• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  *    1. Redistributions of source code must retain the above copyright notice,
8  *       this list of conditions and the following disclaimer.
9  *
10  *    2. Redistributions in binary form must reproduce the above copyright notice,
11  *       this list of conditions and the following disclaimer in the documentation
12  *       and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  * The views and conclusions contained in the software and documentation are those
26  * of the authors and should not be interpreted as representing official policies,
27  * either expressed or implied, of Tresys Technology, LLC.
28  */
29 
30 #include <stdlib.h>
31 #include <stdio.h>
32 
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35 
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44 
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "dso.h"
54 
55 #ifndef DISABLE_SYMVER
56 asm(".symver cil_build_policydb_pdb,        cil_build_policydb@LIBSEPOL_1.0");
57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
58 
59 asm(".symver cil_compile_pdb,   cil_compile@LIBSEPOL_1.0");
60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1");
61 
62 asm(".symver cil_userprefixes_to_string_pdb,   cil_userprefixes_to_string@LIBSEPOL_1.0");
63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1");
64 
65 asm(".symver cil_selinuxusers_to_string_pdb,   cil_selinuxusers_to_string@LIBSEPOL_1.0");
66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1");
67 
68 asm(".symver cil_filecons_to_string_pdb,   cil_filecons_to_string@LIBSEPOL_1.0");
69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1");
70 #endif
71 
72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
73 	{64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
74 	{64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
75 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
76 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
77 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
78 };
79 
cil_init_keys(void)80 static void cil_init_keys(void)
81 {
82 	/* Initialize CIL Keys into strpool */
83 	CIL_KEY_CONS_T1 = cil_strpool_add("t1");
84 	CIL_KEY_CONS_T2 = cil_strpool_add("t2");
85 	CIL_KEY_CONS_T3 = cil_strpool_add("t3");
86 	CIL_KEY_CONS_R1 = cil_strpool_add("r1");
87 	CIL_KEY_CONS_R2 = cil_strpool_add("r2");
88 	CIL_KEY_CONS_R3 = cil_strpool_add("r3");
89 	CIL_KEY_CONS_U1 = cil_strpool_add("u1");
90 	CIL_KEY_CONS_U2 = cil_strpool_add("u2");
91 	CIL_KEY_CONS_U3 = cil_strpool_add("u3");
92 	CIL_KEY_CONS_L1 = cil_strpool_add("l1");
93 	CIL_KEY_CONS_L2 = cil_strpool_add("l2");
94 	CIL_KEY_CONS_H1 = cil_strpool_add("h1");
95 	CIL_KEY_CONS_H2 = cil_strpool_add("h2");
96 	CIL_KEY_AND = cil_strpool_add("and");
97 	CIL_KEY_OR = cil_strpool_add("or");
98 	CIL_KEY_NOT = cil_strpool_add("not");
99 	CIL_KEY_EQ = cil_strpool_add("eq");
100 	CIL_KEY_NEQ = cil_strpool_add("neq");
101 	CIL_KEY_CONS_DOM = cil_strpool_add("dom");
102 	CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
103 	CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
104 	CIL_KEY_CONDTRUE = cil_strpool_add("true");
105 	CIL_KEY_CONDFALSE = cil_strpool_add("false");
106 	CIL_KEY_SELF = cil_strpool_add("self");
107 	CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
108 	CIL_KEY_STAR = cil_strpool_add("*");
109 	CIL_KEY_UDP = cil_strpool_add("udp");
110 	CIL_KEY_TCP = cil_strpool_add("tcp");
111 	CIL_KEY_DCCP = cil_strpool_add("dccp");
112 	CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
113 	CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
114 	CIL_KEY_ALLOW = cil_strpool_add("allow");
115 	CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
116 	CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
117 	CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
118 	CIL_KEY_CALL = cil_strpool_add("call");
119 	CIL_KEY_TUNABLE = cil_strpool_add("tunable");
120 	CIL_KEY_XOR = cil_strpool_add("xor");
121 	CIL_KEY_ALL = cil_strpool_add("all");
122 	CIL_KEY_RANGE = cil_strpool_add("range");
123 	CIL_KEY_TYPE = cil_strpool_add("type");
124 	CIL_KEY_ROLE = cil_strpool_add("role");
125 	CIL_KEY_USER = cil_strpool_add("user");
126 	CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
127 	CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
128 	CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
129 	CIL_KEY_CATEGORY = cil_strpool_add("category");
130 	CIL_KEY_CATSET = cil_strpool_add("categoryset");
131 	CIL_KEY_LEVEL = cil_strpool_add("level");
132 	CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
133 	CIL_KEY_CLASS = cil_strpool_add("class");
134 	CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
135 	CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
136 	CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
137 	CIL_KEY_BOOL = cil_strpool_add("boolean");
138 	CIL_KEY_STRING = cil_strpool_add("string");
139 	CIL_KEY_NAME = cil_strpool_add("name");
140 	CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
141 	CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
142 	CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
143 	CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
144 	CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
145 	CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
146 	CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
147 	CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
148 	CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
149 	CIL_KEY_COMMON = cil_strpool_add("common");
150 	CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
151 	CIL_KEY_SID = cil_strpool_add("sid");
152 	CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
153 	CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
154 	CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
155 	CIL_KEY_USERRANGE = cil_strpool_add("userrange");
156 	CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
157 	CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
158 	CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
159 	CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
160 	CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
161 	CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
162 	CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute");
163 	CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
164 	CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
165 	CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
166 	CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
167 	CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
168 	CIL_KEY_USERROLE = cil_strpool_add("userrole");
169 	CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
170 	CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
171 	CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
172 	CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
173 	CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
174 	CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
175 	CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
176 	CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
177 	CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
178 	CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
179 	CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
180 	CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
181 	CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
182 	CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
183 	CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
184 	CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
185 	CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
186 	CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
187 	CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
188 	CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
189 	CIL_KEY_CONTEXT = cil_strpool_add("context");
190 	CIL_KEY_FILECON = cil_strpool_add("filecon");
191 	CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon");
192 	CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon");
193 	CIL_KEY_PORTCON = cil_strpool_add("portcon");
194 	CIL_KEY_NODECON = cil_strpool_add("nodecon");
195 	CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
196 	CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
197 	CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
198 	CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
199 	CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
200 	CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
201 	CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
202 	CIL_KEY_FSUSE = cil_strpool_add("fsuse");
203 	CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
204 	CIL_KEY_OPTIONAL = cil_strpool_add("optional");
205 	CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
206 	CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
207 	CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
208 	CIL_KEY_MACRO = cil_strpool_add("macro");
209 	CIL_KEY_IN = cil_strpool_add("in");
210 	CIL_KEY_MLS = cil_strpool_add("mls");
211 	CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
212 	CIL_KEY_GLOB = cil_strpool_add("*");
213 	CIL_KEY_FILE = cil_strpool_add("file");
214 	CIL_KEY_DIR = cil_strpool_add("dir");
215 	CIL_KEY_CHAR = cil_strpool_add("char");
216 	CIL_KEY_BLOCK = cil_strpool_add("block");
217 	CIL_KEY_SOCKET = cil_strpool_add("socket");
218 	CIL_KEY_PIPE = cil_strpool_add("pipe");
219 	CIL_KEY_SYMLINK = cil_strpool_add("symlink");
220 	CIL_KEY_ANY = cil_strpool_add("any");
221 	CIL_KEY_XATTR = cil_strpool_add("xattr");
222 	CIL_KEY_TASK = cil_strpool_add("task");
223 	CIL_KEY_TRANS = cil_strpool_add("trans");
224 	CIL_KEY_SOURCE = cil_strpool_add("source");
225 	CIL_KEY_TARGET = cil_strpool_add("target");
226 	CIL_KEY_LOW = cil_strpool_add("low");
227 	CIL_KEY_HIGH = cil_strpool_add("high");
228 	CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
229 	CIL_KEY_ROOT = cil_strpool_add("<root>");
230 	CIL_KEY_NODE = cil_strpool_add("<node>");
231 	CIL_KEY_PERM = cil_strpool_add("perm");
232 	CIL_KEY_ALLOWX = cil_strpool_add("allowx");
