1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "dso.h"
54
55 #ifndef DISABLE_SYMVER
56 asm(".symver cil_build_policydb_pdb, cil_build_policydb@LIBSEPOL_1.0");
57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
58
59 asm(".symver cil_compile_pdb, cil_compile@LIBSEPOL_1.0");
60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1");
61
62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string@LIBSEPOL_1.0");
63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1");
64
65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string@LIBSEPOL_1.0");
66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1");
67
68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string@LIBSEPOL_1.0");
69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1");
70 #endif
71
72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
78 };
79
cil_init_keys(void)80 static void cil_init_keys(void)
81 {
82 /* Initialize CIL Keys into strpool */
83 CIL_KEY_CONS_T1 = cil_strpool_add("t1");
84 CIL_KEY_CONS_T2 = cil_strpool_add("t2");
85 CIL_KEY_CONS_T3 = cil_strpool_add("t3");
86 CIL_KEY_CONS_R1 = cil_strpool_add("r1");
87 CIL_KEY_CONS_R2 = cil_strpool_add("r2");
88 CIL_KEY_CONS_R3 = cil_strpool_add("r3");
89 CIL_KEY_CONS_U1 = cil_strpool_add("u1");
90 CIL_KEY_CONS_U2 = cil_strpool_add("u2");
91 CIL_KEY_CONS_U3 = cil_strpool_add("u3");
92 CIL_KEY_CONS_L1 = cil_strpool_add("l1");
93 CIL_KEY_CONS_L2 = cil_strpool_add("l2");
94 CIL_KEY_CONS_H1 = cil_strpool_add("h1");
95 CIL_KEY_CONS_H2 = cil_strpool_add("h2");
96 CIL_KEY_AND = cil_strpool_add("and");
97 CIL_KEY_OR = cil_strpool_add("or");
98 CIL_KEY_NOT = cil_strpool_add("not");
99 CIL_KEY_EQ = cil_strpool_add("eq");
100 CIL_KEY_NEQ = cil_strpool_add("neq");
101 CIL_KEY_CONS_DOM = cil_strpool_add("dom");
102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
104 CIL_KEY_CONDTRUE = cil_strpool_add("true");
105 CIL_KEY_CONDFALSE = cil_strpool_add("false");
106 CIL_KEY_SELF = cil_strpool_add("self");
107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
108 CIL_KEY_STAR = cil_strpool_add("*");
109 CIL_KEY_UDP = cil_strpool_add("udp");
110 CIL_KEY_TCP = cil_strpool_add("tcp");
111 CIL_KEY_DCCP = cil_strpool_add("dccp");
112 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
113 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
114 CIL_KEY_ALLOW = cil_strpool_add("allow");
115 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
116 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
117 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
118 CIL_KEY_CALL = cil_strpool_add("call");
119 CIL_KEY_TUNABLE = cil_strpool_add("tunable");
120 CIL_KEY_XOR = cil_strpool_add("xor");
121 CIL_KEY_ALL = cil_strpool_add("all");
122 CIL_KEY_RANGE = cil_strpool_add("range");
123 CIL_KEY_TYPE = cil_strpool_add("type");
124 CIL_KEY_ROLE = cil_strpool_add("role");
125 CIL_KEY_USER = cil_strpool_add("user");
126 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
127 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
128 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
129 CIL_KEY_CATEGORY = cil_strpool_add("category");
130 CIL_KEY_CATSET = cil_strpool_add("categoryset");
131 CIL_KEY_LEVEL = cil_strpool_add("level");
132 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
133 CIL_KEY_CLASS = cil_strpool_add("class");
134 CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
135 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
136 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
137 CIL_KEY_BOOL = cil_strpool_add("boolean");
138 CIL_KEY_STRING = cil_strpool_add("string");
139 CIL_KEY_NAME = cil_strpool_add("name");
140 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
141 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
142 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
143 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
144 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
145 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
146 CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
147 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
148 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
149 CIL_KEY_COMMON = cil_strpool_add("common");
150 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
151 CIL_KEY_SID = cil_strpool_add("sid");
152 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
153 CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
154 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
155 CIL_KEY_USERRANGE = cil_strpool_add("userrange");
156 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
157 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
158 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
159 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
160 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
161 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
162 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
163 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
164 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
165 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
166 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
167 CIL_KEY_USERROLE = cil_strpool_add("userrole");
168 CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
169 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
170 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
171 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
172 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
173 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
174 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
175 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
176 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
177 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
178 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
179 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
180 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
181 CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
182 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
183 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
