1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #ifndef _CIL_BINARY_H_ 31 #define _CIL_BINARY_H_ 32 33 #include <sepol/policydb/policydb.h> 34 35 #include "cil_internal.h" 36 #include "cil_tree.h" 37 #include "cil_list.h" 38 39 /** 40 * Create a binary policydb from the cil db. 41 * 42 * @param[in] db The cil database. 43 * @param[in] pdb The policy database. 44 * 45 * @return SEPOL_OK upon success or an error otherwise. 46 */ 47 int cil_binary_create(const struct cil_db *db, sepol_policydb_t **pdb); 48 49 /** 50 * Create a pre allocated binary policydb from the cil db. 51 * 52 * It is assumed that pdb has been allocated and initialzed so that fields such 53 * as policy type and version are set appropriately. It is reccomended that 54 * instead of calling this, one instead calls cil_binary_create, which will 55 * properly allocate and initialize the pdb and then calls this function. This 56 * funcion is used to maintain binary backwards compatability. 57 * 58 * @param[in] db The cil database. 59 * @param[in] pdb The policy database. 60 * 61 * @return SEPOL_OK upon success or an error otherwise. 62 */ 63 int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *pdb); 64 65 /** 66 * Insert cil common structure into sepol policydb. 67 * 68 * @param[in] pdb The policy database to insert the common into. 69 * @param[in] datum The cil_common datum. 70 * @param[out] common_out The sepol common to send back. 71 * 72 * @return SEPOL_OK upon success or an error otherwise. 73 */ 74 int cil_common_to_policydb(policydb_t *pdb, struct cil_class *cil_common, common_datum_t **common_out); 75 76 /** 77 * Insert cil class structure into sepol policydb. 78 * 79 * @param[in] pdb The policy database to insert the class into. 80 * @param[in] datum The cil_class datum. 81 * 82 * @return SEPOL_OK upon success or an error otherwise. 83 */ 84 int cil_class_to_policydb(policydb_t *pdb, struct cil_class *cil_class); 85 86 /** 87 * Insert cil role structure into sepol policydb. 88 * 89 * @param[in] pdb The policy database to insert the role into. 90 * @param[in] datum The cil_role datum. 91 * 92 * @return SEPOL_OK upon success or an error otherwise. 93 */ 94 int cil_role_to_policydb(policydb_t *pdb, struct cil_role *cil_role); 95 96 /** 97 * Insert cil roletype structure into sepol policydb. 98 * 99 * @param[in] pdb The policy database to insert the roletype into. 100 * @param[in] db The cil database 101 * @param[in] datum The cil_roletype datum. 102 * 103 * @return SEPOL_OK upon success or SEPOL_ERR otherwise. 104 */ 105 int cil_roletype_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_role *role); 106 107 /** 108 * Insert cil type structure into sepol policydb. 109 * 110 * @param[in] pdb The policy database to insert the type into. 111 * @param[in] datum The cil_type datum. 112 * 113 * @return SEPOL_OK upon success or an error otherwise. 114 */ 115 int cil_type_to_policydb(policydb_t *pdb, struct cil_type *cil_type, void *type_value_to_cil[]); 116 117 /** 118 * Insert cil typealias structure into sepol policydb. 119 * 120 * @param[in] pdb The policy database to insert the typealias into. 121 * @param[in] datum The cil_typealias datum. 122 * 123 * @return SEPOL_OK upon success or an error otherwise. 124 */ 125 int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias); 126 127 /** 128 * Insert cil typepermissive structure into sepol policydb. 129 * The function looks up the perviously inserted type and flips the bit 130 * in the permssive types bitmap that corresponds to that type's value. 131 * 132 * @param[in] pdb The policy database to insert the typepermissive into. 133 * @param[in] datum The cil_typepermissive datum. 134 * 135 * @return SEPOL_OK upon success or an error otherwise. 136 */ 137 int cil_typepermissive_to_policydb(policydb_t *pdb, struct cil_typepermissive *cil_typeperm); 138 139 /** 140 * Insert cil attribute structure into sepol policydb. 141 * 142 * @param[in] pdb The policy database to insert the attribute into. 143 * @param[in] datum The cil_attribute datum. 144 * 145 * @return SEPOL_OK upon success or an error otherwise. 