1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #ifndef CIL_INTERNAL_H_ 31 #define CIL_INTERNAL_H_ 32 33 #include <stdlib.h> 34 #include <stdio.h> 35 #include <stdint.h> 36 #include <arpa/inet.h> 37 38 #include <sepol/policydb/services.h> 39 #include <sepol/policydb/policydb.h> 40 41 #include <cil/cil.h> 42 43 #include "cil_flavor.h" 44 #include "cil_tree.h" 45 #include "cil_symtab.h" 46 #include "cil_mem.h" 47 48 #define CIL_MAX_NAME_LENGTH 2048 49 50 51 enum cil_pass { 52 CIL_PASS_INIT = 0, 53 54 CIL_PASS_TIF, 55 CIL_PASS_IN, 56 CIL_PASS_BLKIN_LINK, 57 CIL_PASS_BLKIN_COPY, 58 CIL_PASS_BLKABS, 59 CIL_PASS_MACRO, 60 CIL_PASS_CALL1, 61 CIL_PASS_CALL2, 62 CIL_PASS_ALIAS1, 63 CIL_PASS_ALIAS2, 64 CIL_PASS_MISC1, 65 CIL_PASS_MLS, 66 CIL_PASS_MISC2, 67 CIL_PASS_MISC3, 68 69 CIL_PASS_NUM 70 }; 71 72 73 /* 74 Keywords 75 */ 76 char *CIL_KEY_CONS_T1; 77 char *CIL_KEY_CONS_T2; 78 char *CIL_KEY_CONS_T3; 79 char *CIL_KEY_CONS_R1; 80 char *CIL_KEY_CONS_R2; 81 char *CIL_KEY_CONS_R3; 82 char *CIL_KEY_CONS_U1; 83 char *CIL_KEY_CONS_U2; 84 char *CIL_KEY_CONS_U3; 85 char *CIL_KEY_CONS_L1; 86 char *CIL_KEY_CONS_L2; 87 char *CIL_KEY_CONS_H1; 88 char *CIL_KEY_CONS_H2; 89 char *CIL_KEY_AND; 90 char *CIL_KEY_OR; 91 char *CIL_KEY_NOT; 92 char *CIL_KEY_EQ; 93 char *CIL_KEY_NEQ; 94 char *CIL_KEY_CONS_DOM; 95 char *CIL_KEY_CONS_DOMBY; 96 char *CIL_KEY_CONS_INCOMP; 97 char *CIL_KEY_CONDTRUE; 98 char *CIL_KEY_CONDFALSE; 99 char *CIL_KEY_SELF; 100 char *CIL_KEY_OBJECT_R; 101 char *CIL_KEY_STAR; 102 char *CIL_KEY_TCP; 103 char *CIL_KEY_UDP; 104 char *CIL_KEY_AUDITALLOW; 105 char *CIL_KEY_TUNABLEIF; 106 char *CIL_KEY_ALLOW; 107 char *CIL_KEY_DONTAUDIT; 108 char *CIL_KEY_TYPETRANSITION; 109 char *CIL_KEY_TYPECHANGE; 110 char *CIL_KEY_CALL; 111 char *CIL_KEY_TUNABLE; 112 char *CIL_KEY_XOR; 113 char *CIL_KEY_ALL; 114 char *CIL_KEY_RANGE; 115 char *CIL_KEY_GLOB; 116 char *CIL_KEY_FILE; 117 char *CIL_KEY_DIR; 118 char *CIL_KEY_CHAR; 119 char *CIL_KEY_BLOCK; 120 char *CIL_KEY_SOCKET; 121 char *CIL_KEY_PIPE; 122 char *CIL_KEY_SYMLINK; 123 char *CIL_KEY_ANY; 124 char *CIL_KEY_XATTR; 125 char *CIL_KEY_TASK; 126 char *CIL_KEY_TRANS; 127 char *CIL_KEY_TYPE; 128 char *CIL_KEY_ROLE; 129 char *CIL_KEY_USER; 130 char *CIL_KEY_SENSITIVITY; 131 char *CIL_KEY_CATEGORY; 132 char *CIL_KEY_CATSET; 133 char *CIL_KEY_LEVEL; 134 char *CIL_KEY_LEVELRANGE; 135 char *CIL_KEY_CLASS; 136 char *CIL_KEY_IPADDR; 137 char *CIL_KEY_MAP_CLASS; 138 char *CIL_KEY_CLASSPERMISSION; 139 char *CIL_KEY_BOOL; 140 char *CIL_KEY_STRING; 141 char *CIL_KEY_NAME; 142 char *CIL_KEY_SOURCE; 143 char *CIL_KEY_TARGET; 144 char *CIL_KEY_LOW; 145 char *CIL_KEY_HIGH; 146 char *CIL_KEY_LOW_HIGH; 147 char *CIL_KEY_HANDLEUNKNOWN; 148 char *CIL_KEY_HANDLEUNKNOWN_ALLOW; 149 char *CIL_KEY_HANDLEUNKNOWN_DENY; 150 char *CIL_KEY_HANDLEUNKNOWN_REJECT; 151 char *CIL_KEY_MACRO; 152 char *CIL_KEY_IN; 153 char *CIL_KEY_MLS; 154 char *CIL_KEY_DEFAULTRANGE; 155 char *CIL_KEY_BLOCKINHERIT; 156 char *CIL_KEY_BLOCKABSTRACT; 157 char *CIL_KEY_CLASSORDER; 158 char *CIL_KEY_CLASSMAPPING; 159 char *CIL_KEY_CLASSPERMISSIONSET; 160 char *CIL_KEY_COMMON; 161 char *CIL_KEY_CLASSCOMMON; 