1 /*
2  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  *    1. Redistributions of source code must retain the above copyright notice,
8  *       this list of conditions and the following disclaimer.
9  *
10  *    2. Redistributions in binary form must reproduce the above copyright notice,
11  *       this list of conditions and the following disclaimer in the documentation
12  *       and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  * The views and conclusions contained in the software and documentation are those
26  * of the authors and should not be interpreted as representing official policies,
27  * either expressed or implied, of Tresys Technology, LLC.
28  */
29 
30 #include <stdlib.h>
31 #include <stdio.h>
32 
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35 
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44 
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "dso.h"
54 
55 #ifndef DISABLE_SYMVER
56 asm(".symver cil_build_policydb_pdb,        cil_build_policydb@LIBSEPOL_1.0");
57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
58 
59 asm(".symver cil_compile_pdb,   cil_compile@LIBSEPOL_1.0");
60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1");
61 
62 asm(".symver cil_userprefixes_to_string_pdb,   cil_userprefixes_to_string@LIBSEPOL_1.0");
63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1");
64 
65 asm(".symver cil_selinuxusers_to_string_pdb,   cil_selinuxusers_to_string@LIBSEPOL_1.0");
66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1");
67 
68 asm(".symver cil_filecons_to_string_pdb,   cil_filecons_to_string@LIBSEPOL_1.0");
69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1");
70 #endif
71 
72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
73 	{64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
74 	{64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
75 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
76 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
77 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
78 };
79 
80 char *CIL_KEY_CONS_T1;
81 char *CIL_KEY_CONS_T2;
82 char *CIL_KEY_CONS_T3;
83 char *CIL_KEY_CONS_R1;
84 char *CIL_KEY_CONS_R2;
85 char *CIL_KEY_CONS_R3;
86 char *CIL_KEY_CONS_U1;
87 char *CIL_KEY_CONS_U2;
88 char *CIL_KEY_CONS_U3;
89 char *CIL_KEY_CONS_L1;
90 char *CIL_KEY_CONS_L2;
91 char *CIL_KEY_CONS_H1;
92 char *CIL_KEY_CONS_H2;
93 char *CIL_KEY_AND;
94 char *CIL_KEY_OR;
95 char *CIL_KEY_NOT;
96 char *CIL_KEY_EQ;
97 char *CIL_KEY_NEQ;
98 char *CIL_KEY_CONS_DOM;
99 char *CIL_KEY_CONS_DOMBY;
100 char *CIL_KEY_CONS_INCOMP;
101 char *CIL_KEY_CONDTRUE;
102 char *CIL_KEY_CONDFALSE;
103 char *CIL_KEY_SELF;
104 char *CIL_KEY_OBJECT_R;
105 char *CIL_KEY_STAR;
106 char *CIL_KEY_TCP;
107 char *CIL_KEY_UDP;
108 char *CIL_KEY_DCCP;
109 char *CIL_KEY_SCTP;
110 char *CIL_KEY_AUDITALLOW;
111 char *CIL_KEY_TUNABLEIF;
112 char *CIL_KEY_ALLOW;
113 char *CIL_KEY_DONTAUDIT;
114 char *CIL_KEY_TYPETRANSITION;
115 char *CIL_KEY_TYPECHANGE;
116 char *CIL_KEY_CALL;
117 char *CIL_KEY_TUNABLE;
118 char *CIL_KEY_XOR;
119 char *CIL_KEY_ALL;
120 char *CIL_KEY_RANGE;
121 char *CIL_KEY_GLOB;
122 char *CIL_KEY_FILE;
123 char *CIL_KEY_DIR;
124 char *CIL_KEY_CHAR;
125 char *CIL_KEY_BLOCK;
126 char *CIL_KEY_SOCKET;
127 char *CIL_KEY_PIPE;
128 char *CIL_KEY_SYMLINK;
129 char *CIL_KEY_ANY;
130 char *CIL_KEY_XATTR;
131 char *CIL_KEY_TASK;
132 char *CIL_KEY_TRANS;
133 char *CIL_KEY_TYPE;
134 char *CIL_KEY_ROLE;
135 char *CIL_KEY_USER;
136 char *CIL_KEY_USERATTRIBUTE;
137 char *CIL_KEY_USERATTRIBUTESET;
138 char *CIL_KEY_SENSITIVITY;
139 char *CIL_KEY_CATEGORY;
140 char *CIL_KEY_CATSET;
141 char *CIL_KEY_LEVEL;
142 char *CIL_KEY_LEVELRANGE;
143 char *CIL_KEY_CLASS;
144 char *CIL_KEY_IPADDR;
145 char *CIL_KEY_MAP_CLASS;
146 char *CIL_KEY_CLASSPERMISSION;
147 char *CIL_KEY_BOOL;
148 char *CIL_KEY_STRING;
149 char *CIL_KEY_NAME;
150 char *CIL_KEY_SOURCE;
151 char *CIL_KEY_TARGET;
152 char *CIL_KEY_LOW;
153 char *CIL_KEY_HIGH;
154 char *CIL_KEY_LOW_HIGH;
155 char *CIL_KEY_GLBLUB;
156 char *CIL_KEY_HANDLEUNKNOWN;
157 char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
158 char *CIL_KEY_HANDLEUNKNOWN_DENY;
159 char *CIL_KEY_HANDLEUNKNOWN_REJECT;
160 char *CIL_KEY_MACRO;
161 char *CIL_KEY_IN;
162 char *CIL_KEY_MLS;
163 char *CIL_KEY_DEFAULTRANGE;
164 char *CIL_KEY_BLOCKINHERIT;
165 char *CIL_KEY_BLOCKABSTRACT;
166 char *CIL_KEY_CLASSORDER;
167 char *CIL_KEY_CLASSMAPPING;
168 char *CIL_KEY_CLASSPERMISSIONSET;
169 char *CIL_KEY_COMMON;
170 char *CIL_KEY_CLASSCOMMON;
171 char *CIL_KEY_SID;
172 char *CIL_KEY_SIDCONTEXT;
173 char *CIL_KEY_SIDORDER;
174 char *CIL_KEY_USERLEVEL;
175 char *CIL_KEY_USERRANGE;
176 char *CIL_KEY_USERBOUNDS;
177 char *CIL_KEY_USERPREFIX;
178 char *CIL_KEY_SELINUXUSER;
179 char *CIL_KEY_SELINUXUSERDEFAULT;
180 char *CIL_KEY_TYPEATTRIBUTE;
181 char *CIL_KEY_TYPEATTRIBUTESET;
182 char *CIL_KEY_EXPANDTYPEATTRIBUTE;
183 char *CIL_KEY_TYPEALIAS;
184 char *CIL_KEY_TYPEALIASACTUAL;
185 char *CIL_KEY_TYPEBOUNDS;
186 char *CIL_KEY_TYPEPERMISSIVE;
187 char *CIL_KEY_RANGETRANSITION;
188 char *CIL_KEY_USERROLE;
189 char *CIL_KEY_ROLETYPE;
190 char *CIL_KEY_ROLETRANSITION;
191 char *CIL_KEY_ROLEALLOW;
192 char *CIL_KEY_ROLEATTRIBUTE;
193 char *CIL_KEY_ROLEATTRIBUTESET;
194 char *CIL_KEY_ROLEBOUNDS;
195 char *CIL_KEY_BOOLEANIF;
196 char *CIL_KEY_NEVERALLOW;
197 char *CIL_KEY_TYPEMEMBER;
198 char *CIL_KEY_SENSALIAS;
199 char *CIL_KEY_SENSALIASACTUAL;
200 char *CIL_KEY_CATALIAS;
201 char *CIL_KEY_CATALIASACTUAL;
202 char *CIL_KEY_CATORDER;
203 char *CIL_KEY_SENSITIVITYORDER;
204 char *CIL_KEY_SENSCAT;
205 char *CIL_KEY_CONSTRAIN;
206 char *CIL_KEY_MLSCONSTRAIN;
207 char *CIL_KEY_VALIDATETRANS;
208 char *CIL_KEY_MLSVALIDATETRANS;
209 char *CIL_KEY_CONTEXT;
210 char *CIL_KEY_FILECON;
211 char *CIL_KEY_IBPKEYCON;
212 char *CIL_KEY_IBENDPORTCON;
213 char *CIL_KEY_PORTCON;
214 char *CIL_KEY_NODECON;
215 char *CIL_KEY_GENFSCON;
216 char *CIL_KEY_NETIFCON;
217 char *CIL_KEY_PIRQCON;
218 char *CIL_KEY_IOMEMCON;
219 char *CIL_KEY_IOPORTCON;
220 char *CIL_KEY_PCIDEVICECON;
221 char *CIL_KEY_DEVICETREECON;
222 char *CIL_KEY_FSUSE;
223 char *CIL_KEY_POLICYCAP;
224 char *CIL_KEY_OPTIONAL;
225 char *CIL_KEY_DEFAULTUSER;
226 char *CIL_KEY_DEFAULTROLE;
227 char *CIL_KEY_DEFAULTTYPE;
228 char *CIL_KEY_ROOT;
229 char *CIL_KEY_NODE;
230 char *CIL_KEY_PERM;
231 char *CIL_KEY_ALLOWX;
232 char *CIL_KEY_AUDITALLOWX;
233 char *CIL_KEY_DONTAUDITX;
234 char *CIL_KEY_NEVERALLOWX;
235 char *CIL_KEY_PERMISSIONX;
236 char *CIL_KEY_IOCTL;
237 char *CIL_KEY_UNORDERED;
238 char *CIL_KEY_SRC_INFO;
239 char *CIL_KEY_SRC_CIL;
240 char *CIL_KEY_SRC_HLL;
241 
cil_init_keys(void)242 static void cil_init_keys(void)
243 {
244 	/* Initialize CIL Keys into strpool */
245 	CIL_KEY_CONS_T1 = cil_strpool_add("t1");
246 	CIL_KEY_CONS_T2 = cil_strpool_add("t2");
247 	CIL_KEY_CONS_T3 = cil_strpool_add("t3");
248 	CIL_KEY_CONS_R1 = cil_strpool_add("r1");
249 	CIL_KEY_CONS_R2 = cil_strpool_add("r2");
250 	CIL_KEY_CONS_R3 = cil_strpool_add("r3");
251 	CIL_KEY_CONS_U1 = cil_strpool_add("u1");
252 	CIL_KEY_CONS_U2 = cil_strpool_add("u2");
253 	CIL_KEY_CONS_U3 = cil_strpool_add("u3");
254 	CIL_KEY_CONS_L1 = cil_strpool_add("l1");
255 	CIL_KEY_CONS_L2 = cil_strpool_add("l2");
256 	CIL_KEY_CONS_H1 = cil_strpool_add("h1");
257 	CIL_KEY_CONS_H2 = cil_strpool_add("h2");
258 	CIL_KEY_AND = cil_strpool_add("and");
259 	CIL_KEY_OR = cil_strpool_add("or");
260 	CIL_KEY_NOT = cil_strpool_add("not");
261 	CIL_KEY_EQ = cil_strpool_add("eq");
262 	CIL_KEY_NEQ = cil_strpool_add("neq");
263 	CIL_KEY_CONS_DOM = cil_strpool_add("dom");
264 	CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
265 	CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
266 	CIL_KEY_CONDTRUE = cil_strpool_add("true");
267 	CIL_KEY_CONDFALSE = cil_strpool_add("false");
268 	CIL_KEY_SELF = cil_strpool_add("self");
269 	CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
270 	CIL_KEY_STAR = cil_strpool_add("*");
271 	CIL_KEY_UDP = cil_strpool_add("udp");
272 	CIL_KEY_TCP = cil_strpool_add("tcp");
273 	CIL_KEY_DCCP = cil_strpool_add("dccp");
274 	CIL_KEY_SCTP = cil_strpool_add("sctp");
275 	CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
276 	CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
277 	CIL_KEY_ALLOW = cil_strpool_add("allow");
278 	CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
279 	CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
280 	CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
281 	CIL_KEY_CALL = cil_strpool_add("call");
282 	CIL_KEY_TUNABLE = cil_strpool_add("tunable");
283 	CIL_KEY_XOR = cil_strpool_add("xor");
284 	CIL_KEY_ALL = cil_strpool_add("all");
285 	CIL_KEY_RANGE = cil_strpool_add("range");
286 	CIL_KEY_TYPE = cil_strpool_add("type");
287 	CIL_KEY_ROLE = cil_strpool_add("role");
288 	CIL_KEY_USER = cil_strpool_add("user");
289 	CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
290 	CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
291 	CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
292 	CIL_KEY_CATEGORY = cil_strpool_add("category");
293 	CIL_KEY_CATSET = cil_strpool_add("categoryset");
294 	CIL_KEY_LEVEL = cil_strpool_add("level");
295 	CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
296 	CIL_KEY_CLASS = cil_strpool_add("class");
297 	CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
298 	CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
299 	CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
300 	CIL_KEY_BOOL = cil_strpool_add("boolean");
301 	CIL_KEY_STRING = cil_strpool_add("string");
302 	CIL_KEY_NAME = cil_strpool_add("name");
303 	CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
304 	CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
305 	CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
306 	CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
307 	CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
308 	CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
309 	CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
310 	CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
311 	CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
312 	CIL_KEY_COMMON = cil_strpool_add("common");
313 	CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
314 	CIL_KEY_SID = cil_strpool_add("sid");
315 	CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
316 	CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
317 	CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
318 	CIL_KEY_USERRANGE = cil_strpool_add("userrange");
319 	CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
320 	CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
321 	CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