146 */ 147 int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil_attr, void *type_value_to_cil[]); 148 149 /** 150 * Insert cil attribute structure into sepol type->attribute bitmap. 151 * The function calls helper functions to loop over the attributes lists 152 * of types and negative types. If either of the lists contain an attribute, 153 * the helper functions will recurse into the attribute and record the 154 * attribute's types and negative types. There is no minimum depth. 155 * 156 * @param[in] pdb The policy database that contains the type->attribute bitmap. 157 * @param[in] db The cil database 158 * @param[in] node The tree node that contains the cil_attribute. 159 * 160 * @return SEPOL_OK upon success or an error otherwise. 161 */ 162 int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *cdb, struct cil_typeattribute *cil_attr); 163 164 /** 165 * Insert cil policycap structure into sepol policydb. 166 * 167 * @param[in] pdb The policy database to insert the policycap into. 168 * @param[in] node The tree node that contains the cil_policycap. 169 * 170 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 171 */ 172 int cil_policycap_to_policydb(policydb_t *pdb, struct cil_policycap *cil_polcap); 173 174 /** 175 * Insert cil user structure into sepol policydb. 176 * 177 * @param[in] pdb THe policy database to insert the user into. 178 * @param[in] node The tree node that contains the cil_user. 179 * 180 * @return SEPOL_OK upon success or an error otherwise. 181 */ 182 int cil_user_to_policydb(policydb_t *pdb, struct cil_user *cil_user); 183 184 /** 185 * Insert cil userrole structure into sepol policydb. 186 * 187 * @param[in] pdb The policy database to insert the userrole into. 188 * @param[in] db The cil database 189 * @param[in] datum The cil_user 190 * 191 * @return SEPOL_OK upon success or SEPOL_ERR otherwise. 192 */ 193 int cil_userrole_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_user *user); 194 195 /** 196 * Insert cil bool structure into sepol policydb. 197 * 198 * @param[in] pdb THe policy database to insert the bool into. 199 * @param[in] datum The cil_bool datum. 200 * 201 * @return SEPOL_OK upon success or an error otherwise. 202 */ 203 int cil_bool_to_policydb(policydb_t *pdb, struct cil_bool *cil_bool); 204 205 /** 206 * Insert all ordered cil category structures into sepol policydb. 207 * 208 * @param[in] pdb The policy database to insert the categories into. 209 * @param[in] db The cil database that contains the category order list. 210 * 211 * @return SEPOL_OK upon success or an error otherwise. 212 */ 213 int cil_catorder_to_policydb(policydb_t *pdb, const struct cil_db *db); 214 215 /** 216 * Insert cil category alias structure into sepol policydb. 217 * 218 * @param[in] pdb The policy database to insert the category alias into. 219 * @param[in] datum The cil_catalias datum. 220 * 221 * @return SEPOL_OK upon success or an error otherwise. 222 */ 223 int cil_catalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias); 224 225 /** 226 * Insert the cil sensitivityorder into sepol policydb. 227 * 228 * @param[in] pdb The policy database to insert the sensitivityorder into. 229 * @param[in] db the cil database that contains the sensitivityorder list. 230 * 231 * @return SEPOL_OK upon success or an error otherwise. 232 */ 233 int cil_sensitivityorder_to_policydb(policydb_t *pdb, const struct cil_db *db); 234 235 /** 236 * Insert cil type rule structure into sepol policydb. This includes 237 * typetransition, typechange, and typemember. 238 * 239 * @param[in] pdb The policy database to insert the type rule into. 240 * @param[in] datum The cil_type_rule datum. 241 * 242 * @return SEPOL_OK upon success or an error otherwise. 243 */ 244 int cil_type_rule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_type_rule *cil_rule); 245 246 /** 247 * Insert cil avrule structure into sepol policydb. 248 * 249 * @param[in] pdb The policy database to insert the avrule into. 250 * @param[in] datum The cil_avrule datum. 251 * 252 * @return SEPOL_OK upon success or an error otherwise. 