162 char *CIL_KEY_SID; 163 char *CIL_KEY_SIDCONTEXT; 164 char *CIL_KEY_SIDORDER; 165 char *CIL_KEY_USERLEVEL; 166 char *CIL_KEY_USERRANGE; 167 char *CIL_KEY_USERBOUNDS; 168 char *CIL_KEY_USERPREFIX; 169 char *CIL_KEY_SELINUXUSER; 170 char *CIL_KEY_SELINUXUSERDEFAULT; 171 char *CIL_KEY_TYPEATTRIBUTE; 172 char *CIL_KEY_TYPEATTRIBUTESET; 173 char *CIL_KEY_TYPEALIAS; 174 char *CIL_KEY_TYPEALIASACTUAL; 175 char *CIL_KEY_TYPEBOUNDS; 176 char *CIL_KEY_TYPEPERMISSIVE; 177 char *CIL_KEY_RANGETRANSITION; 178 char *CIL_KEY_USERROLE; 179 char *CIL_KEY_ROLETYPE; 180 char *CIL_KEY_ROLETRANSITION; 181 char *CIL_KEY_ROLEALLOW; 182 char *CIL_KEY_ROLEATTRIBUTE; 183 char *CIL_KEY_ROLEATTRIBUTESET; 184 char *CIL_KEY_ROLEBOUNDS; 185 char *CIL_KEY_BOOLEANIF; 186 char *CIL_KEY_NEVERALLOW; 187 char *CIL_KEY_TYPEMEMBER; 188 char *CIL_KEY_SENSALIAS; 189 char *CIL_KEY_SENSALIASACTUAL; 190 char *CIL_KEY_CATALIAS; 191 char *CIL_KEY_CATALIASACTUAL; 192 char *CIL_KEY_CATORDER; 193 char *CIL_KEY_SENSITIVITYORDER; 194 char *CIL_KEY_SENSCAT; 195 char *CIL_KEY_CONSTRAIN; 196 char *CIL_KEY_MLSCONSTRAIN; 197 char *CIL_KEY_VALIDATETRANS; 198 char *CIL_KEY_MLSVALIDATETRANS; 199 char *CIL_KEY_CONTEXT; 200 char *CIL_KEY_FILECON; 201 char *CIL_KEY_PORTCON; 202 char *CIL_KEY_NODECON; 203 char *CIL_KEY_GENFSCON; 204 char *CIL_KEY_NETIFCON; 205 char *CIL_KEY_PIRQCON; 206 char *CIL_KEY_IOMEMCON; 207 char *CIL_KEY_IOPORTCON; 208 char *CIL_KEY_PCIDEVICECON; 209 char *CIL_KEY_DEVICETREECON; 210 char *CIL_KEY_FSUSE; 211 char *CIL_KEY_POLICYCAP; 212 char *CIL_KEY_OPTIONAL; 213 char *CIL_KEY_DEFAULTUSER; 214 char *CIL_KEY_DEFAULTROLE; 215 char *CIL_KEY_DEFAULTTYPE; 216 char *CIL_KEY_ROOT; 217 char *CIL_KEY_NODE; 218 char *CIL_KEY_PERM; 219 220 /* 221 Symbol Table Array Indices 222 */ 223 enum cil_sym_index { 224 CIL_SYM_BLOCKS = 0, 225 CIL_SYM_USERS, 226 CIL_SYM_ROLES, 227 CIL_SYM_TYPES, 228 CIL_SYM_COMMONS, 229 CIL_SYM_CLASSES, 230 CIL_SYM_CLASSPERMSETS, 231 CIL_SYM_BOOLS, 232 CIL_SYM_TUNABLES, 233 CIL_SYM_SENS, 234 CIL_SYM_CATS, 235 CIL_SYM_SIDS, 236 CIL_SYM_CONTEXTS, 237 CIL_SYM_LEVELS, 238 CIL_SYM_LEVELRANGES, 239 CIL_SYM_POLICYCAPS, 240 CIL_SYM_IPADDRS, 241 CIL_SYM_NAMES, 242 CIL_SYM_NUM, 243 CIL_SYM_UNKNOWN, 244 CIL_SYM_PERMS // Special case for permissions. This symtab is not included in arrays 245 }; 246 247 enum cil_sym_array { 248 CIL_SYM_ARRAY_ROOT = 0, 249 CIL_SYM_ARRAY_BLOCK, 250 CIL_SYM_ARRAY_IN, 251 CIL_SYM_ARRAY_MACRO, 252 CIL_SYM_ARRAY_CONDBLOCK, 253 CIL_SYM_ARRAY_NUM 254 }; 255 256 extern int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM]; 257 258 #define CIL_CLASS_SYM_SIZE 256 259 260 struct cil_db { 261 struct cil_tree *parse; 262 struct cil_tree *ast; 263 struct cil_type *selftype; 264 struct cil_list *sidorder; 265 struct cil_list *classorder; 266 struct cil_list *catorder; 267 struct cil_list *sensitivityorder; 268 struct cil_sort *netifcon; 269 struct cil_sort *genfscon; 270 struct cil_sort *filecon; 271 struct cil_sort *nodecon; 272 struct cil_sort *portcon; 273 struct cil_sort *pirqcon; 274 struct cil_sort *iomemcon; 275 struct cil_sort *ioportcon; 276 struct cil_sort *pcidevicecon; 277 struct