233 	CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
234 	CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
235 	CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
236 	CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
237 	CIL_KEY_IOCTL = cil_strpool_add("ioctl");
238 	CIL_KEY_UNORDERED = cil_strpool_add("unordered");
239 	CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
240 	CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>");
241 	CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>");
242 }
243 
cil_db_init(struct cil_db ** db)244 void cil_db_init(struct cil_db **db)
245 {
246 	*db = cil_malloc(sizeof(**db));
247 
248 	cil_strpool_init();
249 	cil_init_keys();
250 
251 	cil_tree_init(&(*db)->parse);
252 	cil_tree_init(&(*db)->ast);
253 	cil_root_init((struct cil_root **)&(*db)->ast->root->data);
254 	(*db)->sidorder = NULL;
255 	(*db)->classorder = NULL;
256 	(*db)->catorder = NULL;
257 	(*db)->sensitivityorder = NULL;
258 	cil_sort_init(&(*db)->netifcon);
259 	cil_sort_init(&(*db)->genfscon);
260 	cil_sort_init(&(*db)->filecon);
261 	cil_sort_init(&(*db)->nodecon);
262 	cil_sort_init(&(*db)->ibpkeycon);
263 	cil_sort_init(&(*db)->ibendportcon);
264 	cil_sort_init(&(*db)->portcon);
265 	cil_sort_init(&(*db)->pirqcon);
266 	cil_sort_init(&(*db)->iomemcon);
267 	cil_sort_init(&(*db)->ioportcon);
268 	cil_sort_init(&(*db)->pcidevicecon);
269 	cil_sort_init(&(*db)->devicetreecon);
270 	cil_sort_init(&(*db)->fsuse);
271 	cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
272 	cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
273 	cil_list_init(&(*db)->names, CIL_LIST_ITEM);
274 
275 	cil_type_init(&(*db)->selftype);
276 	(*db)->selftype->datum.name = CIL_KEY_SELF;
277 	(*db)->selftype->datum.fqn = CIL_KEY_SELF;
278 	(*db)->num_types_and_attrs = 0;
279 	(*db)->num_classes = 0;
280 	(*db)->num_types = 0;
281 	(*db)->num_roles = 0;
282 	(*db)->num_users = 0;
283 	(*db)->num_cats = 0;
284 	(*db)->val_to_type = NULL;
285 	(*db)->val_to_role = NULL;
286 	(*db)->val_to_user = NULL;
287 
288 	(*db)->disable_dontaudit = CIL_FALSE;
289 	(*db)->disable_neverallow = CIL_FALSE;
290 	(*db)->attrs_expand_generated = CIL_FALSE;
291 	(*db)->attrs_expand_size = 1;
292 	(*db)->preserve_tunables = CIL_FALSE;
293 	(*db)->handle_unknown = -1;
294 	(*db)->mls = -1;
295 	(*db)->target_platform = SEPOL_TARGET_SELINUX;
296 	(*db)->policy_version = POLICYDB_VERSION_MAX;
297 }
298 
cil_db_destroy(struct cil_db ** db)299 void cil_db_destroy(struct cil_db **db)
300 {
301 	if (db == NULL || *db == NULL) {
302 		return;
303 	}
304 
305 	cil_tree_destroy(&(*db)->parse);
306 	cil_tree_destroy(&(*db)->ast);
307 	cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
308 	cil_list_destroy(&(*db)->classorder, CIL_FALSE);
309 	cil_list_destroy(&(*db)->catorder, CIL_FALSE);
310 	cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
311 	cil_sort_destroy(&(*db)->netifcon);
312 	cil_sort_destroy(&(*db)->genfscon);
313 	cil_sort_destroy(&(*db)->filecon);
314 	cil_sort_destroy(&(*db)->nodecon);
315 	cil_sort_destroy(&(*db)->ibpkeycon);
316 	cil_sort_destroy(&(*db)->ibendportcon);
317 	cil_sort_destroy(&(*db)->portcon);
318 	cil_sort_destroy(&(*db)->pirqcon);
319 	cil_sort_destroy(&(*db)->iomemcon);
320 	cil_sort_destroy(&(*db)->ioportcon);
321 	cil_sort_destroy(&(*db)->pcidevicecon);
322 	cil_sort_destroy(&(*db)->devicetreecon);
323 	cil_sort_destroy(&(*db)->fsuse);
324 	cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
325 	cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
326 	cil_list_destroy(&(*db)->names, CIL_TRUE);
327 
328 	cil_destroy_type((*db)->selftype);
329 
330 	cil_strpool_destroy();
331 	free((*db)->val_to_type);
332 	free((*db)->val_to_role);
333 	free((*db)->val_to_user);
334 
335 	free(*db);
336 	*db = NULL;
337 }
338 
cil_root_init(struct cil_root ** root)339 void cil_root_init(struct cil_root **root)
340 {
341 	struct cil_root *r = cil_malloc(sizeof(*r));
342 	cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
343 
344 	*root = r;
345 }
346 
cil_root_destroy(struct cil_root * root)347 void cil_root_destroy(struct cil_root *root)
348 {
349 	if (root == NULL) {
350 		return;
351 	}
352 	cil_symtab_array_destroy(root->symtab);
353 	free(root);
354 }
355 
cil_add_file(cil_db_t * db,char * name,char * data,size_t size)356 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
357 {
358 	char *buffer = NULL;
359 	int rc;
360 
361 	cil_log(CIL_INFO, "Parsing %s\n", name);
362 
363 	buffer = cil_malloc(size + 2);
364 	memcpy(buffer, data, size);
365 	memset(buffer + size, 0, 2);
366 
367 	rc = cil_parser(name, buffer, size + 2, &db->parse);
368 	if (rc != SEPOL_OK) {
369 		cil_log(CIL_INFO, "Failed to parse %s\n", name);
370 		goto exit;
371 	}
372 
373 	free(buffer);
374 	buffer = NULL;
375 
376 	rc = SEPOL_OK;
377 
378 exit:
379 	free(buffer);
380 
381 	return rc;
382 }
383 
384 #ifdef DISABLE_SYMVER
cil_compile(struct cil_db * db)385 int cil_compile(struct cil_db *db)
386 #else
387 int cil_compile_nopdb(struct cil_db *db)
388 #endif
389 {
390 	int rc = SEPOL_ERR;
391 
392 	if (db == NULL) {
393 		goto exit;
394 	}
395 
396 	cil_log(CIL_INFO, "Building AST from Parse Tree\n");
397 	rc = cil_build_ast(db, db->parse->root, db->ast->root);
398 	if (rc != SEPOL_OK) {
399 		cil_log(CIL_INFO, "Failed to build ast\n");
400 		goto exit;
401 	}
402 
403 	cil_log(CIL_INFO, "Destroying Parse Tree\n");
404 	cil_tree_destroy(&db->parse);
405 
406 	cil_log(CIL_INFO, "Resolving AST\n");
407 	rc = cil_resolve_ast(db, db->ast->root);
408 	if (rc != SEPOL_OK) {
409 		cil_log(CIL_INFO, "Failed to resolve ast\n");
410 		goto exit;
411 	}
412 
413 	cil_log(CIL_INFO, "Qualifying Names\n");
414 	rc = cil_fqn_qualify(db->ast->root);
415 	if (rc != SEPOL_OK) {
416 		cil_log(CIL_INFO, "Failed to qualify names\n");
417 		goto exit;
418 	}
419 
420 	cil_log(CIL_INFO, "Compile post process\n");
421 	rc = cil_post_process(db);
422 	if (rc != SEPOL_OK ) {
423 		cil_log(CIL_INFO, "Post process failed\n");
424 		goto exit;
425 	}
426 
427 exit:
428 
429 	return rc;
430 }
431 
432 #ifndef DISABLE_SYMVER
cil_compile_pdb(struct cil_db * db,sepol_policydb_t * sepol_db)433 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
434 {
435 	return cil_compile_nopdb(db);
436 }
437 
cil_build_policydb_pdb(cil_db_t * db,sepol_policydb_t * sepol_db)438 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db)
439 {
440 	int rc;
441 
442 	cil_log(CIL_INFO, "Building policy binary\n");
443 	rc = cil_binary_create_allocated_pdb(db, sepol_db);
444 	if (rc != SEPOL_OK) {
445 		cil_log(CIL_ERR, "Failed to generate binary\n");
446 		goto exit;
447 	}
448 
449 exit:
450 	return rc;
451 }
452 #endif
453 
454 #ifdef DISABLE_SYMVER
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)455 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
456 #else
457 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
458 #endif
459 {
460 	int rc;
461 
462 	cil_log(CIL_INFO, "Building policy binary\n");
463 	rc = cil_binary_create(db, sepol_db);
464 	if (rc != SEPOL_OK) {
465 		cil_log(CIL_ERR, "Failed to generate binary\n");
466 		goto exit;
467 	}
468 
469 exit:
470 	return rc;
471 }
472 
cil_write_policy_conf(FILE * out,struct cil_db * db)473 void cil_write_policy_conf(FILE *out, struct cil_db *db)
474 {
475 	cil_log(CIL_INFO, "Writing policy.conf file\n");
476 	cil_gen_policy(out, db);
477 }
478 
cil_destroy_data(void ** data,enum cil_flavor flavor)479 void cil_destroy_data(void **data, enum cil_flavor flavor)
480 {
481 	if (*data == NULL) {
482 		return;
483 	}
484 
485 	switch(flavor) {
486 	case CIL_NONE:
487 		break;
488 	case CIL_ROOT:
489 		cil_root_destroy(*data);
490 		break;
491 	case CIL_NODE:
492 		break;
493 	case CIL_STRING:
494 		break;
495 	case CIL_DATUM:
496 		break;
497 	case CIL_LIST:
498 		cil_list_destroy(*data, CIL_FALSE);
499 		break;
500 	case CIL_LIST_ITEM:
501 		break;
502 	case CIL_PARAM:
503 		cil_destroy_param(*data);
504 		break;
505 	case CIL_ARGS:
506 		cil_destroy_args(*data);
507 		break;
508 	case CIL_BLOCK:
509 		cil_destroy_block(*data);
510 		break;
511 	case CIL_BLOCKINHERIT:
512 		cil_destroy_blockinherit(*data);
513 		break;
514 	case CIL_BLOCKABSTRACT:
515 		cil_destroy_blockabstract(*data);
516 		break;
517 	case CIL_IN:
518 		cil_destroy_in(*data);
519 		break;
520 	case CIL_MACRO:
521 		cil_destroy_macro(*data);
522 		break;
523 	case CIL_CALL:
524 		cil_destroy_call(*data);
525 		break;
526 	case CIL_OPTIONAL:
527 		cil_destroy_optional(*data);
528 		break;
529 	case CIL_BOOL:
530 		cil_destroy_bool(*data);
531 		break;
532 	case CIL_BOOLEANIF:
533 		cil_destroy_boolif(*data);
534 		break;
535 	case CIL_TUNABLE:
536 		cil_destroy_tunable(*data);
537 		break;
538 	case CIL_TUNABLEIF:
539 		cil_destroy_tunif(*data);
540 		break;
541 	case CIL_CONDBLOCK:
542 		cil_destroy_condblock(*data);
543 		break;
544 	case CIL_CONDTRUE:
545 		break;
546 	case CIL_CONDFALSE:
547 		break;
548 	case CIL_PERM:
549 	case CIL_MAP_PERM:
550 		cil_destroy_perm(*data);
551 		break;
552 	case CIL_COMMON:
553 	case CIL_CLASS:
554 	case CIL_MAP_CLASS:
555 		cil_destroy_class(*data);
556 		break;
557 	case CIL_CLASSORDER:
558 		cil_destroy_classorder(*data);
559 		break;
560 	case CIL_CLASSPERMISSION:
561 		cil_destroy_classpermission(*data);
562 		break;
563 	case CIL_CLASSCOMMON:
564 		cil_destroy_classcommon(*data);
565 		break;
566 	case CIL_CLASSMAPPING:
567 		cil_destroy_classmapping(*data);
568 		break;
569 	case CIL_CLASSPERMS:
570 		cil_destroy_classperms(*data);
571 		break;
572 	case CIL_CLASSPERMS_SET:
573 		cil_destroy_classperms_set(*data);
574 		break;
575 	case CIL_CLASSPERMISSIONSET:
576 		cil_destroy_classpermissionset(*data);
577 		break;
578 	case CIL_USER:
579 		cil_destroy_user(*data);
580 		break;
581 	case CIL_USERATTRIBUTE:
582 		cil_destroy_userattribute(*data);
583 		break;
584 	case CIL_USERATTRIBUTESET:
585 		cil_destroy_userattributeset(*data);
586 		break;
587 	case CIL_USERPREFIX:
588 		cil_destroy_userprefix(*data);
589 		break;
590 	case CIL_USERROLE:
591 		cil_destroy_userrole(*data);
