1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "dso.h"
54
55 #ifndef DISABLE_SYMVER
56 asm(".symver cil_build_policydb_pdb, cil_build_policydb@");
57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
58
59 asm(".symver cil_compile_pdb, cil_compile@");
60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1");
61
62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string@");
63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1");
64
65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string@");
66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1");
67
68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string@");
69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1");
70 #endif
71
72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
78 };
79
cil_init_keys(void)80 static void cil_init_keys(void)
81 {
82 /* Initialize CIL Keys into strpool */
83 CIL_KEY_CONS_T1 = cil_strpool_add("t1");
84 CIL_KEY_CONS_T2 = cil_strpool_add("t2");
85 CIL_KEY_CONS_T3 = cil_strpool_add("t3");
86 CIL_KEY_CONS_R1 = cil_strpool_add("r1");
87 CIL_KEY_CONS_R2 = cil_strpool_add("r2");
88 CIL_KEY_CONS_R3 = cil_strpool_add("r3");
89 CIL_KEY_CONS_U1 = cil_strpool_add("u1");
90 CIL_KEY_CONS_U2 = cil_strpool_add("u2");
91 CIL_KEY_CONS_U3 = cil_strpool_add("u3");
92 CIL_KEY_CONS_L1 = cil_strpool_add("l1");
93 CIL_KEY_CONS_L2 = cil_strpool_add("l2");
94 CIL_KEY_CONS_H1 = cil_strpool_add("h1");
95 CIL_KEY_CONS_H2 = cil_strpool_add("h2");
96 CIL_KEY_AND = cil_strpool_add("and");
97 CIL_KEY_OR = cil_strpool_add("or");
98 CIL_KEY_NOT = cil_strpool_add("not");
99 CIL_KEY_EQ = cil_strpool_add("eq");
100 CIL_KEY_NEQ = cil_strpool_add("neq");
101 CIL_KEY_CONS_DOM = cil_strpool_add("dom");
102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
104 CIL_KEY_CONDTRUE = cil_strpool_add("true");
105 CIL_KEY_CONDFALSE = cil_strpool_add("false");
106 CIL_KEY_SELF = cil_strpool_add("self");
107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
108 CIL_KEY_STAR = cil_strpool_add("*");
109 CIL_KEY_UDP = cil_strpool_add("udp");
110 CIL_KEY_TCP = cil_strpool_add("tcp");
111 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
112 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
113 CIL_KEY_ALLOW = cil_strpool_add("allow");
114 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
115 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
116 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
117 CIL_KEY_CALL = cil_strpool_add("call");
118 CIL_KEY_TUNABLE = cil_strpool_add("tunable");
119 CIL_KEY_XOR = cil_strpool_add("xor");
120 CIL_KEY_ALL = cil_strpool_add("all");
121 CIL_KEY_RANGE = cil_strpool_add("range");
122 CIL_KEY_TYPE = cil_strpool_add("type");
123 CIL_KEY_ROLE = cil_strpool_add("role");
124 CIL_KEY_USER = cil_strpool_add("user");
125 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
126 CIL_KEY_CATEGORY = cil_strpool_add("category");
127 CIL_KEY_CATSET = cil_strpool_add("categoryset");
128 CIL_KEY_LEVEL = cil_strpool_add("level");
129 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
130 CIL_KEY_CLASS = cil_strpool_add("class");
131 CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
132 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
133 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
134 CIL_KEY_BOOL = cil_strpool_add("boolean");
135 CIL_KEY_STRING = cil_strpool_add("string");
136 CIL_KEY_NAME = cil_strpool_add("name");
137 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
138 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
139 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
140 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
141 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
142 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
143 CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
144 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
145 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
146 CIL_KEY_COMMON = cil_strpool_add("common");
147 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
148 CIL_KEY_SID = cil_strpool_add("sid");
149 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
150 CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
151 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
152 CIL_KEY_USERRANGE = cil_strpool_add("userrange");
153 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
154 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
155 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
156 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
157 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
158 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
159 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
160 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
161 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
162 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
163 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
164 CIL_KEY_USERROLE = cil_strpool_add("userrole");
165 CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
166 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
167 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
168 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
169 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
170 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
171 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
172 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
173 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
174 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
175 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
176 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
177 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
178 CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
179 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
180 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
181 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
182 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
183 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
184 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
185 CIL_KEY_CONTEXT = cil_strpool_add("context");
186 CIL_KEY_FILECON = cil_strpool_add("filecon");
187 CIL_KEY_PORTCON = cil_strpool_add("portcon");
188 CIL_KEY_NODECON = cil_strpool_add("nodecon");
189 CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
190 CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
191 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
192 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
193 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
194 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
195 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
196 CIL_KEY_FSUSE = cil_strpool_add("fsuse");
197 CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
198 CIL_KEY_OPTIONAL = cil_strpool_add("optional");
199 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
200 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
201 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
202 CIL_KEY_MACRO = cil_strpool_add("macro");
203 CIL_KEY_IN = cil_strpool_add("in");
204 CIL_KEY_MLS = cil_strpool_add("mls");
205 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
206 CIL_KEY_GLOB = cil_strpool_add("*");
207 CIL_KEY_FILE = cil_strpool_add("file");
208 CIL_KEY_DIR = cil_strpool_add("dir");
209 CIL_KEY_CHAR = cil_strpool_add("char");
210 CIL_KEY_BLOCK = cil_strpool_add("block");
211 CIL_KEY_SOCKET = cil_strpool_add("socket");
212 CIL_KEY_PIPE = cil_strpool_add("pipe");
213 CIL_KEY_SYMLINK = cil_strpool_add("symlink");
214 CIL_KEY_ANY = cil_strpool_add("any");
215 CIL_KEY_XATTR = cil_strpool_add("xattr");
216 CIL_KEY_TASK = cil_strpool_add("task");
217 CIL_KEY_TRANS = cil_strpool_add("trans");
218 CIL_KEY_SOURCE = cil_strpool_add("source");
219 CIL_KEY_TARGET = cil_strpool_add("target");
220 CIL_KEY_LOW = cil_strpool_add("low");
221 CIL_KEY_HIGH = cil_strpool_add("high");
222 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
223 CIL_KEY_ROOT = cil_strpool_add("<root>");
224 CIL_KEY_NODE = cil_strpool_add("<node>");
225 CIL_KEY_PERM = cil_strpool_add("perm");
226 }
227
cil_db_init(struct cil_db ** db)228 void cil_db_init(struct cil_db **db)
229 {
230 *db = cil_malloc(sizeof(**db));
231
232 cil_strpool_init();
233 cil_init_keys();
234
235 cil_tree_init(&(*db)->parse);
236 cil_tree_init(&(*db)->ast);
237 cil_root_init((struct cil_root **)&(*db)->ast->root->data);
238 (*db)->sidorder = NULL;
239 (*db)->classorder = NULL;
240 (*db)->catorder = NULL;
241 (*db)->sensitivityorder = NULL;
242 cil_sort_init(&(*db)->netifcon);
243 cil_sort_init(&(*db)->genfscon);
244 cil_sort_init(&(*db)->filecon);
245 cil_sort_init(&(*db)->nodecon);