cil_sort *devicetreecon; 278 struct cil_sort *fsuse; 279 struct cil_list *userprefixes; 280 struct cil_list *selinuxusers; 281 struct cil_list *names; 282 int num_cats; 283 int num_types; 284 int num_roles; 285 struct cil_type **val_to_type; 286 struct cil_role **val_to_role; 287 int disable_dontaudit; 288 int disable_neverallow; 289 int preserve_tunables; 290 int handle_unknown; 291 int mls; 292 int target_platform; 293 int policy_version; 294 }; 295 296 struct cil_root { 297 symtab_t symtab[CIL_SYM_NUM]; 298 }; 299 300 struct cil_sort { 301 enum cil_flavor flavor; 302 uint32_t count; 303 uint32_t index; 304 void **array; 305 }; 306 307 struct cil_block { 308 struct cil_symtab_datum datum; 309 symtab_t symtab[CIL_SYM_NUM]; 310 uint16_t is_abstract; 311 struct cil_list *bi_nodes; 312 }; 313 314 struct cil_blockinherit { 315 char *block_str; 316 struct cil_block *block; 317 }; 318 319 struct cil_blockabstract { 320 char *block_str; 321 }; 322 323 struct cil_in { 324 symtab_t symtab[CIL_SYM_NUM]; 325 char *block_str; 326 }; 327 328 struct cil_optional { 329 struct cil_symtab_datum datum; 330 int enabled; 331 }; 332 333 struct cil_perm { 334 struct cil_symtab_datum datum; 335 unsigned int value; 336 struct cil_list *classperms; /* Only used for map perms */ 337 }; 338 339 struct cil_class { 340 struct cil_symtab_datum datum; 341 symtab_t perms; 342 unsigned int num_perms; 343 struct cil_class *common; /* Only used for kernel class */ 344 uint32_t ordered; /* Only used for kernel class */ 345 }; 346 347 struct cil_classorder { 348 struct cil_list *class_list_str; 349 }; 350 351 struct cil_classperms_set { 352 char *set_str; 353 struct cil_classpermission *set; 354 }; 355 356 struct cil_classperms { 357 char *class_str; 358 struct cil_class *class; 359 struct cil_list *perm_strs; 360 struct cil_list *perms; 361 }; 362 363 struct cil_classpermission { 364 struct cil_symtab_datum datum; 365 struct cil_list *classperms; 366 }; 367 368 struct cil_classpermissionset { 369 char *set_str; 370 struct cil_list *classperms; 371 }; 372 373 struct cil_classmapping { 374 char *map_class_str; 375 char *map_perm_str; 376 struct cil_list *classperms; 377 }; 378 379 struct cil_classcommon { 380 char *class_str; 381 char *common_str; 382 }; 383 384 struct cil_alias { 385 struct cil_symtab_datum datum; 386 void *actual; 387 }; 388 389 struct cil_aliasactual { 390 char *alias_str; 391 char *actual_str; 392 }; 393 394 struct cil_sid { 395 struct cil_symtab_datum datum; 396 struct cil_context *context; 397 uint32_t ordered; 398 }; 399 400 struct cil_sidcontext { 401 char *sid_str; 402 char *context_str; 403 struct cil_context *context; 404 }; 405 406 struct cil_sidorder { 407 struct cil_list *sid_list_str; 408 }; 409 410 struct cil_user { 411 struct cil_symtab_datum datum; 412 struct cil_user *bounds; 413 struct cil_list *roles; 414 struct cil_level *dftlevel; 415 struct cil_levelrange *range; 416 }; 417 418 struct cil_userrole { 419 char *user_str; 420 struct cil_user *user; 421 char *role_str; 422 void *role; 423 }; 424 425 struct cil_userlevel { 426 char *user_str; 427 char *level_str; 428 struct cil_level *level; 429 }; 430 431 struct cil_userrange { 432 char *user_str; 433 char *range_str; 434 struct cil_levelrange *range; 435 }; 436 437 struct cil_userprefix { 438 char *user_str; 439 struct cil_user *user; 440 char *prefix_str; 441 }; 442 443 struct cil_selinuxuser { 444 char *name_str; 445 char *user_str; 446 struct cil_user *user; 447 char *range_str; 448 struct cil_levelrange *range; 449 }; 450 451 struct cil_role { 452 struct cil_symtab_datum datum; 453 struct cil_role *bounds; 454 ebitmap_t *types; 455 int value; 456 }; 457 458 struct cil_roleattribute { 459 struct cil_symtab_datum datum; 460 struct cil_list *expr_list; 461 ebitmap_t *roles; 462 }; 463 464 struct cil_roleattributeset { 465 char *attr_str; 466 struct cil_list *str_expr; 467 struct cil_list *datum_expr; 468 }; 469 470 struct cil_roletype { 471 char *role_str; 472 void *role; /* role or attribute */ 473 char *type_str; 474 void *type; /* type, alias, or attribute */ 475 }; 476 477 struct cil_type { 478 struct cil_symtab_datum datum; 479 struct cil_type *bounds; 480 int value; 481 }; 482 483 struct cil_typeattribute { 484 struct cil_symtab_datum datum; 485 struct cil_list *expr_list; 486 ebitmap_t *types; 487 int used; // whether or not this typeattribute was used and should be added to the binary 488 }; 489 490 struct cil_typeattributeset { 491 char *attr_str; 492 struct cil_list *str_expr; 493 struct cil_list *datum_expr; 494 }; 495 496 struct cil_typepermissive { 497 char *type_str; 498 void *type; /* type or alias */ 499 }; 500 501 struct cil_name { 502 struct cil_symtab_datum datum; 503 char *name_str; 504 }; 505 506 struct cil_nametypetransition { 507 char *src_str; 508 void *src; /* type, alias, or attribute */ 509 char *tgt_str; 510 void *tgt; /* type, alias, or attribute */ 511 char *obj_str; 512 struct cil_class *obj; 513 char *name_str; 514 struct cil_name *name; 515 char *result_str; 516 void *result; /* type or alias */ 517 518 }; 519 520 struct cil_rangetransition { 521 char *src_str; 522 void *src; /* type, alias, or attribute */ 523 char *exec_str; 524 void *exec; /* type, alias, or attribute */ 525 char *obj_str; 526 struct cil_class *obj; 527 char *range_str; 528 struct cil_levelrange *range; 529 }; 530 531 struct cil_bool { 532 struct cil_symtab_datum datum; 533 uint16_t value; 534 }; 535 536 struct cil_tunable { 537 struct cil_symtab_datum datum; 538 uint16_t value; 539 }; 540 541 #define CIL_AVRULE_ALLOWED 1 542 #define CIL_AVRULE_AUDITALLOW 2 543 #define CIL_AVRULE_DONTAUDIT 8 544 #define CIL_AVRULE_NEVERALLOW 128 545 #define CIL_AVRULE_AV (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW) 546 struct cil_avrule { 547 uint32_t rule_kind; 548 char *src_str; 549 void *src; /* type, alias, or attribute */ 550 char *tgt_str; 551 void *tgt; /* type, alias, or attribute */ 552 struct cil_list *classperms; 553 }; 554 555 #define CIL_TYPE_TRANSITION 16 556 #define CIL_TYPE_MEMBER 32 557 #define CIL_TYPE_CHANGE 64 558 #define CIL_AVRULE_TYPE (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE) 559 struct cil_type_rule { 560 uint32_t rule_kind; 561 char *src_str; 562 void *src; /* type, alias, or