184 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
185 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
186 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
187 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
188 CIL_KEY_CONTEXT = cil_strpool_add("context");
189 CIL_KEY_FILECON = cil_strpool_add("filecon");
190 CIL_KEY_PORTCON = cil_strpool_add("portcon");
191 CIL_KEY_NODECON = cil_strpool_add("nodecon");
192 CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
193 CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
194 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
195 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
196 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
197 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
198 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
199 CIL_KEY_FSUSE = cil_strpool_add("fsuse");
200 CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
201 CIL_KEY_OPTIONAL = cil_strpool_add("optional");
202 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
203 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
204 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
205 CIL_KEY_MACRO = cil_strpool_add("macro");
206 CIL_KEY_IN = cil_strpool_add("in");
207 CIL_KEY_MLS = cil_strpool_add("mls");
208 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
209 CIL_KEY_GLOB = cil_strpool_add("*");
210 CIL_KEY_FILE = cil_strpool_add("file");
211 CIL_KEY_DIR = cil_strpool_add("dir");
212 CIL_KEY_CHAR = cil_strpool_add("char");
213 CIL_KEY_BLOCK = cil_strpool_add("block");
214 CIL_KEY_SOCKET = cil_strpool_add("socket");
215 CIL_KEY_PIPE = cil_strpool_add("pipe");
216 CIL_KEY_SYMLINK = cil_strpool_add("symlink");
217 CIL_KEY_ANY = cil_strpool_add("any");
218 CIL_KEY_XATTR = cil_strpool_add("xattr");
219 CIL_KEY_TASK = cil_strpool_add("task");
220 CIL_KEY_TRANS = cil_strpool_add("trans");
221 CIL_KEY_SOURCE = cil_strpool_add("source");
222 CIL_KEY_TARGET = cil_strpool_add("target");
223 CIL_KEY_LOW = cil_strpool_add("low");
224 CIL_KEY_HIGH = cil_strpool_add("high");
225 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
226 CIL_KEY_ROOT = cil_strpool_add("<root>");
227 CIL_KEY_NODE = cil_strpool_add("<node>");
228 CIL_KEY_PERM = cil_strpool_add("perm");
229 CIL_KEY_ALLOWX = cil_strpool_add("allowx");
230 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
231 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
232 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
233 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
234 CIL_KEY_IOCTL = cil_strpool_add("ioctl");
235 CIL_KEY_UNORDERED = cil_strpool_add("unordered");
236 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
237 CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>");
238 CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>");
239 }
240
cil_db_init(struct cil_db ** db)241 void cil_db_init(struct cil_db **db)
242 {
243 *db = cil_malloc(sizeof(**db));
244
245 cil_strpool_init();
246 cil_init_keys();
247
248 cil_tree_init(&(*db)->parse);
249 cil_tree_init(&(*db)->ast);
250 cil_root_init((struct cil_root **)&(*db)->ast->root->data);
251 (*db)->sidorder = NULL;
252 (*db)->classorder = NULL;
253 (*db)->catorder = NULL;
254 (*db)->sensitivityorder = NULL;
255 cil_sort_init(&(*db)->netifcon);
256 cil_sort_init(&(*db)->genfscon);
257 cil_sort_init(&(*db)->filecon);
258 cil_sort_init(&(*db)->nodecon);
259 cil_sort_init(&(*db)->portcon);
260 cil_sort_init(&(*db)->pirqcon);
261 cil_sort_init(&(*db)->iomemcon);
262 cil_sort_init(&(*db)->ioportcon);
263 cil_sort_init(&(*db)->pcidevicecon);
264 cil_sort_init(&(*db)->devicetreecon);
265 cil_sort_init(&(*db)->fsuse);
266 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
267 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
268 cil_list_init(&(*db)->names, CIL_LIST_ITEM);
269
270 cil_type_init(&(*db)->selftype);
271 (*db)->selftype->datum.name = CIL_KEY_SELF;
272 (*db)->selftype->datum.fqn = CIL_KEY_SELF;
273 (*db)->num_types_and_attrs = 0;
274 (*db)->num_classes = 0;
275 (*db)->num_types = 0;
276 (*db)->num_roles = 0;
277 (*db)->num_users = 0;
278 (*db)->num_cats = 0;
279 (*db)->val_to_type = NULL;
280 (*db)->val_to_role = NULL;
281 (*db)->val_to_user = NULL;
282
283 (*db)->disable_dontaudit = CIL_FALSE;
284 (*db)->disable_neverallow = CIL_FALSE;
285 (*db)->attrs_expand_generated = CIL_FALSE;
286 (*db)->attrs_expand_size = 1;
287 (*db)->preserve_tunables = CIL_FALSE;
288 (*db)->handle_unknown = -1;
289 (*db)->mls = -1;
290 (*db)->target_platform = SEPOL_TARGET_SELINUX;
291 (*db)->policy_version = POLICYDB_VERSION_MAX;
292 }
293
cil_db_destroy(struct cil_db ** db)294 void cil_db_destroy(struct cil_db **db)
295 {
296 if (db == NULL || *db == NULL) {
297 return;
298 }
299
300 cil_tree_destroy(&(*db)->parse);
301 cil_tree_destroy(&(*db)->ast);
302 cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
303 cil_list_destroy(&(*db)->classorder, CIL_FALSE);
304 cil_list_destroy(&(*db)->catorder, CIL_FALSE);
305 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
306 cil_sort_destroy(&(*db)->netifcon);
307 cil_sort_destroy(&(*db)->genfscon);
308 cil_sort_destroy(&(*db)->filecon);
309 cil_sort_destroy(&(*db)->nodecon);
310 cil_sort_destroy(&(*db)->portcon);
311 cil_sort_destroy(&(*db)->pirqcon);
312 cil_sort_destroy(&(*db)->iomemcon);
313 cil_sort_destroy(&(*db)->ioportcon);
314 cil_sort_destroy(&(*db)->pcidevicecon);
315 cil_sort_destroy(&(*db)->devicetreecon);
316 cil_sort_destroy(&(*db)->fsuse);
317 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
318 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
319 cil_list_destroy(&(*db)->names, CIL_TRUE);
320
321 cil_destroy_type((*db)->selftype);
322
323 cil_strpool_destroy();
324 free((*db)->val_to_type);
325 free((*db)->val_to_role);
326 free((*db)->val_to_user);
327
328 free(*db);
329 *db = NULL;
330 }
331
cil_root_init(struct cil_root ** root)332 void cil_root_init(struct cil_root **root)
333 {
334 struct cil_root *r = cil_malloc(sizeof(*r));
335 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
336
337 *root = r;
338 }
339
