1 /*
2  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  *    1. Redistributions of source code must retain the above copyright notice,
8  *       this list of conditions and the following disclaimer.
9  *
10  *    2. Redistributions in binary form must reproduce the above copyright notice,
11  *       this list of conditions and the following disclaimer in the documentation
12  *       and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  * The views and conclusions contained in the software and documentation are those
26  * of the authors and should not be interpreted as representing official policies,
27  * either expressed or implied, of Tresys Technology, LLC.
28  */
29 
30 #include <stdlib.h>
31 #include <stdio.h>
32 
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35 
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44 
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "dso.h"
54 
55 #ifndef DISABLE_SYMVER
56 asm(".symver cil_build_policydb_pdb,        cil_build_policydb@LIBSEPOL_1.0");
57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
58 
59 asm(".symver cil_compile_pdb,   cil_compile@LIBSEPOL_1.0");
60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1");
61 
62 asm(".symver cil_userprefixes_to_string_pdb,   cil_userprefixes_to_string@LIBSEPOL_1.0");
63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1");
64 
65 asm(".symver cil_selinuxusers_to_string_pdb,   cil_selinuxusers_to_string@LIBSEPOL_1.0");
66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1");
67 
68 asm(".symver cil_filecons_to_string_pdb,   cil_filecons_to_string@LIBSEPOL_1.0");
69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1");
70 #endif
71 
72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
73 	{64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
74 	{64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
75 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
76 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
77 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
78 };
79 
cil_init_keys(void)80 static void cil_init_keys(void)
81 {
82 	/* Initialize CIL Keys into strpool */
83 	CIL_KEY_CONS_T1 = cil_strpool_add("t1");
84 	CIL_KEY_CONS_T2 = cil_strpool_add("t2");
85 	CIL_KEY_CONS_T3 = cil_strpool_add("t3");
86 	CIL_KEY_CONS_R1 = cil_strpool_add("r1");
87 	CIL_KEY_CONS_R2 = cil_strpool_add("r2");
88 	CIL_KEY_CONS_R3 = cil_strpool_add("r3");
89 	CIL_KEY_CONS_U1 = cil_strpool_add("u1");
90 	CIL_KEY_CONS_U2 = cil_strpool_add("u2");
91 	CIL_KEY_CONS_U3 = cil_strpool_add("u3");
92 	CIL_KEY_CONS_L1 = cil_strpool_add("l1");
93 	CIL_KEY_CONS_L2 = cil_strpool_add("l2");
94 	CIL_KEY_CONS_H1 = cil_strpool_add("h1");
95 	CIL_KEY_CONS_H2 = cil_strpool_add("h2");
96 	CIL_KEY_AND = cil_strpool_add("and");
97 	CIL_KEY_OR = cil_strpool_add("or");
98 	CIL_KEY_NOT = cil_strpool_add("not");
99 	CIL_KEY_EQ = cil_strpool_add("eq");
100 	CIL_KEY_NEQ = cil_strpool_add("neq");
101 	CIL_KEY_CONS_DOM = cil_strpool_add("dom");
102 	CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
103 	CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
104 	CIL_KEY_CONDTRUE = cil_strpool_add("true");
105 	CIL_KEY_CONDFALSE = cil_strpool_add("false");
106 	CIL_KEY_SELF = cil_strpool_add("self");
107 	CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
108 	CIL_KEY_STAR = cil_strpool_add("*");
109 	CIL_KEY_UDP = cil_strpool_add("udp");
110 	CIL_KEY_TCP = cil_strpool_add("tcp");
111 	CIL_KEY_DCCP = cil_strpool_add("dccp");
112 	CIL_KEY_SCTP = cil_strpool_add("sctp");
113 	CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
114 	CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
115 	CIL_KEY_ALLOW = cil_strpool_add("allow");
116 	CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
117 	CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
118 	CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
119 	CIL_KEY_CALL = cil_strpool_add("call");
120 	CIL_KEY_TUNABLE = cil_strpool_add("tunable");
121 	CIL_KEY_XOR = cil_strpool_add("xor");
122 	CIL_KEY_ALL = cil_strpool_add("all");
123 	CIL_KEY_RANGE = cil_strpool_add("range");
124 	CIL_KEY_TYPE = cil_strpool_add("type");
125 	CIL_KEY_ROLE = cil_strpool_add("role");
126 	CIL_KEY_USER = cil_strpool_add("user");
127 	CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
128 	CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
129 	CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
130 	CIL_KEY_CATEGORY = cil_strpool_add("category");
131 	CIL_KEY_CATSET = cil_strpool_add("categoryset");
132 	CIL_KEY_LEVEL = cil_strpool_add("level");
133 	CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
134 	CIL_KEY_CLASS = cil_strpool_add("class");
135 	CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
136 	CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
137 	CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
138 	CIL_KEY_BOOL = cil_strpool_add("boolean");
139 	CIL_KEY_STRING = cil_strpool_add("string");
140 	CIL_KEY_NAME = cil_strpool_add("name");
141 	CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
142 	CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
143 	CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
144 	CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
145 	CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
146 	CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
147 	CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
148 	CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
149 	CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
150 	CIL_KEY_COMMON = cil_strpool_add("common");
151 	CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
152 	CIL_KEY_SID = cil_strpool_add("sid");
153 	CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
154 	CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
155 	CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
156 	CIL_KEY_USERRANGE = cil_strpool_add("userrange");
157 	CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
158 	CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
159 	CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
160 	CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
161 	CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
162 	CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
163 	CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute");
164 	CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
165 	CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
166 	CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
167 	CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
168 	CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
169 	CIL_KEY_USERROLE = cil_strpool_add("userrole");
170 	CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
171 	CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
172 	CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
173 	CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
174 	CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
175 	CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
176 	CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
177 	CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
178 	CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
179 	CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
180 	CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
181 	CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
182 	CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
183 	CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
184 	CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
185 	CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
186 	CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
187 	CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
188 	CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
189 	CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
190 	CIL_KEY_CONTEXT = cil_strpool_add("context");
191 	CIL_KEY_FILECON = cil_strpool_add("filecon");
192 	CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon");
193 	CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon");
194 	CIL_KEY_PORTCON = cil_strpool_add("portcon");
195 	CIL_KEY_NODECON = cil_strpool_add("nodecon");
196 	CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
197 	CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
198 	CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
199 	CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
200 	CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
201 	CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
202 	CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
203 	CIL_KEY_FSUSE = cil_strpool_add("fsuse");
204 	CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
205 	CIL_KEY_OPTIONAL = cil_strpool_add("optional");
206 	CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
207 	CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
208 	CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
209 	CIL_KEY_MACRO = cil_strpool_add("macro");
210 	CIL_KEY_IN = cil_strpool_add("in");
211 	CIL_KEY_MLS = cil_strpool_add("mls");
212 	CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
213 	CIL_KEY_GLOB = cil_strpool_add("*");
214 	CIL_KEY_FILE = cil_strpool_add("file");
215 	CIL_KEY_DIR = cil_strpool_add("dir");
216 	CIL_KEY_CHAR = cil_strpool_add("char");
217 	CIL_KEY_BLOCK = cil_strpool_add("block");
218 	CIL_KEY_SOCKET = cil_strpool_add("socket");
219 	CIL_KEY_PIPE = cil_strpool_add("pipe");
220 	CIL_KEY_SYMLINK = cil_strpool_add("symlink");
221 	CIL_KEY_ANY = cil_strpool_add("any");
222 	CIL_KEY_XATTR = cil_strpool_add("xattr");
223 	CIL_KEY_TASK = cil_strpool_add("task");
224 	CIL_KEY_TRANS = cil_strpool_add("trans");
225 	CIL_KEY_SOURCE = cil_strpool_add("source");
226 	CIL_KEY_TARGET = cil_strpool_add("target");
227 	CIL_KEY_LOW = cil_strpool_add("low");
228 	CIL_KEY_HIGH = cil_strpool_add("high");
229 	CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
230 	CIL_KEY_ROOT = cil_strpool_add("<root>");
231 	CIL_KEY_NODE = cil_strpool_add("<node>");
232 	CIL_KEY_PERM = cil_strpool_add("perm");
