEY_CONTEXT = cil_strpool_add("context");
340 CIL_KEY_FILECON = cil_strpool_add("filecon");
341 CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon");
342 CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon");
343 CIL_KEY_PORTCON = cil_strpool_add("portcon");
344 CIL_KEY_NODECON = cil_strpool_add("nodecon");
345 CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
346 CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
347 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
348 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
349 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
350 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
351 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
352 CIL_KEY_FSUSE = cil_strpool_add("fsuse");
353 CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
354 CIL_KEY_OPTIONAL = cil_strpool_add("optional");
355 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
356 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
357 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
358 CIL_KEY_MACRO = cil_strpool_add("macro");
359 CIL_KEY_IN = cil_strpool_add("in");
360 CIL_KEY_IN_BEFORE = cil_strpool_add("before");
361 CIL_KEY_IN_AFTER = cil_strpool_add("after");
362 CIL_KEY_MLS = cil_strpool_add("mls");
363 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
364 CIL_KEY_GLOB = cil_strpool_add("*");
365 CIL_KEY_FILE = cil_strpool_add("file");
366 CIL_KEY_DIR = cil_strpool_add("dir");
367 CIL_KEY_CHAR = cil_strpool_add("char");
368 CIL_KEY_BLOCK = cil_strpool_add("block");
369 CIL_KEY_SOCKET = cil_strpool_add("socket");
370 CIL_KEY_PIPE = cil_strpool_add("pipe");
371 CIL_KEY_SYMLINK = cil_strpool_add("symlink");
372 CIL_KEY_ANY = cil_strpool_add("any");
373 CIL_KEY_XATTR = cil_strpool_add("xattr");
374 CIL_KEY_TASK = cil_strpool_add("task");
375 CIL_KEY_TRANS = cil_strpool_add("trans");
376 CIL_KEY_SOURCE = cil_strpool_add("source");
377 CIL_KEY_TARGET = cil_strpool_add("target");
378 CIL_KEY_LOW = cil_strpool_add("low");
379 CIL_KEY_HIGH = cil_strpool_add("high");
380 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
381 CIL_KEY_GLBLUB = cil_strpool_add("glblub");
382 CIL_KEY_ROOT = cil_strpool_add("<root>");
383 CIL_KEY_NODE = cil_strpool_add("<node>");
384 CIL_KEY_PERM = cil_strpool_add("perm");
385 CIL_KEY_ALLOWX = cil_strpool_add("allowx");
386 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
387 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
388 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
389 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
390 CIL_KEY_IOCTL = cil_strpool_add("ioctl");
391 CIL_KEY_UNORDERED = cil_strpool_add("unordered");
392 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
393 CIL_KEY_SRC_CIL = cil_strpool_add("cil");
394 CIL_KEY_SRC_HLL_LMS = cil_strpool_add("lms");
395 CIL_KEY_SRC_HLL_LMX = cil_strpool_add("lmx");
396 CIL_KEY_SRC_HLL_LME = cil_strpool_add("lme");
397 }
398
cil_db_init(struct cil_db ** db)399 void cil_db_init(struct cil_db **db)
400 {
401 *db = cil_malloc(sizeof(**db));
402
403 cil_strpool_init();
404 cil_init_keys();
405
406 cil_tree_init(&(*db)->parse);
407 cil_tree_init(&(*db)->ast);
408 cil_root_init((struct cil_root **)&(*db)->ast->root->data);
409 (*db)->sidorder = NULL;
410 (*db)->classorder = NULL;
411 (*db)->catorder = NULL;
412 (*db)->sensitivityorder = NULL;
413 cil_sort_init(&(*db)->netifcon);
414 cil_sort_init(&(*db)->genfscon);
415 cil_sort_init(&(*db)->filecon);
416 cil_sort_init(&(*db)->nodecon);
417 cil_sort_init(&(*db)->ibpkeycon);
418 cil_sort_init(&(*db)->ibendportcon);
419 cil_sort_init(&(*db)->portcon);
420 cil_sort_init(&(*db)->pirqcon);
421 cil_sort_init(&(*db)->iomemcon);
422 cil_sort_init(&(*db)->ioportcon);
423 cil_sort_init(&(*db)->pcidevicecon);
424 cil_sort_init(&(*db)->devicetreecon);
425 cil_sort_init(&(*db)->fsuse);
426 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
427 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
428 cil_list_init(&(*db)->names, CIL_LIST_ITEM);
429
430 cil_type_init(&(*db)->selftype);
431 (*db)->selftype->datum.name = CIL_KEY_SELF;
432 (*db)->selftype->datum.fqn = CIL_KEY_SELF;
433 (*db)->num_types_and_attrs = 0;
434 (*db)->num_classes = 0;
435 (*db)->num_types = 0;
436 (*db)->num_roles = 0;
437 (*db)->num_users = 0;
438 (*db)->num_cats = 0;
439 (*db)->val_to_type = NULL;
440 (*db)->val_to_role = NULL;
441 (*db)->val_to_user = NULL;
442
443 (*db)->disable_dontaudit = CIL_FALSE;
444 (*db)->disable_neverallow = CIL_FALSE;
445 (*db)->attrs_expand_generated = CIL_FALSE;
446 (*db)->attrs_expand_size = 1;
447 (*db)->preserve_tunables = CIL_FALSE;
448 (*db)->handle_unknown = -1;
449 (*db)->mls = -1;
450 (*db)->multiple_decls = CIL_FALSE;
451 (*db)->qualified_names = CIL_FALSE;
452 (*db)->target_platform = SEPOL_TARGET_SELINUX;
453 (*db)->policy_version = POLICYDB_VERSION_MAX;
454 }
455
cil_db_destroy(struct cil_db ** db)456 void cil_db_destroy(struct cil_db **db)
457 {
458 if (db == NULL || *db == NULL) {
459 return;
460 }
461
462 cil_tree_destroy(&(*db)->parse);
463 cil_tree_destroy(&(*db)->ast);
464 cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
465 cil_list_destroy(&(*db)->classorder, CIL_FALSE);
466 cil_list_destroy(&(*db)->catorder, CIL_FALSE);
467 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
468 cil_sort_destroy(&(*db)->netifcon);
469 cil_sort_destroy(&(*db)->genfscon);
470 cil_sort_destroy(&(*db)->filecon);
471 cil_sort_destroy(&(*db)->nodecon);
472 cil_sort_destroy(&(*db)->ibpkeycon);
473 cil_sort_destroy(&(*db)->ibendportcon);
474 cil_sort_destroy(&(*db)->portcon);
475 cil_sort_destroy(&(*db)->pirqcon);
476 cil_sort_destroy(&(*db)->iomemcon);
477 cil_sort_destroy(&(*db)->ioportcon);
478 cil_sort_destroy(&(*db)->pcidevicecon);
479 cil_sort_destroy(&(*db)->devicetreecon);
480 cil_sort_destroy(&(*db)->fsuse);
481 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
482 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
483 cil_list_destroy(&(*db)->names, CIL_TRUE);
484
485 cil_destroy_type((*db)->selftype);
486
487 cil_strpool_destroy();
488 free((*db)->val_to_type);
489 free((*db)->val_to_role);
490 free((*db)->val_to_user);
491
492 free(*db);
493 *db = NULL;
494 }
495
cil_root_init(struct cil_root ** root)496 void cil_root_init(struct cil_root **root)
497 {
498 struct cil_root *r = cil_malloc(sizeof(*r));
499 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
500
501 *root = r;
502 }
503
cil_root_destroy(struct cil_root * root)504 void cil_root_destroy(struct cil_root *root)
505 {
506 if (root == NULL) {
507 return;
508 }
509 cil_symtab_array_destroy(root->symtab);
510 free(root);
511 }
512
cil_add_file(cil_db_t * db,const char * name,const char * data,size_t size)513 int cil_add_file(cil_db_t *db, const char *name, const char *data, size_t size)
514 {
515 char *buffer = NULL;
516 int rc;
517
518 cil_log(CIL_INFO, "Parsing %s\n", name);
519
520 buffer = cil_malloc(size + 2);
521 memcpy(buffer, data, size);
522 memset(buffer + size, 0, 2);
523
524 rc = cil_parser(name, buffer, size + 2, &db->parse);
525 if (rc != SEPOL_OK) {
526 cil_log(CIL_INFO, "Failed to parse %s\n", name);
527 goto exit;
528 }
529
530 free(buffer);
531 buffer = NULL;
532
533 rc = SEPOL_OK;
534
535 exit:
536 free(buffer);
537
538 return rc;
539 }
540
cil_compile(struct cil_db * db)541 int cil_compile(struct cil_db *db)
542 {
543 int rc = SEPOL_ERR;
544
545 if (db == NULL) {
546 goto exit;
547 }
548
549 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
550 rc = cil_build_ast(db, db->parse->root, db->ast->root);
551 if (rc != SEPOL_OK) {
552 cil_log(CIL_ERR, "Failed to build AST\n");
553 goto exit;
554 }
555
556 cil_log(CIL_INFO, "Destroying Parse Tree\n");
557 cil_tree_destroy(&db->parse);
558
559 cil_log(CIL_INFO, "Resolving AST\n");
560 rc = cil_resolve_ast(db, db->ast->root);
561 if (rc != SEPOL_OK) {
562 cil_log(CIL_ERR, "Failed to resolve AST\n");
563 goto exit;
564 }
565
566 cil_log(CIL_INFO, "Qualifying Names\n");
567 rc = cil_fqn_qualify(db->ast->root);
568 if (rc != SEPOL_OK) {
569 cil_log(CIL_ERR, "Failed to qualify names\n");
570 goto exit;
571 }
572
573 cil_log(CIL_INFO, "Compile post process\n");
574 rc = cil_post_process(db);
575 if (rc != SEPOL_OK ) {
576 cil_log(CIL_ERR, "Post process failed\n");
577 goto exit;
578 }
579
580 exit:
581
582 return rc;
583 }
584
cil_write_parse_ast(FILE * out,cil_db_t * db)585 int cil_write_parse_ast(FILE *out, cil_db_t *db)
586 {
587 int rc = SEPOL_ERR;
588
589 if (db == NULL) {
590 goto exit;
591 }
592
593 cil_log(CIL_INFO, "Writing Parse AST\n");
594 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_PARSE, db->parse->root);
595 if (rc != SEPOL_OK) {
596 cil_log(CIL_ERR, "Failed to write parse ast\n");
597 goto exit;
598 }
599
600 exit:
601 return rc;
602 }
603
cil_write_build_ast(FILE * out,cil_db_t * db)604 int cil_write_build_ast(FILE *out, cil_db_t *db)
605 {
606 int rc = SEPOL_ERR;
607
608 if (db == NULL) {
609 goto exit;
610 }
611
612 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
613 rc = cil_build_ast(db, db->parse->root, db->ast->root);
