1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "dso.h"
54
55 #ifndef DISABLE_SYMVER
56 asm(".symver cil_build_policydb_pdb, cil_build_policydb@LIBSEPOL_1.0");
57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
58
59 asm(".symver cil_compile_pdb, cil_compile@LIBSEPOL_1.0");
60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1");
61
62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string@LIBSEPOL_1.0");
63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1");
64
65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string@LIBSEPOL_1.0");
66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1");
67
68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string@LIBSEPOL_1.0");
69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1");
70 #endif
71
72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
78 };
79
cil_init_keys(void)80 static void cil_init_keys(void)
81 {
82 /* Initialize CIL Keys into strpool */
83 CIL_KEY_CONS_T1 = cil_strpool_add("t1");
84 CIL_KEY_CONS_T2 = cil_strpool_add("t2");
85 CIL_KEY_CONS_T3 = cil_strpool_add("t3");
86 CIL_KEY_CONS_R1 = cil_strpool_add("r1");
87 CIL_KEY_CONS_R2 = cil_strpool_add("r2");
88 CIL_KEY_CONS_R3 = cil_strpool_add("r3");
89 CIL_KEY_CONS_U1 = cil_strpool_add("u1");
90 CIL_KEY_CONS_U2 = cil_strpool_add("u2");
91 CIL_KEY_CONS_U3 = cil_strpool_add("u3");
92 CIL_KEY_CONS_L1 = cil_strpool_add("l1");
93 CIL_KEY_CONS_L2 = cil_strpool_add("l2");
94 CIL_KEY_CONS_H1 = cil_strpool_add("h1");
95 CIL_KEY_CONS_H2 = cil_strpool_add("h2");
96 CIL_KEY_AND = cil_strpool_add("and");
97 CIL_KEY_OR = cil_strpool_add("or");
98 CIL_KEY_NOT = cil_strpool_add("not");
99 CIL_KEY_EQ = cil_strpool_add("eq");
100 CIL_KEY_NEQ = cil_strpool_add("neq");
101 CIL_KEY_CONS_DOM = cil_strpool_add("dom");
102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
104 CIL_KEY_CONDTRUE = cil_strpool_add("true");
105 CIL_KEY_CONDFALSE = cil_strpool_add("false");
106 CIL_KEY_SELF = cil_strpool_add("self");
107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
108 CIL_KEY_STAR = cil_strpool_add("*");
109 CIL_KEY_UDP = cil_strpool_add("udp");
110 CIL_KEY_TCP = cil_strpool_add("tcp");
111 CIL_KEY_DCCP = cil_strpool_add("dccp");
112 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
113 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
114 CIL_KEY_ALLOW = cil_strpool_add("allow");
115 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
116 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
117 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
118 CIL_KEY_CALL = cil_strpool_add("call");
119 CIL_KEY_TUNABLE = cil_strpool_add("tunable");
120 CIL_KEY_XOR = cil_strpool_add("xor");
121 CIL_KEY_ALL = cil_strpool_add("all");
122 CIL_KEY_RANGE = cil_strpool_add("range");
123 CIL_KEY_TYPE = cil_strpool_add("type");
124 CIL_KEY_ROLE = cil_strpool_add("role");
125 CIL_KEY_USER = cil_strpool_add("user");
126 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
127 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
128 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
129 CIL_KEY_CATEGORY = cil_strpool_add("category");
130 CIL_KEY_CATSET = cil_strpool_add("categoryset");
131 CIL_KEY_LEVEL = cil_strpool_add("level");
132 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
133 CIL_KEY_CLASS = cil_strpool_add("class");
134 CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
135 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
136 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
137 CIL_KEY_BOOL = cil_strpool_add("boolean");
138 CIL_KEY_STRING = cil_strpool_add("string");
139 CIL_KEY_NAME = cil_strpool_add("name");
140 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
141 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
142 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
143 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
144 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
145 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
146 CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
147 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
148 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
149 CIL_KEY_COMMON = cil_strpool_add("common");
150 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
151 CIL_KEY_SID = cil_strpool_add("sid");
152 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
153 CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
154 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
155 CIL_KEY_USERRANGE = cil_strpool_add("userrange");
156 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
157 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
158 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
159 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
160 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
161 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
162 CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute");
163 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
164 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
165 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
166 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
167 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
168 CIL_KEY_USERROLE = cil_strpool_add("userrole");
169 CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
170 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
171 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
172 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
173 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
174 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
175 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
176 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
177 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
178 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
179 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
180 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
181 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
182 CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
183 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
184 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
185 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
186 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
187 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
188 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
189 CIL_KEY_CONTEXT = cil_strpool_add("context");
190 CIL_KEY_FILECON = cil_strpool_add("filecon");
191 CIL_KEY_PORTCON = cil_strpool_add("portcon");
192 CIL_KEY_NODECON = cil_strpool_add("nodecon");
193 CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
194 CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
195 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
196 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
197 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
198 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
199 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
200 CIL_KEY_FSUSE = cil_strpool_add("fsuse");
201 CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
202 CIL_KEY_OPTIONAL = cil_strpool_add("optional");
203 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
204 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
205 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
206 CIL_KEY_MACRO = cil_strpool_add("macro");
207 CIL_KEY_IN = cil_strpool_add("in");
208 CIL_KEY_MLS = cil_strpool_add("mls");
209 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
210 CIL_KEY_GLOB = cil_strpool_add("*");
211 CIL_KEY_FILE = cil_strpool_add("file");
212 CIL_KEY_DIR = cil_strpool_add("dir");
213 CIL_KEY_CHAR = cil_strpool_add("char");
214 CIL_KEY_BLOCK = cil_strpool_add("block");
215 CIL_KEY_SOCKET = cil_strpool_add("socket");
216 CIL_KEY_PIPE = cil_strpool_add("pipe");
217 CIL_KEY_SYMLINK = cil_strpool_add("symlink");
218 CIL_KEY_ANY = cil_strpool_add("any");
219 CIL_KEY_XATTR = cil_strpool_add("xattr");
220 CIL_KEY_TASK = cil_strpool_add("task");
221 CIL_KEY_TRANS = cil_strpool_add("trans");
222 CIL_KEY_SOURCE = cil_strpool_add("source");
223 CIL_KEY_TARGET = cil_strpool_add("target");
224 CIL_KEY_LOW = cil_strpool_add("low");
225 CIL_KEY_HIGH = cil_strpool_add("high");
226 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
227 CIL_KEY_ROOT = cil_strpool_add("<root>");
228 CIL_KEY_NODE = cil_strpool_add("<node>");
229 CIL_KEY_PERM = cil_strpool_add("perm");
230 CIL_KEY_ALLOWX = cil_strpool_add("allowx");
231 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
232 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
233 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
234 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
235 CIL_KEY_IOCTL = cil_strpool_add("ioctl");
236 CIL_KEY_UNORDERED = cil_strpool_add("unordered");
237 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
238 CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>");
239 CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>");
240 }
241
cil_db_init(struct cil_db ** db)242 void cil_db_init(struct cil_db **db)
243 {
244 *db = cil_malloc(sizeof(**db));
245
246 cil_strpool_init();
247 cil_init_keys();
248
249 cil_tree_init(&(*db)->parse);
250 cil_tree_init(&(*db)->ast);
251 cil_root_init((struct cil_root **)&(*db)->ast->root->data);