233 	CIL_KEY_ALLOWX = cil_strpool_add("allowx");
234 	CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
235 	CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
236 	CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
237 	CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
238 	CIL_KEY_IOCTL = cil_strpool_add("ioctl");
239 	CIL_KEY_UNORDERED = cil_strpool_add("unordered");
240 	CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
241 	CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>");
242 	CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>");
243 }
244 
cil_db_init(struct cil_db ** db)245 void cil_db_init(struct cil_db **db)
246 {
247 	*db = cil_malloc(sizeof(**db));
248 
249 	cil_strpool_init();
250 	cil_init_keys();
251 
252 	cil_tree_init(&(*db)->parse);
253 	cil_tree_init(&(*db)->ast);
254 	cil_root_init((struct cil_root **)&(*db)->ast->root->data);
255 	(*db)->sidorder = NULL;
256 	(*db)->classorder = NULL;
257 	(*db)->catorder = NULL;
258 	(*db)->sensitivityorder = NULL;
259 	cil_sort_init(&(*db)->netifcon);
260 	cil_sort_init(&(*db)->genfscon);
261 	cil_sort_init(&(*db)->filecon);
262 	cil_sort_init(&(*db)->nodecon);
263 	cil_sort_init(&(*db)->ibpkeycon);
264 	cil_sort_init(&(*db)->ibendportcon);
265 	cil_sort_init(&(*db)->portcon);
266 	cil_sort_init(&(*db)->pirqcon);
267 	cil_sort_init(&(*db)->iomemcon);
268 	cil_sort_init(&(*db)->ioportcon);
269 	cil_sort_init(&(*db)->pcidevicecon);
270 	cil_sort_init(&(*db)->devicetreecon);
271 	cil_sort_init(&(*db)->fsuse);
272 	cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
273 	cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
274 	cil_list_init(&(*db)->names, CIL_LIST_ITEM);
275 
276 	cil_type_init(&(*db)->selftype);
277 	(*db)->selftype->datum.name = CIL_KEY_SELF;
278 	(*db)->selftype->datum.fqn = CIL_KEY_SELF;
279 	(*db)->num_types_and_attrs = 0;
280 	(*db)->num_classes = 0;
281 	(*db)->num_types = 0;
282 	(*db)->num_roles = 0;
283 	(*db)->num_users = 0;
284 	(*db)->num_cats = 0;
285 	(*db)->val_to_type = NULL;
286 	(*db)->val_to_role = NULL;
287 	(*db)->val_to_user = NULL;
288 
289 	(*db)->disable_dontaudit = CIL_FALSE;
290 	(*db)->disable_neverallow = CIL_FALSE;
291 	(*db)->attrs_expand_generated = CIL_FALSE;
292 	(*db)->attrs_expand_size = 1;
293 	(*db)->preserve_tunables = CIL_FALSE;
294 	(*db)->handle_unknown = -1;
295 	(*db)->mls = -1;
296 	(*db)->target_platform = SEPOL_TARGET_SELINUX;
297 	(*db)->policy_version = POLICYDB_VERSION_MAX;
298 }
299 
cil_db_destroy(struct cil_db ** db)300 void cil_db_destroy(struct cil_db **db)
301 {
302 	if (db == NULL || *db == NULL) {
303 		return;
304 	}
305 
306 	cil_tree_destroy(&(*db)->parse);
307 	cil_tree_destroy(&(*db)->ast);
308 	cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
309 	cil_list_destroy(&(*db)->classorder, CIL_FALSE);
310 	cil_list_destroy(&(*db)->catorder, CIL_FALSE);
311 	cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
312 	cil_sort_destroy(&(*db)->netifcon);
313 	cil_sort_destroy(&(*db)->genfscon);
314 	cil_sort_destroy(&(*db)->filecon);
315 	cil_sort_destroy(&(*db)->nodecon);
316 	cil_sort_destroy(&(*db)->ibpkeycon);
317 	cil_sort_destroy(&(*db)->ibendportcon);
318 	cil_sort_destroy(&(*db)->portcon);
319 	cil_sort_destroy(&(*db)->pirqcon);
320 	cil_sort_destroy(&(*db)->iomemcon);
321 	cil_sort_destroy(&(*db)->ioportcon);
322 	cil_sort_destroy(&(*db)->pcidevicecon);
323 	cil_sort_destroy(&(*db)->devicetreecon);
324 	cil_sort_destroy(&(*db)->fsuse);
325 	cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
326 	cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
327 	cil_list_destroy(&(*db)->names, CIL_TRUE);
328 
329 	cil_destroy_type((*db)->selftype);
330 
331 	cil_strpool_destroy();
332 	free((*db)->val_to_type);
333 	free((*db)->val_to_role);
334 	free((*db)->val_to_user);
335 
336 	free(*db);
337 	*db = NULL;
338 }
339 
cil_root_init(struct cil_root ** root)340 void cil_root_init(struct cil_root **root)
341 {
342 	struct cil_root *r = cil_malloc(sizeof(*r));
343 	cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
344 
345 	*root = r;
346 }
347 
cil_root_destroy(struct cil_root * root)348 void cil_root_destroy(struct cil_root *root)
349 {
350 	if (root == NULL) {
351 		return;
352 	}
353 	cil_symtab_array_destroy(root->symtab);
354 	free(root);
355 }
356 
cil_add_file(cil_db_t * db,char * name,char * data,size_t size)357 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
358 {
359 	char *buffer = NULL;
360 	int rc;
361 
362 	cil_log(CIL_INFO, "Parsing %s\n", name);
363 
364 	buffer = cil_malloc(size + 2);
365 	memcpy(buffer, data, size);
366 	memset(buffer + size, 0, 2);
367 
368 	rc = cil_parser(name, buffer, size + 2, &db->parse);
369 	if (rc != SEPOL_OK) {
370 		cil_log(CIL_INFO, "Failed to parse %s\n", name);
371 		goto exit;
372 	}
373 
374 	free(buffer);
375 	buffer = NULL;
376 
377 	rc = SEPOL_OK;
378 
379 exit:
380 	free(buffer);
381 
382 	return rc;
383 }
384 
385 #ifdef DISABLE_SYMVER
cil_compile(struct cil_db * db)386 int cil_compile(struct cil_db *db)
387 #else
388 int cil_compile_nopdb(struct cil_db *db)
389 #endif
390 {
391 	int rc = SEPOL_ERR;
392 
393 	if (db == NULL) {
394 		goto exit;
395 	}
396 
397 	cil_log(CIL_INFO, "Building AST from Parse Tree\n");
398 	rc = cil_build_ast(db, db->parse->root, db->ast->root);
399 	if (rc != SEPOL_OK) {
400 		cil_log(CIL_INFO, "Failed to build ast\n");
401 		goto exit;
402 	}
403 
404 	cil_log(CIL_INFO, "Destroying Parse Tree\n");
405 	cil_tree_destroy(&db->parse);
406 
407 	cil_log(CIL_INFO, "Resolving AST\n");
408 	rc = cil_resolve_ast(db, db->ast->root);
409 	if (rc != SEPOL_OK) {
410 		cil_log(CIL_INFO, "Failed to resolve ast\n");
411 		goto exit;
412 	}
413 
414 	cil_log(CIL_INFO, "Qualifying Names\n");
415 	rc = cil_fqn_qualify(db->ast->root);
416 	if (rc != SEPOL_OK) {
417 		cil_log(CIL_INFO, "Failed to qualify names\n");
418 		goto exit;
419 	}
420 
421 	cil_log(CIL_INFO, "Compile post process\n");
422 	rc = cil_post_process(db);
423 	if (rc != SEPOL_OK ) {
424 		cil_log(CIL_INFO, "Post process failed\n");
425 		goto exit;
426 	}
427 
428 exit:
429 
430 	return rc;
431 }
432 
433 #ifndef DISABLE_SYMVER
cil_compile_pdb(struct cil_db * db,sepol_policydb_t * sepol_db)434 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
435 {
436 	return cil_compile_nopdb(db);
437 }
438 
cil_build_policydb_pdb(cil_db_t * db,sepol_policydb_t * sepol_db)439 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db)
440 {
441 	int rc;
442 
443 	cil_log(CIL_INFO, "Building policy binary\n");
444 	rc = cil_binary_create_allocated_pdb(db, sepol_db);
445 	if (rc != SEPOL_OK) {
446 		cil_log(CIL_ERR, "Failed to generate binary\n");
447 		goto exit;
448 	}
449 
450 exit:
451 	return rc;
452 }
453 #endif
454 
455 #ifdef DISABLE_SYMVER
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)456 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
457 #else
458 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
459 #endif
460 {
461 	int rc;
462 
463 	cil_log(CIL_INFO, "Building policy binary\n");
464 	rc = cil_binary_create(db, sepol_db);
465 	if (rc != SEPOL_OK) {
466 		cil_log(CIL_ERR, "Failed to generate binary\n");
467 		goto exit;
468 	}
469 
470 exit:
471 	return rc;
472 }
473 
cil_write_policy_conf(FILE * out,struct cil_db * db)474 void cil_write_policy_conf(FILE *out, struct cil_db *db)
475 {
476 	cil_log(CIL_INFO, "Writing policy.conf file\n");
477 	cil_gen_policy(out, db);
478 }
479 
cil_destroy_data(void ** data,enum cil_flavor flavor)480 void cil_destroy_data(void **data, enum cil_flavor flavor)
481 {
482 	if (*data == NULL) {
483 		return;
484 	}
485 
486 	switch(flavor) {
487 	case CIL_NONE:
488 		break;
489 	case CIL_ROOT:
490 		cil_root_destroy(*data);
491 		break;
492 	case CIL_NODE:
493 		break;
494 	case CIL_STRING:
495 		break;
496 	case CIL_DATUM:
497 		break;
498 	case CIL_LIST:
499 		cil_list_destroy(*data, CIL_FALSE);
500 		break;
501 	case CIL_LIST_ITEM:
502 		break;
503 	case CIL_PARAM:
504 		cil_destroy_param(*data);
505 		break;
506 	case CIL_ARGS:
507 		cil_destroy_args(*data);
508 		break;
509 	case CIL_BLOCK:
510 		cil_destroy_block(*data);
511 		break;
512 	case CIL_BLOCKINHERIT:
513 		cil_destroy_blockinherit(*data);
514 		break;
515 	case CIL_BLOCKABSTRACT:
516 		cil_destroy_blockabstract(*data);
517 		break;
518 	case CIL_IN:
519 		cil_destroy_in(*data);
520 		break;
521 	case CIL_MACRO:
522 		cil_destroy_macro(*data);
523 		break;
524 	case CIL_CALL:
525 		cil_destroy_call(*data);
526 		break;
527 	case CIL_OPTIONAL:
528 		cil_destroy_optional(*data);
529 		break;
530 	case CIL_BOOL:
531 		cil_destroy_bool(*data);
532 		break;
533 	case CIL_BOOLEANIF:
534 		cil_destroy_boolif(*data);
535 		break;
536 	case CIL_TUNABLE:
537 		cil_destroy_tunable(*data);
538 		break;
539 	case CIL_TUNABLEIF:
540 		cil_destroy_tunif(*data);
541 		break;
542 	case CIL_CONDBLOCK:
543 		cil_destroy_condblock(*data);
544 		break;
545 	case CIL_CONDTRUE:
546 		break;
547 	case CIL_CONDFALSE:
548 		break;
549 	case CIL_PERM:
550 	case CIL_MAP_PERM:
551 		cil_destroy_perm(*data);
552 		break;
553 	case CIL_COMMON:
554 	case CIL_CLASS:
555 	case CIL_MAP_CLASS:
556 		cil_destroy_class(*data);
557 		break;
558 	case CIL_CLASSORDER:
559 		cil_destroy_classorder(*data);
560 		break;
561 	case CIL_CLASSPERMISSION:
562 		cil_destroy_classpermission(*data);
563 		break;
564 	case CIL_CLASSCOMMON:
565 		cil_destroy_classcommon(*data);
566 		break;
567 	case CIL_CLASSMAPPING:
568 		cil_destroy_classmapping(*data);
569 		break;
570 	case CIL_CLASSPERMS:
571 		cil_destroy_classperms(*data);
572 		break;
573 	case CIL_CLASSPERMS_SET:
574 		cil_destroy_classperms_set(*data);
575 		break;
576 	case CIL_CLASSPERMISSIONSET:
577 		cil_destroy_classpermissionset(*data);
578 		break;
579 	case CIL_USER:
580 		cil_destroy_user(*data);
581 		break;
582 	case CIL_USERATTRIBUTE:
583 		cil_destroy_userattribute(*data);
584 		break;
585 	case CIL_USERATTRIBUTESET:
586 		cil_destroy_userattributeset(*data);
587 		break;
588 	case CIL_USERPREFIX:
589 		cil_destroy_userprefix(*data);
590 		break;
591 	case CIL_USERROLE:
592 		cil_destroy_userrole(*data);
593 		break;
594 	case CIL_USERLEVEL:
595 		cil_destroy_userlevel(*data);
596 		break;
597 	case CIL_USERRANGE:
598 		cil_destroy_userrange(*data);
599 		break;
600 	case CIL_USERBOUNDS:
601 		cil_destroy_bounds(*data);
602 		break;
603 	case CIL_SELINUXUSER:
604 	case CIL_SELINUXUSERDEFAULT:
605 		cil_destroy_selinuxuser(*data);
606 		break;
607 	case CIL_ROLE:
608 		cil_destroy_role(*data);
609 		break;
610 	case CIL_ROLEATTRIBUTE:
611 		cil_destroy_roleattribute(*data);
612 		break;
613 	case CIL_ROLEATTRIBUTESET:
614 		cil_destroy_roleattributeset(*data);
615 		break;
616 	case CIL_ROLETYPE:
617 		cil_destroy_roletype(*data);
618 		break;
619 	case CIL_ROLEBOUNDS:
620 		cil_destroy_bounds(*data);
621 		break;
622 	case CIL_TYPE:
623 		cil_destroy_type(*data);
624 		break;
625 	case CIL_TYPEATTRIBUTE:
626 		cil_destroy_typeattribute(*data);
627 		break;
628 	case CIL_TYPEALIAS:
629 		cil_destroy_alias(*data);
630 		break;
631 	case CIL_TYPEATTRIBUTESET:
632 		cil_destroy_typeattributeset(*data);
633 		break;
634 	case CIL_EXPANDTYPEATTRIBUTE:
635 		cil_destroy_expandtypeattribute(*data);
636 		break;
637 	case CIL_TYPEALIASACTUAL:
638 		cil_destroy_aliasactual(*data);
639 		break;
640 	case CIL_TYPEBOUNDS:
641 		cil_destroy_bounds(*data);
642 		break;
643 	case CIL_TYPEPERMISSIVE:
644 		cil_destroy_typepermissive(*data);
645 		break;
646 	case CIL_SENS:
647 		cil_destroy_sensitivity(*data);
648 		break;
649 	case CIL_SENSALIAS:
650 		cil_destroy_alias(*data);
651 		break;
652 	case CIL_SENSALIASACTUAL:
653 		cil_destroy_aliasactual(*data);
654 		break;
655 	case CIL_SENSITIVITYORDER:
656 		cil_destroy_sensitivityorder(*data);
657 		break;
658 	case CIL_SENSCAT:
659 		cil_destroy_senscat(*data);
660 		break;
661 	case CIL_CAT:
662 		cil_destroy_category(*data);
663 		break;
664 	case CIL_CATSET:
665 		cil_destroy_catset(*data);
666 		break;
667 	case CIL_CATALIAS:
668 		cil_destroy_alias(*data);
669 		break;
670 	case CIL_CATALIASACTUAL:
671 		cil_destroy_aliasactual(*data);
672 		break;
673 	case CIL_CATORDER:
674 		cil_destroy_catorder(*data);
675 		break;
676 	case CIL_LEVEL:
677 		cil_destroy_level(*data);
678 		break;
679 	case CIL_LEVELRANGE:
680 		cil_destroy_levelrange(*data);
681 		break;
682 	case CIL_SID:
683 		cil_destroy_sid(*data);
684 		break;
685 	case CIL_SIDORDER:
686 		cil_destroy_sidorder(*data);
687 		break;
688 	case CIL_NAME:
689 		cil_destroy_name(*data);
690 		break;
691 	case CIL_ROLEALLOW:
692 		cil_destroy_roleallow(*data);
693 		break;
694 	case CIL_AVRULE:
695 	case CIL_AVRULEX:
696 		cil_destroy_avrule(*data);
697 		break;
698 	case CIL_PERMISSIONX:
699 		cil_destroy_permissionx(*data);
700 		break;
701 	case CIL_ROLETRANSITION:
702 		cil_destroy_roletransition(*data);
703 		break;
704 	case CIL_TYPE_RULE:
705 		cil_destroy_type_rule(*data);
706 		break;
707 	case CIL_NAMETYPETRANSITION:
708 		cil_destroy_typetransition(*data);
709 		break;
710 	case CIL_RANGETRANSITION:
711 		cil_destroy_rangetransition(*data);
712 		break;
713 	case CIL_CONSTRAIN:
714 		cil_destroy_constrain(*data);
715 		break;
716 	case CIL_MLSCONSTRAIN:
717 		cil_destroy_constrain(*data);
718 		break;
719 	case CIL_VALIDATETRANS:
720 	case CIL_MLSVALIDATETRANS:
721 		cil_destroy_validatetrans(*data);
722 		break;
723 	case CIL_CONTEXT:
724 		cil_destroy_context(*data);
725 		break;
726 	case CIL_IPADDR:
727 		cil_destroy_ipaddr(*data);
728 		break;
729 	case CIL_SIDCONTEXT:
730 		cil_destroy_sidcontext(*data);
731 		break;
732 	case CIL_FSUSE:
733 		cil_destroy_fsuse(*data);
734 		break;
735 	case CIL_FILECON:
736 		cil_destroy_filecon(*data);
737 		break;
738 	case CIL_IBPKEYCON:
739 		cil_destroy_ibpkeycon(*data);
740 		break;
741 	case CIL_PORTCON:
742 		cil_destroy_portcon(*data);
743 		break;
744 	case CIL_IBENDPORTCON:
745 		cil_destroy_ibendportcon(*data);
746 		break;
747 	case CIL_NODECON:
748 		cil_destroy_nodecon(*data);
749 		break;
750 	case CIL_GENFSCON:
751 		cil_destroy_genfscon(*data);
752 		break;
753 	case CIL_NETIFCON:
754 		cil_destroy_netifcon(*data);
755 		break;
756 	case CIL_PIRQCON:
757 		cil_destroy_pirqcon(*data);
758 		break;
759 	case CIL_IOMEMCON:
760 		cil_destroy_iomemcon(*data);
761 		break;
762 	case CIL_IOPORTCON:
763 		cil_destroy_ioportcon(*data);
764 		break;
765 	case CIL_PCIDEVICECON:
766 		cil_destroy_pcidevicecon(*data);
767 		break;
768 	case CIL_DEVICETREECON:
769 		cil_destroy_devicetreecon(*data);
770 		break;
771 	case CIL_POLICYCAP:
772 		cil_destroy_policycap(*data);
773 		break;
774 	case CIL_DEFAULTUSER:
775 	case CIL_DEFAULTROLE:
776 	case CIL_DEFAULTTYPE:
777 		cil_destroy_default(*data);
778 		break;
779 	case CIL_DEFAULTRANGE:
780 		cil_destroy_defaultrange(*data);
781 		break;
782 	case CIL_HANDLEUNKNOWN:
783 		cil_destroy_handleunknown(*data);
784 		break;
785 	case CIL_MLS:
786 		cil_destroy_mls(*data);
787 		break;
788 	case CIL_SRC_INFO:
789 		cil_destroy_src_info(*data);
790 		break;
791 	case CIL_OP:
792 	case CIL_CONS_OPERAND:
793 		break;
794 	default:
795 		cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
796 		break;
797 	}
798 
799 	*data = NULL;
800 }
801 
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)802 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
803 {
804 	if (flavor < CIL_MIN_DECLARATIVE) {
805 		return SEPOL_ERR;
806 	}
807 
808 	switch(flavor) {
809 	case CIL_BLOCK:
810 		*sym_index = CIL_SYM_BLOCKS;
811 		break;
812 	case CIL_MACRO:
813 		*sym_index = CIL_SYM_BLOCKS;
814 		break;
815 	case CIL_OPTIONAL:
816 		*sym_index = CIL_SYM_BLOCKS;
817 		break;
818 	case CIL_BOOL:
819 		*sym_index = CIL_SYM_BOOLS;
820 		break;
821 	case CIL_TUNABLE:
822 		*sym_index = CIL_SYM_TUNABLES;
823 		break;
824 	case CIL_PERM:
825 	case CIL_MAP_PERM:
826 		*sym_index = CIL_SYM_PERMS;
827 		break;
828 	case CIL_COMMON:
829 		*sym_index = CIL_SYM_COMMONS;
830 		break;
831 	case CIL_CLASS:
832 	case CIL_MAP_CLASS:
833 		*sym_index = CIL_SYM_CLASSES;
834 		break;
835 	case CIL_CLASSPERMISSION:
836 	case CIL_CLASSPERMISSIONSET:
837 		*sym_index = CIL_SYM_CLASSPERMSETS;
838 		break;
839 	case CIL_USER:
840 	case CIL_USERATTRIBUTE:
841 		*sym_index = CIL_SYM_USERS;
842 		break;
843 	case CIL_ROLE:
844 	case CIL_ROLEATTRIBUTE:
845 		*sym_index = CIL_SYM_ROLES;
846 		break;
847 	case CIL_TYPE:
848 	case CIL_TYPEALIAS:
849 	case CIL_TYPEATTRIBUTE:
850 		*sym_index = CIL_SYM_TYPES;
851 		break;
852 	case CIL_SENS:
853 	case CIL_SENSALIAS:
854 		*sym_index = CIL_SYM_SENS;
855 		break;
856 	case CIL_CAT:
857 	case CIL_CATSET:
858 	case CIL_CATALIAS:
859 		*sym_index = CIL_SYM_CATS;
860 		break;
861 	case CIL_LEVEL:
862 		*sym_index = CIL_SYM_LEVELS;
863 		break;
864 	case CIL_LEVELRANGE:
865 		*sym_index = CIL_SYM_LEVELRANGES;
866 		break;
867 	case CIL_SID:
868 		*sym_index = CIL_SYM_SIDS;
869 		break;
870 	case CIL_NAME:
871 		*sym_index = CIL_SYM_NAMES;
872 		break;
873 	case CIL_CONTEXT:
874 		*sym_index = CIL_SYM_CONTEXTS;
875 		break;
876 	case CIL_IPADDR:
877 		*sym_index = CIL_SYM_IPADDRS;
878 		break;
879 	case CIL_POLICYCAP:
880 		*sym_index = CIL_SYM_POLICYCAPS;
881 		break;
882 	case CIL_PERMISSIONX:
883 		*sym_index = CIL_SYM_PERMX;
884 		break;
885 	default:
886 		*sym_index = CIL_SYM_UNKNOWN;
887 		cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
888 		return SEPOL_ERR;
889 	}
890 
891 	return SEPOL_OK;
892 }
893 
cil_node_to_string(struct cil_tree_node * node)894 const char * cil_node_to_string(struct cil_tree_node *node)
895 {
896 	switch (node->flavor) {
897 	case CIL_NONE:
898 		return "<none>";
899 	case CIL_ROOT:
900 		return CIL_KEY_ROOT;
901 	case CIL_NODE:
902 		return CIL_KEY_NODE;
903 	case CIL_STRING:
904 		return "string";
905 	case CIL_DATUM:
906 		return "<datum>";
907 	case CIL_LIST:
908 		return "<list>";
909 	case CIL_LIST_ITEM:
910 		return "<list_item>";
911 	case CIL_PARAM:
912 		return "<param>";
913 	case CIL_ARGS:
914 		return "<args>";
915 	case CIL_BLOCK:
916 		return CIL_KEY_BLOCK;
917 	case CIL_BLOCKINHERIT:
918 		return CIL_KEY_BLOCKINHERIT;
919 	case CIL_BLOCKABSTRACT:
920 		return CIL_KEY_BLOCKABSTRACT;
921 	case CIL_IN:
922 		return CIL_KEY_IN;
923 	case CIL_MACRO:
924 		return CIL_KEY_MACRO;
925 	case CIL_CALL:
926 		return CIL_KEY_CALL;
927 	case CIL_OPTIONAL:
928 		return CIL_KEY_OPTIONAL;
929 	case CIL_BOOL:
930 		return CIL_KEY_BOOL;
931 	case CIL_BOOLEANIF:
932 		return CIL_KEY_BOOLEANIF;
933 	case CIL_TUNABLE:
934 		return CIL_KEY_TUNABLE;
935 	case CIL_TUNABLEIF:
936 		return CIL_KEY_TUNABLEIF;
937 	case CIL_CONDBLOCK:
938 		switch (((struct cil_condblock*)node->data)->flavor) {
939 		case CIL_CONDTRUE:
940 			return CIL_KEY_CONDTRUE;
941 		case CIL_CONDFALSE:
942 			return CIL_KEY_CONDFALSE;
943 		default:
944 			break;
945 		}
946 		break;
947 	case CIL_CONDTRUE:
948 		return CIL_KEY_CONDTRUE;
949 	case CIL_CONDFALSE:
950 		return CIL_KEY_CONDFALSE;
951 	case CIL_PERM:
952 		return CIL_KEY_PERM;
953 	case CIL_COMMON:
954 		return CIL_KEY_COMMON;
955 	case CIL_CLASS:
956 		return CIL_KEY_CLASS;
957 	case CIL_CLASSORDER:
958 		return CIL_KEY_CLASSORDER;
959 	case CIL_MAP_CLASS:
960 		return CIL_KEY_MAP_CLASS;
961 	case CIL_CLASSPERMISSION:
962 		return CIL_KEY_CLASSPERMISSION;
963 	case CIL_CLASSCOMMON:
964 		return CIL_KEY_CLASSCOMMON;
965 	case CIL_CLASSMAPPING:
966 		return CIL_KEY_CLASSMAPPING;
967 	case CIL_CLASSPERMISSIONSET:
968 		return CIL_KEY_CLASSPERMISSIONSET;
969 	case CIL_USER:
970 		return CIL_KEY_USER;
971 	case CIL_USERATTRIBUTE:
972 		return CIL_KEY_USERATTRIBUTE;
973 	case CIL_USERATTRIBUTESET:
974 		return CIL_KEY_USERATTRIBUTESET;
975 	case CIL_USERPREFIX:
976 		return CIL_KEY_USERPREFIX;
977 	case CIL_USERROLE:
978 		return CIL_KEY_USERROLE;
979 	case CIL_USERLEVEL:
980 		return CIL_KEY_USERLEVEL;
981 	case CIL_USERRANGE:
982 		return CIL_KEY_USERRANGE;
983 	case CIL_USERBOUNDS:
984 		return CIL_KEY_USERBOUNDS;
985 	case CIL_SELINUXUSER:
986 		return CIL_KEY_SELINUXUSER;
987 	case CIL_SELINUXUSERDEFAULT:
988 		return CIL_KEY_SELINUXUSERDEFAULT;
989 	case CIL_ROLE:
990 		return CIL_KEY_ROLE;
991 	case CIL_ROLEATTRIBUTE:
992 		return CIL_KEY_ROLEATTRIBUTE;
993 	case CIL_ROLEATTRIBUTESET:
994 		return CIL_KEY_ROLEATTRIBUTESET;
995 	case CIL_ROLETYPE:
996 		return CIL_KEY_ROLETYPE;
997 	case CIL_ROLEBOUNDS:
998 		return CIL_KEY_ROLEBOUNDS;
999 	case CIL_TYPE:
1000 		return CIL_KEY_TYPE;
1001 	case CIL_TYPEATTRIBUTE:
1002 		return CIL_KEY_TYPEATTRIBUTE;
1003 	case CIL_TYPEALIAS:
1004 		return CIL_KEY_TYPEALIAS;
1005 	case CIL_TYPEATTRIBUTESET:
1006 		return CIL_KEY_TYPEATTRIBUTESET;
1007 	case CIL_EXPANDTYPEATTRIBUTE:
1008 		return CIL_KEY_EXPANDTYPEATTRIBUTE;
1009 	case CIL_TYPEALIASACTUAL:
1010 		return CIL_KEY_TYPEALIASACTUAL;
1011 	case CIL_TYPEBOUNDS:
1012 		return CIL_KEY_TYPEBOUNDS;
1013 	case CIL_TYPEPERMISSIVE:
1014 		return CIL_KEY_TYPEPERMISSIVE;
1015 	case CIL_SENS:
1016 		return CIL_KEY_SENSITIVITY;
1017 	case CIL_SENSALIAS:
1018 		return CIL_KEY_SENSALIAS;
1019 	case CIL_SENSALIASACTUAL:
1020 		return CIL_KEY_SENSALIASACTUAL;
1021 	case CIL_SENSITIVITYORDER:
1022 		return CIL_KEY_SENSITIVITYORDER;
1023 	case CIL_SENSCAT:
1024 		return CIL_KEY_SENSCAT;
1025 	case CIL_CAT:
1026 		return CIL_KEY_CATEGORY;
1027 	case CIL_CATSET:
1028 		return CIL_KEY_CATSET;
1029 	case CIL_CATALIAS:
1030 		return CIL_KEY_CATALIAS;
1031 	case CIL_CATALIASACTUAL:
1032 		return CIL_KEY_CATALIASACTUAL;
1033 	case CIL_CATORDER:
1034 		return CIL_KEY_CATORDER;
1035 	case CIL_LEVEL:
1036 		return CIL_KEY_LEVEL;
1037 	case CIL_LEVELRANGE:
1038 		return CIL_KEY_LEVELRANGE;
1039 	case CIL_SID:
1040 		return CIL_KEY_SID;
1041 	case CIL_SIDORDER:
1042 		return CIL_KEY_SIDORDER;
1043 	case CIL_NAME:
1044 		return CIL_KEY_NAME;
1045 	case CIL_ROLEALLOW:
1046 		return CIL_KEY_ROLEALLOW;
1047 	case CIL_AVRULE:
1048 		switch (((struct cil_avrule *)node->data)->rule_kind) {
1049 		case CIL_AVRULE_ALLOWED:
1050 			return CIL_KEY_ALLOW;
1051 		case CIL_AVRULE_AUDITALLOW:
1052 			return CIL_KEY_AUDITALLOW;
1053 		case CIL_AVRULE_DONTAUDIT:
1054 			return CIL_KEY_DONTAUDIT;
1055 		case CIL_AVRULE_NEVERALLOW:
1056 			return CIL_KEY_NEVERALLOW;
1057 		default:
1058 			break;
1059 		}
1060 		break;
1061 	case CIL_AVRULEX:
1062 		switch (((struct cil_avrule *)node->data)->rule_kind) {
1063 		case CIL_AVRULE_ALLOWED:
1064 			return CIL_KEY_ALLOWX;
1065 		case CIL_AVRULE_AUDITALLOW:
1066 			return CIL_KEY_AUDITALLOWX;
1067 		case CIL_AVRULE_DONTAUDIT:
1068 			return CIL_KEY_DONTAUDITX;
1069 		case CIL_AVRULE_NEVERALLOW:
1070 			return CIL_KEY_NEVERALLOWX;
1071 		default:
1072 			break;
1073 		}
1074 		break;
1075 	case CIL_PERMISSIONX:
1076 		return CIL_KEY_PERMISSIONX;
1077 	case CIL_ROLETRANSITION:
1078 		return CIL_KEY_ROLETRANSITION;
1079 	case CIL_TYPE_RULE:
1080 		switch (((struct cil_type_rule *)node->data)->rule_kind) {
1081 		case CIL_TYPE_TRANSITION:
1082 			return CIL_KEY_TYPETRANSITION;
1083 		case CIL_TYPE_MEMBER:
1084 			return CIL_KEY_TYPEMEMBER;
1085 		case CIL_TYPE_CHANGE:
1086 			return CIL_KEY_TYPECHANGE;
1087 		default:
1088 			break;
1089 		}
1090 		break;
1091 	case CIL_NAMETYPETRANSITION:
1092 		return CIL_KEY_TYPETRANSITION;
1093 	case CIL_RANGETRANSITION:
1094 		return CIL_KEY_RANGETRANSITION;
1095 	case CIL_CONSTRAIN:
1096 		return CIL_KEY_CONSTRAIN;
1097 	case CIL_MLSCONSTRAIN:
1098 		return CIL_KEY_MLSCONSTRAIN;
1099 	case CIL_VALIDATETRANS:
1100 		return CIL_KEY_VALIDATETRANS;
1101 	case CIL_MLSVALIDATETRANS:
1102 		return CIL_KEY_MLSVALIDATETRANS;
1103 	case CIL_CONTEXT:
1104 		return CIL_KEY_CONTEXT;
1105 	case CIL_IPADDR:
1106 		return CIL_KEY_IPADDR;
1107 	case CIL_SIDCONTEXT:
1108 		return CIL_KEY_SIDCONTEXT;
1109 	case CIL_FSUSE:
1110 		return CIL_KEY_FSUSE;
1111 	case CIL_FILECON:
1112 		return CIL_KEY_FILECON;
1113 	case CIL_IBPKEYCON:
1114 		return CIL_KEY_IBPKEYCON;
1115 	case CIL_IBENDPORTCON:
1116 		return CIL_KEY_IBENDPORTCON;
1117 	case CIL_PORTCON:
1118 		return CIL_KEY_PORTCON;
1119 	case CIL_NODECON:
1120 		return CIL_KEY_NODECON;
1121 	case CIL_GENFSCON:
1122 		return CIL_KEY_GENFSCON;
1123 	case CIL_NETIFCON:
1124 		return CIL_KEY_NETIFCON;
1125 	case CIL_PIRQCON:
1126 		return CIL_KEY_PIRQCON;
1127 	case CIL_IOMEMCON:
1128 		return CIL_KEY_IOMEMCON;
1129 	case CIL_IOPORTCON:
1130 		return CIL_KEY_IOPORTCON;
1131 	case CIL_PCIDEVICECON:
1132 		return CIL_KEY_PCIDEVICECON;
1133 	case CIL_DEVICETREECON:
1134 		return CIL_KEY_DEVICETREECON;
1135 	case CIL_POLICYCAP:
1136 		return CIL_KEY_POLICYCAP;
1137 	case CIL_DEFAULTUSER:
1138 		return CIL_KEY_DEFAULTUSER;
1139 	case CIL_DEFAULTROLE:
1140 		return CIL_KEY_DEFAULTROLE;
1141 	case CIL_DEFAULTTYPE:
1142 		return CIL_KEY_DEFAULTTYPE;
1143 	case CIL_DEFAULTRANGE:
1144 		return CIL_KEY_DEFAULTRANGE;
1145 	case CIL_HANDLEUNKNOWN:
1146 		return CIL_KEY_HANDLEUNKNOWN;
1147 	case CIL_MLS:
1148 		return CIL_KEY_MLS;
1149 	case CIL_SRC_INFO:
1150 		return CIL_KEY_SRC_INFO;
1151 	case CIL_ALL:
1152 		return CIL_KEY_ALL;
1153 	case CIL_RANGE:
1154 		return CIL_KEY_RANGE;
1155 	case CIL_AND:
1156 		return CIL_KEY_AND;
1157 	case CIL_OR:
1158 		return CIL_KEY_OR;
1159 	case CIL_XOR:
1160 		return CIL_KEY_XOR;
1161 	case CIL_NOT:
1162 		return CIL_KEY_NOT;
1163 	case CIL_EQ:
1164 		return CIL_KEY_EQ;
1165 	case CIL_NEQ:
1166 		return CIL_KEY_NEQ;
1167 	case CIL_CONS_DOM:
1168 		return CIL_KEY_CONS_DOM;
1169 	case CIL_CONS_DOMBY:
1170 		return CIL_KEY_CONS_DOMBY;
1171 	case CIL_CONS_INCOMP:
1172 		return CIL_KEY_CONS_INCOMP;
1173 	case CIL_CONS_U1:
1174 		return CIL_KEY_CONS_U1;
1175 	case CIL_CONS_U2:
1176 		return CIL_KEY_CONS_U2;
1177 	case CIL_CONS_U3:
1178 		return CIL_KEY_CONS_U3;
1179 	case CIL_CONS_T1:
1180 		return CIL_KEY_CONS_T1;
1181 	case CIL_CONS_T2:
1182 		return CIL_KEY_CONS_T2;
1183 	case CIL_CONS_T3:
1184 		return CIL_KEY_CONS_T3;
1185 	case CIL_CONS_R1:
1186 		return CIL_KEY_CONS_R1;
1187 	case CIL_CONS_R2:
1188 		return CIL_KEY_CONS_R2;
1189 	case CIL_CONS_R3:
1190 		return CIL_KEY_CONS_R3;
1191 	case CIL_CONS_L1:
1192 		return CIL_KEY_CONS_L1;
1193 	case CIL_CONS_L2:
1194 		return CIL_KEY_CONS_L2;
1195 	case CIL_CONS_H1:
1196 		return CIL_KEY_CONS_H1;
1197 	case CIL_CONS_H2:
1198 		return CIL_KEY_CONS_H2;
1199 
1200 	default:
1201 		break;
1202 	}
1203 
1204 	return "<unknown>";
1205 }
1206 
1207 #ifdef DISABLE_SYMVER
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1208 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1209 #else
1210 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1211 #endif
1212 {
1213 	int rc = SEPOL_ERR;
1214 	size_t str_len = 0;
1215 	int buf_pos = 0;
1216 	char *str_tmp = NULL;
1217 	struct cil_list_item *curr;
1218 	struct cil_userprefix *userprefix = NULL;
1219 	struct cil_user *user = NULL;
1220 
1221 	*out = NULL;
1222 
1223 	if (db->userprefixes->head == NULL) {
1224 		rc = SEPOL_OK;
1225 		*size = 0;
1226 		goto exit;
1227 	}
1228 
1229 	cil_list_for_each(curr, db->userprefixes) {
1230 		userprefix = curr->data;
1231 		user = userprefix->user;
1232 		str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1233 	}
1234 
1235 	*size = str_len * sizeof(char);
1236 	str_len++;
1237 	str_tmp = cil_malloc(str_len * sizeof(char));
1238 	*out = str_tmp;
1239 
1240 	cil_list_for_each(curr, db->userprefixes) {
1241 		userprefix = curr->data;
1242 		user = userprefix->user;
1243 
1244 		buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1245 									userprefix->prefix_str);
1246 		str_len -= buf_pos;
1247 		str_tmp += buf_pos;
1248 	}
1249 
1250 	rc = SEPOL_OK;
1251 exit:
1252 	return rc;
1253 
1254 }
1255 
1256 #ifndef DISABLE_SYMVER
cil_userprefixes_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1257 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1258 {
1259 	return cil_userprefixes_to_string_nopdb(db, out, size);
1260 }
1261 #endif
1262 
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1263 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1264 {
1265 	int rc = SEPOL_ERR;
1266 	struct cil_list_item *i;
1267 	struct cil_list_item *j;
1268 	struct cil_cat* cat;
1269 	struct cil_catset *cs;
1270 	struct cil_tree_node *node;
1271 
1272 	if (cats == NULL) {
1273 		rc = SEPOL_OK;
1274 		goto exit;
1275 	}
1276 
1277 	cil_list_for_each(i, cats->datum_expr) {
1278 		node = DATUM(i->data)->nodes->head->data;
1279 		if (node->flavor == CIL_CATSET) {
1280 			cs = (struct cil_catset*)i->data;
1281 			cil_list_for_each(j, cs->cats->datum_expr) {
1282 				cat = (struct cil_cat*)j->data;
1283 				rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1284 				if (rc != SEPOL_OK) {
1285 					goto exit;
1286 				}
1287 			}
1288 		} else {
1289 			cat = (struct cil_cat*)i->data;
1290 			rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1291 			if (rc != SEPOL_OK) {
1292 				goto exit;
1293 			}
1294 		}
1295 	}
1296 
1297 	return SEPOL_OK;
1298 
1299 exit:
1300 	return rc;
1301 }
1302 
cil_level_equals(struct cil_level * low,struct cil_level * high)1303 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1304 {
1305 	int rc;
1306 	struct ebitmap elow;
1307 	struct ebitmap ehigh;
1308 
1309 	if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1310 		rc = 0;
1311 		goto exit;
1312 	}
1313 
1314 	ebitmap_init(&elow);
1315 	ebitmap_init(&ehigh);
1316 
1317 	rc = cil_cats_to_ebitmap(low->cats, &elow);
1318 	if (rc != SEPOL_OK) {
1319 		goto exit;
1320 	}
1321 
1322 	rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1323 	if (rc != SEPOL_OK) {
1324 		goto exit;
1325 	}
1326 
1327 	rc = ebitmap_cmp(&elow, &ehigh);
1328 	ebitmap_destroy(&elow);
1329 	ebitmap_destroy(&ehigh);
1330 
1331 exit:
1332 	return rc;
1333 }
1334 
__cil_level_strlen(struct cil_level * lvl)1335 static int __cil_level_strlen(struct cil_level *lvl)
1336 {
1337 	struct cil_list_item *item;
1338 	struct cil_cats *cats = lvl->cats;
1339 	int str_len = 0;
1340 	char *str1 = NULL;
1341 	char *str2 = NULL;
1342 	int first = -1;
1343 	int last = -1;
1344 
1345 	str_len += strlen(lvl->sens->datum.fqn);
1346 
1347 	if (cats && cats->datum_expr != NULL) {
1348 		str_len++; /* initial ":" */
1349 		cil_list_for_each(item, cats->datum_expr) {
1350 			struct cil_cat *cat = item->data;
1351 			if (first == -1) {
1352 				str1 = cat->datum.fqn;
1353 				first = cat->value;
1354 				last = first;
