1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #ifndef _CIL_BINARY_H_ 31 #define _CIL_BINARY_H_ 32 33 #include <sepol/policydb/policydb.h> 34 35 #include "cil_internal.h" 36 #include "cil_tree.h" 37 #include "cil_list.h" 38 39 /** 40 * Create a binary policydb from the cil db. 41 * 42 * @param[in] db The cil database. 43 * @param[in] pdb The policy database. 44 * 45 * @return SEPOL_OK upon success or an error otherwise. 46 */ 47 int cil_binary_create(const struct cil_db *db, sepol_policydb_t **pdb); 48 49 /** 50 * Create a pre allocated binary policydb from the cil db. 51 * 52 * It is assumed that pdb has been allocated and initialzed so that fields such 53 * as policy type and version are set appropriately. It is reccomended that 54 * instead of calling this, one instead calls cil_binary_create, which will 55 * properly allocate and initialize the pdb and then calls this function. This 56 * funcion is used to maintain binary backwards compatability. 57 * 58 * @param[in] db The cil database. 59 * @param[in] pdb The policy database. 60 * 61 * @return SEPOL_OK upon success or an error otherwise. 62 */ 63 int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *pdb); 64 65 /** 66 * Insert cil common structure into sepol policydb. 67 * 68 * @param[in] pdb The policy database to insert the common into. 69 * @param[in] datum The cil_common datum. 70 * @param[out] common_out The sepol common to send back. 71 * 72 * @return SEPOL_OK upon success or an error otherwise. 73 */ 74 int cil_common_to_policydb(policydb_t *pdb, struct cil_class *cil_common, common_datum_t **common_out); 75 76 /** 77 * Insert cil class structure into sepol policydb. 78 * 79 * @param[in] pdb The policy database to insert the class into. 80 * @param[in] datum The cil_class datum. 81 * 82 * @return SEPOL_OK upon success or an error otherwise. 83 */ 84 int cil_class_to_policydb(policydb_t *pdb, struct cil_class *cil_class); 85 86 /** 87 * Insert cil role structure into sepol policydb. 88 * 89 * @param[in] pdb The policy database to insert the role into. 90 * @param[in] datum The cil_role datum. 91 * 92 * @return SEPOL_OK upon success or an error otherwise. 93 */ 94 int cil_role_to_policydb(policydb_t *pdb, struct cil_role *cil_role); 95 96 /** 97 * Insert cil roletype structure into sepol policydb. 98 * 99 * @param[in] pdb The policy database to insert the roletype into. 100 * @param[in] db The cil database 101 * @param[in] datum The cil_roletype datum. 102 * 103 * @return SEPOL_OK upon success or SEPOL_ERR otherwise. 104 */ 105 int cil_roletype_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_role *role); 106 107 /** 108 * Insert cil type structure into sepol policydb. 109 * 110 * @param[in] pdb The policy database to insert the type into. 111 * @param[in] datum The cil_type datum. 112 * 113 * @return SEPOL_OK upon success or an error otherwise. 114 */ 115 int cil_type_to_policydb(policydb_t *pdb, struct cil_type *cil_type); 116 117 /** 118 * Insert cil typealias structure into sepol policydb. 119 * 120 * @param[in] pdb The policy database to insert the typealias into. 121 * @param[in] datum The cil_typealias datum. 122 * 123 * @return SEPOL_OK upon success or an error otherwise. 124 */ 125 int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias); 126 127 /** 128 * Insert cil typepermissive structure into sepol policydb. 129 * The function looks up the perviously inserted type and flips the bit 130 * in the permssive types bitmap that corresponds to that type's value. 131 * 132 * @param[in] pdb The policy database to insert the typepermissive into. 133 * @param[in] datum The cil_typepermissive datum. 134 * 135 * @return SEPOL_OK upon success or an error otherwise. 136 */ 137 int cil_typepermissive_to_policydb(policydb_t *pdb, struct cil_typepermissive *cil_typeperm); 138 139 /** 140 * Insert cil attribute structure into sepol policydb. 141 * 142 * @param[in] pdb The policy database to insert the attribute into. 143 * @param[in] datum The cil_attribute datum. 144 * 145 * @return SEPOL_OK upon success or an error otherwise. 