614 if (rc != SEPOL_OK) {
615 cil_log(CIL_ERR, "Failed to build ast\n");
616 goto exit;
617 }
618
619 cil_log(CIL_INFO, "Destroying Parse Tree\n");
620 cil_tree_destroy(&db->parse);
621
622 cil_log(CIL_INFO, "Writing Build AST\n");
623 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_BUILD, db->ast->root);
624 if (rc != SEPOL_OK) {
625 cil_log(CIL_ERR, "Failed to write build ast\n");
626 goto exit;
627 }
628
629 exit:
630 return rc;
631 }
632
cil_write_resolve_ast(FILE * out,cil_db_t * db)633 int cil_write_resolve_ast(FILE *out, cil_db_t *db)
634 {
635 int rc = SEPOL_ERR;
636
637 if (db == NULL) {
638 goto exit;
639 }
640
641 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
642 rc = cil_build_ast(db, db->parse->root, db->ast->root);
643 if (rc != SEPOL_OK) {
644 cil_log(CIL_ERR, "Failed to build ast\n");
645 goto exit;
646 }
647
648 cil_log(CIL_INFO, "Destroying Parse Tree\n");
649 cil_tree_destroy(&db->parse);
650
651 cil_log(CIL_INFO, "Resolving AST\n");
652 rc = cil_resolve_ast(db, db->ast->root);
653 if (rc != SEPOL_OK) {
654 cil_log(CIL_ERR, "Failed to resolve ast\n");
655 goto exit;
656 }
657
658 cil_log(CIL_INFO, "Qualifying Names\n");
659 rc = cil_fqn_qualify(db->ast->root);
660 if (rc != SEPOL_OK) {
661 cil_log(CIL_ERR, "Failed to qualify names\n");
662 goto exit;
663 }
664
665 cil_log(CIL_INFO, "Writing Resolve AST\n");
666 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_RESOLVE, db->ast->root);
667 if (rc != SEPOL_OK) {
668 cil_log(CIL_ERR, "Failed to write resolve ast\n");
669 goto exit;
670 }
671
672 exit:
673 return rc;
674 }
675
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)676 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
677 {
678 int rc;
679
680 cil_log(CIL_INFO, "Building policy binary\n");
681 rc = cil_binary_create(db, sepol_db);
682 if (rc != SEPOL_OK) {
683 cil_log(CIL_ERR, "Failed to generate binary\n");
684 goto exit;
685 }
686
687 exit:
688 return rc;
689 }
690
cil_write_policy_conf(FILE * out,struct cil_db * db)691 void cil_write_policy_conf(FILE *out, struct cil_db *db)
692 {
693 cil_log(CIL_INFO, "Writing policy.conf file\n");
694 cil_gen_policy(out, db);
695 }
696
cil_destroy_data(void ** data,enum cil_flavor flavor)697 void cil_destroy_data(void **data, enum cil_flavor flavor)
698 {
699 if (*data == NULL) {
700 return;
701 }
702
703 switch(flavor) {
704 case CIL_NONE:
705 break;
706 case CIL_ROOT:
707 cil_root_destroy(*data);
708 break;
709 case CIL_NODE:
710 break;
711 case CIL_STRING:
712 break;
713 case CIL_DATUM:
714 break;
715 case CIL_LIST:
716 cil_list_destroy(*data, CIL_FALSE);
717 break;
718 case CIL_LIST_ITEM:
719 break;
720 case CIL_PARAM:
721 cil_destroy_param(*data);
722 break;
723 case CIL_ARGS:
724 cil_destroy_args(*data);
725 break;
726 case CIL_BLOCK:
727 cil_destroy_block(*data);
728 break;
729 case CIL_BLOCKINHERIT:
730 cil_destroy_blockinherit(*data);
731 break;
732 case CIL_BLOCKABSTRACT:
733 cil_destroy_blockabstract(*data);
734 break;
735 case CIL_IN:
736 cil_destroy_in(*data);
737 break;
738 case CIL_MACRO:
739 cil_destroy_macro(*data);
740 break;
741 case CIL_CALL:
742 cil_destroy_call(*data);
743 break;
744 case CIL_OPTIONAL:
745 cil_destroy_optional(*data);
746 break;
747 case CIL_BOOL:
748 cil_destroy_bool(*data);
749 break;
750 case CIL_BOOLEANIF:
751 cil_destroy_boolif(*data);
752 break;
753 case CIL_TUNABLE:
754 cil_destroy_tunable(*data);
755 break;
756 case CIL_TUNABLEIF:
757 cil_destroy_tunif(*data);
758 break;
759 case CIL_CONDBLOCK:
760 cil_destroy_condblock(*data);
761 break;
762 case CIL_CONDTRUE:
763 break;
764 case CIL_CONDFALSE:
765 break;
766 case CIL_PERM:
767 case CIL_MAP_PERM:
768 cil_destroy_perm(*data);
769 break;
770 case CIL_COMMON:
771 case CIL_CLASS:
772 case CIL_MAP_CLASS:
773 cil_destroy_class(*data);
774 break;
775 case CIL_CLASSORDER:
776 cil_destroy_classorder(*data);
777 break;
778 case CIL_CLASSPERMISSION:
779 cil_destroy_classpermission(*data);
780 break;
781 case CIL_CLASSCOMMON:
782 cil_destroy_classcommon(*data);
783 break;
784 case CIL_CLASSMAPPING:
785 cil_destroy_classmapping(*data);
786 break;
787 case CIL_CLASSPERMS:
788 cil_destroy_classperms(*data);
789 break;
790 case CIL_CLASSPERMS_SET:
791 cil_destroy_classperms_set(*data);
792 break;
793 case CIL_CLASSPERMISSIONSET:
794 cil_destroy_classpermissionset(*data);
795 break;
796 case CIL_USER:
797 cil_destroy_user(*data);
798 break;
799 case CIL_USERATTRIBUTE:
800 cil_destroy_userattribute(*data);
801 break;
802 case CIL_USERATTRIBUTESET:
803 cil_destroy_userattributeset(*data);
804 break;
805 case CIL_USERPREFIX:
806 cil_destroy_userprefix(*data);
807 break;
808 case CIL_USERROLE:
809 cil_destroy_userrole(*data);
810 break;
811 case CIL_USERLEVEL:
812 cil_destroy_userlevel(*data);
813 break;
814 case CIL_USERRANGE:
815 cil_destroy_userrange(*data);
816 break;
817 case CIL_USERBOUNDS:
818 cil_destroy_bounds(*data);
819 break;
820 case CIL_SELINUXUSER:
821 case CIL_SELINUXUSERDEFAULT:
822 cil_destroy_selinuxuser(*data);
823 break;
824 case CIL_ROLE:
825 cil_destroy_role(*data);
826 break;
827 case CIL_ROLEATTRIBUTE:
828 cil_destroy_roleattribute(*data);
829 break;
830 case CIL_ROLEATTRIBUTESET:
831 cil_destroy_roleattributeset(*data);
832 break;
833 case CIL_ROLETYPE:
834 cil_destroy_roletype(*data);
835 break;
836 case CIL_ROLEBOUNDS:
837 cil_destroy_bounds(*data);
838 break;
839 case CIL_TYPE:
840 cil_destroy_type(*data);
841 break;
842 case CIL_TYPEATTRIBUTE:
843 cil_destroy_typeattribute(*data);
844 break;
845 case CIL_TYPEALIAS:
846 cil_destroy_alias(*data);
847 break;
848 case CIL_TYPEATTRIBUTESET:
849 cil_destroy_typeattributeset(*data);
850 break;
851 case CIL_EXPANDTYPEATTRIBUTE:
852 cil_destroy_expandtypeattribute(*data);
853 break;
854 case CIL_TYPEALIASACTUAL:
855 cil_destroy_aliasactual(*data);
856 break;
857 case CIL_TYPEBOUNDS:
858 cil_destroy_bounds(*data);
859 break;
860 case CIL_TYPEPERMISSIVE:
861 cil_destroy_typepermissive(*data);
862 break;
863 case CIL_SENS:
864 cil_destroy_sensitivity(*data);
865 break;
866 case CIL_SENSALIAS:
867 cil_destroy_alias(*data);
868 break;
869 case CIL_SENSALIASACTUAL:
870 cil_destroy_aliasactual(*data);
871 break;
872 case CIL_SENSITIVITYORDER:
873 cil_destroy_sensitivityorder(*data);
874 break;
875 case CIL_SENSCAT:
876 cil_destroy_senscat(*data);
877 break;
878 case CIL_CAT:
879 cil_destroy_category(*data);
880 break;
881 case CIL_CATSET:
882 cil_destroy_catset(*data);
883 break;
884 case CIL_CATALIAS:
885 cil_destroy_alias(*data);
886 break;
887 case CIL_CATALIASACTUAL:
888 cil_destroy_aliasactual(*data);
889 break;
890 case CIL_CATORDER:
891 cil_destroy_catorder(*data);
892 break;
893 case CIL_LEVEL:
894 cil_destroy_level(*data);
895 break;
896 case CIL_LEVELRANGE:
897 cil_destroy_levelrange(*data);
898 break;
899 case CIL_SID:
900 cil_destroy_sid(*data);
901 break;
902 case CIL_SIDORDER:
903 cil_destroy_sidorder(*data);
904 break;
905 case CIL_NAME:
906 cil_destroy_name(*data);
907 break;
908 case CIL_ROLEALLOW:
909 cil_destroy_roleallow(*data);
910 break;
911 case CIL_AVRULE:
912 case CIL_AVRULEX:
913 cil_destroy_avrule(*data);
914 break;
915 case CIL_PERMISSIONX:
916 cil_destroy_permissionx(*data);
917 break;
918 case CIL_ROLETRANSITION:
919 cil_destroy_roletransition(*data);
920 break;
921 case CIL_TYPE_RULE:
922 cil_destroy_type_rule(*data);
923 break;
924 case CIL_NAMETYPETRANSITION:
925 cil_destroy_typetransition(*data);
926 break;
927 case CIL_RANGETRANSITION:
928 cil_destroy_rangetransition(*data);
929 break;
930 case CIL_CONSTRAIN:
931 cil_destroy_constrain(*data);
932 break;
933 case CIL_MLSCONSTRAIN:
934 cil_destroy_constrain(*data);
935 break;
936 case CIL_VALIDATETRANS:
937 case CIL_MLSVALIDATETRANS:
938 cil_destroy_validatetrans(*data);
939 break;
940 case CIL_CONTEXT:
941 cil_destroy_context(*data);
942 break;
943 case CIL_IPADDR:
944 cil_destroy_ipaddr(*data);
945 break;
946 case CIL_SIDCONTEXT:
947 cil_destroy_sidcontext(*data);
948 break;
949 case CIL_FSUSE:
950 cil_destroy_fsuse(*data);
951 break;
952 case CIL_FILECON:
953 cil_destroy_filecon(*data);
954 break;
955 case CIL_IBPKEYCON:
956 cil_destroy_ibpkeycon(*data);
957 break;
958 case CIL_PORTCON:
959 cil_destroy_portcon(*data);
960 break;
961 case CIL_IBENDPORTCON:
962 cil_destroy_ibendportcon(*data);
963 break;
964 case CIL_NODECON:
965 cil_destroy_nodecon(*data);
966 break;
967 case CIL_GENFSCON:
968 cil_destroy_genfscon(*data);
969 break;
970 case CIL_NETIFCON:
971 cil_destroy_netifcon(*data);
972 break;
973 case CIL_PIRQCON:
974 cil_destroy_pirqcon(*data);
975 break;
976 case CIL_IOMEMCON:
977 cil_destroy_iomemcon(*data);
978 break;
979 case CIL_IOPORTCON:
980 cil_destroy_ioportcon(*data);
981 break;
982 case CIL_PCIDEVICECON:
983 cil_destroy_pcidevicecon(*data);
984 break;
985 case CIL_DEVICETREECON:
986 cil_destroy_devicetreecon(*data);
987 break;
988 case CIL_POLICYCAP:
989 cil_destroy_policycap(*data);
990 break;
991 case CIL_DEFAULTUSER:
992 case CIL_DEFAULTROLE:
993 case CIL_DEFAULTTYPE:
994 cil_destroy_default(*data);
995 break;
996 case CIL_DEFAULTRANGE:
997 cil_destroy_defaultrange(*data);
998 break;