252 (*db)->sidorder = NULL;
253 (*db)->classorder = NULL;
254 (*db)->catorder = NULL;
255 (*db)->sensitivityorder = NULL;
256 cil_sort_init(&(*db)->netifcon);
257 cil_sort_init(&(*db)->genfscon);
258 cil_sort_init(&(*db)->filecon);
259 cil_sort_init(&(*db)->nodecon);
260 cil_sort_init(&(*db)->portcon);
261 cil_sort_init(&(*db)->pirqcon);
262 cil_sort_init(&(*db)->iomemcon);
263 cil_sort_init(&(*db)->ioportcon);
264 cil_sort_init(&(*db)->pcidevicecon);
265 cil_sort_init(&(*db)->devicetreecon);
266 cil_sort_init(&(*db)->fsuse);
267 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
268 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
269 cil_list_init(&(*db)->names, CIL_LIST_ITEM);
270
271 cil_type_init(&(*db)->selftype);
272 (*db)->selftype->datum.name = CIL_KEY_SELF;
273 (*db)->selftype->datum.fqn = CIL_KEY_SELF;
274 (*db)->num_types_and_attrs = 0;
275 (*db)->num_classes = 0;
276 (*db)->num_types = 0;
277 (*db)->num_roles = 0;
278 (*db)->num_users = 0;
279 (*db)->num_cats = 0;
280 (*db)->val_to_type = NULL;
281 (*db)->val_to_role = NULL;
282 (*db)->val_to_user = NULL;
283
284 (*db)->disable_dontaudit = CIL_FALSE;
285 (*db)->disable_neverallow = CIL_FALSE;
286 (*db)->attrs_expand_generated = CIL_FALSE;
287 (*db)->attrs_expand_size = 1;
288 (*db)->preserve_tunables = CIL_FALSE;
289 (*db)->handle_unknown = -1;
290 (*db)->mls = -1;
291 (*db)->target_platform = SEPOL_TARGET_SELINUX;
292 (*db)->policy_version = POLICYDB_VERSION_MAX;
293 }
294
cil_db_destroy(struct cil_db ** db)295 void cil_db_destroy(struct cil_db **db)
296 {
297 if (db == NULL || *db == NULL) {
298 return;
299 }
300
301 cil_tree_destroy(&(*db)->parse);
302 cil_tree_destroy(&(*db)->ast);
303 cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
304 cil_list_destroy(&(*db)->classorder, CIL_FALSE);
305 cil_list_destroy(&(*db)->catorder, CIL_FALSE);
306 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
307 cil_sort_destroy(&(*db)->netifcon);
308 cil_sort_destroy(&(*db)->genfscon);
309 cil_sort_destroy(&(*db)->filecon);
310 cil_sort_destroy(&(*db)->nodecon);
311 cil_sort_destroy(&(*db)->portcon);
312 cil_sort_destroy(&(*db)->pirqcon);
313 cil_sort_destroy(&(*db)->iomemcon);
314 cil_sort_destroy(&(*db)->ioportcon);
315 cil_sort_destroy(&(*db)->pcidevicecon);
316 cil_sort_destroy(&(*db)->devicetreecon);
317 cil_sort_destroy(&(*db)->fsuse);
318 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
319 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
320 cil_list_destroy(&(*db)->names, CIL_TRUE);
321
322 cil_destroy_type((*db)->selftype);
323
324 cil_strpool_destroy();
325 free((*db)->val_to_type);
326 free((*db)->val_to_role);
327 free((*db)->val_to_user);
328
329 free(*db);
330 *db = NULL;
331 }
332
cil_root_init(struct cil_root ** root)333 void cil_root_init(struct cil_root **root)
334 {
335 struct cil_root *r = cil_malloc(sizeof(*r));
336 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
337
338 *root = r;
339 }
340
cil_root_destroy(struct cil_root * root)341 void cil_root_destroy(struct cil_root *root)
342 {
343 if (root == NULL) {
344 return;
345 }
346 cil_symtab_array_destroy(root->symtab);
347 free(root);
348 }
349
cil_add_file(cil_db_t * db,char * name,char * data,size_t size)350 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
351 {
352 char *buffer = NULL;
353 int rc;
354
355 cil_log(CIL_INFO, "Parsing %s\n", name);
356
357 buffer = cil_malloc(size + 2);
358 memcpy(buffer, data, size);
359 memset(buffer + size, 0, 2);
360
361 rc = cil_parser(name, buffer, size + 2, &db->parse);
362 if (rc != SEPOL_OK) {
363 cil_log(CIL_INFO, "Failed to parse %s\n", name);
364 goto exit;
365 }
366
367 free(buffer);
368 buffer = NULL;
369
370 rc = SEPOL_OK;
371
372 exit:
373 free(buffer);
374
375 return rc;
376 }
377
378 #ifdef DISABLE_SYMVER
cil_compile(struct cil_db * db)379 int cil_compile(struct cil_db *db)
380 #else
381 int cil_compile_nopdb(struct cil_db *db)
382 #endif
383 {
384 int rc = SEPOL_ERR;
385
386 if (db == NULL) {
387 goto exit;
388 }
389
390 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
391 rc = cil_build_ast(db, db->parse->root, db->ast->root);
392 if (rc != SEPOL_OK) {
393 cil_log(CIL_INFO, "Failed to build ast\n");
394 goto exit;
395 }
396
397 cil_log(CIL_INFO, "Destroying Parse Tree\n");
398 cil_tree_destroy(&db->parse);
399
400 cil_log(CIL_INFO, "Resolving AST\n");
401 rc = cil_resolve_ast(db, db->ast->root);
402 if (rc != SEPOL_OK) {
403 cil_log(CIL_INFO, "Failed to resolve ast\n");
404 goto exit;
405 }
406
407 cil_log(CIL_INFO, "Qualifying Names\n");
408 rc = cil_fqn_qualify(db->ast->root);
409 if (rc != SEPOL_OK) {
410 cil_log(CIL_INFO, "Failed to qualify names\n");
411 goto exit;
412 }
413
414 cil_log(CIL_INFO, "Compile post process\n");
415 rc = cil_post_process(db);
416 if (rc != SEPOL_OK ) {
417 cil_log(CIL_INFO, "Post process failed\n");
418 goto exit;
419 }
420
421 exit:
422
423 return rc;
424 }
425
426 #ifndef DISABLE_SYMVER
cil_compile_pdb(struct cil_db * db,sepol_policydb_t * sepol_db)427 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
428 {
429 return cil_compile_nopdb(db);
430 }
431
cil_build_policydb_pdb(cil_db_t * db,sepol_policydb_t * sepol_db)432 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db)
433 {
434 int rc;
435
436 cil_log(CIL_INFO, "Building policy binary\n");
437 rc = cil_binary_create_allocated_pdb(db, sepol_db);
438 if (rc != SEPOL_OK) {
439 cil_log(CIL_ERR, "Failed to generate binary\n");
440 goto exit;
441 }
442
443 exit:
444 return rc;
445 }
446 #endif
447
448 #ifdef DISABLE_SYMVER
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)449 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
450 #else
451 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
452 #endif
453 {
454 int rc;
455
456 cil_log(CIL_INFO, "Building policy binary\n");
457 rc = cil_binary_create(db, sepol_db);
458 if (rc != SEPOL_OK) {
459 cil_log(CIL_ERR, "Failed to generate binary\n");
460 goto exit;
461 }
462
463 exit:
464 return rc;
465 }
466
cil_write_policy_conf(FILE * out,struct cil_db * db)467 void cil_write_policy_conf(FILE *out, struct cil_db *db)
468 {
469 cil_log(CIL_INFO, "Writing policy.conf file\n");
470 cil_gen_policy(out, db);
471 }
472
cil_destroy_data(void ** data,enum cil_flavor flavor)473 void cil_destroy_data(void **data, enum cil_flavor flavor)
474 {
475 if (*data == NULL) {
476 return;
477 }
478
479 switch(flavor) {
480 case CIL_NONE:
481 break;
482 case CIL_ROOT:
483 cil_root_destroy(*data);
484 break;
485 case CIL_NODE:
486 break;
487 case CIL_STRING:
488 break;
489 case CIL_DATUM:
490 break;
491 case CIL_LIST:
492 cil_list_destroy(*data, CIL_FALSE);
493 break;
494 case CIL_LIST_ITEM:
495 break;
496 case CIL_PARAM:
497 cil_destroy_param(*data);
498 break;
499 case CIL_ARGS:
500 cil_destroy_args(*data);
501 break;
502 case CIL_BLOCK:
503 cil_destroy_block(*data);
504 break;
505 case CIL_BLOCKINHERIT:
506 cil_destroy_blockinherit(*data);
507 break;
508 case CIL_BLOCKABSTRACT:
509 cil_destroy_blockabstract(*data);
510 break;
511 case CIL_IN:
512 cil_destroy_in(*data);
513 break;
514 case CIL_MACRO:
515 cil_destroy_macro(*data);
516 break;
517 case CIL_CALL:
518 cil_destroy_call(*data);
519 break;
520 case CIL_OPTIONAL:
521 cil_destroy_optional(*data);
522 break;
523 case CIL_BOOL:
524 cil_destroy_bool(*data);
525 break;
526 case CIL_BOOLEANIF:
527 cil_destroy_boolif(*data);
528 break;
529 case CIL_TUNABLE:
530 cil_destroy_tunable(*data);
531 break;
532 case CIL_TUNABLEIF:
533 cil_destroy_tunif(*data);
534 break;
535 case CIL_CONDBLOCK:
536 cil_destroy_condblock(*data);
537 break;
538 case CIL_CONDTRUE:
539 break;
540 case CIL_CONDFALSE:
541 break;
542 case CIL_PERM:
543 case CIL_MAP_PERM:
544 cil_destroy_perm(*data);
545 break;
546 case CIL_COMMON:
547 case CIL_CLASS:
548 case CIL_MAP_CLASS:
549 cil_destroy_class(*data);
550 break;
551 case CIL_CLASSORDER:
552 cil_destroy_classorder(*data);
553 break;
554 case CIL_CLASSPERMISSION:
555 cil_destroy_classpermission(*data);
556 break;
557 case CIL_CLASSCOMMON:
558 cil_destroy_classcommon(*data);
559 break;
560 case CIL_CLASSMAPPING:
561 cil_destroy_classmapping(*data);
562 break;
563 case CIL_CLASSPERMS:
564 cil_destroy_classperms(*data);
565 break;
566 case CIL_CLASSPERMS_SET:
567 cil_destroy_classperms_set(*data);
568 break;
569 case CIL_CLASSPERMISSIONSET:
570 cil_destroy_classpermissionset(*data);
571 break;
572 case CIL_USER:
573 cil_destroy_user(*data);
574 break;
575 case CIL_USERATTRIBUTE:
576 cil_destroy_userattribute(*data);
577 break;
578 case CIL_USERATTRIBUTESET:
579 cil_destroy_userattributeset(*data);
580 break;
581 case CIL_USERPREFIX:
582 cil_destroy_userprefix(*data);
583 break;
584 case CIL_USERROLE:
585 cil_destroy_userrole(*data);
586 break;
587 case CIL_USERLEVEL:
588 cil_destroy_userlevel(*data);
589 break;
590 case CIL_USERRANGE:
591 cil_destroy_userrange(*data);
592 break;
593 case CIL_USERBOUNDS:
594 cil_destroy_bounds(*data);
595 break;
596 case CIL_SELINUXUSER:
597 case CIL_SELINUXUSERDEFAULT:
598 cil_destroy_selinuxuser(*data);
599 break;
600 case CIL_ROLE:
601 cil_destroy_role(*data);
602 break;
603 case CIL_ROLEATTRIBUTE:
604 cil_destroy_roleattribute(*data);
605 break;
606 case CIL_ROLEATTRIBUTESET:
607 cil_destroy_roleattributeset(*data);
608 break;
609 case CIL_ROLETYPE:
610 cil_destroy_roletype(*data);
611 break;
612 case CIL_ROLEBOUNDS:
613 cil_destroy_bounds(*data);
614 break;
615 case CIL_TYPE:
616 cil_destroy_type(*data);
617 break;
618 case CIL_TYPEATTRIBUTE:
619 cil_destroy_typeattribute(*data);
620 break;
621 case CIL_TYPEALIAS:
622 cil_destroy_alias(*data);
623 break;
624 case CIL_TYPEATTRIBUTESET:
625 cil_destroy_typeattributeset(*data);
626 break;
627 case CIL_EXPANDTYPEATTRIBUTE:
628 cil_destroy_expandtypeattribute(*data);
629 break;
630 case CIL_TYPEALIASACTUAL:
631 cil_destroy_aliasactual(*data);
632 break;
633 case CIL_TYPEBOUNDS:
634 cil_destroy_bounds(*data);
635 break;
636 case CIL_TYPEPERMISSIVE:
637 cil_destroy_typepermissive(*data);
638 break;
639 case CIL_SENS:
640 cil_destroy_sensitivity(*data);
641 break;
642 case CIL_SENSALIAS:
643 cil_destroy_alias(*data);
644 break;
645 case CIL_SENSALIASACTUAL:
646 cil_destroy_aliasactual(*data);
647 break;
648 case CIL_SENSITIVITYORDER:
649 cil_destroy_sensitivityorder(*data);
650 break;
651 case CIL_SENSCAT:
652 cil_destroy_senscat(*data);
653 break;
654 case CIL_CAT:
655 cil_destroy_category(*data);
656 break;
657 case CIL_CATSET:
658 cil_destroy_catset(*data);
659 break;
660 case CIL_CATALIAS:
661 cil_destroy_alias(*data);
662 break;
663 case CIL_CATALIASACTUAL:
664 cil_destroy_aliasactual(*data);
665 break;
666 case CIL_CATORDER:
667 cil_destroy_catorder(*data);
668 break;
669 case CIL_LEVEL:
670 cil_destroy_level(*data);
671 break;
672 case CIL_LEVELRANGE:
673 cil_destroy_levelrange(*data);
674 break;
675 case CIL_SID:
676 cil_destroy_sid(*data);
677 break;
678 case CIL_SIDORDER:
679 cil_destroy_sidorder(*data);
680 break;
681 case CIL_NAME:
682 cil_destroy_name(*data);
683 break;
684 case CIL_ROLEALLOW:
685 cil_destroy_roleallow(*data);
686 break;
687 case CIL_AVRULE:
688 case CIL_AVRULEX:
689 cil_destroy_avrule(*data);
690 break;
691 case CIL_PERMISSIONX:
692 cil_destroy_permissionx(*data);
693 break;
694 case CIL_ROLETRANSITION:
695 cil_destroy_roletransition(*data);
696 break;
697 case CIL_TYPE_RULE:
698 cil_destroy_type_rule(*data);
699 break;
700 case CIL_NAMETYPETRANSITION:
701 cil_destroy_typetransition(*data);
702 break;
703 case CIL_RANGETRANSITION:
704 cil_destroy_rangetransition(*data);
705 break;
706 case CIL_CONSTRAIN:
707 cil_destroy_constrain(*data);
708 break;
709 case CIL_MLSCONSTRAIN:
710 cil_destroy_constrain(*data);
711 break;
712 case CIL_VALIDATETRANS:
713 case CIL_MLSVALIDATETRANS:
714 cil_destroy_validatetrans(*data);
715 break;
716 case CIL_CONTEXT:
717 cil_destroy_context(*data);
718 break;
719 case CIL_IPADDR:
720 cil_destroy_ipaddr(*data);
721 break;
722 case CIL_SIDCONTEXT:
723 cil_destroy_sidcontext(*data);
724 break;
725 case CIL_FSUSE:
726 cil_destroy_fsuse(*data);
727 break;
728 case CIL_FILECON:
729 cil_destroy_filecon(*data);
730 break;
731 case CIL_PORTCON:
732 cil_destroy_portcon(*data);
733 break;
734 case CIL_NODECON:
735 cil_destroy_nodecon(*data);
736 break;
737 case CIL_GENFSCON:
738 cil_destroy_genfscon(*data);
739 break;
740 case CIL_NETIFCON:
741 cil_destroy_netifcon(*data);
742 break;
743 case CIL_PIRQCON:
744 cil_destroy_pirqcon(*data);
745 break;
746 case CIL_IOMEMCON:
747 cil_destroy_iomemcon(*data);
748 break;
749 case CIL_IOPORTCON:
750 cil_destroy_ioportcon(*data);
751 break;
752 case CIL_PCIDEVICECON:
753 cil_destroy_pcidevicecon(*data);
754 break;
755 case CIL_DEVICETREECON:
756 cil_destroy_devicetreecon(*data);
757 break;
758 case CIL_POLICYCAP:
759 cil_destroy_policycap(*data);
760 break;
761 case CIL_DEFAULTUSER:
762 case CIL_DEFAULTROLE:
763 case CIL_DEFAULTTYPE:
764 cil_destroy_default(*data);
765 break;
766 case CIL_DEFAULTRANGE:
767 cil_destroy_defaultrange(*data);
768 break;
769 case CIL_HANDLEUNKNOWN:
770 cil_destroy_handleunknown(*data);
771 break;
772 case CIL_MLS:
773 cil_destroy_mls(*data);
774 break;
775 case CIL_SRC_INFO:
776 cil_destroy_src_info(*data);
777 break;
778 case CIL_OP:
779 case CIL_CONS_OPERAND:
780 break;
781 default:
782 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
783 break;
784 }
785
786 *data = NULL;
787 }
788
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)789 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
790 {
791 if (flavor < CIL_MIN_DECLARATIVE) {
792 return SEPOL_ERR;
793 }
794
795 switch(flavor) {
796 case CIL_BLOCK:
797 *sym_index = CIL_SYM_BLOCKS;
798 break;
799 case CIL_MACRO:
800 *sym_index = CIL_SYM_BLOCKS;
801 break;
802 case CIL_OPTIONAL:
803 *sym_index = CIL_SYM_BLOCKS;
804 break;
805 case CIL_BOOL:
806 *sym_index = CIL_SYM_BOOLS;
807 break;
808 case CIL_TUNABLE:
809 *sym_index = CIL_SYM_TUNABLES;
810 break;
811 case CIL_PERM:
812 case CIL_MAP_PERM:
813 *sym_index = CIL_SYM_PERMS;
814 break;
815 case CIL_COMMON:
816 *sym_index = CIL_SYM_COMMONS;
817 break;
818 case CIL_CLASS:
819 case CIL_MAP_CLASS:
820 *sym_index = CIL_SYM_CLASSES;
821 break;
822 case CIL_CLASSPERMISSION:
823 case CIL_CLASSPERMISSIONSET:
824 *sym_index = CIL_SYM_CLASSPERMSETS;
825 break;
826 case CIL_USER:
827 case CIL_USERATTRIBUTE:
828 *sym_index = CIL_SYM_USERS;
829 break;
830 case CIL_ROLE:
831 case CIL_ROLEATTRIBUTE:
832 *sym_index = CIL_SYM_ROLES;
833 break;
834 case CIL_TYPE:
835 case CIL_TYPEALIAS:
836 case CIL_TYPEATTRIBUTE:
837 *sym_index = CIL_SYM_TYPES;
838 break;
839 case CIL_SENS:
840 case CIL_SENSALIAS:
841 *sym_index = CIL_SYM_SENS;
842 break;
843 case CIL_CAT:
844 case CIL_CATSET:
845 case CIL_CATALIAS:
846 *sym_index = CIL_SYM_CATS;
847 break;
848 case CIL_LEVEL:
849 *sym_index = CIL_SYM_LEVELS;
850 break;
851 case CIL_LEVELRANGE:
852 *sym_index = CIL_SYM_LEVELRANGES;
853 break;
854 case CIL_SID:
855 *sym_index = CIL_SYM_SIDS;
856 break;
857 case CIL_NAME:
858 *sym_index = CIL_SYM_NAMES;
859 break;
860 case CIL_CONTEXT:
861 *sym_index = CIL_SYM_CONTEXTS;
862 break;
863 case CIL_IPADDR:
864 *sym_index = CIL_SYM_IPADDRS;
865 break;
866 case CIL_POLICYCAP:
867 *sym_index = CIL_SYM_POLICYCAPS;
868 break;
869 case CIL_PERMISSIONX:
870 *sym_index = CIL_SYM_PERMX;
871 break;
872 default:
873 *sym_index = CIL_SYM_UNKNOWN;
874 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
875 return SEPOL_ERR;
876 }
877
878 return SEPOL_OK;
879 }
880
cil_node_to_string(struct cil_tree_node * node)881 const char * cil_node_to_string(struct cil_tree_node *node)
882 {
883 switch (node->flavor) {
884 case CIL_NONE:
885 return "<none>";
886 case CIL_ROOT:
887 return CIL_KEY_ROOT;
888 case CIL_NODE:
889 return CIL_KEY_NODE;
890 case CIL_STRING:
891 return "string";
892 case CIL_DATUM:
893 return "<datum>";
894 case CIL_LIST:
895 return "<list>";
896 case CIL_LIST_ITEM:
897 return "<list_item>";
898 case CIL_PARAM:
899 return "<param>";
900 case CIL_ARGS:
901 return "<args>";
902 case CIL_BLOCK:
903 return CIL_KEY_BLOCK;
904 case CIL_BLOCKINHERIT:
905 return CIL_KEY_BLOCKINHERIT;
906 case CIL_BLOCKABSTRACT:
907 return CIL_KEY_BLOCKABSTRACT;
908 case CIL_IN:
909 return CIL_KEY_IN;
910 case CIL_MACRO:
911 return CIL_KEY_MACRO;
912 case CIL_CALL:
913 return CIL_KEY_CALL;
914 case CIL_OPTIONAL:
915 return CIL_KEY_OPTIONAL;
916 case CIL_BOOL:
917 return CIL_KEY_BOOL;
918 case CIL_BOOLEANIF:
919 return CIL_KEY_BOOLEANIF;
920 case CIL_TUNABLE:
921 return CIL_KEY_TUNABLE;
922 case CIL_TUNABLEIF:
923 return CIL_KEY_TUNABLEIF;
924 case CIL_CONDBLOCK:
925 switch (((struct cil_condblock*)node->data)->flavor) {
926 case CIL_CONDTRUE:
927 return CIL_KEY_CONDTRUE;
928 case CIL_CONDFALSE:
929 return CIL_KEY_CONDFALSE;
930 default:
931 break;
932 }
933 break;
934 case CIL_CONDTRUE:
935 return CIL_KEY_CONDTRUE;
936 case CIL_CONDFALSE:
937 return CIL_KEY_CONDFALSE;
938 case CIL_PERM:
939 return CIL_KEY_PERM;
940 case CIL_COMMON:
941 return CIL_KEY_COMMON;
942 case CIL_CLASS:
943 return CIL_KEY_CLASS;
944 case CIL_CLASSORDER:
945 return CIL_KEY_CLASSORDER;
946 case CIL_MAP_CLASS:
947 return CIL_KEY_MAP_CLASS;
948 case CIL_CLASSPERMISSION:
949 return CIL_KEY_CLASSPERMISSION;
950 case CIL_CLASSCOMMON:
951 return CIL_KEY_CLASSCOMMON;
952 case CIL_CLASSMAPPING:
953 return CIL_KEY_CLASSMAPPING;
954 case CIL_CLASSPERMISSIONSET:
955 return CIL_KEY_CLASSPERMISSIONSET;
956 case CIL_USER:
957 return CIL_KEY_USER;
958 case CIL_USERATTRIBUTE:
959 return CIL_KEY_USERATTRIBUTE;
960 case CIL_USERATTRIBUTESET:
961 return CIL_KEY_USERATTRIBUTESET;
962 case CIL_USERPREFIX:
963 return CIL_KEY_USERPREFIX;
964 case CIL_USERROLE:
965 return CIL_KEY_USERROLE;
966 case CIL_USERLEVEL:
967 return CIL_KEY_USERLEVEL;
968 case CIL_USERRANGE:
969 return CIL_KEY_USERRANGE;
970 case CIL_USERBOUNDS:
971 return CIL_KEY_USERBOUNDS;
972 case CIL_SELINUXUSER:
973 return CIL_KEY_SELINUXUSER;
974 case CIL_SELINUXUSERDEFAULT:
975 return CIL_KEY_SELINUXUSERDEFAULT;
976 case CIL_ROLE:
977 return CIL_KEY_ROLE;
978 case CIL_ROLEATTRIBUTE:
979 return CIL_KEY_ROLEATTRIBUTE;
980 case CIL_ROLEATTRIBUTESET:
981 return CIL_KEY_ROLEATTRIBUTESET;
982 case CIL_ROLETYPE:
983 return CIL_KEY_ROLETYPE;
984 case CIL_ROLEBOUNDS:
985 return CIL_KEY_ROLEBOUNDS;
986 case CIL_TYPE:
987 return CIL_KEY_TYPE;
988 case CIL_TYPEATTRIBUTE:
989 return CIL_KEY_TYPEATTRIBUTE;
990 case CIL_TYPEALIAS:
991 return CIL_KEY_TYPEALIAS;
992 case CIL_TYPEATTRIBUTESET:
993 return CIL_KEY_TYPEATTRIBUTESET;
994 case CIL_EXPANDTYPEATTRIBUTE:
995 return CIL_KEY_EXPANDTYPEATTRIBUTE;
996 case CIL_TYPEALIASACTUAL:
997 return CIL_KEY_TYPEALIASACTUAL;
998 case CIL_TYPEBOUNDS:
999 return CIL_KEY_TYPEBOUNDS;
1000 case CIL_TYPEPERMISSIVE:
1001 return CIL_KEY_TYPEPERMISSIVE;