592 		break;
593 	case CIL_USERLEVEL:
594 		cil_destroy_userlevel(*data);
595 		break;
596 	case CIL_USERRANGE:
597 		cil_destroy_userrange(*data);
598 		break;
599 	case CIL_USERBOUNDS:
600 		cil_destroy_bounds(*data);
601 		break;
602 	case CIL_SELINUXUSER:
603 	case CIL_SELINUXUSERDEFAULT:
604 		cil_destroy_selinuxuser(*data);
605 		break;
606 	case CIL_ROLE:
607 		cil_destroy_role(*data);
608 		break;
609 	case CIL_ROLEATTRIBUTE:
610 		cil_destroy_roleattribute(*data);
611 		break;
612 	case CIL_ROLEATTRIBUTESET:
613 		cil_destroy_roleattributeset(*data);
614 		break;
615 	case CIL_ROLETYPE:
616 		cil_destroy_roletype(*data);
617 		break;
618 	case CIL_ROLEBOUNDS:
619 		cil_destroy_bounds(*data);
620 		break;
621 	case CIL_TYPE:
622 		cil_destroy_type(*data);
623 		break;
624 	case CIL_TYPEATTRIBUTE:
625 		cil_destroy_typeattribute(*data);
626 		break;
627 	case CIL_TYPEALIAS:
628 		cil_destroy_alias(*data);
629 		break;
630 	case CIL_TYPEATTRIBUTESET:
631 		cil_destroy_typeattributeset(*data);
632 		break;
633 	case CIL_EXPANDTYPEATTRIBUTE:
634 		cil_destroy_expandtypeattribute(*data);
635 		break;
636 	case CIL_TYPEALIASACTUAL:
637 		cil_destroy_aliasactual(*data);
638 		break;
639 	case CIL_TYPEBOUNDS:
640 		cil_destroy_bounds(*data);
641 		break;
642 	case CIL_TYPEPERMISSIVE:
643 		cil_destroy_typepermissive(*data);
644 		break;
645 	case CIL_SENS:
646 		cil_destroy_sensitivity(*data);
647 		break;
648 	case CIL_SENSALIAS:
649 		cil_destroy_alias(*data);
650 		break;
651 	case CIL_SENSALIASACTUAL:
652 		cil_destroy_aliasactual(*data);
653 		break;
654 	case CIL_SENSITIVITYORDER:
655 		cil_destroy_sensitivityorder(*data);
656 		break;
657 	case CIL_SENSCAT:
658 		cil_destroy_senscat(*data);
659 		break;
660 	case CIL_CAT:
661 		cil_destroy_category(*data);
662 		break;
663 	case CIL_CATSET:
664 		cil_destroy_catset(*data);
665 		break;
666 	case CIL_CATALIAS:
667 		cil_destroy_alias(*data);
668 		break;
669 	case CIL_CATALIASACTUAL:
670 		cil_destroy_aliasactual(*data);
671 		break;
672 	case CIL_CATORDER:
673 		cil_destroy_catorder(*data);
674 		break;
675 	case CIL_LEVEL:
676 		cil_destroy_level(*data);
677 		break;
678 	case CIL_LEVELRANGE:
679 		cil_destroy_levelrange(*data);
680 		break;
681 	case CIL_SID:
682 		cil_destroy_sid(*data);
683 		break;
684 	case CIL_SIDORDER:
685 		cil_destroy_sidorder(*data);
686 		break;
687 	case CIL_NAME:
688 		cil_destroy_name(*data);
689 		break;
690 	case CIL_ROLEALLOW:
691 		cil_destroy_roleallow(*data);
692 		break;
693 	case CIL_AVRULE:
694 	case CIL_AVRULEX:
695 		cil_destroy_avrule(*data);
696 		break;
697 	case CIL_PERMISSIONX:
698 		cil_destroy_permissionx(*data);
699 		break;
700 	case CIL_ROLETRANSITION:
701 		cil_destroy_roletransition(*data);
702 		break;
703 	case CIL_TYPE_RULE:
704 		cil_destroy_type_rule(*data);
705 		break;
706 	case CIL_NAMETYPETRANSITION:
707 		cil_destroy_typetransition(*data);
708 		break;
709 	case CIL_RANGETRANSITION:
710 		cil_destroy_rangetransition(*data);
711 		break;
712 	case CIL_CONSTRAIN:
713 		cil_destroy_constrain(*data);
714 		break;
715 	case CIL_MLSCONSTRAIN:
716 		cil_destroy_constrain(*data);
717 		break;
718 	case CIL_VALIDATETRANS:
719 	case CIL_MLSVALIDATETRANS:
720 		cil_destroy_validatetrans(*data);
721 		break;
722 	case CIL_CONTEXT:
723 		cil_destroy_context(*data);
724 		break;
725 	case CIL_IPADDR:
726 		cil_destroy_ipaddr(*data);
727 		break;
728 	case CIL_SIDCONTEXT:
729 		cil_destroy_sidcontext(*data);
730 		break;
731 	case CIL_FSUSE:
732 		cil_destroy_fsuse(*data);
733 		break;
734 	case CIL_FILECON:
735 		cil_destroy_filecon(*data);
736 		break;
737 	case CIL_IBPKEYCON:
738 		cil_destroy_ibpkeycon(*data);
739 		break;
740 	case CIL_PORTCON:
741 		cil_destroy_portcon(*data);
742 		break;
743 	case CIL_IBENDPORTCON:
744 		cil_destroy_ibendportcon(*data);
745 		break;
746 	case CIL_NODECON:
747 		cil_destroy_nodecon(*data);
748 		break;
749 	case CIL_GENFSCON:
750 		cil_destroy_genfscon(*data);
751 		break;
752 	case CIL_NETIFCON:
753 		cil_destroy_netifcon(*data);
754 		break;
755 	case CIL_PIRQCON:
756 		cil_destroy_pirqcon(*data);
757 		break;
758 	case CIL_IOMEMCON:
759 		cil_destroy_iomemcon(*data);
760 		break;
761 	case CIL_IOPORTCON:
762 		cil_destroy_ioportcon(*data);
763 		break;
764 	case CIL_PCIDEVICECON:
765 		cil_destroy_pcidevicecon(*data);
766 		break;
767 	case CIL_DEVICETREECON:
768 		cil_destroy_devicetreecon(*data);
769 		break;
770 	case CIL_POLICYCAP:
771 		cil_destroy_policycap(*data);
772 		break;
773 	case CIL_DEFAULTUSER:
774 	case CIL_DEFAULTROLE:
775 	case CIL_DEFAULTTYPE:
776 		cil_destroy_default(*data);
777 		break;
778 	case CIL_DEFAULTRANGE:
779 		cil_destroy_defaultrange(*data);
780 		break;
781 	case CIL_HANDLEUNKNOWN:
782 		cil_destroy_handleunknown(*data);
783 		break;
784 	case CIL_MLS:
785 		cil_destroy_mls(*data);
786 		break;
787 	case CIL_SRC_INFO:
788 		cil_destroy_src_info(*data);
789 		break;
790 	case CIL_OP:
791 	case CIL_CONS_OPERAND:
792 		break;
793 	default:
794 		cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
795 		break;
796 	}
797 
798 	*data = NULL;
799 }
800 
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)801 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
802 {
803 	if (flavor < CIL_MIN_DECLARATIVE) {
804 		return SEPOL_ERR;
805 	}
806 
807 	switch(flavor) {
808 	case CIL_BLOCK:
809 		*sym_index = CIL_SYM_BLOCKS;
810 		break;
811 	case CIL_MACRO:
812 		*sym_index = CIL_SYM_BLOCKS;
813 		break;
814 	case CIL_OPTIONAL:
815 		*sym_index = CIL_SYM_BLOCKS;
816 		break;
817 	case CIL_BOOL:
818 		*sym_index = CIL_SYM_BOOLS;
819 		break;
820 	case CIL_TUNABLE:
821 		*sym_index = CIL_SYM_TUNABLES;
822 		break;
823 	case CIL_PERM:
824 	case CIL_MAP_PERM:
825 		*sym_index = CIL_SYM_PERMS;
826 		break;
827 	case CIL_COMMON:
828 		*sym_index = CIL_SYM_COMMONS;
829 		break;
830 	case CIL_CLASS:
831 	case CIL_MAP_CLASS:
832 		*sym_index = CIL_SYM_CLASSES;
833 		break;
834 	case CIL_CLASSPERMISSION:
835 	case CIL_CLASSPERMISSIONSET:
836 		*sym_index = CIL_SYM_CLASSPERMSETS;
837 		break;
838 	case CIL_USER:
839 	case CIL_USERATTRIBUTE:
840 		*sym_index = CIL_SYM_USERS;
841 		break;
842 	case CIL_ROLE:
843 	case CIL_ROLEATTRIBUTE:
844 		*sym_index = CIL_SYM_ROLES;
845 		break;
846 	case CIL_TYPE:
847 	case CIL_TYPEALIAS:
848 	case CIL_TYPEATTRIBUTE:
849 		*sym_index = CIL_SYM_TYPES;
850 		break;
851 	case CIL_SENS:
852 	case CIL_SENSALIAS:
853 		*sym_index = CIL_SYM_SENS;
854 		break;
855 	case CIL_CAT:
856 	case CIL_CATSET:
857 	case CIL_CATALIAS:
858 		*sym_index = CIL_SYM_CATS;
859 		break;
860 	case CIL_LEVEL:
861 		*sym_index = CIL_SYM_LEVELS;
862 		break;
863 	case CIL_LEVELRANGE:
864 		*sym_index = CIL_SYM_LEVELRANGES;
865 		break;
866 	case CIL_SID:
867 		*sym_index = CIL_SYM_SIDS;
868 		break;
869 	case CIL_NAME:
870 		*sym_index = CIL_SYM_NAMES;
871 		break;
872 	case CIL_CONTEXT:
873 		*sym_index = CIL_SYM_CONTEXTS;
874 		break;
875 	case CIL_IPADDR:
876 		*sym_index = CIL_SYM_IPADDRS;
877 		break;
878 	case CIL_POLICYCAP:
879 		*sym_index = CIL_SYM_POLICYCAPS;
880 		break;
881 	case CIL_PERMISSIONX:
882 		*sym_index = CIL_SYM_PERMX;
883 		break;
884 	default:
885 		*sym_index = CIL_SYM_UNKNOWN;
886 		cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
887 		return SEPOL_ERR;
888 	}
889 
890 	return SEPOL_OK;
891 }
892 
cil_node_to_string(struct cil_tree_node * node)893 const char * cil_node_to_string(struct cil_tree_node *node)
894 {
895 	switch (node->flavor) {
896 	case CIL_NONE:
897 		return "<none>";
898 	case CIL_ROOT:
899 		return CIL_KEY_ROOT;
900 	case CIL_NODE:
901 		return CIL_KEY_NODE;
902 	case CIL_STRING:
903 		return "string";
904 	case CIL_DATUM:
905 		return "<datum>";
906 	case CIL_LIST:
907 		return "<list>";
908 	case CIL_LIST_ITEM:
909 		return "<list_item>";
910 	case CIL_PARAM:
911 		return "<param>";
912 	case CIL_ARGS:
913 		return "<args>";
914 	case CIL_BLOCK:
915 		return CIL_KEY_BLOCK;
916 	case CIL_BLOCKINHERIT:
917 		return CIL_KEY_BLOCKINHERIT;
918 	case CIL_BLOCKABSTRACT:
919 		return CIL_KEY_BLOCKABSTRACT;
920 	case CIL_IN:
921 		return CIL_KEY_IN;
922 	case CIL_MACRO:
923 		return CIL_KEY_MACRO;
924 	case CIL_CALL:
925 		return CIL_KEY_CALL;
926 	case CIL_OPTIONAL:
927 		return CIL_KEY_OPTIONAL;
928 	case CIL_BOOL:
929 		return CIL_KEY_BOOL;
930 	case CIL_BOOLEANIF:
931 		return CIL_KEY_BOOLEANIF;
932 	case CIL_TUNABLE:
933 		return CIL_KEY_TUNABLE;
934 	case CIL_TUNABLEIF:
935 		return CIL_KEY_TUNABLEIF;
936 	case CIL_CONDBLOCK:
937 		switch (((struct cil_condblock*)node->data)->flavor) {
938 		case CIL_CONDTRUE:
939 			return CIL_KEY_CONDTRUE;
940 		case CIL_CONDFALSE:
941 			return CIL_KEY_CONDFALSE;
942 		default:
943 			break;
944 		}
945 		break;
946 	case CIL_CONDTRUE:
947 		return CIL_KEY_CONDTRUE;
948 	case CIL_CONDFALSE:
949 		return CIL_KEY_CONDFALSE;
950 	case CIL_PERM:
951 		return CIL_KEY_PERM;
952 	case CIL_COMMON:
953 		return CIL_KEY_COMMON;
954 	case CIL_CLASS:
955 		return CIL_KEY_CLASS;
956 	case CIL_CLASSORDER:
957 		return CIL_KEY_CLASSORDER;
958 	case CIL_MAP_CLASS:
959 		return CIL_KEY_MAP_CLASS;
960 	case CIL_CLASSPERMISSION:
961 		return CIL_KEY_CLASSPERMISSION;
962 	case CIL_CLASSCOMMON:
963 		return CIL_KEY_CLASSCOMMON;
964 	case CIL_CLASSMAPPING:
965 		return CIL_KEY_CLASSMAPPING;
966 	case CIL_CLASSPERMISSIONSET:
967 		return CIL_KEY_CLASSPERMISSIONSET;
968 	case CIL_USER:
969 		return CIL_KEY_USER;
970 	case CIL_USERATTRIBUTE:
971 		return CIL_KEY_USERATTRIBUTE;
972 	case CIL_USERATTRIBUTESET:
973 		return CIL_KEY_USERATTRIBUTESET;
974 	case CIL_USERPREFIX:
975 		return CIL_KEY_USERPREFIX;
976 	case CIL_USERROLE:
977 		return CIL_KEY_USERROLE;
978 	case CIL_USERLEVEL:
979 		return CIL_KEY_USERLEVEL;
980 	case CIL_USERRANGE:
981 		return CIL_KEY_USERRANGE;
982 	case CIL_USERBOUNDS:
983 		return CIL_KEY_USERBOUNDS;
984 	case CIL_SELINUXUSER:
985 		return CIL_KEY_SELINUXUSER;
986 	case CIL_SELINUXUSERDEFAULT:
987 		return CIL_KEY_SELINUXUSERDEFAULT;
988 	case CIL_ROLE:
989 		return CIL_KEY_ROLE;
990 	case CIL_ROLEATTRIBUTE:
991 		return CIL_KEY_ROLEATTRIBUTE;