cil_root_destroy(struct cil_root * root)340 void cil_root_destroy(struct cil_root *root)
341 {
342 if (root == NULL) {
343 return;
344 }
345 cil_symtab_array_destroy(root->symtab);
346 free(root);
347 }
348
cil_add_file(cil_db_t * db,char * name,char * data,size_t size)349 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
350 {
351 char *buffer = NULL;
352 int rc;
353
354 cil_log(CIL_INFO, "Parsing %s\n", name);
355
356 buffer = cil_malloc(size + 2);
357 memcpy(buffer, data, size);
358 memset(buffer + size, 0, 2);
359
360 rc = cil_parser(name, buffer, size + 2, &db->parse);
361 if (rc != SEPOL_OK) {
362 cil_log(CIL_INFO, "Failed to parse %s\n", name);
363 goto exit;
364 }
365
366 free(buffer);
367 buffer = NULL;
368
369 rc = SEPOL_OK;
370
371 exit:
372 free(buffer);
373
374 return rc;
375 }
376
377 #ifdef DISABLE_SYMVER
cil_compile(struct cil_db * db)378 int cil_compile(struct cil_db *db)
379 #else
380 int cil_compile_nopdb(struct cil_db *db)
381 #endif
382 {
383 int rc = SEPOL_ERR;
384
385 if (db == NULL) {
386 goto exit;
387 }
388
389 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
390 rc = cil_build_ast(db, db->parse->root, db->ast->root);
391 if (rc != SEPOL_OK) {
392 cil_log(CIL_INFO, "Failed to build ast\n");
393 goto exit;
394 }
395
396 cil_log(CIL_INFO, "Destroying Parse Tree\n");
397 cil_tree_destroy(&db->parse);
398
399 cil_log(CIL_INFO, "Resolving AST\n");
400 rc = cil_resolve_ast(db, db->ast->root);
401 if (rc != SEPOL_OK) {
402 cil_log(CIL_INFO, "Failed to resolve ast\n");
403 goto exit;
404 }
405
406 cil_log(CIL_INFO, "Qualifying Names\n");
407 rc = cil_fqn_qualify(db->ast->root);
408 if (rc != SEPOL_OK) {
409 cil_log(CIL_INFO, "Failed to qualify names\n");
410 goto exit;
411 }
412
413 cil_log(CIL_INFO, "Compile post process\n");
414 rc = cil_post_process(db);
415 if (rc != SEPOL_OK ) {
416 cil_log(CIL_INFO, "Post process failed\n");
417 goto exit;
418 }
419
420 exit:
421
422 return rc;
423 }
424
425 #ifndef DISABLE_SYMVER
cil_compile_pdb(struct cil_db * db,sepol_policydb_t * sepol_db)426 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
427 {
428 return cil_compile_nopdb(db);
429 }
430
cil_build_policydb_pdb(cil_db_t * db,sepol_policydb_t * sepol_db)431 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db)
432 {
433 int rc;
434
435 cil_log(CIL_INFO, "Building policy binary\n");
436 rc = cil_binary_create_allocated_pdb(db, sepol_db);
437 if (rc != SEPOL_OK) {
438 cil_log(CIL_ERR, "Failed to generate binary\n");
439 goto exit;
440 }
441
442 exit:
443 return rc;
444 }
445 #endif
446
447 #ifdef DISABLE_SYMVER
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)448 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
449 #else
450 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
451 #endif
452 {
453 int rc;
454
455 cil_log(CIL_INFO, "Building policy binary\n");
456 rc = cil_binary_create(db, sepol_db);
457 if (rc != SEPOL_OK) {
458 cil_log(CIL_ERR, "Failed to generate binary\n");
459 goto exit;
460 }
461
462 exit:
463 return rc;
464 }
465
cil_write_policy_conf(FILE * out,struct cil_db * db)466 void cil_write_policy_conf(FILE *out, struct cil_db *db)
467 {
468 cil_log(CIL_INFO, "Writing policy.conf file\n");
469 cil_gen_policy(out, db);
470 }
471
cil_destroy_data(void ** data,enum cil_flavor flavor)472 void cil_destroy_data(void **data, enum cil_flavor flavor)
473 {
474 if (*data == NULL) {
475 return;
476 }
477
478 switch(flavor) {
479 case CIL_NONE:
480 break;
481 case CIL_ROOT:
482 cil_root_destroy(*data);
483 break;
484 case CIL_NODE:
485 break;
486 case CIL_STRING:
487 break;
488 case CIL_DATUM:
489 break;
490 case CIL_LIST:
491 cil_list_destroy(*data, CIL_FALSE);
492 break;
493 case CIL_LIST_ITEM:
494 break;
495 case CIL_PARAM:
496 cil_destroy_param(*data);
497 break;
498 case CIL_ARGS:
499 cil_destroy_args(*data);
500 break;
501 case CIL_BLOCK:
502 cil_destroy_block(*data);
503 break;
504 case CIL_BLOCKINHERIT:
505 cil_destroy_blockinherit(*data);
506 break;
507 case CIL_BLOCKABSTRACT:
508 cil_destroy_blockabstract(*data);
509 break;
510 case CIL_IN:
511 cil_destroy_in(*data);
512 break;
513 case CIL_MACRO:
514 cil_destroy_macro(*data);
515 break;
516 case CIL_CALL:
517 cil_destroy_call(*data);
518 break;
519 case CIL_OPTIONAL:
520 cil_destroy_optional(*data);
521 break;
522 case CIL_BOOL:
523 cil_destroy_bool(*data);
524 break;
525 case CIL_BOOLEANIF:
526 cil_destroy_boolif(*data);
527 break;
528 case CIL_TUNABLE:
529 cil_destroy_tunable(*data);
530 break;
531 case CIL_TUNABLEIF:
532 cil_destroy_tunif(*data);
533 break;
534 case CIL_CONDBLOCK:
535 cil_destroy_condblock(*data);
536 break;
537 case CIL_CONDTRUE:
538 break;
539 case CIL_CONDFALSE:
540 break;
541 case CIL_PERM:
542 case CIL_MAP_PERM:
543 cil_destroy_perm(*data);
544 break;
545 case CIL_COMMON:
546 case CIL_CLASS:
547 case CIL_MAP_CLASS:
548 cil_destroy_class(*data);
549 break;
550 case CIL_CLASSORDER:
551 cil_destroy_classorder(*data);
552 break;
553 case CIL_CLASSPERMISSION:
554 cil_destroy_classpermission(*data);
555 break;
556 case CIL_CLASSCOMMON:
557 cil_destroy_classcommon(*data);
558 break;
559 case CIL_CLASSMAPPING:
560 cil_destroy_classmapping(*data);
561 break;
562 case CIL_CLASSPERMS:
563 cil_destroy_classperms(*data);
564 break;
565 case CIL_CLASSPERMS_SET:
566 cil_destroy_classperms_set(*data);
567 break;
568 case CIL_CLASSPERMISSIONSET:
569 cil_destroy_classpermissionset(*data);
570 break;
571 case CIL_USER:
572 cil_destroy_user(*data);
573 break;
574 case CIL_USERATTRIBUTE:
575 cil_destroy_userattribute(*data);
576 break;
577 case CIL_USERATTRIBUTESET:
578 cil_destroy_userattributeset(*data);
579 break;
580 case CIL_USERPREFIX:
581 cil_destroy_userprefix(*data);
582 break;
583 case CIL_USERROLE:
584 cil_destroy_userrole(*data);
585 break;
586 case CIL_USERLEVEL:
587 cil_destroy_userlevel(*data);
588 break;
589 case CIL_USERRANGE:
590 cil_destroy_userrange(*data);
591 break;
592 case CIL_USERBOUNDS:
593 cil_destroy_bounds(*data);
594 break;
595 case CIL_SELINUXUSER:
596 case CIL_SELINUXUSERDEFAULT:
597 cil_destroy_selinuxuser(*data);
598 break;
599 case CIL_ROLE:
600 cil_destroy_role(*data);
601 break;
602 case CIL_ROLEATTRIBUTE:
603 cil_destroy_roleattribute(*data);