246 cil_sort_init(&(*db)->portcon);
247 cil_sort_init(&(*db)->pirqcon);
248 cil_sort_init(&(*db)->iomemcon);
249 cil_sort_init(&(*db)->ioportcon);
250 cil_sort_init(&(*db)->pcidevicecon);
251 cil_sort_init(&(*db)->devicetreecon);
252 cil_sort_init(&(*db)->fsuse);
253 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
254 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
255 cil_list_init(&(*db)->names, CIL_LIST_ITEM);
256
257 cil_type_init(&(*db)->selftype);
258 (*db)->selftype->datum.name = CIL_KEY_SELF;
259 (*db)->selftype->datum.fqn = CIL_KEY_SELF;
260
261 (*db)->num_types = 0;
262 (*db)->num_roles = 0;
263 (*db)->num_cats = 0;
264 (*db)->val_to_type = NULL;
265 (*db)->val_to_role = NULL;
266
267 (*db)->disable_dontaudit = CIL_FALSE;
268 (*db)->disable_neverallow = CIL_FALSE;
269 (*db)->preserve_tunables = CIL_FALSE;
270 (*db)->handle_unknown = -1;
271 (*db)->mls = -1;
272 (*db)->target_platform = SEPOL_TARGET_SELINUX;
273 (*db)->policy_version = POLICYDB_VERSION_MAX;
274 }
275
cil_db_destroy(struct cil_db ** db)276 void cil_db_destroy(struct cil_db **db)
277 {
278 if (db == NULL || *db == NULL) {
279 return;
280 }
281
282 cil_tree_destroy(&(*db)->parse);
283 cil_tree_destroy(&(*db)->ast);
284 cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
285 cil_list_destroy(&(*db)->classorder, CIL_FALSE);
286 cil_list_destroy(&(*db)->catorder, CIL_FALSE);
287 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
288 cil_sort_destroy(&(*db)->netifcon);
289 cil_sort_destroy(&(*db)->genfscon);
290 cil_sort_destroy(&(*db)->filecon);
291 cil_sort_destroy(&(*db)->nodecon);
292 cil_sort_destroy(&(*db)->portcon);
293 cil_sort_destroy(&(*db)->pirqcon);
294 cil_sort_destroy(&(*db)->iomemcon);
295 cil_sort_destroy(&(*db)->ioportcon);
296 cil_sort_destroy(&(*db)->pcidevicecon);
297 cil_sort_destroy(&(*db)->devicetreecon);
298 cil_sort_destroy(&(*db)->fsuse);
299 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
300 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
301 cil_list_destroy(&(*db)->names, CIL_TRUE);
302
303 cil_destroy_type((*db)->selftype);
304
305 cil_strpool_destroy();
306 free((*db)->val_to_type);
307 free((*db)->val_to_role);
308
309 free(*db);
310 *db = NULL;
311 }
312
cil_root_init(struct cil_root ** root)313 void cil_root_init(struct cil_root **root)
314 {
315 struct cil_root *r = cil_malloc(sizeof(*r));
316 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
317
318 *root = r;
319 }
320
cil_root_destroy(struct cil_root * root)321 void cil_root_destroy(struct cil_root *root)
322 {
323 if (root == NULL) {
324 return;
325 }
326 cil_symtab_array_destroy(root->symtab);
327 free(root);
328 }
329
cil_add_file(cil_db_t * db,char * name,char * data,size_t size)330 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
331 {
332 char *buffer = NULL;
333 int rc;
334
335 cil_log(CIL_INFO, "Parsing %s\n", name);
336
337 buffer = cil_malloc(size + 2);
338 memcpy(buffer, data, size);
339 memset(buffer + size, 0, 2);
340
341 rc = cil_parser(name, buffer, size + 2, &db->parse);
342 if (rc != SEPOL_OK) {
343 cil_log(CIL_ERR, "Failed to parse %s\n", name);
344 goto exit;
345 }
346
347 free(buffer);
348 buffer = NULL;
349
350 rc = SEPOL_OK;
351
352 exit:
353 free(buffer);
354
355 return rc;
356 }
357
358 #ifdef DISABLE_SYMVER
cil_compile(struct cil_db * db)359 int cil_compile(struct cil_db *db)
360 #else
361 int cil_compile_nopdb(struct cil_db *db)
362 #endif
363 {
364 int rc = SEPOL_ERR;
365
366 if (db == NULL) {
367 goto exit;
368 }
369
370 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
371 rc = cil_build_ast(db, db->parse->root, db->ast->root);
372 if (rc != SEPOL_OK) {
373 cil_log(CIL_ERR, "Failed to build ast\n");
374 goto exit;
375 }
376
377 cil_log(CIL_INFO, "Destroying Parse Tree\n");
378 cil_tree_destroy(&db->parse);
379
380 cil_log(CIL_INFO, "Resolving AST\n");
381 rc = cil_resolve_ast(db, db->ast->root);
382 if (rc != SEPOL_OK) {
383 cil_log(CIL_ERR, "Failed to resolve ast\n");
384 goto exit;
385 }
386
387 cil_log(CIL_INFO, "Qualifying Names\n");
388 rc = cil_fqn_qualify(db->ast->root);
389 if (rc != SEPOL_OK) {
390 cil_log(CIL_ERR, "Failed to qualify names\n");
391 goto exit;
392 }
393
394 cil_log(CIL_INFO, "Compile post process\n");
395 rc = cil_post_process(db);
396 if (rc != SEPOL_OK ) {
397 cil_log(CIL_ERR, "Post process failed\n");
398 goto exit;
399 }
400
401 exit:
402
403 return rc;
404 }
405
406 #ifndef DISABLE_SYMVER
cil_compile_pdb(struct cil_db * db,sepol_policydb_t * sepol_db)407 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
408 {
409 return cil_compile_nopdb(db);
410 }
411
cil_build_policydb_pdb(cil_db_t * db,sepol_policydb_t * sepol_db)412 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db)
413 {
414 int rc;
415
416 cil_log(CIL_INFO, "Building policy binary\n");
417 rc = cil_binary_create_allocated_pdb(db, sepol_db);
418 if (rc != SEPOL_OK) {
419 cil_log(CIL_ERR, "Failed to generate binary\n");
420 goto exit;
421 }
422
423 exit:
424 return rc;
425 }
426 #endif
427
428 #ifdef DISABLE_SYMVER
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)429 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
430 #else
431 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
432 #endif
433 {
434 int rc;
435
436 cil_log(CIL_INFO, "Building policy binary\n");
437 rc = cil_binary_create(db, sepol_db);
438 if (rc != SEPOL_OK) {
439 cil_log(CIL_ERR, "Failed to generate binary\n");
440 goto exit;
441 }
442
443 exit:
444 return rc;
445 }
446
cil_destroy_data(void ** data,enum cil_flavor flavor)447 void cil_destroy_data(void **data, enum cil_flavor flavor)
448 {
449 if (*data == NULL) {
450 return;
451 }
452
453 switch(flavor) {
454 case CIL_NONE:
455 break;
456 case CIL_ROOT:
457 cil_root_destroy(*data);
458 break;
459 case CIL_NODE:
460 break;
461 case CIL_STRING:
462 break;
463 case CIL_DATUM:
464 break;
465 case CIL_LIST:
466 cil_list_destroy(*data, CIL_FALSE);
467 break;
468 case CIL_LIST_ITEM:
469 break;
470 case CIL_PARAM:
471 cil_destroy_param(*data);
472 break;
473 case CIL_ARGS:
474 cil_destroy_args(*data);
475 break;
476 case CIL_BLOCK:
477 cil_destroy_block(*data);
478 break;
479 case CIL_BLOCKINHERIT:
480 cil_destroy_blockinherit(*data);
481 break;
482 case CIL_BLOCKABSTRACT:
483 cil_destroy_blockabstract(*data);
484 break;
485 case CIL_IN:
486 cil_destroy_in(*data);
487 break;
488 case CIL_MACRO:
489 cil_destroy_macro(*data);
490 break;
491 case CIL_CALL:
492 cil_destroy_call(*data);
493 break;
494 case CIL_OPTIONAL:
495 cil_destroy_optional(*data);
496 break;
497 case CIL_BOOL:
498 cil_destroy_bool(*data);
499 break;
500 case CIL_BOOLEANIF:
501 cil_destroy_boolif(*data);
502 break;
503 case CIL_TUNABLE:
504 cil_destroy_tunable(*data);
505 break;
506 case CIL_TUNABLEIF:
507 cil_destroy_tunif(*data);
508 break;
509 case CIL_CONDBLOCK:
510 cil_destroy_condblock(*data);
511 break;
512 case CIL_CONDTRUE:
513 break;
514 case CIL_CONDFALSE:
515 break;
516 case CIL_PERM:
517 case CIL_MAP_PERM:
518 cil_destroy_perm(*data);
519 break;
520 case CIL_COMMON:
521 case CIL_CLASS:
522 case CIL_MAP_CLASS:
523 cil_destroy_class(*data);
524 break;
525 case CIL_CLASSORDER:
526 cil_destroy_classorder(*data);
527 break;
528 case CIL_CLASSPERMISSION:
529 cil_destroy_classpermission(*data);
530 break;
531 case CIL_CLASSCOMMON:
532 cil_destroy_classcommon(*data);
533 break;
534 case CIL_CLASSMAPPING:
535 cil_destroy_classmapping(*data);
536 break;
537 case CIL_CLASSPERMS:
538 cil_destroy_classperms(*data);
539 break;
540 case CIL_CLASSPERMS_SET:
541 cil_destroy_classperms_set(*data);
542 break;
543 case CIL_CLASSPERMISSIONSET:
544 cil_destroy_classpermissionset(*data);
545 break;
546 case CIL_USER:
547 cil_destroy_user(*data);
548 break;
549 case CIL_USERPREFIX:
550 cil_destroy_userprefix(*data);
551 break;
552 case CIL_USERROLE:
553 cil_destroy_userrole(*data);
554 break;
555 case CIL_USERLEVEL:
556 cil_destroy_userlevel(*data);
557 break;
558 case CIL_USERRANGE:
559 cil_destroy_userrange(*data);
560 break;
561 case CIL_USERBOUNDS:
562 cil_destroy_bounds(*data);
563 break;
564 case CIL_SELINUXUSER:
565 case CIL_SELINUXUSERDEFAULT:
566 cil_destroy_selinuxuser(*data);
567 break;
568 case CIL_ROLE:
569 cil_destroy_role(*data);
570 break;
571 case CIL_ROLEATTRIBUTE:
572 cil_destroy_roleattribute(*data);
573 break;
574 case CIL_ROLEATTRIBUTESET:
575 cil_destroy_roleattributeset(*data);
576 break;
577 case CIL_ROLETYPE:
578 cil_destroy_roletype(*data);
579 break;
580 case CIL_ROLEBOUNDS:
581 cil_destroy_bounds(*data);
582 break;
583 case CIL_TYPE:
584 cil_destroy_type(*data);
585 break;
586 case CIL_TYPEATTRIBUTE:
587 cil_destroy_typeattribute(*data);
588 break;
589 case CIL_TYPEALIAS:
590 cil_destroy_alias(*data);
591 break;
592 case CIL_TYPEATTRIBUTESET:
593 cil_destroy_typeattributeset(*data);
594 break;