992 	case CIL_ROLEATTRIBUTESET:
993 		return CIL_KEY_ROLEATTRIBUTESET;
994 	case CIL_ROLETYPE:
995 		return CIL_KEY_ROLETYPE;
996 	case CIL_ROLEBOUNDS:
997 		return CIL_KEY_ROLEBOUNDS;
998 	case CIL_TYPE:
999 		return CIL_KEY_TYPE;
1000 	case CIL_TYPEATTRIBUTE:
1001 		return CIL_KEY_TYPEATTRIBUTE;
1002 	case CIL_TYPEALIAS:
1003 		return CIL_KEY_TYPEALIAS;
1004 	case CIL_TYPEATTRIBUTESET:
1005 		return CIL_KEY_TYPEATTRIBUTESET;
1006 	case CIL_EXPANDTYPEATTRIBUTE:
1007 		return CIL_KEY_EXPANDTYPEATTRIBUTE;
1008 	case CIL_TYPEALIASACTUAL:
1009 		return CIL_KEY_TYPEALIASACTUAL;
1010 	case CIL_TYPEBOUNDS:
1011 		return CIL_KEY_TYPEBOUNDS;
1012 	case CIL_TYPEPERMISSIVE:
1013 		return CIL_KEY_TYPEPERMISSIVE;
1014 	case CIL_SENS:
1015 		return CIL_KEY_SENSITIVITY;
1016 	case CIL_SENSALIAS:
1017 		return CIL_KEY_SENSALIAS;
1018 	case CIL_SENSALIASACTUAL:
1019 		return CIL_KEY_SENSALIASACTUAL;
1020 	case CIL_SENSITIVITYORDER:
1021 		return CIL_KEY_SENSITIVITYORDER;
1022 	case CIL_SENSCAT:
1023 		return CIL_KEY_SENSCAT;
1024 	case CIL_CAT:
1025 		return CIL_KEY_CATEGORY;
1026 	case CIL_CATSET:
1027 		return CIL_KEY_CATSET;
1028 	case CIL_CATALIAS:
1029 		return CIL_KEY_CATALIAS;
1030 	case CIL_CATALIASACTUAL:
1031 		return CIL_KEY_CATALIASACTUAL;
1032 	case CIL_CATORDER:
1033 		return CIL_KEY_CATORDER;
1034 	case CIL_LEVEL:
1035 		return CIL_KEY_LEVEL;
1036 	case CIL_LEVELRANGE:
1037 		return CIL_KEY_LEVELRANGE;
1038 	case CIL_SID:
1039 		return CIL_KEY_SID;
1040 	case CIL_SIDORDER:
1041 		return CIL_KEY_SIDORDER;
1042 	case CIL_NAME:
1043 		return CIL_KEY_NAME;
1044 	case CIL_ROLEALLOW:
1045 		return CIL_KEY_ROLEALLOW;
1046 	case CIL_AVRULE:
1047 		switch (((struct cil_avrule *)node->data)->rule_kind) {
1048 		case CIL_AVRULE_ALLOWED:
1049 			return CIL_KEY_ALLOW;
1050 		case CIL_AVRULE_AUDITALLOW:
1051 			return CIL_KEY_AUDITALLOW;
1052 		case CIL_AVRULE_DONTAUDIT:
1053 			return CIL_KEY_DONTAUDIT;
1054 		case CIL_AVRULE_NEVERALLOW:
1055 			return CIL_KEY_NEVERALLOW;
1056 		default:
1057 			break;
1058 		}
1059 		break;
1060 	case CIL_AVRULEX:
1061 		switch (((struct cil_avrule *)node->data)->rule_kind) {
1062 		case CIL_AVRULE_ALLOWED:
1063 			return CIL_KEY_ALLOWX;
1064 		case CIL_AVRULE_AUDITALLOW:
1065 			return CIL_KEY_AUDITALLOWX;
1066 		case CIL_AVRULE_DONTAUDIT:
1067 			return CIL_KEY_DONTAUDITX;
1068 		case CIL_AVRULE_NEVERALLOW:
1069 			return CIL_KEY_NEVERALLOWX;
1070 		default:
1071 			break;
1072 		}
1073 		break;
1074 	case CIL_PERMISSIONX:
1075 		return CIL_KEY_PERMISSIONX;
1076 	case CIL_ROLETRANSITION:
1077 		return CIL_KEY_ROLETRANSITION;
1078 	case CIL_TYPE_RULE:
1079 		switch (((struct cil_type_rule *)node->data)->rule_kind) {
1080 		case CIL_TYPE_TRANSITION:
1081 			return CIL_KEY_TYPETRANSITION;
1082 		case CIL_TYPE_MEMBER:
1083 			return CIL_KEY_TYPEMEMBER;
1084 		case CIL_TYPE_CHANGE:
1085 			return CIL_KEY_TYPECHANGE;
1086 		default:
1087 			break;
1088 		}
1089 		break;
1090 	case CIL_NAMETYPETRANSITION:
1091 		return CIL_KEY_TYPETRANSITION;
1092 	case CIL_RANGETRANSITION:
1093 		return CIL_KEY_RANGETRANSITION;
1094 	case CIL_CONSTRAIN:
1095 		return CIL_KEY_CONSTRAIN;
1096 	case CIL_MLSCONSTRAIN:
1097 		return CIL_KEY_MLSCONSTRAIN;
1098 	case CIL_VALIDATETRANS:
1099 		return CIL_KEY_VALIDATETRANS;
1100 	case CIL_MLSVALIDATETRANS:
1101 		return CIL_KEY_MLSVALIDATETRANS;
1102 	case CIL_CONTEXT:
1103 		return CIL_KEY_CONTEXT;
1104 	case CIL_IPADDR:
1105 		return CIL_KEY_IPADDR;
1106 	case CIL_SIDCONTEXT:
1107 		return CIL_KEY_SIDCONTEXT;
1108 	case CIL_FSUSE:
1109 		return CIL_KEY_FSUSE;
1110 	case CIL_FILECON:
1111 		return CIL_KEY_FILECON;
1112 	case CIL_IBPKEYCON:
1113 		return CIL_KEY_IBPKEYCON;
1114 	case CIL_IBENDPORTCON:
1115 		return CIL_KEY_IBENDPORTCON;
1116 	case CIL_PORTCON:
1117 		return CIL_KEY_PORTCON;
1118 	case CIL_NODECON:
1119 		return CIL_KEY_NODECON;
1120 	case CIL_GENFSCON:
1121 		return CIL_KEY_GENFSCON;
1122 	case CIL_NETIFCON:
1123 		return CIL_KEY_NETIFCON;
1124 	case CIL_PIRQCON:
1125 		return CIL_KEY_PIRQCON;
1126 	case CIL_IOMEMCON:
1127 		return CIL_KEY_IOMEMCON;
1128 	case CIL_IOPORTCON:
1129 		return CIL_KEY_IOPORTCON;
1130 	case CIL_PCIDEVICECON:
1131 		return CIL_KEY_PCIDEVICECON;
1132 	case CIL_DEVICETREECON:
1133 		return CIL_KEY_DEVICETREECON;
1134 	case CIL_POLICYCAP:
1135 		return CIL_KEY_POLICYCAP;
1136 	case CIL_DEFAULTUSER:
1137 		return CIL_KEY_DEFAULTUSER;
1138 	case CIL_DEFAULTROLE:
1139 		return CIL_KEY_DEFAULTROLE;
1140 	case CIL_DEFAULTTYPE:
1141 		return CIL_KEY_DEFAULTTYPE;
1142 	case CIL_DEFAULTRANGE:
1143 		return CIL_KEY_DEFAULTRANGE;
1144 	case CIL_HANDLEUNKNOWN:
1145 		return CIL_KEY_HANDLEUNKNOWN;
1146 	case CIL_MLS:
1147 		return CIL_KEY_MLS;
1148 	case CIL_SRC_INFO:
1149 		return CIL_KEY_SRC_INFO;
1150 	case CIL_ALL:
1151 		return CIL_KEY_ALL;
1152 	case CIL_RANGE:
1153 		return CIL_KEY_RANGE;
1154 	case CIL_AND:
1155 		return CIL_KEY_AND;
1156 	case CIL_OR:
1157 		return CIL_KEY_OR;
1158 	case CIL_XOR:
1159 		return CIL_KEY_XOR;
1160 	case CIL_NOT:
1161 		return CIL_KEY_NOT;
1162 	case CIL_EQ:
1163 		return CIL_KEY_EQ;
1164 	case CIL_NEQ:
1165 		return CIL_KEY_NEQ;
1166 	case CIL_CONS_DOM:
1167 		return CIL_KEY_CONS_DOM;
1168 	case CIL_CONS_DOMBY:
1169 		return CIL_KEY_CONS_DOMBY;
1170 	case CIL_CONS_INCOMP:
1171 		return CIL_KEY_CONS_INCOMP;
1172 	case CIL_CONS_U1:
1173 		return CIL_KEY_CONS_U1;
1174 	case CIL_CONS_U2:
1175 		return CIL_KEY_CONS_U2;
1176 	case CIL_CONS_U3:
1177 		return CIL_KEY_CONS_U3;
1178 	case CIL_CONS_T1:
1179 		return CIL_KEY_CONS_T1;
1180 	case CIL_CONS_T2:
1181 		return CIL_KEY_CONS_T2;
1182 	case CIL_CONS_T3:
1183 		return CIL_KEY_CONS_T3;
1184 	case CIL_CONS_R1:
1185 		return CIL_KEY_CONS_R1;
1186 	case CIL_CONS_R2:
1187 		return CIL_KEY_CONS_R2;
1188 	case CIL_CONS_R3:
1189 		return CIL_KEY_CONS_R3;
1190 	case CIL_CONS_L1:
1191 		return CIL_KEY_CONS_L1;
1192 	case CIL_CONS_L2:
1193 		return CIL_KEY_CONS_L2;
1194 	case CIL_CONS_H1:
1195 		return CIL_KEY_CONS_H1;
1196 	case CIL_CONS_H2:
1197 		return CIL_KEY_CONS_H2;
1198 
1199 	default:
1200 		break;
1201 	}
1202 
1203 	return "<unknown>";
1204 }
1205 
1206 #ifdef DISABLE_SYMVER
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1207 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1208 #else
1209 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1210 #endif
1211 {
1212 	int rc = SEPOL_ERR;
1213 	size_t str_len = 0;
1214 	int buf_pos = 0;
1215 	char *str_tmp = NULL;
1216 	struct cil_list_item *curr;
1217 	struct cil_userprefix *userprefix = NULL;
1218 	struct cil_user *user = NULL;
1219 
1220 	*out = NULL;
1221 
1222 	if (db->userprefixes->head == NULL) {
1223 		rc = SEPOL_OK;
1224 		*size = 0;
1225 		goto exit;
1226 	}
1227 
1228 	cil_list_for_each(curr, db->userprefixes) {
1229 		userprefix = curr->data;
1230 		user = userprefix->user;
1231 		str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1232 	}
1233 
1234 	*size = str_len * sizeof(char);
1235 	str_len++;
1236 	str_tmp = cil_malloc(str_len * sizeof(char));
1237 	*out = str_tmp;
1238 
1239 	cil_list_for_each(curr, db->userprefixes) {
1240 		userprefix = curr->data;
1241 		user = userprefix->user;
1242 
1243 		buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1244 									userprefix->prefix_str);
1245 		str_len -= buf_pos;
1246 		str_tmp += buf_pos;
1247 	}
1248 
1249 	rc = SEPOL_OK;
1250 exit:
1251 	return rc;
1252 
1253 }
1254 
1255 #ifndef DISABLE_SYMVER
cil_userprefixes_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1256 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1257 {
1258 	return cil_userprefixes_to_string_nopdb(db, out, size);
1259 }
1260 #endif
1261 
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1262 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1263 {
1264 	int rc = SEPOL_ERR;
1265 	struct cil_list_item *i;
1266 	struct cil_list_item *j;
1267 	struct cil_cat* cat;
1268 	struct cil_catset *cs;
1269 	struct cil_tree_node *node;
1270 
1271 	if (cats == NULL) {
1272 		rc = SEPOL_OK;
1273 		goto exit;
1274 	}
1275 
1276 	cil_list_for_each(i, cats->datum_expr) {
1277 		node = DATUM(i->data)->nodes->head->data;
1278 		if (node->flavor == CIL_CATSET) {
1279 			cs = (struct cil_catset*)i->data;
1280 			cil_list_for_each(j, cs->cats->datum_expr) {
1281 				cat = (struct cil_cat*)j->data;
1282 				rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1283 				if (rc != SEPOL_OK) {
1284 					goto exit;
1285 				}
1286 			}
1287 		} else {
1288 			cat = (struct cil_cat*)i->data;
1289 			rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1290 			if (rc != SEPOL_OK) {
1291 				goto exit;
1292 			}
1293 		}
1294 	}
1295 
1296 	return SEPOL_OK;
1297 
1298 exit:
1299 	return rc;
1300 }
1301 
cil_level_equals(struct cil_level * low,struct cil_level * high)1302 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1303 {
1304 	int rc;
1305 	struct ebitmap elow;
1306 	struct ebitmap ehigh;
1307 
1308 	if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1309 		rc = 0;
1310 		goto exit;
1311 	}
1312 
1313 	ebitmap_init(&elow);
1314 	ebitmap_init(&ehigh);
1315 
1316 	rc = cil_cats_to_ebitmap(low->cats, &elow);
1317 	if (rc != SEPOL_OK) {
1318 		goto exit;
1319 	}
1320 
1321 	rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1322 	if (rc != SEPOL_OK) {
1323 		goto exit;
1324 	}
1325 
1326 	rc = ebitmap_cmp(&elow, &ehigh);
1327 	ebitmap_destroy(&elow);
1328 	ebitmap_destroy(&ehigh);
1329 
1330 exit:
1331 	return rc;
1332 }
1333 
__cil_level_strlen(struct cil_level * lvl)1334 static int __cil_level_strlen(struct cil_level *lvl)
1335 {
1336 	struct cil_list_item *item;
1337 	struct cil_cats *cats = lvl->cats;
1338 	int str_len = 0;
1339 	char *str1 = NULL;
1340 	char *str2 = NULL;
1341 	int first = -1;
1342 	int last = -1;
1343 
1344 	str_len += strlen(lvl->sens->datum.fqn);
1345 
1346 	if (cats && cats->datum_expr != NULL) {
1347 		str_len++; /* initial ":" */
1348 		cil_list_for_each(item, cats->datum_expr) {
1349 			struct cil_cat *cat = item->data;
1350 			if (first == -1) {
1351 				str1 = cat->datum.fqn;
1352 				first = cat->value;
1353 				last = first;
1354 			} else if (cat->value == last + 1) {