1002 case CIL_SENS:
1003 return CIL_KEY_SENSITIVITY;
1004 case CIL_SENSALIAS:
1005 return CIL_KEY_SENSALIAS;
1006 case CIL_SENSALIASACTUAL:
1007 return CIL_KEY_SENSALIASACTUAL;
1008 case CIL_SENSITIVITYORDER:
1009 return CIL_KEY_SENSITIVITYORDER;
1010 case CIL_SENSCAT:
1011 return CIL_KEY_SENSCAT;
1012 case CIL_CAT:
1013 return CIL_KEY_CATEGORY;
1014 case CIL_CATSET:
1015 return CIL_KEY_CATSET;
1016 case CIL_CATALIAS:
1017 return CIL_KEY_CATALIAS;
1018 case CIL_CATALIASACTUAL:
1019 return CIL_KEY_CATALIASACTUAL;
1020 case CIL_CATORDER:
1021 return CIL_KEY_CATORDER;
1022 case CIL_LEVEL:
1023 return CIL_KEY_LEVEL;
1024 case CIL_LEVELRANGE:
1025 return CIL_KEY_LEVELRANGE;
1026 case CIL_SID:
1027 return CIL_KEY_SID;
1028 case CIL_SIDORDER:
1029 return CIL_KEY_SIDORDER;
1030 case CIL_NAME:
1031 return CIL_KEY_NAME;
1032 case CIL_ROLEALLOW:
1033 return CIL_KEY_ROLEALLOW;
1034 case CIL_AVRULE:
1035 switch (((struct cil_avrule *)node->data)->rule_kind) {
1036 case CIL_AVRULE_ALLOWED:
1037 return CIL_KEY_ALLOW;
1038 case CIL_AVRULE_AUDITALLOW:
1039 return CIL_KEY_AUDITALLOW;
1040 case CIL_AVRULE_DONTAUDIT:
1041 return CIL_KEY_DONTAUDIT;
1042 case CIL_AVRULE_NEVERALLOW:
1043 return CIL_KEY_NEVERALLOW;
1044 default:
1045 break;
1046 }
1047 break;
1048 case CIL_AVRULEX:
1049 switch (((struct cil_avrule *)node->data)->rule_kind) {
1050 case CIL_AVRULE_ALLOWED:
1051 return CIL_KEY_ALLOWX;
1052 case CIL_AVRULE_AUDITALLOW:
1053 return CIL_KEY_AUDITALLOWX;
1054 case CIL_AVRULE_DONTAUDIT:
1055 return CIL_KEY_DONTAUDITX;
1056 case CIL_AVRULE_NEVERALLOW:
1057 return CIL_KEY_NEVERALLOWX;
1058 default:
1059 break;
1060 }
1061 break;
1062 case CIL_PERMISSIONX:
1063 return CIL_KEY_PERMISSIONX;
1064 case CIL_ROLETRANSITION:
1065 return CIL_KEY_ROLETRANSITION;
1066 case CIL_TYPE_RULE:
1067 switch (((struct cil_type_rule *)node->data)->rule_kind) {
1068 case CIL_TYPE_TRANSITION:
1069 return CIL_KEY_TYPETRANSITION;
1070 case CIL_TYPE_MEMBER:
1071 return CIL_KEY_TYPEMEMBER;
1072 case CIL_TYPE_CHANGE:
1073 return CIL_KEY_TYPECHANGE;
1074 default:
1075 break;
1076 }
1077 break;
1078 case CIL_NAMETYPETRANSITION:
1079 return CIL_KEY_TYPETRANSITION;
1080 case CIL_RANGETRANSITION:
1081 return CIL_KEY_RANGETRANSITION;
1082 case CIL_CONSTRAIN:
1083 return CIL_KEY_CONSTRAIN;
1084 case CIL_MLSCONSTRAIN:
1085 return CIL_KEY_MLSCONSTRAIN;
1086 case CIL_VALIDATETRANS:
1087 return CIL_KEY_VALIDATETRANS;
1088 case CIL_MLSVALIDATETRANS:
1089 return CIL_KEY_MLSVALIDATETRANS;
1090 case CIL_CONTEXT:
1091 return CIL_KEY_CONTEXT;
1092 case CIL_IPADDR:
1093 return CIL_KEY_IPADDR;
1094 case CIL_SIDCONTEXT:
1095 return CIL_KEY_SIDCONTEXT;
1096 case CIL_FSUSE:
1097 return CIL_KEY_FSUSE;
1098 case CIL_FILECON:
1099 return CIL_KEY_FILECON;
1100 case CIL_PORTCON:
1101 return CIL_KEY_PORTCON;
1102 case CIL_NODECON:
1103 return CIL_KEY_NODECON;
1104 case CIL_GENFSCON:
1105 return CIL_KEY_GENFSCON;
1106 case CIL_NETIFCON:
1107 return CIL_KEY_NETIFCON;
1108 case CIL_PIRQCON:
1109 return CIL_KEY_PIRQCON;
1110 case CIL_IOMEMCON:
1111 return CIL_KEY_IOMEMCON;
1112 case CIL_IOPORTCON:
1113 return CIL_KEY_IOPORTCON;
1114 case CIL_PCIDEVICECON:
1115 return CIL_KEY_PCIDEVICECON;
1116 case CIL_DEVICETREECON:
1117 return CIL_KEY_DEVICETREECON;
1118 case CIL_POLICYCAP:
1119 return CIL_KEY_POLICYCAP;
1120 case CIL_DEFAULTUSER:
1121 return CIL_KEY_DEFAULTUSER;
1122 case CIL_DEFAULTROLE:
1123 return CIL_KEY_DEFAULTROLE;
1124 case CIL_DEFAULTTYPE:
1125 return CIL_KEY_DEFAULTTYPE;
1126 case CIL_DEFAULTRANGE:
1127 return CIL_KEY_DEFAULTRANGE;
1128 case CIL_HANDLEUNKNOWN:
1129 return CIL_KEY_HANDLEUNKNOWN;
1130 case CIL_MLS:
1131 return CIL_KEY_MLS;
1132 case CIL_SRC_INFO:
1133 return CIL_KEY_SRC_INFO;
1134 case CIL_ALL:
1135 return CIL_KEY_ALL;
1136 case CIL_RANGE:
1137 return CIL_KEY_RANGE;
1138 case CIL_AND:
1139 return CIL_KEY_AND;
1140 case CIL_OR:
1141 return CIL_KEY_OR;
1142 case CIL_XOR:
1143 return CIL_KEY_XOR;
1144 case CIL_NOT:
1145 return CIL_KEY_NOT;
1146 case CIL_EQ:
1147 return CIL_KEY_EQ;
1148 case CIL_NEQ:
1149 return CIL_KEY_NEQ;
1150 case CIL_CONS_DOM:
1151 return CIL_KEY_CONS_DOM;
1152 case CIL_CONS_DOMBY:
1153 return CIL_KEY_CONS_DOMBY;
1154 case CIL_CONS_INCOMP:
1155 return CIL_KEY_CONS_INCOMP;
1156 case CIL_CONS_U1:
1157 return CIL_KEY_CONS_U1;
1158 case CIL_CONS_U2:
1159 return CIL_KEY_CONS_U2;
1160 case CIL_CONS_U3:
1161 return CIL_KEY_CONS_U3;
1162 case CIL_CONS_T1:
1163 return CIL_KEY_CONS_T1;
1164 case CIL_CONS_T2:
1165 return CIL_KEY_CONS_T2;
1166 case CIL_CONS_T3:
1167 return CIL_KEY_CONS_T3;
1168 case CIL_CONS_R1:
1169 return CIL_KEY_CONS_R1;
1170 case CIL_CONS_R2:
1171 return CIL_KEY_CONS_R2;
1172 case CIL_CONS_R3:
1173 return CIL_KEY_CONS_R3;
1174 case CIL_CONS_L1:
1175 return CIL_KEY_CONS_L1;
1176 case CIL_CONS_L2:
1177 return CIL_KEY_CONS_L2;
1178 case CIL_CONS_H1:
1179 return CIL_KEY_CONS_H1;
1180 case CIL_CONS_H2:
1181 return CIL_KEY_CONS_H2;
1182
1183 default:
1184 break;
1185 }
1186
1187 return "<unknown>";
1188 }
1189
1190 #ifdef DISABLE_SYMVER
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1191 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1192 #else
1193 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1194 #endif
1195 {
1196 int rc = SEPOL_ERR;
1197 size_t str_len = 0;
1198 int buf_pos = 0;
1199 char *str_tmp = NULL;
1200 struct cil_list_item *curr;
1201 struct cil_userprefix *userprefix = NULL;
1202 struct cil_user *user = NULL;
1203
1204 *out = NULL;
1205
1206 if (db->userprefixes->head == NULL) {
1207 rc = SEPOL_OK;
1208 *size = 0;
1209 goto exit;
1210 }
1211
1212 cil_list_for_each(curr, db->userprefixes) {
1213 userprefix = curr->data;
1214 user = userprefix->user;
1215 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1216 }
1217
1218 *size = str_len * sizeof(char);
1219 str_len++;
1220 str_tmp = cil_malloc(str_len * sizeof(char));
1221 *out = str_tmp;
1222
1223 cil_list_for_each(curr, db->userprefixes) {
1224 userprefix = curr->data;
1225 user = userprefix->user;
1226
1227 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1228 userprefix->prefix_str);
1229 str_len -= buf_pos;
1230 str_tmp += buf_pos;
1231 }
1232
1233 rc = SEPOL_OK;
1234 exit:
1235 return rc;
1236
1237 }
1238
1239 #ifndef DISABLE_SYMVER
cil_userprefixes_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1240 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1241 {
1242 return cil_userprefixes_to_string_nopdb(db, out, size);
1243 }
1244 #endif
1245
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1246 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1247 {
1248 int rc = SEPOL_ERR;
1249 struct cil_list_item *i;
1250 struct cil_list_item *j;
1251 struct cil_cat* cat;
1252 struct cil_catset *cs;
1253 struct cil_tree_node *node;
1254
1255 if (cats == NULL) {
1256 rc = SEPOL_OK;
1257 goto exit;
1258 }
1259
1260 cil_list_for_each(i, cats->datum_expr) {
1261 node = DATUM(i->data)->nodes->head->data;
1262 if (node->flavor == CIL_CATSET) {
1263 cs = (struct cil_catset*)i->data;
1264 cil_list_for_each(j, cs->cats->datum_expr) {
1265 cat = (struct cil_cat*)j->data;
1266 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1267 if (rc != SEPOL_OK) {
1268 goto exit;
1269 }
1270 }
1271 } else {
1272 cat = (struct cil_cat*)i->data;
1273 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1274 if (rc != SEPOL_OK) {
1275 goto exit;
1276 }
1277 }
1278 }
1279
1280 return SEPOL_OK;
1281
1282 exit:
1283 return rc;
1284 }
1285
cil_level_equals(struct cil_level * low,struct cil_level * high)1286 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1287 {
1288 int rc;
1289 struct ebitmap elow;
1290 struct ebitmap ehigh;
1291
1292 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1293 rc = 0;
1294 goto exit;
1295 }
1296
1297 ebitmap_init(&elow);
1298 ebitmap_init(&ehigh);
1299
1300 rc = cil_cats_to_ebitmap(low->cats, &elow);
1301 if (rc != SEPOL_OK) {
1302 goto exit;
1303 }
1304
1305 rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1306 if (rc != SEPOL_OK) {
1307 goto exit;
1308 }
1309
1310 rc = ebitmap_cmp(&elow, &ehigh);
1311 ebitmap_destroy(&elow);
1312 ebitmap_destroy(&ehigh);
1313
1314 exit:
1315 return rc;
1316 }
1317
__cil_level_strlen(struct cil_level * lvl)1318 static int __cil_level_strlen(struct cil_level *lvl)
1319 {
1320 struct cil_list_item *item;
1321 struct cil_cats *cats = lvl->cats;
1322 int str_len = 0;
1323 char *str1 = NULL;
1324 char *str2 = NULL;
1325 int first = -1;
1326 int last = -1;
1327
1328 str_len += strlen(lvl->sens->datum.fqn);
1329
1330 if (cats && cats->datum_expr != NULL) {
1331 str_len++; /* initial ":" */
1332 cil_list_for_each(item, cats->datum_expr) {
1333 struct cil_cat *cat = item->data;
1334 if (first == -1) {
1335 str1 = cat->datum.fqn;
1336 first = cat->value;
1337 last = first;
1338 } else if (cat->value == last + 1) {
1339 last++;
1340 str2 = cat->datum.fqn;
1341 } else {
1342 if (first == last) {
1343 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1344 } else if (last == first + 1) {
1345 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1346 } else {
1347 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1348 }
1349 first = -1;
1350 last = -1;
1351 if (item->next != NULL) {
1352 str_len++; /* space for "," after */
1353 }
1354 }
1355 }
1356 if (first != -1) {
1357 if (first == last) {
1358 str_len += strlen(str1);
1359 } else if (last == first + 1) {