attribute */ 563 char *tgt_str; 564 void *tgt; /* type, alias, or attribute */ 565 char *obj_str; 566 struct cil_class *obj; 567 char *result_str; 568 void *result; /* type or alias */ 569 }; 570 571 struct cil_roletransition { 572 char *src_str; 573 struct cil_role *src; 574 char *tgt_str; 575 void *tgt; /* type, alias, or attribute */ 576 char *obj_str; 577 struct cil_class *obj; 578 char *result_str; 579 struct cil_role *result; 580 }; 581 582 struct cil_roleallow { 583 char *src_str; 584 void *src; /* role or attribute */ 585 char *tgt_str; 586 void *tgt; /* role or attribute */ 587 }; 588 589 struct cil_sens { 590 struct cil_symtab_datum datum; 591 struct cil_list *cats_list; 592 uint32_t ordered; 593 }; 594 595 struct cil_sensorder { 596 struct cil_list *sens_list_str; 597 }; 598 599 struct cil_cat { 600 struct cil_symtab_datum datum; 601 uint32_t ordered; 602 int value; 603 }; 604 605 struct cil_cats { 606 uint32_t evaluated; 607 struct cil_list *str_expr; 608 struct cil_list *datum_expr; 609 }; 610 611 struct cil_catset { 612 struct cil_symtab_datum datum; 613 struct cil_cats *cats; 614 }; 615 616 struct cil_catorder { 617 struct cil_list *cat_list_str; 618 }; 619 620 struct cil_senscat { 621 char *sens_str; 622 struct cil_cats *cats; 623 }; 624 625 struct cil_level { 626 struct cil_symtab_datum datum; 627 char *sens_str; 628 struct cil_sens *sens; 629 struct cil_cats *cats; 630 }; 631 632 struct cil_levelrange { 633 struct cil_symtab_datum datum; 634 char *low_str; 635 struct cil_level *low; 636 char *high_str; 637 struct cil_level *high; 638 }; 639 640 struct cil_context { 641 struct cil_symtab_datum datum; 642 char *user_str; 643 struct cil_user *user; 644 char *role_str; 645 struct cil_role *role; 646 char *type_str; 647 void *type; /* type or alias */ 648 char *range_str; 649 struct cil_levelrange *range; 650 }; 651 652 enum cil_filecon_types { 653 CIL_FILECON_FILE = 1, 654 CIL_FILECON_DIR, 655 CIL_FILECON_CHAR, 656 CIL_FILECON_BLOCK, 657 CIL_FILECON_SOCKET, 658 CIL_FILECON_PIPE, 659 CIL_FILECON_SYMLINK, 660 CIL_FILECON_ANY 661 }; 662 663 struct cil_filecon { 664 char *path_str; 665 enum cil_filecon_types type; 666 char *context_str; 667 struct cil_context *context; 668 }; 669 670 enum cil_protocol { 671 CIL_PROTOCOL_UDP = 1, 672 CIL_PROTOCOL_TCP 673 }; 674 675 struct cil_portcon { 676 enum cil_protocol proto; 677 uint32_t port_low; 678 uint32_t port_high; 679 char *context_str; 680 struct cil_context *context; 681 }; 682 683 struct cil_nodecon { 684 char *addr_str; 685 struct cil_ipaddr *addr; 686 char *mask_str; 687 struct cil_ipaddr *mask; 688 char *context_str; 689 struct cil_context *context; 690 }; 691 692 struct cil_ipaddr { 693 struct cil_symtab_datum datum; 694 int family; 695 union { 696 struct in_addr v4; 697 struct in6_addr v6; 698 } ip; 699 }; 700 701 struct cil_genfscon { 702 char *fs_str; 703 char *path_str; 704 char *context_str; 705 struct cil_context *context; 706 }; 707 708 struct cil_netifcon { 709 char *interface_str; 710 char *if_context_str; 711 struct cil_context *if_context; 712 char *packet_context_str; 713 struct cil_context *packet_context; 