1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "dso.h"
54
55 #ifndef DISABLE_SYMVER
56 asm(".symver cil_build_policydb_pdb, cil_build_policydb@");
57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
58
59 asm(".symver cil_compile_pdb, cil_compile@");
60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1");
61
62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string@");
63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1");
64
65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string@");
66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1");
67
68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string@");
69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1");
70 #endif
71
72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
78 };
79
cil_init_keys(void)80 static void cil_init_keys(void)
81 {
82 /* Initialize CIL Keys into strpool */
83 CIL_KEY_CONS_T1 = cil_strpool_add("t1");
84 CIL_KEY_CONS_T2 = cil_strpool_add("t2");
85 CIL_KEY_CONS_T3 = cil_strpool_add("t3");
86 CIL_KEY_CONS_R1 = cil_strpool_add("r1");
87 CIL_KEY_CONS_R2 = cil_strpool_add("r2");
88 CIL_KEY_CONS_R3 = cil_strpool_add("r3");
89 CIL_KEY_CONS_U1 = cil_strpool_add("u1");
90 CIL_KEY_CONS_U2 = cil_strpool_add("u2");
91 CIL_KEY_CONS_U3 = cil_strpool_add("u3");
92 CIL_KEY_CONS_L1 = cil_strpool_add("l1");
93 CIL_KEY_CONS_L2 = cil_strpool_add("l2");
94 CIL_KEY_CONS_H1 = cil_strpool_add("h1");
95 CIL_KEY_CONS_H2 = cil_strpool_add("h2");
96 CIL_KEY_AND = cil_strpool_add("and");
97 CIL_KEY_OR = cil_strpool_add("or");
98 CIL_KEY_NOT = cil_strpool_add("not");
99 CIL_KEY_EQ = cil_strpool_add("eq");
100 CIL_KEY_NEQ = cil_strpool_add("neq");
101 CIL_KEY_CONS_DOM = cil_strpool_add("dom");
102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
104 CIL_KEY_CONDTRUE = cil_strpool_add("true");
105 CIL_KEY_CONDFALSE = cil_strpool_add("false");
106 CIL_KEY_SELF = cil_strpool_add("self");
107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
108 CIL_KEY_STAR = cil_strpool_add("*");
109 CIL_KEY_UDP = cil_strpool_add("udp");
110 CIL_KEY_TCP = cil_strpool_add("tcp");
111 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
112 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
113 CIL_KEY_ALLOW = cil_strpool_add("allow");
114 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
115 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
116 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
117 CIL_KEY_CALL = cil_strpool_add("call");
118 CIL_KEY_TUNABLE = cil_strpool_add("tunable");
119 CIL_KEY_XOR = cil_strpool_add("xor");
120 CIL_KEY_ALL = cil_strpool_add("all");
121 CIL_KEY_RANGE = cil_strpool_add("range");
122 CIL_KEY_TYPE = cil_strpool_add("type");
123 CIL_KEY_ROLE = cil_strpool_add("role");
124 CIL_KEY_USER = cil_strpool_add("user");
125 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
126 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
127 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
128 CIL_KEY_CATEGORY = cil_strpool_add("category");
129 CIL_KEY_CATSET = cil_strpool_add("categoryset");
130 CIL_KEY_LEVEL = cil_strpool_add("level");
131 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
132 CIL_KEY_CLASS = cil_strpool_add("class");
133 CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
134 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
135 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
136 CIL_KEY_BOOL = cil_strpool_add("boolean");
137 CIL_KEY_STRING = cil_strpool_add("string");
138 CIL_KEY_NAME = cil_strpool_add("name");
139 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
140 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
141 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
142 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
143 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
144 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
145 CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
146 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
147 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
148 CIL_KEY_COMMON = cil_strpool_add("common");
149 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
150 CIL_KEY_SID = cil_strpool_add("sid");
151 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
152 CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
153 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
154 CIL_KEY_USERRANGE = cil_strpool_add("userrange");
155 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
156 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
157 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
158 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
159 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
160 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
161 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
162 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
163 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
164 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
165 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
166 CIL_KEY_USERROLE = cil_strpool_add("userrole");
167 CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
168 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
169 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
170 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
171 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
172 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
173 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
174 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
175 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
176 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
177 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
178 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
179 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
180 CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
181 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
182 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
183 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
184 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
185 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
186 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
187 CIL_KEY_CONTEXT = cil_strpool_add("context");
188 CIL_KEY_FILECON = cil_strpool_add("filecon");
189 CIL_KEY_PORTCON = cil_strpool_add("portcon");
190 CIL_KEY_NODECON = cil_strpool_add("nodecon");
191 CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
192 CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
193 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
194 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
195 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
196 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
197 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
198 CIL_KEY_FSUSE = cil_strpool_add("fsuse");
199 CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
200 CIL_KEY_OPTIONAL = cil_strpool_add("optional");
201 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
202 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
203 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
204 CIL_KEY_MACRO = cil_strpool_add("macro");
205 CIL_KEY_IN = cil_strpool_add("in");
206 CIL_KEY_MLS = cil_strpool_add("mls");
207 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
208 CIL_KEY_GLOB = cil_strpool_add("*");
209 CIL_KEY_FILE = cil_strpool_add("file");
210 CIL_KEY_DIR = cil_strpool_add("dir");
211 CIL_KEY_CHAR = cil_strpool_add("char");
212 CIL_KEY_BLOCK = cil_strpool_add("block");
213 CIL_KEY_SOCKET = cil_strpool_add("socket");
214 CIL_KEY_PIPE = cil_strpool_add("pipe");
215 CIL_KEY_SYMLINK = cil_strpool_add("symlink");
216 CIL_KEY_ANY = cil_strpool_add("any");
217 CIL_KEY_XATTR = cil_strpool_add("xattr");
218 CIL_KEY_TASK = cil_strpool_add("task");
219 CIL_KEY_TRANS = cil_strpool_add("trans");
220 CIL_KEY_SOURCE = cil_strpool_add("source");
221 CIL_KEY_TARGET = cil_strpool_add("target");
222 CIL_KEY_LOW = cil_strpool_add("low");
223 CIL_KEY_HIGH = cil_strpool_add("high");
224 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
225 CIL_KEY_ROOT = cil_strpool_add("<root>");
226 CIL_KEY_NODE = cil_strpool_add("<node>");
227 CIL_KEY_PERM = cil_strpool_add("perm");
228 CIL_KEY_ALLOWX = cil_strpool_add("allowx");
229 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
230 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
231 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
232 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
233 CIL_KEY_IOCTL = cil_strpool_add("ioctl");
234 CIL_KEY_UNORDERED = cil_strpool_add("unordered");
235 }
236
cil_db_init(struct cil_db ** db)237 void cil_db_init(struct cil_db **db)
238 {
239 *db = cil_malloc(sizeof(**db));
240
241 cil_strpool_init();
242 cil_init_keys();
243
244 cil_tree_init(&(*db)->parse);
245 cil_tree_init(&(*db)->ast);
246 cil_root_init((struct cil_root **)&(*db)->ast->root->data);
247 (*db)->sidorder = NULL;
248 (*db)->classorder = NULL;
249 (*db)->catorder = NULL;
250 (*db)->sensitivityorder = NULL;