1360 str_len += strlen(str1) + strlen(str2) + 1;
1361 } else {
1362 str_len += strlen(str1) + strlen(str2) + 1;
1363 }
1364 }
1365 }
1366
1367 return str_len;
1368 }
1369
__cil_level_to_string(struct cil_level * lvl,char * out)1370 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1371 {
1372 struct cil_list_item *item;
1373 struct cil_cats *cats = lvl->cats;
1374 int buf_pos = 0;
1375 char *str_tmp = out;
1376 char *str1 = NULL;
1377 char *str2 = NULL;
1378 int first = -1;
1379 int last = -1;
1380
1381 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1382 str_tmp += buf_pos;
1383
1384 if (cats && cats->datum_expr != NULL) {
1385 buf_pos = sprintf(str_tmp, ":");
1386 str_tmp += buf_pos;
1387
1388 cil_list_for_each(item, cats->datum_expr) {
1389 struct cil_cat *cat = item->data;
1390 if (first == -1) {
1391 str1 = cat->datum.fqn;
1392 first = cat->value;
1393 last = first;
1394 } else if (cat->value == last + 1) {
1395 last++;
1396 str2 = cat->datum.fqn;
1397 } else {
1398 if (first == last) {
1399 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1400 str_tmp += buf_pos;
1401 } else if (last == first + 1) {
1402 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1403 str_tmp += buf_pos;
1404 } else {
1405 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1406 str_tmp += buf_pos;
1407 }
1408 first = -1;
1409 last = -1;
1410 if (item->next != NULL) {
1411 buf_pos = sprintf(str_tmp, ",");
1412 str_tmp += buf_pos;
1413 }
1414 }
1415 }
1416 if (first != -1) {
1417 if (first == last) {
1418 buf_pos = sprintf(str_tmp, "%s", str1);
1419 str_tmp += buf_pos;
1420 } else if (last == first + 1) {
1421 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1422 str_tmp += buf_pos;
1423 } else {
1424 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1425 str_tmp += buf_pos;
1426 }
1427 }
1428 }
1429
1430 return str_tmp - out;
1431 }
1432
1433 #ifdef DISABLE_SYMVER
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1434 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1435 #else
1436 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1437 #endif
1438 {
1439 size_t str_len = 0;
1440 int buf_pos = 0;
1441 char *str_tmp = NULL;
1442 struct cil_list_item *curr;
1443
1444 if (db->selinuxusers->head == NULL) {
1445 *size = 0;
1446 *out = NULL;
1447 return SEPOL_OK;
1448 }
1449
1450 cil_list_for_each(curr, db->selinuxusers) {
1451 struct cil_selinuxuser *selinuxuser = curr->data;
1452 struct cil_user *user = selinuxuser->user;
1453
1454 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1455
1456 if (db->mls == CIL_TRUE) {
1457 struct cil_levelrange *range = selinuxuser->range;
1458 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1459 }
1460
1461 str_len++;
1462 }
1463
1464 *size = str_len * sizeof(char);
1465 str_tmp = cil_malloc(*size+1);
1466 *out = str_tmp;
1467
1468 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1469 struct cil_selinuxuser *selinuxuser = curr->data;
1470 struct cil_user *user = selinuxuser->user;
1471
1472 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1473 str_tmp += buf_pos;
1474
1475 if (db->mls == CIL_TRUE) {
1476 struct cil_levelrange *range = selinuxuser->range;
1477 buf_pos = sprintf(str_tmp, ":");
1478 str_tmp += buf_pos;
1479 buf_pos = __cil_level_to_string(range->low, str_tmp);
1480 str_tmp += buf_pos;
1481 buf_pos = sprintf(str_tmp, "-");
1482 str_tmp += buf_pos;
1483 buf_pos = __cil_level_to_string(range->high, str_tmp);
1484 str_tmp += buf_pos;
1485 }
1486
1487 buf_pos = sprintf(str_tmp, "\n");
1488 str_tmp += buf_pos;
1489 }
1490
1491 return SEPOL_OK;
1492 }
1493
1494 #ifndef DISABLE_SYMVER
cil_selinuxusers_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1495 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1496 {
1497 return cil_selinuxusers_to_string_nopdb(db, out, size);
1498 }
1499 #endif
1500
1501 #ifdef DISABLE_SYMVER
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1502 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1503 #else
1504 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1505 #endif
1506 {
1507 uint32_t i = 0;
1508 int buf_pos = 0;
1509 size_t str_len = 0;
1510 char *str_tmp = NULL;
1511 struct cil_sort *filecons = db->filecon;
1512
1513 for (i = 0; i < filecons->count; i++) {
1514 struct cil_filecon *filecon = filecons->array[i];
1515 struct cil_context *ctx = filecon->context;
1516
1517 str_len += strlen(filecon->path_str);
1518
1519 if (filecon->type != CIL_FILECON_ANY) {
1520 /* If a type is specified,
1521 +2 for type string, +1 for tab */
1522 str_len += 3;
1523 }
1524
1525 if (ctx != NULL) {
1526 struct cil_user *user = ctx->user;
1527 struct cil_role *role = ctx->role;
1528 struct cil_type *type = ctx->type;
1529
1530 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1531
1532 if (db->mls == CIL_TRUE) {
1533 struct cil_levelrange *range = ctx->range;
1534 if (cil_level_equals(range->low, range->high)) {
1535 str_len += __cil_level_strlen(range->low) + 1;
1536 } else {
1537 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1538 }
1539 }
1540 } else {
1541 str_len += strlen("\t<<none>>");
1542 }
1543
1544 str_len++;
1545 }
1546
1547 *size = str_len * sizeof(char);
1548 str_tmp = cil_malloc(*size+1);
1549 *out = str_tmp;
1550
1551 for (i = 0; i < filecons->count; i++) {
1552 struct cil_filecon *filecon = filecons->array[i];
1553 struct cil_context *ctx = filecon->context;
1554 const char *str_type = NULL;
1555
1556 buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1557 str_tmp += buf_pos;
1558
1559 switch(filecon->type) {
1560 case CIL_FILECON_FILE:
1561 str_type = "\t--";
1562 break;
1563 case CIL_FILECON_DIR:
1564 str_type = "\t-d";
1565 break;
1566 case CIL_FILECON_CHAR:
1567 str_type = "\t-c";
1568 break;
1569 case CIL_FILECON_BLOCK:
1570 str_type = "\t-b";
1571 break;
1572 case CIL_FILECON_SOCKET:
1573 str_type = "\t-s";
1574 break;
1575 case CIL_FILECON_PIPE:
1576 str_type = "\t-p";
1577 break;
1578 case CIL_FILECON_SYMLINK:
1579 str_type = "\t-l";
1580 break;
1581 default:
1582 str_type = "";
1583 break;
1584 }
1585 buf_pos = sprintf(str_tmp, "%s", str_type);
1586 str_tmp += buf_pos;
1587
1588 if (ctx != NULL) {
1589 struct cil_user *user = ctx->user;
1590 struct cil_role *role = ctx->role;
1591 struct cil_type *type = ctx->type;
1592
1593 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1594 type->datum.fqn);
1595 str_tmp += buf_pos;
1596
1597 if (db->mls == CIL_TRUE) {
1598 struct cil_levelrange *range = ctx->range;
1599 buf_pos = sprintf(str_tmp, ":");
1600 str_tmp += buf_pos;
1601 buf_pos = __cil_level_to_string(range->low, str_tmp);
1602 str_tmp += buf_pos;
1603
1604 if (!cil_level_equals(range->low, range->high)) {
1605 buf_pos = sprintf(str_tmp, "-");
1606 str_tmp += buf_pos;
1607 buf_pos = __cil_level_to_string(range->high, str_tmp);
1608 str_tmp += buf_pos;
1609 }
1610 }
1611 } else {
1612 buf_pos = sprintf(str_tmp, "\t<<none>>");
1613 str_tmp += buf_pos;
1614 }
1615
1616 buf_pos = sprintf(str_tmp, "\n");
1617 str_tmp += buf_pos;
1618 }
1619
1620 return SEPOL_OK;
1621 }
1622
1623 #ifndef DISABLE_SYMVER
cil_filecons_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1624 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1625 {
1626 return cil_filecons_to_string_nopdb(db, out, size);
1627 }
1628 #endif
1629
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1630 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1631 {
1632 db->disable_dontaudit = disable_dontaudit;
1633 }
1634
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1635 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1636 {
1637 db->disable_neverallow = disable_neverallow;
1638 }
1639
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1640 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1641 {
1642 db->attrs_expand_generated = attrs_expand_generated;
1643 }
1644
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1645 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1646 {
1647 db->attrs_expand_size = attrs_expand_size;
1648 }
1649
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1650 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1651 {
1652 db->preserve_tunables = preserve_tunables;
1653 }
1654
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1655 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1656 {
1657 int rc = 0;
1658
1659 switch (handle_unknown) {
1660 case SEPOL_DENY_UNKNOWN:
1661 case SEPOL_REJECT_UNKNOWN:
1662 case SEPOL_ALLOW_UNKNOWN:
1663 db->handle_unknown = handle_unknown;
1664 break;
1665 default:
1666 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1667 rc = -1;
1668 }
1669
1670 return rc;
1671 }
1672
cil_set_mls(struct cil_db * db,int mls)1673 void cil_set_mls(struct cil_db *db, int mls)
1674 {
1675 db->mls = mls;
1676 }
1677
cil_set_target_platform(struct cil_db * db,int target_platform)1678 void cil_set_target_platform(struct cil_db *db, int target_platform)
1679 {
1680 db->target_platform = target_platform;
1681 }
1682
cil_set_policy_version(struct cil_db * db,int policy_version)1683 void cil_set_policy_version(struct cil_db *db, int policy_version)
1684 {
1685 db->policy_version = policy_version;
1686 }
1687
cil_symtab_array_init(symtab_t symtab[],int symtab_sizes[CIL_SYM_NUM])1688 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM])
1689 {
1690 uint32_t i = 0;
1691 for (i = 0; i < CIL_SYM_NUM; i++) {