322 	CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
323 	CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
324 	CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
325 	CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute");
326 	CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
327 	CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
328 	CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
329 	CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
330 	CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
331 	CIL_KEY_USERROLE = cil_strpool_add("userrole");
332 	CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
333 	CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
334 	CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
335 	CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
336 	CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
337 	CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
338 	CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
339 	CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
340 	CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
341 	CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
342 	CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
343 	CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
344 	CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
345 	CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
346 	CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
347 	CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
348 	CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
349 	CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
350 	CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
351 	CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
352 	CIL_KEY_CONTEXT = cil_strpool_add("context");
353 	CIL_KEY_FILECON = cil_strpool_add("filecon");
354 	CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon");
355 	CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon");
356 	CIL_KEY_PORTCON = cil_strpool_add("portcon");
357 	CIL_KEY_NODECON = cil_strpool_add("nodecon");
358 	CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
359 	CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
360 	CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
361 	CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
362 	CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
363 	CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
364 	CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
365 	CIL_KEY_FSUSE = cil_strpool_add("fsuse");
366 	CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
367 	CIL_KEY_OPTIONAL = cil_strpool_add("optional");
368 	CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
369 	CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
370 	CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
371 	CIL_KEY_MACRO = cil_strpool_add("macro");
372 	CIL_KEY_IN = cil_strpool_add("in");
373 	CIL_KEY_MLS = cil_strpool_add("mls");
374 	CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
375 	CIL_KEY_GLOB = cil_strpool_add("*");
376 	CIL_KEY_FILE = cil_strpool_add("file");
377 	CIL_KEY_DIR = cil_strpool_add("dir");
378 	CIL_KEY_CHAR = cil_strpool_add("char");
379 	CIL_KEY_BLOCK = cil_strpool_add("block");
380 	CIL_KEY_SOCKET = cil_strpool_add("socket");
381 	CIL_KEY_PIPE = cil_strpool_add("pipe");
382 	CIL_KEY_SYMLINK = cil_strpool_add("symlink");
383 	CIL_KEY_ANY = cil_strpool_add("any");
384 	CIL_KEY_XATTR = cil_strpool_add("xattr");
385 	CIL_KEY_TASK = cil_strpool_add("task");
386 	CIL_KEY_TRANS = cil_strpool_add("trans");
387 	CIL_KEY_SOURCE = cil_strpool_add("source");
388 	CIL_KEY_TARGET = cil_strpool_add("target");
389 	CIL_KEY_LOW = cil_strpool_add("low");
390 	CIL_KEY_HIGH = cil_strpool_add("high");
391 	CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
392 	CIL_KEY_GLBLUB = cil_strpool_add("glblub");
393 	CIL_KEY_ROOT = cil_strpool_add("<root>");
394 	CIL_KEY_NODE = cil_strpool_add("<node>");
395 	CIL_KEY_PERM = cil_strpool_add("perm");
396 	CIL_KEY_ALLOWX = cil_strpool_add("allowx");
397 	CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
398 	CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
399 	CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
400 	CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
401 	CIL_KEY_IOCTL = cil_strpool_add("ioctl");
402 	CIL_KEY_UNORDERED = cil_strpool_add("unordered");
403 	CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
404 	CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>");
405 	CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>");
406 }
407 
cil_db_init(struct cil_db ** db)408 void cil_db_init(struct cil_db **db)
409 {
410 	*db = cil_malloc(sizeof(**db));
411 
412 	cil_strpool_init();
413 	cil_init_keys();
414 
415 	cil_tree_init(&(*db)->parse);
416 	cil_tree_init(&(*db)->ast);
417 	cil_root_init((struct cil_root **)&(*db)->ast->root->data);
418 	(*db)->sidorder = NULL;
419 	(*db)->classorder = NULL;
420 	(*db)->catorder = NULL;
421 	(*db)->sensitivityorder = NULL;
422 	cil_sort_init(&(*db)->netifcon);
423 	cil_sort_init(&(*db)->genfscon);
424 	cil_sort_init(&(*db)->filecon);
425 	cil_sort_init(&(*db)->nodecon);
426 	cil_sort_init(&(*db)->ibpkeycon);
427 	cil_sort_init(&(*db)->ibendportcon);
428 	cil_sort_init(&(*db)->portcon);
429 	cil_sort_init(&(*db)->pirqcon);
430 	cil_sort_init(&(*db)->iomemcon);
431 	cil_sort_init(&(*db)->ioportcon);
432 	cil_sort_init(&(*db)->pcidevicecon);
433 	cil_sort_init(&(*db)->devicetreecon);
434 	cil_sort_init(&(*db)->fsuse);
435 	cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
436 	cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
437 	cil_list_init(&(*db)->names, CIL_LIST_ITEM);
438 
439 	cil_type_init(&(*db)->selftype);
440 	(*db)->selftype->datum.name = CIL_KEY_SELF;
441 	(*db)->selftype->datum.fqn = CIL_KEY_SELF;
442 	(*db)->num_types_and_attrs = 0;
443 	(*db)->num_classes = 0;
444 	(*db)->num_types = 0;
445 	(*db)->num_roles = 0;
446 	(*db)->num_users = 0;
447 	(*db)->num_cats = 0;
448 	(*db)->val_to_type = NULL;
449 	(*db)->val_to_role = NULL;
450 	(*db)->val_to_user = NULL;
451 
452 	(*db)->disable_dontaudit = CIL_FALSE;
453 	(*db)->disable_neverallow = CIL_FALSE;
454 	(*db)->attrs_expand_generated = CIL_FALSE;
455 	(*db)->attrs_expand_size = 1;
456 	(*db)->preserve_tunables = CIL_FALSE;
457 	(*db)->handle_unknown = -1;
458 	(*db)->mls = -1;
459 	(*db)->target_platform = SEPOL_TARGET_SELINUX;
460 	(*db)->policy_version = POLICYDB_VERSION_MAX;
461 }
462 
cil_db_destroy(struct cil_db ** db)463 void cil_db_destroy(struct cil_db **db)
464 {
465 	if (db == NULL || *db == NULL) {
466 		return;
467 	}
468 
469 	cil_tree_destroy(&(*db)->parse);
470 	cil_tree_destroy(&(*db)->ast);
471 	cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
472 	cil_list_destroy(&(*db)->classorder, CIL_FALSE);
473 	cil_list_destroy(&(*db)->catorder, CIL_FALSE);
474 	cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
475 	cil_sort_destroy(&(*db)->netifcon);
476 	cil_sort_destroy(&(*db)->genfscon);
477 	cil_sort_destroy(&(*db)->filecon);
478 	cil_sort_destroy(&(*db)->nodecon);
479 	cil_sort_destroy(&(*db)->ibpkeycon);
480 	cil_sort_destroy(&(*db)->ibendportcon);
481 	cil_sort_destroy(&(*db)->portcon);
482 	cil_sort_destroy(&(*db)->pirqcon);
483 	cil_sort_destroy(&(*db)->iomemcon);
484 	cil_sort_destroy(&(*db)->ioportcon);
485 	cil_sort_destroy(&(*db)->pcidevicecon);
486 	cil_sort_destroy(&(*db)->devicetreecon);
487 	cil_sort_destroy(&(*db)->fsuse);
488 	cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
489 	cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
490 	cil_list_destroy(&(*db)->names, CIL_TRUE);
491 
492 	cil_destroy_type((*db)->selftype);
493 
494 	cil_strpool_destroy();
495 	free((*db)->val_to_type);
496 	free((*db)->val_to_role);
497 	free((*db)->val_to_user);
498 
499 	free(*db);
500 	*db = NULL;
501 }
502 
cil_root_init(struct cil_root ** root)503 void cil_root_init(struct cil_root **root)
504 {
505 	struct cil_root *r = cil_malloc(sizeof(*r));
506 	cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
507 
508 	*root = r;
509 }
510 
cil_root_destroy(struct cil_root * root)511 void cil_root_destroy(struct cil_root *root)
512 {
513 	if (root == NULL) {
514 		return;
515 	}
516 	cil_symtab_array_destroy(root->symtab);
517 	free(root);
518 }
519 
cil_add_file(cil_db_t * db,char * name,char * data,size_t size)520 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
521 {
522 	char *buffer = NULL;
523 	int rc;
524 
525 	cil_log(CIL_INFO, "Parsing %s\n", name);
526 
527 	buffer = cil_malloc(size + 2);
528 	memcpy(buffer, data, size);
529 	memset(buffer + size, 0, 2);
530 
531 	rc = cil_parser(name, buffer, size + 2, &db->parse);
532 	if (rc != SEPOL_OK) {
533 		cil_log(CIL_INFO, "Failed to parse %s\n", name);
534 		goto exit;
535 	}
536 
537 	free(buffer);
538 	buffer = NULL;
539 
540 	rc = SEPOL_OK;
541 
542 exit:
543 	free(buffer);
544 
545 	return rc;
546 }
547 
548 #ifdef DISABLE_SYMVER
cil_compile(struct cil_db * db)549 int cil_compile(struct cil_db *db)
550 #else
551 int cil_compile_nopdb(struct cil_db *db)
552 #endif
553 {
554 	int rc = SEPOL_ERR;
555 
556 	if (db == NULL) {
557 		goto exit;
558 	}
559 
560 	cil_log(CIL_INFO, "Building AST from Parse Tree\n");
561 	rc = cil_build_ast(db, db->parse->root, db->ast->root);
562 	if (rc != SEPOL_OK) {
563 		cil_log(CIL_INFO, "Failed to build ast\n");
564 		goto exit;
565 	}
566 
567 	cil_log(CIL_INFO, "Destroying Parse Tree\n");
568 	cil_tree_destroy(&db->parse);
569 
570 	cil_log(CIL_INFO, "Resolving AST\n");
571 	rc = cil_resolve_ast(db, db->ast->root);
572 	if (rc != SEPOL_OK) {
573 		cil_log(CIL_INFO, "Failed to resolve ast\n");
574 		goto exit;
575 	}
576 
577 	cil_log(CIL_INFO, "Qualifying Names\n");
578 	rc = cil_fqn_qualify(db->ast->root);
579 	if (rc != SEPOL_OK) {
580 		cil_log(CIL_INFO, "Failed to qualify names\n");
581 		goto exit;
582 	}
583 
584 	cil_log(CIL_INFO, "Compile post process\n");
585 	rc = cil_post_process(db);
586 	if (rc != SEPOL_OK ) {
587 		cil_log(CIL_INFO, "Post process failed\n");
588 		goto exit;
589 	}
590 
591 exit:
592 
593 	return rc;
594 }
595 
596 #ifndef DISABLE_SYMVER
cil_compile_pdb(struct cil_db * db,sepol_policydb_t * sepol_db)597 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
598 {
599 	return cil_compile_nopdb(db);
600 }
601 
cil_build_policydb_pdb(cil_db_t * db,sepol_policydb_t * sepol_db)602 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db)
603 {
604 	int rc;
605 
606 	cil_log(CIL_INFO, "Building policy binary\n");
607 	rc = cil_binary_create_allocated_pdb(db, sepol_db);
608 	if (rc != SEPOL_OK) {
609 		cil_log(CIL_ERR, "Failed to generate binary\n");