595 case CIL_TYPEALIASACTUAL:
596 cil_destroy_aliasactual(*data);
597 break;
598 case CIL_TYPEBOUNDS:
599 cil_destroy_bounds(*data);
600 break;
601 case CIL_TYPEPERMISSIVE:
602 cil_destroy_typepermissive(*data);
603 break;
604 case CIL_SENS:
605 cil_destroy_sensitivity(*data);
606 break;
607 case CIL_SENSALIAS:
608 cil_destroy_alias(*data);
609 break;
610 case CIL_SENSALIASACTUAL:
611 cil_destroy_aliasactual(*data);
612 break;
613 case CIL_SENSITIVITYORDER:
614 cil_destroy_sensitivityorder(*data);
615 break;
616 case CIL_SENSCAT:
617 cil_destroy_senscat(*data);
618 break;
619 case CIL_CAT:
620 cil_destroy_category(*data);
621 break;
622 case CIL_CATSET:
623 cil_destroy_catset(*data);
624 break;
625 case CIL_CATALIAS:
626 cil_destroy_alias(*data);
627 break;
628 case CIL_CATALIASACTUAL:
629 cil_destroy_aliasactual(*data);
630 break;
631 case CIL_CATORDER:
632 cil_destroy_catorder(*data);
633 break;
634 case CIL_LEVEL:
635 cil_destroy_level(*data);
636 break;
637 case CIL_LEVELRANGE:
638 cil_destroy_levelrange(*data);
639 break;
640 case CIL_SID:
641 cil_destroy_sid(*data);
642 break;
643 case CIL_SIDORDER:
644 cil_destroy_sidorder(*data);
645 break;
646 case CIL_NAME:
647 cil_destroy_name(*data);
648 break;
649 case CIL_ROLEALLOW:
650 cil_destroy_roleallow(*data);
651 break;
652 case CIL_AVRULE:
653 cil_destroy_avrule(*data);
654 break;
655 case CIL_ROLETRANSITION:
656 cil_destroy_roletransition(*data);
657 break;
658 case CIL_TYPE_RULE:
659 cil_destroy_type_rule(*data);
660 break;
661 case CIL_NAMETYPETRANSITION:
662 cil_destroy_typetransition(*data);
663 break;
664 case CIL_RANGETRANSITION:
665 cil_destroy_rangetransition(*data);
666 break;
667 case CIL_CONSTRAIN:
668 cil_destroy_constrain(*data);
669 break;
670 case CIL_MLSCONSTRAIN:
671 cil_destroy_constrain(*data);
672 break;
673 case CIL_VALIDATETRANS:
674 case CIL_MLSVALIDATETRANS:
675 cil_destroy_validatetrans(*data);
676 break;
677 case CIL_CONTEXT:
678 cil_destroy_context(*data);
679 break;
680 case CIL_IPADDR:
681 cil_destroy_ipaddr(*data);
682 break;
683 case CIL_SIDCONTEXT:
684 cil_destroy_sidcontext(*data);
685 break;
686 case CIL_FSUSE:
687 cil_destroy_fsuse(*data);
688 break;
689 case CIL_FILECON:
690 cil_destroy_filecon(*data);
691 break;
692 case CIL_PORTCON:
693 cil_destroy_portcon(*data);
694 break;
695 case CIL_NODECON:
696 cil_destroy_nodecon(*data);
697 break;
698 case CIL_GENFSCON:
699 cil_destroy_genfscon(*data);
700 break;
701 case CIL_NETIFCON:
702 cil_destroy_netifcon(*data);
703 break;
704 case CIL_PIRQCON:
705 cil_destroy_pirqcon(*data);
706 break;
707 case CIL_IOMEMCON:
708 cil_destroy_iomemcon(*data);
709 break;
710 case CIL_IOPORTCON:
711 cil_destroy_ioportcon(*data);
712 break;
713 case CIL_PCIDEVICECON:
714 cil_destroy_pcidevicecon(*data);
715 break;
716 case CIL_DEVICETREECON:
717 cil_destroy_devicetreecon(*data);
718 break;
719 case CIL_POLICYCAP:
720 cil_destroy_policycap(*data);
721 break;
722 case CIL_DEFAULTUSER:
723 case CIL_DEFAULTROLE:
724 case CIL_DEFAULTTYPE:
725 cil_destroy_default(*data);
726 break;
727 case CIL_DEFAULTRANGE:
728 cil_destroy_defaultrange(*data);
729 break;
730 case CIL_HANDLEUNKNOWN:
731 cil_destroy_handleunknown(*data);
732 break;
733 case CIL_MLS:
734 cil_destroy_mls(*data);
735 break;
736 case CIL_OP:
737 case CIL_CONS_OPERAND:
738 break;
739 default:
740 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
741 break;
742 }
743
744 *data = NULL;
745 }
746
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)747 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
748 {
749 if (flavor < CIL_MIN_DECLARATIVE) {
750 return SEPOL_ERR;
751 }
752
753 switch(flavor) {
754 case CIL_BLOCK:
755 *sym_index = CIL_SYM_BLOCKS;
756 break;
757 case CIL_MACRO:
758 *sym_index = CIL_SYM_BLOCKS;
759 break;
760 case CIL_OPTIONAL:
761 *sym_index = CIL_SYM_BLOCKS;
762 break;
763 case CIL_BOOL:
764 *sym_index = CIL_SYM_BOOLS;
765 break;
766 case CIL_TUNABLE:
767 *sym_index = CIL_SYM_TUNABLES;
768 break;
769 case CIL_PERM:
770 case CIL_MAP_PERM:
771 *sym_index = CIL_SYM_PERMS;
772 break;
773 case CIL_COMMON:
774 *sym_index = CIL_SYM_COMMONS;
775 break;
776 case CIL_CLASS:
777 case CIL_MAP_CLASS:
778 *sym_index = CIL_SYM_CLASSES;
779 break;
780 case CIL_CLASSPERMISSION:
781 case CIL_CLASSPERMISSIONSET:
782 *sym_index = CIL_SYM_CLASSPERMSETS;
783 break;
784 case CIL_USER:
785 *sym_index = CIL_SYM_USERS;
786 break;
787 case CIL_ROLE:
788 case CIL_ROLEATTRIBUTE:
789 *sym_index = CIL_SYM_ROLES;
790 break;
791 case CIL_TYPE:
792 case CIL_TYPEALIAS:
793 case CIL_TYPEATTRIBUTE:
794 *sym_index = CIL_SYM_TYPES;
795 break;
796 case CIL_SENS:
797 case CIL_SENSALIAS:
798 *sym_index = CIL_SYM_SENS;
799 break;
800 case CIL_CAT:
801 case CIL_CATSET:
802 case CIL_CATALIAS:
803 *sym_index = CIL_SYM_CATS;
804 break;
805 case CIL_LEVEL:
806 *sym_index = CIL_SYM_LEVELS;
807 break;
808 case CIL_LEVELRANGE:
809 *sym_index = CIL_SYM_LEVELRANGES;
810 break;
811 case CIL_SID:
812 *sym_index = CIL_SYM_SIDS;
813 break;
814 case CIL_NAME:
815 *sym_index = CIL_SYM_NAMES;
816 break;
817 case CIL_CONTEXT:
818 *sym_index = CIL_SYM_CONTEXTS;
819 break;
820 case CIL_IPADDR:
821 *sym_index = CIL_SYM_IPADDRS;
822 break;
823 case CIL_POLICYCAP:
824 *sym_index = CIL_SYM_POLICYCAPS;
825 break;
826 default:
827 *sym_index = CIL_SYM_UNKNOWN;
828 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
829 return SEPOL_ERR;
830 }
831
832 return SEPOL_OK;
833 }
834
cil_node_to_string(struct cil_tree_node * node)835 const char * cil_node_to_string(struct cil_tree_node *node)
836 {
837 switch (node->flavor) {
838 case CIL_NONE:
839 return "<none>";
840 case CIL_ROOT:
841 return CIL_KEY_ROOT;
842 case CIL_NODE:
843 return CIL_KEY_NODE;
844 case CIL_STRING:
845 return "string";
846 case CIL_DATUM:
847 return "<datum>";
848 case CIL_LIST:
849 return "<list>";
850 case CIL_LIST_ITEM:
851 return "<list_item>";
852 case CIL_PARAM:
853 return "<param>";
854 case CIL_ARGS:
855 return "<args>";
856 case CIL_BLOCK:
857 return CIL_KEY_BLOCK;
858 case CIL_BLOCKINHERIT:
859 return CIL_KEY_BLOCKINHERIT;
860 case CIL_BLOCKABSTRACT:
861 return CIL_KEY_BLOCKABSTRACT;
862 case CIL_IN:
863 return CIL_KEY_IN;
864 case CIL_MACRO:
865 return CIL_KEY_MACRO;
866 case CIL_CALL:
867 return CIL_KEY_CALL;
868 case CIL_OPTIONAL:
869 return CIL_KEY_OPTIONAL;
870 case CIL_BOOL:
871 return CIL_KEY_BOOL;
872 case CIL_BOOLEANIF:
873 return CIL_KEY_BOOLEANIF;
874 case CIL_TUNABLE:
875 return CIL_KEY_TUNABLE;
876 case CIL_TUNABLEIF:
877 return CIL_KEY_TUNABLEIF;
878 case CIL_CONDBLOCK:
879 switch (((struct cil_condblock*)node->data)->flavor) {
880 case CIL_CONDTRUE:
881 return CIL_KEY_CONDTRUE;
882 case CIL_CONDFALSE:
883 return CIL_KEY_CONDFALSE;
884 default:
885 break;
886 }
887 break;
888 case CIL_CONDTRUE:
889 return CIL_KEY_CONDTRUE;
890 case CIL_CONDFALSE:
891 return CIL_KEY_CONDFALSE;
892 case CIL_PERM:
893 return CIL_KEY_PERM;
894 case CIL_COMMON:
895 return CIL_KEY_COMMON;
896 case CIL_CLASS:
897 return CIL_KEY_CLASS;
898 case CIL_CLASSORDER:
899 return CIL_KEY_CLASSORDER;
900 case CIL_MAP_CLASS:
901 return CIL_KEY_MAP_CLASS;
902 case CIL_CLASSPERMISSION:
903 return CIL_KEY_CLASSPERMISSION;
904 case CIL_CLASSCOMMON:
905 return CIL_KEY_CLASSCOMMON;
906 case CIL_CLASSMAPPING:
907 return CIL_KEY_CLASSMAPPING;
908 case CIL_CLASSPERMISSIONSET:
909 return CIL_KEY_CLASSPERMISSIONSET;
910 case CIL_USER:
911 return CIL_KEY_USER;
912 case CIL_USERPREFIX:
913 return CIL_KEY_USERPREFIX;
914 case CIL_USERROLE:
915 return CIL_KEY_USERROLE;
916 case CIL_USERLEVEL:
917 return CIL_KEY_USERLEVEL;
918 case CIL_USERRANGE:
919 return CIL_KEY_USERRANGE;
920 case CIL_USERBOUNDS:
921 return CIL_KEY_USERBOUNDS;
922 case CIL_SELINUXUSER:
923 return CIL_KEY_SELINUXUSER;
924 case CIL_SELINUXUSERDEFAULT:
925 return CIL_KEY_SELINUXUSERDEFAULT;
926 case CIL_ROLE:
927 return CIL_KEY_ROLE;
928 case CIL_ROLEATTRIBUTE:
929 return CIL_KEY_ROLEATTRIBUTE;
930 case CIL_ROLEATTRIBUTESET:
931 return CIL_KEY_ROLEATTRIBUTESET;
932 case CIL_ROLETYPE:
933 return CIL_KEY_ROLETYPE;
934 case CIL_ROLEBOUNDS:
935 return CIL_KEY_ROLEBOUNDS;
936 case CIL_TYPE:
937 return CIL_KEY_TYPE;
938 case CIL_TYPEATTRIBUTE:
939 return CIL_KEY_TYPEATTRIBUTE;
940 case CIL_TYPEALIAS:
941 return CIL_KEY_TYPEALIAS;
942 case CIL_TYPEATTRIBUTESET:
943 return CIL_KEY_TYPEATTRIBUTESET;
944 case CIL_TYPEALIASACTUAL:
945 return CIL_KEY_TYPEALIASACTUAL;
946 case CIL_TYPEBOUNDS:
947 return CIL_KEY_TYPEBOUNDS;
948 case CIL_TYPEPERMISSIVE:
949 return CIL_KEY_TYPEPERMISSIVE;
950 case CIL_SENS:
951 return CIL_KEY_SENSITIVITY;
952 case CIL_SENSALIAS:
953 return CIL_KEY_SENSALIAS;
954 case CIL_SENSALIASACTUAL:
955 return CIL_KEY_SENSALIASACTUAL;
956 case CIL_SENSITIVITYORDER:
957 return CIL_KEY_SENSITIVITYORDER;
958 case CIL_SENSCAT:
959 return CIL_KEY_SENSCAT;
960 case CIL_CAT:
961 return CIL_KEY_CATEGORY;
962 case CIL_CATSET:
963 return CIL_KEY_CATSET;
964 case CIL_CATALIAS:
965 return CIL_KEY_CATALIAS;
966 case CIL_CATALIASACTUAL:
967 return CIL_KEY_CATALIASACTUAL;
968 case CIL_CATORDER:
969 return CIL_KEY_CATORDER;
970 case CIL_LEVEL:
971 return CIL_KEY_LEVEL;
972 case CIL_LEVELRANGE:
973 return CIL_KEY_LEVELRANGE;
974 case CIL_SID:
975 return CIL_KEY_SID;
976 case CIL_SIDORDER:
977 return CIL_KEY_SIDORDER;
978 case CIL_NAME:
979 return CIL_KEY_NAME;
980 case CIL_ROLEALLOW:
981 return CIL_KEY_ROLEALLOW;
982 case CIL_AVRULE:
983 switch (((struct cil_avrule *)node->data)->rule_kind) {
984 case CIL_AVRULE_ALLOWED:
985 return CIL_KEY_ALLOW;
986 case CIL_AVRULE_AUDITALLOW:
987 return CIL_KEY_AUDITALLOW;
988 case CIL_AVRULE_DONTAUDIT:
989 return CIL_KEY_DONTAUDIT;
990 case CIL_AVRULE_NEVERALLOW:
991 return CIL_KEY_NEVERALLOW;
992 default:
993 break;
994 }
995 break;
996 case CIL_ROLETRANSITION:
997 return CIL_KEY_ROLETRANSITION;
998 case CIL_TYPE_RULE:
999 switch (((struct cil_type_rule *)node->data)->rule_kind) {
1000 case CIL_TYPE_TRANSITION:
1001 return CIL_KEY_TYPETRANSITION;
1002 case CIL_TYPE_MEMBER:
1003 return CIL_KEY_TYPEMEMBER;
1004 case CIL_TYPE_CHANGE:
1005 return CIL_KEY_TYPECHANGE;
1006 default:
1007 break;
1008 }
1009 break;
1010 case CIL_NAMETYPETRANSITION:
1011 return CIL_KEY_TYPETRANSITION;
1012 case CIL_RANGETRANSITION:
1013 return CIL_KEY_RANGETRANSITION;
1014 case CIL_CONSTRAIN:
1015 return CIL_KEY_CONSTRAIN;
1016 case CIL_MLSCONSTRAIN:
1017 return CIL_KEY_MLSCONSTRAIN;
1018 case CIL_VALIDATETRANS:
1019 return CIL_KEY_VALIDATETRANS;
1020 case CIL_MLSVALIDATETRANS:
1021 return CIL_KEY_MLSVALIDATETRANS;
1022 case CIL_CONTEXT:
1023 return CIL_KEY_CONTEXT;
1024 case CIL_IPADDR:
1025 return CIL_KEY_IPADDR;
1026 case CIL_SIDCONTEXT:
1027 return CIL_KEY_SIDCONTEXT;
1028 case CIL_FSUSE:
1029 return CIL_KEY_FSUSE;
1030 case CIL_FILECON:
1031 return CIL_KEY_FILECON;
1032 case CIL_PORTCON:
1033 return CIL_KEY_PORTCON;
1034 case CIL_NODECON:
1035 return CIL_KEY_NODECON;
1036 case CIL_GENFSCON:
1037 return CIL_KEY_GENFSCON;
1038 case CIL_NETIFCON:
1039 return CIL_KEY_NETIFCON;
1040 case CIL_PIRQCON:
1041 return CIL_KEY_PIRQCON;
1042 case CIL_IOMEMCON:
1043 return CIL_KEY_IOMEMCON;
1044 case CIL_IOPORTCON:
1045 return CIL_KEY_IOPORTCON;
1046 case CIL_PCIDEVICECON:
1047 return CIL_KEY_PCIDEVICECON;
1048 case CIL_DEVICETREECON:
1049 return CIL_KEY_DEVICETREECON;
1050 case CIL_POLICYCAP:
1051 return CIL_KEY_POLICYCAP;
1052 case CIL_DEFAULTUSER:
1053 return CIL_KEY_DEFAULTUSER;
1054 case CIL_DEFAULTROLE:
1055 return CIL_KEY_DEFAULTROLE;
1056 case CIL_DEFAULTTYPE:
1057 return CIL_KEY_DEFAULTTYPE;
1058 case CIL_DEFAULTRANGE:
1059 return CIL_KEY_DEFAULTRANGE;
1060 case CIL_HANDLEUNKNOWN:
1061 return CIL_KEY_HANDLEUNKNOWN;
1062 case CIL_MLS:
1063 return CIL_KEY_MLS;
1064 case CIL_ALL:
1065 return CIL_KEY_ALL;
1066 case CIL_RANGE:
1067 return CIL_KEY_RANGE;
1068 case CIL_AND:
1069 return CIL_KEY_AND;
1070 case CIL_OR:
1071 return CIL_KEY_OR;
1072 case CIL_XOR:
1073 return CIL_KEY_XOR;
1074 case CIL_NOT:
1075 return CIL_KEY_NOT;
1076 case CIL_EQ:
1077 return CIL_KEY_EQ;
1078 case CIL_NEQ:
1079 return CIL_KEY_NEQ;
1080 case CIL_CONS_DOM:
1081 return CIL_KEY_CONS_DOM;
1082 case CIL_CONS_DOMBY:
1083 return CIL_KEY_CONS_DOMBY;
1084 case CIL_CONS_INCOMP:
1085 return CIL_KEY_CONS_INCOMP;
1086 case CIL_CONS_U1:
1087 return CIL_KEY_CONS_U1;
1088 case CIL_CONS_U2:
1089 return CIL_KEY_CONS_U2;
1090 case CIL_CONS_U3:
1091 return CIL_KEY_CONS_U3;
1092 case CIL_CONS_T1:
1093 return CIL_KEY_CONS_T1;
1094 case CIL_CONS_T2:
1095 return CIL_KEY_CONS_T2;
1096 case CIL_CONS_T3:
1097 return CIL_KEY_CONS_T3;
1098 case CIL_CONS_R1:
1099 return CIL_KEY_CONS_R1;
1100 case CIL_CONS_R2:
1101 return CIL_KEY_CONS_R2;
1102 case CIL_CONS_R3:
1103 return CIL_KEY_CONS_R3;
1104 case CIL_CONS_L1:
1105 return CIL_KEY_CONS_L1;
1106 case CIL_CONS_L2:
1107 return CIL_KEY_CONS_L2;
1108 case CIL_CONS_H1:
1109 return CIL_KEY_CONS_H1;
1110 case CIL_CONS_H2:
1111 return CIL_KEY_CONS_H2;
1112
1113 default:
1114 break;
1115 }
1116
1117 return "<unknown>";
1118 }
1119
1120 #ifdef DISABLE_SYMVER
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1121 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1122 #else
1123 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1124 #endif
1125 {
1126 int rc = SEPOL_ERR;
1127 size_t str_len = 0;
1128 int buf_pos = 0;
1129 char *str_tmp = NULL;
1130 struct cil_list_item *curr;
1131 struct cil_userprefix *userprefix = NULL;
1132 struct cil_user *user = NULL;
1133
1134 *out = NULL;
1135
1136 if (db->userprefixes->head == NULL) {
1137 rc = SEPOL_OK;
1138 *size = 0;
1139 goto exit;
1140 }
1141
1142 cil_list_for_each(curr, db->userprefixes) {
1143 userprefix = curr->data;
1144 user = userprefix->user;
1145 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1146 }
1147
1148 *size = str_len * sizeof(char);
1149 str_len++;
1150 str_tmp = cil_malloc(str_len * sizeof(char));
1151 *out = str_tmp;
1152
1153 cil_list_for_each(curr, db->userprefixes) {
1154 userprefix = curr->data;
1155 user = userprefix->user;
1156
1157 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1158 userprefix->prefix_str);
1159 str_len -= buf_pos;
1160 str_tmp += buf_pos;
1161 }
1162
1163 rc = SEPOL_OK;
1164 exit:
1165 return rc;
1166
1167 }
1168
1169 #ifndef DISABLE_SYMVER
cil_userprefixes_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1170 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1171 {
1172 return cil_userprefixes_to_string_nopdb(db, out, size);
1173 }
1174 #endif
1175
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1176 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1177 {
1178 int rc = SEPOL_ERR;
1179 struct cil_list_item *i;
1180 struct cil_list_item *j;
1181 struct cil_cat* cat;
1182 struct cil_catset *cs;
1183 struct cil_tree_node *node;
1184
1185 if (cats == NULL) {
1186 rc = SEPOL_OK;
1187 goto exit;
1188 }
1189
1190 cil_list_for_each(i, cats->datum_expr) {
1191 node = DATUM(i->data)->nodes->head->data;
1192 if (node->flavor == CIL_CATSET) {
1193 cs = (struct cil_catset*)i->data;
1194 cil_list_for_each(j, cs->cats->datum_expr) {
1195 cat = (struct cil_cat*)j->data;
1196 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1197 if (rc != SEPOL_OK) {
1198 goto exit;
1199 }
1200 }
1201 } else {
1202 cat = (struct cil_cat*)i->data;
1203 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1204 if (rc != SEPOL_OK) {
1205 goto exit;
1206 }
1207 }
1208 }
1209
1210 return SEPOL_OK;
1211
1212 exit:
1213 return rc;
1214 }
1215
cil_level_equals(struct cil_level * low,struct cil_level * high)1216 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1217 {
1218 int rc;
1219 struct ebitmap elow;
1220 struct ebitmap ehigh;
1221
1222 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1223 rc = 0;
1224 goto exit;
1225 }
1226
1227 ebitmap_init(&elow);
1228 ebitmap_init(&ehigh);
1229
1230 rc = cil_cats_to_ebitmap(low->cats, &elow);
1231 if (rc != SEPOL_OK) {
1232 goto exit;
1233 }
1234
1235 rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1236 if (rc != SEPOL_OK) {
1237 goto exit;
1238 }
1239
1240 return ebitmap_cmp(&elow, &ehigh);
1241
1242 exit:
1243 return rc;
1244 }
1245
__cil_level_strlen(struct cil_level * lvl)1246 static int __cil_level_strlen(struct cil_level *lvl)
1247 {
1248 struct cil_list_item *item;
1249 struct cil_cats *cats = lvl->cats;
1250 int str_len = 0;
1251 char *str1 = NULL;
1252 char *str2 = NULL;
1253 int first = -1;
1254 int last = -1;
1255
1256 str_len += strlen(lvl->sens->datum.fqn);
1257
1258 if (cats && cats->datum_expr != NULL) {
1259 str_len++; /* initial ":" */
1260 cil_list_for_each(item, cats->datum_expr) {
1261 struct cil_cat *cat = item->data;
1262 if (first == -1) {
1263 str1 = cat->datum.fqn;
1264 first = cat->value;
1265 last = first;
1266 } else if (cat->value == last + 1) {
1267 last++;
1268 str2 = cat->datum.fqn;
1269 } else {
1270 if (first == last) {
1271 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1272 } else if (last == first + 1) {
1273 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1274 } else {
1275 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1276 }
1277 first = -1;
1278 last = -1;
1279 if (item->next != NULL) {
1280 str_len++; /* space for "," after */
1281 }
1282 }
1283 }
1284 if (first != -1) {
1285 if (first == last) {
1286 str_len += strlen(str1);
1287 } else if (last == first + 1) {
1288 str_len += strlen(str1) + strlen(str2) + 1;
1289 } else {
1290 str_len += strlen(str1) + strlen(str2) + 1;
1291 }
1292 }
1293 }
1294
1295 return str_len;
1296 }
1297
__cil_level_to_string(struct cil_level * lvl,char * out)1298 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1299 {
1300 struct cil_list_item *item;
1301 struct cil_cats *cats = lvl->cats;