251 cil_sort_init(&(*db)->netifcon);
252 cil_sort_init(&(*db)->genfscon);
253 cil_sort_init(&(*db)->filecon);
254 cil_sort_init(&(*db)->nodecon);
255 cil_sort_init(&(*db)->portcon);
256 cil_sort_init(&(*db)->pirqcon);
257 cil_sort_init(&(*db)->iomemcon);
258 cil_sort_init(&(*db)->ioportcon);
259 cil_sort_init(&(*db)->pcidevicecon);
260 cil_sort_init(&(*db)->devicetreecon);
261 cil_sort_init(&(*db)->fsuse);
262 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
263 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
264 cil_list_init(&(*db)->names, CIL_LIST_ITEM);
265
266 cil_type_init(&(*db)->selftype);
267 (*db)->selftype->datum.name = CIL_KEY_SELF;
268 (*db)->selftype->datum.fqn = CIL_KEY_SELF;
269 (*db)->num_types_and_attrs = 0;
270 (*db)->num_classes = 0;
271 (*db)->num_types = 0;
272 (*db)->num_roles = 0;
273 (*db)->num_users = 0;
274 (*db)->num_cats = 0;
275 (*db)->val_to_type = NULL;
276 (*db)->val_to_role = NULL;
277 (*db)->val_to_user = NULL;
278
279 (*db)->disable_dontaudit = CIL_FALSE;
280 (*db)->disable_neverallow = CIL_FALSE;
281 (*db)->preserve_tunables = CIL_FALSE;
282 (*db)->handle_unknown = -1;
283 (*db)->mls = -1;
284 (*db)->target_platform = SEPOL_TARGET_SELINUX;
285 (*db)->policy_version = POLICYDB_VERSION_MAX;
286 }
287
cil_db_destroy(struct cil_db ** db)288 void cil_db_destroy(struct cil_db **db)
289 {
290 if (db == NULL || *db == NULL) {
291 return;
292 }
293
294 cil_tree_destroy(&(*db)->parse);
295 cil_tree_destroy(&(*db)->ast);
296 cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
297 cil_list_destroy(&(*db)->classorder, CIL_FALSE);
298 cil_list_destroy(&(*db)->catorder, CIL_FALSE);
299 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
300 cil_sort_destroy(&(*db)->netifcon);
301 cil_sort_destroy(&(*db)->genfscon);
302 cil_sort_destroy(&(*db)->filecon);
303 cil_sort_destroy(&(*db)->nodecon);
304 cil_sort_destroy(&(*db)->portcon);
305 cil_sort_destroy(&(*db)->pirqcon);
306 cil_sort_destroy(&(*db)->iomemcon);
307 cil_sort_destroy(&(*db)->ioportcon);
308 cil_sort_destroy(&(*db)->pcidevicecon);
309 cil_sort_destroy(&(*db)->devicetreecon);
310 cil_sort_destroy(&(*db)->fsuse);
311 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
312 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
313 cil_list_destroy(&(*db)->names, CIL_TRUE);
314
315 cil_destroy_type((*db)->selftype);
316
317 cil_strpool_destroy();
318 free((*db)->val_to_type);
319 free((*db)->val_to_role);
320 free((*db)->val_to_user);
321
322 free(*db);
323 *db = NULL;
324 }
325
cil_root_init(struct cil_root ** root)326 void cil_root_init(struct cil_root **root)
327 {
328 struct cil_root *r = cil_malloc(sizeof(*r));
329 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
330
331 *root = r;
332 }
333
cil_root_destroy(struct cil_root * root)334 void cil_root_destroy(struct cil_root *root)
335 {
336 if (root == NULL) {
337 return;
338 }
339 cil_symtab_array_destroy(root->symtab);
340 free(root);
341 }
342
cil_add_file(cil_db_t * db,char * name,char * data,size_t size)343 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
344 {
345 char *buffer = NULL;
346 int rc;
347
348 cil_log(CIL_INFO, "Parsing %s\n", name);
349
350 buffer = cil_malloc(size + 2);
351 memcpy(buffer, data, size);
352 memset(buffer + size, 0, 2);
353
354 rc = cil_parser(name, buffer, size + 2, &db->parse);
355 if (rc != SEPOL_OK) {
356 cil_log(CIL_INFO, "Failed to parse %s\n", name);
357 goto exit;
358 }
359
360 free(buffer);
361 buffer = NULL;
362
363 rc = SEPOL_OK;
364
365 exit:
366 free(buffer);
367
368 return rc;
369 }
370
371 #ifdef DISABLE_SYMVER
cil_compile(struct cil_db * db)372 int cil_compile(struct cil_db *db)
373 #else
374 int cil_compile_nopdb(struct cil_db *db)
375 #endif
376 {
377 int rc = SEPOL_ERR;
378
379 if (db == NULL) {
380 goto exit;
381 }
382
383 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
384 rc = cil_build_ast(db, db->parse->root, db->ast->root);
385 if (rc != SEPOL_OK) {
386 cil_log(CIL_INFO, "Failed to build ast\n");
387 goto exit;
388 }
389
390 cil_log(CIL_INFO, "Destroying Parse Tree\n");
391 cil_tree_destroy(&db->parse);
392
393 cil_log(CIL_INFO, "Resolving AST\n");
394 rc = cil_resolve_ast(db, db->ast->root);
395 if (rc != SEPOL_OK) {
396 cil_log(CIL_INFO, "Failed to resolve ast\n");
397 goto exit;
398 }
399
400 cil_log(CIL_INFO, "Qualifying Names\n");
401 rc = cil_fqn_qualify(db->ast->root);
402 if (rc != SEPOL_OK) {
403 cil_log(CIL_INFO, "Failed to qualify names\n");
404 goto exit;
405 }
406
407 cil_log(CIL_INFO, "Compile post process\n");
408 rc = cil_post_process(db);
409 if (rc != SEPOL_OK ) {
410 cil_log(CIL_INFO, "Post process failed\n");
411 goto exit;
412 }
413
414 exit:
415
416 return rc;
417 }
418
419 #ifndef DISABLE_SYMVER
cil_compile_pdb(struct cil_db * db,sepol_policydb_t * sepol_db)420 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
421 {
422 return cil_compile_nopdb(db);
423 }
424
cil_build_policydb_pdb(cil_db_t * db,sepol_policydb_t * sepol_db)425 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db)
426 {
427 int rc;
428
429 cil_log(CIL_INFO, "Building policy binary\n");
430 rc = cil_binary_create_allocated_pdb(db, sepol_db);
431 if (rc != SEPOL_OK) {
432 cil_log(CIL_ERR, "Failed to generate binary\n");
433 goto exit;
434 }
435
436 exit:
437 return rc;
438 }
439 #endif
440
441 #ifdef DISABLE_SYMVER
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)442 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
443 #else
444 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
445 #endif
446 {
447 int rc;
448
449 cil_log(CIL_INFO, "Building policy binary\n");
450 rc = cil_binary_create(db, sepol_db);
451 if (rc != SEPOL_OK) {
452 cil_log(CIL_ERR, "Failed to generate binary\n");
453 goto exit;
454 }
455
456 exit:
457 return rc;
458 }
459
cil_destroy_data(void ** data,enum cil_flavor flavor)460 void cil_destroy_data(void **data, enum cil_flavor flavor)
461 {
462 if (*data == NULL) {
463 return;
464 }
465
466 switch(flavor) {
467 case CIL_NONE:
468 break;
469 case CIL_ROOT:
470 cil_root_destroy(*data);
471 break;
472 case CIL_NODE:
473 break;
474 case CIL_STRING:
475 break;
476 case CIL_DATUM:
477 break;
478 case CIL_LIST:
479 cil_list_destroy(*data, CIL_FALSE);
480 break;
481 case CIL_LIST_ITEM:
482 break;
483 case CIL_PARAM:
484 cil_destroy_param(*data);
485 break;
486 case CIL_ARGS:
487 cil_destroy_args(*data);
488 break;
489 case CIL_BLOCK:
490 cil_destroy_block(*data);
491 break;
492 case CIL_BLOCKINHERIT:
493 cil_destroy_blockinherit(*data);
494 break;
495 case CIL_BLOCKABSTRACT:
496 cil_destroy_blockabstract(*data);
497 break;
498 case CIL_IN:
499 cil_destroy_in(*data);
500 break;
501 case CIL_MACRO:
502 cil_destroy_macro(*data);
503 break;
504 case CIL_CALL:
505 cil_destroy_call(*data);
506 break;
507 case CIL_OPTIONAL:
508 cil_destroy_optional(*data);
509 break;
510 case CIL_BOOL:
511 cil_destroy_bool(*data);
512 break;
513 case CIL_BOOLEANIF:
514 cil_destroy_boolif(*data);
515 break;
516 case CIL_TUNABLE:
517 cil_destroy_tunable(*data);
518 break;
519 case CIL_TUNABLEIF:
520 cil_destroy_tunif(*data);
521 break;
522 case CIL_CONDBLOCK:
523 cil_destroy_condblock(*data);
524 break;
525 case CIL_CONDTRUE:
526 break;
527 case CIL_CONDFALSE:
528 break;
529 case CIL_PERM:
530 case CIL_MAP_PERM:
531 cil_destroy_perm(*data);
532 break;
533 case CIL_COMMON:
534 case CIL_CLASS:
535 case CIL_MAP_CLASS:
536 cil_destroy_class(*data);
537 break;
538 case CIL_CLASSORDER:
539 cil_destroy_classorder(*data);
540 break;
541 case CIL_CLASSPERMISSION:
542 cil_destroy_classpermission(*data);
543 break;
544 case CIL_CLASSCOMMON:
545 cil_destroy_classcommon(*data);
546 break;
547 case CIL_CLASSMAPPING:
548 cil_destroy_classmapping(*data);
549 break;
550 case CIL_CLASSPERMS:
551 cil_destroy_classperms(*data);
552 break;
553 case CIL_CLASSPERMS_SET:
554 cil_destroy_classperms_set(*data);
555 break;
556 case CIL_CLASSPERMISSIONSET:
557 cil_destroy_classpermissionset(*data);
558 break;
559 case CIL_USER:
560 cil_destroy_user(*data);
561 break;
562 case CIL_USERATTRIBUTE:
563 cil_destroy_userattribute(*data);
564 break;
565 case CIL_USERATTRIBUTESET:
566 cil_destroy_userattributeset(*data);
567 break;
568 case CIL_USERPREFIX:
569 cil_destroy_userprefix(*data);
570 break;
571 case CIL_USERROLE:
572 cil_destroy_userrole(*data);
573 break;
574 case CIL_USERLEVEL:
575 cil_destroy_userlevel(*data);
576 break;
577 case CIL_USERRANGE:
578 cil_destroy_userrange(*data);
579 break;
580 case CIL_USERBOUNDS:
581 cil_destroy_bounds(*data);
582 break;
583 case CIL_SELINUXUSER:
584 case CIL_SELINUXUSERDEFAULT:
585 cil_destroy_selinuxuser(*data);
586 break;
587 case CIL_ROLE:
588 cil_destroy_role(*data);
589 break;
590 case CIL_ROLEATTRIBUTE:
591 cil_destroy_roleattribute(*data);
592 break;
593 case CIL_ROLEATTRIBUTESET:
594 cil_destroy_roleattributeset(*data);
595 break;
596 case CIL_ROLETYPE:
597 cil_destroy_roletype(*data);
598 break;
599 case CIL_ROLEBOUNDS:
600 cil_destroy_bounds(*data);
601 break;
602 case CIL_TYPE:
603 cil_destroy_type(*data);
604 break;
605 case CIL_TYPEATTRIBUTE:
606 cil_destroy_typeattribute(*data);
607 break;