610 		goto exit;
611 	}
612 
613 exit:
614 	return rc;
615 }
616 #endif
617 
618 #ifdef DISABLE_SYMVER
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)619 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
620 #else
621 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
622 #endif
623 {
624 	int rc;
625 
626 	cil_log(CIL_INFO, "Building policy binary\n");
627 	rc = cil_binary_create(db, sepol_db);
628 	if (rc != SEPOL_OK) {
629 		cil_log(CIL_ERR, "Failed to generate binary\n");
630 		goto exit;
631 	}
632 
633 exit:
634 	return rc;
635 }
636 
cil_write_policy_conf(FILE * out,struct cil_db * db)637 void cil_write_policy_conf(FILE *out, struct cil_db *db)
638 {
639 	cil_log(CIL_INFO, "Writing policy.conf file\n");
640 	cil_gen_policy(out, db);
641 }
642 
cil_destroy_data(void ** data,enum cil_flavor flavor)643 void cil_destroy_data(void **data, enum cil_flavor flavor)
644 {
645 	if (*data == NULL) {
646 		return;
647 	}
648 
649 	switch(flavor) {
650 	case CIL_NONE:
651 		break;
652 	case CIL_ROOT:
653 		cil_root_destroy(*data);
654 		break;
655 	case CIL_NODE:
656 		break;
657 	case CIL_STRING:
658 		break;
659 	case CIL_DATUM:
660 		break;
661 	case CIL_LIST:
662 		cil_list_destroy(*data, CIL_FALSE);
663 		break;
664 	case CIL_LIST_ITEM:
665 		break;
666 	case CIL_PARAM:
667 		cil_destroy_param(*data);
668 		break;
669 	case CIL_ARGS:
670 		cil_destroy_args(*data);
671 		break;
672 	case CIL_BLOCK:
673 		cil_destroy_block(*data);
674 		break;
675 	case CIL_BLOCKINHERIT:
676 		cil_destroy_blockinherit(*data);
677 		break;
678 	case CIL_BLOCKABSTRACT:
679 		cil_destroy_blockabstract(*data);
680 		break;
681 	case CIL_IN:
682 		cil_destroy_in(*data);
683 		break;
684 	case CIL_MACRO:
685 		cil_destroy_macro(*data);
686 		break;
687 	case CIL_CALL:
688 		cil_destroy_call(*data);
689 		break;
690 	case CIL_OPTIONAL:
691 		cil_destroy_optional(*data);
692 		break;
693 	case CIL_BOOL:
694 		cil_destroy_bool(*data);
695 		break;
696 	case CIL_BOOLEANIF:
697 		cil_destroy_boolif(*data);
698 		break;
699 	case CIL_TUNABLE:
700 		cil_destroy_tunable(*data);
701 		break;
702 	case CIL_TUNABLEIF:
703 		cil_destroy_tunif(*data);
704 		break;
705 	case CIL_CONDBLOCK:
706 		cil_destroy_condblock(*data);
707 		break;
708 	case CIL_CONDTRUE:
709 		break;
710 	case CIL_CONDFALSE:
711 		break;
712 	case CIL_PERM:
713 	case CIL_MAP_PERM:
714 		cil_destroy_perm(*data);
715 		break;
716 	case CIL_COMMON:
717 	case CIL_CLASS:
718 	case CIL_MAP_CLASS:
719 		cil_destroy_class(*data);
720 		break;
721 	case CIL_CLASSORDER:
722 		cil_destroy_classorder(*data);
723 		break;
724 	case CIL_CLASSPERMISSION:
725 		cil_destroy_classpermission(*data);
726 		break;
727 	case CIL_CLASSCOMMON:
728 		cil_destroy_classcommon(*data);
729 		break;
730 	case CIL_CLASSMAPPING:
731 		cil_destroy_classmapping(*data);
732 		break;
733 	case CIL_CLASSPERMS:
734 		cil_destroy_classperms(*data);
735 		break;
736 	case CIL_CLASSPERMS_SET:
737 		cil_destroy_classperms_set(*data);
738 		break;
739 	case CIL_CLASSPERMISSIONSET:
740 		cil_destroy_classpermissionset(*data);
741 		break;
742 	case CIL_USER:
743 		cil_destroy_user(*data);
744 		break;
745 	case CIL_USERATTRIBUTE:
746 		cil_destroy_userattribute(*data);
747 		break;
748 	case CIL_USERATTRIBUTESET:
749 		cil_destroy_userattributeset(*data);
750 		break;
751 	case CIL_USERPREFIX:
752 		cil_destroy_userprefix(*data);
753 		break;
754 	case CIL_USERROLE:
755 		cil_destroy_userrole(*data);
756 		break;
757 	case CIL_USERLEVEL:
758 		cil_destroy_userlevel(*data);
759 		break;
760 	case CIL_USERRANGE:
761 		cil_destroy_userrange(*data);
762 		break;
763 	case CIL_USERBOUNDS:
764 		cil_destroy_bounds(*data);
765 		break;
766 	case CIL_SELINUXUSER:
767 	case CIL_SELINUXUSERDEFAULT:
768 		cil_destroy_selinuxuser(*data);
769 		break;
770 	case CIL_ROLE:
771 		cil_destroy_role(*data);
772 		break;
773 	case CIL_ROLEATTRIBUTE:
774 		cil_destroy_roleattribute(*data);
775 		break;
776 	case CIL_ROLEATTRIBUTESET:
777 		cil_destroy_roleattributeset(*data);
778 		break;
779 	case CIL_ROLETYPE:
780 		cil_destroy_roletype(*data);
781 		break;
782 	case CIL_ROLEBOUNDS:
783 		cil_destroy_bounds(*data);
784 		break;
785 	case CIL_TYPE:
786 		cil_destroy_type(*data);
787 		break;
788 	case CIL_TYPEATTRIBUTE:
789 		cil_destroy_typeattribute(*data);
790 		break;
791 	case CIL_TYPEALIAS:
792 		cil_destroy_alias(*data);
793 		break;
794 	case CIL_TYPEATTRIBUTESET:
795 		cil_destroy_typeattributeset(*data);
796 		break;
797 	case CIL_EXPANDTYPEATTRIBUTE:
798 		cil_destroy_expandtypeattribute(*data);
799 		break;
800 	case CIL_TYPEALIASACTUAL:
801 		cil_destroy_aliasactual(*data);
802 		break;
803 	case CIL_TYPEBOUNDS:
804 		cil_destroy_bounds(*data);
805 		break;
806 	case CIL_TYPEPERMISSIVE:
807 		cil_destroy_typepermissive(*data);
808 		break;
809 	case CIL_SENS:
810 		cil_destroy_sensitivity(*data);
811 		break;
812 	case CIL_SENSALIAS:
813 		cil_destroy_alias(*data);
814 		break;
815 	case CIL_SENSALIASACTUAL:
816 		cil_destroy_aliasactual(*data);
817 		break;
818 	case CIL_SENSITIVITYORDER:
819 		cil_destroy_sensitivityorder(*data);
820 		break;
821 	case CIL_SENSCAT:
822 		cil_destroy_senscat(*data);
823 		break;
824 	case CIL_CAT:
825 		cil_destroy_category(*data);
826 		break;
827 	case CIL_CATSET:
828 		cil_destroy_catset(*data);
829 		break;
830 	case CIL_CATALIAS:
831 		cil_destroy_alias(*data);
832 		break;
833 	case CIL_CATALIASACTUAL:
834 		cil_destroy_aliasactual(*data);
835 		break;
836 	case CIL_CATORDER:
837 		cil_destroy_catorder(*data);
838 		break;
839 	case CIL_LEVEL:
840 		cil_destroy_level(*data);
841 		break;
842 	case CIL_LEVELRANGE:
843 		cil_destroy_levelrange(*data);
844 		break;
845 	case CIL_SID:
846 		cil_destroy_sid(*data);
847 		break;
848 	case CIL_SIDORDER:
849 		cil_destroy_sidorder(*data);
850 		break;
851 	case CIL_NAME:
852 		cil_destroy_name(*data);
853 		break;
854 	case CIL_ROLEALLOW:
855 		cil_destroy_roleallow(*data);
856 		break;
857 	case CIL_AVRULE:
858 	case CIL_AVRULEX:
859 		cil_destroy_avrule(*data);
860 		break;
861 	case CIL_PERMISSIONX:
862 		cil_destroy_permissionx(*data);
863 		break;
864 	case CIL_ROLETRANSITION:
865 		cil_destroy_roletransition(*data);
866 		break;
867 	case CIL_TYPE_RULE:
868 		cil_destroy_type_rule(*data);
869 		break;
870 	case CIL_NAMETYPETRANSITION:
871 		cil_destroy_typetransition(*data);
872 		break;
873 	case CIL_RANGETRANSITION:
874 		cil_destroy_rangetransition(*data);
875 		break;
876 	case CIL_CONSTRAIN:
877 		cil_destroy_constrain(*data);
878 		break;
879 	case CIL_MLSCONSTRAIN:
880 		cil_destroy_constrain(*data);
881 		break;
882 	case CIL_VALIDATETRANS:
883 	case CIL_MLSVALIDATETRANS:
884 		cil_destroy_validatetrans(*data);
885 		break;
886 	case CIL_CONTEXT:
887 		cil_destroy_context(*data);
888 		break;
889 	case CIL_IPADDR:
890 		cil_destroy_ipaddr(*data);
891 		break;
892 	case CIL_SIDCONTEXT:
893 		cil_destroy_sidcontext(*data);
894 		break;
895 	case CIL_FSUSE:
896 		cil_destroy_fsuse(*data);
897 		break;
898 	case CIL_FILECON:
899 		cil_destroy_filecon(*data);
900 		break;
901 	case CIL_IBPKEYCON:
902 		cil_destroy_ibpkeycon(*data);
903 		break;
904 	case CIL_PORTCON:
905 		cil_destroy_portcon(*data);
906 		break;
907 	case CIL_IBENDPORTCON:
908 		cil_destroy_ibendportcon(*data);
909 		break;
910 	case CIL_NODECON:
911 		cil_destroy_nodecon(*data);
912 		break;
913 	case CIL_GENFSCON:
914 		cil_destroy_genfscon(*data);
915 		break;
916 	case CIL_NETIFCON:
917 		cil_destroy_netifcon(*data);
918 		break;
919 	case CIL_PIRQCON:
920 		cil_destroy_pirqcon(*data);
921 		break;
922 	case CIL_IOMEMCON:
923 		cil_destroy_iomemcon(*data);
924 		break;
925 	case CIL_IOPORTCON:
926 		cil_destroy_ioportcon(*data);
927 		break;
928 	case CIL_PCIDEVICECON:
929 		cil_destroy_pcidevicecon(*data);
930 		break;
931 	case CIL_DEVICETREECON:
932 		cil_destroy_devicetreecon(*data);
933 		break;
934 	case CIL_POLICYCAP:
935 		cil_destroy_policycap(*data);
936 		break;
937 	case CIL_DEFAULTUSER:
938 	case CIL_DEFAULTROLE:
939 	case CIL_DEFAULTTYPE:
940 		cil_destroy_default(*data);
941 		break;
942 	case CIL_DEFAULTRANGE:
943 		cil_destroy_defaultrange(*data);
944 		break;
945 	case CIL_HANDLEUNKNOWN:
946 		cil_destroy_handleunknown(*data);
947 		break;
948 	case CIL_MLS:
949 		cil_destroy_mls(*data);
950 		break;
951 	case CIL_SRC_INFO:
952 		cil_destroy_src_info(*data);
953 		break;
954 	case CIL_OP:
955 	case CIL_CONS_OPERAND:
956 		break;
957 	default:
958 		cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
959 		break;
960 	}
961 
962 	*data = NULL;
963 }
964 
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)965 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
966 {
967 	if (flavor < CIL_MIN_DECLARATIVE) {
968 		return SEPOL_ERR;
969 	}
970 
971 	switch(flavor) {
972 	case CIL_BLOCK:
973 		*sym_index = CIL_SYM_BLOCKS;
974 		break;
975 	case CIL_MACRO:
976 		*sym_index = CIL_SYM_BLOCKS;
977 		break;
978 	case CIL_OPTIONAL:
979 		*sym_index = CIL_SYM_BLOCKS;
980 		break;
981 	case CIL_BOOL:
982 		*sym_index = CIL_SYM_BOOLS;
983 		break;
984 	case CIL_TUNABLE:
985 		*sym_index = CIL_SYM_TUNABLES;
986 		break;
987 	case CIL_PERM:
988 	case CIL_MAP_PERM:
989 		*sym_index = CIL_SYM_PERMS;
990 		break;
991 	case CIL_COMMON:
992 		*sym_index = CIL_SYM_COMMONS;
993 		break;
994 	case CIL_CLASS:
995 	case CIL_MAP_CLASS:
996 		*sym_index = CIL_SYM_CLASSES;
997 		break;
998 	case CIL_CLASSPERMISSION:
999 	case CIL_CLASSPERMISSIONSET:
1000 		*sym_index = CIL_SYM_CLASSPERMSETS;
1001 		break;
1002 	case CIL_USER:
1003 	case CIL_USERATTRIBUTE:
1004 		*sym_index = CIL_SYM_USERS;
1005 		break;
1006 	case CIL_ROLE:
1007 	case CIL_ROLEATTRIBUTE:
1008 		*sym_index = CIL_SYM_ROLES;
1009 		break;
1010 	case CIL_TYPE:
1011 	case CIL_TYPEALIAS:
1012 	case CIL_TYPEATTRIBUTE:
1013 		*sym_index = CIL_SYM_TYPES;
1014 		break;
1015 	case CIL_SENS:
1016 	case CIL_SENSALIAS:
1017 		*sym_index = CIL_SYM_SENS;
1018 		break;
1019 	case CIL_CAT:
1020 	case CIL_CATSET:
1021 	case CIL_CATALIAS:
1022 		*sym_index = CIL_SYM_CATS;
1023 		break;
1024 	case CIL_LEVEL:
1025 		*sym_index = CIL_SYM_LEVELS;
1026 		break;
1027 	case CIL_LEVELRANGE:
1028 		*sym_index = CIL_SYM_LEVELRANGES;
1029 		break;
1030 	case CIL_SID:
1031 		*sym_index = CIL_SYM_SIDS;
1032 		break;
1033 	case CIL_NAME:
1034 		*sym_index = CIL_SYM_NAMES;
1035 		break;
1036 	case CIL_CONTEXT:
1037 		*sym_index = CIL_SYM_CONTEXTS;
1038 		break;
1039 	case CIL_IPADDR:
1040 		*sym_index = CIL_SYM_IPADDRS;
1041 		break;
1042 	case CIL_POLICYCAP:
1043 		*sym_index = CIL_SYM_POLICYCAPS;
1044 		break;
1045 	case CIL_PERMISSIONX:
1046 		*sym_index = CIL_SYM_PERMX;
1047 		break;
1048 	default:
1049 		*sym_index = CIL_SYM_UNKNOWN;
1050 		cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
1051 		return SEPOL_ERR;
1052 	}
1053 
1054 	return SEPOL_OK;
1055 }
1056 
cil_node_to_string(struct cil_tree_node * node)1057 const char * cil_node_to_string(struct cil_tree_node *node)
1058 {
1059 	switch (node->flavor) {
1060 	case CIL_NONE:
1061 		return "<none>";
1062 	case CIL_ROOT:
1063 		return CIL_KEY_ROOT;
1064 	case CIL_NODE:
1065 		return CIL_KEY_NODE;
1066 	case CIL_STRING:
1067 		return "string";
1068 	case CIL_DATUM:
1069 		return "<datum>";
1070 	case CIL_LIST:
1071 		return "<list>";
1072 	case CIL_LIST_ITEM:
1073 		return "<list_item>";
1074 	case CIL_PARAM:
1075 		return "<param>";
1076 	case CIL_ARGS:
1077 		return "<args>";
1078 	case CIL_BLOCK:
1079 		return CIL_KEY_BLOCK;
1080 	case CIL_BLOCKINHERIT:
1081 		return CIL_KEY_BLOCKINHERIT;
1082 	case CIL_BLOCKABSTRACT:
1083 		return CIL_KEY_BLOCKABSTRACT;
1084 	case CIL_IN:
1085 		return CIL_KEY_IN;
1086 	case CIL_MACRO:
1087 		return CIL_KEY_MACRO;
1088 	case CIL_CALL:
1089 		return CIL_KEY_CALL;
1090 	case CIL_OPTIONAL:
1091 		return CIL_KEY_OPTIONAL;
1092 	case CIL_BOOL:
1093 		return CIL_KEY_BOOL;
1094 	case CIL_BOOLEANIF:
1095 		return CIL_KEY_BOOLEANIF;
1096 	case CIL_TUNABLE:
1097 		return CIL_KEY_TUNABLE;
1098 	case CIL_TUNABLEIF:
1099 		return CIL_KEY_TUNABLEIF;
1100 	case CIL_CONDBLOCK:
1101 		switch (((struct cil_condblock*)node->data)->flavor) {
1102 		case CIL_CONDTRUE:
1103 			return CIL_KEY_CONDTRUE;
1104 		case CIL_CONDFALSE:
1105 			return CIL_KEY_CONDFALSE;
1106 		default:
1107 			break;
1108 		}
1109 		break;
1110 	case CIL_CONDTRUE:
1111 		return CIL_KEY_CONDTRUE;
1112 	case CIL_CONDFALSE:
1113 		return CIL_KEY_CONDFALSE;
1114 	case CIL_PERM:
1115 		return CIL_KEY_PERM;
1116 	case CIL_COMMON:
1117 		return CIL_KEY_COMMON;
1118 	case CIL_CLASS:
1119 		return CIL_KEY_CLASS;
1120 	case CIL_CLASSORDER:
1121 		return CIL_KEY_CLASSORDER;
1122 	case CIL_MAP_CLASS:
1123 		return CIL_KEY_MAP_CLASS;
1124 	case CIL_CLASSPERMISSION:
1125 		return CIL_KEY_CLASSPERMISSION;
1126 	case CIL_CLASSCOMMON:
1127 		return CIL_KEY_CLASSCOMMON;
1128 	case CIL_CLASSMAPPING:
1129 		return CIL_KEY_CLASSMAPPING;
1130 	case CIL_CLASSPERMISSIONSET:
1131 		return CIL_KEY_CLASSPERMISSIONSET;
1132 	case CIL_USER:
1133 		return CIL_KEY_USER;
1134 	case CIL_USERATTRIBUTE:
1135 		return CIL_KEY_USERATTRIBUTE;
1136 	case CIL_USERATTRIBUTESET:
1137 		return CIL_KEY_USERATTRIBUTESET;
1138 	case CIL_USERPREFIX:
1139 		return CIL_KEY_USERPREFIX;
1140 	case CIL_USERROLE:
1141 		return CIL_KEY_USERROLE;
1142 	case CIL_USERLEVEL:
1143 		return CIL_KEY_USERLEVEL;
1144 	case CIL_USERRANGE:
1145 		return CIL_KEY_USERRANGE;
1146 	case CIL_USERBOUNDS:
1147 		return CIL_KEY_USERBOUNDS;
1148 	case CIL_SELINUXUSER:
1149 		return CIL_KEY_SELINUXUSER;
1150 	case CIL_SELINUXUSERDEFAULT:
1151 		return CIL_KEY_SELINUXUSERDEFAULT;
1152 	case CIL_ROLE:
1153 		return CIL_KEY_ROLE;
1154 	case CIL_ROLEATTRIBUTE:
1155 		return CIL_KEY_ROLEATTRIBUTE;
1156 	case CIL_ROLEATTRIBUTESET:
1157 		return CIL_KEY_ROLEATTRIBUTESET;
1158 	case CIL_ROLETYPE:
1159 		return CIL_KEY_ROLETYPE;
1160 	case CIL_ROLEBOUNDS:
1161 		return CIL_KEY_ROLEBOUNDS;
1162 	case CIL_TYPE:
1163 		return CIL_KEY_TYPE;
1164 	case CIL_TYPEATTRIBUTE:
1165 		return CIL_KEY_TYPEATTRIBUTE;
1166 	case CIL_TYPEALIAS:
1167 		return CIL_KEY_TYPEALIAS;
1168 	case CIL_TYPEATTRIBUTESET:
1169 		return CIL_KEY_TYPEATTRIBUTESET;
1170 	case CIL_EXPANDTYPEATTRIBUTE:
1171 		return CIL_KEY_EXPANDTYPEATTRIBUTE;
1172 	case CIL_TYPEALIASACTUAL:
1173 		return CIL_KEY_TYPEALIASACTUAL;
1174 	case CIL_TYPEBOUNDS:
1175 		return CIL_KEY_TYPEBOUNDS;
1176 	case CIL_TYPEPERMISSIVE:
1177 		return CIL_KEY_TYPEPERMISSIVE;
1178 	case CIL_SENS:
1179 		return CIL_KEY_SENSITIVITY;
1180 	case CIL_SENSALIAS:
1181 		return CIL_KEY_SENSALIAS;
1182 	case CIL_SENSALIASACTUAL:
1183 		return CIL_KEY_SENSALIASACTUAL;
1184 	case CIL_SENSITIVITYORDER:
1185 		return CIL_KEY_SENSITIVITYORDER;
1186 	case CIL_SENSCAT:
1187 		return CIL_KEY_SENSCAT;
1188 	case CIL_CAT:
1189 		return CIL_KEY_CATEGORY;
1190 	case CIL_CATSET:
1191 		return CIL_KEY_CATSET;
1192 	case CIL_CATALIAS:
1193 		return CIL_KEY_CATALIAS;
1194 	case CIL_CATALIASACTUAL:
1195 		return CIL_KEY_CATALIASACTUAL;
1196 	case CIL_CATORDER:
1197 		return CIL_KEY_CATORDER;
1198 	case CIL_LEVEL:
1199 		return CIL_KEY_LEVEL;
1200 	case CIL_LEVELRANGE:
1201 		return CIL_KEY_LEVELRANGE;
1202 	case CIL_SID:
1203 		return CIL_KEY_SID;
1204 	case CIL_SIDORDER:
1205 		return CIL_KEY_SIDORDER;
1206 	case CIL_NAME:
1207 		return CIL_KEY_NAME;
1208 	case CIL_ROLEALLOW:
1209 		return CIL_KEY_ROLEALLOW;
1210 	case CIL_AVRULE:
1211 		switch (((struct cil_avrule *)node->data)->rule_kind) {
1212 		case CIL_AVRULE_ALLOWED:
1213 			return CIL_KEY_ALLOW;
1214 		case CIL_AVRULE_AUDITALLOW:
1215 			return CIL_KEY_AUDITALLOW;
1216 		case CIL_AVRULE_DONTAUDIT:
1217 			return CIL_KEY_DONTAUDIT;
1218 		case CIL_AVRULE_NEVERALLOW:
1219 			return CIL_KEY_NEVERALLOW;
1220 		default:
1221 			break;
1222 		}
1223 		break;
1224 	case CIL_AVRULEX:
1225 		switch (((struct cil_avrule *)node->data)->rule_kind) {
1226 		case CIL_AVRULE_ALLOWED:
1227 			return CIL_KEY_ALLOWX;
1228 		case CIL_AVRULE_AUDITALLOW:
1229 			return CIL_KEY_AUDITALLOWX;
1230 		case CIL_AVRULE_DONTAUDIT:
1231 			return CIL_KEY_DONTAUDITX;
1232 		case CIL_AVRULE_NEVERALLOW:
1233 			return CIL_KEY_NEVERALLOWX;
1234 		default:
1235 			break;
1236 		}
1237 		break;
1238 	case CIL_PERMISSIONX:
1239 		return CIL_KEY_PERMISSIONX;
1240 	case CIL_ROLETRANSITION:
1241 		return CIL_KEY_ROLETRANSITION;
1242 	case CIL_TYPE_RULE:
1243 		switch (((struct cil_type_rule *)node->data)->rule_kind) {
1244 		case CIL_TYPE_TRANSITION:
1245 			return CIL_KEY_TYPETRANSITION;
1246 		case CIL_TYPE_MEMBER:
1247 			return CIL_KEY_TYPEMEMBER;
1248 		case CIL_TYPE_CHANGE:
1249 			return CIL_KEY_TYPECHANGE;
1250 		default:
1251 			break;
1252 		}
1253 		break;
1254 	case CIL_NAMETYPETRANSITION:
1255 		return CIL_KEY_TYPETRANSITION;
1256 	case CIL_RANGETRANSITION:
1257 		return CIL_KEY_RANGETRANSITION;
1258 	case CIL_CONSTRAIN:
1259 		return CIL_KEY_CONSTRAIN;
1260 	case CIL_MLSCONSTRAIN:
1261 		return CIL_KEY_MLSCONSTRAIN;
1262 	case CIL_VALIDATETRANS:
1263 		return CIL_KEY_VALIDATETRANS;
1264 	case CIL_MLSVALIDATETRANS:
1265 		return CIL_KEY_MLSVALIDATETRANS;
1266 	case CIL_CONTEXT:
1267 		return CIL_KEY_CONTEXT;
1268 	case CIL_IPADDR:
1269 		return CIL_KEY_IPADDR;
1270 	case CIL_SIDCONTEXT:
1271 		return CIL_KEY_SIDCONTEXT;
1272 	case CIL_FSUSE:
1273 		return CIL_KEY_FSUSE;
1274 	case CIL_FILECON:
1275 		return CIL_KEY_FILECON;
1276 	case CIL_IBPKEYCON:
1277 		return CIL_KEY_IBPKEYCON;
1278 	case CIL_IBENDPORTCON:
1279 		return CIL_KEY_IBENDPORTCON;
1280 	case CIL_PORTCON:
1281 		return CIL_KEY_PORTCON;
1282 	case CIL_NODECON:
1283 		return CIL_KEY_NODECON;
1284 	case CIL_GENFSCON:
1285 		return CIL_KEY_GENFSCON;
1286 	case CIL_NETIFCON:
1287 		return CIL_KEY_NETIFCON;
1288 	case CIL_PIRQCON:
1289 		return CIL_KEY_PIRQCON;
1290 	case CIL_IOMEMCON:
1291 		return CIL_KEY_IOMEMCON;
1292 	case CIL_IOPORTCON:
1293 		return CIL_KEY_IOPORTCON;
1294 	case CIL_PCIDEVICECON:
1295 		return CIL_KEY_PCIDEVICECON;
1296 	case CIL_DEVICETREECON:
1297 		return CIL_KEY_DEVICETREECON;
1298 	case CIL_POLICYCAP:
1299 		return CIL_KEY_POLICYCAP;
1300 	case CIL_DEFAULTUSER:
1301 		return CIL_KEY_DEFAULTUSER;
1302 	case CIL_DEFAULTROLE:
1303 		return CIL_KEY_DEFAULTROLE;
1304 	case CIL_DEFAULTTYPE:
1305 		return CIL_KEY_DEFAULTTYPE;
1306 	case CIL_DEFAULTRANGE:
1307 		return CIL_KEY_DEFAULTRANGE;
1308 	case CIL_HANDLEUNKNOWN:
1309 		return CIL_KEY_HANDLEUNKNOWN;
1310 	case CIL_MLS:
1311 		return CIL_KEY_MLS;
1312 	case CIL_SRC_INFO:
1313 		return CIL_KEY_SRC_INFO;
1314 	case CIL_ALL:
1315 		return CIL_KEY_ALL;
1316 	case CIL_RANGE:
1317 		return CIL_KEY_RANGE;
1318 	case CIL_AND:
1319 		return CIL_KEY_AND;
1320 	case CIL_OR:
1321 		return CIL_KEY_OR;
1322 	case CIL_XOR:
1323 		return CIL_KEY_XOR;
1324 	case CIL_NOT:
1325 		return CIL_KEY_NOT;
1326 	case CIL_EQ:
1327 		return CIL_KEY_EQ;
1328 	case CIL_NEQ:
1329 		return CIL_KEY_NEQ;
1330 	case CIL_CONS_DOM:
1331 		return CIL_KEY_CONS_DOM;
1332 	case CIL_CONS_DOMBY:
1333 		return CIL_KEY_CONS_DOMBY;
1334 	case CIL_CONS_INCOMP:
1335 		return CIL_KEY_CONS_INCOMP;
1336 	case CIL_CONS_U1:
1337 		return CIL_KEY_CONS_U1;
1338 	case CIL_CONS_U2:
1339 		return CIL_KEY_CONS_U2;
1340 	case CIL_CONS_U3:
1341 		return CIL_KEY_CONS_U3;
1342 	case CIL_CONS_T1:
1343 		return CIL_KEY_CONS_T1;
1344 	case CIL_CONS_T2:
1345 		return CIL_KEY_CONS_T2;
1346 	case CIL_CONS_T3:
1347 		return CIL_KEY_CONS_T3;
1348 	case CIL_CONS_R1:
1349 		return CIL_KEY_CONS_R1;
1350 	case CIL_CONS_R2:
1351 		return CIL_KEY_CONS_R2;
1352 	case CIL_CONS_R3:
1353 		return CIL_KEY_CONS_R3;
1354 	case CIL_CONS_L1:
1355 		return CIL_KEY_CONS_L1;
1356 	case CIL_CONS_L2:
1357 		return CIL_KEY_CONS_L2;
1358 	case CIL_CONS_H1:
1359 		return CIL_KEY_CONS_H1;
1360 	case CIL_CONS_H2:
1361 		return CIL_KEY_CONS_H2;
1362 
1363 	default:
1364 		break;
1365 	}
1366 
1367 	return "<unknown>";
1368 }
1369 
1370 #ifdef DISABLE_SYMVER
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1371 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1372 #else
1373 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1374 #endif
1375 {
1376 	int rc = SEPOL_ERR;
1377 	size_t str_len = 0;
1378 	int buf_pos = 0;
1379 	char *str_tmp = NULL;
1380 	struct cil_list_item *curr;
1381 	struct cil_userprefix *userprefix = NULL;
1382 	struct cil_user *user = NULL;
1383 
1384 	*out = NULL;
1385 
1386 	if (db->userprefixes->head == NULL) {
1387 		rc = SEPOL_OK;
1388 		*size = 0;
1389 		goto exit;
1390 	}
1391 
1392 	cil_list_for_each(curr, db->userprefixes) {
1393 		userprefix = curr->data;
1394 		user = userprefix->user;
1395 		str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1396 	}
1397 
1398 	*size = str_len * sizeof(char);
1399 	str_len++;
1400 	str_tmp = cil_malloc(str_len * sizeof(char));
1401 	*out = str_tmp;
1402 
1403 	cil_list_for_each(curr, db->userprefixes) {
1404 		userprefix = curr->data;
1405 		user = userprefix->user;
1406 
1407 		buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1408 									userprefix->prefix_str);
1409 		str_len -= buf_pos;
1410 		str_tmp += buf_pos;
1411 	}
1412 
1413 	rc = SEPOL_OK;
1414 exit:
1415 	return rc;
1416 
1417 }
1418 
1419 #ifndef DISABLE_SYMVER
cil_userprefixes_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1420 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1421 {
1422 	return cil_userprefixes_to_string_nopdb(db, out, size);
1423 }
1424 #endif
1425 