253 */ 254 int cil_avrule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule); 255 256 /** 257 * Insert cil booleanif structure into sepol policydb. This populates the 258 * policydb conditional list. Each conditional node contains an expression 259 * and true/false avtab_ptr lists that point into te_cond_avtab. 260 * 261 * @param[in] pdb The policy database to insert the booleanif into. 262 * @param[in] node The cil_booleanif node. 263 * 264 * @return SEPOL_OK upon success or an error otherwise. 265 */ 266 int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_tree_node *node, hashtab_t filename_trans_table); 267 268 /** 269 * Insert cil role transition structure into sepol policydb. 270 * 271 * @param[in] pdb The policy database to insert the role transition into. 272 * @param[in] datum The cil_role_trans datum. 273 * 274 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 275 */ 276 int cil_roletrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roletransition *roletrans, hashtab_t role_trans_table); 277 278 /** 279 * Insert cil role allow structure into sepol policydb. 280 * 281 * @param[in] pdb The policy database to insert the role allow into. 282 * @param[in] datum The cil_role_allow datum. 283 * 284 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 285 */ 286 int cil_roleallow_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roleallow *roleallow); 287 288 /** 289 * Insert cil file transition structure into sepol policydb. 290 * 291 * @param[in] pdb The policy database to insert the file transition into. 292 * @param[in] datum The cil_nametypetransition datum. 293 * 294 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 295 */ 296 int cil_typetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_nametypetransition *typetrans, hashtab_t filename_trans_table); 297 298 /** 299 * Insert cil constrain/mlsconstrain structure(s) into sepol policydb. 300 * 301 * @param[in] pdb The policy database to insert the (mls)constrain into. 302 * @param[in] datum The cil_(mls)constrain datum. 303 * 304 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 305 */ 306 int cil_constrain_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_constrain *cil_constrain); 307 308 /** 309 * Define sepol level. 310 * Associates the sepol level (sensitivity) with categories. 311 * Looks at the cil_sens structure for a list of cil_cats to 312 * associate the sensitivity with. 313 * Sets the sepol level as defined in the sepol policy database. 314 * 315 * @param[in] pdb The policy database that holds the sepol level. 316 * @param[in] datum The cil_sens datum. 317 * 318 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 319 */ 320 int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens); 321 322 /** 323 * Insert cil rangetransition structure into sepol policydb. 324 * 325 * @param[in] pdb The policy database to insert the rangetransition into. 326 * @param[in] datum The cil_rangetransition datum. 327 * 328 * @return SEPOL_OK upon success or an error otherwise. 329 */ 330 int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans, hashtab_t range_trans_table); 331 332 /** 333 * Insert cil portcon structure into sepol policydb. 334 * The function is given a structure containing the sorted portcons and 335 * loops over this structure inserting them into the policy database. 336 * 337 * @param[in] pdb The policy database to insert the portcon into. 338 * @param[in] node The cil_sort structure that contains the sorted portcons. 339 * 340 * @return SEPOL_OK upon success or an error otherwise. 341 */ 342 int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons); 343 344 /** 345 * Insert cil netifcon structure into sepol policydb. 346 * The function is given a structure containing the sorted netifcons and 347 * loops over this structure inserting them into the policy database. 348 * 349 * @param[in] pdb The policy database to insert the netifcon into. 350 * @param[in] node The cil_sort structure that contains the sorted netifcons. 351 * 352 * @return SEPOL_OK upon success or an error otherwise. 353 */ 354 int cil_netifcon_to_policydb(policydb_t *pdb, struct cil_sort *netifcons); 355 356 /** 357 * Insert cil nodecon structure into sepol policydb. 