608 case CIL_TYPEALIAS:
609 cil_destroy_alias(*data);
610 break;
611 case CIL_TYPEATTRIBUTESET:
612 cil_destroy_typeattributeset(*data);
613 break;
614 case CIL_TYPEALIASACTUAL:
615 cil_destroy_aliasactual(*data);
616 break;
617 case CIL_TYPEBOUNDS:
618 cil_destroy_bounds(*data);
619 break;
620 case CIL_TYPEPERMISSIVE:
621 cil_destroy_typepermissive(*data);
622 break;
623 case CIL_SENS:
624 cil_destroy_sensitivity(*data);
625 break;
626 case CIL_SENSALIAS:
627 cil_destroy_alias(*data);
628 break;
629 case CIL_SENSALIASACTUAL:
630 cil_destroy_aliasactual(*data);
631 break;
632 case CIL_SENSITIVITYORDER:
633 cil_destroy_sensitivityorder(*data);
634 break;
635 case CIL_SENSCAT:
636 cil_destroy_senscat(*data);
637 break;
638 case CIL_CAT:
639 cil_destroy_category(*data);
640 break;
641 case CIL_CATSET:
642 cil_destroy_catset(*data);
643 break;
644 case CIL_CATALIAS:
645 cil_destroy_alias(*data);
646 break;
647 case CIL_CATALIASACTUAL:
648 cil_destroy_aliasactual(*data);
649 break;
650 case CIL_CATORDER:
651 cil_destroy_catorder(*data);
652 break;
653 case CIL_LEVEL:
654 cil_destroy_level(*data);
655 break;
656 case CIL_LEVELRANGE:
657 cil_destroy_levelrange(*data);
658 break;
659 case CIL_SID:
660 cil_destroy_sid(*data);
661 break;
662 case CIL_SIDORDER:
663 cil_destroy_sidorder(*data);
664 break;
665 case CIL_NAME:
666 cil_destroy_name(*data);
667 break;
668 case CIL_ROLEALLOW:
669 cil_destroy_roleallow(*data);
670 break;
671 case CIL_AVRULE:
672 case CIL_AVRULEX:
673 cil_destroy_avrule(*data);
674 break;
675 case CIL_PERMISSIONX:
676 cil_destroy_permissionx(*data);
677 break;
678 case CIL_ROLETRANSITION:
679 cil_destroy_roletransition(*data);
680 break;
681 case CIL_TYPE_RULE:
682 cil_destroy_type_rule(*data);
683 break;
684 case CIL_NAMETYPETRANSITION:
685 cil_destroy_typetransition(*data);
686 break;
687 case CIL_RANGETRANSITION:
688 cil_destroy_rangetransition(*data);
689 break;
690 case CIL_CONSTRAIN:
691 cil_destroy_constrain(*data);
692 break;
693 case CIL_MLSCONSTRAIN:
694 cil_destroy_constrain(*data);
695 break;
696 case CIL_VALIDATETRANS:
697 case CIL_MLSVALIDATETRANS:
698 cil_destroy_validatetrans(*data);
699 break;
700 case CIL_CONTEXT:
701 cil_destroy_context(*data);
702 break;
703 case CIL_IPADDR:
704 cil_destroy_ipaddr(*data);
705 break;
706 case CIL_SIDCONTEXT:
707 cil_destroy_sidcontext(*data);
708 break;
709 case CIL_FSUSE:
710 cil_destroy_fsuse(*data);
711 break;
712 case CIL_FILECON:
713 cil_destroy_filecon(*data);
714 break;
715 case CIL_PORTCON:
716 cil_destroy_portcon(*data);
717 break;
718 case CIL_NODECON:
719 cil_destroy_nodecon(*data);
720 break;
721 case CIL_GENFSCON:
722 cil_destroy_genfscon(*data);
723 break;
724 case CIL_NETIFCON:
725 cil_destroy_netifcon(*data);
726 break;
727 case CIL_PIRQCON:
728 cil_destroy_pirqcon(*data);
729 break;
730 case CIL_IOMEMCON:
731 cil_destroy_iomemcon(*data);
732 break;
733 case CIL_IOPORTCON:
734 cil_destroy_ioportcon(*data);
735 break;
736 case CIL_PCIDEVICECON:
737 cil_destroy_pcidevicecon(*data);
738 break;
739 case CIL_DEVICETREECON:
740 cil_destroy_devicetreecon(*data);
741 break;
742 case CIL_POLICYCAP:
743 cil_destroy_policycap(*data);
744 break;
745 case CIL_DEFAULTUSER:
746 case CIL_DEFAULTROLE:
747 case CIL_DEFAULTTYPE:
748 cil_destroy_default(*data);
749 break;
750 case CIL_DEFAULTRANGE:
751 cil_destroy_defaultrange(*data);
752 break;
753 case CIL_HANDLEUNKNOWN:
754 cil_destroy_handleunknown(*data);
755 break;
756 case CIL_MLS:
757 cil_destroy_mls(*data);
758 break;
759 case CIL_OP:
760 case CIL_CONS_OPERAND:
761 break;
762 default:
763 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
764 break;
765 }
766
767 *data = NULL;
768 }
769
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)770 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
771 {
772 if (flavor < CIL_MIN_DECLARATIVE) {
773 return SEPOL_ERR;
774 }
775
776 switch(flavor) {
777 case CIL_BLOCK:
778 *sym_index = CIL_SYM_BLOCKS;
779 break;
780 case CIL_MACRO:
781 *sym_index = CIL_SYM_BLOCKS;
782 break;
783 case CIL_OPTIONAL:
784 *sym_index = CIL_SYM_BLOCKS;
785 break;
786 case CIL_BOOL:
787 *sym_index = CIL_SYM_BOOLS;
788 break;
789 case CIL_TUNABLE:
790 *sym_index = CIL_SYM_TUNABLES;
791 break;
792 case CIL_PERM:
793 case CIL_MAP_PERM:
794 *sym_index = CIL_SYM_PERMS;
795 break;
796 case CIL_COMMON:
797 *sym_index = CIL_SYM_COMMONS;
798 break;
799 case CIL_CLASS:
800 case CIL_MAP_CLASS:
801 *sym_index = CIL_SYM_CLASSES;
802 break;
803 case CIL_CLASSPERMISSION:
804 case CIL_CLASSPERMISSIONSET:
805 *sym_index = CIL_SYM_CLASSPERMSETS;
806 break;
807 case CIL_USER:
808 case CIL_USERATTRIBUTE:
809 *sym_index = CIL_SYM_USERS;
810 break;
811 case CIL_ROLE:
812 case CIL_ROLEATTRIBUTE:
813 *sym_index = CIL_SYM_ROLES;
814 break;
815 case CIL_TYPE:
816 case CIL_TYPEALIAS:
817 case CIL_TYPEATTRIBUTE:
818 *sym_index = CIL_SYM_TYPES;
819 break;
820 case CIL_SENS:
821 case CIL_SENSALIAS:
822 *sym_index = CIL_SYM_SENS;
823 break;
824 case CIL_CAT:
825 case CIL_CATSET:
826 case CIL_CATALIAS:
827 *sym_index = CIL_SYM_CATS;
828 break;
829 case CIL_LEVEL:
830 *sym_index = CIL_SYM_LEVELS;
831 break;
832 case CIL_LEVELRANGE:
833 *sym_index = CIL_SYM_LEVELRANGES;
834 break;
835 case CIL_SID:
836 *sym_index = CIL_SYM_SIDS;
837 break;
838 case CIL_NAME:
839 *sym_index = CIL_SYM_NAMES;
840 break;
841 case CIL_CONTEXT:
842 *sym_index = CIL_SYM_CONTEXTS;
843 break;
844 case CIL_IPADDR:
845 *sym_index = CIL_SYM_IPADDRS;
846 break;
847 case CIL_POLICYCAP:
848 *sym_index = CIL_SYM_POLICYCAPS;
849 break;
850 case CIL_PERMISSIONX:
851 *sym_index = CIL_SYM_PERMX;
852 break;
853 default:
854 *sym_index = CIL_SYM_UNKNOWN;
855 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
856 return SEPOL_ERR;
857 }
858
859 return SEPOL_OK;
860 }
861
cil_node_to_string(struct cil_tree_node * node)862 const char * cil_node_to_string(struct cil_tree_node *node)
863 {
864 switch (node->flavor) {
865 case CIL_NONE:
866 return "<none>";
867 case CIL_ROOT:
868 return CIL_KEY_ROOT;
869 case CIL_NODE:
870 return CIL_KEY_NODE;
871 case CIL_STRING:
872 return "string";
873 case CIL_DATUM:
874 return "<datum>";
875 case CIL_LIST:
876 return "<list>";
877 case CIL_LIST_ITEM:
878 return "<list_item>";
879 case CIL_PARAM:
880 return "<param>";
881 case CIL_ARGS:
882 return "<args>";
883 case CIL_BLOCK:
884 return CIL_KEY_BLOCK;
885 case CIL_BLOCKINHERIT:
886 return CIL_KEY_BLOCKINHERIT;
887 case CIL_BLOCKABSTRACT:
888 return CIL_KEY_BLOCKABSTRACT;
889 case CIL_IN:
890 return CIL_KEY_IN;
891 case CIL_MACRO:
892 return CIL_KEY_MACRO;
893 case CIL_CALL:
894 return CIL_KEY_CALL;
895 case CIL_OPTIONAL:
896 return CIL_KEY_OPTIONAL;
897 case CIL_BOOL:
898 return CIL_KEY_BOOL;
899 case CIL_BOOLEANIF:
900 return CIL_KEY_BOOLEANIF;
901 case CIL_TUNABLE:
902 return CIL_KEY_TUNABLE;
903 case CIL_TUNABLEIF:
904 return CIL_KEY_TUNABLEIF;
905 case CIL_CONDBLOCK:
906 switch (((struct cil_condblock*)node->data)->flavor) {
907 case CIL_CONDTRUE:
908 return CIL_KEY_CONDTRUE;
909 case CIL_CONDFALSE:
910 return CIL_KEY_CONDFALSE;
911 default:
912 break;
913 }
914 break;
915 case CIL_CONDTRUE:
916 return CIL_KEY_CONDTRUE;
917 case CIL_CONDFALSE:
918 return CIL_KEY_CONDFALSE;
919 case CIL_PERM:
920 return CIL_KEY_PERM;
921 case CIL_COMMON:
922 return CIL_KEY_COMMON;
923 case CIL_CLASS:
924 return CIL_KEY_CLASS;
925 case CIL_CLASSORDER:
926 return CIL_KEY_CLASSORDER;
927 case CIL_MAP_CLASS:
928 return CIL_KEY_MAP_CLASS;
929 case CIL_CLASSPERMISSION:
930 return CIL_KEY_CLASSPERMISSION;
931 case CIL_CLASSCOMMON:
932 return CIL_KEY_CLASSCOMMON;
933 case CIL_CLASSMAPPING:
934 return CIL_KEY_CLASSMAPPING;
935 case CIL_CLASSPERMISSIONSET:
936 return CIL_KEY_CLASSPERMISSIONSET;
937 case CIL_USER:
938 return CIL_KEY_USER;
939 case CIL_USERATTRIBUTE:
940 return CIL_KEY_USERATTRIBUTE;
941 case CIL_USERATTRIBUTESET:
942 return CIL_KEY_USERATTRIBUTESET;
943 case CIL_USERPREFIX:
944 return CIL_KEY_USERPREFIX;
945 case CIL_USERROLE:
946 return CIL_KEY_USERROLE;
947 case CIL_USERLEVEL:
948 return CIL_KEY_USERLEVEL;
949 case CIL_USERRANGE:
950 return CIL_KEY_USERRANGE;
951 case CIL_USERBOUNDS:
952 return CIL_KEY_USERBOUNDS;
953 case CIL_SELINUXUSER:
954 return CIL_KEY_SELINUXUSER;
955 case CIL_SELINUXUSERDEFAULT:
956 return CIL_KEY_SELINUXUSERDEFAULT;
957 case CIL_ROLE:
958 return CIL_KEY_ROLE;
959 case CIL_ROLEATTRIBUTE:
960 return CIL_KEY_ROLEATTRIBUTE;
961 case CIL_ROLEATTRIBUTESET:
962 return CIL_KEY_ROLEATTRIBUTESET;
963 case CIL_ROLETYPE:
964 return CIL_KEY_ROLETYPE;
965 case CIL_ROLEBOUNDS:
966 return CIL_KEY_ROLEBOUNDS;
967 case CIL_TYPE:
968 return CIL_KEY_TYPE;
969 case CIL_TYPEATTRIBUTE:
970 return CIL_KEY_TYPEATTRIBUTE;
971 case CIL_TYPEALIAS:
972 return CIL_KEY_TYPEALIAS;
973 case CIL_TYPEATTRIBUTESET:
974 return CIL_KEY_TYPEATTRIBUTESET;
975 case CIL_TYPEALIASACTUAL:
976 return CIL_KEY_TYPEALIASACTUAL;
977 case CIL_TYPEBOUNDS:
978 return CIL_KEY_TYPEBOUNDS;
979 case CIL_TYPEPERMISSIVE:
980 return CIL_KEY_TYPEPERMISSIVE;
981 case CIL_SENS:
982 return CIL_KEY_SENSITIVITY;
983 case CIL_SENSALIAS:
984 return CIL_KEY_SENSALIAS;
985 case CIL_SENSALIASACTUAL:
986 return CIL_KEY_SENSALIASACTUAL;