1302 int buf_pos = 0;
1303 char *str_tmp = out;
1304 char *str1 = NULL;
1305 char *str2 = NULL;
1306 int first = -1;
1307 int last = -1;
1308
1309 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1310 str_tmp += buf_pos;
1311
1312 if (cats && cats->datum_expr != NULL) {
1313 buf_pos = sprintf(str_tmp, ":");
1314 str_tmp += buf_pos;
1315
1316 cil_list_for_each(item, cats->datum_expr) {
1317 struct cil_cat *cat = item->data;
1318 if (first == -1) {
1319 str1 = cat->datum.fqn;
1320 first = cat->value;
1321 last = first;
1322 } else if (cat->value == last + 1) {
1323 last++;
1324 str2 = cat->datum.fqn;
1325 } else {
1326 if (first == last) {
1327 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1328 str_tmp += buf_pos;
1329 } else if (last == first + 1) {
1330 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1331 str_tmp += buf_pos;
1332 } else {
1333 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1334 str_tmp += buf_pos;
1335 }
1336 first = -1;
1337 last = -1;
1338 if (item->next != NULL) {
1339 buf_pos = sprintf(str_tmp, ",");
1340 str_tmp += buf_pos;
1341 }
1342 }
1343 }
1344 if (first != -1) {
1345 if (first == last) {
1346 buf_pos = sprintf(str_tmp, "%s", str1);
1347 str_tmp += buf_pos;
1348 } else if (last == first + 1) {
1349 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1350 str_tmp += buf_pos;
1351 } else {
1352 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1353 str_tmp += buf_pos;
1354 }
1355 }
1356 }
1357
1358 return str_tmp - out;
1359 }
1360
1361 #ifdef DISABLE_SYMVER
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1362 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1363 #else
1364 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1365 #endif
1366 {
1367 size_t str_len = 0;
1368 int buf_pos = 0;
1369 char *str_tmp = NULL;
1370 struct cil_list_item *curr;
1371
1372 if (db->selinuxusers->head == NULL) {
1373 *size = 0;
1374 *out = NULL;
1375 return SEPOL_OK;
1376 }
1377
1378 cil_list_for_each(curr, db->selinuxusers) {
1379 struct cil_selinuxuser *selinuxuser = curr->data;
1380 struct cil_user *user = selinuxuser->user;
1381
1382 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1383
1384 if (db->mls == CIL_TRUE) {
1385 struct cil_levelrange *range = selinuxuser->range;
1386 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1387 }
1388
1389 str_len++;
1390 }
1391
1392 *size = str_len * sizeof(char);
1393 str_tmp = cil_malloc(*size+1);
1394 *out = str_tmp;
1395
1396 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1397 struct cil_selinuxuser *selinuxuser = curr->data;
1398 struct cil_user *user = selinuxuser->user;
1399
1400 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1401 str_tmp += buf_pos;
1402
1403 if (db->mls == CIL_TRUE) {
1404 struct cil_levelrange *range = selinuxuser->range;
1405 buf_pos = sprintf(str_tmp, ":");
1406 str_tmp += buf_pos;
1407 buf_pos = __cil_level_to_string(range->low, str_tmp);
1408 str_tmp += buf_pos;
1409 buf_pos = sprintf(str_tmp, "-");
1410 str_tmp += buf_pos;
1411 buf_pos = __cil_level_to_string(range->high, str_tmp);
1412 str_tmp += buf_pos;
1413 }
1414
1415 buf_pos = sprintf(str_tmp, "\n");
1416 str_tmp += buf_pos;
1417 }
1418
1419 return SEPOL_OK;
1420 }
1421
1422 #ifndef DISABLE_SYMVER
cil_selinuxusers_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1423 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1424 {
1425 return cil_selinuxusers_to_string_nopdb(db, out, size);
1426 }
1427 #endif
1428
1429 #ifdef DISABLE_SYMVER
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1430 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1431 #else
1432 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1433 #endif
1434 {
1435 uint32_t i = 0;
1436 int buf_pos = 0;
1437 size_t str_len = 0;
1438 char *str_tmp = NULL;
1439 struct cil_sort *filecons = db->filecon;
1440
1441 for (i = 0; i < filecons->count; i++) {
1442 struct cil_filecon *filecon = filecons->array[i];
1443 struct cil_context *ctx = filecon->context;
1444
1445 str_len += strlen(filecon->path_str);
1446
1447 if (filecon->type != CIL_FILECON_ANY) {
1448 /* If a type is specified,
1449 +2 for type string, +1 for tab */
1450 str_len += 3;
1451 }
1452
1453 if (ctx != NULL) {
1454 struct cil_user *user = ctx->user;
1455 struct cil_role *role = ctx->role;
1456 struct cil_type *type = ctx->type;
1457
1458 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1459
1460 if (db->mls == CIL_TRUE) {
1461 struct cil_levelrange *range = ctx->range;
1462 if (cil_level_equals(range->low, range->high)) {
1463 str_len += __cil_level_strlen(range->low) + 1;
1464 } else {
1465 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1466 }
1467 }
1468 } else {
1469 str_len += strlen("\t<<none>>");
1470 }
1471
1472 str_len++;
1473 }
1474
1475 *size = str_len * sizeof(char);
1476 str_tmp = cil_malloc(*size+1);
1477 *out = str_tmp;
1478
1479 for (i = 0; i < filecons->count; i++) {
1480 struct cil_filecon *filecon = filecons->array[i];
1481 struct cil_context *ctx = filecon->context;
1482 const char *str_type = NULL;
1483
1484 buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1485 str_tmp += buf_pos;
1486
1487 switch(filecon->type) {
1488 case CIL_FILECON_FILE:
1489 str_type = "\t--";
1490 break;
1491 case CIL_FILECON_DIR:
1492 str_type = "\t-d";
1493 break;
1494 case CIL_FILECON_CHAR:
1495 str_type = "\t-c";
1496 break;
1497 case CIL_FILECON_BLOCK:
1498 str_type = "\t-b";
1499 break;
1500 case CIL_FILECON_SOCKET:
1501 str_type = "\t-s";
1502 break;
1503 case CIL_FILECON_PIPE:
1504 str_type = "\t-p";
1505 break;
1506 case CIL_FILECON_SYMLINK:
1507 str_type = "\t-l";
1508 break;
1509 default:
1510 str_type = "";
1511 break;
1512 }
1513 buf_pos = sprintf(str_tmp, "%s", str_type);
1514 str_tmp += buf_pos;
1515
1516 if (ctx != NULL) {
1517 struct cil_user *user = ctx->user;
1518 struct cil_role *role = ctx->role;
1519 struct cil_type *type = ctx->type;
1520
1521 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1522 type->datum.fqn);
1523 str_tmp += buf_pos;
1524
1525 if (db->mls == CIL_TRUE) {
1526 struct cil_levelrange *range = ctx->range;
1527 buf_pos = sprintf(str_tmp, ":");
1528 str_tmp += buf_pos;
1529 buf_pos = __cil_level_to_string(range->low, str_tmp);
1530 str_tmp += buf_pos;
1531
1532 if (!cil_level_equals(range->low, range->high)) {
1533 buf_pos = sprintf(str_tmp, "-");
1534 str_tmp += buf_pos;
1535 buf_pos = __cil_level_to_string(range->high, str_tmp);
1536 str_tmp += buf_pos;
1537 }
1538 }
1539 } else {
1540 buf_pos = sprintf(str_tmp, "\t<<none>>");
1541 str_tmp += buf_pos;
1542 }
1543
1544 buf_pos = sprintf(str_tmp, "\n");
1545 str_tmp += buf_pos;
1546 }
1547
1548 return SEPOL_OK;
1549 }
1550
1551 #ifndef DISABLE_SYMVER
cil_filecons_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1552 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1553 {
1554 return cil_filecons_to_string_nopdb(db, out, size);
1555 }
1556 #endif
1557
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1558 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1559 {
1560 db->disable_dontaudit = disable_dontaudit;
1561 }
1562
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1563 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1564 {
1565 db->disable_neverallow = disable_neverallow;
1566 }
1567
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1568 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1569 {
1570 db->preserve_tunables = preserve_tunables;
1571 }
1572
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1573 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1574 {
1575 int rc = 0;
1576
1577 switch (handle_unknown) {
1578 case SEPOL_DENY_UNKNOWN:
1579 case SEPOL_REJECT_UNKNOWN:
1580 case SEPOL_ALLOW_UNKNOWN:
1581 db->handle_unknown = handle_unknown;
1582 break;
1583 default:
1584 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1585 rc = -1;
1586 }
1587
1588 return rc;
1589 }
1590
cil_set_mls(struct cil_db * db,int mls)1591 void cil_set_mls(struct cil_db *db, int mls)
1592 {
1593 db->mls = mls;
1594 }
1595
cil_set_target_platform(struct cil_db * db,int target_platform)1596 void cil_set_target_platform(struct cil_db *db, int target_platform)
1597 {
1598 db->target_platform = target_platform;
1599 }
1600
cil_set_policy_version(struct cil_db * db,int policy_version)1601 void cil_set_policy_version(struct cil_db *db, int policy_version)
1602 {
1603 db->policy_version = policy_version;
1604 }
1605
cil_symtab_array_init(symtab_t symtab[],int symtab_sizes[CIL_SYM_NUM])1606 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM])
1607 {
1608 uint32_t i = 0;
1609 for (i = 0; i < CIL_SYM_NUM; i++) {
1610 cil_symtab_init(&symtab[i], symtab_sizes[i]);
1611 }
1612 }
1613
cil_symtab_array_destroy(symtab_t symtab[])1614 void cil_symtab_array_destroy(symtab_t symtab[])