604 break;
605 case CIL_ROLEATTRIBUTESET:
606 cil_destroy_roleattributeset(*data);
607 break;
608 case CIL_ROLETYPE:
609 cil_destroy_roletype(*data);
610 break;
611 case CIL_ROLEBOUNDS:
612 cil_destroy_bounds(*data);
613 break;
614 case CIL_TYPE:
615 cil_destroy_type(*data);
616 break;
617 case CIL_TYPEATTRIBUTE:
618 cil_destroy_typeattribute(*data);
619 break;
620 case CIL_TYPEALIAS:
621 cil_destroy_alias(*data);
622 break;
623 case CIL_TYPEATTRIBUTESET:
624 cil_destroy_typeattributeset(*data);
625 break;
626 case CIL_TYPEALIASACTUAL:
627 cil_destroy_aliasactual(*data);
628 break;
629 case CIL_TYPEBOUNDS:
630 cil_destroy_bounds(*data);
631 break;
632 case CIL_TYPEPERMISSIVE:
633 cil_destroy_typepermissive(*data);
634 break;
635 case CIL_SENS:
636 cil_destroy_sensitivity(*data);
637 break;
638 case CIL_SENSALIAS:
639 cil_destroy_alias(*data);
640 break;
641 case CIL_SENSALIASACTUAL:
642 cil_destroy_aliasactual(*data);
643 break;
644 case CIL_SENSITIVITYORDER:
645 cil_destroy_sensitivityorder(*data);
646 break;
647 case CIL_SENSCAT:
648 cil_destroy_senscat(*data);
649 break;
650 case CIL_CAT:
651 cil_destroy_category(*data);
652 break;
653 case CIL_CATSET:
654 cil_destroy_catset(*data);
655 break;
656 case CIL_CATALIAS:
657 cil_destroy_alias(*data);
658 break;
659 case CIL_CATALIASACTUAL:
660 cil_destroy_aliasactual(*data);
661 break;
662 case CIL_CATORDER:
663 cil_destroy_catorder(*data);
664 break;
665 case CIL_LEVEL:
666 cil_destroy_level(*data);
667 break;
668 case CIL_LEVELRANGE:
669 cil_destroy_levelrange(*data);
670 break;
671 case CIL_SID:
672 cil_destroy_sid(*data);
673 break;
674 case CIL_SIDORDER:
675 cil_destroy_sidorder(*data);
676 break;
677 case CIL_NAME:
678 cil_destroy_name(*data);
679 break;
680 case CIL_ROLEALLOW:
681 cil_destroy_roleallow(*data);
682 break;
683 case CIL_AVRULE:
684 case CIL_AVRULEX:
685 cil_destroy_avrule(*data);
686 break;
687 case CIL_PERMISSIONX:
688 cil_destroy_permissionx(*data);
689 break;
690 case CIL_ROLETRANSITION:
691 cil_destroy_roletransition(*data);
692 break;
693 case CIL_TYPE_RULE:
694 cil_destroy_type_rule(*data);
695 break;
696 case CIL_NAMETYPETRANSITION:
697 cil_destroy_typetransition(*data);
698 break;
699 case CIL_RANGETRANSITION:
700 cil_destroy_rangetransition(*data);
701 break;
702 case CIL_CONSTRAIN:
703 cil_destroy_constrain(*data);
704 break;
705 case CIL_MLSCONSTRAIN:
706 cil_destroy_constrain(*data);
707 break;
708 case CIL_VALIDATETRANS:
709 case CIL_MLSVALIDATETRANS:
710 cil_destroy_validatetrans(*data);
711 break;
712 case CIL_CONTEXT:
713 cil_destroy_context(*data);
714 break;
715 case CIL_IPADDR:
716 cil_destroy_ipaddr(*data);
717 break;
718 case CIL_SIDCONTEXT:
719 cil_destroy_sidcontext(*data);
720 break;
721 case CIL_FSUSE:
722 cil_destroy_fsuse(*data);
723 break;
724 case CIL_FILECON:
725 cil_destroy_filecon(*data);
726 break;
727 case CIL_PORTCON:
728 cil_destroy_portcon(*data);
729 break;
730 case CIL_NODECON:
731 cil_destroy_nodecon(*data);
732 break;
733 case CIL_GENFSCON:
734 cil_destroy_genfscon(*data);
735 break;
736 case CIL_NETIFCON:
737 cil_destroy_netifcon(*data);
738 break;
739 case CIL_PIRQCON:
740 cil_destroy_pirqcon(*data);
741 break;
742 case CIL_IOMEMCON:
743 cil_destroy_iomemcon(*data);
744 break;
745 case CIL_IOPORTCON:
746 cil_destroy_ioportcon(*data);
747 break;
748 case CIL_PCIDEVICECON:
749 cil_destroy_pcidevicecon(*data);
750 break;
751 case CIL_DEVICETREECON:
752 cil_destroy_devicetreecon(*data);
753 break;
754 case CIL_POLICYCAP:
755 cil_destroy_policycap(*data);
756 break;
757 case CIL_DEFAULTUSER:
758 case CIL_DEFAULTROLE:
759 case CIL_DEFAULTTYPE:
760 cil_destroy_default(*data);
761 break;
762 case CIL_DEFAULTRANGE:
763 cil_destroy_defaultrange(*data);
764 break;
765 case CIL_HANDLEUNKNOWN:
766 cil_destroy_handleunknown(*data);
767 break;
768 case CIL_MLS:
769 cil_destroy_mls(*data);
770 break;
771 case CIL_SRC_INFO:
772 cil_destroy_src_info(*data);
773 break;
774 case CIL_OP:
775 case CIL_CONS_OPERAND:
776 break;
777 default:
778 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
779 break;
780 }
781
782 *data = NULL;
783 }
784
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)785 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
786 {
787 if (flavor < CIL_MIN_DECLARATIVE) {
788 return SEPOL_ERR;
789 }
790
791 switch(flavor) {
792 case CIL_BLOCK:
793 *sym_index = CIL_SYM_BLOCKS;
794 break;
795 case CIL_MACRO:
796 *sym_index = CIL_SYM_BLOCKS;
797 break;
798 case CIL_OPTIONAL:
799 *sym_index = CIL_SYM_BLOCKS;
800 break;
801 case CIL_BOOL:
802 *sym_index = CIL_SYM_BOOLS;
803 break;
804 case CIL_TUNABLE:
805 *sym_index = CIL_SYM_TUNABLES;
806 break;
807 case CIL_PERM:
808 case CIL_MAP_PERM:
809 *sym_index = CIL_SYM_PERMS;
810 break;
811 case CIL_COMMON:
812 *sym_index = CIL_SYM_COMMONS;
813 break;
814 case CIL_CLASS:
815 case CIL_MAP_CLASS:
816 *sym_index = CIL_SYM_CLASSES;
817 break;
818 case CIL_CLASSPERMISSION:
819 case CIL_CLASSPERMISSIONSET:
820 *sym_index = CIL_SYM_CLASSPERMSETS;
821 break;
822 case CIL_USER:
823 case CIL_USERATTRIBUTE:
824 *sym_index = CIL_SYM_USERS;
825 break;
826 case CIL_ROLE:
827 case CIL_ROLEATTRIBUTE:
828 *sym_index = CIL_SYM_ROLES;
829 break;
830 case CIL_TYPE:
831 case CIL_TYPEALIAS:
832 case CIL_TYPEATTRIBUTE:
833 *sym_index = CIL_SYM_TYPES;
834 break;
835 case CIL_SENS:
836 case CIL_SENSALIAS:
837 *sym_index = CIL_SYM_SENS;
838 break;
839 case CIL_CAT:
840 case CIL_CATSET:
841 case CIL_CATALIAS:
842 *sym_index = CIL_SYM_CATS;
843 break;
844 case CIL_LEVEL:
845 *sym_index = CIL_SYM_LEVELS;
846 break;
847 case CIL_LEVELRANGE:
848 *sym_index = CIL_SYM_LEVELRANGES;
849 break;
850 case CIL_SID:
851 *sym_index = CIL_SYM_SIDS;
852 break;
853 case CIL_NAME:
854 *sym_index = CIL_SYM_NAMES;
855 break;
856 case CIL_CONTEXT:
857 *sym_index = CIL_SYM_CONTEXTS;
858 break;
859 case CIL_IPADDR:
860 *sym_index = CIL_SYM_IPADDRS;
861 break;
862 case CIL_POLICYCAP:
863 *sym_index = CIL_SYM_POLICYCAPS;
864 break;
865 case CIL_PERMISSIONX:
866 *sym_index = CIL_SYM_PERMX;
867 break;
868 default:
869 *sym_index = CIL_SYM_UNKNOWN;
870 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