987 case CIL_SENSITIVITYORDER:
988 return CIL_KEY_SENSITIVITYORDER;
989 case CIL_SENSCAT:
990 return CIL_KEY_SENSCAT;
991 case CIL_CAT:
992 return CIL_KEY_CATEGORY;
993 case CIL_CATSET:
994 return CIL_KEY_CATSET;
995 case CIL_CATALIAS:
996 return CIL_KEY_CATALIAS;
997 case CIL_CATALIASACTUAL:
998 return CIL_KEY_CATALIASACTUAL;
999 case CIL_CATORDER:
1000 return CIL_KEY_CATORDER;
1001 case CIL_LEVEL:
1002 return CIL_KEY_LEVEL;
1003 case CIL_LEVELRANGE:
1004 return CIL_KEY_LEVELRANGE;
1005 case CIL_SID:
1006 return CIL_KEY_SID;
1007 case CIL_SIDORDER:
1008 return CIL_KEY_SIDORDER;
1009 case CIL_NAME:
1010 return CIL_KEY_NAME;
1011 case CIL_ROLEALLOW:
1012 return CIL_KEY_ROLEALLOW;
1013 case CIL_AVRULE:
1014 switch (((struct cil_avrule *)node->data)->rule_kind) {
1015 case CIL_AVRULE_ALLOWED:
1016 return CIL_KEY_ALLOW;
1017 case CIL_AVRULE_AUDITALLOW:
1018 return CIL_KEY_AUDITALLOW;
1019 case CIL_AVRULE_DONTAUDIT:
1020 return CIL_KEY_DONTAUDIT;
1021 case CIL_AVRULE_NEVERALLOW:
1022 return CIL_KEY_NEVERALLOW;
1023 default:
1024 break;
1025 }
1026 break;
1027 case CIL_AVRULEX:
1028 switch (((struct cil_avrule *)node->data)->rule_kind) {
1029 case CIL_AVRULE_ALLOWED:
1030 return CIL_KEY_ALLOWX;
1031 case CIL_AVRULE_AUDITALLOW:
1032 return CIL_KEY_AUDITALLOWX;
1033 case CIL_AVRULE_DONTAUDIT:
1034 return CIL_KEY_DONTAUDITX;
1035 case CIL_AVRULE_NEVERALLOW:
1036 return CIL_KEY_NEVERALLOWX;
1037 default:
1038 break;
1039 }
1040 break;
1041 case CIL_PERMISSIONX:
1042 return CIL_KEY_PERMISSIONX;
1043 case CIL_ROLETRANSITION:
1044 return CIL_KEY_ROLETRANSITION;
1045 case CIL_TYPE_RULE:
1046 switch (((struct cil_type_rule *)node->data)->rule_kind) {
1047 case CIL_TYPE_TRANSITION:
1048 return CIL_KEY_TYPETRANSITION;
1049 case CIL_TYPE_MEMBER:
1050 return CIL_KEY_TYPEMEMBER;
1051 case CIL_TYPE_CHANGE:
1052 return CIL_KEY_TYPECHANGE;
1053 default:
1054 break;
1055 }
1056 break;
1057 case CIL_NAMETYPETRANSITION:
1058 return CIL_KEY_TYPETRANSITION;
1059 case CIL_RANGETRANSITION:
1060 return CIL_KEY_RANGETRANSITION;
1061 case CIL_CONSTRAIN:
1062 return CIL_KEY_CONSTRAIN;
1063 case CIL_MLSCONSTRAIN:
1064 return CIL_KEY_MLSCONSTRAIN;
1065 case CIL_VALIDATETRANS:
1066 return CIL_KEY_VALIDATETRANS;
1067 case CIL_MLSVALIDATETRANS:
1068 return CIL_KEY_MLSVALIDATETRANS;
1069 case CIL_CONTEXT:
1070 return CIL_KEY_CONTEXT;
1071 case CIL_IPADDR:
1072 return CIL_KEY_IPADDR;
1073 case CIL_SIDCONTEXT:
1074 return CIL_KEY_SIDCONTEXT;
1075 case CIL_FSUSE:
1076 return CIL_KEY_FSUSE;
1077 case CIL_FILECON:
1078 return CIL_KEY_FILECON;
1079 case CIL_PORTCON:
1080 return CIL_KEY_PORTCON;
1081 case CIL_NODECON:
1082 return CIL_KEY_NODECON;
1083 case CIL_GENFSCON:
1084 return CIL_KEY_GENFSCON;
1085 case CIL_NETIFCON:
1086 return CIL_KEY_NETIFCON;
1087 case CIL_PIRQCON:
1088 return CIL_KEY_PIRQCON;
1089 case CIL_IOMEMCON:
1090 return CIL_KEY_IOMEMCON;
1091 case CIL_IOPORTCON:
1092 return CIL_KEY_IOPORTCON;
1093 case CIL_PCIDEVICECON:
1094 return CIL_KEY_PCIDEVICECON;
1095 case CIL_DEVICETREECON:
1096 return CIL_KEY_DEVICETREECON;
1097 case CIL_POLICYCAP:
1098 return CIL_KEY_POLICYCAP;
1099 case CIL_DEFAULTUSER:
1100 return CIL_KEY_DEFAULTUSER;
1101 case CIL_DEFAULTROLE:
1102 return CIL_KEY_DEFAULTROLE;
1103 case CIL_DEFAULTTYPE:
1104 return CIL_KEY_DEFAULTTYPE;
1105 case CIL_DEFAULTRANGE:
1106 return CIL_KEY_DEFAULTRANGE;
1107 case CIL_HANDLEUNKNOWN:
1108 return CIL_KEY_HANDLEUNKNOWN;
1109 case CIL_MLS:
1110 return CIL_KEY_MLS;
1111 case CIL_ALL:
1112 return CIL_KEY_ALL;
1113 case CIL_RANGE:
1114 return CIL_KEY_RANGE;
1115 case CIL_AND:
1116 return CIL_KEY_AND;
1117 case CIL_OR:
1118 return CIL_KEY_OR;
1119 case CIL_XOR:
1120 return CIL_KEY_XOR;
1121 case CIL_NOT:
1122 return CIL_KEY_NOT;
1123 case CIL_EQ:
1124 return CIL_KEY_EQ;
1125 case CIL_NEQ:
1126 return CIL_KEY_NEQ;
1127 case CIL_CONS_DOM:
1128 return CIL_KEY_CONS_DOM;
1129 case CIL_CONS_DOMBY:
1130 return CIL_KEY_CONS_DOMBY;
1131 case CIL_CONS_INCOMP:
1132 return CIL_KEY_CONS_INCOMP;
1133 case CIL_CONS_U1:
1134 return CIL_KEY_CONS_U1;
1135 case CIL_CONS_U2:
1136 return CIL_KEY_CONS_U2;
1137 case CIL_CONS_U3:
1138 return CIL_KEY_CONS_U3;
1139 case CIL_CONS_T1:
1140 return CIL_KEY_CONS_T1;
1141 case CIL_CONS_T2:
1142 return CIL_KEY_CONS_T2;
1143 case CIL_CONS_T3:
1144 return CIL_KEY_CONS_T3;
1145 case CIL_CONS_R1:
1146 return CIL_KEY_CONS_R1;
1147 case CIL_CONS_R2:
1148 return CIL_KEY_CONS_R2;
1149 case CIL_CONS_R3:
1150 return CIL_KEY_CONS_R3;
1151 case CIL_CONS_L1:
1152 return CIL_KEY_CONS_L1;
1153 case CIL_CONS_L2:
1154 return CIL_KEY_CONS_L2;
1155 case CIL_CONS_H1:
1156 return CIL_KEY_CONS_H1;
1157 case CIL_CONS_H2:
1158 return CIL_KEY_CONS_H2;
1159
1160 default:
1161 break;
1162 }
1163
1164 return "<unknown>";
1165 }
1166
1167 #ifdef DISABLE_SYMVER
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1168 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1169 #else
1170 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1171 #endif
1172 {
1173 int rc = SEPOL_ERR;
1174 size_t str_len = 0;
1175 int buf_pos = 0;
1176 char *str_tmp = NULL;
1177 struct cil_list_item *curr;
1178 struct cil_userprefix *userprefix = NULL;
1179 struct cil_user *user = NULL;
1180
1181 *out = NULL;
1182
1183 if (db->userprefixes->head == NULL) {
1184 rc = SEPOL_OK;
1185 *size = 0;
1186 goto exit;
1187 }
1188
1189 cil_list_for_each(curr, db->userprefixes) {
1190 userprefix = curr->data;
1191 user = userprefix->user;
1192 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1193 }
1194
1195 *size = str_len * sizeof(char);
1196 str_len++;
1197 str_tmp = cil_malloc(str_len * sizeof(char));
1198 *out = str_tmp;
1199
1200 cil_list_for_each(curr, db->userprefixes) {
1201 userprefix = curr->data;
1202 user = userprefix->user;
1203
1204 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1205 userprefix->prefix_str);
1206 str_len -= buf_pos;
1207 str_tmp += buf_pos;
1208 }
1209
1210 rc = SEPOL_OK;
1211 exit:
1212 return rc;
1213
1214 }
1215
1216 #ifndef DISABLE_SYMVER
cil_userprefixes_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1217 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1218 {
1219 return cil_userprefixes_to_string_nopdb(db, out, size);
1220 }
1221 #endif
1222
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1223 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1224 {
1225 int rc = SEPOL_ERR;
1226 struct cil_list_item *i;
1227 struct cil_list_item *j;
1228 struct cil_cat* cat;
1229 struct cil_catset *cs;
1230 struct cil_tree_node *node;
1231
1232 if (cats == NULL) {
1233 rc = SEPOL_OK;
1234 goto exit;
1235 }
1236
1237 cil_list_for_each(i, cats->datum_expr) {
1238 node = DATUM(i->data)->nodes->head->data;
1239 if (node->flavor == CIL_CATSET) {
1240 cs = (struct cil_catset*)i->data;
1241 cil_list_for_each(j, cs->cats->datum_expr) {
1242 cat = (struct cil_cat*)j->data;
1243 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1244 if (rc != SEPOL_OK) {
1245 goto exit;
1246 }
1247 }
1248 } else {
1249 cat = (struct cil_cat*)i->data;
1250 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1251 if (rc != SEPOL_OK) {
1252 goto exit;
1253 }
1254 }
1255 }
1256
1257 return SEPOL_OK;
1258
1259 exit:
1260 return rc;
1261 }
1262
cil_level_equals(struct cil_level * low,struct cil_level * high)1263 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1264 {
1265 int rc;
1266 struct ebitmap elow;
1267 struct ebitmap ehigh;
1268
1269 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1270 rc = 0;
1271 goto exit;
1272 }
1273
1274 ebitmap_init(&elow);
1275 ebitmap_init(&ehigh);
1276
1277 rc = cil_cats_to_ebitmap(low->cats, &elow);
1278 if (rc != SEPOL_OK) {
1279 goto exit;
1280 }
1281
1282 rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1283 if (rc != SEPOL_OK) {
1284 goto exit;
1285 }
1286
1287 return ebitmap_cmp(&elow, &ehigh);
1288
1289 exit:
1290 return rc;
1291 }
1292
__cil_level_strlen(struct cil_level * lvl)1293 static int __cil_level_strlen(struct cil_level *lvl)
1294 {
1295 struct cil_list_item *item;
1296 struct cil_cats *cats = lvl->cats;
1297 int str_len = 0;
1298 char *str1 = NULL;
1299 char *str2 = NULL;
1300 int first = -1;
1301 int last = -1;
1302
1303 str_len += strlen(lvl->sens->datum.fqn);
1304
1305 if (cats && cats->datum_expr != NULL) {
1306 str_len++; /* initial ":" */
1307 cil_list_for_each(item, cats->datum_expr) {
1308 struct cil_cat *cat = item->data;
1309 if (first == -1) {
1310 str1 = cat->datum.fqn;
1311 first = cat->value;
1312 last = first;
1313 } else if (cat->value == last + 1) {
1314 last++;
1315 str2 = cat->datum.fqn;
1316 } else {
1317 if (first == last) {
1318 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1319 } else if (last == first + 1) {
1320 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1321 } else {
1322 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1323 }
1324 first = -1;
1325 last = -1;
1326 if (item->next != NULL) {
1327 str_len++; /* space for "," after */
1328 }
1329 }
1330 }
1331 if (first != -1) {
1332 if (first == last) {
1333 str_len += strlen(str1);
1334 } else if (last == first + 1) {
1335 str_len += strlen(str1) + strlen(str2) + 1;
1336 } else {