1355 				last++;
1356 				str2 = cat->datum.fqn;
1357 			} else {
1358 				if (first == last) {
1359 					str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1360 				} else if (last == first + 1) {
1361 					str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1362 				} else {
1363 					str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1364 				}
1365 				first = -1;
1366 				last = -1;
1367 				if (item->next != NULL) {
1368 					str_len++; /* space for "," after */
1369 				}
1370 			}
1371 		}
1372 		if (first != -1) {
1373 			if (first == last) {
1374 				str_len += strlen(str1);
1375 			} else if (last == first + 1) {
1376 				str_len += strlen(str1) + strlen(str2) + 1;
1377 			} else {
1378 				str_len += strlen(str1) + strlen(str2) + 1;
1379 			}
1380 		}
1381 	}
1382 
1383 	return str_len;
1384 }
1385 
__cil_level_to_string(struct cil_level * lvl,char * out)1386 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1387 {
1388 	struct cil_list_item *item;
1389 	struct cil_cats *cats = lvl->cats;
1390 	int buf_pos = 0;
1391 	char *str_tmp = out;
1392 	char *str1 = NULL;
1393 	char *str2 = NULL;
1394 	int first = -1;
1395 	int last = -1;
1396 
1397 	buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1398 	str_tmp += buf_pos;
1399 
1400 	if (cats && cats->datum_expr != NULL) {
1401 		buf_pos = sprintf(str_tmp, ":");
1402 		str_tmp += buf_pos;
1403 
1404 		cil_list_for_each(item, cats->datum_expr) {
1405 			struct cil_cat *cat = item->data;
1406 			if (first == -1) {
1407 				str1 = cat->datum.fqn;
1408 				first = cat->value;
1409 				last = first;
1410 			} else if (cat->value == last + 1) {
1411 				last++;
1412 				str2 = cat->datum.fqn;
1413 			} else {
1414 				if (first == last) {
1415 					buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1416 					str_tmp += buf_pos;
1417 				} else if (last == first + 1) {
1418 					buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1419 					str_tmp += buf_pos;
1420 				} else {
1421 					buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1422 					str_tmp += buf_pos;
1423 				}
1424 				first = -1;
1425 				last = -1;
1426 				if (item->next != NULL) {
1427 					buf_pos = sprintf(str_tmp, ",");
1428 					str_tmp += buf_pos;
1429 				}
1430 			}
1431 		}
1432 		if (first != -1) {
1433 			if (first == last) {
1434 				buf_pos = sprintf(str_tmp, "%s", str1);
1435 				str_tmp += buf_pos;
1436 			} else if (last == first + 1) {
1437 				buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1438 				str_tmp += buf_pos;
1439 			} else {
1440 				buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1441 				str_tmp += buf_pos;
1442 			}
1443 		}
1444 	}
1445 
1446 	return str_tmp - out;
1447 }
1448 
1449 #ifdef DISABLE_SYMVER
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1450 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1451 #else
1452 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1453 #endif
1454 {
1455 	size_t str_len = 0;
1456 	int buf_pos = 0;
1457 	char *str_tmp = NULL;
1458 	struct cil_list_item *curr;
1459 
1460 	if (db->selinuxusers->head == NULL) {
1461 		*size = 0;
1462 		*out = NULL;
1463 		return SEPOL_OK;
1464 	}
1465 
1466 	cil_list_for_each(curr, db->selinuxusers) {
1467 		struct cil_selinuxuser *selinuxuser = curr->data;
1468 		struct cil_user *user = selinuxuser->user;
1469 
1470 		str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1471 
1472 		if (db->mls == CIL_TRUE) {
1473 			struct cil_levelrange *range = selinuxuser->range;
1474 			str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1475 		}
1476 
1477 		str_len++;
1478 	}
1479 
1480 	*size = str_len * sizeof(char);
1481 	str_tmp = cil_malloc(*size+1);
1482 	*out = str_tmp;
1483 
1484 	for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1485 		struct cil_selinuxuser *selinuxuser = curr->data;
1486 		struct cil_user *user = selinuxuser->user;
1487 
1488 		buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1489 		str_tmp += buf_pos;
1490 
1491 		if (db->mls == CIL_TRUE) {
1492 			struct cil_levelrange *range = selinuxuser->range;
1493 			buf_pos = sprintf(str_tmp, ":");
1494 			str_tmp += buf_pos;
1495 			buf_pos = __cil_level_to_string(range->low, str_tmp);
1496 			str_tmp += buf_pos;
1497 			buf_pos = sprintf(str_tmp, "-");
1498 			str_tmp += buf_pos;
1499 			buf_pos = __cil_level_to_string(range->high, str_tmp);
1500 			str_tmp += buf_pos;
1501 		}
1502 
1503 		buf_pos = sprintf(str_tmp, "\n");
1504 		str_tmp += buf_pos;
1505 	}
1506 
1507 	return SEPOL_OK;
1508 }
1509 
1510 #ifndef DISABLE_SYMVER
cil_selinuxusers_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1511 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1512 {
1513 	return cil_selinuxusers_to_string_nopdb(db, out, size);
1514 }
1515 #endif
1516 
1517 #ifdef DISABLE_SYMVER
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1518 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1519 #else
1520 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1521 #endif
1522 {
1523 	uint32_t i = 0;
1524 	int buf_pos = 0;
1525 	size_t str_len = 0;
1526 	char *str_tmp = NULL;
1527 	struct cil_sort *filecons = db->filecon;
1528 
1529 	for (i = 0; i < filecons->count; i++) {
1530 		struct cil_filecon *filecon = filecons->array[i];
1531 		struct cil_context *ctx = filecon->context;
1532 
1533 		str_len += strlen(filecon->path_str);
1534 
1535 		if (filecon->type != CIL_FILECON_ANY) {
1536 			/* If a type is specified,
1537 			   +2 for type string, +1 for tab */
1538 			str_len += 3;
1539 		}
1540 
1541 		if (ctx != NULL) {
1542 			struct cil_user *user = ctx->user;
1543 			struct cil_role *role = ctx->role;
1544 			struct cil_type *type = ctx->type;
1545 
1546 			str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1547 
1548 			if (db->mls == CIL_TRUE) {
1549 				struct cil_levelrange *range = ctx->range;
1550 				if (cil_level_equals(range->low, range->high)) {
1551 					str_len += __cil_level_strlen(range->low) + 1;
1552 				} else {
1553 					str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1554 				}
1555 			}
1556 		} else {
1557 			str_len += strlen("\t<<none>>");
1558 		}
1559 
1560 		str_len++;
1561 	}
1562 
1563 	*size = str_len * sizeof(char);
1564 	str_tmp = cil_malloc(*size+1);
1565 	*out = str_tmp;
1566 
1567 	for (i = 0; i < filecons->count; i++) {
1568 		struct cil_filecon *filecon = filecons->array[i];
1569 		struct cil_context *ctx = filecon->context;
1570 		const char *str_type = NULL;
1571 
1572 		buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1573 		str_tmp += buf_pos;
1574 
1575 		switch(filecon->type) {
1576 		case CIL_FILECON_FILE:
1577 			str_type = "\t--";
1578 			break;
1579 		case CIL_FILECON_DIR:
1580 			str_type = "\t-d";
1581 			break;
1582 		case CIL_FILECON_CHAR:
1583 			str_type = "\t-c";
1584 			break;
1585 		case CIL_FILECON_BLOCK:
1586 			str_type = "\t-b";
1587 			break;
1588 		case CIL_FILECON_SOCKET:
1589 			str_type = "\t-s";
1590 			break;
1591 		case CIL_FILECON_PIPE:
1592 			str_type = "\t-p";
1593 			break;
1594 		case CIL_FILECON_SYMLINK:
1595 			str_type = "\t-l";
1596 			break;
1597 		default:
1598 			str_type = "";
1599 			break;
1600 		}
1601 		buf_pos = sprintf(str_tmp, "%s", str_type);
1602 		str_tmp += buf_pos;
1603 
1604 		if (ctx != NULL) {
1605 			struct cil_user *user = ctx->user;
1606 			struct cil_role *role = ctx->role;
1607 			struct cil_type *type = ctx->type;
1608 
1609 			buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1610 							  type->datum.fqn);
1611 			str_tmp += buf_pos;
1612 
1613 			if (db->mls == CIL_TRUE) {
1614 				struct cil_levelrange *range = ctx->range;
1615 				buf_pos = sprintf(str_tmp, ":");
1616 				str_tmp += buf_pos;
1617 				buf_pos = __cil_level_to_string(range->low, str_tmp);
1618 				str_tmp += buf_pos;
1619 
1620 				if (!cil_level_equals(range->low, range->high)) {
1621 					buf_pos = sprintf(str_tmp, "-");
1622 					str_tmp += buf_pos;
1623 					buf_pos = __cil_level_to_string(range->high, str_tmp);
1624 					str_tmp += buf_pos;
1625 				}
1626 			}
1627 		} else {
1628 			buf_pos = sprintf(str_tmp, "\t<<none>>");
1629 			str_tmp += buf_pos;
1630 		}
1631 
1632 		buf_pos = sprintf(str_tmp, "\n");
1633 		str_tmp += buf_pos;
1634 	}
1635 
1636 	return SEPOL_OK;
1637 }
1638 
1639 #ifndef DISABLE_SYMVER
cil_filecons_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1640 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1641 {
1642 	return cil_filecons_to_string_nopdb(db, out, size);
1643 }
1644 #endif
1645 
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1646 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1647 {
1648 	db->disable_dontaudit = disable_dontaudit;
1649 }
1650 
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1651 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1652 {
1653 	db->disable_neverallow = disable_neverallow;
1654 }
1655 
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1656 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1657 {
1658 	db->attrs_expand_generated = attrs_expand_generated;
1659 }
1660 
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1661 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1662 {
1663 	db->attrs_expand_size = attrs_expand_size;
1664 }
1665 
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1666 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1667 {
1668 	db->preserve_tunables = preserve_tunables;
1669 }
1670 
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1671 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1672 {
1673 	int rc = 0;
1674 
1675 	switch (handle_unknown) {
1676 		case SEPOL_DENY_UNKNOWN:
1677 		case SEPOL_REJECT_UNKNOWN:
1678 		case SEPOL_ALLOW_UNKNOWN:
1679 			db->handle_unknown = handle_unknown;
1680 			break;
1681 		default:
1682 			cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1683 			rc = -1;
1684 	}
1685 
1686 	return rc;
1687 }
1688 
cil_set_mls(struct cil_db * db,int mls)1689 void cil_set_mls(struct cil_db *db, int mls)
1690 {
1691 	db->mls = mls;
1692 }
1693 