146 */ 147 int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil_attr); 148 149 /** 150 * Insert cil attribute structure into sepol type->attribute bitmap. 151 * The function calls helper functions to loop over the attributes lists 152 * of types and negative types. If either of the lists contain an attribute, 153 * the helper functions will recurse into the attribute and record the 154 * attribute's types and negative types. There is no minimum depth. 155 * 156 * @param[in] pdb The policy database that contains the type->attribute bitmap. 157 * @param[in] db The cil database 158 * @param[in] node The tree node that contains the cil_attribute. 159 * 160 * @return SEPOL_OK upon success or an error otherwise. 161 */ 162 int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *cdb, struct cil_typeattribute *cil_attr); 163 164 /** 165 * Insert cil policycap structure into sepol policydb. 166 * 167 * @param[in] pdb The policy database to insert the policycap into. 168 * @param[in] node The tree node that contains the cil_policycap. 169 * 170 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 171 */ 172 int cil_policycap_to_policydb(policydb_t *pdb, struct cil_policycap *cil_polcap); 173 174 /** 175 * Insert cil user structure into sepol policydb. 176 * 177 * @param[in] pdb THe policy database to insert the user into. 178 * @param[in] node The tree node that contains the cil_user. 179 * 180 * @return SEPOL_OK upon success or an error otherwise. 181 */ 182 int cil_user_to_policydb(policydb_t *pdb, struct cil_user *cil_user); 183 184 /** 185 * Insert cil userrole structure into sepol policydb. 186 * 187 * @param[in] pdb THe policy database to insert the userrole into. 188 * @param[in] datum The cil_userrole datum. 189 * 190 * @return SEPOL_OK upon success or SEPOL_ERR otherwise. 191 */ 192 int cil_userrole_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_userrole *userrole); 193 194 /** 195 * Insert cil bool structure into sepol policydb. 196 * 197 * @param[in] pdb THe policy database to insert the bool into. 198 * @param[in] datum The cil_bool datum. 199 * 200 * @return SEPOL_OK upon success or an error otherwise. 201 */ 202 int cil_bool_to_policydb(policydb_t *pdb, struct cil_bool *cil_bool); 203 204 /** 205 * Insert all ordered cil category structures into sepol policydb. 206 * 207 * @param[in] pdb The policy database to insert the categories into. 208 * @param[in] db The cil database that contains the category order list. 209 * 210 * @return SEPOL_OK upon success or an error otherwise. 211 */ 212 int cil_catorder_to_policydb(policydb_t *pdb, const struct cil_db *db); 213 214 /** 215 * Insert cil category alias structure into sepol policydb. 216 * 217 * @param[in] pdb The policy database to insert the category alias into. 218 * @param[in] datum The cil_catalias datum. 219 * 220 * @return SEPOL_OK upon success or an error otherwise. 221 */ 222 int cil_catalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias); 223 224 /** 225 * Insert the cil sensitivityorder into sepol policydb. 226 * 227 * @param[in] pdb The policy database to insert the sensitivityorder into. 228 * @param[in] db the cil database that contains the sensitivityorder list. 229 * 230 * @return SEPOL_OK upon success or an error otherwise. 231 */ 232 int cil_sensitivityorder_to_policydb(policydb_t *pdb, const struct cil_db *db); 233 234 /** 235 * Insert cil type rule structure into sepol policydb. This includes 236 * typetransition, typechange, and typemember. 237 * 238 * @param[in] pdb The policy database to insert the type rule into. 239 * @param[in] datum The cil_type_rule datum. 240 * 241 * @return SEPOL_OK upon success or an error otherwise. 242 */ 243 int cil_type_rule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_type_rule *cil_rule); 244 245 /** 246 * Insert cil avrule structure into sepol policydb. 247 * 248 * @param[in] pdb The policy database to insert the avrule into. 249 * @param[in] datum The cil_avrule datum. 250 * 251 * @return SEPOL_OK upon success or an error otherwise. 252 */ 253 int cil_avrule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, struct cil_list *neverallows); 254 255 /** 256 * Insert cil booleanif structure into sepol policydb. This populates the 257 * policydb conditional list. Each conditional node contains an expression 258 * and true/false avtab_ptr lists that point into te_cond_avtab. 