1337 str_len += strlen(str1) + strlen(str2) + 1;
1338 }
1339 }
1340 }
1341
1342 return str_len;
1343 }
1344
__cil_level_to_string(struct cil_level * lvl,char * out)1345 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1346 {
1347 struct cil_list_item *item;
1348 struct cil_cats *cats = lvl->cats;
1349 int buf_pos = 0;
1350 char *str_tmp = out;
1351 char *str1 = NULL;
1352 char *str2 = NULL;
1353 int first = -1;
1354 int last = -1;
1355
1356 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1357 str_tmp += buf_pos;
1358
1359 if (cats && cats->datum_expr != NULL) {
1360 buf_pos = sprintf(str_tmp, ":");
1361 str_tmp += buf_pos;
1362
1363 cil_list_for_each(item, cats->datum_expr) {
1364 struct cil_cat *cat = item->data;
1365 if (first == -1) {
1366 str1 = cat->datum.fqn;
1367 first = cat->value;
1368 last = first;
1369 } else if (cat->value == last + 1) {
1370 last++;
1371 str2 = cat->datum.fqn;
1372 } else {
1373 if (first == last) {
1374 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1375 str_tmp += buf_pos;
1376 } else if (last == first + 1) {
1377 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1378 str_tmp += buf_pos;
1379 } else {
1380 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1381 str_tmp += buf_pos;
1382 }
1383 first = -1;
1384 last = -1;
1385 if (item->next != NULL) {
1386 buf_pos = sprintf(str_tmp, ",");
1387 str_tmp += buf_pos;
1388 }
1389 }
1390 }
1391 if (first != -1) {
1392 if (first == last) {
1393 buf_pos = sprintf(str_tmp, "%s", str1);
1394 str_tmp += buf_pos;
1395 } else if (last == first + 1) {
1396 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1397 str_tmp += buf_pos;
1398 } else {
1399 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1400 str_tmp += buf_pos;
1401 }
1402 }
1403 }
1404
1405 return str_tmp - out;
1406 }
1407
1408 #ifdef DISABLE_SYMVER
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1409 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1410 #else
1411 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1412 #endif
1413 {
1414 size_t str_len = 0;
1415 int buf_pos = 0;
1416 char *str_tmp = NULL;
1417 struct cil_list_item *curr;
1418
1419 if (db->selinuxusers->head == NULL) {
1420 *size = 0;
1421 *out = NULL;
1422 return SEPOL_OK;
1423 }
1424
1425 cil_list_for_each(curr, db->selinuxusers) {
1426 struct cil_selinuxuser *selinuxuser = curr->data;
1427 struct cil_user *user = selinuxuser->user;
1428
1429 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1430
1431 if (db->mls == CIL_TRUE) {
1432 struct cil_levelrange *range = selinuxuser->range;
1433 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1434 }
1435
1436 str_len++;
1437 }
1438
1439 *size = str_len * sizeof(char);
1440 str_tmp = cil_malloc(*size+1);
1441 *out = str_tmp;
1442
1443 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1444 struct cil_selinuxuser *selinuxuser = curr->data;
1445 struct cil_user *user = selinuxuser->user;
1446
1447 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1448 str_tmp += buf_pos;
1449
1450 if (db->mls == CIL_TRUE) {
1451 struct cil_levelrange *range = selinuxuser->range;
1452 buf_pos = sprintf(str_tmp, ":");
1453 str_tmp += buf_pos;
1454 buf_pos = __cil_level_to_string(range->low, str_tmp);
1455 str_tmp += buf_pos;
1456 buf_pos = sprintf(str_tmp, "-");
1457 str_tmp += buf_pos;
1458 buf_pos = __cil_level_to_string(range->high, str_tmp);
1459 str_tmp += buf_pos;
1460 }
1461
1462 buf_pos = sprintf(str_tmp, "\n");
1463 str_tmp += buf_pos;
1464 }
1465
1466 return SEPOL_OK;
1467 }
1468
1469 #ifndef DISABLE_SYMVER
cil_selinuxusers_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1470 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1471 {
1472 return cil_selinuxusers_to_string_nopdb(db, out, size);
1473 }
1474 #endif
1475
1476 #ifdef DISABLE_SYMVER
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1477 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1478 #else
1479 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1480 #endif
1481 {
1482 uint32_t i = 0;
1483 int buf_pos = 0;
1484 size_t str_len = 0;
1485 char *str_tmp = NULL;
1486 struct cil_sort *filecons = db->filecon;
1487
1488 for (i = 0; i < filecons->count; i++) {
1489 struct cil_filecon *filecon = filecons->array[i];
1490 struct cil_context *ctx = filecon->context;
1491
1492 str_len += strlen(filecon->path_str);
1493
1494 if (filecon->type != CIL_FILECON_ANY) {
1495 /* If a type is specified,
1496 +2 for type string, +1 for tab */
1497 str_len += 3;
1498 }
1499
1500 if (ctx != NULL) {
1501 struct cil_user *user = ctx->user;
1502 struct cil_role *role = ctx->role;
1503 struct cil_type *type = ctx->type;
1504
1505 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1506
1507 if (db->mls == CIL_TRUE) {
1508 struct cil_levelrange *range = ctx->range;
1509 if (cil_level_equals(range->low, range->high)) {
1510 str_len += __cil_level_strlen(range->low) + 1;
1511 } else {
1512 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1513 }
1514 }
1515 } else {
1516 str_len += strlen("\t<<none>>");
1517 }
1518
1519 str_len++;
1520 }
1521
1522 *size = str_len * sizeof(char);
1523 str_tmp = cil_malloc(*size+1);
1524 *out = str_tmp;
1525
1526 for (i = 0; i < filecons->count; i++) {
1527 struct cil_filecon *filecon = filecons->array[i];
1528 struct cil_context *ctx = filecon->context;
1529 const char *str_type = NULL;
1530
1531 buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1532 str_tmp += buf_pos;
1533
1534 switch(filecon->type) {
1535 case CIL_FILECON_FILE:
1536 str_type = "\t--";
1537 break;
1538 case CIL_FILECON_DIR:
1539 str_type = "\t-d";
1540 break;
1541 case CIL_FILECON_CHAR:
1542 str_type = "\t-c";
1543 break;
1544 case CIL_FILECON_BLOCK:
1545 str_type = "\t-b";
1546 break;
1547 case CIL_FILECON_SOCKET:
1548 str_type = "\t-s";
1549 break;
1550 case CIL_FILECON_PIPE:
1551 str_type = "\t-p";
1552 break;
1553 case CIL_FILECON_SYMLINK:
1554 str_type = "\t-l";
1555 break;
1556 default:
1557 str_type = "";
1558 break;
1559 }
1560 buf_pos = sprintf(str_tmp, "%s", str_type);
1561 str_tmp += buf_pos;
1562
1563 if (ctx != NULL) {
1564 struct cil_user *user = ctx->user;
1565 struct cil_role *role = ctx->role;
1566 struct cil_type *type = ctx->type;
1567
1568 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1569 type->datum.fqn);
1570 str_tmp += buf_pos;
1571
1572 if (db->mls == CIL_TRUE) {
1573 struct cil_levelrange *range = ctx->range;
1574 buf_pos = sprintf(str_tmp, ":");
1575 str_tmp += buf_pos;
1576 buf_pos = __cil_level_to_string(range->low, str_tmp);
1577 str_tmp += buf_pos;
1578
1579 if (!cil_level_equals(range->low, range->high)) {
1580 buf_pos = sprintf(str_tmp, "-");
1581 str_tmp += buf_pos;
1582 buf_pos = __cil_level_to_string(range->high, str_tmp);
1583 str_tmp += buf_pos;
1584 }
1585 }
1586 } else {
1587 buf_pos = sprintf(str_tmp, "\t<<none>>");
1588 str_tmp += buf_pos;
1589 }
1590
1591 buf_pos = sprintf(str_tmp, "\n");
1592 str_tmp += buf_pos;
1593 }
1594
1595 return SEPOL_OK;
1596 }
1597
1598 #ifndef DISABLE_SYMVER
cil_filecons_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1599 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1600 {
1601 return cil_filecons_to_string_nopdb(db, out, size);
1602 }
1603 #endif
1604
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1605 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1606 {
1607 db->disable_dontaudit = disable_dontaudit;
1608 }
1609
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1610 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1611 {
1612 db->disable_neverallow = disable_neverallow;
1613 }
1614
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1615 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1616 {
1617 db->preserve_tunables = preserve_tunables;
1618 }
1619
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1620 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1621 {
1622 int rc = 0;
1623
1624 switch (handle_unknown) {
1625 case SEPOL_DENY_UNKNOWN:
1626 case SEPOL_REJECT_UNKNOWN:
1627 case SEPOL_ALLOW_UNKNOWN:
1628 db->handle_unknown = handle_unknown;
1629 break;
1630 default:
1631 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1632 rc = -1;
1633 }
1634
1635 return rc;
1636 }
1637
cil_set_mls(struct cil_db * db,int mls)1638 void cil_set_mls(struct cil_db *db, int mls)
1639 {
1640 db->mls = mls;
1641 }
1642
cil_set_target_platform(struct cil_db * db,int target_platform)1643 void cil_set_target_platform(struct cil_db *db, int target_platform)
1644 {
1645 db->target_platform = target_platform;
1646 }
1647
cil_set_policy_version(struct cil_db * db,int policy_version)1648 void cil_set_policy_version(struct cil_db *db, int policy_version)
1649 {
1650 db->policy_version = policy_version;
1651 }
1652
cil_symtab_array_init(symtab_t symtab[],int symtab_sizes[CIL_SYM_NUM])1653 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM])
1654 {
1655 uint32_t i = 0;
1656 for (i = 0; i < CIL_SYM_NUM; i++) {
1657 cil_symtab_init(&symtab[i], symtab_sizes[i]);
1658 }
1659 }
1660
cil_symtab_array_destroy(symtab_t symtab[])1661 void cil_symtab_array_destroy(symtab_t symtab[])
1662 {
1663 int i = 0;
1664 for (i = 0; i < CIL_SYM_NUM; i++) {