1615 {
1616 int i = 0;
1617 for (i = 0; i < CIL_SYM_NUM; i++) {
1618 cil_symtab_destroy(&symtab[i]);
1619 }
1620 }
1621
cil_destroy_ast_symtabs(struct cil_tree_node * current)1622 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1623 {
1624 while (current) {
1625 switch (current->flavor) {
1626 case CIL_BLOCK:
1627 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1628 break;
1629 case CIL_IN:
1630 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1631 break;
1632 case CIL_CLASS:
1633 case CIL_COMMON:
1634 case CIL_MAP_CLASS:
1635 cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1636 break;
1637 case CIL_MACRO:
1638 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1639 break;
1640 case CIL_CONDBLOCK:
1641 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1642 break;
1643 default:
1644 break;
1645 }
1646
1647 if (current->cl_head) {
1648 cil_destroy_ast_symtabs(current->cl_head);
1649 }
1650
1651 current = current->next;
1652 }
1653 }
1654
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1655 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1656 {
1657 struct cil_tree_node *node = ast_node;
1658 *symtab = NULL;
1659
1660 if (sym_index == CIL_SYM_PERMS) {
1661 /* Class statements are not blocks, so the passed node should be the class */
1662 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1663 node->flavor == CIL_COMMON) {
1664 *symtab = &((struct cil_class*)node->data)->perms;
1665 return SEPOL_OK;
1666 }
1667 goto exit;
1668 }
1669
1670 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1671 cil_log(CIL_ERR, "Invalid symtab type\n");
1672 goto exit;
1673 }
1674
1675 while (node != NULL && *symtab == NULL) {
1676 switch (node->flavor) {
1677 case CIL_ROOT:
1678 *symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1679 break;
1680 case CIL_BLOCK:
1681 *symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1682 break;
1683 case CIL_MACRO:
1684 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1685 break;
1686 case CIL_IN:
1687 /* In blocks only exist before resolving the AST */
1688 *symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1689 break;
1690 case CIL_CONDBLOCK: {
1691 if (node->parent->flavor == CIL_TUNABLEIF) {
1692 /* Cond blocks only exist before resolving the AST */
1693 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1694 } else if (node->parent->flavor == CIL_BOOLEANIF) {
1695 node = node->parent->parent;
1696 }
1697 break;
1698 }
1699 default:
1700 node = node->parent;
1701 }
1702 }
1703
1704 if (*symtab == NULL) {
1705 goto exit;
1706 }
1707
1708 return SEPOL_OK;
1709
1710 exit:
1711 cil_log(CIL_ERR, "Failed to get symtab from node at line %d of %s\n",
1712 ast_node->line, ast_node->path);
1713 return SEPOL_ERR;
1714 }
1715
cil_sort_init(struct cil_sort ** sort)1716 void cil_sort_init(struct cil_sort **sort)
1717 {
1718 *sort = cil_malloc(sizeof(**sort));
1719
1720 (*sort)->flavor = CIL_NONE;
1721 (*sort)->count = 0;
1722 (*sort)->index = 0;
1723 (*sort)->array = NULL;
1724 }
1725
cil_sort_destroy(struct cil_sort ** sort)1726 void cil_sort_destroy(struct cil_sort **sort)
1727 {
1728 (*sort)->flavor = CIL_NONE;
1729 (*sort)->count = 0;
1730 (*sort)->index = 0;
1731 if ((*sort)->array != NULL) {
1732 free((*sort)->array);
1733 }
1734 (*sort)->array = NULL;
1735
1736 free(*sort);
1737 *sort = NULL;
1738 }
1739
cil_netifcon_init(struct cil_netifcon ** netifcon)1740 void cil_netifcon_init(struct cil_netifcon **netifcon)
1741 {
1742 *netifcon = cil_malloc(sizeof(**netifcon));
1743
1744 (*netifcon)->interface_str = NULL;
1745 (*netifcon)->if_context_str = NULL;
1746 (*netifcon)->if_context = NULL;
1747 (*netifcon)->packet_context_str = NULL;
1748 (*netifcon)->packet_context = NULL;
1749 (*netifcon)->context_str = NULL;
1750 }
1751
cil_context_init(struct cil_context ** context)1752 void cil_context_init(struct cil_context **context)
1753 {
1754 *context = cil_malloc(sizeof(**context));
1755
1756 cil_symtab_datum_init(&(*context)->datum);
1757 (*context)->user_str = NULL;
1758 (*context)->user = NULL;
1759 (*context)->role_str = NULL;
1760 (*context)->role = NULL;
1761 (*context)->type_str = NULL;
1762 (*context)->type = NULL;
1763 (*context)->range_str = NULL;
1764 (*context)->range = NULL;
1765 }
1766
cil_level_init(struct cil_level ** level)1767 void cil_level_init(struct cil_level **level)
1768 {
1769 *level = cil_malloc(sizeof(**level));
1770
1771 cil_symtab_datum_init(&(*level)->datum);
1772 (*level)->sens_str = NULL;
1773 (*level)->sens = NULL;
1774 (*level)->cats = NULL;
1775 }
1776
cil_levelrange_init(struct cil_levelrange ** range)1777 void cil_levelrange_init(struct cil_levelrange **range)
1778 {
1779 *range = cil_malloc(sizeof(**range));
1780
1781 cil_symtab_datum_init(&(*range)->datum);
1782 (*range)->low_str = NULL;
1783 (*range)->low = NULL;
1784 (*range)->high_str = NULL;
1785 (*range)->high = NULL;
1786 }
1787
cil_sens_init(struct cil_sens ** sens)1788 void cil_sens_init(struct cil_sens **sens)
1789 {
1790 *sens = cil_malloc(sizeof(**sens));
1791
1792 cil_symtab_datum_init(&(*sens)->datum);
1793
1794 (*sens)->cats_list = NULL;
1795
1796 (*sens)->ordered = CIL_FALSE;
1797 }
1798
cil_block_init(struct cil_block ** block)1799 void cil_block_init(struct cil_block **block)
1800 {
1801 *block = cil_malloc(sizeof(**block));
1802
1803 cil_symtab_datum_init(&(*block)->datum);
1804
1805 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
1806
1807 (*block)->is_abstract = CIL_FALSE;
1808
1809 (*block)->bi_nodes = NULL;
1810 }
1811
cil_blockinherit_init(struct cil_blockinherit ** inherit)1812 void cil_blockinherit_init(struct cil_blockinherit **inherit)
1813 {
1814 *inherit = cil_malloc(sizeof(**inherit));
1815 (*inherit)->block_str = NULL;
1816 (*inherit)->block = NULL;
1817 }
1818
cil_blockabstract_init(struct cil_blockabstract ** abstract)1819 void cil_blockabstract_init(struct cil_blockabstract **abstract)
1820 {
1821 *abstract = cil_malloc(sizeof(**abstract));
1822 (*abstract)->block_str = NULL;
1823 }
1824
cil_in_init(struct cil_in ** in)1825 void cil_in_init(struct cil_in **in)
1826 {
1827 *in = cil_malloc(sizeof(**in));
1828
1829 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
1830 (*in)->block_str = NULL;
1831 }
1832
cil_class_init(struct cil_class ** class)1833 void cil_class_init(struct cil_class **class)
1834 {
1835 *class = cil_malloc(sizeof(**class));
1836
1837 cil_symtab_datum_init(&(*class)->datum);
1838
1839 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
1840
1841 (*class)->num_perms = 0;
1842 (*class)->common = NULL;
1843 (*class)->ordered = CIL_FALSE;
1844 }
1845
cil_classorder_init(struct cil_classorder ** classorder)1846 void cil_classorder_init(struct cil_classorder **classorder)
1847 {
1848 *classorder = cil_malloc(sizeof(**classorder));
1849
1850 (*classorder)->class_list_str = NULL;
1851 }
1852
cil_classcommon_init(struct cil_classcommon ** classcommon)1853 void cil_classcommon_init(struct cil_classcommon **classcommon)
1854 {
1855 *classcommon = cil_malloc(sizeof(**classcommon));
1856
1857 (*classcommon)->class_str = NULL;
1858 (*classcommon)->common_str = NULL;
1859 }
1860
cil_sid_init(struct cil_sid ** sid)1861 void cil_sid_init(struct cil_sid **sid)
1862 {
1863 *sid = cil_malloc(sizeof(**sid));
1864
1865 cil_symtab_datum_init(&(*sid)->datum);
1866
1867 (*sid)->ordered = CIL_FALSE;
1868 (*sid)->context = NULL;
1869 }
1870
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)1871 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
1872 {
1873 *sidcontext = cil_malloc(sizeof(**sidcontext));
1874
1875 (*sidcontext)->sid_str = NULL;
1876 (*sidcontext)->context_str = NULL;
1877 (*sidcontext)->context = NULL;
1878 }
1879
cil_sidorder_init(struct cil_sidorder ** sidorder)1880 void cil_sidorder_init(struct cil_sidorder **sidorder)
1881 {
1882 *sidorder = cil_malloc(sizeof(**sidorder));
1883
1884 (*sidorder)->sid_list_str = NULL;
1885 }
1886
cil_userrole_init(struct cil_userrole ** userrole)1887 void cil_userrole_init(struct cil_userrole **userrole)
1888 {
1889 *userrole = cil_malloc(sizeof(**userrole));
1890
1891 (*userrole)->user_str = NULL;
1892 (*userrole)->user = NULL;
1893 (*userrole)->role_str = NULL;
1894 (*userrole)->role = NULL;
1895 }
1896
cil_userprefix_init(struct cil_userprefix ** userprefix)1897 void cil_userprefix_init(struct cil_userprefix **userprefix)
1898 {
1899 *userprefix = cil_malloc(sizeof(**userprefix));
1900
1901 (*userprefix)->user_str = NULL;
1902 (*userprefix)->user = NULL;
1903 (*userprefix)->prefix_str = NULL;
1904 }
1905
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)1906 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
1907 {
1908 *selinuxuser = cil_malloc(sizeof(**selinuxuser));
1909
1910 (*selinuxuser)->name_str = NULL;
1911 (*selinuxuser)->user_str = NULL;