714 char *context_str; 715 }; 716 717 struct cil_pirqcon { 718 uint32_t pirq; 719 char *context_str; 720 struct cil_context *context; 721 }; 722 723 struct cil_iomemcon { 724 uint64_t iomem_low; 725 uint64_t iomem_high; 726 char *context_str; 727 struct cil_context *context; 728 }; 729 730 struct cil_ioportcon { 731 uint32_t ioport_low; 732 uint32_t ioport_high; 733 char *context_str; 734 struct cil_context *context; 735 }; 736 737 struct cil_pcidevicecon { 738 uint32_t dev; 739 char *context_str; 740 struct cil_context *context; 741 }; 742 743 struct cil_devicetreecon { 744 char *path; 745 char *context_str; 746 struct cil_context *context; 747 }; 748 749 750 /* Ensure that CIL uses the same values as sepol services.h */ 751 enum cil_fsuse_types { 752 CIL_FSUSE_XATTR = SECURITY_FS_USE_XATTR, 753 CIL_FSUSE_TASK = SECURITY_FS_USE_TASK, 754 CIL_FSUSE_TRANS = SECURITY_FS_USE_TRANS 755 }; 756 757 struct cil_fsuse { 758 enum cil_fsuse_types type; 759 char *fs_str; 760 char *context_str; 761 struct cil_context *context; 762 }; 763 764 #define CIL_MLS_LEVELS "l1 l2 h1 h2" 765 #define CIL_CONSTRAIN_KEYS "t1 t2 r1 r2 u1 u2" 766 #define CIL_MLSCONSTRAIN_KEYS CIL_MLS_LEVELS CIL_CONSTRAIN_KEYS 767 #define CIL_CONSTRAIN_OPER "== != eq dom domby incomp not and or" 768 struct cil_constrain { 769 struct cil_list *classperms; 770 struct cil_list *str_expr; 771 struct cil_list *datum_expr; 772 }; 773 774 struct cil_validatetrans { 775 char *class_str; 776 struct cil_class *class; 777 struct cil_list *str_expr; 778 struct cil_list *datum_expr; 779 }; 780 781 struct cil_param { 782 char *str; 783 enum cil_flavor flavor; 784 }; 785 786 struct cil_macro { 787 struct cil_symtab_datum datum; 788 symtab_t symtab[CIL_SYM_NUM]; 789 struct cil_list *params; 790 }; 791 792 struct cil_args { 793 char *arg_str; 794 struct cil_symtab_datum *arg; 795 char *param_str; 796 enum cil_flavor flavor; 797 }; 798 799 struct cil_call { 800 char *macro_str; 801 struct cil_macro *macro; 802 struct cil_tree *args_tree; 803 struct cil_list *args; 804 int copied; 805 }; 806 807 #define CIL_TRUE 1 808 #define CIL_FALSE 0 809 810 struct cil_condblock { 811 enum cil_flavor flavor; 812 symtab_t symtab[CIL_SYM_NUM]; 813 }; 814 815 struct cil_booleanif { 816 struct cil_list *str_expr; 817 struct cil_list *datum_expr; 818 int preserved_tunable; 819 }; 820 821 struct cil_tunableif { 822 struct cil_list *str_expr; 823 struct cil_list *datum_expr; 824 }; 825 826 struct cil_policycap { 827 struct cil_symtab_datum datum; 828 }; 829 830 struct cil_bounds { 831 char *parent_str; 832 char *child_str; 833 }; 834 835 /* Ensure that CIL uses the same values as sepol policydb.h */ 836 enum cil_default_object { 837 CIL_DEFAULT_SOURCE = DEFAULT_SOURCE, 838 CIL_DEFAULT_TARGET = DEFAULT_TARGET, 839 }; 840 841 /* Default labeling behavior for users, roles, and types */ 842 struct cil_default { 843 enum cil_flavor flavor; 844 struct cil_list *class_strs; 845 struct cil_list *class_datums; 846 enum cil_default_object object; 847 }; 848 849 /* Ensure that CIL uses the same values as sepol policydb.h */ 850 enum cil_default_object_range { 851 