1665 cil_symtab_destroy(&symtab[i]);
1666 }
1667 }
1668
cil_destroy_ast_symtabs(struct cil_tree_node * current)1669 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1670 {
1671 while (current) {
1672 switch (current->flavor) {
1673 case CIL_BLOCK:
1674 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1675 break;
1676 case CIL_IN:
1677 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1678 break;
1679 case CIL_CLASS:
1680 case CIL_COMMON:
1681 case CIL_MAP_CLASS:
1682 cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1683 break;
1684 case CIL_MACRO:
1685 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1686 break;
1687 case CIL_CONDBLOCK:
1688 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1689 break;
1690 default:
1691 break;
1692 }
1693
1694 if (current->cl_head) {
1695 cil_destroy_ast_symtabs(current->cl_head);
1696 }
1697
1698 current = current->next;
1699 }
1700 }
1701
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1702 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1703 {
1704 struct cil_tree_node *node = ast_node;
1705 *symtab = NULL;
1706
1707 if (sym_index == CIL_SYM_PERMS) {
1708 /* Class statements are not blocks, so the passed node should be the class */
1709 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1710 node->flavor == CIL_COMMON) {
1711 *symtab = &((struct cil_class*)node->data)->perms;
1712 return SEPOL_OK;
1713 }
1714 goto exit;
1715 }
1716
1717 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1718 cil_log(CIL_ERR, "Invalid symtab type\n");
1719 goto exit;
1720 }
1721
1722 while (node != NULL && *symtab == NULL) {
1723 switch (node->flavor) {
1724 case CIL_ROOT:
1725 *symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1726 break;
1727 case CIL_BLOCK:
1728 *symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1729 break;
1730 case CIL_MACRO:
1731 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1732 break;
1733 case CIL_IN:
1734 /* In blocks only exist before resolving the AST */
1735 *symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1736 break;
1737 case CIL_CONDBLOCK: {
1738 if (node->parent->flavor == CIL_TUNABLEIF) {
1739 /* Cond blocks only exist before resolving the AST */
1740 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1741 } else if (node->parent->flavor == CIL_BOOLEANIF) {
1742 node = node->parent->parent;
1743 }
1744 break;
1745 }
1746 default:
1747 node = node->parent;
1748 }
1749 }
1750
1751 if (*symtab == NULL) {
1752 goto exit;
1753 }
1754
1755 return SEPOL_OK;
1756
1757 exit:
1758 cil_log(CIL_ERR, "Failed to get symtab from node at line %d of %s\n",
1759 ast_node->line, ast_node->path);
1760 return SEPOL_ERR;
1761 }
1762
cil_sort_init(struct cil_sort ** sort)1763 void cil_sort_init(struct cil_sort **sort)
1764 {
1765 *sort = cil_malloc(sizeof(**sort));
1766
1767 (*sort)->flavor = CIL_NONE;
1768 (*sort)->count = 0;
1769 (*sort)->index = 0;
1770 (*sort)->array = NULL;
1771 }
1772
cil_sort_destroy(struct cil_sort ** sort)1773 void cil_sort_destroy(struct cil_sort **sort)
1774 {
1775 (*sort)->flavor = CIL_NONE;
1776 (*sort)->count = 0;
1777 (*sort)->index = 0;
1778 if ((*sort)->array != NULL) {
1779 free((*sort)->array);
1780 }
1781 (*sort)->array = NULL;
1782
1783 free(*sort);
1784 *sort = NULL;
1785 }
1786
cil_netifcon_init(struct cil_netifcon ** netifcon)1787 void cil_netifcon_init(struct cil_netifcon **netifcon)
1788 {
1789 *netifcon = cil_malloc(sizeof(**netifcon));
1790
1791 (*netifcon)->interface_str = NULL;
1792 (*netifcon)->if_context_str = NULL;
1793 (*netifcon)->if_context = NULL;
1794 (*netifcon)->packet_context_str = NULL;
1795 (*netifcon)->packet_context = NULL;
1796 (*netifcon)->context_str = NULL;
1797 }
1798
cil_context_init(struct cil_context ** context)1799 void cil_context_init(struct cil_context **context)
1800 {
1801 *context = cil_malloc(sizeof(**context));
1802
1803 cil_symtab_datum_init(&(*context)->datum);
1804 (*context)->user_str = NULL;
1805 (*context)->user = NULL;
1806 (*context)->role_str = NULL;
1807 (*context)->role = NULL;
1808 (*context)->type_str = NULL;
1809 (*context)->type = NULL;
1810 (*context)->range_str = NULL;
1811 (*context)->range = NULL;
1812 }
1813
cil_level_init(struct cil_level ** level)1814 void cil_level_init(struct cil_level **level)
1815 {
1816 *level = cil_malloc(sizeof(**level));
1817
1818 cil_symtab_datum_init(&(*level)->datum);
1819 (*level)->sens_str = NULL;
1820 (*level)->sens = NULL;
1821 (*level)->cats = NULL;
1822 }
1823
cil_levelrange_init(struct cil_levelrange ** range)1824 void cil_levelrange_init(struct cil_levelrange **range)
1825 {
1826 *range = cil_malloc(sizeof(**range));
1827
1828 cil_symtab_datum_init(&(*range)->datum);
1829 (*range)->low_str = NULL;
1830 (*range)->low = NULL;
1831 (*range)->high_str = NULL;
1832 (*range)->high = NULL;
1833 }
1834
cil_sens_init(struct cil_sens ** sens)1835 void cil_sens_init(struct cil_sens **sens)
1836 {
1837 *sens = cil_malloc(sizeof(**sens));
1838
1839 cil_symtab_datum_init(&(*sens)->datum);
1840
1841 (*sens)->cats_list = NULL;
1842
1843 (*sens)->ordered = CIL_FALSE;
1844 }
1845
cil_block_init(struct cil_block ** block)1846 void cil_block_init(struct cil_block **block)
1847 {
1848 *block = cil_malloc(sizeof(**block));
1849
1850 cil_symtab_datum_init(&(*block)->datum);
1851
1852 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
1853
1854 (*block)->is_abstract = CIL_FALSE;
1855
1856 (*block)->bi_nodes = NULL;
1857 }
1858
cil_blockinherit_init(struct cil_blockinherit ** inherit)1859 void cil_blockinherit_init(struct cil_blockinherit **inherit)
1860 {
1861 *inherit = cil_malloc(sizeof(**inherit));
1862 (*inherit)->block_str = NULL;
1863 (*inherit)->block = NULL;
1864 }
1865
cil_blockabstract_init(struct cil_blockabstract ** abstract)1866 void cil_blockabstract_init(struct cil_blockabstract **abstract)
1867 {
1868 *abstract = cil_malloc(sizeof(**abstract));
1869 (*abstract)->block_str = NULL;
1870 }
1871
cil_in_init(struct cil_in ** in)1872 void cil_in_init(struct cil_in **in)
1873 {
1874 *in = cil_malloc(sizeof(**in));
1875
1876 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
1877 (*in)->block_str = NULL;
1878 }
1879
cil_class_init(struct cil_class ** class)1880 void cil_class_init(struct cil_class **class)
1881 {
1882 *class = cil_malloc(sizeof(**class));
1883
1884 cil_symtab_datum_init(&(*class)->datum);
1885
1886 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
1887
1888 (*class)->num_perms = 0;
1889 (*class)->common = NULL;
1890 (*class)->ordered = CIL_FALSE;
1891 }
1892
cil_classorder_init(struct cil_classorder ** classorder)1893 void cil_classorder_init(struct cil_classorder **classorder)
1894 {
1895 *classorder = cil_malloc(sizeof(**classorder));
1896
1897 (*classorder)->class_list_str = NULL;
1898 }
1899
cil_classcommon_init(struct cil_classcommon ** classcommon)1900 void cil_classcommon_init(struct cil_classcommon **classcommon)
1901 {
1902 *classcommon = cil_malloc(sizeof(**classcommon));
1903
1904 (*classcommon)->class_str = NULL;
1905 (*classcommon)->common_str = NULL;
1906 }
1907
cil_sid_init(struct cil_sid ** sid)1908 void cil_sid_init(struct cil_sid **sid)
1909 {
1910 *sid = cil_malloc(sizeof(**sid));
1911
1912 cil_symtab_datum_init(&(*sid)->datum);
1913
1914 (*sid)->ordered = CIL_FALSE;
1915 (*sid)->context = NULL;
1916 }
1917
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)1918 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
1919 {
1920 *sidcontext = cil_malloc(sizeof(**sidcontext));
1921
1922 (*sidcontext)->sid_str = NULL;
1923 (*sidcontext)->context_str = NULL;
1924 (*sidcontext)->context = NULL;
1925 }
1926
cil_sidorder_init(struct cil_sidorder ** sidorder)1927 void cil_sidorder_init(struct cil_sidorder **sidorder)
1928 {
1929 *sidorder = cil_malloc(sizeof(**sidorder));
1930
1931 (*sidorder)->sid_list_str = NULL;
1932 }
1933
cil_userrole_init(struct cil_userrole ** userrole)1934 void cil_userrole_init(struct cil_userrole **userrole)
1935 {
1936 *userrole = cil_malloc(sizeof(**userrole));
1937
1938 (*userrole)->user_str = NULL;
1939 (*userrole)->user = NULL;
1940 (*userrole)->role_str = NULL;
1941 (*userrole)->role = NULL;
1942 }
1943
cil_userprefix_init(struct cil_userprefix ** userprefix)1944 void cil_userprefix_init(struct cil_userprefix **userprefix)
1945 {
1946 *userprefix = cil_malloc(sizeof(**userprefix));
1947
1948 (*userprefix)->user_str = NULL;
1949 (*userprefix)->user = NULL;
1950 (*userprefix)->prefix_str = NULL;
1951 }
1952
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)1953 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
1954 {
1955 *selinuxuser = cil_malloc(sizeof(**selinuxuser));
1956
1957 (*selinuxuser)->name_str = NULL;
1958 (*selinuxuser)->user_str = NULL;
1959 (*selinuxuser)->user = NULL;
1960 (*selinuxuser)->range_str = NULL;
1961 (*selinuxuser)->range = NULL;
1962 }
1963
cil_roletype_init(struct cil_roletype ** roletype)1964 void cil_roletype_init(struct cil_roletype **roletype)
1965 {
1966 *roletype = cil_malloc(sizeof(**roletype));
1967
1968 (*roletype)->role_str = NULL;
1969 (*roletype)->role = NULL;
1970 (*roletype)->type_str = NULL;