1692 cil_symtab_init(&symtab[i], symtab_sizes[i]);
1693 }
1694 }
1695
cil_symtab_array_destroy(symtab_t symtab[])1696 void cil_symtab_array_destroy(symtab_t symtab[])
1697 {
1698 int i = 0;
1699 for (i = 0; i < CIL_SYM_NUM; i++) {
1700 cil_symtab_destroy(&symtab[i]);
1701 }
1702 }
1703
cil_destroy_ast_symtabs(struct cil_tree_node * current)1704 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1705 {
1706 while (current) {
1707 switch (current->flavor) {
1708 case CIL_BLOCK:
1709 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1710 break;
1711 case CIL_IN:
1712 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1713 break;
1714 case CIL_CLASS:
1715 case CIL_COMMON:
1716 case CIL_MAP_CLASS:
1717 cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1718 break;
1719 case CIL_MACRO:
1720 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1721 break;
1722 case CIL_CONDBLOCK:
1723 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1724 break;
1725 default:
1726 break;
1727 }
1728
1729 if (current->cl_head) {
1730 cil_destroy_ast_symtabs(current->cl_head);
1731 }
1732
1733 current = current->next;
1734 }
1735 }
1736
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1737 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1738 {
1739 struct cil_tree_node *node = ast_node;
1740 *symtab = NULL;
1741
1742 if (sym_index == CIL_SYM_PERMS) {
1743 /* Class statements are not blocks, so the passed node should be the class */
1744 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1745 node->flavor == CIL_COMMON) {
1746 *symtab = &((struct cil_class*)node->data)->perms;
1747 return SEPOL_OK;
1748 }
1749 goto exit;
1750 }
1751
1752 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1753 cil_log(CIL_ERR, "Invalid symtab type\n");
1754 goto exit;
1755 }
1756
1757 while (node != NULL && *symtab == NULL) {
1758 switch (node->flavor) {
1759 case CIL_ROOT:
1760 *symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1761 break;
1762 case CIL_BLOCK:
1763 *symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1764 break;
1765 case CIL_MACRO:
1766 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1767 break;
1768 case CIL_IN:
1769 /* In blocks only exist before resolving the AST */
1770 *symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1771 break;
1772 case CIL_CONDBLOCK: {
1773 if (node->parent->flavor == CIL_TUNABLEIF) {
1774 /* Cond blocks only exist before resolving the AST */
1775 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1776 } else if (node->parent->flavor == CIL_BOOLEANIF) {
1777 node = node->parent->parent;
1778 }
1779 break;
1780 }
1781 default:
1782 node = node->parent;
1783 }
1784 }
1785
1786 if (*symtab == NULL) {
1787 goto exit;
1788 }
1789
1790 return SEPOL_OK;
1791
1792 exit:
1793 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
1794 return SEPOL_ERR;
1795 }
1796
cil_sort_init(struct cil_sort ** sort)1797 void cil_sort_init(struct cil_sort **sort)
1798 {
1799 *sort = cil_malloc(sizeof(**sort));
1800
1801 (*sort)->flavor = CIL_NONE;
1802 (*sort)->count = 0;
1803 (*sort)->index = 0;
1804 (*sort)->array = NULL;
1805 }
1806
cil_sort_destroy(struct cil_sort ** sort)1807 void cil_sort_destroy(struct cil_sort **sort)
1808 {
1809 (*sort)->flavor = CIL_NONE;
1810 (*sort)->count = 0;
1811 (*sort)->index = 0;
1812 if ((*sort)->array != NULL) {
1813 free((*sort)->array);
1814 }
1815 (*sort)->array = NULL;
1816
1817 free(*sort);
1818 *sort = NULL;
1819 }
1820
cil_netifcon_init(struct cil_netifcon ** netifcon)1821 void cil_netifcon_init(struct cil_netifcon **netifcon)
1822 {
1823 *netifcon = cil_malloc(sizeof(**netifcon));
1824
1825 (*netifcon)->interface_str = NULL;
1826 (*netifcon)->if_context_str = NULL;
1827 (*netifcon)->if_context = NULL;
1828 (*netifcon)->packet_context_str = NULL;
1829 (*netifcon)->packet_context = NULL;
1830 (*netifcon)->context_str = NULL;
1831 }
1832
cil_context_init(struct cil_context ** context)1833 void cil_context_init(struct cil_context **context)
1834 {
1835 *context = cil_malloc(sizeof(**context));
1836
1837 cil_symtab_datum_init(&(*context)->datum);
1838 (*context)->user_str = NULL;
1839 (*context)->user = NULL;
1840 (*context)->role_str = NULL;
1841 (*context)->role = NULL;
1842 (*context)->type_str = NULL;
1843 (*context)->type = NULL;
1844 (*context)->range_str = NULL;
1845 (*context)->range = NULL;
1846 }
1847
cil_level_init(struct cil_level ** level)1848 void cil_level_init(struct cil_level **level)
1849 {
1850 *level = cil_malloc(sizeof(**level));
1851
1852 cil_symtab_datum_init(&(*level)->datum);
1853 (*level)->sens_str = NULL;
1854 (*level)->sens = NULL;
1855 (*level)->cats = NULL;
1856 }
1857
cil_levelrange_init(struct cil_levelrange ** range)1858 void cil_levelrange_init(struct cil_levelrange **range)
1859 {
1860 *range = cil_malloc(sizeof(**range));
1861
1862 cil_symtab_datum_init(&(*range)->datum);
1863 (*range)->low_str = NULL;
1864 (*range)->low = NULL;
1865 (*range)->high_str = NULL;
1866 (*range)->high = NULL;
1867 }
1868
cil_sens_init(struct cil_sens ** sens)1869 void cil_sens_init(struct cil_sens **sens)
1870 {
1871 *sens = cil_malloc(sizeof(**sens));
1872
1873 cil_symtab_datum_init(&(*sens)->datum);
1874
1875 (*sens)->cats_list = NULL;
1876
1877 (*sens)->ordered = CIL_FALSE;
1878 }
1879
cil_block_init(struct cil_block ** block)1880 void cil_block_init(struct cil_block **block)
1881 {
1882 *block = cil_malloc(sizeof(**block));
1883
1884 cil_symtab_datum_init(&(*block)->datum);
1885
1886 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
1887
1888 (*block)->is_abstract = CIL_FALSE;
1889
1890 (*block)->bi_nodes = NULL;
1891 }
1892
cil_blockinherit_init(struct cil_blockinherit ** inherit)1893 void cil_blockinherit_init(struct cil_blockinherit **inherit)
1894 {
1895 *inherit = cil_malloc(sizeof(**inherit));
1896 (*inherit)->block_str = NULL;
1897 (*inherit)->block = NULL;
1898 }
1899
cil_blockabstract_init(struct cil_blockabstract ** abstract)1900 void cil_blockabstract_init(struct cil_blockabstract **abstract)
1901 {
1902 *abstract = cil_malloc(sizeof(**abstract));
1903 (*abstract)->block_str = NULL;
1904 }
1905
cil_in_init(struct cil_in ** in)1906 void cil_in_init(struct cil_in **in)
1907 {
1908 *in = cil_malloc(sizeof(**in));
1909
1910 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
1911 (*in)->block_str = NULL;
1912 }
1913
cil_class_init(struct cil_class ** class)1914 void cil_class_init(struct cil_class **class)
1915 {
1916 *class = cil_malloc(sizeof(**class));
1917
1918 cil_symtab_datum_init(&(*class)->datum);
1919
1920 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
1921
1922 (*class)->num_perms = 0;
1923 (*class)->common = NULL;
1924 (*class)->ordered = CIL_FALSE;
1925 }
1926
cil_classorder_init(struct cil_classorder ** classorder)1927 void cil_classorder_init(struct cil_classorder **classorder)
1928 {
1929 *classorder = cil_malloc(sizeof(**classorder));
1930
1931 (*classorder)->class_list_str = NULL;
1932 }
1933
cil_classcommon_init(struct cil_classcommon ** classcommon)1934 void cil_classcommon_init(struct cil_classcommon **classcommon)
1935 {
1936 *classcommon = cil_malloc(sizeof(**classcommon));
1937
1938 (*classcommon)->class_str = NULL;
1939 (*classcommon)->common_str = NULL;
1940 }
1941
cil_sid_init(struct cil_sid ** sid)1942 void cil_sid_init(struct cil_sid **sid)
1943 {
1944 *sid = cil_malloc(sizeof(**sid));
1945
1946 cil_symtab_datum_init(&(*sid)->datum);
1947
1948 (*sid)->ordered = CIL_FALSE;
1949 (*sid)->context = NULL;
1950 }
1951
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)1952 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
1953 {
1954 *sidcontext = cil_malloc(sizeof(**sidcontext));
1955
1956 (*sidcontext)->sid_str = NULL;
1957 (*sidcontext)->context_str = NULL;
1958 (*sidcontext)->context = NULL;
1959 }
1960
cil_sidorder_init(struct cil_sidorder ** sidorder)1961 void cil_sidorder_init(struct cil_sidorder **sidorder)
1962 {
1963 *sidorder = cil_malloc(sizeof(**sidorder));
1964
1965 (*sidorder)->sid_list_str = NULL;
1966 }
1967
cil_userrole_init(struct cil_userrole ** userrole)1968 void cil_userrole_init(struct cil_userrole **userrole)
1969 {
1970 *userrole = cil_malloc(sizeof(**userrole));
1971
1972 (*userrole)->user_str = NULL;
1973 (*userrole)->user = NULL;
1974 (*userrole)->role_str = NULL;
1975 (*userrole)->role = NULL;
1976 }
1977
cil_userprefix_init(struct cil_userprefix ** userprefix)1978 void cil_userprefix_init(struct cil_userprefix **userprefix)
1979 {
1980 *userprefix = cil_malloc(sizeof(**userprefix));
1981
1982 (*userprefix)->user_str = NULL;
1983 (*userprefix)->user = NULL;
1984 (*userprefix)->prefix_str = NULL;
1985 }
1986
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)1987 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
1988 {
1989 *selinuxuser = cil_malloc(sizeof(**selinuxuser));
1990
1991 (*selinuxuser)->name_str = NULL;
1992 (*selinuxuser)->user_str = NULL;
1993 (*selinuxuser)->user = NULL;
1994 (*selinuxuser)->range_str = NULL;
1995 (*selinuxuser)->range = NULL;
1996 }
1997
cil_roletype_init(struct cil_roletype ** roletype)1998 void cil_roletype_init(struct cil_roletype **roletype)
1999 {
2000 *roletype = cil_malloc(sizeof(**roletype));
2001
2002 (*roletype)->role_str = NULL;
2003 (*roletype)->role = NULL;
2004 (*roletype)->type_str = NULL;
2005 (*roletype)->type = NULL;
2006 }
2007