1912 (*selinuxuser)->user = NULL;
1913 (*selinuxuser)->range_str = NULL;
1914 (*selinuxuser)->range = NULL;
1915 }
1916
cil_roletype_init(struct cil_roletype ** roletype)1917 void cil_roletype_init(struct cil_roletype **roletype)
1918 {
1919 *roletype = cil_malloc(sizeof(**roletype));
1920
1921 (*roletype)->role_str = NULL;
1922 (*roletype)->role = NULL;
1923 (*roletype)->type_str = NULL;
1924 (*roletype)->type = NULL;
1925 }
1926
cil_roleattribute_init(struct cil_roleattribute ** attr)1927 void cil_roleattribute_init(struct cil_roleattribute **attr)
1928 {
1929 *attr = cil_malloc(sizeof(**attr));
1930
1931 cil_symtab_datum_init(&(*attr)->datum);
1932
1933 (*attr)->expr_list = NULL;
1934 (*attr)->roles = NULL;
1935 }
1936
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)1937 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
1938 {
1939 *attrset = cil_malloc(sizeof(**attrset));
1940
1941 (*attrset)->attr_str = NULL;
1942 (*attrset)->str_expr = NULL;
1943 (*attrset)->datum_expr = NULL;
1944 }
1945
cil_typeattribute_init(struct cil_typeattribute ** attr)1946 void cil_typeattribute_init(struct cil_typeattribute **attr)
1947 {
1948 *attr = cil_malloc(sizeof(**attr));
1949
1950 cil_symtab_datum_init(&(*attr)->datum);
1951
1952 (*attr)->expr_list = NULL;
1953 (*attr)->types = NULL;
1954 (*attr)->used = CIL_FALSE;
1955 }
1956
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)1957 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
1958 {
1959 *attrset = cil_malloc(sizeof(**attrset));
1960
1961 (*attrset)->attr_str = NULL;
1962 (*attrset)->str_expr = NULL;
1963 (*attrset)->datum_expr = NULL;
1964 }
1965
cil_alias_init(struct cil_alias ** alias)1966 void cil_alias_init(struct cil_alias **alias)
1967 {
1968 *alias = cil_malloc(sizeof(**alias));
1969
1970 (*alias)->actual = NULL;
1971
1972 cil_symtab_datum_init(&(*alias)->datum);
1973 }
1974
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)1975 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
1976 {
1977 *aliasactual = cil_malloc(sizeof(**aliasactual));
1978
1979 (*aliasactual)->alias_str = NULL;
1980 (*aliasactual)->actual_str = NULL;
1981 }
1982
cil_typepermissive_init(struct cil_typepermissive ** typeperm)1983 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
1984 {
1985 *typeperm = cil_malloc(sizeof(**typeperm));
1986
1987 (*typeperm)->type_str = NULL;
1988 (*typeperm)->type = NULL;
1989 }
1990
cil_name_init(struct cil_name ** name)1991 void cil_name_init(struct cil_name **name)
1992 {
1993 *name = cil_malloc(sizeof(**name));
1994
1995 cil_symtab_datum_init(&(*name)->datum);
1996 (*name)->name_str = NULL;
1997 }
1998
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)1999 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2000 {
2001 *nametypetrans = cil_malloc(sizeof(**nametypetrans));
2002
2003 (*nametypetrans)->src_str = NULL;
2004 (*nametypetrans)->src = NULL;
2005 (*nametypetrans)->tgt_str = NULL;
2006 (*nametypetrans)->tgt = NULL;
2007 (*nametypetrans)->obj_str = NULL;
2008 (*nametypetrans)->obj = NULL;
2009 (*nametypetrans)->name_str = NULL;
2010 (*nametypetrans)->name = NULL;
2011 (*nametypetrans)->result_str = NULL;
2012 (*nametypetrans)->result = NULL;
2013 }
2014
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2015 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2016 {
2017 *rangetrans = cil_malloc(sizeof(**rangetrans));
2018
2019 (*rangetrans)->src_str = NULL;
2020 (*rangetrans)->src = NULL;
2021 (*rangetrans)->exec_str = NULL;
2022 (*rangetrans)->exec = NULL;
2023 (*rangetrans)->obj_str = NULL;
2024 (*rangetrans)->obj = NULL;
2025 (*rangetrans)->range_str = NULL;
2026 (*rangetrans)->range = NULL;
2027 }
2028
cil_bool_init(struct cil_bool ** cilbool)2029 void cil_bool_init(struct cil_bool **cilbool)
2030 {
2031 *cilbool = cil_malloc(sizeof(**cilbool));
2032
2033 cil_symtab_datum_init(&(*cilbool)->datum);
2034 (*cilbool)->value = 0;
2035 }
2036
cil_tunable_init(struct cil_tunable ** ciltun)2037 void cil_tunable_init(struct cil_tunable **ciltun)
2038 {
2039 *ciltun = cil_malloc(sizeof(**ciltun));
2040
2041 cil_symtab_datum_init(&(*ciltun)->datum);
2042 (*ciltun)->value = 0;
2043 }
2044
cil_condblock_init(struct cil_condblock ** cb)2045 void cil_condblock_init(struct cil_condblock **cb)
2046 {
2047 *cb = cil_malloc(sizeof(**cb));
2048
2049 (*cb)->flavor = CIL_NONE;
2050 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2051 }
2052
cil_boolif_init(struct cil_booleanif ** bif)2053 void cil_boolif_init(struct cil_booleanif **bif)
2054 {
2055 *bif = cil_malloc(sizeof(**bif));
2056
2057 (*bif)->str_expr = NULL;
2058 (*bif)->datum_expr = NULL;
2059 }
2060
cil_tunif_init(struct cil_tunableif ** tif)2061 void cil_tunif_init(struct cil_tunableif **tif)
2062 {
2063 *tif = cil_malloc(sizeof(**tif));
2064
2065 (*tif)->str_expr = NULL;
2066 (*tif)->datum_expr = NULL;
2067 }
2068
cil_avrule_init(struct cil_avrule ** avrule)2069 void cil_avrule_init(struct cil_avrule **avrule)
2070 {
2071 *avrule = cil_malloc(sizeof(**avrule));
2072
2073 (*avrule)->rule_kind = CIL_NONE;
2074 (*avrule)->src_str = NULL;
2075 (*avrule)->src = NULL;
2076 (*avrule)->tgt_str = NULL;
2077 (*avrule)->tgt = NULL;
2078 (*avrule)->classperms = NULL;
2079 }
2080
cil_type_rule_init(struct cil_type_rule ** type_rule)2081 void cil_type_rule_init(struct cil_type_rule **type_rule)
2082 {
2083 *type_rule = cil_malloc(sizeof(**type_rule));
2084
2085 (*type_rule)->rule_kind = CIL_NONE;
2086 (*type_rule)->src_str = NULL;
2087 (*type_rule)->src = NULL;
2088 (*type_rule)->tgt_str = NULL;
2089 (*type_rule)->tgt = NULL;
2090 (*type_rule)->obj_str = NULL;
2091 (*type_rule)->obj = NULL;
2092 (*type_rule)->result_str = NULL;
2093 (*type_rule)->result = NULL;
2094 }
2095
cil_roletransition_init(struct cil_roletransition ** role_trans)2096 void cil_roletransition_init(struct cil_roletransition **role_trans)
2097 {
2098 *role_trans = cil_malloc(sizeof(**role_trans));
2099
2100 (*role_trans)->src_str = NULL;
2101 (*role_trans)->src = NULL;
2102 (*role_trans)->tgt_str = NULL;
2103 (*role_trans)->tgt = NULL;
2104 (*role_trans)->obj_str = NULL;
2105 (*role_trans)->obj = NULL;
2106 (*role_trans)->result_str = NULL;
2107 (*role_trans)->result = NULL;
2108 }
2109
cil_roleallow_init(struct cil_roleallow ** roleallow)2110 void cil_roleallow_init(struct cil_roleallow **roleallow)
2111 {
2112 *roleallow = cil_malloc(sizeof(**roleallow));
2113
2114 (*roleallow)->src_str = NULL;
2115 (*roleallow)->src = NULL;
2116 (*roleallow)->tgt_str = NULL;
2117 (*roleallow)->tgt = NULL;
2118 }
2119
cil_catset_init(struct cil_catset ** catset)2120 void cil_catset_init(struct cil_catset **catset)
2121 {
2122 *catset = cil_malloc(sizeof(**catset));
2123
2124 cil_symtab_datum_init(&(*catset)->datum);
2125 (*catset)->cats = NULL;
2126 }
2127
cil_senscat_init(struct cil_senscat ** senscat)2128 void cil_senscat_init(struct cil_senscat **senscat)
2129 {
2130 *senscat = cil_malloc(sizeof(**senscat));
2131
2132 (*senscat)->sens_str = NULL;
2133 (*senscat)->cats = NULL;
2134 }
2135
cil_cats_init(struct cil_cats ** cats)2136 void cil_cats_init(struct cil_cats **cats)
2137 {
2138 *cats = cil_malloc(sizeof(**cats));
2139
2140 (*cats)->evaluated = CIL_FALSE;
2141 (*cats)->str_expr = NULL;
2142 (*cats)->datum_expr = NULL;
2143 }
2144
cil_filecon_init(struct cil_filecon ** filecon)2145 void cil_filecon_init(struct cil_filecon **filecon)
2146 {
2147 *filecon = cil_malloc(sizeof(**filecon));
2148
2149 (*filecon)->path_str = NULL;
2150 (*filecon)->type = 0;
2151 (*filecon)->context_str = NULL;
2152 (*filecon)->context = NULL;
2153 }
2154
cil_portcon_init(struct cil_portcon ** portcon)2155 void cil_portcon_init(struct cil_portcon **portcon)
2156 {
2157 *portcon = cil_malloc(sizeof(**portcon));
2158 (*portcon)->proto = 0;
2159 (*portcon)->port_low = 0;
2160 (*portcon)->port_high = 0;
2161 (*portcon)->context_str = NULL;
2162 (*portcon)->context = NULL;
2163 }
2164
cil_nodecon_init(struct cil_nodecon ** nodecon)2165 void cil_nodecon_init(struct cil_nodecon **nodecon)
2166 {
2167 *nodecon = cil_malloc(sizeof(**nodecon));
2168
2169 (*nodecon)->addr_str = NULL;
2170 (*nodecon)->addr = NULL;
2171 (*nodecon)->mask_str = NULL;
2172 (*nodecon)->mask = NULL;
2173 (*nodecon)->context_str = NULL;
2174 (*nodecon)->context = NULL;
2175 }
2176
cil_genfscon_init(struct cil_genfscon ** genfscon)2177 void cil_genfscon_init(struct cil_genfscon **genfscon)
2178 {
2179 *genfscon = cil_malloc(sizeof(**genfscon));
2180
2181 (*genfscon)->fs_str = NULL;
2182 (*genfscon)->path_str = NULL;
2183 (*genfscon)->context_str = NULL;
2184 (*genfscon)->context = NULL;
2185 }
2186
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2187 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2188 {
2189 *pirqcon = cil_malloc(sizeof(**pirqcon));
2190
2191 (*pirqcon)->pirq = 0;