999 case CIL_HANDLEUNKNOWN:
1000 cil_destroy_handleunknown(*data);
1001 break;
1002 case CIL_MLS:
1003 cil_destroy_mls(*data);
1004 break;
1005 case CIL_SRC_INFO:
1006 cil_destroy_src_info(*data);
1007 break;
1008 case CIL_OP:
1009 case CIL_CONS_OPERAND:
1010 break;
1011 default:
1012 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
1013 break;
1014 }
1015
1016 *data = NULL;
1017 }
1018
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)1019 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
1020 {
1021 if (flavor < CIL_MIN_DECLARATIVE) {
1022 return SEPOL_ERR;
1023 }
1024
1025 switch(flavor) {
1026 case CIL_BLOCK:
1027 *sym_index = CIL_SYM_BLOCKS;
1028 break;
1029 case CIL_MACRO:
1030 *sym_index = CIL_SYM_BLOCKS;
1031 break;
1032 case CIL_OPTIONAL:
1033 *sym_index = CIL_SYM_BLOCKS;
1034 break;
1035 case CIL_BOOL:
1036 *sym_index = CIL_SYM_BOOLS;
1037 break;
1038 case CIL_TUNABLE:
1039 *sym_index = CIL_SYM_TUNABLES;
1040 break;
1041 case CIL_PERM:
1042 case CIL_MAP_PERM:
1043 *sym_index = CIL_SYM_PERMS;
1044 break;
1045 case CIL_COMMON:
1046 *sym_index = CIL_SYM_COMMONS;
1047 break;
1048 case CIL_CLASS:
1049 case CIL_MAP_CLASS:
1050 *sym_index = CIL_SYM_CLASSES;
1051 break;
1052 case CIL_CLASSPERMISSION:
1053 case CIL_CLASSPERMISSIONSET:
1054 *sym_index = CIL_SYM_CLASSPERMSETS;
1055 break;
1056 case CIL_USER:
1057 case CIL_USERATTRIBUTE:
1058 *sym_index = CIL_SYM_USERS;
1059 break;
1060 case CIL_ROLE:
1061 case CIL_ROLEATTRIBUTE:
1062 *sym_index = CIL_SYM_ROLES;
1063 break;
1064 case CIL_TYPE:
1065 case CIL_TYPEALIAS:
1066 case CIL_TYPEATTRIBUTE:
1067 *sym_index = CIL_SYM_TYPES;
1068 break;
1069 case CIL_SENS:
1070 case CIL_SENSALIAS:
1071 *sym_index = CIL_SYM_SENS;
1072 break;
1073 case CIL_CAT:
1074 case CIL_CATSET:
1075 case CIL_CATALIAS:
1076 *sym_index = CIL_SYM_CATS;
1077 break;
1078 case CIL_LEVEL:
1079 *sym_index = CIL_SYM_LEVELS;
1080 break;
1081 case CIL_LEVELRANGE:
1082 *sym_index = CIL_SYM_LEVELRANGES;
1083 break;
1084 case CIL_SID:
1085 *sym_index = CIL_SYM_SIDS;
1086 break;
1087 case CIL_NAME:
1088 *sym_index = CIL_SYM_NAMES;
1089 break;
1090 case CIL_CONTEXT:
1091 *sym_index = CIL_SYM_CONTEXTS;
1092 break;
1093 case CIL_IPADDR:
1094 *sym_index = CIL_SYM_IPADDRS;
1095 break;
1096 case CIL_POLICYCAP:
1097 *sym_index = CIL_SYM_POLICYCAPS;
1098 break;
1099 case CIL_PERMISSIONX:
1100 *sym_index = CIL_SYM_PERMX;
1101 break;
1102 default:
1103 *sym_index = CIL_SYM_UNKNOWN;
1104 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
1105 return SEPOL_ERR;
1106 }
1107
1108 return SEPOL_OK;
1109 }
1110
cil_node_to_string(struct cil_tree_node * node)1111 const char * cil_node_to_string(struct cil_tree_node *node)
1112 {
1113 switch (node->flavor) {
1114 case CIL_NONE:
1115 return "<none>";
1116 case CIL_ROOT:
1117 return CIL_KEY_ROOT;
1118 case CIL_NODE:
1119 return CIL_KEY_NODE;
1120 case CIL_STRING:
1121 return "string";
1122 case CIL_DATUM:
1123 return "<datum>";
1124 case CIL_LIST:
1125 return "<list>";
1126 case CIL_LIST_ITEM:
1127 return "<list_item>";
1128 case CIL_PARAM:
1129 return "<param>";
1130 case CIL_ARGS:
1131 return "<args>";
1132 case CIL_BLOCK:
1133 return CIL_KEY_BLOCK;
1134 case CIL_BLOCKINHERIT:
1135 return CIL_KEY_BLOCKINHERIT;
1136 case CIL_BLOCKABSTRACT:
1137 return CIL_KEY_BLOCKABSTRACT;
1138 case CIL_IN:
1139 return CIL_KEY_IN;
1140 case CIL_MACRO:
1141 return CIL_KEY_MACRO;
1142 case CIL_CALL:
1143 return CIL_KEY_CALL;
1144 case CIL_OPTIONAL:
1145 return CIL_KEY_OPTIONAL;
1146 case CIL_BOOL:
1147 return CIL_KEY_BOOL;
1148 case CIL_BOOLEANIF:
1149 return CIL_KEY_BOOLEANIF;
1150 case CIL_TUNABLE:
1151 return CIL_KEY_TUNABLE;
1152 case CIL_TUNABLEIF:
1153 return CIL_KEY_TUNABLEIF;
1154 case CIL_CONDBLOCK:
1155 switch (((struct cil_condblock*)node->data)->flavor) {
1156 case CIL_CONDTRUE:
1157 return CIL_KEY_CONDTRUE;
1158 case CIL_CONDFALSE:
1159 return CIL_KEY_CONDFALSE;
1160 default:
1161 break;
1162 }
1163 break;
1164 case CIL_CONDTRUE:
1165 return CIL_KEY_CONDTRUE;
1166 case CIL_CONDFALSE:
1167 return CIL_KEY_CONDFALSE;
1168 case CIL_PERM:
1169 return CIL_KEY_PERM;
1170 case CIL_COMMON:
1171 return CIL_KEY_COMMON;
1172 case CIL_CLASS:
1173 return CIL_KEY_CLASS;
1174 case CIL_CLASSORDER:
1175 return CIL_KEY_CLASSORDER;
1176 case CIL_MAP_CLASS:
1177 return CIL_KEY_MAP_CLASS;
1178 case CIL_CLASSPERMISSION:
1179 return CIL_KEY_CLASSPERMISSION;
1180 case CIL_CLASSCOMMON:
1181 return CIL_KEY_CLASSCOMMON;
1182 case CIL_CLASSMAPPING:
1183 return CIL_KEY_CLASSMAPPING;
1184 case CIL_CLASSPERMISSIONSET:
1185 return CIL_KEY_CLASSPERMISSIONSET;
1186 case CIL_USER:
1187 return CIL_KEY_USER;
1188 case CIL_USERATTRIBUTE:
1189 return CIL_KEY_USERATTRIBUTE;
1190 case CIL_USERATTRIBUTESET:
1191 return CIL_KEY_USERATTRIBUTESET;
1192 case CIL_USERPREFIX:
1193 return CIL_KEY_USERPREFIX;
1194 case CIL_USERROLE:
1195 return CIL_KEY_USERROLE;
1196 case CIL_USERLEVEL:
1197 return CIL_KEY_USERLEVEL;
1198 case CIL_USERRANGE:
1199 return CIL_KEY_USERRANGE;
1200 case CIL_USERBOUNDS:
1201 return CIL_KEY_USERBOUNDS;
1202 case CIL_SELINUXUSER:
1203 return CIL_KEY_SELINUXUSER;
1204 case CIL_SELINUXUSERDEFAULT:
1205 return CIL_KEY_SELINUXUSERDEFAULT;
1206 case CIL_ROLE:
1207 return CIL_KEY_ROLE;
1208 case CIL_ROLEATTRIBUTE:
1209 return CIL_KEY_ROLEATTRIBUTE;
1210 case CIL_ROLEATTRIBUTESET:
1211 return CIL_KEY_ROLEATTRIBUTESET;
1212 case CIL_ROLETYPE:
1213 return CIL_KEY_ROLETYPE;
1214 case CIL_ROLEBOUNDS:
1215 return CIL_KEY_ROLEBOUNDS;
1216 case CIL_TYPE:
1217 return CIL_KEY_TYPE;
1218 case CIL_TYPEATTRIBUTE:
1219 return CIL_KEY_TYPEATTRIBUTE;
1220 case CIL_TYPEALIAS:
1221 return CIL_KEY_TYPEALIAS;
1222 case CIL_TYPEATTRIBUTESET:
1223 return CIL_KEY_TYPEATTRIBUTESET;
1224 case CIL_EXPANDTYPEATTRIBUTE:
1225 return CIL_KEY_EXPANDTYPEATTRIBUTE;
1226 case CIL_TYPEALIASACTUAL:
1227 return CIL_KEY_TYPEALIASACTUAL;
1228 case CIL_TYPEBOUNDS:
1229 return CIL_KEY_TYPEBOUNDS;
1230 case CIL_TYPEPERMISSIVE:
1231 return CIL_KEY_TYPEPERMISSIVE;
1232 case CIL_SENS:
1233 return CIL_KEY_SENSITIVITY;
1234 case CIL_SENSALIAS:
1235 return CIL_KEY_SENSALIAS;
1236 case CIL_SENSALIASACTUAL:
1237 return CIL_KEY_SENSALIASACTUAL;
1238 case CIL_SENSITIVITYORDER:
1239 return CIL_KEY_SENSITIVITYORDER;
1240 case CIL_SENSCAT:
1241 return CIL_KEY_SENSCAT;
1242 case CIL_CAT:
1243 return CIL_KEY_CATEGORY;
1244 case CIL_CATSET:
1245 return CIL_KEY_CATSET;
1246 case CIL_CATALIAS:
1247 return CIL_KEY_CATALIAS;
1248 case CIL_CATALIASACTUAL:
1249 return CIL_KEY_CATALIASACTUAL;
1250 case CIL_CATORDER:
1251 return CIL_KEY_CATORDER;
1252 case CIL_LEVEL:
1253 return CIL_KEY_LEVEL;
1254 case CIL_LEVELRANGE:
1255 return CIL_KEY_LEVELRANGE;
1256 case CIL_SID:
1257 return CIL_KEY_SID;
1258 case CIL_SIDORDER:
1259 return CIL_KEY_SIDORDER;
1260 case CIL_NAME:
1261 return CIL_KEY_NAME;
1262 case CIL_ROLEALLOW:
1263 return CIL_KEY_ROLEALLOW;
1264 case CIL_AVRULE:
1265 switch (((struct cil_avrule *)node->data)->rule_kind) {
1266 case CIL_AVRULE_ALLOWED:
1267 return CIL_KEY_ALLOW;
1268 case CIL_AVRULE_AUDITALLOW:
1269 return CIL_KEY_AUDITALLOW;
1270 case CIL_AVRULE_DONTAUDIT:
1271 return CIL_KEY_DONTAUDIT;
1272 case CIL_AVRULE_NEVERALLOW:
1273 return CIL_KEY_NEVERALLOW;
1274 default:
1275 break;
1276 }
1277 break;
1278 case CIL_AVRULEX:
1279 switch (((struct cil_avrule *)node->data)->rule_kind) {
1280 case CIL_AVRULE_ALLOWED:
1281 return CIL_KEY_ALLOWX;
1282 case CIL_AVRULE_AUDITALLOW:
1283 return CIL_KEY_AUDITALLOWX;
1284 case CIL_AVRULE_DONTAUDIT:
1285 return CIL_KEY_DONTAUDITX;
1286 case CIL_AVRULE_NEVERALLOW:
1287 return CIL_KEY_NEVERALLOWX;
1288 default:
1289 break;
1290 }
1291 break;
1292 case CIL_PERMISSIONX:
1293 return CIL_KEY_PERMISSIONX;
1294 case CIL_ROLETRANSITION:
1295 return CIL_KEY_ROLETRANSITION;
1296 case CIL_TYPE_RULE:
1297 switch (((struct cil_type_rule *)node->data)->rule_kind) {
1298 case CIL_TYPE_TRANSITION:
1299 return CIL_KEY_TYPETRANSITION;
1300 case CIL_TYPE_MEMBER:
1301 return CIL_KEY_TYPEMEMBER;
1302 case CIL_TYPE_CHANGE:
1303 return CIL_KEY_TYPECHANGE;
1304 default:
1305 break;
1306 }
1307 break;
1308 case CIL_NAMETYPETRANSITION:
1309 return CIL_KEY_TYPETRANSITION;
1310 case CIL_RANGETRANSITION:
1311 return CIL_KEY_RANGETRANSITION;
1312 case CIL_CONSTRAIN:
1313 return CIL_KEY_CONSTRAIN;
1314 case CIL_MLSCONSTRAIN:
1315 return CIL_KEY_MLSCONSTRAIN;
1316 case CIL_VALIDATETRANS:
1317 return CIL_KEY_VALIDATETRANS;
1318 case CIL_MLSVALIDATETRANS:
1319 return CIL_KEY_MLSVALIDATETRANS;
1320 case CIL_CONTEXT:
1321 return CIL_KEY_CONTEXT;
1322 case CIL_IPADDR:
1323 return CIL_KEY_IPADDR;
1324 case CIL_SIDCONTEXT:
1325 return CIL_KEY_SIDCONTEXT;
1326 case CIL_FSUSE:
1327 return CIL_KEY_FSUSE;
1328 case CIL_FILECON:
1329 return CIL_KEY_FILECON;
1330 case CIL_IBPKEYCON:
1331 return CIL_KEY_IBPKEYCON;
1332 case CIL_IBENDPORTCON:
1333 return CIL_KEY_IBENDPORTCON;
1334 case CIL_PORTCON:
1335 return CIL_KEY_PORTCON;
1336 case CIL_NODECON:
1337 return CIL_KEY_NODECON;
1338 case CIL_GENFSCON:
1339 return CIL_KEY_GENFSCON;
1340 case CIL_NETIFCON:
1341 return CIL_KEY_NETIFCON;
1342 case CIL_PIRQCON:
1343 return CIL_KEY_PIRQCON;
1344 case CIL_IOMEMCON:
1345 return CIL_KEY_IOMEMCON;
1346 case CIL_IOPORTCON:
1347 return CIL_KEY_IOPORTCON;
1348 case CIL_PCIDEVICECON:
1349 return CIL_KEY_PCIDEVICECON;
1350 case CIL_DEVICETREECON:
1351 return CIL_KEY_DEVICETREECON;
1352 case CIL_POLICYCAP:
1353 return CIL_KEY_POLICYCAP;
1354 case CIL_DEFAULTUSER:
1355 return CIL_KEY_DEFAULTUSER;
1356 case CIL_DEFAULTROLE:
1357 return CIL_KEY_DEFAULTROLE;
1358 case CIL_DEFAULTTYPE:
1359 return CIL_KEY_DEFAULTTYPE;
1360 case CIL_DEFAULTRANGE:
1361 return CIL_KEY_DEFAULTRANGE;
1362 case CIL_HANDLEUNKNOWN:
1363 return CIL_KEY_HANDLEUNKNOWN;
1364 case CIL_MLS:
1365 return CIL_KEY_MLS;
1366 case CIL_SRC_INFO:
1367 return CIL_KEY_SRC_INFO;
1368 case CIL_ALL:
1369 return CIL_KEY_ALL;
1370 case CIL_RANGE:
1371 return CIL_KEY_RANGE;
1372 case CIL_AND:
1373 return CIL_KEY_AND;
1374 case CIL_OR:
1375 return CIL_KEY_OR;
1376 case CIL_XOR:
1377 return CIL_KEY_XOR;
1378 case CIL_NOT:
1379 return CIL_KEY_NOT;
1380 case CIL_EQ:
1381 return CIL_KEY_EQ;
1382 case CIL_NEQ:
1383 return CIL_KEY_NEQ;
1384 case CIL_CONS_DOM:
1385 return CIL_KEY_CONS_DOM;
1386 case CIL_CONS_DOMBY:
1387 return CIL_KEY_CONS_DOMBY;
1388 case CIL_CONS_INCOMP:
1389 return CIL_KEY_CONS_INCOMP;
1390 case CIL_CONS_U1:
1391 return CIL_KEY_CONS_U1;
1392 case CIL_CONS_U2:
1393 return CIL_KEY_CONS_U2;
1394 case CIL_CONS_U3:
1395 return CIL_KEY_CONS_U3;
1396 case CIL_CONS_T1:
1397 return CIL_KEY_CONS_T1;
1398 case CIL_CONS_T2:
1399 return CIL_KEY_CONS_T2;
1400 case CIL_CONS_T3:
1401 return CIL_KEY_CONS_T3;
1402 case CIL_CONS_R1:
1403 return CIL_KEY_CONS_R1;
1404 case CIL_CONS_R2:
1405 return CIL_KEY_CONS_R2;
1406 case CIL_CONS_R3:
1407 return CIL_KEY_CONS_R3;
1408 case CIL_CONS_L1:
1409 return CIL_KEY_CONS_L1;
1410 case CIL_CONS_L2:
1411 return CIL_KEY_CONS_L2;
1412 case CIL_CONS_H1:
1413 return CIL_KEY_CONS_H1;
1414 case CIL_CONS_H2:
1415 return CIL_KEY_CONS_H2;
1416
1417 default:
1418 break;
1419 }
1420
1421 return "<unknown>";
1422 }
1423
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1424 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1425 {
1426 int rc = SEPOL_ERR;
1427 size_t str_len = 0;
1428 int buf_pos = 0;
1429 char *str_tmp = NULL;
1430 struct cil_list_item *curr;
1431 struct cil_userprefix *userprefix = NULL;
1432 struct cil_user *user = NULL;
1433
1434 *out = NULL;
1435
1436 if (db->userprefixes->head == NULL) {
1437 rc = SEPOL_OK;
1438 *size = 0;
1439 goto exit;
1440 }
1441
1442 cil_list_for_each(curr, db->userprefixes) {
1443 userprefix = curr->data;
1444 user = userprefix->user;
1445 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1446 }
1447
1448 *size = str_len * sizeof(char);
1449 str_len++;
1450 str_tmp = cil_malloc(str_len * sizeof(char));
1451 *out = str_tmp;
1452
1453 cil_list_for_each(curr, db->userprefixes) {
1454 userprefix = curr->data;
1455 user = userprefix->user;
1456
1457 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1458 userprefix->prefix_str);
1459 if (buf_pos < 0) {
1460 free(str_tmp);
1461 *size = 0;
1462 *out = NULL;
1463 goto exit;
1464 }
1465 str_len -= buf_pos;
1466 str_tmp += buf_pos;
1467 }
1468
1469 rc = SEPOL_OK;
1470 exit:
1471 return rc;
1472
1473 }
1474
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1475 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1476 {
1477 int rc = SEPOL_ERR;
1478 struct cil_list_item *i;
1479 struct cil_list_item *j;
1480 struct cil_cat* cat;
1481 struct cil_catset *cs;
1482 struct cil_tree_node *node;
1483
1484 if (cats == NULL) {
1485 rc = SEPOL_OK;
1486 goto exit;
1487 }
1488
1489 cil_list_for_each(i, cats->datum_expr) {
1490 node = NODE(i->data);
1491 if (node->flavor == CIL_CATSET) {
1492 cs = (struct cil_catset*)i->data;
1493 cil_list_for_each(j, cs->cats->datum_expr) {
1494 cat = (struct cil_cat*)j->data;
1495 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1496 if (rc != SEPOL_OK) {
1497 goto exit;
1498 }
1499 }
1500 } else {
1501 cat = (struct cil_cat*)i->data;
1502 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1503 if (rc != SEPOL_OK) {
1504 goto exit;
1505 }
1506 }
1507 }
1508
1509 return SEPOL_OK;
1510
1511 exit:
1512 return rc;
1513 }
1514
cil_level_equals(struct cil_level * low,struct cil_level * high)1515 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1516 {
1517 int rc;
1518 struct ebitmap elow;
1519 struct ebitmap ehigh;
1520
1521 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1522 rc = 0;
1523 goto exit;
1524 }
1525
1526 ebitmap_init(&elow);
1527 ebitmap_init(&ehigh);
1528
1529 rc = cil_cats_to_ebitmap(low->cats, &elow);
1530 if (rc != SEPOL_OK) {
1531 goto exit;
1532 }
1533
1534 rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1535 if (rc != SEPOL_OK) {
1536 goto exit;
1537 }
1538
1539 rc = ebitmap_cmp(&elow, &ehigh);
1540 ebitmap_destroy(&elow);
1541 ebitmap_destroy(&ehigh);
1542
1543 exit:
1544 return rc;
1545 }
1546
__cil_level_strlen(struct cil_level * lvl)1547 static int __cil_level_strlen(struct cil_level *lvl)
1548 {
1549 struct cil_list_item *item;
1550 struct cil_cats *cats = lvl->cats;
1551 int str_len = 0;
1552 char *str1 = NULL;
1553 char *str2 = NULL;
1554 int first = -1;
1555 int last = -1;
1556
1557 str_len += strlen(lvl->sens->datum.fqn);
1558
1559 if (cats && cats->datum_expr != NULL) {
1560 str_len++; /* initial ":" */
1561 cil_list_for_each(item, cats->datum_expr) {
1562 struct cil_cat *cat = item->data;
1563 if (first == -1) {
1564 str1 = cat->datum.fqn;
1565 first = cat->value;
1566 last = first;
1567 } else if (cat->value == last + 1) {
1568 last++;
1569 str2 = cat->datum.fqn;
1570 } else {
1571 if (first == last) {
1572 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1573 } else if (last == first + 1) {
1574 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1575 } else {
1576 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1577 }
1578 first = -1;
1579 last = -1;
1580 if (item->next != NULL) {
1581 str_len++; /* space for "," after */
1582 }
1583 }
1584 }
1585 if (first != -1) {
1586 if (first == last) {
1587 str_len += strlen(str1);
1588 } else if (last == first + 1) {
1589 str_len += strlen(str1) + strlen(str2) + 1;
1590 } else {
1591 str_len += strlen(str1) + strlen(str2) + 1;
1592 }
1593 }
1594 }
1595
1596 return str_len;
1597 }
1598
__cil_level_to_string(struct cil_level * lvl,char * out)1599 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1600 {
1601 struct cil_list_item *item;
1602 struct cil_cats *cats = lvl->cats;
1603 int buf_pos = 0;
1604 char *str_tmp = out;
1605 char *str1 = NULL;
1606 char *str2 = NULL;
1607 int first = -1;
1608 int last = -1;
1609
1610 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1611 str_tmp += buf_pos;
1612
1613 if (cats && cats->datum_expr != NULL) {
1614 buf_pos = sprintf(str_tmp, ":");
1615 str_tmp += buf_pos;
1616
1617 cil_list_for_each(item, cats->datum_expr) {
1618 struct cil_cat *cat = item->data;
1619 if (first == -1) {
1620 str1 = cat->datum.fqn;
1621 first = cat->value;
1622 last = first;
1623 } else if (cat->value == last + 1) {
1624 last++;
1625 str2 = cat->datum.fqn;
1626 } else {
1627 if (first == last) {
1628 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1629 str_tmp += buf_pos;
1630 } else if (last == first + 1) {
1631 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1632 str_tmp += buf_pos;
1633 } else {
1634 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1635 str_tmp += buf_pos;
1636 }
1637 first = -1;
1638 last = -1;
1639 if (item->next != NULL) {
1640 buf_pos = sprintf(str_tmp, ",");
1641 str_tmp += buf_pos;
1642 }
1643 }
1644 }
1645 if (first != -1) {
1646 if (first == last) {
1647 buf_pos = sprintf(str_tmp, "%s", str1);
1648 str_tmp += buf_pos;
1649 } else if (last == first + 1) {
1650 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1651 str_tmp += buf_pos;
1652 } else {
1653 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1654 str_tmp += buf_pos;
1655 }
1656 }
1657 }
1658
1659 return str_tmp - out;
1660 }
1661
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1662 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1663 {
1664 size_t str_len = 0;
1665 int buf_pos = 0;
1666 char *str_tmp = NULL;
1667 struct cil_list_item *curr;
1668
1669 if (db->selinuxusers->head == NULL) {
1670 *size = 0;
1671 *out = NULL;
1672 return SEPOL_OK;
1673 }
1674
1675 cil_list_for_each(curr, db->selinuxusers) {
1676 struct cil_selinuxuser *selinuxuser = curr->data;
1677 struct cil_user *user = selinuxuser->user;
1678
1679 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1680
1681 if (db->mls == CIL_TRUE) {
1682 struct cil_levelrange *range = selinuxuser->range;
1683 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1684 }
1685
1686 str_len++;
1687 }
1688
1689 *size = str_len * sizeof(char);
1690 str_tmp = cil_malloc(*size+1);
1691 *out = str_tmp;
1692
1693 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1694 struct cil_selinuxuser *selinuxuser = curr->data;
1695 struct cil_user *user = selinuxuser->user;
1696
1697 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1698 str_tmp += buf_pos;
1699
1700 if (db->mls == CIL_TRUE) {
1701 struct cil_levelrange *range = selinuxuser->range;