1971 (*roletype)->type = NULL;
1972 }
1973
cil_roleattribute_init(struct cil_roleattribute ** attr)1974 void cil_roleattribute_init(struct cil_roleattribute **attr)
1975 {
1976 *attr = cil_malloc(sizeof(**attr));
1977
1978 cil_symtab_datum_init(&(*attr)->datum);
1979
1980 (*attr)->expr_list = NULL;
1981 (*attr)->roles = NULL;
1982 }
1983
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)1984 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
1985 {
1986 *attrset = cil_malloc(sizeof(**attrset));
1987
1988 (*attrset)->attr_str = NULL;
1989 (*attrset)->str_expr = NULL;
1990 (*attrset)->datum_expr = NULL;
1991 }
1992
cil_typeattribute_init(struct cil_typeattribute ** attr)1993 void cil_typeattribute_init(struct cil_typeattribute **attr)
1994 {
1995 *attr = cil_malloc(sizeof(**attr));
1996
1997 cil_symtab_datum_init(&(*attr)->datum);
1998
1999 (*attr)->expr_list = NULL;
2000 (*attr)->types = NULL;
2001 (*attr)->used = CIL_FALSE;
2002 }
2003
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2004 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2005 {
2006 *attrset = cil_malloc(sizeof(**attrset));
2007
2008 (*attrset)->attr_str = NULL;
2009 (*attrset)->str_expr = NULL;
2010 (*attrset)->datum_expr = NULL;
2011 }
2012
cil_alias_init(struct cil_alias ** alias)2013 void cil_alias_init(struct cil_alias **alias)
2014 {
2015 *alias = cil_malloc(sizeof(**alias));
2016
2017 (*alias)->actual = NULL;
2018
2019 cil_symtab_datum_init(&(*alias)->datum);
2020 }
2021
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2022 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2023 {
2024 *aliasactual = cil_malloc(sizeof(**aliasactual));
2025
2026 (*aliasactual)->alias_str = NULL;
2027 (*aliasactual)->actual_str = NULL;
2028 }
2029
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2030 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2031 {
2032 *typeperm = cil_malloc(sizeof(**typeperm));
2033
2034 (*typeperm)->type_str = NULL;
2035 (*typeperm)->type = NULL;
2036 }
2037
cil_name_init(struct cil_name ** name)2038 void cil_name_init(struct cil_name **name)
2039 {
2040 *name = cil_malloc(sizeof(**name));
2041
2042 cil_symtab_datum_init(&(*name)->datum);
2043 (*name)->name_str = NULL;
2044 }
2045
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2046 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2047 {
2048 *nametypetrans = cil_malloc(sizeof(**nametypetrans));
2049
2050 (*nametypetrans)->src_str = NULL;
2051 (*nametypetrans)->src = NULL;
2052 (*nametypetrans)->tgt_str = NULL;
2053 (*nametypetrans)->tgt = NULL;
2054 (*nametypetrans)->obj_str = NULL;
2055 (*nametypetrans)->obj = NULL;
2056 (*nametypetrans)->name_str = NULL;
2057 (*nametypetrans)->name = NULL;
2058 (*nametypetrans)->result_str = NULL;
2059 (*nametypetrans)->result = NULL;
2060 }
2061
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2062 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2063 {
2064 *rangetrans = cil_malloc(sizeof(**rangetrans));
2065
2066 (*rangetrans)->src_str = NULL;
2067 (*rangetrans)->src = NULL;
2068 (*rangetrans)->exec_str = NULL;
2069 (*rangetrans)->exec = NULL;
2070 (*rangetrans)->obj_str = NULL;
2071 (*rangetrans)->obj = NULL;
2072 (*rangetrans)->range_str = NULL;
2073 (*rangetrans)->range = NULL;
2074 }
2075
cil_bool_init(struct cil_bool ** cilbool)2076 void cil_bool_init(struct cil_bool **cilbool)
2077 {
2078 *cilbool = cil_malloc(sizeof(**cilbool));
2079
2080 cil_symtab_datum_init(&(*cilbool)->datum);
2081 (*cilbool)->value = 0;
2082 }
2083
cil_tunable_init(struct cil_tunable ** ciltun)2084 void cil_tunable_init(struct cil_tunable **ciltun)
2085 {
2086 *ciltun = cil_malloc(sizeof(**ciltun));
2087
2088 cil_symtab_datum_init(&(*ciltun)->datum);
2089 (*ciltun)->value = 0;
2090 }
2091
cil_condblock_init(struct cil_condblock ** cb)2092 void cil_condblock_init(struct cil_condblock **cb)
2093 {
2094 *cb = cil_malloc(sizeof(**cb));
2095
2096 (*cb)->flavor = CIL_NONE;
2097 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2098 }
2099
cil_boolif_init(struct cil_booleanif ** bif)2100 void cil_boolif_init(struct cil_booleanif **bif)
2101 {
2102 *bif = cil_malloc(sizeof(**bif));
2103
2104 (*bif)->str_expr = NULL;
2105 (*bif)->datum_expr = NULL;
2106 }
2107
cil_tunif_init(struct cil_tunableif ** tif)2108 void cil_tunif_init(struct cil_tunableif **tif)
2109 {
2110 *tif = cil_malloc(sizeof(**tif));
2111
2112 (*tif)->str_expr = NULL;
2113 (*tif)->datum_expr = NULL;
2114 }
2115
cil_avrule_init(struct cil_avrule ** avrule)2116 void cil_avrule_init(struct cil_avrule **avrule)
2117 {
2118 *avrule = cil_malloc(sizeof(**avrule));
2119
2120 (*avrule)->is_extended = 0;
2121 (*avrule)->rule_kind = CIL_NONE;
2122 (*avrule)->src_str = NULL;
2123 (*avrule)->src = NULL;
2124 (*avrule)->tgt_str = NULL;
2125 (*avrule)->tgt = NULL;
2126 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2127 }
2128
cil_permissionx_init(struct cil_permissionx ** permx)2129 void cil_permissionx_init(struct cil_permissionx **permx)
2130 {
2131 *permx = cil_malloc(sizeof(**permx));
2132
2133 cil_symtab_datum_init(&(*permx)->datum);
2134 (*permx)->kind = CIL_NONE;
2135 (*permx)->obj_str = NULL;
2136 (*permx)->obj = NULL;
2137 (*permx)->expr_str = NULL;
2138 (*permx)->perms = NULL;
2139 }
2140
cil_type_rule_init(struct cil_type_rule ** type_rule)2141 void cil_type_rule_init(struct cil_type_rule **type_rule)
2142 {
2143 *type_rule = cil_malloc(sizeof(**type_rule));
2144
2145 (*type_rule)->rule_kind = CIL_NONE;
2146 (*type_rule)->src_str = NULL;
2147 (*type_rule)->src = NULL;
2148 (*type_rule)->tgt_str = NULL;
2149 (*type_rule)->tgt = NULL;
2150 (*type_rule)->obj_str = NULL;
2151 (*type_rule)->obj = NULL;
2152 (*type_rule)->result_str = NULL;
2153 (*type_rule)->result = NULL;
2154 }
2155
cil_roletransition_init(struct cil_roletransition ** role_trans)2156 void cil_roletransition_init(struct cil_roletransition **role_trans)
2157 {
2158 *role_trans = cil_malloc(sizeof(**role_trans));
2159
2160 (*role_trans)->src_str = NULL;
2161 (*role_trans)->src = NULL;
2162 (*role_trans)->tgt_str = NULL;
2163 (*role_trans)->tgt = NULL;
2164 (*role_trans)->obj_str = NULL;
2165 (*role_trans)->obj = NULL;
2166 (*role_trans)->result_str = NULL;
2167 (*role_trans)->result = NULL;
2168 }
2169
cil_roleallow_init(struct cil_roleallow ** roleallow)2170 void cil_roleallow_init(struct cil_roleallow **roleallow)
2171 {
2172 *roleallow = cil_malloc(sizeof(**roleallow));
2173
2174 (*roleallow)->src_str = NULL;
2175 (*roleallow)->src = NULL;
2176 (*roleallow)->tgt_str = NULL;
2177 (*roleallow)->tgt = NULL;
2178 }
2179
cil_catset_init(struct cil_catset ** catset)2180 void cil_catset_init(struct cil_catset **catset)
2181 {
2182 *catset = cil_malloc(sizeof(**catset));
2183
2184 cil_symtab_datum_init(&(*catset)->datum);
2185 (*catset)->cats = NULL;
2186 }
2187
cil_senscat_init(struct cil_senscat ** senscat)2188 void cil_senscat_init(struct cil_senscat **senscat)
2189 {
2190 *senscat = cil_malloc(sizeof(**senscat));
2191
2192 (*senscat)->sens_str = NULL;
2193 (*senscat)->cats = NULL;
2194 }
2195
cil_cats_init(struct cil_cats ** cats)2196 void cil_cats_init(struct cil_cats **cats)
2197 {
2198 *cats = cil_malloc(sizeof(**cats));
2199
2200 (*cats)->evaluated = CIL_FALSE;
2201 (*cats)->str_expr = NULL;
2202 (*cats)->datum_expr = NULL;
2203 }
2204
cil_filecon_init(struct cil_filecon ** filecon)2205 void cil_filecon_init(struct cil_filecon **filecon)
2206 {
2207 *filecon = cil_malloc(sizeof(**filecon));
2208
2209 (*filecon)->path_str = NULL;
2210 (*filecon)->type = 0;
2211 (*filecon)->context_str = NULL;
2212 (*filecon)->context = NULL;
2213 }
2214
cil_portcon_init(struct cil_portcon ** portcon)2215 void cil_portcon_init(struct cil_portcon **portcon)
2216 {
2217 *portcon = cil_malloc(sizeof(**portcon));
2218 (*portcon)->proto = 0;
2219 (*portcon)->port_low = 0;
2220 (*portcon)->port_high = 0;
2221 (*portcon)->context_str = NULL;
2222 (*portcon)->context = NULL;
2223 }
2224
cil_nodecon_init(struct cil_nodecon ** nodecon)2225 void cil_nodecon_init(struct cil_nodecon **nodecon)
2226 {
2227 *nodecon = cil_malloc(sizeof(**nodecon));
2228
2229 (*nodecon)->addr_str = NULL;
2230 (*nodecon)->addr = NULL;
2231 (*nodecon)->mask_str = NULL;
2232 (*nodecon)->mask = NULL;
2233 (*nodecon)->context_str = NULL;
2234 (*nodecon)->context = NULL;
2235 }
2236
cil_genfscon_init(struct cil_genfscon ** genfscon)2237 void cil_genfscon_init(struct cil_genfscon **genfscon)
2238 {
2239 *genfscon = cil_malloc(sizeof(**genfscon));
2240
2241 (*genfscon)->fs_str = NULL;
2242 (*genfscon)->path_str = NULL;
2243 (*genfscon)->context_str = NULL;
2244 (*genfscon)->context = NULL;
2245 }
2246
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2247 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2248 {
2249 *pirqcon = cil_malloc(sizeof(**pirqcon));
2250
2251 (*pirqcon)->pirq = 0;
2252 (*pirqcon)->context_str = NULL;
2253 (*pirqcon)->context = NULL;
2254 }
2255
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2256 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2257 {
2258 *iomemcon = cil_malloc(sizeof(**iomemcon));
2259
2260 (*iomemcon)->iomem_low = 0;