358 * The function is given a structure containing the sorted nodecons and 359 * loops over this structure inserting them into the policy database. 360 * 361 * @param[in] pdb The policy database to insert the nodecon into. 362 * @param[in] node The cil_sort structure that contains the sorted nodecons. 363 * 364 * @return SEPOL_OK upon success or an error otherwise. 365 */ 366 int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons); 367 368 /** 369 * Insert cil fsuse structure into sepol policydb. 370 * The function is given a structure containing the sorted fsuses and 371 * loops over this structure inserting them into the policy database. 372 * 373 * @param[in] pdb The policy database to insert the fsuse into. 374 * @param[in] node The cil_sort structure that contains the sorted fsuses. 375 * 376 * @return SEPOL_OK upon success or an error otherwise. 377 */ 378 int cil_fsuse_to_policydb(policydb_t *pdb, struct cil_sort *fsuses); 379 380 /** 381 * Insert cil genfscon structure into sepol policydb. 382 * The function is given a structure containing the sorted genfscons and 383 * loops over this structure inserting them into the policy database. 384 * 385 * @param[in] pdb The policy database to insert the genfscon into. 386 * @param[in] node The cil_sort structure that contains the sorted genfscons. 387 * 388 * @return SEPOL_OK upon success or an error otherwise. 389 */ 390 int cil_genfscon_to_policydb(policydb_t *pdb, struct cil_sort *genfscons); 391 392 /** 393 * Insert cil pirqcon structure into sepol policydb. 394 * The function is given a structure containing the sorted pirqcons and 395 * loops over this structure inserting them into the policy database. 396 * 397 * @param[in] pdb The policy database to insert the pirqcon into. 398 * @param[in] node The cil_sort structure that contains the sorted pirqcons. 399 * 400 * @return SEPOL_OK upon success or an error otherwise. 401 */ 402 int cil_pirqcon_to_policydb(policydb_t *pdb, struct cil_sort *pirqcons); 403 404 /** 405 * Insert cil iomemcon structure into sepol policydb. 406 * The function is given a structure containing the sorted iomemcons and 407 * loops over this structure inserting them into the policy database. 408 * 409 * @param[in] pdb The policy database to insert the iomemcon into. 410 * @param[in] node The cil_sort structure that contains the sorted iomemcons. 411 * 412 * @return SEPOL_OK upon success or an error otherwise. 413 */ 414 int cil_iomemcon_to_policydb(policydb_t *pdb, struct cil_sort *iomemcons); 415 416 /** 417 * Insert cil ioportcon structure into sepol policydb. 418 * The function is given a structure containing the sorted ioportcons and 419 * loops over this structure inserting them into the policy database. 420 * 421 * @param[in] pdb The policy database to insert the ioportcon into. 422 * @param[in] node The cil_sort structure that contains the sorted ioportcons. 423 * 424 * @return SEPOL_OK upon success or an error otherwise. 425 */ 426 int cil_ioportcon_to_policydb(policydb_t *pdb, struct cil_sort *ioportcons); 427 428 /** 429 * Insert cil pcidevicecon structure into sepol policydb. 430 * The function is given a structure containing the sorted pcidevicecons and 431 * loops over this structure inserting them into the policy database. 432 * 433 * @param[in] pdb The policy database to insert the pcidevicecon into. 434 * @param[in] node The cil_sort structure that contains the sorted pcidevicecons. 435 * 436 * @return SEPOL_OK upon success or an error otherwise. 437 */ 438 int cil_pcidevicecon_to_policydb(policydb_t *pdb, struct cil_sort *pcidevicecons); 439 440 /** 441 * Create an mls level using a cil level. 442 * The function is given a structure containing the a cil_level and 443 * outputs a created mls_level_t. 444 * 445 * @param[in] pdb The policy database to use to get sepol level from cil_level's sensitivity. 446 * @param[in] cil_level The cil_level that will be used to create an mls_level_t. 447 * @param[out] mls_level The mls_level that is created. 448 * 449 * @return SEPOL_OK upon success or an error otherwise. 450 */ 451 int cil_level_to_mls_level(policydb_t *pdb, struct cil_level *cil_level, mls_level_t *mls_level); 452 453 #endif //_CIL_BINARY_H_ 454