cil_roleattribute_init(struct cil_roleattribute ** attr)2008 void cil_roleattribute_init(struct cil_roleattribute **attr)
2009 {
2010 *attr = cil_malloc(sizeof(**attr));
2011
2012 cil_symtab_datum_init(&(*attr)->datum);
2013
2014 (*attr)->expr_list = NULL;
2015 (*attr)->roles = NULL;
2016 }
2017
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2018 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2019 {
2020 *attrset = cil_malloc(sizeof(**attrset));
2021
2022 (*attrset)->attr_str = NULL;
2023 (*attrset)->str_expr = NULL;
2024 (*attrset)->datum_expr = NULL;
2025 }
2026
cil_typeattribute_init(struct cil_typeattribute ** attr)2027 void cil_typeattribute_init(struct cil_typeattribute **attr)
2028 {
2029 *attr = cil_malloc(sizeof(**attr));
2030
2031 cil_symtab_datum_init(&(*attr)->datum);
2032
2033 (*attr)->expr_list = NULL;
2034 (*attr)->types = NULL;
2035 (*attr)->used = CIL_FALSE;
2036 }
2037
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2038 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2039 {
2040 *attrset = cil_malloc(sizeof(**attrset));
2041
2042 (*attrset)->attr_str = NULL;
2043 (*attrset)->str_expr = NULL;
2044 (*attrset)->datum_expr = NULL;
2045 }
2046
cil_expandtypeattribute_init(struct cil_expandtypeattribute ** expandattr)2047 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr)
2048 {
2049 *expandattr = cil_malloc(sizeof(**expandattr));
2050
2051 (*expandattr)->attr_strs = NULL;
2052 (*expandattr)->attr_datums = NULL;
2053 (*expandattr)->expand = 0;
2054 }
2055
cil_alias_init(struct cil_alias ** alias)2056 void cil_alias_init(struct cil_alias **alias)
2057 {
2058 *alias = cil_malloc(sizeof(**alias));
2059
2060 (*alias)->actual = NULL;
2061
2062 cil_symtab_datum_init(&(*alias)->datum);
2063 }
2064
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2065 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2066 {
2067 *aliasactual = cil_malloc(sizeof(**aliasactual));
2068
2069 (*aliasactual)->alias_str = NULL;
2070 (*aliasactual)->actual_str = NULL;
2071 }
2072
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2073 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2074 {
2075 *typeperm = cil_malloc(sizeof(**typeperm));
2076
2077 (*typeperm)->type_str = NULL;
2078 (*typeperm)->type = NULL;
2079 }
2080
cil_name_init(struct cil_name ** name)2081 void cil_name_init(struct cil_name **name)
2082 {
2083 *name = cil_malloc(sizeof(**name));
2084
2085 cil_symtab_datum_init(&(*name)->datum);
2086 (*name)->name_str = NULL;
2087 }
2088
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2089 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2090 {
2091 *nametypetrans = cil_malloc(sizeof(**nametypetrans));
2092
2093 (*nametypetrans)->src_str = NULL;
2094 (*nametypetrans)->src = NULL;
2095 (*nametypetrans)->tgt_str = NULL;
2096 (*nametypetrans)->tgt = NULL;
2097 (*nametypetrans)->obj_str = NULL;
2098 (*nametypetrans)->obj = NULL;
2099 (*nametypetrans)->name_str = NULL;
2100 (*nametypetrans)->name = NULL;
2101 (*nametypetrans)->result_str = NULL;
2102 (*nametypetrans)->result = NULL;
2103 }
2104
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2105 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2106 {
2107 *rangetrans = cil_malloc(sizeof(**rangetrans));
2108
2109 (*rangetrans)->src_str = NULL;
2110 (*rangetrans)->src = NULL;
2111 (*rangetrans)->exec_str = NULL;
2112 (*rangetrans)->exec = NULL;
2113 (*rangetrans)->obj_str = NULL;
2114 (*rangetrans)->obj = NULL;
2115 (*rangetrans)->range_str = NULL;
2116 (*rangetrans)->range = NULL;
2117 }
2118
cil_bool_init(struct cil_bool ** cilbool)2119 void cil_bool_init(struct cil_bool **cilbool)
2120 {
2121 *cilbool = cil_malloc(sizeof(**cilbool));
2122
2123 cil_symtab_datum_init(&(*cilbool)->datum);
2124 (*cilbool)->value = 0;
2125 }
2126
cil_tunable_init(struct cil_tunable ** ciltun)2127 void cil_tunable_init(struct cil_tunable **ciltun)
2128 {
2129 *ciltun = cil_malloc(sizeof(**ciltun));
2130
2131 cil_symtab_datum_init(&(*ciltun)->datum);
2132 (*ciltun)->value = 0;
2133 }
2134
cil_condblock_init(struct cil_condblock ** cb)2135 void cil_condblock_init(struct cil_condblock **cb)
2136 {
2137 *cb = cil_malloc(sizeof(**cb));
2138
2139 (*cb)->flavor = CIL_NONE;
2140 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2141 }
2142
cil_boolif_init(struct cil_booleanif ** bif)2143 void cil_boolif_init(struct cil_booleanif **bif)
2144 {
2145 *bif = cil_malloc(sizeof(**bif));
2146
2147 (*bif)->str_expr = NULL;
2148 (*bif)->datum_expr = NULL;
2149 }
2150
cil_tunif_init(struct cil_tunableif ** tif)2151 void cil_tunif_init(struct cil_tunableif **tif)
2152 {
2153 *tif = cil_malloc(sizeof(**tif));
2154
2155 (*tif)->str_expr = NULL;
2156 (*tif)->datum_expr = NULL;
2157 }
2158
cil_avrule_init(struct cil_avrule ** avrule)2159 void cil_avrule_init(struct cil_avrule **avrule)
2160 {
2161 *avrule = cil_malloc(sizeof(**avrule));
2162
2163 (*avrule)->is_extended = 0;
2164 (*avrule)->rule_kind = CIL_NONE;
2165 (*avrule)->src_str = NULL;
2166 (*avrule)->src = NULL;
2167 (*avrule)->tgt_str = NULL;
2168 (*avrule)->tgt = NULL;
2169 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2170 }
2171
cil_permissionx_init(struct cil_permissionx ** permx)2172 void cil_permissionx_init(struct cil_permissionx **permx)
2173 {
2174 *permx = cil_malloc(sizeof(**permx));
2175
2176 cil_symtab_datum_init(&(*permx)->datum);
2177 (*permx)->kind = CIL_NONE;
2178 (*permx)->obj_str = NULL;
2179 (*permx)->obj = NULL;
2180 (*permx)->expr_str = NULL;
2181 (*permx)->perms = NULL;
2182 }
2183
cil_type_rule_init(struct cil_type_rule ** type_rule)2184 void cil_type_rule_init(struct cil_type_rule **type_rule)
2185 {
2186 *type_rule = cil_malloc(sizeof(**type_rule));
2187
2188 (*type_rule)->rule_kind = CIL_NONE;
2189 (*type_rule)->src_str = NULL;
2190 (*type_rule)->src = NULL;
2191 (*type_rule)->tgt_str = NULL;
2192 (*type_rule)->tgt = NULL;
2193 (*type_rule)->obj_str = NULL;
2194 (*type_rule)->obj = NULL;
2195 (*type_rule)->result_str = NULL;
2196 (*type_rule)->result = NULL;
2197 }
2198
cil_roletransition_init(struct cil_roletransition ** role_trans)2199 void cil_roletransition_init(struct cil_roletransition **role_trans)
2200 {
2201 *role_trans = cil_malloc(sizeof(**role_trans));
2202
2203 (*role_trans)->src_str = NULL;
2204 (*role_trans)->src = NULL;
2205 (*role_trans)->tgt_str = NULL;
2206 (*role_trans)->tgt = NULL;
2207 (*role_trans)->obj_str = NULL;
2208 (*role_trans)->obj = NULL;
2209 (*role_trans)->result_str = NULL;
2210 (*role_trans)->result = NULL;
2211 }
2212
cil_roleallow_init(struct cil_roleallow ** roleallow)2213 void cil_roleallow_init(struct cil_roleallow **roleallow)
2214 {
2215 *roleallow = cil_malloc(sizeof(**roleallow));
2216
2217 (*roleallow)->src_str = NULL;
2218 (*roleallow)->src = NULL;
2219 (*roleallow)->tgt_str = NULL;
2220 (*roleallow)->tgt = NULL;
2221 }
2222
cil_catset_init(struct cil_catset ** catset)2223 void cil_catset_init(struct cil_catset **catset)
2224 {
2225 *catset = cil_malloc(sizeof(**catset));
2226
2227 cil_symtab_datum_init(&(*catset)->datum);
2228 (*catset)->cats = NULL;
2229 }
2230
cil_senscat_init(struct cil_senscat ** senscat)2231 void cil_senscat_init(struct cil_senscat **senscat)
2232 {
2233 *senscat = cil_malloc(sizeof(**senscat));
2234
2235 (*senscat)->sens_str = NULL;
2236 (*senscat)->cats = NULL;
2237 }
2238
cil_cats_init(struct cil_cats ** cats)2239 void cil_cats_init(struct cil_cats **cats)
2240 {
2241 *cats = cil_malloc(sizeof(**cats));
2242
2243 (*cats)->evaluated = CIL_FALSE;
2244 (*cats)->str_expr = NULL;
2245 (*cats)->datum_expr = NULL;
2246 }
2247
cil_filecon_init(struct cil_filecon ** filecon)2248 void cil_filecon_init(struct cil_filecon **filecon)
2249 {
2250 *filecon = cil_malloc(sizeof(**filecon));
2251
2252 (*filecon)->path_str = NULL;
2253 (*filecon)->type = 0;
2254 (*filecon)->context_str = NULL;
2255 (*filecon)->context = NULL;
2256 }
2257
cil_portcon_init(struct cil_portcon ** portcon)2258 void cil_portcon_init(struct cil_portcon **portcon)
2259 {
2260 *portcon = cil_malloc(sizeof(**portcon));
2261 (*portcon)->proto = 0;
2262 (*portcon)->port_low = 0;
2263 (*portcon)->port_high = 0;
2264 (*portcon)->context_str = NULL;
2265 (*portcon)->context = NULL;
2266 }
2267
cil_nodecon_init(struct cil_nodecon ** nodecon)2268 void cil_nodecon_init(struct cil_nodecon **nodecon)
2269 {
2270 *nodecon = cil_malloc(sizeof(**nodecon));
2271
2272 (*nodecon)->addr_str = NULL;
2273 (*nodecon)->addr = NULL;
2274 (*nodecon)->mask_str = NULL;
2275 (*nodecon)->mask = NULL;
2276 (*nodecon)->context_str = NULL;
2277 (*nodecon)->context = NULL;
2278 }
2279
cil_genfscon_init(struct cil_genfscon ** genfscon)2280 void cil_genfscon_init(struct cil_genfscon **genfscon)
2281 {
2282 *genfscon = cil_malloc(sizeof(**genfscon));
2283
2284 (*genfscon)->fs_str = NULL;
2285 (*genfscon)->path_str = NULL;
2286 (*genfscon)->context_str = NULL;
2287 (*genfscon)->context = NULL;
2288 }
2289
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2290 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2291 {
2292 *pirqcon = cil_malloc(sizeof(**pirqcon));
2293
2294 (*pirqcon)->pirq = 0;
2295 (*pirqcon)->context_str = NULL;
2296 (*pirqcon)->context = NULL;
2297 }
2298
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2299 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2300 {
2301 *iomemcon = cil_malloc(sizeof(**iomemcon));
2302