1355 			} else if (cat->value == last + 1) {
1356 				last++;
1357 				str2 = cat->datum.fqn;
1358 			} else {
1359 				if (first == last) {
1360 					str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1361 				} else if (last == first + 1) {
1362 					str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1363 				} else {
1364 					str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1365 				}
1366 				first = -1;
1367 				last = -1;
1368 				if (item->next != NULL) {
1369 					str_len++; /* space for "," after */
1370 				}
1371 			}
1372 		}
1373 		if (first != -1) {
1374 			if (first == last) {
1375 				str_len += strlen(str1);
1376 			} else if (last == first + 1) {
1377 				str_len += strlen(str1) + strlen(str2) + 1;
1378 			} else {
1379 				str_len += strlen(str1) + strlen(str2) + 1;
1380 			}
1381 		}
1382 	}
1383 
1384 	return str_len;
1385 }
1386 
__cil_level_to_string(struct cil_level * lvl,char * out)1387 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1388 {
1389 	struct cil_list_item *item;
1390 	struct cil_cats *cats = lvl->cats;
1391 	int buf_pos = 0;
1392 	char *str_tmp = out;
1393 	char *str1 = NULL;
1394 	char *str2 = NULL;
1395 	int first = -1;
1396 	int last = -1;
1397 
1398 	buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1399 	str_tmp += buf_pos;
1400 
1401 	if (cats && cats->datum_expr != NULL) {
1402 		buf_pos = sprintf(str_tmp, ":");
1403 		str_tmp += buf_pos;
1404 
1405 		cil_list_for_each(item, cats->datum_expr) {
1406 			struct cil_cat *cat = item->data;
1407 			if (first == -1) {
1408 				str1 = cat->datum.fqn;
1409 				first = cat->value;
1410 				last = first;
1411 			} else if (cat->value == last + 1) {
1412 				last++;
1413 				str2 = cat->datum.fqn;
1414 			} else {
1415 				if (first == last) {
1416 					buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1417 					str_tmp += buf_pos;
1418 				} else if (last == first + 1) {
1419 					buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1420 					str_tmp += buf_pos;
1421 				} else {
1422 					buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1423 					str_tmp += buf_pos;
1424 				}
1425 				first = -1;
1426 				last = -1;
1427 				if (item->next != NULL) {
1428 					buf_pos = sprintf(str_tmp, ",");
1429 					str_tmp += buf_pos;
1430 				}
1431 			}
1432 		}
1433 		if (first != -1) {
1434 			if (first == last) {
1435 				buf_pos = sprintf(str_tmp, "%s", str1);
1436 				str_tmp += buf_pos;
1437 			} else if (last == first + 1) {
1438 				buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1439 				str_tmp += buf_pos;
1440 			} else {
1441 				buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1442 				str_tmp += buf_pos;
1443 			}
1444 		}
1445 	}
1446 
1447 	return str_tmp - out;
1448 }
1449 
1450 #ifdef DISABLE_SYMVER
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1451 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1452 #else
1453 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1454 #endif
1455 {
1456 	size_t str_len = 0;
1457 	int buf_pos = 0;
1458 	char *str_tmp = NULL;
1459 	struct cil_list_item *curr;
1460 
1461 	if (db->selinuxusers->head == NULL) {
1462 		*size = 0;
1463 		*out = NULL;
1464 		return SEPOL_OK;
1465 	}
1466 
1467 	cil_list_for_each(curr, db->selinuxusers) {
1468 		struct cil_selinuxuser *selinuxuser = curr->data;
1469 		struct cil_user *user = selinuxuser->user;
1470 
1471 		str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1472 
1473 		if (db->mls == CIL_TRUE) {
1474 			struct cil_levelrange *range = selinuxuser->range;
1475 			str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1476 		}
1477 
1478 		str_len++;
1479 	}
1480 
1481 	*size = str_len * sizeof(char);
1482 	str_tmp = cil_malloc(*size+1);
1483 	*out = str_tmp;
1484 
1485 	for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1486 		struct cil_selinuxuser *selinuxuser = curr->data;
1487 		struct cil_user *user = selinuxuser->user;
1488 
1489 		buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1490 		str_tmp += buf_pos;
1491 
1492 		if (db->mls == CIL_TRUE) {
1493 			struct cil_levelrange *range = selinuxuser->range;
1494 			buf_pos = sprintf(str_tmp, ":");
1495 			str_tmp += buf_pos;
1496 			buf_pos = __cil_level_to_string(range->low, str_tmp);
1497 			str_tmp += buf_pos;
1498 			buf_pos = sprintf(str_tmp, "-");
1499 			str_tmp += buf_pos;
1500 			buf_pos = __cil_level_to_string(range->high, str_tmp);
1501 			str_tmp += buf_pos;
1502 		}
1503 
1504 		buf_pos = sprintf(str_tmp, "\n");
1505 		str_tmp += buf_pos;
1506 	}
1507 
1508 	return SEPOL_OK;
1509 }
1510 
1511 #ifndef DISABLE_SYMVER
cil_selinuxusers_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1512 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1513 {
1514 	return cil_selinuxusers_to_string_nopdb(db, out, size);
1515 }
1516 #endif
1517 
1518 #ifdef DISABLE_SYMVER
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1519 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1520 #else
1521 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1522 #endif
1523 {
1524 	uint32_t i = 0;
1525 	int buf_pos = 0;
1526 	size_t str_len = 0;
1527 	char *str_tmp = NULL;
1528 	struct cil_sort *filecons = db->filecon;
1529 
1530 	for (i = 0; i < filecons->count; i++) {
1531 		struct cil_filecon *filecon = filecons->array[i];
1532 		struct cil_context *ctx = filecon->context;
1533 
1534 		str_len += strlen(filecon->path_str);
1535 
1536 		if (filecon->type != CIL_FILECON_ANY) {
1537 			/* If a type is specified,
1538 			   +2 for type string, +1 for tab */
1539 			str_len += 3;
1540 		}
1541 
1542 		if (ctx != NULL) {
1543 			struct cil_user *user = ctx->user;
1544 			struct cil_role *role = ctx->role;
1545 			struct cil_type *type = ctx->type;
1546 
1547 			str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1548 
1549 			if (db->mls == CIL_TRUE) {
1550 				struct cil_levelrange *range = ctx->range;
1551 				if (cil_level_equals(range->low, range->high)) {
1552 					str_len += __cil_level_strlen(range->low) + 1;
1553 				} else {
1554 					str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1555 				}
1556 			}
1557 		} else {
1558 			str_len += strlen("\t<<none>>");
1559 		}
1560 
1561 		str_len++;
1562 	}
1563 
1564 	*size = str_len * sizeof(char);
1565 	str_tmp = cil_malloc(*size+1);
1566 	*out = str_tmp;
1567 
1568 	for (i = 0; i < filecons->count; i++) {
1569 		struct cil_filecon *filecon = filecons->array[i];
1570 		struct cil_context *ctx = filecon->context;
1571 		const char *str_type = NULL;
1572 
1573 		buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1574 		str_tmp += buf_pos;
1575 
1576 		switch(filecon->type) {
1577 		case CIL_FILECON_FILE:
1578 			str_type = "\t--";
1579 			break;
1580 		case CIL_FILECON_DIR:
1581 			str_type = "\t-d";
1582 			break;
1583 		case CIL_FILECON_CHAR:
1584 			str_type = "\t-c";
1585 			break;
1586 		case CIL_FILECON_BLOCK:
1587 			str_type = "\t-b";
1588 			break;
1589 		case CIL_FILECON_SOCKET:
1590 			str_type = "\t-s";
1591 			break;
1592 		case CIL_FILECON_PIPE:
1593 			str_type = "\t-p";
1594 			break;
1595 		case CIL_FILECON_SYMLINK:
1596 			str_type = "\t-l";
1597 			break;
1598 		default:
1599 			str_type = "";
1600 			break;
1601 		}
1602 		buf_pos = sprintf(str_tmp, "%s", str_type);
1603 		str_tmp += buf_pos;
1604 
1605 		if (ctx != NULL) {
1606 			struct cil_user *user = ctx->user;
1607 			struct cil_role *role = ctx->role;
1608 			struct cil_type *type = ctx->type;
1609 
1610 			buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1611 							  type->datum.fqn);
1612 			str_tmp += buf_pos;
1613 
1614 			if (db->mls == CIL_TRUE) {
1615 				struct cil_levelrange *range = ctx->range;
1616 				buf_pos = sprintf(str_tmp, ":");
1617 				str_tmp += buf_pos;
1618 				buf_pos = __cil_level_to_string(range->low, str_tmp);
1619 				str_tmp += buf_pos;
1620 
1621 				if (!cil_level_equals(range->low, range->high)) {
1622 					buf_pos = sprintf(str_tmp, "-");
1623 					str_tmp += buf_pos;
1624 					buf_pos = __cil_level_to_string(range->high, str_tmp);
1625 					str_tmp += buf_pos;
1626 				}
1627 			}
1628 		} else {
1629 			buf_pos = sprintf(str_tmp, "\t<<none>>");
1630 			str_tmp += buf_pos;
1631 		}
1632 
1633 		buf_pos = sprintf(str_tmp, "\n");
1634 		str_tmp += buf_pos;
1635 	}
1636 
1637 	return SEPOL_OK;
1638 }
1639 
1640 #ifndef DISABLE_SYMVER
cil_filecons_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1641 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1642 {
1643 	return cil_filecons_to_string_nopdb(db, out, size);
1644 }
1645 #endif
1646 
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1647 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1648 {
1649 	db->disable_dontaudit = disable_dontaudit;
1650 }
1651 
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1652 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1653 {
1654 	db->disable_neverallow = disable_neverallow;
1655 }
1656 
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1657 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1658 {
1659 	db->attrs_expand_generated = attrs_expand_generated;
1660 }
1661 
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1662 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1663 {
1664 	db->attrs_expand_size = attrs_expand_size;
1665 }
1666 
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1667 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1668 {
1669 	db->preserve_tunables = preserve_tunables;
1670 }
1671 
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1672 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1673 {
1674 	int rc = 0;
1675 
1676 	switch (handle_unknown) {
1677 		case SEPOL_DENY_UNKNOWN:
1678 		case SEPOL_REJECT_UNKNOWN:
1679 		case SEPOL_ALLOW_UNKNOWN:
1680 			db->handle_unknown = handle_unknown;
1681 			break;
1682 		default:
1683 			cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1684 			rc = -1;
1685 	}
1686 
1687 	return rc;
1688 }
1689 
cil_set_mls(struct cil_db * db,int mls)1690 void cil_set_mls(struct cil_db *db, int mls)
1691 {
1692 	db->mls = mls;
1693 }
1694 