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1426 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1427 {
1428 	int rc = SEPOL_ERR;
1429 	struct cil_list_item *i;
1430 	struct cil_list_item *j;
1431 	struct cil_cat* cat;
1432 	struct cil_catset *cs;
1433 	struct cil_tree_node *node;
1434 
1435 	if (cats == NULL) {
1436 		rc = SEPOL_OK;
1437 		goto exit;
1438 	}
1439 
1440 	cil_list_for_each(i, cats->datum_expr) {
1441 		node = DATUM(i->data)->nodes->head->data;
1442 		if (node->flavor == CIL_CATSET) {
1443 			cs = (struct cil_catset*)i->data;
1444 			cil_list_for_each(j, cs->cats->datum_expr) {
1445 				cat = (struct cil_cat*)j->data;
1446 				rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1447 				if (rc != SEPOL_OK) {
1448 					goto exit;
1449 				}
1450 			}
1451 		} else {
1452 			cat = (struct cil_cat*)i->data;
1453 			rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1454 			if (rc != SEPOL_OK) {
1455 				goto exit;
1456 			}
1457 		}
1458 	}
1459 
1460 	return SEPOL_OK;
1461 
1462 exit:
1463 	return rc;
1464 }
1465 
cil_level_equals(struct cil_level * low,struct cil_level * high)1466 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1467 {
1468 	int rc;
1469 	struct ebitmap elow;
1470 	struct ebitmap ehigh;
1471 
1472 	if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1473 		rc = 0;
1474 		goto exit;
1475 	}
1476 
1477 	ebitmap_init(&elow);
1478 	ebitmap_init(&ehigh);
1479 
1480 	rc = cil_cats_to_ebitmap(low->cats, &elow);
1481 	if (rc != SEPOL_OK) {
1482 		goto exit;
1483 	}
1484 
1485 	rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1486 	if (rc != SEPOL_OK) {
1487 		goto exit;
1488 	}
1489 
1490 	rc = ebitmap_cmp(&elow, &ehigh);
1491 	ebitmap_destroy(&elow);
1492 	ebitmap_destroy(&ehigh);
1493 
1494 exit:
1495 	return rc;
1496 }
1497 
__cil_level_strlen(struct cil_level * lvl)1498 static int __cil_level_strlen(struct cil_level *lvl)
1499 {
1500 	struct cil_list_item *item;
1501 	struct cil_cats *cats = lvl->cats;
1502 	int str_len = 0;
1503 	char *str1 = NULL;
1504 	char *str2 = NULL;
1505 	int first = -1;
1506 	int last = -1;
1507 
1508 	str_len += strlen(lvl->sens->datum.fqn);
1509 
1510 	if (cats && cats->datum_expr != NULL) {
1511 		str_len++; /* initial ":" */
1512 		cil_list_for_each(item, cats->datum_expr) {
1513 			struct cil_cat *cat = item->data;
1514 			if (first == -1) {
1515 				str1 = cat->datum.fqn;
1516 				first = cat->value;
1517 				last = first;
1518 			} else if (cat->value == last + 1) {
1519 				last++;
1520 				str2 = cat->datum.fqn;
1521 			} else {
1522 				if (first == last) {
1523 					str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1524 				} else if (last == first + 1) {
1525 					str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1526 				} else {
1527 					str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1528 				}
1529 				first = -1;
1530 				last = -1;
1531 				if (item->next != NULL) {
1532 					str_len++; /* space for "," after */
1533 				}
1534 			}
1535 		}
1536 		if (first != -1) {
1537 			if (first == last) {
1538 				str_len += strlen(str1);
1539 			} else if (last == first + 1) {
1540 				str_len += strlen(str1) + strlen(str2) + 1;
1541 			} else {
1542 				str_len += strlen(str1) + strlen(str2) + 1;
1543 			}
1544 		}
1545 	}
1546 
1547 	return str_len;
1548 }
1549 
__cil_level_to_string(struct cil_level * lvl,char * out)1550 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1551 {
1552 	struct cil_list_item *item;
1553 	struct cil_cats *cats = lvl->cats;
1554 	int buf_pos = 0;
1555 	char *str_tmp = out;
1556 	char *str1 = NULL;
1557 	char *str2 = NULL;
1558 	int first = -1;
1559 	int last = -1;
1560 
1561 	buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1562 	str_tmp += buf_pos;
1563 
1564 	if (cats && cats->datum_expr != NULL) {
1565 		buf_pos = sprintf(str_tmp, ":");
1566 		str_tmp += buf_pos;
1567 
1568 		cil_list_for_each(item, cats->datum_expr) {
1569 			struct cil_cat *cat = item->data;
1570 			if (first == -1) {
1571 				str1 = cat->datum.fqn;
1572 				first = cat->value;
1573 				last = first;
1574 			} else if (cat->value == last + 1) {
1575 				last++;
1576 				str2 = cat->datum.fqn;
1577 			} else {
1578 				if (first == last) {
1579 					buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1580 					str_tmp += buf_pos;
1581 				} else if (last == first + 1) {
1582 					buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1583 					str_tmp += buf_pos;
1584 				} else {
1585 					buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1586 					str_tmp += buf_pos;
1587 				}
1588 				first = -1;
1589 				last = -1;
1590 				if (item->next != NULL) {
1591 					buf_pos = sprintf(str_tmp, ",");
1592 					str_tmp += buf_pos;
1593 				}
1594 			}
1595 		}
1596 		if (first != -1) {
1597 			if (first == last) {
1598 				buf_pos = sprintf(str_tmp, "%s", str1);
1599 				str_tmp += buf_pos;
1600 			} else if (last == first + 1) {
1601 				buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1602 				str_tmp += buf_pos;
1603 			} else {
1604 				buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1605 				str_tmp += buf_pos;
1606 			}
1607 		}
1608 	}
1609 
1610 	return str_tmp - out;
1611 }
1612 
1613 #ifdef DISABLE_SYMVER
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1614 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1615 #else
1616 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1617 #endif
1618 {
1619 	size_t str_len = 0;
1620 	int buf_pos = 0;
1621 	char *str_tmp = NULL;
1622 	struct cil_list_item *curr;
1623 
1624 	if (db->selinuxusers->head == NULL) {
1625 		*size = 0;
1626 		*out = NULL;
1627 		return SEPOL_OK;
1628 	}
1629 
1630 	cil_list_for_each(curr, db->selinuxusers) {
1631 		struct cil_selinuxuser *selinuxuser = curr->data;
1632 		struct cil_user *user = selinuxuser->user;
1633 
1634 		str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1635 
1636 		if (db->mls == CIL_TRUE) {
1637 			struct cil_levelrange *range = selinuxuser->range;
1638 			str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1639 		}
1640 
1641 		str_len++;
1642 	}
1643 
1644 	*size = str_len * sizeof(char);
1645 	str_tmp = cil_malloc(*size+1);
1646 	*out = str_tmp;
1647 
1648 	for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1649 		struct cil_selinuxuser *selinuxuser = curr->data;
1650 		struct cil_user *user = selinuxuser->user;
1651 
1652 		buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1653 		str_tmp += buf_pos;
1654 
1655 		if (db->mls == CIL_TRUE) {
1656 			struct cil_levelrange *range = selinuxuser->range;
1657 			buf_pos = sprintf(str_tmp, ":");
1658 			str_tmp += buf_pos;
1659 			buf_pos = __cil_level_to_string(range->low, str_tmp);
1660 			str_tmp += buf_pos;
1661 			buf_pos = sprintf(str_tmp, "-");
1662 			str_tmp += buf_pos;
1663 			buf_pos = __cil_level_to_string(range->high, str_tmp);
1664 			str_tmp += buf_pos;
1665 		}
1666 
1667 		buf_pos = sprintf(str_tmp, "\n");
1668 		str_tmp += buf_pos;
1669 	}
1670 
1671 	return SEPOL_OK;
1672 }
1673 
1674 #ifndef DISABLE_SYMVER
cil_selinuxusers_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1675 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1676 {
1677 	return cil_selinuxusers_to_string_nopdb(db, out, size);
1678 }
1679 #endif
1680 
1681 #ifdef DISABLE_SYMVER
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1682 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1683 #else
1684 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1685 #endif
1686 {
1687 	uint32_t i = 0;
1688 	int buf_pos = 0;
1689 	size_t str_len = 0;
1690 	char *str_tmp = NULL;
1691 	struct cil_sort *filecons = db->filecon;
1692 
1693 	for (i = 0; i < filecons->count; i++) {
1694 		struct cil_filecon *filecon = filecons->array[i];
1695 		struct cil_context *ctx = filecon->context;
1696 
1697 		str_len += strlen(filecon->path_str);
1698 
1699 		if (filecon->type != CIL_FILECON_ANY) {
1700 			/* If a type is specified,
1701 			   +2 for type string, +1 for tab */
1702 			str_len += 3;
1703 		}
1704 
1705 		if (ctx != NULL) {
1706 			struct cil_user *user = ctx->user;
1707 			struct cil_role *role = ctx->role;
1708 			struct cil_type *type = ctx->type;
1709 
1710 			str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1711 
1712 			if (db->mls == CIL_TRUE) {
1713 				struct cil_levelrange *range = ctx->range;
1714 				if (cil_level_equals(range->low, range->high)) {
1715 					str_len += __cil_level_strlen(range->low) + 1;
1716 				} else {
1717 					str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1718 				}
1719 			}
1720 		} else {
1721 			str_len += strlen("\t<<none>>");
1722 		}
1723 
1724 		str_len++;
1725 	}
1726 
1727 	*size = str_len * sizeof(char);
1728 	str_tmp = cil_malloc(*size+1);
1729 	*out = str_tmp;
1730 
1731 	for (i = 0; i < filecons->count; i++) {
1732 		struct cil_filecon *filecon = filecons->array[i];
1733 		struct cil_context *ctx = filecon->context;
1734 		const char *str_type = NULL;
1735 
1736 		buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1737 		str_tmp += buf_pos;
1738 
1739 		switch(filecon->type) {
1740 		case CIL_FILECON_FILE:
1741 			str_type = "\t--";
1742 			break;
1743 		case CIL_FILECON_DIR:
1744 			str_type = "\t-d";
1745 			break;
1746 		case CIL_FILECON_CHAR:
1747 			str_type = "\t-c";
1748 			break;
1749 		case CIL_FILECON_BLOCK:
1750 			str_type = "\t-b";
1751 			break;
1752 		case CIL_FILECON_SOCKET:
1753 			str_type = "\t-s";
1754 			break;
1755 		case CIL_FILECON_PIPE:
1756 			str_type = "\t-p";
1757 			break;
1758 		case CIL_FILECON_SYMLINK:
1759 			str_type = "\t-l";
1760 			break;
1761 		default:
1762 			str_type = "";
1763 			break;
1764 		}
1765 		buf_pos = sprintf(str_tmp, "%s", str_type);
1766 		str_tmp += buf_pos;
1767 
1768 		if (ctx != NULL) {
1769 			struct cil_user *user = ctx->user;
1770 			struct cil_role *role = ctx->role;
1771 			struct cil_type *type = ctx->type;
1772 
1773 			buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1774 							  type->datum.fqn);
1775 			str_tmp += buf_pos;
1776 
1777 			if (db->mls == CIL_TRUE) {
1778 				struct cil_levelrange *range = ctx->range;
1779 				buf_pos = sprintf(str_tmp, ":");
1780 				str_tmp += buf_pos;
1781 				buf_pos = __cil_level_to_string(range->low, str_tmp);
1782 				str_tmp += buf_pos;
1783 
1784 				if (!cil_level_equals(range->low, range->high)) {
1785 					buf_pos = sprintf(str_tmp, "-");
1786 					str_tmp += buf_pos;
1787 					buf_pos = __cil_level_to_string(range->high, str_tmp);
1788 					str_tmp += buf_pos;
1789 				}
1790 			}
1791 		} else {
1792 			buf_pos = sprintf(str_tmp, "\t<<none>>");
1793 			str_tmp += buf_pos;
1794 		}
1795 
1796 		buf_pos = sprintf(str_tmp, "\n");
1797 		str_tmp += buf_pos;
1798 	}
1799 
1800 	return SEPOL_OK;