259 * 260 * @param[in] pdb The policy database to insert the booleanif into. 261 * @param[in] node The cil_booleanif node. 262 * 263 * @return SEPOL_OK upon success or an error otherwise. 264 */ 265 int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_tree_node *node, struct cil_list *neverallows, hashtab_t filename_trans_table); 266 267 /** 268 * Insert cil role transition structure into sepol policydb. 269 * 270 * @param[in] pdb The policy database to insert the role transition into. 271 * @param[in] datum The cil_role_trans datum. 272 * 273 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 274 */ 275 int cil_roletrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roletransition *roletrans, hashtab_t role_trans_table); 276 277 /** 278 * Insert cil role allow structure into sepol policydb. 279 * 280 * @param[in] pdb The policy database to insert the role allow into. 281 * @param[in] datum The cil_role_allow datum. 282 * 283 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 284 */ 285 int cil_roleallow_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roleallow *roleallow); 286 287 /** 288 * Insert cil file transition structure into sepol policydb. 289 * 290 * @param[in] pdb The policy database to insert the file transition into. 291 * @param[in] datum The cil_nametypetransition datum. 292 * 293 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 294 */ 295 int cil_typetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_nametypetransition *typetrans, hashtab_t filename_trans_table); 296 297 /** 298 * Insert cil constrain/mlsconstrain structure(s) into sepol policydb. 299 * 300 * @param[in] pdb The policy database to insert the (mls)constrain into. 301 * @param[in] datum The cil_(mls)constrain datum. 302 * 303 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 304 */ 305 int cil_constrain_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_constrain *cil_constrain); 306 307 /** 308 * Define sepol level. 309 * Associates the sepol level (sensitivity) with categories. 310 * Looks at the cil_sens structure for a list of cil_cats to 311 * associate the sensitivity with. 312 * Sets the sepol level as defined in the sepol policy database. 313 * 314 * @param[in] pdb The policy database that holds the sepol level. 315 * @param[in] datum The cil_sens datum. 316 * 317 * @return SEPOL_OK upon success or SEPOL_ERR upon error. 318 */ 319 int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens); 320 321 /** 322 * Insert cil rangetransition structure into sepol policydb. 323 * 324 * @param[in] pdb The policy database to insert the rangetransition into. 325 * @param[in] datum The cil_rangetransition datum. 326 * 327 * @return SEPOL_OK upon success or an error otherwise. 328 */ 329 int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans, hashtab_t range_trans_table); 330 331 /** 332 * Insert cil portcon structure into sepol policydb. 333 * The function is given a structure containing the sorted portcons and 334 * loops over this structure inserting them into the policy database. 335 * 336 * @param[in] pdb The policy database to insert the portcon into. 337 * @param[in] node The cil_sort structure that contains the sorted portcons. 338 * 339 * @return SEPOL_OK upon success or an error otherwise. 340 */ 341 int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons); 342 343 /** 344 * Insert cil netifcon structure into sepol policydb. 345 * The function is given a structure containing the sorted netifcons and 346 * loops over this structure inserting them into the policy database. 347 * 348 * @param[in] pdb The policy database to insert the netifcon into. 349 * @param[in] node The cil_sort structure that contains the sorted netifcons. 350 * 351 * @return SEPOL_OK upon success or an error otherwise. 352 */ 353 int cil_netifcon_to_policydb(policydb_t *pdb, struct cil_sort *netifcons); 354 355 /** 356 * Insert cil nodecon structure into sepol policydb. 