871 return SEPOL_ERR;
872 }
873
874 return SEPOL_OK;
875 }
876
cil_node_to_string(struct cil_tree_node * node)877 const char * cil_node_to_string(struct cil_tree_node *node)
878 {
879 switch (node->flavor) {
880 case CIL_NONE:
881 return "<none>";
882 case CIL_ROOT:
883 return CIL_KEY_ROOT;
884 case CIL_NODE:
885 return CIL_KEY_NODE;
886 case CIL_STRING:
887 return "string";
888 case CIL_DATUM:
889 return "<datum>";
890 case CIL_LIST:
891 return "<list>";
892 case CIL_LIST_ITEM:
893 return "<list_item>";
894 case CIL_PARAM:
895 return "<param>";
896 case CIL_ARGS:
897 return "<args>";
898 case CIL_BLOCK:
899 return CIL_KEY_BLOCK;
900 case CIL_BLOCKINHERIT:
901 return CIL_KEY_BLOCKINHERIT;
902 case CIL_BLOCKABSTRACT:
903 return CIL_KEY_BLOCKABSTRACT;
904 case CIL_IN:
905 return CIL_KEY_IN;
906 case CIL_MACRO:
907 return CIL_KEY_MACRO;
908 case CIL_CALL:
909 return CIL_KEY_CALL;
910 case CIL_OPTIONAL:
911 return CIL_KEY_OPTIONAL;
912 case CIL_BOOL:
913 return CIL_KEY_BOOL;
914 case CIL_BOOLEANIF:
915 return CIL_KEY_BOOLEANIF;
916 case CIL_TUNABLE:
917 return CIL_KEY_TUNABLE;
918 case CIL_TUNABLEIF:
919 return CIL_KEY_TUNABLEIF;
920 case CIL_CONDBLOCK:
921 switch (((struct cil_condblock*)node->data)->flavor) {
922 case CIL_CONDTRUE:
923 return CIL_KEY_CONDTRUE;
924 case CIL_CONDFALSE:
925 return CIL_KEY_CONDFALSE;
926 default:
927 break;
928 }
929 break;
930 case CIL_CONDTRUE:
931 return CIL_KEY_CONDTRUE;
932 case CIL_CONDFALSE:
933 return CIL_KEY_CONDFALSE;
934 case CIL_PERM:
935 return CIL_KEY_PERM;
936 case CIL_COMMON:
937 return CIL_KEY_COMMON;
938 case CIL_CLASS:
939 return CIL_KEY_CLASS;
940 case CIL_CLASSORDER:
941 return CIL_KEY_CLASSORDER;
942 case CIL_MAP_CLASS:
943 return CIL_KEY_MAP_CLASS;
944 case CIL_CLASSPERMISSION:
945 return CIL_KEY_CLASSPERMISSION;
946 case CIL_CLASSCOMMON:
947 return CIL_KEY_CLASSCOMMON;
948 case CIL_CLASSMAPPING:
949 return CIL_KEY_CLASSMAPPING;
950 case CIL_CLASSPERMISSIONSET:
951 return CIL_KEY_CLASSPERMISSIONSET;
952 case CIL_USER:
953 return CIL_KEY_USER;
954 case CIL_USERATTRIBUTE:
955 return CIL_KEY_USERATTRIBUTE;
956 case CIL_USERATTRIBUTESET:
957 return CIL_KEY_USERATTRIBUTESET;
958 case CIL_USERPREFIX:
959 return CIL_KEY_USERPREFIX;
960 case CIL_USERROLE:
961 return CIL_KEY_USERROLE;
962 case CIL_USERLEVEL:
963 return CIL_KEY_USERLEVEL;
964 case CIL_USERRANGE:
965 return CIL_KEY_USERRANGE;
966 case CIL_USERBOUNDS:
967 return CIL_KEY_USERBOUNDS;
968 case CIL_SELINUXUSER:
969 return CIL_KEY_SELINUXUSER;
970 case CIL_SELINUXUSERDEFAULT:
971 return CIL_KEY_SELINUXUSERDEFAULT;
972 case CIL_ROLE:
973 return CIL_KEY_ROLE;
974 case CIL_ROLEATTRIBUTE:
975 return CIL_KEY_ROLEATTRIBUTE;
976 case CIL_ROLEATTRIBUTESET:
977 return CIL_KEY_ROLEATTRIBUTESET;
978 case CIL_ROLETYPE:
979 return CIL_KEY_ROLETYPE;
980 case CIL_ROLEBOUNDS:
981 return CIL_KEY_ROLEBOUNDS;
982 case CIL_TYPE:
983 return CIL_KEY_TYPE;
984 case CIL_TYPEATTRIBUTE:
985 return CIL_KEY_TYPEATTRIBUTE;
986 case CIL_TYPEALIAS:
987 return CIL_KEY_TYPEALIAS;
988 case CIL_TYPEATTRIBUTESET:
989 return CIL_KEY_TYPEATTRIBUTESET;
990 case CIL_TYPEALIASACTUAL:
991 return CIL_KEY_TYPEALIASACTUAL;
992 case CIL_TYPEBOUNDS:
993 return CIL_KEY_TYPEBOUNDS;
994 case CIL_TYPEPERMISSIVE:
995 return CIL_KEY_TYPEPERMISSIVE;
996 case CIL_SENS:
997 return CIL_KEY_SENSITIVITY;
998 case CIL_SENSALIAS:
999 return CIL_KEY_SENSALIAS;
1000 case CIL_SENSALIASACTUAL:
1001 return CIL_KEY_SENSALIASACTUAL;
1002 case CIL_SENSITIVITYORDER:
1003 return CIL_KEY_SENSITIVITYORDER;
1004 case CIL_SENSCAT:
1005 return CIL_KEY_SENSCAT;
1006 case CIL_CAT:
1007 return CIL_KEY_CATEGORY;
1008 case CIL_CATSET:
1009 return CIL_KEY_CATSET;
1010 case CIL_CATALIAS:
1011 return CIL_KEY_CATALIAS;
1012 case CIL_CATALIASACTUAL:
1013 return CIL_KEY_CATALIASACTUAL;
1014 case CIL_CATORDER:
1015 return CIL_KEY_CATORDER;
1016 case CIL_LEVEL:
1017 return CIL_KEY_LEVEL;
1018 case CIL_LEVELRANGE:
1019 return CIL_KEY_LEVELRANGE;
1020 case CIL_SID:
1021 return CIL_KEY_SID;
1022 case CIL_SIDORDER:
1023 return CIL_KEY_SIDORDER;
1024 case CIL_NAME:
1025 return CIL_KEY_NAME;
1026 case CIL_ROLEALLOW:
1027 return CIL_KEY_ROLEALLOW;
1028 case CIL_AVRULE:
1029 switch (((struct cil_avrule *)node->data)->rule_kind) {
1030 case CIL_AVRULE_ALLOWED:
1031 return CIL_KEY_ALLOW;
1032 case CIL_AVRULE_AUDITALLOW:
1033 return CIL_KEY_AUDITALLOW;
1034 case CIL_AVRULE_DONTAUDIT:
1035 return CIL_KEY_DONTAUDIT;
1036 case CIL_AVRULE_NEVERALLOW:
1037 return CIL_KEY_NEVERALLOW;
1038 default:
1039 break;
1040 }
1041 break;
1042 case CIL_AVRULEX:
1043 switch (((struct cil_avrule *)node->data)->rule_kind) {
1044 case CIL_AVRULE_ALLOWED:
1045 return CIL_KEY_ALLOWX;
1046 case CIL_AVRULE_AUDITALLOW:
1047 return CIL_KEY_AUDITALLOWX;
1048 case CIL_AVRULE_DONTAUDIT:
1049 return CIL_KEY_DONTAUDITX;
1050 case CIL_AVRULE_NEVERALLOW:
1051 return CIL_KEY_NEVERALLOWX;
1052 default:
1053 break;
1054 }
1055 break;
1056 case CIL_PERMISSIONX:
1057 return CIL_KEY_PERMISSIONX;
1058 case CIL_ROLETRANSITION:
1059 return CIL_KEY_ROLETRANSITION;
1060 case CIL_TYPE_RULE:
1061 switch (((struct cil_type_rule *)node->data)->rule_kind) {
1062 case CIL_TYPE_TRANSITION:
1063 return CIL_KEY_TYPETRANSITION;
1064 case CIL_TYPE_MEMBER:
1065 return CIL_KEY_TYPEMEMBER;
1066 case CIL_TYPE_CHANGE:
1067 return CIL_KEY_TYPECHANGE;
1068 default:
1069 break;
1070 }
1071 break;
1072 case CIL_NAMETYPETRANSITION:
1073 return CIL_KEY_TYPETRANSITION;
1074 case CIL_RANGETRANSITION:
1075 return CIL_KEY_RANGETRANSITION;
1076 case CIL_CONSTRAIN:
1077 return CIL_KEY_CONSTRAIN;
1078 case CIL_MLSCONSTRAIN:
1079 return CIL_KEY_MLSCONSTRAIN;
1080 case CIL_VALIDATETRANS:
1081 return CIL_KEY_VALIDATETRANS;
1082 case CIL_MLSVALIDATETRANS:
1083 return CIL_KEY_MLSVALIDATETRANS;
1084 case CIL_CONTEXT:
1085 return CIL_KEY_CONTEXT;
1086 case CIL_IPADDR:
1087 return CIL_KEY_IPADDR;
1088 case CIL_SIDCONTEXT:
1089 return CIL_KEY_SIDCONTEXT;
1090 case CIL_FSUSE:
1091 return CIL_KEY_FSUSE;
1092 case CIL_FILECON:
1093 return CIL_KEY_FILECON;
1094 case CIL_PORTCON:
1095 return CIL_KEY_PORTCON;
1096 case CIL_NODECON:
1097 return CIL_KEY_NODECON;
1098 case CIL_GENFSCON:
1099 return CIL_KEY_GENFSCON;