1801 }
1802 
1803 #ifndef DISABLE_SYMVER
cil_filecons_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1804 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1805 {
1806 	return cil_filecons_to_string_nopdb(db, out, size);
1807 }
1808 #endif
1809 
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1810 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1811 {
1812 	db->disable_dontaudit = disable_dontaudit;
1813 }
1814 
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1815 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1816 {
1817 	db->disable_neverallow = disable_neverallow;
1818 }
1819 
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1820 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1821 {
1822 	db->attrs_expand_generated = attrs_expand_generated;
1823 }
1824 
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1825 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1826 {
1827 	db->attrs_expand_size = attrs_expand_size;
1828 }
1829 
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1830 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1831 {
1832 	db->preserve_tunables = preserve_tunables;
1833 }
1834 
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1835 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1836 {
1837 	int rc = 0;
1838 
1839 	switch (handle_unknown) {
1840 		case SEPOL_DENY_UNKNOWN:
1841 		case SEPOL_REJECT_UNKNOWN:
1842 		case SEPOL_ALLOW_UNKNOWN:
1843 			db->handle_unknown = handle_unknown;
1844 			break;
1845 		default:
1846 			cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1847 			rc = -1;
1848 	}
1849 
1850 	return rc;
1851 }
1852 
cil_set_mls(struct cil_db * db,int mls)1853 void cil_set_mls(struct cil_db *db, int mls)
1854 {
1855 	db->mls = mls;
1856 }
1857 
cil_set_multiple_decls(struct cil_db * db,int multiple_decls)1858 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
1859 {
1860 	db->multiple_decls = multiple_decls;
1861 }
1862 
cil_set_target_platform(struct cil_db * db,int target_platform)1863 void cil_set_target_platform(struct cil_db *db, int target_platform)
1864 {
1865 	db->target_platform = target_platform;
1866 }
1867 
cil_set_policy_version(struct cil_db * db,int policy_version)1868 void cil_set_policy_version(struct cil_db *db, int policy_version)
1869 {
1870 	db->policy_version = policy_version;
1871 }
1872 
cil_symtab_array_init(symtab_t symtab[],int symtab_sizes[CIL_SYM_NUM])1873 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM])
1874 {
1875 	uint32_t i = 0;
1876 	for (i = 0; i < CIL_SYM_NUM; i++) {
1877 		cil_symtab_init(&symtab[i], symtab_sizes[i]);
1878 	}
1879 }
1880 
cil_symtab_array_destroy(symtab_t symtab[])1881 void cil_symtab_array_destroy(symtab_t symtab[])
1882 {
1883 	int i = 0;
1884 	for (i = 0; i < CIL_SYM_NUM; i++) {
1885 		cil_symtab_destroy(&symtab[i]);
1886 	}
1887 }
1888 
cil_destroy_ast_symtabs(struct cil_tree_node * current)1889 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1890 {
1891 	while (current) {
1892 		switch (current->flavor) {
1893 		case CIL_BLOCK:
1894 			cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1895 			break;
1896 		case CIL_IN:
1897 			cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1898 			break;
1899 		case CIL_CLASS:
1900 		case CIL_COMMON:
1901 		case CIL_MAP_CLASS:
1902 			cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1903 			break;
1904 		case CIL_MACRO:
1905 			cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1906 			break;
1907 		case CIL_CONDBLOCK:
1908 			cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1909 			break;
1910 		default:
1911 			break;
1912 		}
1913 
1914 		if (current->cl_head) {
1915 			cil_destroy_ast_symtabs(current->cl_head);
1916 		}
1917 
1918 		current = current->next;
1919 	}
1920 }
1921 
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1922 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1923 {
1924 	struct cil_tree_node *node = ast_node;
1925 	*symtab = NULL;
1926 
1927 	if (sym_index == CIL_SYM_PERMS) {
1928 		/* Class statements are not blocks, so the passed node should be the class */
1929 		if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1930 			node->flavor == CIL_COMMON) {
1931 			*symtab = &((struct cil_class*)node->data)->perms;
1932 			return SEPOL_OK;
1933 		}
1934 		goto exit;
1935 	}
1936 
1937 	if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1938 		cil_log(CIL_ERR, "Invalid symtab type\n");
1939 		goto exit;
1940 	}
1941 
1942 	while (node != NULL && *symtab == NULL) {
1943 		switch (node->flavor) {
1944 		case CIL_ROOT:
1945 			*symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1946 			break;
1947 		case CIL_BLOCK:
1948 			*symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1949 			break;
1950 		case CIL_MACRO:
1951 			*symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1952 			break;
1953 		case CIL_IN:
1954 			/* In blocks only exist before resolving the AST */
1955 			*symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1956 			break;
1957 		case CIL_CONDBLOCK: {
1958 			if (node->parent->flavor == CIL_TUNABLEIF) {
1959 				/* Cond blocks only exist before resolving the AST */
1960 				*symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1961 			} else if (node->parent->flavor == CIL_BOOLEANIF) {
1962 				node = node->parent->parent;
1963 			}
1964 			break;
1965 		}
1966 		default:
1967 			node = node->parent;
1968 		}
1969 	}
1970 
1971 	if (*symtab == NULL) {
1972 		goto exit;
1973 	}
1974 
1975 	return SEPOL_OK;
1976 
1977 exit:
1978 	cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
1979 	return SEPOL_ERR;
1980 }
1981 
cil_sort_init(struct cil_sort ** sort)1982 void cil_sort_init(struct cil_sort **sort)
1983 {
1984 	*sort = cil_malloc(sizeof(**sort));
1985 
1986 	(*sort)->flavor = CIL_NONE;
1987 	(*sort)->count = 0;
1988 	(*sort)->index = 0;
1989 	(*sort)->array = NULL;
1990 }
1991 
cil_sort_destroy(struct cil_sort ** sort)1992 void cil_sort_destroy(struct cil_sort **sort)
1993 {
1994 	(*sort)->flavor = CIL_NONE;
1995 	(*sort)->count = 0;
1996 	(*sort)->index = 0;
1997 	if ((*sort)->array != NULL) {
1998 		free((*sort)->array);
1999 	}
2000 	(*sort)->array = NULL;
2001 
2002 	free(*sort);
2003 	*sort = NULL;
2004 }
2005 
cil_netifcon_init(struct cil_netifcon ** netifcon)2006 void cil_netifcon_init(struct cil_netifcon **netifcon)
2007 {
2008 	*netifcon = cil_malloc(sizeof(**netifcon));
2009 
2010 	(*netifcon)->interface_str = NULL;
2011 	(*netifcon)->if_context_str = NULL;
2012 	(*netifcon)->if_context = NULL;
2013 	(*netifcon)->packet_context_str = NULL;
2014 	(*netifcon)->packet_context = NULL;
2015 	(*netifcon)->context_str = NULL;
2016 }
2017 
cil_ibendportcon_init(struct cil_ibendportcon ** ibendportcon)2018 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon)
2019 {
2020 	*ibendportcon = cil_malloc(sizeof(**ibendportcon));
2021 
2022 	(*ibendportcon)->dev_name_str = NULL;
2023 	(*ibendportcon)->port = 0;
2024 	(*ibendportcon)->context_str = NULL;
2025 	(*ibendportcon)->context = NULL;
2026 }
2027 
cil_context_init(struct cil_context ** context)2028 void cil_context_init(struct cil_context **context)
2029 {
2030 	*context = cil_malloc(sizeof(**context));
2031 
2032 	cil_symtab_datum_init(&(*context)->datum);
2033 	(*context)->user_str = NULL;
2034 	(*context)->user = NULL;
2035 	(*context)->role_str = NULL;
2036 	(*context)->role = NULL;
2037 	(*context)->type_str = NULL;
2038 	(*context)->type = NULL;
2039 	(*context)->range_str = NULL;
2040 	(*context)->range = NULL;
2041 }
2042 
cil_level_init(struct cil_level ** level)2043 void cil_level_init(struct cil_level **level)
2044 {
2045 	*level = cil_malloc(sizeof(**level));
2046 
2047 	cil_symtab_datum_init(&(*level)->datum);
2048 	(*level)->sens_str = NULL;
2049 	(*level)->sens = NULL;
2050 	(*level)->cats = NULL;
2051 }
2052 
cil_levelrange_init(struct cil_levelrange ** range)2053 void cil_levelrange_init(struct cil_levelrange **range)
2054 {
2055 	*range = cil_malloc(sizeof(**range));
2056 
2057 	cil_symtab_datum_init(&(*range)->datum);
2058 	(*range)->low_str = NULL;
2059 	(*range)->low = NULL;
2060 	(*range)->high_str = NULL;
2061 	(*range)->high = NULL;
2062 }
2063 
cil_sens_init(struct cil_sens ** sens)2064 void cil_sens_init(struct cil_sens **sens)
2065 {
2066 	*sens = cil_malloc(sizeof(**sens));
2067 
2068 	cil_symtab_datum_init(&(*sens)->datum);
2069 
2070 	(*sens)->cats_list = NULL;
2071 
2072 	(*sens)->ordered = CIL_FALSE;
2073 }
2074 
cil_block_init(struct cil_block ** block)2075 void cil_block_init(struct cil_block **block)
2076 {
2077 	*block = cil_malloc(sizeof(**block));
2078 
2079 	cil_symtab_datum_init(&(*block)->datum);
2080 
2081 	cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
2082 
2083 	(*block)->is_abstract = CIL_FALSE;
2084 
2085 	(*block)->bi_nodes = NULL;
2086 }
2087 
cil_blockinherit_init(struct cil_blockinherit ** inherit)2088 void cil_blockinherit_init(struct cil_blockinherit **inherit)
2089 {
2090 	*inherit = cil_malloc(sizeof(**inherit));
2091 	(*inherit)->block_str = NULL;
2092 	(*inherit)->block = NULL;
2093 }
2094 
cil_blockabstract_init(struct cil_blockabstract ** abstract)2095 void cil_blockabstract_init(struct cil_blockabstract **abstract)
2096 {
2097 	*abstract = cil_malloc(sizeof(**abstract));
2098 	(*abstract)->block_str = NULL;
2099 }
2100 
cil_in_init(struct cil_in ** in)2101 void cil_in_init(struct cil_in **in)
2102 {
2103 	*in = cil_malloc(sizeof(**in));
2104 
2105 	cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
2106 	(*in)->block_str = NULL;
2107 }
2108 
cil_class_init(struct cil_class ** class)2109 void cil_class_init(struct cil_class **class)
2110 {
2111 	*class = cil_malloc(sizeof(**class));
2112 
2113 	cil_symtab_datum_init(&(*class)->datum);
2114 
2115 	cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
2116 
2117 	(*class)->num_perms = 0;
2118 	(*class)->common = NULL;
2119 	(*class)->ordered = CIL_FALSE;
2120 }
2121 
cil_classorder_init(struct cil_classorder ** classorder)2122 void cil_classorder_init(struct cil_classorder **classorder)
2123 {
2124 	*classorder = cil_malloc(sizeof(**classorder));
2125 
2126 	(*classorder)->class_list_str = NULL;
2127 }
2128 
cil_classcommon_init(struct cil_classcommon ** classcommon)2129 void cil_classcommon_init(struct cil_classcommon **classcommon)
2130 {
2131 	*classcommon = cil_malloc(sizeof(**classcommon));
2132 
2133 	(*classcommon)->class_str = NULL;
2134 	(*classcommon)->common_str = NULL;
2135 }
2136 
cil_sid_init(struct cil_sid ** sid)2137 void cil_sid_init(struct cil_sid **sid)
2138 {
2139 	*sid = cil_malloc(sizeof(**sid));
2140 
2141 	cil_symtab_datum_init(&(*sid)->datum);
2142 
2143 	(*sid)->ordered = CIL_FALSE;
2144 	(*sid)->context = NULL;