357 * The function is given a structure containing the sorted nodecons and 358 * loops over this structure inserting them into the policy database. 359 * 360 * @param[in] pdb The policy database to insert the nodecon into. 361 * @param[in] node The cil_sort structure that contains the sorted nodecons. 362 * 363 * @return SEPOL_OK upon success or an error otherwise. 364 */ 365 int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons); 366 367 /** 368 * Insert cil fsuse structure into sepol policydb. 369 * The function is given a structure containing the sorted fsuses and 370 * loops over this structure inserting them into the policy database. 371 * 372 * @param[in] pdb The policy database to insert the fsuse into. 373 * @param[in] node The cil_sort structure that contains the sorted fsuses. 374 * 375 * @return SEPOL_OK upon success or an error otherwise. 376 */ 377 int cil_fsuse_to_policydb(policydb_t *pdb, struct cil_sort *fsuses); 378 379 /** 380 * Insert cil genfscon structure into sepol policydb. 381 * The function is given a structure containing the sorted genfscons and 382 * loops over this structure inserting them into the policy database. 383 * 384 * @param[in] pdb The policy database to insert the genfscon into. 385 * @param[in] node The cil_sort structure that contains the sorted genfscons. 386 * 387 * @return SEPOL_OK upon success or an error otherwise. 388 */ 389 int cil_genfscon_to_policydb(policydb_t *pdb, struct cil_sort *genfscons); 390 391 /** 392 * Insert cil pirqcon structure into sepol policydb. 393 * The function is given a structure containing the sorted pirqcons and 394 * loops over this structure inserting them into the policy database. 395 * 396 * @param[in] pdb The policy database to insert the pirqcon into. 397 * @param[in] node The cil_sort structure that contains the sorted pirqcons. 398 * 399 * @return SEPOL_OK upon success or an error otherwise. 400 */ 401 int cil_pirqcon_to_policydb(policydb_t *pdb, struct cil_sort *pirqcons); 402 403 /** 404 * Insert cil iomemcon structure into sepol policydb. 405 * The function is given a structure containing the sorted iomemcons and 406 * loops over this structure inserting them into the policy database. 407 * 408 * @param[in] pdb The policy database to insert the iomemcon into. 409 * @param[in] node The cil_sort structure that contains the sorted iomemcons. 410 * 411 * @return SEPOL_OK upon success or an error otherwise. 412 */ 413 int cil_iomemcon_to_policydb(policydb_t *pdb, struct cil_sort *iomemcons); 414 415 /** 416 * Insert cil ioportcon structure into sepol policydb. 417 * The function is given a structure containing the sorted ioportcons and 418 * loops over this structure inserting them into the policy database. 419 * 420 * @param[in] pdb The policy database to insert the ioportcon into. 421 * @param[in] node The cil_sort structure that contains the sorted ioportcons. 422 * 423 * @return SEPOL_OK upon success or an error otherwise. 424 */ 425 int cil_ioportcon_to_policydb(policydb_t *pdb, struct cil_sort *ioportcons); 426 427 /** 428 * Insert cil pcidevicecon structure into sepol policydb. 429 * The function is given a structure containing the sorted pcidevicecons and 430 * loops over this structure inserting them into the policy database. 431 * 432 * @param[in] pdb The policy database to insert the pcidevicecon into. 433 * @param[in] node The cil_sort structure that contains the sorted pcidevicecons. 434 * 435 * @return SEPOL_OK upon success or an error otherwise. 436 */ 437 int cil_pcidevicecon_to_policydb(policydb_t *pdb, struct cil_sort *pcidevicecons); 438 439 /** 440 * Create an mls level using a cil level. 441 * The function is given a structure containing the a cil_level and 442 * outputs a created mls_level_t. 443 * 444 * @param[in] pdb The policy database to use to get sepol level from cil_level's sensitivity. 445 * @param[in] cil_level The cil_level that will be used to create an mls_level_t. 446 * @param[out] mls_level The mls_level that is created. 447 * 448 * @return SEPOL_OK upon success or an error otherwise. 449 */ 450 int cil_level_to_mls_level(policydb_t *pdb, struct cil_level *cil_level, mls_level_t *mls_level); 451 452 #endif //_CIL_BINARY_H_ 453