2261 (*iomemcon)->iomem_high = 0;
2262 (*iomemcon)->context_str = NULL;
2263 (*iomemcon)->context = NULL;
2264 }
2265
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2266 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2267 {
2268 *ioportcon = cil_malloc(sizeof(**ioportcon));
2269
2270 (*ioportcon)->context_str = NULL;
2271 (*ioportcon)->context = NULL;
2272 }
2273
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2274 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2275 {
2276 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2277
2278 (*pcidevicecon)->dev = 0;
2279 (*pcidevicecon)->context_str = NULL;
2280 (*pcidevicecon)->context = NULL;
2281 }
2282
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2283 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2284 {
2285 *dtcon = cil_malloc(sizeof(**dtcon));
2286
2287 (*dtcon)->path = NULL;
2288 (*dtcon)->context_str = NULL;
2289 (*dtcon)->context = NULL;
2290 }
2291
cil_fsuse_init(struct cil_fsuse ** fsuse)2292 void cil_fsuse_init(struct cil_fsuse **fsuse)
2293 {
2294 *fsuse = cil_malloc(sizeof(**fsuse));
2295
2296 (*fsuse)->type = 0;
2297 (*fsuse)->fs_str = NULL;
2298 (*fsuse)->context_str = NULL;
2299 (*fsuse)->context = NULL;
2300 }
2301
cil_constrain_init(struct cil_constrain ** constrain)2302 void cil_constrain_init(struct cil_constrain **constrain)
2303 {
2304 *constrain = cil_malloc(sizeof(**constrain));
2305
2306 (*constrain)->classperms = NULL;
2307 (*constrain)->str_expr = NULL;
2308 (*constrain)->datum_expr = NULL;
2309 }
2310
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2311 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2312 {
2313 *validtrans = cil_malloc(sizeof(**validtrans));
2314
2315 (*validtrans)->class_str = NULL;
2316 (*validtrans)->class = NULL;
2317 (*validtrans)->str_expr = NULL;
2318 (*validtrans)->datum_expr = NULL;
2319 }
2320
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2321 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2322 {
2323 *ipaddr = cil_malloc(sizeof(**ipaddr));
2324
2325 cil_symtab_datum_init(&(*ipaddr)->datum);
2326 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2327 }
2328
cil_perm_init(struct cil_perm ** perm)2329 void cil_perm_init(struct cil_perm **perm)
2330 {
2331 *perm = cil_malloc(sizeof(**perm));
2332
2333 cil_symtab_datum_init(&(*perm)->datum);
2334 (*perm)->value = 0;
2335 (*perm)->classperms = NULL;
2336 }
2337
cil_classpermission_init(struct cil_classpermission ** cp)2338 void cil_classpermission_init(struct cil_classpermission **cp)
2339 {
2340 *cp = cil_malloc(sizeof(**cp));
2341
2342 cil_symtab_datum_init(&(*cp)->datum);
2343 (*cp)->classperms = NULL;
2344 }
2345
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2346 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2347 {
2348 *cps = cil_malloc(sizeof(**cps));
2349
2350 (*cps)->set_str = NULL;
2351 (*cps)->classperms = NULL;
2352 }
2353
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2354 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2355 {
2356 *cp_set = cil_malloc(sizeof(**cp_set));
2357 (*cp_set)->set_str = NULL;
2358 (*cp_set)->set = NULL;
2359 }
2360
cil_classperms_init(struct cil_classperms ** cp)2361 void cil_classperms_init(struct cil_classperms **cp)
2362 {
2363 *cp = cil_malloc(sizeof(**cp));
2364 (*cp)->class_str = NULL;
2365 (*cp)->class = NULL;
2366 (*cp)->perm_strs = NULL;
2367 (*cp)->perms = NULL;
2368 }
2369
cil_classmapping_init(struct cil_classmapping ** mapping)2370 void cil_classmapping_init(struct cil_classmapping **mapping)
2371 {
2372 *mapping = cil_malloc(sizeof(**mapping));
2373
2374 (*mapping)->map_class_str = NULL;
2375 (*mapping)->map_perm_str = NULL;
2376 (*mapping)->classperms = NULL;
2377 }
2378
cil_user_init(struct cil_user ** user)2379 void cil_user_init(struct cil_user **user)
2380 {
2381 *user = cil_malloc(sizeof(**user));
2382
2383 cil_symtab_datum_init(&(*user)->datum);
2384 (*user)->bounds = NULL;
2385 (*user)->roles = NULL;
2386 (*user)->dftlevel = NULL;
2387 (*user)->range = NULL;
2388 (*user)->value = 0;
2389 }
2390
cil_userattribute_init(struct cil_userattribute ** attr)2391 void cil_userattribute_init(struct cil_userattribute **attr)
2392 {
2393 *attr = cil_malloc(sizeof(**attr));
2394
2395 cil_symtab_datum_init(&(*attr)->datum);
2396
2397 (*attr)->expr_list = NULL;
2398 (*attr)->users = NULL;
2399 }
2400
cil_userattributeset_init(struct cil_userattributeset ** attrset)2401 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2402 {
2403 *attrset = cil_malloc(sizeof(**attrset));
2404
2405 (*attrset)->attr_str = NULL;
2406 (*attrset)->str_expr = NULL;
2407 (*attrset)->datum_expr = NULL;
2408 }
2409
cil_userlevel_init(struct cil_userlevel ** usrlvl)2410 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2411 {
2412 *usrlvl = cil_malloc(sizeof(**usrlvl));
2413
2414 (*usrlvl)->user_str = NULL;
2415 (*usrlvl)->level_str = NULL;
2416 (*usrlvl)->level = NULL;
2417 }
2418
cil_userrange_init(struct cil_userrange ** userrange)2419 void cil_userrange_init(struct cil_userrange **userrange)
2420 {
2421 *userrange = cil_malloc(sizeof(**userrange));
2422
2423 (*userrange)->user_str = NULL;
2424 (*userrange)->range_str = NULL;
2425 (*userrange)->range = NULL;
2426 }
2427
cil_role_init(struct cil_role ** role)2428 void cil_role_init(struct cil_role **role)
2429 {
2430 *role = cil_malloc(sizeof(**role));
2431
2432 cil_symtab_datum_init(&(*role)->datum);
2433 (*role)->bounds = NULL;
2434 (*role)->types = NULL;
2435 (*role)->value = 0;
2436 }
2437
cil_type_init(struct cil_type ** type)2438 void cil_type_init(struct cil_type **type)
2439 {
2440 *type = cil_malloc(sizeof(**type));
2441
2442 cil_symtab_datum_init(&(*type)->datum);
2443 (*type)->bounds = NULL;
2444 (*type)->value = 0;
2445 }
2446
cil_cat_init(struct cil_cat ** cat)2447 void cil_cat_init(struct cil_cat **cat)
2448 {
2449 *cat = cil_malloc(sizeof(**cat));
2450
2451 cil_symtab_datum_init(&(*cat)->datum);
2452 (*cat)->ordered = CIL_FALSE;
2453 (*cat)->value = 0;
2454 }
2455
cil_catorder_init(struct cil_catorder ** catorder)2456 void cil_catorder_init(struct cil_catorder **catorder)
2457 {
2458 *catorder = cil_malloc(sizeof(**catorder));
2459
2460 (*catorder)->cat_list_str = NULL;
2461 }
2462
cil_sensorder_init(struct cil_sensorder ** sensorder)2463 void cil_sensorder_init(struct cil_sensorder **sensorder)
2464 {
2465 *sensorder = cil_malloc(sizeof(**sensorder));
2466
2467 (*sensorder)->sens_list_str = NULL;
2468 }
2469
cil_args_init(struct cil_args ** args)2470 void cil_args_init(struct cil_args **args)
2471 {
2472 *args = cil_malloc(sizeof(**args));
2473 (*args)->arg_str = NULL;
2474 (*args)->arg = NULL;
2475 (*args)->param_str = NULL;
2476 (*args)->flavor = CIL_NONE;
2477 }
2478
cil_call_init(struct cil_call ** call)2479 void cil_call_init(struct cil_call **call)
2480 {
2481 *call = cil_malloc(sizeof(**call));
2482
2483 (*call)->macro_str = NULL;
2484 (*call)->macro = NULL;
2485 (*call)->args_tree = NULL;
2486 (*call)->args = NULL;
2487 (*call)->copied = 0;
2488 }
2489
cil_optional_init(struct cil_optional ** optional)2490 void cil_optional_init(struct cil_optional **optional)
2491 {
2492 *optional = cil_malloc(sizeof(**optional));
2493 (*optional)->enabled = CIL_TRUE;
2494 cil_symtab_datum_init(&(*optional)->datum);
2495 }
2496
cil_param_init(struct cil_param ** param)2497 void cil_param_init(struct cil_param **param)
2498 {
2499 *param = cil_malloc(sizeof(**param));
2500
2501 (*param)->str = NULL;
2502 (*param)->flavor = CIL_NONE;
2503 }
2504
cil_macro_init(struct cil_macro ** macro)2505 void cil_macro_init(struct cil_macro **macro)
2506 {
2507 *macro = cil_malloc(sizeof(**macro));
2508
2509 cil_symtab_datum_init(&(*macro)->datum);
2510 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2511 (*macro)->params = NULL;
2512 }
2513
cil_policycap_init(struct cil_policycap ** policycap)2514 void cil_policycap_init(struct cil_policycap **policycap)
2515 {
2516 *policycap = cil_malloc(sizeof(**policycap));
2517
2518 cil_symtab_datum_init(&(*policycap)->datum);
2519 }
2520
cil_bounds_init(struct cil_bounds ** bounds)2521 void cil_bounds_init(struct cil_bounds **bounds)
2522 {
2523 *bounds = cil_malloc(sizeof(**bounds));
2524
2525 (*bounds)->parent_str = NULL;
2526 (*bounds)->child_str = NULL;
2527 }
2528
cil_default_init(struct cil_default ** def)2529 void cil_default_init(struct cil_default **def)
2530 {
2531 *def = cil_malloc(sizeof(**def));
2532
2533 (*def)->flavor = CIL_NONE;
2534 (*def)->class_strs = NULL;
2535 (*def)->class_datums = NULL;
2536 }
2537
cil_defaultrange_init(struct cil_defaultrange ** def)2538 void cil_defaultrange_init(struct cil_defaultrange **def)
2539 {
2540 *def = cil_malloc(sizeof(**def));
2541
2542 (*def)->class_strs = NULL;
2543 (*def)->class_datums = NULL;
2544 }
2545
cil_handleunknown_init(struct cil_handleunknown ** unk)2546 void cil_handleunknown_init(struct cil_handleunknown **unk)
2547 {
2548 *unk = cil_malloc(sizeof(**unk));
2549 }
2550
cil_mls_init(struct cil_mls ** mls)2551 void cil_mls_init(struct cil_mls **mls)
2552 {
2553 *mls = cil_malloc(sizeof(**mls));
2554 (*mls)->value = 0;
2555 }
2556