1100 case CIL_NETIFCON:
1101 return CIL_KEY_NETIFCON;
1102 case CIL_PIRQCON:
1103 return CIL_KEY_PIRQCON;
1104 case CIL_IOMEMCON:
1105 return CIL_KEY_IOMEMCON;
1106 case CIL_IOPORTCON:
1107 return CIL_KEY_IOPORTCON;
1108 case CIL_PCIDEVICECON:
1109 return CIL_KEY_PCIDEVICECON;
1110 case CIL_DEVICETREECON:
1111 return CIL_KEY_DEVICETREECON;
1112 case CIL_POLICYCAP:
1113 return CIL_KEY_POLICYCAP;
1114 case CIL_DEFAULTUSER:
1115 return CIL_KEY_DEFAULTUSER;
1116 case CIL_DEFAULTROLE:
1117 return CIL_KEY_DEFAULTROLE;
1118 case CIL_DEFAULTTYPE:
1119 return CIL_KEY_DEFAULTTYPE;
1120 case CIL_DEFAULTRANGE:
1121 return CIL_KEY_DEFAULTRANGE;
1122 case CIL_HANDLEUNKNOWN:
1123 return CIL_KEY_HANDLEUNKNOWN;
1124 case CIL_MLS:
1125 return CIL_KEY_MLS;
1126 case CIL_SRC_INFO:
1127 return CIL_KEY_SRC_INFO;
1128 case CIL_ALL:
1129 return CIL_KEY_ALL;
1130 case CIL_RANGE:
1131 return CIL_KEY_RANGE;
1132 case CIL_AND:
1133 return CIL_KEY_AND;
1134 case CIL_OR:
1135 return CIL_KEY_OR;
1136 case CIL_XOR:
1137 return CIL_KEY_XOR;
1138 case CIL_NOT:
1139 return CIL_KEY_NOT;
1140 case CIL_EQ:
1141 return CIL_KEY_EQ;
1142 case CIL_NEQ:
1143 return CIL_KEY_NEQ;
1144 case CIL_CONS_DOM:
1145 return CIL_KEY_CONS_DOM;
1146 case CIL_CONS_DOMBY:
1147 return CIL_KEY_CONS_DOMBY;
1148 case CIL_CONS_INCOMP:
1149 return CIL_KEY_CONS_INCOMP;
1150 case CIL_CONS_U1:
1151 return CIL_KEY_CONS_U1;
1152 case CIL_CONS_U2:
1153 return CIL_KEY_CONS_U2;
1154 case CIL_CONS_U3:
1155 return CIL_KEY_CONS_U3;
1156 case CIL_CONS_T1:
1157 return CIL_KEY_CONS_T1;
1158 case CIL_CONS_T2:
1159 return CIL_KEY_CONS_T2;
1160 case CIL_CONS_T3:
1161 return CIL_KEY_CONS_T3;
1162 case CIL_CONS_R1:
1163 return CIL_KEY_CONS_R1;
1164 case CIL_CONS_R2:
1165 return CIL_KEY_CONS_R2;
1166 case CIL_CONS_R3:
1167 return CIL_KEY_CONS_R3;
1168 case CIL_CONS_L1:
1169 return CIL_KEY_CONS_L1;
1170 case CIL_CONS_L2:
1171 return CIL_KEY_CONS_L2;
1172 case CIL_CONS_H1:
1173 return CIL_KEY_CONS_H1;
1174 case CIL_CONS_H2:
1175 return CIL_KEY_CONS_H2;
1176
1177 default:
1178 break;
1179 }
1180
1181 return "<unknown>";
1182 }
1183
1184 #ifdef DISABLE_SYMVER
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1185 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1186 #else
1187 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1188 #endif
1189 {
1190 int rc = SEPOL_ERR;
1191 size_t str_len = 0;
1192 int buf_pos = 0;
1193 char *str_tmp = NULL;
1194 struct cil_list_item *curr;
1195 struct cil_userprefix *userprefix = NULL;
1196 struct cil_user *user = NULL;
1197
1198 *out = NULL;
1199
1200 if (db->userprefixes->head == NULL) {
1201 rc = SEPOL_OK;
1202 *size = 0;
1203 goto exit;
1204 }
1205
1206 cil_list_for_each(curr, db->userprefixes) {
1207 userprefix = curr->data;
1208 user = userprefix->user;
1209 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1210 }
1211
1212 *size = str_len * sizeof(char);
1213 str_len++;
1214 str_tmp = cil_malloc(str_len * sizeof(char));
1215 *out = str_tmp;
1216
1217 cil_list_for_each(curr, db->userprefixes) {
1218 userprefix = curr->data;
1219 user = userprefix->user;
1220
1221 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1222 userprefix->prefix_str);
1223 str_len -= buf_pos;
1224 str_tmp += buf_pos;
1225 }
1226
1227 rc = SEPOL_OK;
1228 exit:
1229 return rc;
1230
1231 }
1232
1233 #ifndef DISABLE_SYMVER
cil_userprefixes_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1234 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1235 {
1236 return cil_userprefixes_to_string_nopdb(db, out, size);
1237 }
1238 #endif
1239
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1240 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1241 {
1242 int rc = SEPOL_ERR;
1243 struct cil_list_item *i;
1244 struct cil_list_item *j;
1245 struct cil_cat* cat;
1246 struct cil_catset *cs;
1247 struct cil_tree_node *node;
1248
1249 if (cats == NULL) {
1250 rc = SEPOL_OK;
1251 goto exit;
1252 }
1253
1254 cil_list_for_each(i, cats->datum_expr) {
1255 node = DATUM(i->data)->nodes->head->data;
1256 if (node->flavor == CIL_CATSET) {
1257 cs = (struct cil_catset*)i->data;
1258 cil_list_for_each(j, cs->cats->datum_expr) {
1259 cat = (struct cil_cat*)j->data;
1260 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1261 if (rc != SEPOL_OK) {
1262 goto exit;
1263 }
1264 }
1265 } else {
1266 cat = (struct cil_cat*)i->data;
1267 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1268 if (rc != SEPOL_OK) {
1269 goto exit;
1270 }
1271 }
1272 }
1273
1274 return SEPOL_OK;
1275
1276 exit:
1277 return rc;
1278 }
1279
cil_level_equals(struct cil_level * low,struct cil_level * high)1280 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1281 {
1282 int rc;
1283 struct ebitmap elow;
1284 struct ebitmap ehigh;
1285
1286 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1287 rc = 0;
1288 goto exit;
1289 }
1290
1291 ebitmap_init(&elow);
1292 ebitmap_init(&ehigh);
1293
1294 rc = cil_cats_to_ebitmap(low->cats, &elow);
1295 if (rc != SEPOL_OK) {
1296 goto exit;
1297 }
1298
1299 rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1300 if (rc != SEPOL_OK) {
1301 goto exit;
1302 }
1303
1304 return ebitmap_cmp(&elow, &ehigh);
1305
1306 exit:
1307 return rc;
1308 }
1309
__cil_level_strlen(struct cil_level * lvl)1310 static int __cil_level_strlen(struct cil_level *lvl)
1311 {
1312 struct cil_list_item *item;
1313 struct cil_cats *cats = lvl->cats;
1314 int str_len = 0;
1315 char *str1 = NULL;
1316 char *str2 = NULL;
1317 int first = -1;
1318 int last = -1;
1319
1320 str_len += strlen(lvl->sens->datum.fqn);
1321
1322 if (cats && cats->datum_expr != NULL) {
1323 str_len++; /* initial ":" */
1324 cil_list_for_each(item, cats->datum_expr) {
1325 struct cil_cat *cat = item->data;
1326 if (first == -1) {
1327 str1 = cat->datum.fqn;
1328 first = cat->value;
1329 last = first;
1330 } else if (cat->value == last + 1) {
1331 last++;
1332 str2 = cat->datum.fqn;
1333 } else {
1334 if (first == last) {
1335 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1336 } else if (last == first + 1) {
1337 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1338 } else {
1339 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1340 }