cil_set_multiple_decls(struct cil_db * db,int multiple_decls)1695 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
1696 {
1697 	db->multiple_decls = multiple_decls;
1698 }
1699 
cil_set_target_platform(struct cil_db * db,int target_platform)1700 void cil_set_target_platform(struct cil_db *db, int target_platform)
1701 {
1702 	db->target_platform = target_platform;
1703 }
1704 
cil_set_policy_version(struct cil_db * db,int policy_version)1705 void cil_set_policy_version(struct cil_db *db, int policy_version)
1706 {
1707 	db->policy_version = policy_version;
1708 }
1709 
cil_symtab_array_init(symtab_t symtab[],int symtab_sizes[CIL_SYM_NUM])1710 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM])
1711 {
1712 	uint32_t i = 0;
1713 	for (i = 0; i < CIL_SYM_NUM; i++) {
1714 		cil_symtab_init(&symtab[i], symtab_sizes[i]);
1715 	}
1716 }
1717 
cil_symtab_array_destroy(symtab_t symtab[])1718 void cil_symtab_array_destroy(symtab_t symtab[])
1719 {
1720 	int i = 0;
1721 	for (i = 0; i < CIL_SYM_NUM; i++) {
1722 		cil_symtab_destroy(&symtab[i]);
1723 	}
1724 }
1725 
cil_destroy_ast_symtabs(struct cil_tree_node * current)1726 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1727 {
1728 	while (current) {
1729 		switch (current->flavor) {
1730 		case CIL_BLOCK:
1731 			cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1732 			break;
1733 		case CIL_IN:
1734 			cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1735 			break;
1736 		case CIL_CLASS:
1737 		case CIL_COMMON:
1738 		case CIL_MAP_CLASS:
1739 			cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1740 			break;
1741 		case CIL_MACRO:
1742 			cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1743 			break;
1744 		case CIL_CONDBLOCK:
1745 			cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1746 			break;
1747 		default:
1748 			break;
1749 		}
1750 
1751 		if (current->cl_head) {
1752 			cil_destroy_ast_symtabs(current->cl_head);
1753 		}
1754 
1755 		current = current->next;
1756 	}
1757 }
1758 
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1759 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1760 {
1761 	struct cil_tree_node *node = ast_node;
1762 	*symtab = NULL;
1763 
1764 	if (sym_index == CIL_SYM_PERMS) {
1765 		/* Class statements are not blocks, so the passed node should be the class */
1766 		if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1767 			node->flavor == CIL_COMMON) {
1768 			*symtab = &((struct cil_class*)node->data)->perms;
1769 			return SEPOL_OK;
1770 		}
1771 		goto exit;
1772 	}
1773 
1774 	if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1775 		cil_log(CIL_ERR, "Invalid symtab type\n");
1776 		goto exit;
1777 	}
1778 
1779 	while (node != NULL && *symtab == NULL) {
1780 		switch (node->flavor) {
1781 		case CIL_ROOT:
1782 			*symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1783 			break;
1784 		case CIL_BLOCK:
1785 			*symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1786 			break;
1787 		case CIL_MACRO:
1788 			*symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1789 			break;
1790 		case CIL_IN:
1791 			/* In blocks only exist before resolving the AST */
1792 			*symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1793 			break;
1794 		case CIL_CONDBLOCK: {
1795 			if (node->parent->flavor == CIL_TUNABLEIF) {
1796 				/* Cond blocks only exist before resolving the AST */
1797 				*symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1798 			} else if (node->parent->flavor == CIL_BOOLEANIF) {
1799 				node = node->parent->parent;
1800 			}
1801 			break;
1802 		}
1803 		default:
1804 			node = node->parent;
1805 		}
1806 	}
1807 
1808 	if (*symtab == NULL) {
1809 		goto exit;
1810 	}
1811 
1812 	return SEPOL_OK;
1813 
1814 exit:
1815 	cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
1816 	return SEPOL_ERR;
1817 }
1818 
cil_sort_init(struct cil_sort ** sort)1819 void cil_sort_init(struct cil_sort **sort)
1820 {
1821 	*sort = cil_malloc(sizeof(**sort));
1822 
1823 	(*sort)->flavor = CIL_NONE;
1824 	(*sort)->count = 0;
1825 	(*sort)->index = 0;
1826 	(*sort)->array = NULL;
1827 }
1828 
cil_sort_destroy(struct cil_sort ** sort)1829 void cil_sort_destroy(struct cil_sort **sort)
1830 {
1831 	(*sort)->flavor = CIL_NONE;
1832 	(*sort)->count = 0;
1833 	(*sort)->index = 0;
1834 	if ((*sort)->array != NULL) {
1835 		free((*sort)->array);
1836 	}
1837 	(*sort)->array = NULL;
1838 
1839 	free(*sort);
1840 	*sort = NULL;
1841 }
1842 
cil_netifcon_init(struct cil_netifcon ** netifcon)1843 void cil_netifcon_init(struct cil_netifcon **netifcon)
1844 {
1845 	*netifcon = cil_malloc(sizeof(**netifcon));
1846 
1847 	(*netifcon)->interface_str = NULL;
1848 	(*netifcon)->if_context_str = NULL;
1849 	(*netifcon)->if_context = NULL;
1850 	(*netifcon)->packet_context_str = NULL;
1851 	(*netifcon)->packet_context = NULL;
1852 	(*netifcon)->context_str = NULL;
1853 }
1854 
cil_ibendportcon_init(struct cil_ibendportcon ** ibendportcon)1855 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon)
1856 {
1857 	*ibendportcon = cil_malloc(sizeof(**ibendportcon));
1858 
1859 	(*ibendportcon)->dev_name_str = NULL;
1860 	(*ibendportcon)->port = 0;
1861 	(*ibendportcon)->context_str = NULL;
1862 	(*ibendportcon)->context = NULL;
1863 }
1864 
cil_context_init(struct cil_context ** context)1865 void cil_context_init(struct cil_context **context)
1866 {
1867 	*context = cil_malloc(sizeof(**context));
1868 
1869 	cil_symtab_datum_init(&(*context)->datum);
1870 	(*context)->user_str = NULL;
1871 	(*context)->user = NULL;
1872 	(*context)->role_str = NULL;
1873 	(*context)->role = NULL;
1874 	(*context)->type_str = NULL;
1875 	(*context)->type = NULL;
1876 	(*context)->range_str = NULL;
1877 	(*context)->range = NULL;
1878 }
1879 
cil_level_init(struct cil_level ** level)1880 void cil_level_init(struct cil_level **level)
1881 {
1882 	*level = cil_malloc(sizeof(**level));
1883 
1884 	cil_symtab_datum_init(&(*level)->datum);
1885 	(*level)->sens_str = NULL;
1886 	(*level)->sens = NULL;
1887 	(*level)->cats = NULL;
1888 }
1889 
cil_levelrange_init(struct cil_levelrange ** range)1890 void cil_levelrange_init(struct cil_levelrange **range)
1891 {
1892 	*range = cil_malloc(sizeof(**range));
1893 
1894 	cil_symtab_datum_init(&(*range)->datum);
1895 	(*range)->low_str = NULL;
1896 	(*range)->low = NULL;
1897 	(*range)->high_str = NULL;
1898 	(*range)->high = NULL;
1899 }
1900 
cil_sens_init(struct cil_sens ** sens)1901 void cil_sens_init(struct cil_sens **sens)
1902 {
1903 	*sens = cil_malloc(sizeof(**sens));
1904 
1905 	cil_symtab_datum_init(&(*sens)->datum);
1906 
1907 	(*sens)->cats_list = NULL;
1908 
1909 	(*sens)->ordered = CIL_FALSE;
1910 }
1911 
cil_block_init(struct cil_block ** block)1912 void cil_block_init(struct cil_block **block)
1913 {
1914 	*block = cil_malloc(sizeof(**block));
1915 
1916 	cil_symtab_datum_init(&(*block)->datum);
1917 
1918 	cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
1919 
1920 	(*block)->is_abstract = CIL_FALSE;
1921 
1922 	(*block)->bi_nodes = NULL;
1923 }
1924 
cil_blockinherit_init(struct cil_blockinherit ** inherit)1925 void cil_blockinherit_init(struct cil_blockinherit **inherit)
1926 {
1927 	*inherit = cil_malloc(sizeof(**inherit));
1928 	(*inherit)->block_str = NULL;
1929 	(*inherit)->block = NULL;
1930 }
1931 
cil_blockabstract_init(struct cil_blockabstract ** abstract)1932 void cil_blockabstract_init(struct cil_blockabstract **abstract)
1933 {
1934 	*abstract = cil_malloc(sizeof(**abstract));
1935 	(*abstract)->block_str = NULL;
1936 }
1937 
cil_in_init(struct cil_in ** in)1938 void cil_in_init(struct cil_in **in)
1939 {
1940 	*in = cil_malloc(sizeof(**in));
1941 
1942 	cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
1943 	(*in)->block_str = NULL;
1944 }
1945 
cil_class_init(struct cil_class ** class)1946 void cil_class_init(struct cil_class **class)
1947 {
1948 	*class = cil_malloc(sizeof(**class));
1949 
1950 	cil_symtab_datum_init(&(*class)->datum);
1951 
1952 	cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
1953 
1954 	(*class)->num_perms = 0;
1955 	(*class)->common = NULL;
1956 	(*class)->ordered = CIL_FALSE;
1957 }
1958 
cil_classorder_init(struct cil_classorder ** classorder)1959 void cil_classorder_init(struct cil_classorder **classorder)
1960 {
1961 	*classorder = cil_malloc(sizeof(**classorder));
1962 
1963 	(*classorder)->class_list_str = NULL;
1964 }
1965 
cil_classcommon_init(struct cil_classcommon ** classcommon)1966 void cil_classcommon_init(struct cil_classcommon **classcommon)
1967 {
1968 	*classcommon = cil_malloc(sizeof(**classcommon));
1969 
1970 	(*classcommon)->class_str = NULL;
1971 	(*classcommon)->common_str = NULL;
1972 }
1973 
cil_sid_init(struct cil_sid ** sid)1974 void cil_sid_init(struct cil_sid **sid)
1975 {
1976 	*sid = cil_malloc(sizeof(**sid));
1977 
1978 	cil_symtab_datum_init(&(*sid)->datum);
1979 
1980 	(*sid)->ordered = CIL_FALSE;
1981 	(*sid)->context = NULL;
1982 }
1983 
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)1984 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
1985 {
1986 	*sidcontext = cil_malloc(sizeof(**sidcontext));
1987 
1988 	(*sidcontext)->sid_str = NULL;
1989 	(*sidcontext)->context_str = NULL;
1990 	(*sidcontext)->context = NULL;
1991 }
1992 
cil_sidorder_init(struct cil_sidorder ** sidorder)1993 void cil_sidorder_init(struct cil_sidorder **sidorder)
1994 {
1995 	*sidorder = cil_malloc(sizeof(**sidorder));
1996 
1997 	(*sidorder)->sid_list_str = NULL;
1998 }
1999 
cil_userrole_init(struct cil_userrole ** userrole)2000 void cil_userrole_init(struct cil_userrole **userrole)
2001 {
2002 	*userrole = cil_malloc(sizeof(**userrole));
2003 
2004 	(*userrole)->user_str = NULL;
2005 	(*userrole)->user = NULL;
2006 	(*userrole)->role_str = NULL;
2007 	(*userrole)->role = NULL;
2008 }
2009 
cil_userprefix_init(struct cil_userprefix ** userprefix)2010 void cil_userprefix_init(struct cil_userprefix **userprefix)
2011 {
2012 	*userprefix = cil_malloc(sizeof(**userprefix));
2013 
2014 	(*userprefix)->user_str = NULL;
2015 	(*userprefix)->user = NULL;
2016 	(*userprefix)->prefix_str = NULL;
2017 }
2018 