2303 (*iomemcon)->iomem_low = 0;
2304 (*iomemcon)->iomem_high = 0;
2305 (*iomemcon)->context_str = NULL;
2306 (*iomemcon)->context = NULL;
2307 }
2308
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2309 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2310 {
2311 *ioportcon = cil_malloc(sizeof(**ioportcon));
2312
2313 (*ioportcon)->context_str = NULL;
2314 (*ioportcon)->context = NULL;
2315 }
2316
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2317 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2318 {
2319 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2320
2321 (*pcidevicecon)->dev = 0;
2322 (*pcidevicecon)->context_str = NULL;
2323 (*pcidevicecon)->context = NULL;
2324 }
2325
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2326 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2327 {
2328 *dtcon = cil_malloc(sizeof(**dtcon));
2329
2330 (*dtcon)->path = NULL;
2331 (*dtcon)->context_str = NULL;
2332 (*dtcon)->context = NULL;
2333 }
2334
cil_fsuse_init(struct cil_fsuse ** fsuse)2335 void cil_fsuse_init(struct cil_fsuse **fsuse)
2336 {
2337 *fsuse = cil_malloc(sizeof(**fsuse));
2338
2339 (*fsuse)->type = 0;
2340 (*fsuse)->fs_str = NULL;
2341 (*fsuse)->context_str = NULL;
2342 (*fsuse)->context = NULL;
2343 }
2344
cil_constrain_init(struct cil_constrain ** constrain)2345 void cil_constrain_init(struct cil_constrain **constrain)
2346 {
2347 *constrain = cil_malloc(sizeof(**constrain));
2348
2349 (*constrain)->classperms = NULL;
2350 (*constrain)->str_expr = NULL;
2351 (*constrain)->datum_expr = NULL;
2352 }
2353
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2354 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2355 {
2356 *validtrans = cil_malloc(sizeof(**validtrans));
2357
2358 (*validtrans)->class_str = NULL;
2359 (*validtrans)->class = NULL;
2360 (*validtrans)->str_expr = NULL;
2361 (*validtrans)->datum_expr = NULL;
2362 }
2363
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2364 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2365 {
2366 *ipaddr = cil_malloc(sizeof(**ipaddr));
2367
2368 cil_symtab_datum_init(&(*ipaddr)->datum);
2369 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2370 }
2371
cil_perm_init(struct cil_perm ** perm)2372 void cil_perm_init(struct cil_perm **perm)
2373 {
2374 *perm = cil_malloc(sizeof(**perm));
2375
2376 cil_symtab_datum_init(&(*perm)->datum);
2377 (*perm)->value = 0;
2378 (*perm)->classperms = NULL;
2379 }
2380
cil_classpermission_init(struct cil_classpermission ** cp)2381 void cil_classpermission_init(struct cil_classpermission **cp)
2382 {
2383 *cp = cil_malloc(sizeof(**cp));
2384
2385 cil_symtab_datum_init(&(*cp)->datum);
2386 (*cp)->classperms = NULL;
2387 }
2388
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2389 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2390 {
2391 *cps = cil_malloc(sizeof(**cps));
2392
2393 (*cps)->set_str = NULL;
2394 (*cps)->classperms = NULL;
2395 }
2396
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2397 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2398 {
2399 *cp_set = cil_malloc(sizeof(**cp_set));
2400 (*cp_set)->set_str = NULL;
2401 (*cp_set)->set = NULL;
2402 }
2403
cil_classperms_init(struct cil_classperms ** cp)2404 void cil_classperms_init(struct cil_classperms **cp)
2405 {
2406 *cp = cil_malloc(sizeof(**cp));
2407 (*cp)->class_str = NULL;
2408 (*cp)->class = NULL;
2409 (*cp)->perm_strs = NULL;
2410 (*cp)->perms = NULL;
2411 }
2412
cil_classmapping_init(struct cil_classmapping ** mapping)2413 void cil_classmapping_init(struct cil_classmapping **mapping)
2414 {
2415 *mapping = cil_malloc(sizeof(**mapping));
2416
2417 (*mapping)->map_class_str = NULL;
2418 (*mapping)->map_perm_str = NULL;
2419 (*mapping)->classperms = NULL;
2420 }
2421
cil_user_init(struct cil_user ** user)2422 void cil_user_init(struct cil_user **user)
2423 {
2424 *user = cil_malloc(sizeof(**user));
2425
2426 cil_symtab_datum_init(&(*user)->datum);
2427 (*user)->bounds = NULL;
2428 (*user)->roles = NULL;
2429 (*user)->dftlevel = NULL;
2430 (*user)->range = NULL;
2431 (*user)->value = 0;
2432 }
2433
cil_userattribute_init(struct cil_userattribute ** attr)2434 void cil_userattribute_init(struct cil_userattribute **attr)
2435 {
2436 *attr = cil_malloc(sizeof(**attr));
2437
2438 cil_symtab_datum_init(&(*attr)->datum);
2439
2440 (*attr)->expr_list = NULL;
2441 (*attr)->users = NULL;
2442 }
2443
cil_userattributeset_init(struct cil_userattributeset ** attrset)2444 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2445 {
2446 *attrset = cil_malloc(sizeof(**attrset));
2447
2448 (*attrset)->attr_str = NULL;
2449 (*attrset)->str_expr = NULL;
2450 (*attrset)->datum_expr = NULL;
2451 }
2452
cil_userlevel_init(struct cil_userlevel ** usrlvl)2453 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2454 {
2455 *usrlvl = cil_malloc(sizeof(**usrlvl));
2456
2457 (*usrlvl)->user_str = NULL;
2458 (*usrlvl)->level_str = NULL;
2459 (*usrlvl)->level = NULL;
2460 }
2461
cil_userrange_init(struct cil_userrange ** userrange)2462 void cil_userrange_init(struct cil_userrange **userrange)
2463 {
2464 *userrange = cil_malloc(sizeof(**userrange));
2465
2466 (*userrange)->user_str = NULL;
2467 (*userrange)->range_str = NULL;
2468 (*userrange)->range = NULL;
2469 }
2470
cil_role_init(struct cil_role ** role)2471 void cil_role_init(struct cil_role **role)
2472 {
2473 *role = cil_malloc(sizeof(**role));
2474
2475 cil_symtab_datum_init(&(*role)->datum);
2476 (*role)->bounds = NULL;
2477 (*role)->types = NULL;
2478 (*role)->value = 0;
2479 }
2480
cil_type_init(struct cil_type ** type)2481 void cil_type_init(struct cil_type **type)
2482 {
2483 *type = cil_malloc(sizeof(**type));
2484
2485 cil_symtab_datum_init(&(*type)->datum);
2486 (*type)->bounds = NULL;
2487 (*type)->value = 0;
2488 }
2489
cil_cat_init(struct cil_cat ** cat)2490 void cil_cat_init(struct cil_cat **cat)
2491 {
2492 *cat = cil_malloc(sizeof(**cat));
2493
2494 cil_symtab_datum_init(&(*cat)->datum);
2495 (*cat)->ordered = CIL_FALSE;
2496 (*cat)->value = 0;
2497 }
2498
cil_catorder_init(struct cil_catorder ** catorder)2499 void cil_catorder_init(struct cil_catorder **catorder)
2500 {
2501 *catorder = cil_malloc(sizeof(**catorder));
2502
2503 (*catorder)->cat_list_str = NULL;
2504 }
2505
cil_sensorder_init(struct cil_sensorder ** sensorder)2506 void cil_sensorder_init(struct cil_sensorder **sensorder)
2507 {
2508 *sensorder = cil_malloc(sizeof(**sensorder));
2509
2510 (*sensorder)->sens_list_str = NULL;
2511 }
2512
cil_args_init(struct cil_args ** args)2513 void cil_args_init(struct cil_args **args)
2514 {
2515 *args = cil_malloc(sizeof(**args));
2516 (*args)->arg_str = NULL;
2517 (*args)->arg = NULL;
2518 (*args)->param_str = NULL;
2519 (*args)->flavor = CIL_NONE;
2520 }
2521
cil_call_init(struct cil_call ** call)2522 void cil_call_init(struct cil_call **call)
2523 {
2524 *call = cil_malloc(sizeof(**call));
2525
2526 (*call)->macro_str = NULL;
2527 (*call)->macro = NULL;
2528 (*call)->args_tree = NULL;
2529 (*call)->args = NULL;
2530 (*call)->copied = 0;
2531 }
2532
cil_optional_init(struct cil_optional ** optional)2533 void cil_optional_init(struct cil_optional **optional)
2534 {
2535 *optional = cil_malloc(sizeof(**optional));
2536 (*optional)->enabled = CIL_TRUE;
2537 cil_symtab_datum_init(&(*optional)->datum);
2538 }
2539
cil_param_init(struct cil_param ** param)2540 void cil_param_init(struct cil_param **param)
2541 {
2542 *param = cil_malloc(sizeof(**param));
2543
2544 (*param)->str = NULL;
2545 (*param)->flavor = CIL_NONE;
2546 }
2547
cil_macro_init(struct cil_macro ** macro)2548 void cil_macro_init(struct cil_macro **macro)
2549 {
2550 *macro = cil_malloc(sizeof(**macro));
2551
2552 cil_symtab_datum_init(&(*macro)->datum);
2553 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2554 (*macro)->params = NULL;
2555 }
2556
cil_policycap_init(struct cil_policycap ** policycap)2557 void cil_policycap_init(struct cil_policycap **policycap)
2558 {
2559 *policycap = cil_malloc(sizeof(**policycap));
2560
2561 cil_symtab_datum_init(&(*policycap)->datum);
2562 }
2563
cil_bounds_init(struct cil_bounds ** bounds)2564 void cil_bounds_init(struct cil_bounds **bounds)
2565 {
2566 *bounds = cil_malloc(sizeof(**bounds));
2567
2568 (*bounds)->parent_str = NULL;
2569 (*bounds)->child_str = NULL;
2570 }
2571
cil_default_init(struct cil_default ** def)2572 void cil_default_init(struct cil_default **def)
2573 {
2574 *def = cil_malloc(sizeof(**def));
2575
2576 (*def)->flavor = CIL_NONE;
2577 (*def)->class_strs = NULL;
2578 (*def)->class_datums = NULL;
2579 }
2580
cil_defaultrange_init(struct cil_defaultrange ** def)2581 void cil_defaultrange_init(struct cil_defaultrange **def)
2582 {
2583 *def = cil_malloc(sizeof(**def));
2584
2585 (*def)->class_strs = NULL;
2586 (*def)->class_datums = NULL;
2587 }
2588
cil_handleunknown_init(struct cil_handleunknown ** unk)2589 void cil_handleunknown_init(struct cil_handleunknown **unk)
2590 {
2591 *unk = cil_malloc(sizeof(**unk));
2592 }
2593
cil_mls_init(struct cil_mls ** mls)2594 void cil_mls_init(struct cil_mls **mls)
2595 {
2596 *mls = cil_malloc(sizeof(**mls));
2597 (*mls)->value = 0;
2598 }
2599
cil_src_info_init(struct cil_src_info ** info)2600 void cil_src_info_init(struct cil_src_info **info)
2601 {
2602 *info = cil_malloc(sizeof(**info));
2603 (*info)->is_cil = 0;
2604 (*info)->path = NULL;
2605 }
2606