CIL_DEFAULT_SOURCE_LOW = DEFAULT_SOURCE_LOW, 852 CIL_DEFAULT_SOURCE_HIGH = DEFAULT_SOURCE_HIGH, 853 CIL_DEFAULT_SOURCE_LOW_HIGH = DEFAULT_SOURCE_LOW_HIGH, 854 CIL_DEFAULT_TARGET_LOW = DEFAULT_TARGET_LOW, 855 CIL_DEFAULT_TARGET_HIGH = DEFAULT_TARGET_HIGH, 856 CIL_DEFAULT_TARGET_LOW_HIGH = DEFAULT_TARGET_LOW_HIGH, 857 }; 858 859 /* Default labeling behavior for range */ 860 struct cil_defaultrange { 861 struct cil_list *class_strs; 862 struct cil_list *class_datums; 863 enum cil_default_object_range object_range; 864 }; 865 866 struct cil_handleunknown { 867 int handle_unknown; 868 }; 869 870 struct cil_mls { 871 int value; 872 }; 873 874 void cil_db_init(struct cil_db **db); 875 void cil_db_destroy(struct cil_db **db); 876 877 void cil_root_init(struct cil_root **root); 878 void cil_root_destroy(struct cil_root *root); 879 880 void cil_destroy_data(void **data, enum cil_flavor flavor); 881 882 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *index); 883 const char * cil_node_to_string(struct cil_tree_node *node); 884 885 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size); 886 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size); 887 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size); 888 889 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM]); 890 void cil_symtab_array_destroy(symtab_t symtab[]); 891 void cil_destroy_ast_symtabs(struct cil_tree_node *root); 892 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index); 893 894 void cil_sort_init(struct cil_sort **sort); 895 void cil_sort_destroy(struct cil_sort **sort); 896 void cil_netifcon_init(struct cil_netifcon **netifcon); 897 void cil_context_init(struct cil_context **context); 898 void cil_level_init(struct cil_level **level); 899 void cil_levelrange_init(struct cil_levelrange **lvlrange); 900 void cil_sens_init(struct cil_sens **sens); 901 void cil_block_init(struct cil_block **block); 902 void cil_blockinherit_init(struct cil_blockinherit **inherit); 903 void cil_blockabstract_init(struct cil_blockabstract **abstract); 904 void cil_in_init(struct cil_in **in); 905 void cil_class_init(struct cil_class **class); 906 void cil_classorder_init(struct cil_classorder **classorder); 907 void cil_classcommon_init(struct cil_classcommon **classcommon); 908 void cil_sid_init(struct cil_sid **sid); 909 void cil_sidcontext_init(struct cil_sidcontext **sidcontext); 910 void cil_sidorder_init(struct cil_sidorder **sidorder); 911 void cil_userrole_init(struct cil_userrole **userrole); 912 void cil_userprefix_init(struct cil_userprefix **userprefix); 913 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser); 914 void cil_roleattribute_init(struct cil_roleattribute **attribute); 915 void cil_roleattributeset_init(struct cil_roleattributeset **attrset); 916 void cil_roletype_init(struct cil_roletype **roletype); 917 void cil_typeattribute_init(struct cil_typeattribute **attribute); 918 void cil_typeattributeset_init(struct cil_typeattributeset **attrset); 919 void cil_alias_init(struct cil_alias **alias); 920 void cil_aliasactual_init(struct cil_aliasactual **aliasactual); 921 void cil_typepermissive_init(struct