2192 (*pirqcon)->context_str = NULL;
2193 (*pirqcon)->context = NULL;
2194 }
2195
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2196 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2197 {
2198 *iomemcon = cil_malloc(sizeof(**iomemcon));
2199
2200 (*iomemcon)->iomem_low = 0;
2201 (*iomemcon)->iomem_high = 0;
2202 (*iomemcon)->context_str = NULL;
2203 (*iomemcon)->context = NULL;
2204 }
2205
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2206 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2207 {
2208 *ioportcon = cil_malloc(sizeof(**ioportcon));
2209
2210 (*ioportcon)->context_str = NULL;
2211 (*ioportcon)->context = NULL;
2212 }
2213
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2214 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2215 {
2216 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2217
2218 (*pcidevicecon)->dev = 0;
2219 (*pcidevicecon)->context_str = NULL;
2220 (*pcidevicecon)->context = NULL;
2221 }
2222
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2223 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2224 {
2225 *dtcon = cil_malloc(sizeof(**dtcon));
2226
2227 (*dtcon)->path = NULL;
2228 (*dtcon)->context_str = NULL;
2229 (*dtcon)->context = NULL;
2230 }
2231
cil_fsuse_init(struct cil_fsuse ** fsuse)2232 void cil_fsuse_init(struct cil_fsuse **fsuse)
2233 {
2234 *fsuse = cil_malloc(sizeof(**fsuse));
2235
2236 (*fsuse)->type = 0;
2237 (*fsuse)->fs_str = NULL;
2238 (*fsuse)->context_str = NULL;
2239 (*fsuse)->context = NULL;
2240 }
2241
cil_constrain_init(struct cil_constrain ** constrain)2242 void cil_constrain_init(struct cil_constrain **constrain)
2243 {
2244 *constrain = cil_malloc(sizeof(**constrain));
2245
2246 (*constrain)->classperms = NULL;
2247 (*constrain)->str_expr = NULL;
2248 (*constrain)->datum_expr = NULL;
2249 }
2250
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2251 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2252 {
2253 *validtrans = cil_malloc(sizeof(**validtrans));
2254
2255 (*validtrans)->class_str = NULL;
2256 (*validtrans)->class = NULL;
2257 (*validtrans)->str_expr = NULL;
2258 (*validtrans)->datum_expr = NULL;
2259 }
2260
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2261 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2262 {
2263 *ipaddr = cil_malloc(sizeof(**ipaddr));
2264
2265 cil_symtab_datum_init(&(*ipaddr)->datum);
2266 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2267 }
2268
cil_perm_init(struct cil_perm ** perm)2269 void cil_perm_init(struct cil_perm **perm)
2270 {
2271 *perm = cil_malloc(sizeof(**perm));
2272
2273 cil_symtab_datum_init(&(*perm)->datum);
2274 (*perm)->value = 0;
2275 (*perm)->classperms = NULL;
2276 }
2277
cil_classpermission_init(struct cil_classpermission ** cp)2278 void cil_classpermission_init(struct cil_classpermission **cp)
2279 {
2280 *cp = cil_malloc(sizeof(**cp));
2281
2282 cil_symtab_datum_init(&(*cp)->datum);
2283 (*cp)->classperms = NULL;
2284 }
2285
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2286 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2287 {
2288 *cps = cil_malloc(sizeof(**cps));
2289
2290 (*cps)->set_str = NULL;
2291 (*cps)->classperms = NULL;
2292 }
2293
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2294 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2295 {
2296 *cp_set = cil_malloc(sizeof(**cp_set));
2297 (*cp_set)->set_str = NULL;
2298 (*cp_set)->set = NULL;
2299 }
2300
cil_classperms_init(struct cil_classperms ** cp)2301 void cil_classperms_init(struct cil_classperms **cp)
2302 {
2303 *cp = cil_malloc(sizeof(**cp));
2304 (*cp)->class_str = NULL;
2305 (*cp)->class = NULL;
2306 (*cp)->perm_strs = NULL;
2307 (*cp)->perms = NULL;
2308 }
2309
cil_classmapping_init(struct cil_classmapping ** mapping)2310 void cil_classmapping_init(struct cil_classmapping **mapping)
2311 {
2312 *mapping = cil_malloc(sizeof(**mapping));
2313
2314 (*mapping)->map_class_str = NULL;
2315 (*mapping)->map_perm_str = NULL;
2316 (*mapping)->classperms = NULL;
2317 }
2318
cil_user_init(struct cil_user ** user)2319 void cil_user_init(struct cil_user **user)
2320 {
2321 *user = cil_malloc(sizeof(**user));
2322
2323 cil_symtab_datum_init(&(*user)->datum);
2324 (*user)->bounds = NULL;
2325 (*user)->roles = NULL;
2326 (*user)->dftlevel = NULL;
2327 (*user)->range = NULL;
2328 }
2329
cil_userlevel_init(struct cil_userlevel ** usrlvl)2330 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2331 {
2332 *usrlvl = cil_malloc(sizeof(**usrlvl));
2333
2334 (*usrlvl)->user_str = NULL;
2335 (*usrlvl)->level_str = NULL;
2336 (*usrlvl)->level = NULL;
2337 }
2338
cil_userrange_init(struct cil_userrange ** userrange)2339 void cil_userrange_init(struct cil_userrange **userrange)
2340 {
2341 *userrange = cil_malloc(sizeof(**userrange));
2342
2343 (*userrange)->user_str = NULL;
2344 (*userrange)->range_str = NULL;
2345 (*userrange)->range = NULL;
2346 }
2347
cil_role_init(struct cil_role ** role)2348 void cil_role_init(struct cil_role **role)
2349 {
2350 *role = cil_malloc(sizeof(**role));
2351
2352 cil_symtab_datum_init(&(*role)->datum);
2353 (*role)->bounds = NULL;
2354 (*role)->types = NULL;
2355 (*role)->value = 0;
2356 }
2357
cil_type_init(struct cil_type ** type)2358 void cil_type_init(struct cil_type **type)
2359 {
2360 *type = cil_malloc(sizeof(**type));
2361
2362 cil_symtab_datum_init(&(*type)->datum);
2363 (*type)->bounds = NULL;
2364 (*type)->value = 0;
2365 }
2366
cil_cat_init(struct cil_cat ** cat)2367 void cil_cat_init(struct cil_cat **cat)
2368 {
2369 *cat = cil_malloc(sizeof(**cat));
2370
2371 cil_symtab_datum_init(&(*cat)->datum);
2372 (*cat)->ordered = CIL_FALSE;
2373 (*cat)->value = 0;
2374 }
2375
cil_catorder_init(struct cil_catorder ** catorder)2376 void cil_catorder_init(struct cil_catorder **catorder)
2377 {
2378 *catorder = cil_malloc(sizeof(**catorder));
2379
2380 (*catorder)->cat_list_str = NULL;
2381 }
2382
cil_sensorder_init(struct cil_sensorder ** sensorder)2383 void cil_sensorder_init(struct cil_sensorder **sensorder)
2384 {
2385 *sensorder = cil_malloc(sizeof(**sensorder));
2386
2387 (*sensorder)->sens_list_str = NULL;
2388 }
2389
cil_args_init(struct cil_args ** args)2390 void cil_args_init(struct cil_args **args)
2391 {
2392 *args = cil_malloc(sizeof(**args));
2393 (*args)->arg_str = NULL;
2394 (*args)->arg = NULL;
2395 (*args)->param_str = NULL;
2396 (*args)->flavor = CIL_NONE;
2397 }
2398
cil_call_init(struct cil_call ** call)2399 void cil_call_init(struct cil_call **call)
2400 {
2401 *call = cil_malloc(sizeof(**call));
2402
2403 (*call)->macro_str = NULL;
2404 (*call)->macro = NULL;
2405 (*call)->args_tree = NULL;
2406 (*call)->args = NULL;
2407 (*call)->copied = 0;
2408 }
2409
cil_optional_init(struct cil_optional ** optional)2410 void cil_optional_init(struct cil_optional **optional)
2411 {
2412 *optional = cil_malloc(sizeof(**optional));
2413 (*optional)->enabled = CIL_TRUE;
2414 cil_symtab_datum_init(&(*optional)->datum);
2415 }
2416
cil_param_init(struct cil_param ** param)2417 void cil_param_init(struct cil_param **param)
2418 {
2419 *param = cil_malloc(sizeof(**param));
2420
2421 (*param)->str = NULL;
2422 (*param)->flavor = CIL_NONE;
2423 }
2424
cil_macro_init(struct cil_macro ** macro)2425 void cil_macro_init(struct cil_macro **macro)
2426 {
2427 *macro = cil_malloc(sizeof(**macro));
2428
2429 cil_symtab_datum_init(&(*macro)->datum);
2430 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2431 (*macro)->params = NULL;
2432 }
2433
cil_policycap_init(struct cil_policycap ** policycap)2434 void cil_policycap_init(struct cil_policycap **policycap)
2435 {
2436 *policycap = cil_malloc(sizeof(**policycap));
2437
2438 cil_symtab_datum_init(&(*policycap)->datum);
2439 }
2440
cil_bounds_init(struct cil_bounds ** bounds)2441 void cil_bounds_init(struct cil_bounds **bounds)
2442 {
2443 *bounds = cil_malloc(sizeof(**bounds));
2444
2445 (*bounds)->parent_str = NULL;
2446 (*bounds)->child_str = NULL;
2447 }
2448
cil_default_init(struct cil_default ** def)2449 void cil_default_init(struct cil_default **def)
2450 {
2451 *def = cil_malloc(sizeof(**def));
2452
2453 (*def)->flavor = CIL_NONE;
2454 (*def)->class_strs = NULL;
2455 (*def)->class_datums = NULL;
2456 }
2457
cil_defaultrange_init(struct cil_defaultrange ** def)2458 void cil_defaultrange_init(struct cil_defaultrange **def)
2459 {
2460 *def = cil_malloc(sizeof(**def));
2461
2462 (*def)->class_strs = NULL;
2463 (*def)->class_datums = NULL;
2464 }
2465
cil_handleunknown_init(struct cil_handleunknown ** unk)2466 void cil_handleunknown_init(struct cil_handleunknown **unk)
2467 {
2468 *unk = cil_malloc(sizeof(**unk));
2469 }
2470
cil_mls_init(struct cil_mls ** mls)2471 void cil_mls_init(struct cil_mls **mls)
2472 {
2473 *mls = cil_malloc(sizeof(**mls));
2474 (*mls)->value = 0;
2475 }
2476