cil_set_multiple_decls(struct cil_db * db,int multiple_decls)1694 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
1695 {
1696 	db->multiple_decls = multiple_decls;
1697 }
1698 
cil_set_target_platform(struct cil_db * db,int target_platform)1699 void cil_set_target_platform(struct cil_db *db, int target_platform)
1700 {
1701 	db->target_platform = target_platform;
1702 }
1703 
cil_set_policy_version(struct cil_db * db,int policy_version)1704 void cil_set_policy_version(struct cil_db *db, int policy_version)
1705 {
1706 	db->policy_version = policy_version;
1707 }
1708 
cil_symtab_array_init(symtab_t symtab[],int symtab_sizes[CIL_SYM_NUM])1709 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM])
1710 {
1711 	uint32_t i = 0;
1712 	for (i = 0; i < CIL_SYM_NUM; i++) {
1713 		cil_symtab_init(&symtab[i], symtab_sizes[i]);
1714 	}
1715 }
1716 
cil_symtab_array_destroy(symtab_t symtab[])1717 void cil_symtab_array_destroy(symtab_t symtab[])
1718 {
1719 	int i = 0;
1720 	for (i = 0; i < CIL_SYM_NUM; i++) {
1721 		cil_symtab_destroy(&symtab[i]);
1722 	}
1723 }
1724 
cil_destroy_ast_symtabs(struct cil_tree_node * current)1725 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1726 {
1727 	while (current) {
1728 		switch (current->flavor) {
1729 		case CIL_BLOCK:
1730 			cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1731 			break;
1732 		case CIL_IN:
1733 			cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1734 			break;
1735 		case CIL_CLASS:
1736 		case CIL_COMMON:
1737 		case CIL_MAP_CLASS:
1738 			cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1739 			break;
1740 		case CIL_MACRO:
1741 			cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1742 			break;
1743 		case CIL_CONDBLOCK:
1744 			cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1745 			break;
1746 		default:
1747 			break;
1748 		}
1749 
1750 		if (current->cl_head) {
1751 			cil_destroy_ast_symtabs(current->cl_head);
1752 		}
1753 
1754 		current = current->next;
1755 	}
1756 }
1757 
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1758 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1759 {
1760 	struct cil_tree_node *node = ast_node;
1761 	*symtab = NULL;
1762 
1763 	if (sym_index == CIL_SYM_PERMS) {
1764 		/* Class statements are not blocks, so the passed node should be the class */
1765 		if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1766 			node->flavor == CIL_COMMON) {
1767 			*symtab = &((struct cil_class*)node->data)->perms;
1768 			return SEPOL_OK;
1769 		}
1770 		goto exit;
1771 	}
1772 
1773 	if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1774 		cil_log(CIL_ERR, "Invalid symtab type\n");
1775 		goto exit;
1776 	}
1777 
1778 	while (node != NULL && *symtab == NULL) {
1779 		switch (node->flavor) {
1780 		case CIL_ROOT:
1781 			*symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1782 			break;
1783 		case CIL_BLOCK:
1784 			*symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1785 			break;
1786 		case CIL_MACRO:
1787 			*symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1788 			break;
1789 		case CIL_IN:
1790 			/* In blocks only exist before resolving the AST */
1791 			*symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1792 			break;
1793 		case CIL_CONDBLOCK: {
1794 			if (node->parent->flavor == CIL_TUNABLEIF) {
1795 				/* Cond blocks only exist before resolving the AST */
1796 				*symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1797 			} else if (node->parent->flavor == CIL_BOOLEANIF) {
1798 				node = node->parent->parent;
1799 			}
1800 			break;
1801 		}
1802 		default:
1803 			node = node->parent;
1804 		}
1805 	}
1806 
1807 	if (*symtab == NULL) {
1808 		goto exit;
1809 	}
1810 
1811 	return SEPOL_OK;
1812 
1813 exit:
1814 	cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
1815 	return SEPOL_ERR;
1816 }
1817 
cil_sort_init(struct cil_sort ** sort)1818 void cil_sort_init(struct cil_sort **sort)
1819 {
1820 	*sort = cil_malloc(sizeof(**sort));
1821 
1822 	(*sort)->flavor = CIL_NONE;
1823 	(*sort)->count = 0;
1824 	(*sort)->index = 0;
1825 	(*sort)->array = NULL;
1826 }
1827 
cil_sort_destroy(struct cil_sort ** sort)1828 void cil_sort_destroy(struct cil_sort **sort)
1829 {
1830 	(*sort)->flavor = CIL_NONE;
1831 	(*sort)->count = 0;
1832 	(*sort)->index = 0;
1833 	if ((*sort)->array != NULL) {
1834 		free((*sort)->array);
1835 	}
1836 	(*sort)->array = NULL;
1837 
1838 	free(*sort);
1839 	*sort = NULL;
1840 }
1841 
cil_netifcon_init(struct cil_netifcon ** netifcon)1842 void cil_netifcon_init(struct cil_netifcon **netifcon)
1843 {
1844 	*netifcon = cil_malloc(sizeof(**netifcon));
1845 
1846 	(*netifcon)->interface_str = NULL;
1847 	(*netifcon)->if_context_str = NULL;
1848 	(*netifcon)->if_context = NULL;
1849 	(*netifcon)->packet_context_str = NULL;
1850 	(*netifcon)->packet_context = NULL;
1851 	(*netifcon)->context_str = NULL;
1852 }
1853 
cil_ibendportcon_init(struct cil_ibendportcon ** ibendportcon)1854 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon)
1855 {
1856 	*ibendportcon = cil_malloc(sizeof(**ibendportcon));
1857 
1858 	(*ibendportcon)->dev_name_str = NULL;
1859 	(*ibendportcon)->port = 0;
1860 	(*ibendportcon)->context_str = NULL;
1861 	(*ibendportcon)->context = NULL;
1862 }
1863 
cil_context_init(struct cil_context ** context)1864 void cil_context_init(struct cil_context **context)
1865 {
1866 	*context = cil_malloc(sizeof(**context));
1867 
1868 	cil_symtab_datum_init(&(*context)->datum);
1869 	(*context)->user_str = NULL;
1870 	(*context)->user = NULL;
1871 	(*context)->role_str = NULL;
1872 	(*context)->role = NULL;
1873 	(*context)->type_str = NULL;
1874 	(*context)->type = NULL;
1875 	(*context)->range_str = NULL;
1876 	(*context)->range = NULL;
1877 }
1878 
cil_level_init(struct cil_level ** level)1879 void cil_level_init(struct cil_level **level)
1880 {
1881 	*level = cil_malloc(sizeof(**level));
1882 
1883 	cil_symtab_datum_init(&(*level)->datum);
1884 	(*level)->sens_str = NULL;
1885 	(*level)->sens = NULL;
1886 	(*level)->cats = NULL;
1887 }
1888 
cil_levelrange_init(struct cil_levelrange ** range)1889 void cil_levelrange_init(struct cil_levelrange **range)
1890 {
1891 	*range = cil_malloc(sizeof(**range));
1892 
1893 	cil_symtab_datum_init(&(*range)->datum);
1894 	(*range)->low_str = NULL;
1895 	(*range)->low = NULL;
1896 	(*range)->high_str = NULL;
1897 	(*range)->high = NULL;
1898 }
1899 
cil_sens_init(struct cil_sens ** sens)1900 void cil_sens_init(struct cil_sens **sens)
1901 {
1902 	*sens = cil_malloc(sizeof(**sens));
1903 
1904 	cil_symtab_datum_init(&(*sens)->datum);
1905 
1906 	(*sens)->cats_list = NULL;
1907 
1908 	(*sens)->ordered = CIL_FALSE;
1909 }
1910 
cil_block_init(struct cil_block ** block)1911 void cil_block_init(struct cil_block **block)
1912 {
1913 	*block = cil_malloc(sizeof(**block));
1914 
1915 	cil_symtab_datum_init(&(*block)->datum);
1916 
1917 	cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
1918 
1919 	(*block)->is_abstract = CIL_FALSE;
1920 
1921 	(*block)->bi_nodes = NULL;
1922 }
1923 
cil_blockinherit_init(struct cil_blockinherit ** inherit)1924 void cil_blockinherit_init(struct cil_blockinherit **inherit)
1925 {
1926 	*inherit = cil_malloc(sizeof(**inherit));
1927 	(*inherit)->block_str = NULL;
1928 	(*inherit)->block = NULL;
1929 }
1930 
cil_blockabstract_init(struct cil_blockabstract ** abstract)1931 void cil_blockabstract_init(struct cil_blockabstract **abstract)
1932 {
1933 	*abstract = cil_malloc(sizeof(**abstract));
1934 	(*abstract)->block_str = NULL;
1935 }
1936 
cil_in_init(struct cil_in ** in)1937 void cil_in_init(struct cil_in **in)
1938 {
1939 	*in = cil_malloc(sizeof(**in));
1940 
1941 	cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
1942 	(*in)->block_str = NULL;
1943 }
1944 
cil_class_init(struct cil_class ** class)1945 void cil_class_init(struct cil_class **class)
1946 {
1947 	*class = cil_malloc(sizeof(**class));
1948 
1949 	cil_symtab_datum_init(&(*class)->datum);
1950 
1951 	cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
1952 
1953 	(*class)->num_perms = 0;
1954 	(*class)->common = NULL;
1955 	(*class)->ordered = CIL_FALSE;
1956 }
1957 
cil_classorder_init(struct cil_classorder ** classorder)1958 void cil_classorder_init(struct cil_classorder **classorder)
1959 {
1960 	*classorder = cil_malloc(sizeof(**classorder));
1961 
1962 	(*classorder)->class_list_str = NULL;
1963 }
1964 
cil_classcommon_init(struct cil_classcommon ** classcommon)1965 void cil_classcommon_init(struct cil_classcommon **classcommon)
1966 {
1967 	*classcommon = cil_malloc(sizeof(**classcommon));
1968 
1969 	(*classcommon)->class_str = NULL;
1970 	(*classcommon)->common_str = NULL;
1971 }
1972 
cil_sid_init(struct cil_sid ** sid)1973 void cil_sid_init(struct cil_sid **sid)
1974 {
1975 	*sid = cil_malloc(sizeof(**sid));
1976 
1977 	cil_symtab_datum_init(&(*sid)->datum);
1978 
1979 	(*sid)->ordered = CIL_FALSE;
1980 	(*sid)->context = NULL;
1981 }
1982 
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)1983 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
1984 {
1985 	*sidcontext = cil_malloc(sizeof(**sidcontext));
1986 
1987 	(*sidcontext)->sid_str = NULL;
1988 	(*sidcontext)->context_str = NULL;
1989 	(*sidcontext)->context = NULL;
1990 }
1991 
cil_sidorder_init(struct cil_sidorder ** sidorder)1992 void cil_sidorder_init(struct cil_sidorder **sidorder)
1993 {
1994 	*sidorder = cil_malloc(sizeof(**sidorder));
1995 
1996 	(*sidorder)->sid_list_str = NULL;
1997 }
1998 
cil_userrole_init(struct cil_userrole ** userrole)1999 void cil_userrole_init(struct cil_userrole **userrole)
2000 {
2001 	*userrole = cil_malloc(sizeof(**userrole));
2002 
2003 	(*userrole)->user_str = NULL;
2004 	(*userrole)->user = NULL;
2005 	(*userrole)->role_str = NULL;
2006 	(*userrole)->role = NULL;
2007 }
2008 
cil_userprefix_init(struct cil_userprefix ** userprefix)2009 void cil_userprefix_init(struct cil_userprefix **userprefix)
2010 {
2011 	*userprefix = cil_malloc(sizeof(**userprefix));
2012 
2013 	(*userprefix)->user_str = NULL;
2014 	(*userprefix)->user = NULL;
2015 	(*userprefix)->prefix_str = NULL;
2016 }
2017 