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)2019 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
2020 {
2021 	*selinuxuser = cil_malloc(sizeof(**selinuxuser));
2022 
2023 	(*selinuxuser)->name_str = NULL;
2024 	(*selinuxuser)->user_str = NULL;
2025 	(*selinuxuser)->user = NULL;
2026 	(*selinuxuser)->range_str = NULL;
2027 	(*selinuxuser)->range = NULL;
2028 }
2029 
cil_roletype_init(struct cil_roletype ** roletype)2030 void cil_roletype_init(struct cil_roletype **roletype)
2031 {
2032 	*roletype = cil_malloc(sizeof(**roletype));
2033 
2034 	(*roletype)->role_str = NULL;
2035 	(*roletype)->role = NULL;
2036 	(*roletype)->type_str = NULL;
2037 	(*roletype)->type = NULL;
2038 }
2039 
cil_roleattribute_init(struct cil_roleattribute ** attr)2040 void cil_roleattribute_init(struct cil_roleattribute **attr)
2041 {
2042 	*attr = cil_malloc(sizeof(**attr));
2043 
2044 	cil_symtab_datum_init(&(*attr)->datum);
2045 
2046 	(*attr)->expr_list = NULL;
2047 	(*attr)->roles = NULL;
2048 }
2049 
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2050 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2051 {
2052 	*attrset = cil_malloc(sizeof(**attrset));
2053 
2054 	(*attrset)->attr_str = NULL;
2055 	(*attrset)->str_expr = NULL;
2056 	(*attrset)->datum_expr = NULL;
2057 }
2058 
cil_typeattribute_init(struct cil_typeattribute ** attr)2059 void cil_typeattribute_init(struct cil_typeattribute **attr)
2060 {
2061 	*attr = cil_malloc(sizeof(**attr));
2062 
2063 	cil_symtab_datum_init(&(*attr)->datum);
2064 
2065 	(*attr)->expr_list = NULL;
2066 	(*attr)->types = NULL;
2067 	(*attr)->used = CIL_FALSE;
2068 	(*attr)->keep = CIL_FALSE;
2069 }
2070 
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2071 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2072 {
2073 	*attrset = cil_malloc(sizeof(**attrset));
2074 
2075 	(*attrset)->attr_str = NULL;
2076 	(*attrset)->str_expr = NULL;
2077 	(*attrset)->datum_expr = NULL;
2078 }
2079 
cil_expandtypeattribute_init(struct cil_expandtypeattribute ** expandattr)2080 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr)
2081 {
2082 	*expandattr = cil_malloc(sizeof(**expandattr));
2083 
2084 	(*expandattr)->attr_strs = NULL;
2085 	(*expandattr)->attr_datums = NULL;
2086 	(*expandattr)->expand = 0;
2087 }
2088 
cil_alias_init(struct cil_alias ** alias)2089 void cil_alias_init(struct cil_alias **alias)
2090 {
2091 	*alias = cil_malloc(sizeof(**alias));
2092 
2093 	(*alias)->actual = NULL;
2094 
2095 	cil_symtab_datum_init(&(*alias)->datum);
2096 }
2097 
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2098 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2099 {
2100 	*aliasactual = cil_malloc(sizeof(**aliasactual));
2101 
2102 	(*aliasactual)->alias_str = NULL;
2103 	(*aliasactual)->actual_str = NULL;
2104 }
2105 
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2106 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2107 {
2108 	*typeperm = cil_malloc(sizeof(**typeperm));
2109 
2110 	(*typeperm)->type_str = NULL;
2111 	(*typeperm)->type = NULL;
2112 }
2113 
cil_name_init(struct cil_name ** name)2114 void cil_name_init(struct cil_name **name)
2115 {
2116 	*name = cil_malloc(sizeof(**name));
2117 
2118 	cil_symtab_datum_init(&(*name)->datum);
2119 	(*name)->name_str = NULL;
2120 }
2121 
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2122 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2123 {
2124 	*nametypetrans = cil_malloc(sizeof(**nametypetrans));
2125 
2126 	(*nametypetrans)->src_str = NULL;
2127 	(*nametypetrans)->src = NULL;
2128 	(*nametypetrans)->tgt_str = NULL;
2129 	(*nametypetrans)->tgt = NULL;
2130 	(*nametypetrans)->obj_str = NULL;
2131 	(*nametypetrans)->obj = NULL;
2132 	(*nametypetrans)->name_str = NULL;
2133 	(*nametypetrans)->name = NULL;
2134 	(*nametypetrans)->result_str = NULL;
2135 	(*nametypetrans)->result = NULL;
2136 }
2137 
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2138 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2139 {
2140         *rangetrans = cil_malloc(sizeof(**rangetrans));
2141 
2142 	(*rangetrans)->src_str = NULL;
2143 	(*rangetrans)->src = NULL;
2144 	(*rangetrans)->exec_str = NULL;
2145 	(*rangetrans)->exec = NULL;
2146 	(*rangetrans)->obj_str = NULL;
2147 	(*rangetrans)->obj = NULL;
2148 	(*rangetrans)->range_str = NULL;
2149 	(*rangetrans)->range = NULL;
2150 }
2151 
cil_bool_init(struct cil_bool ** cilbool)2152 void cil_bool_init(struct cil_bool **cilbool)
2153 {
2154 	*cilbool = cil_malloc(sizeof(**cilbool));
2155 
2156 	cil_symtab_datum_init(&(*cilbool)->datum);
2157 	(*cilbool)->value = 0;
2158 }
2159 
cil_tunable_init(struct cil_tunable ** ciltun)2160 void cil_tunable_init(struct cil_tunable **ciltun)
2161 {
2162 	*ciltun = cil_malloc(sizeof(**ciltun));
2163 
2164 	cil_symtab_datum_init(&(*ciltun)->datum);
2165 	(*ciltun)->value = 0;
2166 }
2167 
cil_condblock_init(struct cil_condblock ** cb)2168 void cil_condblock_init(struct cil_condblock **cb)
2169 {
2170 	*cb = cil_malloc(sizeof(**cb));
2171 
2172 	(*cb)->flavor = CIL_NONE;
2173 	cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2174 }
2175 
cil_boolif_init(struct cil_booleanif ** bif)2176 void cil_boolif_init(struct cil_booleanif **bif)
2177 {
2178 	*bif = cil_malloc(sizeof(**bif));
2179 
2180 	(*bif)->str_expr = NULL;
2181 	(*bif)->datum_expr = NULL;
2182 }
2183 
cil_tunif_init(struct cil_tunableif ** tif)2184 void cil_tunif_init(struct cil_tunableif **tif)
2185 {
2186 	*tif = cil_malloc(sizeof(**tif));
2187 
2188 	(*tif)->str_expr = NULL;
2189 	(*tif)->datum_expr = NULL;
2190 }
2191 
cil_avrule_init(struct cil_avrule ** avrule)2192 void cil_avrule_init(struct cil_avrule **avrule)
2193 {
2194 	*avrule = cil_malloc(sizeof(**avrule));
2195 
2196 	(*avrule)->is_extended = 0;
2197 	(*avrule)->rule_kind = CIL_NONE;
2198 	(*avrule)->src_str = NULL;
2199 	(*avrule)->src = NULL;
2200 	(*avrule)->tgt_str = NULL;
2201 	(*avrule)->tgt = NULL;
2202 	memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2203 }
2204 
cil_permissionx_init(struct cil_permissionx ** permx)2205 void cil_permissionx_init(struct cil_permissionx **permx)
2206 {
2207 	*permx = cil_malloc(sizeof(**permx));
2208 
2209 	cil_symtab_datum_init(&(*permx)->datum);
2210 	(*permx)->kind = CIL_NONE;
2211 	(*permx)->obj_str = NULL;
2212 	(*permx)->obj = NULL;
2213 	(*permx)->expr_str = NULL;
2214 	(*permx)->perms = NULL;
2215 }
2216 
cil_type_rule_init(struct cil_type_rule ** type_rule)2217 void cil_type_rule_init(struct cil_type_rule **type_rule)
2218 {
2219 	*type_rule = cil_malloc(sizeof(**type_rule));
2220 
2221 	(*type_rule)->rule_kind = CIL_NONE;
2222 	(*type_rule)->src_str = NULL;
2223 	(*type_rule)->src = NULL;
2224 	(*type_rule)->tgt_str = NULL;
2225 	(*type_rule)->tgt = NULL;
2226 	(*type_rule)->obj_str = NULL;
2227 	(*type_rule)->obj = NULL;
2228 	(*type_rule)->result_str = NULL;
2229 	(*type_rule)->result = NULL;
2230 }
2231 
cil_roletransition_init(struct cil_roletransition ** role_trans)2232 void cil_roletransition_init(struct cil_roletransition **role_trans)
2233 {
2234 	*role_trans = cil_malloc(sizeof(**role_trans));
2235 
2236 	(*role_trans)->src_str = NULL;
2237 	(*role_trans)->src = NULL;
2238 	(*role_trans)->tgt_str = NULL;
2239 	(*role_trans)->tgt = NULL;
2240 	(*role_trans)->obj_str = NULL;
2241 	(*role_trans)->obj = NULL;
2242 	(*role_trans)->result_str = NULL;
2243 	(*role_trans)->result = NULL;
2244 }
2245 
cil_roleallow_init(struct cil_roleallow ** roleallow)2246 void cil_roleallow_init(struct cil_roleallow **roleallow)
2247 {
2248 	*roleallow = cil_malloc(sizeof(**roleallow));
2249 
2250 	(*roleallow)->src_str = NULL;
2251 	(*roleallow)->src = NULL;
2252 	(*roleallow)->tgt_str = NULL;
2253 	(*roleallow)->tgt = NULL;
2254 }
2255 
cil_catset_init(struct cil_catset ** catset)2256 void cil_catset_init(struct cil_catset **catset)
2257 {
2258 	*catset = cil_malloc(sizeof(**catset));
2259 
2260 	cil_symtab_datum_init(&(*catset)->datum);
2261 	(*catset)->cats = NULL;
2262 }
2263 
cil_senscat_init(struct cil_senscat ** senscat)2264 void cil_senscat_init(struct cil_senscat **senscat)
2265 {
2266 	*senscat = cil_malloc(sizeof(**senscat));
2267 
2268 	(*senscat)->sens_str = NULL;
2269 	(*senscat)->cats = NULL;
2270 }
2271 
cil_cats_init(struct cil_cats ** cats)2272 void cil_cats_init(struct cil_cats **cats)
2273 {
2274 	*cats = cil_malloc(sizeof(**cats));
2275 
2276 	(*cats)->evaluated = CIL_FALSE;
2277 	(*cats)->str_expr = NULL;
2278 	(*cats)->datum_expr = NULL;
2279 }
2280 
cil_filecon_init(struct cil_filecon ** filecon)2281 void cil_filecon_init(struct cil_filecon **filecon)
2282 {
2283 	*filecon = cil_malloc(sizeof(**filecon));
2284 
2285 	(*filecon)->path_str = NULL;
2286 	(*filecon)->type = 0;
2287 	(*filecon)->context_str = NULL;
2288 	(*filecon)->context = NULL;
2289 }
2290 
cil_ibpkeycon_init(struct cil_ibpkeycon ** ibpkeycon)2291 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon)
2292 {
2293 	*ibpkeycon = cil_malloc(sizeof(**ibpkeycon));
2294 
2295 	(*ibpkeycon)->subnet_prefix_str = NULL;
2296 	(*ibpkeycon)->pkey_low = 0;
2297 	(*ibpkeycon)->pkey_high = 0;
2298 	(*ibpkeycon)->context_str = NULL;
2299 	(*ibpkeycon)->context = NULL;
2300 }
2301 
cil_portcon_init(struct cil_portcon ** portcon)2302 void cil_portcon_init(struct cil_portcon **portcon)
2303 {
2304 	*portcon = cil_malloc(sizeof(**portcon));
2305 	(*portcon)->proto = 0;
2306 	(*portcon)->port_low = 0;
2307 	(*portcon)->port_high = 0;
2308 	(*portcon)->context_str = NULL;
2309 	(*portcon)->context = NULL;
2310 }
2311 
cil_nodecon_init(struct cil_nodecon ** nodecon)2312 void cil_nodecon_init(struct cil_nodecon **nodecon)
2313 {
2314 	*nodecon = cil_malloc(sizeof(**nodecon));
2315 
2316 	(*nodecon)->addr_str = NULL;
2317 	(*nodecon)->addr = NULL;
2318 	(*nodecon)->mask_str = NULL;
2319 	(*nodecon)->mask = NULL;
2320 	(*nodecon)->context_str = NULL;
2321 	(*nodecon)->context = NULL;
2322 }
2323 
cil_genfscon_init(struct cil_genfscon ** genfscon)2324 void cil_genfscon_init(struct cil_genfscon **genfscon)
2325 {
2326 	*genfscon = cil_malloc(sizeof(**genfscon));
2327 
2328 	(*genfscon)->fs_str = NULL;
2329 	(*genfscon)->path_str = NULL;