1702 buf_pos = sprintf(str_tmp, ":");
1703 str_tmp += buf_pos;
1704 buf_pos = __cil_level_to_string(range->low, str_tmp);
1705 str_tmp += buf_pos;
1706 buf_pos = sprintf(str_tmp, "-");
1707 str_tmp += buf_pos;
1708 buf_pos = __cil_level_to_string(range->high, str_tmp);
1709 str_tmp += buf_pos;
1710 }
1711
1712 buf_pos = sprintf(str_tmp, "\n");
1713 str_tmp += buf_pos;
1714 }
1715
1716 return SEPOL_OK;
1717 }
1718
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1719 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1720 {
1721 uint32_t i = 0;
1722 int buf_pos = 0;
1723 size_t str_len = 0;
1724 char *str_tmp = NULL;
1725 struct cil_sort *filecons = db->filecon;
1726
1727 for (i = 0; i < filecons->count; i++) {
1728 struct cil_filecon *filecon = filecons->array[i];
1729 struct cil_context *ctx = filecon->context;
1730
1731 str_len += strlen(filecon->path_str);
1732
1733 if (filecon->type != CIL_FILECON_ANY) {
1734 /* If a type is specified,
1735 +2 for type string, +1 for tab */
1736 str_len += 3;
1737 }
1738
1739 if (ctx != NULL) {
1740 struct cil_user *user = ctx->user;
1741 struct cil_role *role = ctx->role;
1742 struct cil_type *type = ctx->type;
1743
1744 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1745
1746 if (db->mls == CIL_TRUE) {
1747 struct cil_levelrange *range = ctx->range;
1748 if (cil_level_equals(range->low, range->high)) {
1749 str_len += __cil_level_strlen(range->low) + 1;
1750 } else {
1751 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1752 }
1753 }
1754 } else {
1755 str_len += strlen("\t<<none>>");
1756 }
1757
1758 str_len++;
1759 }
1760
1761 *size = str_len * sizeof(char);
1762 str_tmp = cil_malloc(*size+1);
1763 *out = str_tmp;
1764
1765 for (i = 0; i < filecons->count; i++) {
1766 struct cil_filecon *filecon = filecons->array[i];
1767 struct cil_context *ctx = filecon->context;
1768 const char *str_type = NULL;
1769
1770 buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1771 str_tmp += buf_pos;
1772
1773 switch(filecon->type) {
1774 case CIL_FILECON_ANY:
1775 str_type = "";
1776 break;
1777 case CIL_FILECON_FILE:
1778 str_type = "\t--";
1779 break;
1780 case CIL_FILECON_DIR:
1781 str_type = "\t-d";
1782 break;
1783 case CIL_FILECON_CHAR:
1784 str_type = "\t-c";
1785 break;
1786 case CIL_FILECON_BLOCK:
1787 str_type = "\t-b";
1788 break;
1789 case CIL_FILECON_SOCKET:
1790 str_type = "\t-s";
1791 break;
1792 case CIL_FILECON_PIPE:
1793 str_type = "\t-p";
1794 break;
1795 case CIL_FILECON_SYMLINK:
1796 str_type = "\t-l";
1797 break;
1798 default:
1799 str_type = "";
1800 break;
1801 }
1802 buf_pos = sprintf(str_tmp, "%s", str_type);
1803 str_tmp += buf_pos;
1804
1805 if (ctx != NULL) {
1806 struct cil_user *user = ctx->user;
1807 struct cil_role *role = ctx->role;
1808 struct cil_type *type = ctx->type;
1809
1810 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1811 type->datum.fqn);
1812 str_tmp += buf_pos;
1813
1814 if (db->mls == CIL_TRUE) {
1815 struct cil_levelrange *range = ctx->range;
1816 buf_pos = sprintf(str_tmp, ":");
1817 str_tmp += buf_pos;
1818 buf_pos = __cil_level_to_string(range->low, str_tmp);
1819 str_tmp += buf_pos;
1820
1821 if (!cil_level_equals(range->low, range->high)) {
1822 buf_pos = sprintf(str_tmp, "-");
1823 str_tmp += buf_pos;
1824 buf_pos = __cil_level_to_string(range->high, str_tmp);
1825 str_tmp += buf_pos;
1826 }
1827 }
1828 } else {
1829 buf_pos = sprintf(str_tmp, "\t<<none>>");
1830 str_tmp += buf_pos;
1831 }
1832
1833 buf_pos = sprintf(str_tmp, "\n");
1834 str_tmp += buf_pos;
1835 }
1836
1837 return SEPOL_OK;
1838 }
1839
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1840 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1841 {
1842 db->disable_dontaudit = disable_dontaudit;
1843 }
1844
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1845 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1846 {
1847 db->disable_neverallow = disable_neverallow;
1848 }
1849
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1850 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1851 {
1852 db->attrs_expand_generated = attrs_expand_generated;
1853 }
1854
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1855 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1856 {
1857 db->attrs_expand_size = attrs_expand_size;
1858 }
1859
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1860 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1861 {
1862 db->preserve_tunables = preserve_tunables;
1863 }
1864
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1865 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1866 {
1867 int rc = 0;
1868
1869 switch (handle_unknown) {
1870 case SEPOL_DENY_UNKNOWN:
1871 case SEPOL_REJECT_UNKNOWN:
1872 case SEPOL_ALLOW_UNKNOWN:
1873 db->handle_unknown = handle_unknown;
1874 break;
1875 default:
1876 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1877 rc = -1;
1878 }
1879
1880 return rc;
1881 }
1882
cil_set_mls(struct cil_db * db,int mls)1883 void cil_set_mls(struct cil_db *db, int mls)
1884 {
1885 db->mls = mls;
1886 }
1887
cil_set_multiple_decls(struct cil_db * db,int multiple_decls)1888 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
1889 {
1890 db->multiple_decls = multiple_decls;
1891 }
1892
cil_set_qualified_names(struct cil_db * db,int qualified_names)1893 void cil_set_qualified_names(struct cil_db *db, int qualified_names)
1894 {
1895 db->qualified_names = qualified_names;
1896 }
1897
cil_set_target_platform(struct cil_db * db,int target_platform)1898 void cil_set_target_platform(struct cil_db *db, int target_platform)
1899 {
1900 db->target_platform = target_platform;
1901 }
1902
cil_set_policy_version(struct cil_db * db,int policy_version)1903 void cil_set_policy_version(struct cil_db *db, int policy_version)
1904 {
1905 db->policy_version = policy_version;
1906 }
1907
cil_symtab_array_init(symtab_t symtab[],const int symtab_sizes[CIL_SYM_NUM])1908 void cil_symtab_array_init(symtab_t symtab[], const int symtab_sizes[CIL_SYM_NUM])
1909 {
1910 uint32_t i = 0;
1911 for (i = 0; i < CIL_SYM_NUM; i++) {
1912 cil_symtab_init(&symtab[i], symtab_sizes[i]);
1913 }
1914 }
1915
cil_symtab_array_destroy(symtab_t symtab[])1916 void cil_symtab_array_destroy(symtab_t symtab[])
1917 {
1918 int i = 0;
1919 for (i = 0; i < CIL_SYM_NUM; i++) {
1920 cil_symtab_destroy(&symtab[i]);
1921 }
1922 }
1923
cil_destroy_ast_symtabs(struct cil_tree_node * current)1924 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1925 {
1926 while (current) {
1927 switch (current->flavor) {
1928 case CIL_BLOCK:
1929 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1930 break;
1931 case CIL_IN:
1932 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1933 break;
1934 case CIL_CLASS:
1935 case CIL_COMMON:
1936 case CIL_MAP_CLASS:
1937 cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1938 break;
1939 case CIL_MACRO:
1940 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1941 break;
1942 case CIL_CONDBLOCK:
1943 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1944 break;
1945 default:
1946 break;
1947 }
1948
1949 if (current->cl_head) {
1950 cil_destroy_ast_symtabs(current->cl_head);
1951 }
1952
1953 current = current->next;
1954 }
1955 }
1956
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1957 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1958 {
1959 struct cil_tree_node *node = ast_node;
1960 *symtab = NULL;
1961
1962 if (sym_index == CIL_SYM_PERMS) {
1963 /* Class statements are not blocks, so the passed node should be the class */
1964 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1965 node->flavor == CIL_COMMON) {
1966 *symtab = &((struct cil_class*)node->data)->perms;
1967 return SEPOL_OK;
1968 }
1969 goto exit;
1970 }
1971
1972 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1973 cil_log(CIL_ERR, "Invalid symtab type\n");
1974 goto exit;
1975 }
1976
1977 while (node != NULL && *symtab == NULL) {
1978 switch (node->flavor) {
1979 case CIL_ROOT:
1980 *symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1981 break;
1982 case CIL_BLOCK:
1983 *symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1984 break;
1985 case CIL_MACRO:
1986 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1987 break;
1988 case CIL_IN:
1989 /* In blocks only exist before resolving the AST */
1990 *symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1991 break;
1992 case CIL_CONDBLOCK: {
1993 if (node->parent->flavor == CIL_TUNABLEIF) {
1994 /* Cond blocks only exist before resolving the AST */
1995 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1996 } else if (node->parent->flavor == CIL_BOOLEANIF) {
1997 node = node->parent->parent;
1998 }
1999 break;
2000 }
2001 default:
2002 node = node->parent;
2003 }
2004 }
2005
2006 if (*symtab == NULL) {
2007 goto exit;
2008 }
2009
2010 return SEPOL_OK;
2011
2012 exit:
2013 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
2014 return SEPOL_ERR;
2015 }
2016
cil_string_to_uint32(const char * string,uint32_t * value,int base)2017 int cil_string_to_uint32(const char *string, uint32_t *value, int base)
2018 {
2019 unsigned long val;