2145 }
2146 
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)2147 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
2148 {
2149 	*sidcontext = cil_malloc(sizeof(**sidcontext));
2150 
2151 	(*sidcontext)->sid_str = NULL;
2152 	(*sidcontext)->context_str = NULL;
2153 	(*sidcontext)->context = NULL;
2154 }
2155 
cil_sidorder_init(struct cil_sidorder ** sidorder)2156 void cil_sidorder_init(struct cil_sidorder **sidorder)
2157 {
2158 	*sidorder = cil_malloc(sizeof(**sidorder));
2159 
2160 	(*sidorder)->sid_list_str = NULL;
2161 }
2162 
cil_userrole_init(struct cil_userrole ** userrole)2163 void cil_userrole_init(struct cil_userrole **userrole)
2164 {
2165 	*userrole = cil_malloc(sizeof(**userrole));
2166 
2167 	(*userrole)->user_str = NULL;
2168 	(*userrole)->user = NULL;
2169 	(*userrole)->role_str = NULL;
2170 	(*userrole)->role = NULL;
2171 }
2172 
cil_userprefix_init(struct cil_userprefix ** userprefix)2173 void cil_userprefix_init(struct cil_userprefix **userprefix)
2174 {
2175 	*userprefix = cil_malloc(sizeof(**userprefix));
2176 
2177 	(*userprefix)->user_str = NULL;
2178 	(*userprefix)->user = NULL;
2179 	(*userprefix)->prefix_str = NULL;
2180 }
2181 
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)2182 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
2183 {
2184 	*selinuxuser = cil_malloc(sizeof(**selinuxuser));
2185 
2186 	(*selinuxuser)->name_str = NULL;
2187 	(*selinuxuser)->user_str = NULL;
2188 	(*selinuxuser)->user = NULL;
2189 	(*selinuxuser)->range_str = NULL;
2190 	(*selinuxuser)->range = NULL;
2191 }
2192 
cil_roletype_init(struct cil_roletype ** roletype)2193 void cil_roletype_init(struct cil_roletype **roletype)
2194 {
2195 	*roletype = cil_malloc(sizeof(**roletype));
2196 
2197 	(*roletype)->role_str = NULL;
2198 	(*roletype)->role = NULL;
2199 	(*roletype)->type_str = NULL;
2200 	(*roletype)->type = NULL;
2201 }
2202 
cil_roleattribute_init(struct cil_roleattribute ** attr)2203 void cil_roleattribute_init(struct cil_roleattribute **attr)
2204 {
2205 	*attr = cil_malloc(sizeof(**attr));
2206 
2207 	cil_symtab_datum_init(&(*attr)->datum);
2208 
2209 	(*attr)->expr_list = NULL;
2210 	(*attr)->roles = NULL;
2211 }
2212 
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2213 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2214 {
2215 	*attrset = cil_malloc(sizeof(**attrset));
2216 
2217 	(*attrset)->attr_str = NULL;
2218 	(*attrset)->str_expr = NULL;
2219 	(*attrset)->datum_expr = NULL;
2220 }
2221 
cil_typeattribute_init(struct cil_typeattribute ** attr)2222 void cil_typeattribute_init(struct cil_typeattribute **attr)
2223 {
2224 	*attr = cil_malloc(sizeof(**attr));
2225 
2226 	cil_symtab_datum_init(&(*attr)->datum);
2227 
2228 	(*attr)->expr_list = NULL;
2229 	(*attr)->types = NULL;
2230 	(*attr)->used = CIL_FALSE;
2231 	(*attr)->keep = CIL_FALSE;
2232 }
2233 
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2234 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2235 {
2236 	*attrset = cil_malloc(sizeof(**attrset));
2237 
2238 	(*attrset)->attr_str = NULL;
2239 	(*attrset)->str_expr = NULL;
2240 	(*attrset)->datum_expr = NULL;
2241 }
2242 
cil_expandtypeattribute_init(struct cil_expandtypeattribute ** expandattr)2243 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr)
2244 {
2245 	*expandattr = cil_malloc(sizeof(**expandattr));
2246 
2247 	(*expandattr)->attr_strs = NULL;
2248 	(*expandattr)->attr_datums = NULL;
2249 	(*expandattr)->expand = 0;
2250 }
2251 
cil_alias_init(struct cil_alias ** alias)2252 void cil_alias_init(struct cil_alias **alias)
2253 {
2254 	*alias = cil_malloc(sizeof(**alias));
2255 
2256 	(*alias)->actual = NULL;
2257 
2258 	cil_symtab_datum_init(&(*alias)->datum);
2259 }
2260 
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2261 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2262 {
2263 	*aliasactual = cil_malloc(sizeof(**aliasactual));
2264 
2265 	(*aliasactual)->alias_str = NULL;
2266 	(*aliasactual)->actual_str = NULL;
2267 }
2268 
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2269 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2270 {
2271 	*typeperm = cil_malloc(sizeof(**typeperm));
2272 
2273 	(*typeperm)->type_str = NULL;
2274 	(*typeperm)->type = NULL;
2275 }
2276 
cil_name_init(struct cil_name ** name)2277 void cil_name_init(struct cil_name **name)
2278 {
2279 	*name = cil_malloc(sizeof(**name));
2280 
2281 	cil_symtab_datum_init(&(*name)->datum);
2282 	(*name)->name_str = NULL;
2283 }
2284 
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2285 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2286 {
2287 	*nametypetrans = cil_malloc(sizeof(**nametypetrans));
2288 
2289 	(*nametypetrans)->src_str = NULL;
2290 	(*nametypetrans)->src = NULL;
2291 	(*nametypetrans)->tgt_str = NULL;
2292 	(*nametypetrans)->tgt = NULL;
2293 	(*nametypetrans)->obj_str = NULL;
2294 	(*nametypetrans)->obj = NULL;
2295 	(*nametypetrans)->name_str = NULL;
2296 	(*nametypetrans)->name = NULL;
2297 	(*nametypetrans)->result_str = NULL;
2298 	(*nametypetrans)->result = NULL;
2299 }
2300 
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2301 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2302 {
2303         *rangetrans = cil_malloc(sizeof(**rangetrans));
2304 
2305 	(*rangetrans)->src_str = NULL;
2306 	(*rangetrans)->src = NULL;
2307 	(*rangetrans)->exec_str = NULL;
2308 	(*rangetrans)->exec = NULL;
2309 	(*rangetrans)->obj_str = NULL;
2310 	(*rangetrans)->obj = NULL;
2311 	(*rangetrans)->range_str = NULL;
2312 	(*rangetrans)->range = NULL;
2313 }
2314 
cil_bool_init(struct cil_bool ** cilbool)2315 void cil_bool_init(struct cil_bool **cilbool)
2316 {
2317 	*cilbool = cil_malloc(sizeof(**cilbool));
2318 
2319 	cil_symtab_datum_init(&(*cilbool)->datum);
2320 	(*cilbool)->value = 0;
2321 }
2322 
cil_tunable_init(struct cil_tunable ** ciltun)2323 void cil_tunable_init(struct cil_tunable **ciltun)
2324 {
2325 	*ciltun = cil_malloc(sizeof(**ciltun));
2326 
2327 	cil_symtab_datum_init(&(*ciltun)->datum);
2328 	(*ciltun)->value = 0;
2329 }
2330 
cil_condblock_init(struct cil_condblock ** cb)2331 void cil_condblock_init(struct cil_condblock **cb)
2332 {
2333 	*cb = cil_malloc(sizeof(**cb));
2334 
2335 	(*cb)->flavor = CIL_NONE;
2336 	cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2337 }
2338 
cil_boolif_init(struct cil_booleanif ** bif)2339 void cil_boolif_init(struct cil_booleanif **bif)
2340 {
2341 	*bif = cil_malloc(sizeof(**bif));
2342 
2343 	(*bif)->str_expr = NULL;
2344 	(*bif)->datum_expr = NULL;
2345 }
2346 
cil_tunif_init(struct cil_tunableif ** tif)2347 void cil_tunif_init(struct cil_tunableif **tif)
2348 {
2349 	*tif = cil_malloc(sizeof(**tif));
2350 
2351 	(*tif)->str_expr = NULL;
2352 	(*tif)->datum_expr = NULL;
2353 }
2354 
cil_avrule_init(struct cil_avrule ** avrule)2355 void cil_avrule_init(struct cil_avrule **avrule)
2356 {
2357 	*avrule = cil_malloc(sizeof(**avrule));
2358 
2359 	(*avrule)->is_extended = 0;
2360 	(*avrule)->rule_kind = CIL_NONE;
2361 	(*avrule)->src_str = NULL;
2362 	(*avrule)->src = NULL;
2363 	(*avrule)->tgt_str = NULL;
2364 	(*avrule)->tgt = NULL;
2365 	memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2366 }
2367 
cil_permissionx_init(struct cil_permissionx ** permx)2368 void cil_permissionx_init(struct cil_permissionx **permx)
2369 {
2370 	*permx = cil_malloc(sizeof(**permx));
2371 
2372 	cil_symtab_datum_init(&(*permx)->datum);
2373 	(*permx)->kind = CIL_NONE;
2374 	(*permx)->obj_str = NULL;
2375 	(*permx)->obj = NULL;
2376 	(*permx)->expr_str = NULL;
2377 	(*permx)->perms = NULL;
2378 }
2379 
cil_type_rule_init(struct cil_type_rule ** type_rule)2380 void cil_type_rule_init(struct cil_type_rule **type_rule)
2381 {
2382 	*type_rule = cil_malloc(sizeof(**type_rule));
2383 
2384 	(*type_rule)->rule_kind = CIL_NONE;
2385 	(*type_rule)->src_str = NULL;
2386 	(*type_rule)->src = NULL;
2387 	(*type_rule)->tgt_str = NULL;
2388 	(*type_rule)->tgt = NULL;
2389 	(*type_rule)->obj_str = NULL;
2390 	(*type_rule)->obj = NULL;
2391 	(*type_rule)->result_str = NULL;
2392 	(*type_rule)->result = NULL;
2393 }
2394 
cil_roletransition_init(struct cil_roletransition ** role_trans)2395 void cil_roletransition_init(struct cil_roletransition **role_trans)
2396 {
2397 	*role_trans = cil_malloc(sizeof(**role_trans));
2398 
2399 	(*role_trans)->src_str = NULL;
2400 	(*role_trans)->src = NULL;
2401 	(*role_trans)->tgt_str = NULL;
2402 	(*role_trans)->tgt = NULL;
2403 	(*role_trans)->obj_str = NULL;
2404 	(*role_trans)->obj = NULL;
2405 	(*role_trans)->result_str = NULL;
2406 	(*role_trans)->result = NULL;
2407 }
2408 
cil_roleallow_init(struct cil_roleallow ** roleallow)2409 void cil_roleallow_init(struct cil_roleallow **roleallow)
2410 {
2411 	*roleallow = cil_malloc(sizeof(**roleallow));
2412 
2413 	(*roleallow)->src_str = NULL;
2414 	(*roleallow)->src = NULL;
2415 	(*roleallow)->tgt_str = NULL;
2416 	(*roleallow)->tgt = NULL;
2417 }
2418 
cil_catset_init(struct cil_catset ** catset)2419 void cil_catset_init(struct cil_catset **catset)
2420 {
2421 	*catset = cil_malloc(sizeof(**catset));
2422 
2423 	cil_symtab_datum_init(&(*catset)->datum);
2424 	(*catset)->cats = NULL;
2425 }
2426 
cil_senscat_init(struct cil_senscat ** senscat)2427 void cil_senscat_init(struct cil_senscat **senscat)
2428 {
2429 	*senscat = cil_malloc(sizeof(**senscat));
2430 
2431 	(*senscat)->sens_str = NULL;
2432 	(*senscat)->cats = NULL;
2433 }
2434 
cil_cats_init(struct cil_cats ** cats)2435 void cil_cats_init(struct cil_cats **cats)
2436 {
2437 	*cats = cil_malloc(sizeof(**cats));
2438 
2439 	(*cats)->evaluated = CIL_FALSE;
2440 	(*cats)->str_expr = NULL;
2441 	(*cats)->datum_expr = NULL;
2442 }
2443 
cil_filecon_init(struct cil_filecon ** filecon)2444 void cil_filecon_init(struct cil_filecon **filecon)
2445 {
2446 	*filecon = cil_malloc(sizeof(**filecon));
2447 
2448 	(*filecon)->path_str = NULL;
2449 	(*filecon)->type = 0;
2450 	(*filecon)->context_str = NULL;
2451 	(*filecon)->context = NULL;
2452 }
2453 
cil_ibpkeycon_init(struct cil_ibpkeycon ** ibpkeycon)2454 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon)
2455 {
2456 	*ibpkeycon = cil_malloc(sizeof(**ibpkeycon));
2457 
2458 	(*ibpkeycon)->subnet_prefix_str = NULL;
2459 	(*ibpkeycon)->pkey_low = 0;
2460 	(*ibpkeycon)->pkey_high = 0;
2461 	(*ibpkeycon)->context_str = NULL;
2462 	(*ibpkeycon)->context = NULL;
2463 }
2464 
cil_portcon_init(struct cil_portcon ** portcon)2465 void cil_portcon_init(struct cil_portcon **portcon)
2466 {
2467 	*portcon = cil_malloc(sizeof(**portcon));
2468 	(*portcon)->proto = 0;
2469 	(*portcon)->port_low = 0;
2470 	(*portcon)->port_high = 0;
2471 	(*portcon)->context_str = NULL;
2472 	(*portcon)->context = NULL;
2473 }
2474 