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)2018 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
2019 {
2020 	*selinuxuser = cil_malloc(sizeof(**selinuxuser));
2021 
2022 	(*selinuxuser)->name_str = NULL;
2023 	(*selinuxuser)->user_str = NULL;
2024 	(*selinuxuser)->user = NULL;
2025 	(*selinuxuser)->range_str = NULL;
2026 	(*selinuxuser)->range = NULL;
2027 }
2028 
cil_roletype_init(struct cil_roletype ** roletype)2029 void cil_roletype_init(struct cil_roletype **roletype)
2030 {
2031 	*roletype = cil_malloc(sizeof(**roletype));
2032 
2033 	(*roletype)->role_str = NULL;
2034 	(*roletype)->role = NULL;
2035 	(*roletype)->type_str = NULL;
2036 	(*roletype)->type = NULL;
2037 }
2038 
cil_roleattribute_init(struct cil_roleattribute ** attr)2039 void cil_roleattribute_init(struct cil_roleattribute **attr)
2040 {
2041 	*attr = cil_malloc(sizeof(**attr));
2042 
2043 	cil_symtab_datum_init(&(*attr)->datum);
2044 
2045 	(*attr)->expr_list = NULL;
2046 	(*attr)->roles = NULL;
2047 }
2048 
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2049 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2050 {
2051 	*attrset = cil_malloc(sizeof(**attrset));
2052 
2053 	(*attrset)->attr_str = NULL;
2054 	(*attrset)->str_expr = NULL;
2055 	(*attrset)->datum_expr = NULL;
2056 }
2057 
cil_typeattribute_init(struct cil_typeattribute ** attr)2058 void cil_typeattribute_init(struct cil_typeattribute **attr)
2059 {
2060 	*attr = cil_malloc(sizeof(**attr));
2061 
2062 	cil_symtab_datum_init(&(*attr)->datum);
2063 
2064 	(*attr)->expr_list = NULL;
2065 	(*attr)->types = NULL;
2066 	(*attr)->used = CIL_FALSE;
2067 	(*attr)->keep = CIL_FALSE;
2068 }
2069 
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2070 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2071 {
2072 	*attrset = cil_malloc(sizeof(**attrset));
2073 
2074 	(*attrset)->attr_str = NULL;
2075 	(*attrset)->str_expr = NULL;
2076 	(*attrset)->datum_expr = NULL;
2077 }
2078 
cil_expandtypeattribute_init(struct cil_expandtypeattribute ** expandattr)2079 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr)
2080 {
2081 	*expandattr = cil_malloc(sizeof(**expandattr));
2082 
2083 	(*expandattr)->attr_strs = NULL;
2084 	(*expandattr)->attr_datums = NULL;
2085 	(*expandattr)->expand = 0;
2086 }
2087 
cil_alias_init(struct cil_alias ** alias)2088 void cil_alias_init(struct cil_alias **alias)
2089 {
2090 	*alias = cil_malloc(sizeof(**alias));
2091 
2092 	(*alias)->actual = NULL;
2093 
2094 	cil_symtab_datum_init(&(*alias)->datum);
2095 }
2096 
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2097 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2098 {
2099 	*aliasactual = cil_malloc(sizeof(**aliasactual));
2100 
2101 	(*aliasactual)->alias_str = NULL;
2102 	(*aliasactual)->actual_str = NULL;
2103 }
2104 
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2105 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2106 {
2107 	*typeperm = cil_malloc(sizeof(**typeperm));
2108 
2109 	(*typeperm)->type_str = NULL;
2110 	(*typeperm)->type = NULL;
2111 }
2112 
cil_name_init(struct cil_name ** name)2113 void cil_name_init(struct cil_name **name)
2114 {
2115 	*name = cil_malloc(sizeof(**name));
2116 
2117 	cil_symtab_datum_init(&(*name)->datum);
2118 	(*name)->name_str = NULL;
2119 }
2120 
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2121 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2122 {
2123 	*nametypetrans = cil_malloc(sizeof(**nametypetrans));
2124 
2125 	(*nametypetrans)->src_str = NULL;
2126 	(*nametypetrans)->src = NULL;
2127 	(*nametypetrans)->tgt_str = NULL;
2128 	(*nametypetrans)->tgt = NULL;
2129 	(*nametypetrans)->obj_str = NULL;
2130 	(*nametypetrans)->obj = NULL;
2131 	(*nametypetrans)->name_str = NULL;
2132 	(*nametypetrans)->name = NULL;
2133 	(*nametypetrans)->result_str = NULL;
2134 	(*nametypetrans)->result = NULL;
2135 }
2136 
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2137 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2138 {
2139         *rangetrans = cil_malloc(sizeof(**rangetrans));
2140 
2141 	(*rangetrans)->src_str = NULL;
2142 	(*rangetrans)->src = NULL;
2143 	(*rangetrans)->exec_str = NULL;
2144 	(*rangetrans)->exec = NULL;
2145 	(*rangetrans)->obj_str = NULL;
2146 	(*rangetrans)->obj = NULL;
2147 	(*rangetrans)->range_str = NULL;
2148 	(*rangetrans)->range = NULL;
2149 }
2150 
cil_bool_init(struct cil_bool ** cilbool)2151 void cil_bool_init(struct cil_bool **cilbool)
2152 {
2153 	*cilbool = cil_malloc(sizeof(**cilbool));
2154 
2155 	cil_symtab_datum_init(&(*cilbool)->datum);
2156 	(*cilbool)->value = 0;
2157 }
2158 
cil_tunable_init(struct cil_tunable ** ciltun)2159 void cil_tunable_init(struct cil_tunable **ciltun)
2160 {
2161 	*ciltun = cil_malloc(sizeof(**ciltun));
2162 
2163 	cil_symtab_datum_init(&(*ciltun)->datum);
2164 	(*ciltun)->value = 0;
2165 }
2166 
cil_condblock_init(struct cil_condblock ** cb)2167 void cil_condblock_init(struct cil_condblock **cb)
2168 {
2169 	*cb = cil_malloc(sizeof(**cb));
2170 
2171 	(*cb)->flavor = CIL_NONE;
2172 	cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2173 }
2174 
cil_boolif_init(struct cil_booleanif ** bif)2175 void cil_boolif_init(struct cil_booleanif **bif)
2176 {
2177 	*bif = cil_malloc(sizeof(**bif));
2178 
2179 	(*bif)->str_expr = NULL;
2180 	(*bif)->datum_expr = NULL;
2181 }
2182 
cil_tunif_init(struct cil_tunableif ** tif)2183 void cil_tunif_init(struct cil_tunableif **tif)
2184 {
2185 	*tif = cil_malloc(sizeof(**tif));
2186 
2187 	(*tif)->str_expr = NULL;
2188 	(*tif)->datum_expr = NULL;
2189 }
2190 
cil_avrule_init(struct cil_avrule ** avrule)2191 void cil_avrule_init(struct cil_avrule **avrule)
2192 {
2193 	*avrule = cil_malloc(sizeof(**avrule));
2194 
2195 	(*avrule)->is_extended = 0;
2196 	(*avrule)->rule_kind = CIL_NONE;
2197 	(*avrule)->src_str = NULL;
2198 	(*avrule)->src = NULL;
2199 	(*avrule)->tgt_str = NULL;
2200 	(*avrule)->tgt = NULL;
2201 	memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2202 }
2203 
cil_permissionx_init(struct cil_permissionx ** permx)2204 void cil_permissionx_init(struct cil_permissionx **permx)
2205 {
2206 	*permx = cil_malloc(sizeof(**permx));
2207 
2208 	cil_symtab_datum_init(&(*permx)->datum);
2209 	(*permx)->kind = CIL_NONE;
2210 	(*permx)->obj_str = NULL;
2211 	(*permx)->obj = NULL;
2212 	(*permx)->expr_str = NULL;
2213 	(*permx)->perms = NULL;
2214 }
2215 
cil_type_rule_init(struct cil_type_rule ** type_rule)2216 void cil_type_rule_init(struct cil_type_rule **type_rule)
2217 {
2218 	*type_rule = cil_malloc(sizeof(**type_rule));
2219 
2220 	(*type_rule)->rule_kind = CIL_NONE;
2221 	(*type_rule)->src_str = NULL;
2222 	(*type_rule)->src = NULL;
2223 	(*type_rule)->tgt_str = NULL;
2224 	(*type_rule)->tgt = NULL;
2225 	(*type_rule)->obj_str = NULL;
2226 	(*type_rule)->obj = NULL;
2227 	(*type_rule)->result_str = NULL;
2228 	(*type_rule)->result = NULL;
2229 }
2230 
cil_roletransition_init(struct cil_roletransition ** role_trans)2231 void cil_roletransition_init(struct cil_roletransition **role_trans)
2232 {
2233 	*role_trans = cil_malloc(sizeof(**role_trans));
2234 
2235 	(*role_trans)->src_str = NULL;
2236 	(*role_trans)->src = NULL;
2237 	(*role_trans)->tgt_str = NULL;
2238 	(*role_trans)->tgt = NULL;
2239 	(*role_trans)->obj_str = NULL;
2240 	(*role_trans)->obj = NULL;
2241 	(*role_trans)->result_str = NULL;
2242 	(*role_trans)->result = NULL;
2243 }
2244 
cil_roleallow_init(struct cil_roleallow ** roleallow)2245 void cil_roleallow_init(struct cil_roleallow **roleallow)
2246 {
2247 	*roleallow = cil_malloc(sizeof(**roleallow));
2248 
2249 	(*roleallow)->src_str = NULL;
2250 	(*roleallow)->src = NULL;
2251 	(*roleallow)->tgt_str = NULL;
2252 	(*roleallow)->tgt = NULL;
2253 }
2254 
cil_catset_init(struct cil_catset ** catset)2255 void cil_catset_init(struct cil_catset **catset)
2256 {
2257 	*catset = cil_malloc(sizeof(**catset));
2258 
2259 	cil_symtab_datum_init(&(*catset)->datum);
2260 	(*catset)->cats = NULL;
2261 }
2262 
cil_senscat_init(struct cil_senscat ** senscat)2263 void cil_senscat_init(struct cil_senscat **senscat)
2264 {
2265 	*senscat = cil_malloc(sizeof(**senscat));
2266 
2267 	(*senscat)->sens_str = NULL;
2268 	(*senscat)->cats = NULL;
2269 }
2270 
cil_cats_init(struct cil_cats ** cats)2271 void cil_cats_init(struct cil_cats **cats)
2272 {
2273 	*cats = cil_malloc(sizeof(**cats));
2274 
2275 	(*cats)->evaluated = CIL_FALSE;
2276 	(*cats)->str_expr = NULL;
2277 	(*cats)->datum_expr = NULL;
2278 }
2279 
cil_filecon_init(struct cil_filecon ** filecon)2280 void cil_filecon_init(struct cil_filecon **filecon)
2281 {
2282 	*filecon = cil_malloc(sizeof(**filecon));
2283 
2284 	(*filecon)->path_str = NULL;
2285 	(*filecon)->type = 0;
2286 	(*filecon)->context_str = NULL;
2287 	(*filecon)->context = NULL;
2288 }
2289 
cil_ibpkeycon_init(struct cil_ibpkeycon ** ibpkeycon)2290 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon)
2291 {
2292 	*ibpkeycon = cil_malloc(sizeof(**ibpkeycon));
2293 
2294 	(*ibpkeycon)->subnet_prefix_str = NULL;
2295 	(*ibpkeycon)->pkey_low = 0;
2296 	(*ibpkeycon)->pkey_high = 0;
2297 	(*ibpkeycon)->context_str = NULL;
2298 	(*ibpkeycon)->context = NULL;
2299 }
2300 
cil_portcon_init(struct cil_portcon ** portcon)2301 void cil_portcon_init(struct cil_portcon **portcon)
2302 {
2303 	*portcon = cil_malloc(sizeof(**portcon));
2304 	(*portcon)->proto = 0;
2305 	(*portcon)->port_low = 0;
2306 	(*portcon)->port_high = 0;
2307 	(*portcon)->context_str = NULL;
2308 	(*portcon)->context = NULL;
2309 }
2310 
cil_nodecon_init(struct cil_nodecon ** nodecon)2311 void cil_nodecon_init(struct cil_nodecon **nodecon)
2312 {
2313 	*nodecon = cil_malloc(sizeof(**nodecon));
2314 
2315 	(*nodecon)->addr_str = NULL;
2316 	(*nodecon)->addr = NULL;
2317 	(*nodecon)->mask_str = NULL;
2318 	(*nodecon)->mask = NULL;
2319 	(*nodecon)->context_str = NULL;
2320 	(*nodecon)->context = NULL;
2321 }
2322 
cil_genfscon_init(struct cil_genfscon ** genfscon)2323 void cil_genfscon_init(struct cil_genfscon **genfscon)
2324 {
2325 	*genfscon = cil_malloc(sizeof(**genfscon));
2326 
2327 	(*genfscon)->fs_str = NULL;
2328 	(*genfscon)->path_str = NULL;