2020 char *end = NULL;
2021 int rc = SEPOL_ERR;
2022
2023 if (string == NULL || value == NULL) {
2024 goto exit;
2025 }
2026
2027 errno = 0;
2028 val = strtoul(string, &end, base);
2029 if (errno != 0 || end == string || *end != '\0') {
2030 rc = SEPOL_ERR;
2031 goto exit;
2032 }
2033
2034 /* Ensure that the value fits a 32-bit integer without triggering -Wtype-limits */
2035 #if ULONG_MAX > UINT32_MAX
2036 if (val > UINT32_MAX) {
2037 rc = SEPOL_ERR;
2038 goto exit;
2039 }
2040 #endif
2041
2042 *value = val;
2043
2044 return SEPOL_OK;
2045
2046 exit:
2047 cil_log(CIL_ERR, "Failed to create uint32_t from string\n");
2048 return rc;
2049 }
2050
cil_string_to_uint64(const char * string,uint64_t * value,int base)2051 int cil_string_to_uint64(const char *string, uint64_t *value, int base)
2052 {
2053 char *end = NULL;
2054 int rc = SEPOL_ERR;
2055
2056 if (string == NULL || value == NULL) {
2057 goto exit;
2058 }
2059
2060 errno = 0;
2061 *value = strtoull(string, &end, base);
2062 if (errno != 0 || end == string || *end != '\0') {
2063 rc = SEPOL_ERR;
2064 goto exit;
2065 }
2066
2067 return SEPOL_OK;
2068
2069 exit:
2070 cil_log(CIL_ERR, "Failed to create uint64_t from string\n");
2071 return rc;
2072 }
2073
cil_sort_init(struct cil_sort ** sort)2074 void cil_sort_init(struct cil_sort **sort)
2075 {
2076 *sort = cil_malloc(sizeof(**sort));
2077
2078 (*sort)->flavor = CIL_NONE;
2079 (*sort)->count = 0;
2080 (*sort)->index = 0;
2081 (*sort)->array = NULL;
2082 }
2083
cil_sort_destroy(struct cil_sort ** sort)2084 void cil_sort_destroy(struct cil_sort **sort)
2085 {
2086 (*sort)->flavor = CIL_NONE;
2087 (*sort)->count = 0;
2088 (*sort)->index = 0;
2089 if ((*sort)->array != NULL) {
2090 free((*sort)->array);
2091 }
2092 (*sort)->array = NULL;
2093
2094 free(*sort);
2095 *sort = NULL;
2096 }
2097
cil_netifcon_init(struct cil_netifcon ** netifcon)2098 void cil_netifcon_init(struct cil_netifcon **netifcon)
2099 {
2100 *netifcon = cil_malloc(sizeof(**netifcon));
2101
2102 (*netifcon)->interface_str = NULL;
2103 (*netifcon)->if_context_str = NULL;
2104 (*netifcon)->if_context = NULL;
2105 (*netifcon)->packet_context_str = NULL;
2106 (*netifcon)->packet_context = NULL;
2107 (*netifcon)->context_str = NULL;
2108 }
2109
cil_ibendportcon_init(struct cil_ibendportcon ** ibendportcon)2110 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon)
2111 {
2112 *ibendportcon = cil_malloc(sizeof(**ibendportcon));
2113
2114 (*ibendportcon)->dev_name_str = NULL;
2115 (*ibendportcon)->port = 0;
2116 (*ibendportcon)->context_str = NULL;
2117 (*ibendportcon)->context = NULL;
2118 }
2119
cil_context_init(struct cil_context ** context)2120 void cil_context_init(struct cil_context **context)
2121 {
2122 *context = cil_malloc(sizeof(**context));
2123
2124 cil_symtab_datum_init(&(*context)->datum);
2125 (*context)->user_str = NULL;
2126 (*context)->user = NULL;
2127 (*context)->role_str = NULL;
2128 (*context)->role = NULL;
2129 (*context)->type_str = NULL;
2130 (*context)->type = NULL;
2131 (*context)->range_str = NULL;
2132 (*context)->range = NULL;
2133 }
2134
cil_level_init(struct cil_level ** level)2135 void cil_level_init(struct cil_level **level)
2136 {
2137 *level = cil_malloc(sizeof(**level));
2138
2139 cil_symtab_datum_init(&(*level)->datum);
2140 (*level)->sens_str = NULL;
2141 (*level)->sens = NULL;
2142 (*level)->cats = NULL;
2143 }
2144
cil_levelrange_init(struct cil_levelrange ** range)2145 void cil_levelrange_init(struct cil_levelrange **range)
2146 {
2147 *range = cil_malloc(sizeof(**range));
2148
2149 cil_symtab_datum_init(&(*range)->datum);
2150 (*range)->low_str = NULL;
2151 (*range)->low = NULL;
2152 (*range)->high_str = NULL;
2153 (*range)->high = NULL;
2154 }
2155
cil_sens_init(struct cil_sens ** sens)2156 void cil_sens_init(struct cil_sens **sens)
2157 {
2158 *sens = cil_malloc(sizeof(**sens));
2159
2160 cil_symtab_datum_init(&(*sens)->datum);
2161
2162 (*sens)->cats_list = NULL;
2163
2164 (*sens)->ordered = CIL_FALSE;
2165 }
2166
cil_block_init(struct cil_block ** block)2167 void cil_block_init(struct cil_block **block)
2168 {
2169 *block = cil_malloc(sizeof(**block));
2170
2171 cil_symtab_datum_init(&(*block)->datum);
2172
2173 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
2174
2175 (*block)->is_abstract = CIL_FALSE;
2176
2177 (*block)->bi_nodes = NULL;
2178 }
2179
cil_blockinherit_init(struct cil_blockinherit ** inherit)2180 void cil_blockinherit_init(struct cil_blockinherit **inherit)
2181 {
2182 *inherit = cil_malloc(sizeof(**inherit));
2183 (*inherit)->block_str = NULL;
2184 (*inherit)->block = NULL;
2185 }
2186
cil_blockabstract_init(struct cil_blockabstract ** abstract)2187 void cil_blockabstract_init(struct cil_blockabstract **abstract)
2188 {
2189 *abstract = cil_malloc(sizeof(**abstract));
2190 (*abstract)->block_str = NULL;
2191 }
2192
cil_in_init(struct cil_in ** in)2193 void cil_in_init(struct cil_in **in)
2194 {
2195 *in = cil_malloc(sizeof(**in));
2196
2197 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
2198 (*in)->is_after = CIL_FALSE;
2199 (*in)->block_str = NULL;
2200 }
2201
cil_class_init(struct cil_class ** class)2202 void cil_class_init(struct cil_class **class)
2203 {
2204 *class = cil_malloc(sizeof(**class));
2205
2206 cil_symtab_datum_init(&(*class)->datum);
2207
2208 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
2209
2210 (*class)->num_perms = 0;
2211 (*class)->common = NULL;
2212 (*class)->ordered = CIL_FALSE;
2213 }
2214
cil_classorder_init(struct cil_classorder ** classorder)2215 void cil_classorder_init(struct cil_classorder **classorder)
2216 {
2217 *classorder = cil_malloc(sizeof(**classorder));
2218
2219 (*classorder)->class_list_str = NULL;
2220 }
2221
cil_classcommon_init(struct cil_classcommon ** classcommon)2222 void cil_classcommon_init(struct cil_classcommon **classcommon)
2223 {
2224 *classcommon = cil_malloc(sizeof(**classcommon));
2225
2226 (*classcommon)->class_str = NULL;
2227 (*classcommon)->common_str = NULL;
2228 }
2229
cil_sid_init(struct cil_sid ** sid)2230 void cil_sid_init(struct cil_sid **sid)
2231 {
2232 *sid = cil_malloc(sizeof(**sid));
2233
2234 cil_symtab_datum_init(&(*sid)->datum);
2235
2236 (*sid)->ordered = CIL_FALSE;
2237 (*sid)->context = NULL;
2238 }
2239
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)2240 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
2241 {
2242 *sidcontext = cil_malloc(sizeof(**sidcontext));
2243
2244 (*sidcontext)->sid_str = NULL;
2245 (*sidcontext)->context_str = NULL;
2246 (*sidcontext)->context = NULL;
2247 }
2248
cil_sidorder_init(struct cil_sidorder ** sidorder)2249 void cil_sidorder_init(struct cil_sidorder **sidorder)
2250 {
2251 *sidorder = cil_malloc(sizeof(**sidorder));
2252
2253 (*sidorder)->sid_list_str = NULL;
2254 }
2255
cil_userrole_init(struct cil_userrole ** userrole)2256 void cil_userrole_init(struct cil_userrole **userrole)
2257 {
2258 *userrole = cil_malloc(sizeof(**userrole));
2259
2260 (*userrole)->user_str = NULL;
2261 (*userrole)->user = NULL;
2262 (*userrole)->role_str = NULL;
2263 (*userrole)->role = NULL;
2264 }
2265
cil_userprefix_init(struct cil_userprefix ** userprefix)2266 void cil_userprefix_init(struct cil_userprefix **userprefix)
2267 {
2268 *userprefix = cil_malloc(sizeof(**userprefix));
2269
2270 (*userprefix)->user_str = NULL;
2271 (*userprefix)->user = NULL;
2272 (*userprefix)->prefix_str = NULL;
2273 }
2274
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)2275 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
2276 {
2277 *selinuxuser = cil_malloc(sizeof(**selinuxuser));
2278
2279 (*selinuxuser)->name_str = NULL;
2280 (*selinuxuser)->user_str = NULL;
2281 (*selinuxuser)->user = NULL;
2282 (*selinuxuser)->range_str = NULL;
2283 (*selinuxuser)->range = NULL;
2284 }
2285
cil_roletype_init(struct cil_roletype ** roletype)2286 void cil_roletype_init(struct cil_roletype **roletype)
2287 {
2288 *roletype = cil_malloc(sizeof(**roletype));
2289
2290 (*roletype)->role_str = NULL;
2291 (*roletype)->role = NULL;
2292 (*roletype)->type_str = NULL;
2293 (*roletype)->type = NULL;
2294 }
2295
cil_roleattribute_init(struct cil_roleattribute ** attr)2296 void cil_roleattribute_init(struct cil_roleattribute **attr)
2297 {
2298 *attr = cil_malloc(sizeof(**attr));
2299
2300 cil_symtab_datum_init(&(*attr)->datum);
2301
2302 (*attr)->expr_list = NULL;
2303 (*attr)->roles = NULL;
2304 }
2305
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2306 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2307 {
2308 *attrset = cil_malloc(sizeof(**attrset));
2309
2310 (*attrset)->attr_str = NULL;
2311 (*attrset)->str_expr = NULL;
2312 (*attrset)->datum_expr = NULL;
2313 }
2314
cil_typeattribute_init(struct cil_typeattribute ** attr)2315 void cil_typeattribute_init(struct cil_typeattribute **attr)
2316 {
2317 *attr = cil_malloc(sizeof(**attr));
2318
2319 cil_symtab_datum_init(&(*attr)->datum);
2320
2321 (*attr)->expr_list = NULL;
2322 (*attr)->types = NULL;
2323 (*attr)->used = CIL_FALSE;
2324 (*attr)->keep = CIL_FALSE;
2325 }
2326