cil_nodecon_init(struct cil_nodecon ** nodecon)2475 void cil_nodecon_init(struct cil_nodecon **nodecon)
2476 {
2477 	*nodecon = cil_malloc(sizeof(**nodecon));
2478 
2479 	(*nodecon)->addr_str = NULL;
2480 	(*nodecon)->addr = NULL;
2481 	(*nodecon)->mask_str = NULL;
2482 	(*nodecon)->mask = NULL;
2483 	(*nodecon)->context_str = NULL;
2484 	(*nodecon)->context = NULL;
2485 }
2486 
cil_genfscon_init(struct cil_genfscon ** genfscon)2487 void cil_genfscon_init(struct cil_genfscon **genfscon)
2488 {
2489 	*genfscon = cil_malloc(sizeof(**genfscon));
2490 
2491 	(*genfscon)->fs_str = NULL;
2492 	(*genfscon)->path_str = NULL;
2493 	(*genfscon)->context_str = NULL;
2494 	(*genfscon)->context = NULL;
2495 }
2496 
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2497 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2498 {
2499 	*pirqcon = cil_malloc(sizeof(**pirqcon));
2500 
2501 	(*pirqcon)->pirq = 0;
2502 	(*pirqcon)->context_str = NULL;
2503 	(*pirqcon)->context = NULL;
2504 }
2505 
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2506 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2507 {
2508 	*iomemcon = cil_malloc(sizeof(**iomemcon));
2509 
2510 	(*iomemcon)->iomem_low = 0;
2511 	(*iomemcon)->iomem_high = 0;
2512 	(*iomemcon)->context_str = NULL;
2513 	(*iomemcon)->context = NULL;
2514 }
2515 
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2516 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2517 {
2518 	*ioportcon = cil_malloc(sizeof(**ioportcon));
2519 
2520 	(*ioportcon)->context_str = NULL;
2521 	(*ioportcon)->context = NULL;
2522 }
2523 
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2524 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2525 {
2526 	*pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2527 
2528 	(*pcidevicecon)->dev = 0;
2529 	(*pcidevicecon)->context_str = NULL;
2530 	(*pcidevicecon)->context = NULL;
2531 }
2532 
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2533 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2534 {
2535 	*dtcon = cil_malloc(sizeof(**dtcon));
2536 
2537 	(*dtcon)->path = NULL;
2538 	(*dtcon)->context_str = NULL;
2539 	(*dtcon)->context = NULL;
2540 }
2541 
cil_fsuse_init(struct cil_fsuse ** fsuse)2542 void cil_fsuse_init(struct cil_fsuse **fsuse)
2543 {
2544 	*fsuse = cil_malloc(sizeof(**fsuse));
2545 
2546 	(*fsuse)->type = 0;
2547 	(*fsuse)->fs_str = NULL;
2548 	(*fsuse)->context_str = NULL;
2549 	(*fsuse)->context = NULL;
2550 }
2551 
cil_constrain_init(struct cil_constrain ** constrain)2552 void cil_constrain_init(struct cil_constrain **constrain)
2553 {
2554 	*constrain = cil_malloc(sizeof(**constrain));
2555 
2556 	(*constrain)->classperms = NULL;
2557 	(*constrain)->str_expr = NULL;
2558 	(*constrain)->datum_expr = NULL;
2559 }
2560 
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2561 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2562 {
2563 	*validtrans = cil_malloc(sizeof(**validtrans));
2564 
2565 	(*validtrans)->class_str = NULL;
2566 	(*validtrans)->class = NULL;
2567 	(*validtrans)->str_expr = NULL;
2568 	(*validtrans)->datum_expr = NULL;
2569 }
2570 
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2571 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2572 {
2573 	*ipaddr = cil_malloc(sizeof(**ipaddr));
2574 
2575 	cil_symtab_datum_init(&(*ipaddr)->datum);
2576 	memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2577 }
2578 
cil_perm_init(struct cil_perm ** perm)2579 void cil_perm_init(struct cil_perm **perm)
2580 {
2581 	*perm = cil_malloc(sizeof(**perm));
2582 
2583 	cil_symtab_datum_init(&(*perm)->datum);
2584 	(*perm)->value = 0;
2585 	(*perm)->classperms = NULL;
2586 }
2587 
cil_classpermission_init(struct cil_classpermission ** cp)2588 void cil_classpermission_init(struct cil_classpermission **cp)
2589 {
2590 	*cp = cil_malloc(sizeof(**cp));
2591 
2592 	cil_symtab_datum_init(&(*cp)->datum);
2593 	(*cp)->classperms = NULL;
2594 }
2595 
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2596 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2597 {
2598 	*cps = cil_malloc(sizeof(**cps));
2599 
2600 	(*cps)->set_str = NULL;
2601 	(*cps)->classperms = NULL;
2602 }
2603 
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2604 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2605 {
2606 	*cp_set = cil_malloc(sizeof(**cp_set));
2607 	(*cp_set)->set_str = NULL;
2608 	(*cp_set)->set = NULL;
2609 }
2610 
cil_classperms_init(struct cil_classperms ** cp)2611 void cil_classperms_init(struct cil_classperms **cp)
2612 {
2613 	*cp = cil_malloc(sizeof(**cp));
2614 	(*cp)->class_str = NULL;
2615 	(*cp)->class = NULL;
2616 	(*cp)->perm_strs = NULL;
2617 	(*cp)->perms = NULL;
2618 }
2619 
cil_classmapping_init(struct cil_classmapping ** mapping)2620 void cil_classmapping_init(struct cil_classmapping **mapping)
2621 {
2622 	*mapping = cil_malloc(sizeof(**mapping));
2623 
2624 	(*mapping)->map_class_str = NULL;
2625 	(*mapping)->map_perm_str = NULL;
2626 	(*mapping)->classperms = NULL;
2627 }
2628 
cil_user_init(struct cil_user ** user)2629 void cil_user_init(struct cil_user **user)
2630 {
2631 	*user = cil_malloc(sizeof(**user));
2632 
2633 	cil_symtab_datum_init(&(*user)->datum);
2634 	(*user)->bounds = NULL;
2635 	(*user)->roles = NULL;
2636 	(*user)->dftlevel = NULL;
2637 	(*user)->range = NULL;
2638 	(*user)->value = 0;
2639 }
2640 
cil_userattribute_init(struct cil_userattribute ** attr)2641 void cil_userattribute_init(struct cil_userattribute **attr)
2642 {
2643 	*attr = cil_malloc(sizeof(**attr));
2644 
2645 	cil_symtab_datum_init(&(*attr)->datum);
2646 
2647 	(*attr)->expr_list = NULL;
2648 	(*attr)->users = NULL;
2649 }
2650 
cil_userattributeset_init(struct cil_userattributeset ** attrset)2651 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2652 {
2653 	*attrset = cil_malloc(sizeof(**attrset));
2654 
2655 	(*attrset)->attr_str = NULL;
2656 	(*attrset)->str_expr = NULL;
2657 	(*attrset)->datum_expr = NULL;
2658 }
2659 
cil_userlevel_init(struct cil_userlevel ** usrlvl)2660 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2661 {
2662 	*usrlvl = cil_malloc(sizeof(**usrlvl));
2663 
2664 	(*usrlvl)->user_str = NULL;
2665 	(*usrlvl)->level_str = NULL;
2666 	(*usrlvl)->level = NULL;
2667 }
2668 
cil_userrange_init(struct cil_userrange ** userrange)2669 void cil_userrange_init(struct cil_userrange **userrange)
2670 {
2671 	*userrange = cil_malloc(sizeof(**userrange));
2672 
2673 	(*userrange)->user_str = NULL;
2674 	(*userrange)->range_str = NULL;
2675 	(*userrange)->range = NULL;
2676 }
2677 
cil_role_init(struct cil_role ** role)2678 void cil_role_init(struct cil_role **role)
2679 {
2680 	*role = cil_malloc(sizeof(**role));
2681 
2682 	cil_symtab_datum_init(&(*role)->datum);
2683 	(*role)->bounds = NULL;
2684 	(*role)->types = NULL;
2685 	(*role)->value = 0;
2686 }
2687 
cil_type_init(struct cil_type ** type)2688 void cil_type_init(struct cil_type **type)
2689 {
2690 	*type = cil_malloc(sizeof(**type));
2691 
2692 	cil_symtab_datum_init(&(*type)->datum);
2693 	(*type)->bounds = NULL;
2694 	(*type)->value = 0;
2695 }
2696 
cil_cat_init(struct cil_cat ** cat)2697 void cil_cat_init(struct cil_cat **cat)
2698 {
2699 	*cat = cil_malloc(sizeof(**cat));
2700 
2701 	cil_symtab_datum_init(&(*cat)->datum);
2702 	(*cat)->ordered = CIL_FALSE;
2703 	(*cat)->value = 0;
2704 }
2705 
cil_catorder_init(struct cil_catorder ** catorder)2706 void cil_catorder_init(struct cil_catorder **catorder)
2707 {
2708 	*catorder = cil_malloc(sizeof(**catorder));
2709 
2710 	(*catorder)->cat_list_str = NULL;
2711 }
2712 
cil_sensorder_init(struct cil_sensorder ** sensorder)2713 void cil_sensorder_init(struct cil_sensorder **sensorder)
2714 {
2715 	*sensorder = cil_malloc(sizeof(**sensorder));
2716 
2717 	(*sensorder)->sens_list_str = NULL;
2718 }
2719 
cil_args_init(struct cil_args ** args)2720 void cil_args_init(struct cil_args **args)
2721 {
2722 	*args = cil_malloc(sizeof(**args));
2723 	(*args)->arg_str = NULL;
2724 	(*args)->arg = NULL;
2725 	(*args)->param_str = NULL;
2726 	(*args)->flavor = CIL_NONE;
2727 }
2728 
cil_call_init(struct cil_call ** call)2729 void cil_call_init(struct cil_call **call)
2730 {
2731 	*call = cil_malloc(sizeof(**call));
2732 
2733 	(*call)->macro_str = NULL;
2734 	(*call)->macro = NULL;
2735 	(*call)->args_tree = NULL;
2736 	(*call)->args = NULL;
2737 	(*call)->copied = 0;
2738 }
2739 
cil_optional_init(struct cil_optional ** optional)2740 void cil_optional_init(struct cil_optional **optional)
2741 {
2742 	*optional = cil_malloc(sizeof(**optional));
2743 	(*optional)->enabled = CIL_TRUE;
2744 	cil_symtab_datum_init(&(*optional)->datum);
2745 }
2746 
cil_param_init(struct cil_param ** param)2747 void cil_param_init(struct cil_param **param)
2748 {
2749 	*param = cil_malloc(sizeof(**param));
2750 
2751 	(*param)->str = NULL;
2752 	(*param)->flavor = CIL_NONE;
2753 }
2754 
cil_macro_init(struct cil_macro ** macro)2755 void cil_macro_init(struct cil_macro **macro)
2756 {
2757 	*macro = cil_malloc(sizeof(**macro));
2758 
2759 	cil_symtab_datum_init(&(*macro)->datum);
2760 	cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2761 	(*macro)->params = NULL;
2762 }
2763 
cil_policycap_init(struct cil_policycap ** policycap)2764 void cil_policycap_init(struct cil_policycap **policycap)
2765 {
2766 	*policycap = cil_malloc(sizeof(**policycap));
2767 
2768 	cil_symtab_datum_init(&(*policycap)->datum);
2769 }
2770 
cil_bounds_init(struct cil_bounds ** bounds)2771 void cil_bounds_init(struct cil_bounds **bounds)
2772 {
2773 	*bounds = cil_malloc(sizeof(**bounds));
2774 
2775 	(*bounds)->parent_str = NULL;
2776 	(*bounds)->child_str = NULL;
2777 }
2778 
cil_default_init(struct cil_default ** def)2779 void cil_default_init(struct cil_default **def)
2780 {
2781 	*def = cil_malloc(sizeof(**def));
2782 
2783 	(*def)->flavor = CIL_NONE;
2784 	(*def)->class_strs = NULL;
2785 	(*def)->class_datums = NULL;
2786 }
2787 
cil_defaultrange_init(struct cil_defaultrange ** def)2788 void cil_defaultrange_init(struct cil_defaultrange **def)
2789 {
2790 	*def = cil_malloc(sizeof(**def));
2791 
2792 	(*def)->class_strs = NULL;
2793 	(*def)->class_datums = NULL;
2794 }
2795 
cil_handleunknown_init(struct cil_handleunknown ** unk)2796 void cil_handleunknown_init(struct cil_handleunknown **unk)
2797 {
2798 	*unk = cil_malloc(sizeof(**unk));
2799 }
2800 
cil_mls_init(struct cil_mls ** mls)2801 void cil_mls_init(struct cil_mls **mls)
2802 {
2803 	*mls = cil_malloc(sizeof(**mls));
2804 	(*mls)->value = 0;
2805 }
2806 
cil_src_info_init(struct cil_src_info ** info)2807 void cil_src_info_init(struct cil_src_info **info)
2808 {
2809 	*info = cil_malloc(sizeof(**info));
2810 	(*info)->is_cil = 0;
2811 	(*info)->path = NULL;
2812 }
2813