2329 	(*genfscon)->context_str = NULL;
2330 	(*genfscon)->context = NULL;
2331 }
2332 
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2333 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2334 {
2335 	*pirqcon = cil_malloc(sizeof(**pirqcon));
2336 
2337 	(*pirqcon)->pirq = 0;
2338 	(*pirqcon)->context_str = NULL;
2339 	(*pirqcon)->context = NULL;
2340 }
2341 
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2342 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2343 {
2344 	*iomemcon = cil_malloc(sizeof(**iomemcon));
2345 
2346 	(*iomemcon)->iomem_low = 0;
2347 	(*iomemcon)->iomem_high = 0;
2348 	(*iomemcon)->context_str = NULL;
2349 	(*iomemcon)->context = NULL;
2350 }
2351 
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2352 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2353 {
2354 	*ioportcon = cil_malloc(sizeof(**ioportcon));
2355 
2356 	(*ioportcon)->context_str = NULL;
2357 	(*ioportcon)->context = NULL;
2358 }
2359 
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2360 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2361 {
2362 	*pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2363 
2364 	(*pcidevicecon)->dev = 0;
2365 	(*pcidevicecon)->context_str = NULL;
2366 	(*pcidevicecon)->context = NULL;
2367 }
2368 
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2369 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2370 {
2371 	*dtcon = cil_malloc(sizeof(**dtcon));
2372 
2373 	(*dtcon)->path = NULL;
2374 	(*dtcon)->context_str = NULL;
2375 	(*dtcon)->context = NULL;
2376 }
2377 
cil_fsuse_init(struct cil_fsuse ** fsuse)2378 void cil_fsuse_init(struct cil_fsuse **fsuse)
2379 {
2380 	*fsuse = cil_malloc(sizeof(**fsuse));
2381 
2382 	(*fsuse)->type = 0;
2383 	(*fsuse)->fs_str = NULL;
2384 	(*fsuse)->context_str = NULL;
2385 	(*fsuse)->context = NULL;
2386 }
2387 
cil_constrain_init(struct cil_constrain ** constrain)2388 void cil_constrain_init(struct cil_constrain **constrain)
2389 {
2390 	*constrain = cil_malloc(sizeof(**constrain));
2391 
2392 	(*constrain)->classperms = NULL;
2393 	(*constrain)->str_expr = NULL;
2394 	(*constrain)->datum_expr = NULL;
2395 }
2396 
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2397 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2398 {
2399 	*validtrans = cil_malloc(sizeof(**validtrans));
2400 
2401 	(*validtrans)->class_str = NULL;
2402 	(*validtrans)->class = NULL;
2403 	(*validtrans)->str_expr = NULL;
2404 	(*validtrans)->datum_expr = NULL;
2405 }
2406 
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2407 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2408 {
2409 	*ipaddr = cil_malloc(sizeof(**ipaddr));
2410 
2411 	cil_symtab_datum_init(&(*ipaddr)->datum);
2412 	memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2413 }
2414 
cil_perm_init(struct cil_perm ** perm)2415 void cil_perm_init(struct cil_perm **perm)
2416 {
2417 	*perm = cil_malloc(sizeof(**perm));
2418 
2419 	cil_symtab_datum_init(&(*perm)->datum);
2420 	(*perm)->value = 0;
2421 	(*perm)->classperms = NULL;
2422 }
2423 
cil_classpermission_init(struct cil_classpermission ** cp)2424 void cil_classpermission_init(struct cil_classpermission **cp)
2425 {
2426 	*cp = cil_malloc(sizeof(**cp));
2427 
2428 	cil_symtab_datum_init(&(*cp)->datum);
2429 	(*cp)->classperms = NULL;
2430 }
2431 
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2432 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2433 {
2434 	*cps = cil_malloc(sizeof(**cps));
2435 
2436 	(*cps)->set_str = NULL;
2437 	(*cps)->classperms = NULL;
2438 }
2439 
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2440 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2441 {
2442 	*cp_set = cil_malloc(sizeof(**cp_set));
2443 	(*cp_set)->set_str = NULL;
2444 	(*cp_set)->set = NULL;
2445 }
2446 
cil_classperms_init(struct cil_classperms ** cp)2447 void cil_classperms_init(struct cil_classperms **cp)
2448 {
2449 	*cp = cil_malloc(sizeof(**cp));
2450 	(*cp)->class_str = NULL;
2451 	(*cp)->class = NULL;
2452 	(*cp)->perm_strs = NULL;
2453 	(*cp)->perms = NULL;
2454 }
2455 
cil_classmapping_init(struct cil_classmapping ** mapping)2456 void cil_classmapping_init(struct cil_classmapping **mapping)
2457 {
2458 	*mapping = cil_malloc(sizeof(**mapping));
2459 
2460 	(*mapping)->map_class_str = NULL;
2461 	(*mapping)->map_perm_str = NULL;
2462 	(*mapping)->classperms = NULL;
2463 }
2464 
cil_user_init(struct cil_user ** user)2465 void cil_user_init(struct cil_user **user)
2466 {
2467 	*user = cil_malloc(sizeof(**user));
2468 
2469 	cil_symtab_datum_init(&(*user)->datum);
2470 	(*user)->bounds = NULL;
2471 	(*user)->roles = NULL;
2472 	(*user)->dftlevel = NULL;
2473 	(*user)->range = NULL;
2474 	(*user)->value = 0;
2475 }
2476 
cil_userattribute_init(struct cil_userattribute ** attr)2477 void cil_userattribute_init(struct cil_userattribute **attr)
2478 {
2479 	*attr = cil_malloc(sizeof(**attr));
2480 
2481 	cil_symtab_datum_init(&(*attr)->datum);
2482 
2483 	(*attr)->expr_list = NULL;
2484 	(*attr)->users = NULL;
2485 }
2486 
cil_userattributeset_init(struct cil_userattributeset ** attrset)2487 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2488 {
2489 	*attrset = cil_malloc(sizeof(**attrset));
2490 
2491 	(*attrset)->attr_str = NULL;
2492 	(*attrset)->str_expr = NULL;
2493 	(*attrset)->datum_expr = NULL;
2494 }
2495 
cil_userlevel_init(struct cil_userlevel ** usrlvl)2496 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2497 {
2498 	*usrlvl = cil_malloc(sizeof(**usrlvl));
2499 
2500 	(*usrlvl)->user_str = NULL;
2501 	(*usrlvl)->level_str = NULL;
2502 	(*usrlvl)->level = NULL;
2503 }
2504 
cil_userrange_init(struct cil_userrange ** userrange)2505 void cil_userrange_init(struct cil_userrange **userrange)
2506 {
2507 	*userrange = cil_malloc(sizeof(**userrange));
2508 
2509 	(*userrange)->user_str = NULL;
2510 	(*userrange)->range_str = NULL;
2511 	(*userrange)->range = NULL;
2512 }
2513 
cil_role_init(struct cil_role ** role)2514 void cil_role_init(struct cil_role **role)
2515 {
2516 	*role = cil_malloc(sizeof(**role));
2517 
2518 	cil_symtab_datum_init(&(*role)->datum);
2519 	(*role)->bounds = NULL;
2520 	(*role)->types = NULL;
2521 	(*role)->value = 0;
2522 }
2523 
cil_type_init(struct cil_type ** type)2524 void cil_type_init(struct cil_type **type)
2525 {
2526 	*type = cil_malloc(sizeof(**type));
2527 
2528 	cil_symtab_datum_init(&(*type)->datum);
2529 	(*type)->bounds = NULL;
2530 	(*type)->value = 0;
2531 }
2532 
cil_cat_init(struct cil_cat ** cat)2533 void cil_cat_init(struct cil_cat **cat)
2534 {
2535 	*cat = cil_malloc(sizeof(**cat));
2536 
2537 	cil_symtab_datum_init(&(*cat)->datum);
2538 	(*cat)->ordered = CIL_FALSE;
2539 	(*cat)->value = 0;
2540 }
2541 
cil_catorder_init(struct cil_catorder ** catorder)2542 void cil_catorder_init(struct cil_catorder **catorder)
2543 {
2544 	*catorder = cil_malloc(sizeof(**catorder));
2545 
2546 	(*catorder)->cat_list_str = NULL;
2547 }
2548 
cil_sensorder_init(struct cil_sensorder ** sensorder)2549 void cil_sensorder_init(struct cil_sensorder **sensorder)
2550 {
2551 	*sensorder = cil_malloc(sizeof(**sensorder));
2552 
2553 	(*sensorder)->sens_list_str = NULL;
2554 }
2555 
cil_args_init(struct cil_args ** args)2556 void cil_args_init(struct cil_args **args)
2557 {
2558 	*args = cil_malloc(sizeof(**args));
2559 	(*args)->arg_str = NULL;
2560 	(*args)->arg = NULL;
2561 	(*args)->param_str = NULL;
2562 	(*args)->flavor = CIL_NONE;
2563 }
2564 
cil_call_init(struct cil_call ** call)2565 void cil_call_init(struct cil_call **call)
2566 {
2567 	*call = cil_malloc(sizeof(**call));
2568 
2569 	(*call)->macro_str = NULL;
2570 	(*call)->macro = NULL;
2571 	(*call)->args_tree = NULL;
2572 	(*call)->args = NULL;
2573 	(*call)->copied = 0;
2574 }
2575 
cil_optional_init(struct cil_optional ** optional)2576 void cil_optional_init(struct cil_optional **optional)
2577 {
2578 	*optional = cil_malloc(sizeof(**optional));
2579 	(*optional)->enabled = CIL_TRUE;
2580 	cil_symtab_datum_init(&(*optional)->datum);
2581 }
2582 
cil_param_init(struct cil_param ** param)2583 void cil_param_init(struct cil_param **param)
2584 {
2585 	*param = cil_malloc(sizeof(**param));
2586 
2587 	(*param)->str = NULL;
2588 	(*param)->flavor = CIL_NONE;
2589 }
2590 
cil_macro_init(struct cil_macro ** macro)2591 void cil_macro_init(struct cil_macro **macro)
2592 {
2593 	*macro = cil_malloc(sizeof(**macro));
2594 
2595 	cil_symtab_datum_init(&(*macro)->datum);
2596 	cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2597 	(*macro)->params = NULL;
2598 }
2599 
cil_policycap_init(struct cil_policycap ** policycap)2600 void cil_policycap_init(struct cil_policycap **policycap)
2601 {
2602 	*policycap = cil_malloc(sizeof(**policycap));
2603 
2604 	cil_symtab_datum_init(&(*policycap)->datum);
2605 }
2606 
cil_bounds_init(struct cil_bounds ** bounds)2607 void cil_bounds_init(struct cil_bounds **bounds)
2608 {
2609 	*bounds = cil_malloc(sizeof(**bounds));
2610 
2611 	(*bounds)->parent_str = NULL;
2612 	(*bounds)->child_str = NULL;
2613 }
2614 
cil_default_init(struct cil_default ** def)2615 void cil_default_init(struct cil_default **def)
2616 {
2617 	*def = cil_malloc(sizeof(**def));
2618 
2619 	(*def)->flavor = CIL_NONE;
2620 	(*def)->class_strs = NULL;
2621 	(*def)->class_datums = NULL;
2622 }
2623 
cil_defaultrange_init(struct cil_defaultrange ** def)2624 void cil_defaultrange_init(struct cil_defaultrange **def)
2625 {
2626 	*def = cil_malloc(sizeof(**def));
2627 
2628 	(*def)->class_strs = NULL;
2629 	(*def)->class_datums = NULL;
2630 }
2631 
cil_handleunknown_init(struct cil_handleunknown ** unk)2632 void cil_handleunknown_init(struct cil_handleunknown **unk)
2633 {
2634 	*unk = cil_malloc(sizeof(**unk));
2635 }
2636 
cil_mls_init(struct cil_mls ** mls)2637 void cil_mls_init(struct cil_mls **mls)
2638 {
2639 	*mls = cil_malloc(sizeof(**mls));
2640 	(*mls)->value = 0;
2641 }
2642 
cil_src_info_init(struct cil_src_info ** info)2643 void cil_src_info_init(struct cil_src_info **info)
2644 {
2645 	*info = cil_malloc(sizeof(**info));
2646 	(*info)->is_cil = 0;
2647 	(*info)->path = NULL;
2648 }
2649