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2327 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2328 {
2329 *attrset = cil_malloc(sizeof(**attrset));
2330
2331 (*attrset)->attr_str = NULL;
2332 (*attrset)->str_expr = NULL;
2333 (*attrset)->datum_expr = NULL;
2334 }
2335
cil_expandtypeattribute_init(struct cil_expandtypeattribute ** expandattr)2336 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr)
2337 {
2338 *expandattr = cil_malloc(sizeof(**expandattr));
2339
2340 (*expandattr)->attr_strs = NULL;
2341 (*expandattr)->attr_datums = NULL;
2342 (*expandattr)->expand = 0;
2343 }
2344
cil_alias_init(struct cil_alias ** alias)2345 void cil_alias_init(struct cil_alias **alias)
2346 {
2347 *alias = cil_malloc(sizeof(**alias));
2348
2349 (*alias)->actual = NULL;
2350
2351 cil_symtab_datum_init(&(*alias)->datum);
2352 }
2353
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2354 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2355 {
2356 *aliasactual = cil_malloc(sizeof(**aliasactual));
2357
2358 (*aliasactual)->alias_str = NULL;
2359 (*aliasactual)->actual_str = NULL;
2360 }
2361
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2362 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2363 {
2364 *typeperm = cil_malloc(sizeof(**typeperm));
2365
2366 (*typeperm)->type_str = NULL;
2367 (*typeperm)->type = NULL;
2368 }
2369
cil_name_init(struct cil_name ** name)2370 void cil_name_init(struct cil_name **name)
2371 {
2372 *name = cil_malloc(sizeof(**name));
2373
2374 cil_symtab_datum_init(&(*name)->datum);
2375 (*name)->name_str = NULL;
2376 }
2377
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2378 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2379 {
2380 *nametypetrans = cil_malloc(sizeof(**nametypetrans));
2381
2382 (*nametypetrans)->src_str = NULL;
2383 (*nametypetrans)->src = NULL;
2384 (*nametypetrans)->tgt_str = NULL;
2385 (*nametypetrans)->tgt = NULL;
2386 (*nametypetrans)->obj_str = NULL;
2387 (*nametypetrans)->obj = NULL;
2388 (*nametypetrans)->name_str = NULL;
2389 (*nametypetrans)->name = NULL;
2390 (*nametypetrans)->result_str = NULL;
2391 (*nametypetrans)->result = NULL;
2392 }
2393
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2394 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2395 {
2396 *rangetrans = cil_malloc(sizeof(**rangetrans));
2397
2398 (*rangetrans)->src_str = NULL;
2399 (*rangetrans)->src = NULL;
2400 (*rangetrans)->exec_str = NULL;
2401 (*rangetrans)->exec = NULL;
2402 (*rangetrans)->obj_str = NULL;
2403 (*rangetrans)->obj = NULL;
2404 (*rangetrans)->range_str = NULL;
2405 (*rangetrans)->range = NULL;
2406 }
2407
cil_bool_init(struct cil_bool ** cilbool)2408 void cil_bool_init(struct cil_bool **cilbool)
2409 {
2410 *cilbool = cil_malloc(sizeof(**cilbool));
2411
2412 cil_symtab_datum_init(&(*cilbool)->datum);
2413 (*cilbool)->value = 0;
2414 }
2415
cil_tunable_init(struct cil_tunable ** ciltun)2416 void cil_tunable_init(struct cil_tunable **ciltun)
2417 {
2418 *ciltun = cil_malloc(sizeof(**ciltun));
2419
2420 cil_symtab_datum_init(&(*ciltun)->datum);
2421 (*ciltun)->value = 0;
2422 }
2423
cil_condblock_init(struct cil_condblock ** cb)2424 void cil_condblock_init(struct cil_condblock **cb)
2425 {
2426 *cb = cil_malloc(sizeof(**cb));
2427
2428 (*cb)->flavor = CIL_NONE;
2429 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2430 }
2431
cil_boolif_init(struct cil_booleanif ** bif)2432 void cil_boolif_init(struct cil_booleanif **bif)
2433 {
2434 *bif = cil_malloc(sizeof(**bif));
2435
2436 (*bif)->str_expr = NULL;
2437 (*bif)->datum_expr = NULL;
2438 }
2439
cil_tunif_init(struct cil_tunableif ** tif)2440 void cil_tunif_init(struct cil_tunableif **tif)
2441 {
2442 *tif = cil_malloc(sizeof(**tif));
2443
2444 (*tif)->str_expr = NULL;
2445 (*tif)->datum_expr = NULL;
2446 }
2447
cil_avrule_init(struct cil_avrule ** avrule)2448 void cil_avrule_init(struct cil_avrule **avrule)
2449 {
2450 *avrule = cil_malloc(sizeof(**avrule));
2451
2452 (*avrule)->is_extended = 0;
2453 (*avrule)->rule_kind = CIL_NONE;
2454 (*avrule)->src_str = NULL;
2455 (*avrule)->src = NULL;
2456 (*avrule)->tgt_str = NULL;
2457 (*avrule)->tgt = NULL;
2458 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2459 }
2460
cil_permissionx_init(struct cil_permissionx ** permx)2461 void cil_permissionx_init(struct cil_permissionx **permx)
2462 {
2463 *permx = cil_malloc(sizeof(**permx));
2464
2465 cil_symtab_datum_init(&(*permx)->datum);
2466 (*permx)->kind = CIL_NONE;
2467 (*permx)->obj_str = NULL;
2468 (*permx)->obj = NULL;
2469 (*permx)->expr_str = NULL;
2470 (*permx)->perms = NULL;
2471 }
2472
cil_type_rule_init(struct cil_type_rule ** type_rule)2473 void cil_type_rule_init(struct cil_type_rule **type_rule)
2474 {
2475 *type_rule = cil_malloc(sizeof(**type_rule));
2476
2477 (*type_rule)->rule_kind = CIL_NONE;
2478 (*type_rule)->src_str = NULL;
2479 (*type_rule)->src = NULL;
2480 (*type_rule)->tgt_str = NULL;
2481 (*type_rule)->tgt = NULL;
2482 (*type_rule)->obj_str = NULL;
2483 (*type_rule)->obj = NULL;
2484 (*type_rule)->result_str = NULL;
2485 (*type_rule)->result = NULL;
2486 }
2487
cil_roletransition_init(struct cil_roletransition ** role_trans)2488 void cil_roletransition_init(struct cil_roletransition **role_trans)
2489 {
2490 *role_trans = cil_malloc(sizeof(**role_trans));
2491
2492 (*role_trans)->src_str = NULL;
2493 (*role_trans)->src = NULL;
2494 (*role_trans)->tgt_str = NULL;
2495 (*role_trans)->tgt = NULL;
2496 (*role_trans)->obj_str = NULL;
2497 (*role_trans)->obj = NULL;
2498 (*role_trans)->result_str = NULL;
2499 (*role_trans)->result = NULL;
2500 }
2501
cil_roleallow_init(struct cil_roleallow ** roleallow)2502 void cil_roleallow_init(struct cil_roleallow **roleallow)
2503 {
2504 *roleallow = cil_malloc(sizeof(**roleallow));
2505
2506 (*roleallow)->src_str = NULL;
2507 (*roleallow)->src = NULL;
2508 (*roleallow)->tgt_str = NULL;
2509 (*roleallow)->tgt = NULL;
2510 }
2511
cil_catset_init(struct cil_catset ** catset)2512 void cil_catset_init(struct cil_catset **catset)
2513 {
2514 *catset = cil_malloc(sizeof(**catset));
2515
2516 cil_symtab_datum_init(&(*catset)->datum);
2517 (*catset)->cats = NULL;
2518 }
2519
cil_senscat_init(struct cil_senscat ** senscat)2520 void cil_senscat_init(struct cil_senscat **senscat)
2521 {
2522 *senscat = cil_malloc(sizeof(**senscat));
2523
2524 (*senscat)->sens_str = NULL;
2525 (*senscat)->cats = NULL;
2526 }
2527
cil_cats_init(struct cil_cats ** cats)2528 void cil_cats_init(struct cil_cats **cats)
2529 {
2530 *cats = cil_malloc(sizeof(**cats));
2531
2532 (*cats)->evaluated = CIL_FALSE;
2533 (*cats)->str_expr = NULL;
2534 (*cats)->datum_expr = NULL;
2535 }
2536
cil_filecon_init(struct cil_filecon ** filecon)2537 void cil_filecon_init(struct cil_filecon **filecon)
2538 {
2539 *filecon = cil_malloc(sizeof(**filecon));
2540
2541 (*filecon)->path_str = NULL;
2542 (*filecon)->type = CIL_FILECON_ANY;
2543 (*filecon)->context_str = NULL;
2544 (*filecon)->context = NULL;
2545 }
2546
cil_ibpkeycon_init(struct cil_ibpkeycon ** ibpkeycon)2547 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon)
2548 {
2549 *ibpkeycon = cil_malloc(sizeof(**ibpkeycon));
2550
2551 (*ibpkeycon)->subnet_prefix_str = NULL;
2552 (*ibpkeycon)->pkey_low = 0;
2553 (*ibpkeycon)->pkey_high = 0;
2554 (*ibpkeycon)->context_str = NULL;
2555 (*ibpkeycon)->context = NULL;
2556 }
2557
cil_portcon_init(struct cil_portcon ** portcon)2558 void cil_portcon_init(struct cil_portcon **portcon)
2559 {
2560 *portcon = cil_malloc(sizeof(**portcon));
2561 (*portcon)->proto = 0;
2562 (*portcon)->port_low = 0;
2563 (*portcon)->port_high = 0;
2564 (*portcon)->context_str = NULL;
2565 (*portcon)->context = NULL;
2566 }
2567
cil_nodecon_init(struct cil_nodecon ** nodecon)2568 void cil_nodecon_init(struct cil_nodecon **nodecon)
2569 {
2570 *nodecon = cil_malloc(sizeof(**nodecon));
2571
2572 (*nodecon)->addr_str = NULL;
2573 (*nodecon)->addr = NULL;
2574 (*nodecon)->mask_str = NULL;
2575 (*nodecon)->mask = NULL;
2576 (*nodecon)->context_str = NULL;
2577 (*nodecon)->context = NULL;
2578 }
2579
cil_genfscon_init(struct cil_genfscon ** genfscon)2580 void cil_genfscon_init(struct cil_genfscon **genfscon)
2581 {
2582 *genfscon = cil_malloc(sizeof(**genfscon));
2583
2584 (*genfscon)->fs_str = NULL;
2585 (*genfscon)->path_str = NULL;
2586 (*genfscon)->file_type = CIL_FILECON_ANY;
2587 (*genfscon)->context_str = NULL;
2588 (*genfscon)->context = NULL;
2589 }
2590
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2591 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2592 {
2593 *pirqcon = cil_malloc(sizeof(**pirqcon));
2594
2595 (*pirqcon)->pirq = 0;
2596 (*pirqcon)->context_str = NULL;
2597 (*pirqcon)->context = NULL;
2598 }
2599
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2600 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2601 {
2602 *iomemcon = cil_malloc(sizeof(**iomemcon));
2603
2604 (*iomemcon)->iomem_low = 0;
2605 (*iomemcon)->iomem_high = 0;
2606 (*iomemcon)->context_str = NULL;
2607 (*iomemcon)->context = NULL;
2608 }
2609
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2610 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2611 {