cil_typepermissive **typeperm); 922 void cil_name_init(struct cil_name **name); 923 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans); 924 void cil_rangetransition_init(struct cil_rangetransition **rangetrans); 925 void cil_bool_init(struct cil_bool **cilbool); 926 void cil_boolif_init(struct cil_booleanif **bif); 927 void cil_condblock_init(struct cil_condblock **cb); 928 void cil_tunable_init(struct cil_tunable **ciltun); 929 void cil_tunif_init(struct cil_tunableif **tif); 930 void cil_avrule_init(struct cil_avrule **avrule); 931 void cil_type_rule_init(struct cil_type_rule **type_rule); 932 void cil_roletransition_init(struct cil_roletransition **roletrans); 933 void cil_roleallow_init(struct cil_roleallow **role_allow); 934 void cil_catset_init(struct cil_catset **catset); 935 void cil_cats_init(struct cil_cats **cats); 936 void cil_senscat_init(struct cil_senscat **senscat); 937 void cil_filecon_init(struct cil_filecon **filecon); 938 void cil_portcon_init(struct cil_portcon **portcon); 939 void cil_nodecon_init(struct cil_nodecon **nodecon); 940 void cil_genfscon_init(struct cil_genfscon **genfscon); 941 void cil_pirqcon_init(struct cil_pirqcon **pirqcon); 942 void cil_iomemcon_init(struct cil_iomemcon **iomemcon); 943 void cil_ioportcon_init(struct cil_ioportcon **ioportcon); 944 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon); 945 void cil_devicetreecon_init(struct cil_devicetreecon **devicetreecon); 946 void cil_fsuse_init(struct cil_fsuse **fsuse); 947 void cil_constrain_init(struct cil_constrain **constrain); 948 void cil_validatetrans_init(struct cil_validatetrans **validtrans); 949 void cil_ipaddr_init(struct cil_ipaddr **ipaddr); 950 void cil_perm_init(struct cil_perm **perm); 951 void cil_classpermission_init(struct cil_classpermission **cp); 952 void cil_classpermissionset_init(struct cil_classpermissionset **cps); 953 void cil_classperms_set_init(struct cil_classperms_set **cp_set); 954 void cil_classperms_init(struct cil_classperms **cp); 955 void cil_classmapping_init(struct cil_classmapping **mapping); 956 void cil_user_init(struct cil_user **user); 957 void cil_userlevel_init(struct cil_userlevel **usrlvl); 958 void cil_userrange_init(struct cil_userrange **userrange); 959 void cil_role_init(struct cil_role **role); 960 void cil_type_init(struct cil_type **type); 961 void cil_cat_init(struct cil_cat **cat); 962 void cil_catorder_init(struct cil_catorder **catorder); 963 void cil_sensorder_init(struct cil_sensorder **sensorder); 964 void cil_args_init(struct cil_args **args); 965 void cil_call_init(struct cil_call **call); 966 void cil_optional_init(struct cil_optional **optional); 967 void cil_param_init(struct cil_param **param); 968 void cil_macro_init(struct cil_macro **macro); 969 void cil_policycap_init(struct cil_policycap **policycap); 970 void cil_bounds_init(struct cil_bounds **bounds); 971 void cil_default_init(struct cil_default **def); 972 void cil_defaultrange_init(struct cil_defaultrange **def); 973 void cil_handleunknown_init(struct cil_handleunknown **unk); 974 void cil_mls_init(struct cil_mls **mls); 975 976 #endif 977