2330 	(*genfscon)->context_str = NULL;
2331 	(*genfscon)->context = NULL;
2332 }
2333 
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2334 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2335 {
2336 	*pirqcon = cil_malloc(sizeof(**pirqcon));
2337 
2338 	(*pirqcon)->pirq = 0;
2339 	(*pirqcon)->context_str = NULL;
2340 	(*pirqcon)->context = NULL;
2341 }
2342 
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2343 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2344 {
2345 	*iomemcon = cil_malloc(sizeof(**iomemcon));
2346 
2347 	(*iomemcon)->iomem_low = 0;
2348 	(*iomemcon)->iomem_high = 0;
2349 	(*iomemcon)->context_str = NULL;
2350 	(*iomemcon)->context = NULL;
2351 }
2352 
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2353 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2354 {
2355 	*ioportcon = cil_malloc(sizeof(**ioportcon));
2356 
2357 	(*ioportcon)->context_str = NULL;
2358 	(*ioportcon)->context = NULL;
2359 }
2360 
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2361 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2362 {
2363 	*pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2364 
2365 	(*pcidevicecon)->dev = 0;
2366 	(*pcidevicecon)->context_str = NULL;
2367 	(*pcidevicecon)->context = NULL;
2368 }
2369 
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2370 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2371 {
2372 	*dtcon = cil_malloc(sizeof(**dtcon));
2373 
2374 	(*dtcon)->path = NULL;
2375 	(*dtcon)->context_str = NULL;
2376 	(*dtcon)->context = NULL;
2377 }
2378 
cil_fsuse_init(struct cil_fsuse ** fsuse)2379 void cil_fsuse_init(struct cil_fsuse **fsuse)
2380 {
2381 	*fsuse = cil_malloc(sizeof(**fsuse));
2382 
2383 	(*fsuse)->type = 0;
2384 	(*fsuse)->fs_str = NULL;
2385 	(*fsuse)->context_str = NULL;
2386 	(*fsuse)->context = NULL;
2387 }
2388 
cil_constrain_init(struct cil_constrain ** constrain)2389 void cil_constrain_init(struct cil_constrain **constrain)
2390 {
2391 	*constrain = cil_malloc(sizeof(**constrain));
2392 
2393 	(*constrain)->classperms = NULL;
2394 	(*constrain)->str_expr = NULL;
2395 	(*constrain)->datum_expr = NULL;
2396 }
2397 
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2398 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2399 {
2400 	*validtrans = cil_malloc(sizeof(**validtrans));
2401 
2402 	(*validtrans)->class_str = NULL;
2403 	(*validtrans)->class = NULL;
2404 	(*validtrans)->str_expr = NULL;
2405 	(*validtrans)->datum_expr = NULL;
2406 }
2407 
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2408 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2409 {
2410 	*ipaddr = cil_malloc(sizeof(**ipaddr));
2411 
2412 	cil_symtab_datum_init(&(*ipaddr)->datum);
2413 	memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2414 }
2415 
cil_perm_init(struct cil_perm ** perm)2416 void cil_perm_init(struct cil_perm **perm)
2417 {
2418 	*perm = cil_malloc(sizeof(**perm));
2419 
2420 	cil_symtab_datum_init(&(*perm)->datum);
2421 	(*perm)->value = 0;
2422 	(*perm)->classperms = NULL;
2423 }
2424 
cil_classpermission_init(struct cil_classpermission ** cp)2425 void cil_classpermission_init(struct cil_classpermission **cp)
2426 {
2427 	*cp = cil_malloc(sizeof(**cp));
2428 
2429 	cil_symtab_datum_init(&(*cp)->datum);
2430 	(*cp)->classperms = NULL;
2431 }
2432 
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2433 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2434 {
2435 	*cps = cil_malloc(sizeof(**cps));
2436 
2437 	(*cps)->set_str = NULL;
2438 	(*cps)->classperms = NULL;
2439 }
2440 
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2441 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2442 {
2443 	*cp_set = cil_malloc(sizeof(**cp_set));
2444 	(*cp_set)->set_str = NULL;
2445 	(*cp_set)->set = NULL;
2446 }
2447 
cil_classperms_init(struct cil_classperms ** cp)2448 void cil_classperms_init(struct cil_classperms **cp)
2449 {
2450 	*cp = cil_malloc(sizeof(**cp));
2451 	(*cp)->class_str = NULL;
2452 	(*cp)->class = NULL;
2453 	(*cp)->perm_strs = NULL;
2454 	(*cp)->perms = NULL;
2455 }
2456 
cil_classmapping_init(struct cil_classmapping ** mapping)2457 void cil_classmapping_init(struct cil_classmapping **mapping)
2458 {
2459 	*mapping = cil_malloc(sizeof(**mapping));
2460 
2461 	(*mapping)->map_class_str = NULL;
2462 	(*mapping)->map_perm_str = NULL;
2463 	(*mapping)->classperms = NULL;
2464 }
2465 
cil_user_init(struct cil_user ** user)2466 void cil_user_init(struct cil_user **user)
2467 {
2468 	*user = cil_malloc(sizeof(**user));
2469 
2470 	cil_symtab_datum_init(&(*user)->datum);
2471 	(*user)->bounds = NULL;
2472 	(*user)->roles = NULL;
2473 	(*user)->dftlevel = NULL;
2474 	(*user)->range = NULL;
2475 	(*user)->value = 0;
2476 }
2477 
cil_userattribute_init(struct cil_userattribute ** attr)2478 void cil_userattribute_init(struct cil_userattribute **attr)
2479 {
2480 	*attr = cil_malloc(sizeof(**attr));
2481 
2482 	cil_symtab_datum_init(&(*attr)->datum);
2483 
2484 	(*attr)->expr_list = NULL;
2485 	(*attr)->users = NULL;
2486 }
2487 
cil_userattributeset_init(struct cil_userattributeset ** attrset)2488 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2489 {
2490 	*attrset = cil_malloc(sizeof(**attrset));
2491 
2492 	(*attrset)->attr_str = NULL;
2493 	(*attrset)->str_expr = NULL;
2494 	(*attrset)->datum_expr = NULL;
2495 }
2496 
cil_userlevel_init(struct cil_userlevel ** usrlvl)2497 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2498 {
2499 	*usrlvl = cil_malloc(sizeof(**usrlvl));
2500 
2501 	(*usrlvl)->user_str = NULL;
2502 	(*usrlvl)->level_str = NULL;
2503 	(*usrlvl)->level = NULL;
2504 }
2505 
cil_userrange_init(struct cil_userrange ** userrange)2506 void cil_userrange_init(struct cil_userrange **userrange)
2507 {
2508 	*userrange = cil_malloc(sizeof(**userrange));
2509 
2510 	(*userrange)->user_str = NULL;
2511 	(*userrange)->range_str = NULL;
2512 	(*userrange)->range = NULL;
2513 }
2514 
cil_role_init(struct cil_role ** role)2515 void cil_role_init(struct cil_role **role)
2516 {
2517 	*role = cil_malloc(sizeof(**role));
2518 
2519 	cil_symtab_datum_init(&(*role)->datum);
2520 	(*role)->bounds = NULL;
2521 	(*role)->types = NULL;
2522 	(*role)->value = 0;
2523 }
2524 
cil_type_init(struct cil_type ** type)2525 void cil_type_init(struct cil_type **type)
2526 {
2527 	*type = cil_malloc(sizeof(**type));
2528 
2529 	cil_symtab_datum_init(&(*type)->datum);
2530 	(*type)->bounds = NULL;
2531 	(*type)->value = 0;
2532 }
2533 
cil_cat_init(struct cil_cat ** cat)2534 void cil_cat_init(struct cil_cat **cat)
2535 {
2536 	*cat = cil_malloc(sizeof(**cat));
2537 
2538 	cil_symtab_datum_init(&(*cat)->datum);
2539 	(*cat)->ordered = CIL_FALSE;
2540 	(*cat)->value = 0;
2541 }
2542 
cil_catorder_init(struct cil_catorder ** catorder)2543 void cil_catorder_init(struct cil_catorder **catorder)
2544 {
2545 	*catorder = cil_malloc(sizeof(**catorder));
2546 
2547 	(*catorder)->cat_list_str = NULL;
2548 }
2549 
cil_sensorder_init(struct cil_sensorder ** sensorder)2550 void cil_sensorder_init(struct cil_sensorder **sensorder)
2551 {
2552 	*sensorder = cil_malloc(sizeof(**sensorder));
2553 
2554 	(*sensorder)->sens_list_str = NULL;
2555 }
2556 
cil_args_init(struct cil_args ** args)2557 void cil_args_init(struct cil_args **args)
2558 {
2559 	*args = cil_malloc(sizeof(**args));
2560 	(*args)->arg_str = NULL;
2561 	(*args)->arg = NULL;
2562 	(*args)->param_str = NULL;
2563 	(*args)->flavor = CIL_NONE;
2564 }
2565 
cil_call_init(struct cil_call ** call)2566 void cil_call_init(struct cil_call **call)
2567 {
2568 	*call = cil_malloc(sizeof(**call));
2569 
2570 	(*call)->macro_str = NULL;
2571 	(*call)->macro = NULL;
2572 	(*call)->args_tree = NULL;
2573 	(*call)->args = NULL;
2574 	(*call)->copied = 0;
2575 }
2576 
cil_optional_init(struct cil_optional ** optional)2577 void cil_optional_init(struct cil_optional **optional)
2578 {
2579 	*optional = cil_malloc(sizeof(**optional));
2580 	(*optional)->enabled = CIL_TRUE;
2581 	cil_symtab_datum_init(&(*optional)->datum);
2582 }
2583 
cil_param_init(struct cil_param ** param)2584 void cil_param_init(struct cil_param **param)
2585 {
2586 	*param = cil_malloc(sizeof(**param));
2587 
2588 	(*param)->str = NULL;
2589 	(*param)->flavor = CIL_NONE;
2590 }
2591 
cil_macro_init(struct cil_macro ** macro)2592 void cil_macro_init(struct cil_macro **macro)
2593 {
2594 	*macro = cil_malloc(sizeof(**macro));
2595 
2596 	cil_symtab_datum_init(&(*macro)->datum);
2597 	cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2598 	(*macro)->params = NULL;
2599 }
2600 
cil_policycap_init(struct cil_policycap ** policycap)2601 void cil_policycap_init(struct cil_policycap **policycap)
2602 {
2603 	*policycap = cil_malloc(sizeof(**policycap));
2604 
2605 	cil_symtab_datum_init(&(*policycap)->datum);
2606 }
2607 
cil_bounds_init(struct cil_bounds ** bounds)2608 void cil_bounds_init(struct cil_bounds **bounds)
2609 {
2610 	*bounds = cil_malloc(sizeof(**bounds));
2611 
2612 	(*bounds)->parent_str = NULL;
2613 	(*bounds)->child_str = NULL;
2614 }
2615 
cil_default_init(struct cil_default ** def)2616 void cil_default_init(struct cil_default **def)
2617 {
2618 	*def = cil_malloc(sizeof(**def));
2619 
2620 	(*def)->flavor = CIL_NONE;
2621 	(*def)->class_strs = NULL;
2622 	(*def)->class_datums = NULL;
2623 }
2624 
cil_defaultrange_init(struct cil_defaultrange ** def)2625 void cil_defaultrange_init(struct cil_defaultrange **def)
2626 {
2627 	*def = cil_malloc(sizeof(**def));
2628 
2629 	(*def)->class_strs = NULL;
2630 	(*def)->class_datums = NULL;
2631 }
2632 
cil_handleunknown_init(struct cil_handleunknown ** unk)2633 void cil_handleunknown_init(struct cil_handleunknown **unk)
2634 {
2635 	*unk = cil_malloc(sizeof(**unk));
2636 }
2637 
cil_mls_init(struct cil_mls ** mls)2638 void cil_mls_init(struct cil_mls **mls)
2639 {
2640 	*mls = cil_malloc(sizeof(**mls));
2641 	(*mls)->value = 0;
2642 }
2643 
cil_src_info_init(struct cil_src_info ** info)2644 void cil_src_info_init(struct cil_src_info **info)
2645 {
2646 	*info = cil_malloc(sizeof(**info));
2647 	(*info)->is_cil = 0;
2648 	(*info)->path = NULL;
2649 }
2650