2612 *ioportcon = cil_malloc(sizeof(**ioportcon));
2613
2614 (*ioportcon)->context_str = NULL;
2615 (*ioportcon)->context = NULL;
2616 }
2617
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2618 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2619 {
2620 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2621
2622 (*pcidevicecon)->dev = 0;
2623 (*pcidevicecon)->context_str = NULL;
2624 (*pcidevicecon)->context = NULL;
2625 }
2626
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2627 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2628 {
2629 *dtcon = cil_malloc(sizeof(**dtcon));
2630
2631 (*dtcon)->path = NULL;
2632 (*dtcon)->context_str = NULL;
2633 (*dtcon)->context = NULL;
2634 }
2635
cil_fsuse_init(struct cil_fsuse ** fsuse)2636 void cil_fsuse_init(struct cil_fsuse **fsuse)
2637 {
2638 *fsuse = cil_malloc(sizeof(**fsuse));
2639
2640 (*fsuse)->type = 0;
2641 (*fsuse)->fs_str = NULL;
2642 (*fsuse)->context_str = NULL;
2643 (*fsuse)->context = NULL;
2644 }
2645
cil_constrain_init(struct cil_constrain ** constrain)2646 void cil_constrain_init(struct cil_constrain **constrain)
2647 {
2648 *constrain = cil_malloc(sizeof(**constrain));
2649
2650 (*constrain)->classperms = NULL;
2651 (*constrain)->str_expr = NULL;
2652 (*constrain)->datum_expr = NULL;
2653 }
2654
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2655 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2656 {
2657 *validtrans = cil_malloc(sizeof(**validtrans));
2658
2659 (*validtrans)->class_str = NULL;
2660 (*validtrans)->class = NULL;
2661 (*validtrans)->str_expr = NULL;
2662 (*validtrans)->datum_expr = NULL;
2663 }
2664
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2665 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2666 {
2667 *ipaddr = cil_malloc(sizeof(**ipaddr));
2668
2669 cil_symtab_datum_init(&(*ipaddr)->datum);
2670 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2671 }
2672
cil_perm_init(struct cil_perm ** perm)2673 void cil_perm_init(struct cil_perm **perm)
2674 {
2675 *perm = cil_malloc(sizeof(**perm));
2676
2677 cil_symtab_datum_init(&(*perm)->datum);
2678 (*perm)->value = 0;
2679 (*perm)->classperms = NULL;
2680 }
2681
cil_classpermission_init(struct cil_classpermission ** cp)2682 void cil_classpermission_init(struct cil_classpermission **cp)
2683 {
2684 *cp = cil_malloc(sizeof(**cp));
2685
2686 cil_symtab_datum_init(&(*cp)->datum);
2687 (*cp)->classperms = NULL;
2688 }
2689
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2690 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2691 {
2692 *cps = cil_malloc(sizeof(**cps));
2693
2694 (*cps)->set_str = NULL;
2695 (*cps)->classperms = NULL;
2696 }
2697
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2698 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2699 {
2700 *cp_set = cil_malloc(sizeof(**cp_set));
2701 (*cp_set)->set_str = NULL;
2702 (*cp_set)->set = NULL;
2703 }
2704
cil_classperms_init(struct cil_classperms ** cp)2705 void cil_classperms_init(struct cil_classperms **cp)
2706 {
2707 *cp = cil_malloc(sizeof(**cp));
2708 (*cp)->class_str = NULL;
2709 (*cp)->class = NULL;
2710 (*cp)->perm_strs = NULL;
2711 (*cp)->perms = NULL;
2712 }
2713
cil_classmapping_init(struct cil_classmapping ** mapping)2714 void cil_classmapping_init(struct cil_classmapping **mapping)
2715 {
2716 *mapping = cil_malloc(sizeof(**mapping));
2717
2718 (*mapping)->map_class_str = NULL;
2719 (*mapping)->map_perm_str = NULL;
2720 (*mapping)->classperms = NULL;
2721 }
2722
cil_user_init(struct cil_user ** user)2723 void cil_user_init(struct cil_user **user)
2724 {
2725 *user = cil_malloc(sizeof(**user));
2726
2727 cil_symtab_datum_init(&(*user)->datum);
2728 (*user)->bounds = NULL;
2729 (*user)->roles = NULL;
2730 (*user)->dftlevel = NULL;
2731 (*user)->range = NULL;
2732 (*user)->value = 0;
2733 }
2734
cil_userattribute_init(struct cil_userattribute ** attr)2735 void cil_userattribute_init(struct cil_userattribute **attr)
2736 {
2737 *attr = cil_malloc(sizeof(**attr));
2738
2739 cil_symtab_datum_init(&(*attr)->datum);
2740
2741 (*attr)->expr_list = NULL;
2742 (*attr)->users = NULL;
2743 }
2744
cil_userattributeset_init(struct cil_userattributeset ** attrset)2745 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2746 {
2747 *attrset = cil_malloc(sizeof(**attrset));
2748
2749 (*attrset)->attr_str = NULL;
2750 (*attrset)->str_expr = NULL;
2751 (*attrset)->datum_expr = NULL;
2752 }
2753
cil_userlevel_init(struct cil_userlevel ** usrlvl)2754 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2755 {
2756 *usrlvl = cil_malloc(sizeof(**usrlvl));
2757
2758 (*usrlvl)->user_str = NULL;
2759 (*usrlvl)->level_str = NULL;
2760 (*usrlvl)->level = NULL;
2761 }
2762
cil_userrange_init(struct cil_userrange ** userrange)2763 void cil_userrange_init(struct cil_userrange **userrange)
2764 {
2765 *userrange = cil_malloc(sizeof(**userrange));
2766
2767 (*userrange)->user_str = NULL;
2768 (*userrange)->range_str = NULL;
2769 (*userrange)->range = NULL;
2770 }
2771
cil_role_init(struct cil_role ** role)2772 void cil_role_init(struct cil_role **role)
2773 {
2774 *role = cil_malloc(sizeof(**role));
2775
2776 cil_symtab_datum_init(&(*role)->datum);
2777 (*role)->bounds = NULL;
2778 (*role)->types = NULL;
2779 (*role)->value = 0;
2780 }
2781
cil_type_init(struct cil_type ** type)2782 void cil_type_init(struct cil_type **type)
2783 {
2784 *type = cil_malloc(sizeof(**type));
2785
2786 cil_symtab_datum_init(&(*type)->datum);
2787 (*type)->bounds = NULL;
2788 (*type)->value = 0;
2789 }
2790
cil_cat_init(struct cil_cat ** cat)2791 void cil_cat_init(struct cil_cat **cat)
2792 {
2793 *cat = cil_malloc(sizeof(**cat));
2794
2795 cil_symtab_datum_init(&(*cat)->datum);
2796 (*cat)->ordered = CIL_FALSE;
2797 (*cat)->value = 0;
2798 }
2799
cil_catorder_init(struct cil_catorder ** catorder)2800 void cil_catorder_init(struct cil_catorder **catorder)
2801 {
2802 *catorder = cil_malloc(sizeof(**catorder));
2803
2804 (*catorder)->cat_list_str = NULL;
2805 }
2806
cil_sensorder_init(struct cil_sensorder ** sensorder)2807 void cil_sensorder_init(struct cil_sensorder **sensorder)
2808 {
2809 *sensorder = cil_malloc(sizeof(**sensorder));
2810
2811 (*sensorder)->sens_list_str = NULL;
2812 }
2813
cil_args_init(struct cil_args ** args)2814 void cil_args_init(struct cil_args **args)
2815 {
2816 *args = cil_malloc(sizeof(**args));
2817 (*args)->arg_str = NULL;
2818 (*args)->arg = NULL;
2819 (*args)->param_str = NULL;
2820 (*args)->flavor = CIL_NONE;
2821 }
2822
cil_call_init(struct cil_call ** call)2823 void cil_call_init(struct cil_call **call)
2824 {
2825 *call = cil_malloc(sizeof(**call));
2826
2827 (*call)->macro_str = NULL;
2828 (*call)->macro = NULL;
2829 (*call)->args_tree = NULL;
2830 (*call)->args = NULL;
2831 (*call)->copied = 0;
2832 }
2833
cil_optional_init(struct cil_optional ** optional)2834 void cil_optional_init(struct cil_optional **optional)
2835 {
2836 *optional = cil_malloc(sizeof(**optional));
2837 cil_symtab_datum_init(&(*optional)->datum);
2838 }
2839
cil_param_init(struct cil_param ** param)2840 void cil_param_init(struct cil_param **param)
2841 {
2842 *param = cil_malloc(sizeof(**param));
2843
2844 (*param)->str = NULL;
2845 (*param)->flavor = CIL_NONE;
2846 }
2847
cil_macro_init(struct cil_macro ** macro)2848 void cil_macro_init(struct cil_macro **macro)
2849 {
2850 *macro = cil_malloc(sizeof(**macro));
2851
2852 cil_symtab_datum_init(&(*macro)->datum);
2853 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2854 (*macro)->params = NULL;
2855 }
2856
cil_policycap_init(struct cil_policycap ** policycap)2857 void cil_policycap_init(struct cil_policycap **policycap)
2858 {
2859 *policycap = cil_malloc(sizeof(**policycap));
2860
2861 cil_symtab_datum_init(&(*policycap)->datum);
2862 }
2863
cil_bounds_init(struct cil_bounds ** bounds)2864 void cil_bounds_init(struct cil_bounds **bounds)
2865 {
2866 *bounds = cil_malloc(sizeof(**bounds));
2867
2868 (*bounds)->parent_str = NULL;
2869 (*bounds)->child_str = NULL;
2870 }
2871
cil_default_init(struct cil_default ** def)2872 void cil_default_init(struct cil_default **def)
2873 {
2874 *def = cil_malloc(sizeof(**def));
2875
2876 (*def)->flavor = CIL_NONE;
2877 (*def)->class_strs = NULL;
2878 (*def)->class_datums = NULL;
2879 }
2880
cil_defaultrange_init(struct cil_defaultrange ** def)2881 void cil_defaultrange_init(struct cil_defaultrange **def)
2882 {
2883 *def = cil_malloc(sizeof(**def));
2884
2885 (*def)->class_strs = NULL;
2886 (*def)->class_datums = NULL;
2887 }
2888
cil_handleunknown_init(struct cil_handleunknown ** unk)2889 void cil_handleunknown_init(struct cil_handleunknown **unk)
2890 {
2891 *unk = cil_malloc(sizeof(**unk));
2892 }
2893
cil_mls_init(struct cil_mls ** mls)2894 void cil_mls_init(struct cil_mls **mls)
2895 {
2896 *mls = cil_malloc(sizeof(**mls));
2897 (*mls)->value = 0;
2898 }
2899
cil_src_info_init(struct cil_src_info ** info)2900 void cil_src_info_init(struct cil_src_info **info)
2901 {
2902 *info = cil_malloc(sizeof(**info));
2903 (*info)->kind = NULL;
2904 (*info)->hll_line = 0;
2905 (*info)->path = NULL;
2906 }
2907