1341 first = -1;
1342 last = -1;
1343 if (item->next != NULL) {
1344 str_len++; /* space for "," after */
1345 }
1346 }
1347 }
1348 if (first != -1) {
1349 if (first == last) {
1350 str_len += strlen(str1);
1351 } else if (last == first + 1) {
1352 str_len += strlen(str1) + strlen(str2) + 1;
1353 } else {
1354 str_len += strlen(str1) + strlen(str2) + 1;
1355 }
1356 }
1357 }
1358
1359 return str_len;
1360 }
1361
__cil_level_to_string(struct cil_level * lvl,char * out)1362 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1363 {
1364 struct cil_list_item *item;
1365 struct cil_cats *cats = lvl->cats;
1366 int buf_pos = 0;
1367 char *str_tmp = out;
1368 char *str1 = NULL;
1369 char *str2 = NULL;
1370 int first = -1;
1371 int last = -1;
1372
1373 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1374 str_tmp += buf_pos;
1375
1376 if (cats && cats->datum_expr != NULL) {
1377 buf_pos = sprintf(str_tmp, ":");
1378 str_tmp += buf_pos;
1379
1380 cil_list_for_each(item, cats->datum_expr) {
1381 struct cil_cat *cat = item->data;
1382 if (first == -1) {
1383 str1 = cat->datum.fqn;
1384 first = cat->value;
1385 last = first;
1386 } else if (cat->value == last + 1) {
1387 last++;
1388 str2 = cat->datum.fqn;
1389 } else {
1390 if (first == last) {
1391 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1392 str_tmp += buf_pos;
1393 } else if (last == first + 1) {
1394 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1395 str_tmp += buf_pos;
1396 } else {
1397 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1398 str_tmp += buf_pos;
1399 }
1400 first = -1;
1401 last = -1;
1402 if (item->next != NULL) {
1403 buf_pos = sprintf(str_tmp, ",");
1404 str_tmp += buf_pos;
1405 }
1406 }
1407 }
1408 if (first != -1) {
1409 if (first == last) {
1410 buf_pos = sprintf(str_tmp, "%s", str1);
1411 str_tmp += buf_pos;
1412 } else if (last == first + 1) {
1413 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1414 str_tmp += buf_pos;
1415 } else {
1416 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1417 str_tmp += buf_pos;
1418 }
1419 }
1420 }
1421
1422 return str_tmp - out;
1423 }
1424
1425 #ifdef DISABLE_SYMVER
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1426 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1427 #else
1428 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1429 #endif
1430 {
1431 size_t str_len = 0;
1432 int buf_pos = 0;
1433 char *str_tmp = NULL;
1434 struct cil_list_item *curr;
1435
1436 if (db->selinuxusers->head == NULL) {
1437 *size = 0;
1438 *out = NULL;
1439 return SEPOL_OK;
1440 }
1441
1442 cil_list_for_each(curr, db->selinuxusers) {
1443 struct cil_selinuxuser *selinuxuser = curr->data;
1444 struct cil_user *user = selinuxuser->user;
1445
1446 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1447
1448 if (db->mls == CIL_TRUE) {
1449 struct cil_levelrange *range = selinuxuser->range;
1450 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1451 }
1452
1453 str_len++;
1454 }
1455
1456 *size = str_len * sizeof(char);
1457 str_tmp = cil_malloc(*size+1);
1458 *out = str_tmp;
1459
1460 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1461 struct cil_selinuxuser *selinuxuser = curr->data;
1462 struct cil_user *user = selinuxuser->user;
1463
1464 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1465 str_tmp += buf_pos;
1466
1467 if (db->mls == CIL_TRUE) {
1468 struct cil_levelrange *range = selinuxuser->range;
1469 buf_pos = sprintf(str_tmp, ":");
1470 str_tmp += buf_pos;
1471 buf_pos = __cil_level_to_string(range->low, str_tmp);
1472 str_tmp += buf_pos;
1473 buf_pos = sprintf(str_tmp, "-");
1474 str_tmp += buf_pos;
1475 buf_pos = __cil_level_to_string(range->high, str_tmp);
1476 str_tmp += buf_pos;
1477 }
1478
1479 buf_pos = sprintf(str_tmp, "\n");
1480 str_tmp += buf_pos;
1481 }
1482
1483 return SEPOL_OK;
1484 }
1485
1486 #ifndef DISABLE_SYMVER
cil_selinuxusers_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1487 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1488 {
1489 return cil_selinuxusers_to_string_nopdb(db, out, size);
1490 }
1491 #endif
1492
1493 #ifdef DISABLE_SYMVER
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1494 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1495 #else
1496 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
1497 #endif
1498 {
1499 uint32_t i = 0;
1500 int buf_pos = 0;
1501 size_t str_len = 0;
1502 char *str_tmp = NULL;
1503 struct cil_sort *filecons = db->filecon;
1504
1505 for (i = 0; i < filecons->count; i++) {
1506 struct cil_filecon *filecon = filecons->array[i];
1507 struct cil_context *ctx = filecon->context;
1508
1509 str_len += strlen(filecon->path_str);
1510
1511 if (filecon->type != CIL_FILECON_ANY) {
1512 /* If a type is specified,
1513 +2 for type string, +1 for tab */
1514 str_len += 3;
1515 }
1516
1517 if (ctx != NULL) {
1518 struct cil_user *user = ctx->user;
1519 struct cil_role *role = ctx->role;
1520 struct cil_type *type = ctx->type;
1521
1522 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1523
1524 if (db->mls == CIL_TRUE) {
1525 struct cil_levelrange *range = ctx->range;
1526 if (cil_level_equals(range->low, range->high)) {
1527 str_len += __cil_level_strlen(range->low) + 1;
1528 } else {
1529 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1530 }
1531 }
1532 } else {
1533 str_len += strlen("\t<<none>>");
1534 }
1535
1536 str_len++;
1537 }
1538
1539 *size = str_len * sizeof(char);
1540 str_tmp = cil_malloc(*size+1);
1541 *out = str_tmp;
1542
1543 for (i = 0; i < filecons->count; i++) {
1544 struct cil_filecon *filecon = filecons->array[i];
1545 struct cil_context *ctx = filecon->context;
1546 const char *str_type = NULL;
1547
1548 buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
1549 str_tmp += buf_pos;
1550
1551 switch(filecon->type) {
1552 case CIL_FILECON_FILE:
1553 str_type = "\t--";
1554 break;
1555 case CIL_FILECON_DIR:
1556 str_type = "\t-d";
1557 break;
1558 case CIL_FILECON_CHAR:
1559 str_type = "\t-c";
1560 break;
1561 case CIL_FILECON_BLOCK:
1562 str_type = "\t-b";
1563 break;
1564 case CIL_FILECON_SOCKET:
1565 str_type = "\t-s";
1566 break;
1567 case CIL_FILECON_PIPE:
1568 str_type = "\t-p";
1569 break;
1570 case CIL_FILECON_SYMLINK:
1571 str_type = "\t-l";
1572 break;
1573 default:
1574 str_type = "";
1575 break;
1576 }
1577 buf_pos = sprintf(str_tmp, "%s", str_type);
1578 str_tmp += buf_pos;
1579
1580 if (ctx != NULL) {
1581 struct cil_user *user = ctx->user;
1582 struct cil_role *role = ctx->role;
1583 struct cil_type *type = ctx->type;
1584
1585 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1586 type->datum.fqn);
1587 str_tmp += buf_pos;
1588
1589 if (db->mls == CIL_TRUE) {
1590 struct cil_levelrange *range = ctx->range;
1591 buf_pos = sprintf(str_tmp, ":");
1592 str_tmp += buf_pos;
1593 buf_pos = __cil_level_to_string(range->low, str_tmp);
1594 str_tmp += buf_pos;
1595
1596 if (!cil_level_equals(range->low, range->high)) {
1597 buf_pos = sprintf(str_tmp, "-");
1598 str_tmp += buf_pos;
1599 buf_pos = __cil_level_to_string(range->high, str_tmp);
1600 str_tmp += buf_pos;
1601 }
1602 }
1603 } else {
1604 buf_pos = sprintf(str_tmp, "\t<<none>>");
1605 str_tmp += buf_pos;
1606 }
1607
1608 buf_pos = sprintf(str_tmp, "\n");
1609 str_tmp += buf_pos;
1610 }
1611
1612 return SEPOL_OK;
1613 }
1614
1615 #ifndef DISABLE_SYMVER
cil_filecons_to_string_pdb(struct cil_db * db,sepol_policydb_t * sepol_db,char ** out,size_t * size)1616 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
1617 {
1618 return cil_filecons_to_string_nopdb(db, out, size);
1619 }
1620 #endif
1621
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1622 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1623 {
1624 db->disable_dontaudit = disable_dontaudit;
1625 }
1626
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1627 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1628 {
1629 db->disable_neverallow = disable_neverallow;
1630 }
1631
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1632 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1633 {
1634 db->attrs_expand_generated = attrs_expand_generated;
1635 }
1636
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1637 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1638 {
1639 db->attrs_expand_size = attrs_expand_size;
1640 }
1641
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1642 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1643 {
1644 db->preserve_tunables = preserve_tunables;
1645 }
1646
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1647 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1648 {
1649 int rc = 0;
1650
1651 switch (handle_unknown) {
1652 case SEPOL_DENY_UNKNOWN:
1653 case SEPOL_REJECT_UNKNOWN:
1654 case SEPOL_ALLOW_UNKNOWN:
1655 db->handle_unknown = handle_unknown;
1656 break;
1657 default:
1658 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1659 rc = -1;
1660 }
1661
1662 return rc;
1663 }
1664
cil_set_mls(struct cil_db * db,int mls)1665 void cil_set_mls(struct cil_db *db, int mls)
1666 {
1667 db->mls = mls;
1668 }
1669
cil_set_target_platform(struct cil_db * db,int target_platform)1670 void cil_set_target_platform(struct cil_db *db, int target_platform)
1671 {
1672 db->target_platform = target_platform;
1673 }
1674
cil_set_policy_version(struct cil_db * db,int policy_version)1675 void cil_set_policy_version(struct cil_db *db, int policy_version)
1676 {
1677 db->policy_version = policy_version;
1678 }
1679
cil_symtab_array_init(symtab_t symtab[],int symtab_sizes[CIL_SYM_NUM])1680 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM])
1681 {
1682 uint32_t i = 0;
1683 for (i = 0; i < CIL_SYM_NUM; i++) {
1684 cil_symtab_init(&symtab[i], symtab_sizes[i]);
1685 }
1686 }
1687
cil_symtab_array_destroy(symtab_t symtab[])1688 void cil_symtab_array_destroy(symtab_t symtab[])
1689 {
1690 int i = 0;
1691 for (i = 0; i < CIL_SYM_NUM; i++) {
1692 cil_symtab_destroy(&symtab[i]);
1693 }
1694 }
1695
cil_destroy_ast_symtabs(struct cil_tree_node * current)1696 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
1697 {
1698 while (current) {
1699 switch (current->flavor) {
1700 case CIL_BLOCK:
1701 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
1702 break;
1703 case CIL_IN:
1704 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
1705 break;
1706 case CIL_CLASS:
1707 case CIL_COMMON:
1708 case CIL_MAP_CLASS:
1709 cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
1710 break;
1711 case CIL_MACRO:
1712 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
1713 break;
1714 case CIL_CONDBLOCK:
1715 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
1716 break;
1717 default:
1718 break;
1719 }
1720
1721 if (current->cl_head) {
1722 cil_destroy_ast_symtabs(current->cl_head);
1723 }
1724
1725 current = current->next;
1726 }
1727 }
1728
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)1729 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
1730 {
1731 struct cil_tree_node *node = ast_node;
1732 *symtab = NULL;
1733
1734 if (sym_index == CIL_SYM_PERMS) {
1735 /* Class statements are not blocks, so the passed node should be the class */
1736 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
1737 node->flavor == CIL_COMMON) {
1738 *symtab = &((struct cil_class*)node->data)->perms;
1739 return SEPOL_OK;
1740 }
1741 goto exit;
1742 }
1743
1744 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
1745 cil_log(CIL_ERR, "Invalid symtab type\n");
1746 goto exit;
1747 }
1748
1749 while (node != NULL && *symtab == NULL) {
1750 switch (node->flavor) {
1751 case CIL_ROOT:
1752 *symtab = &((struct cil_root *)node->data)->symtab[sym_index];
1753 break;
1754 case CIL_BLOCK:
1755 *symtab = &((struct cil_block*)node->data)->symtab[sym_index];
1756 break;
1757 case CIL_MACRO:
1758 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
1759 break;
1760 case CIL_IN:
1761 /* In blocks only exist before resolving the AST */
1762 *symtab = &((struct cil_in*)node->data)->symtab[sym_index];
1763 break;
1764 case CIL_CONDBLOCK: {
1765 if (node->parent->flavor == CIL_TUNABLEIF) {
1766 /* Cond blocks only exist before resolving the AST */
1767 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
1768 } else if (node->parent->flavor == CIL_BOOLEANIF) {
1769 node = node->parent->parent;
1770 }
1771 break;
1772 }
1773 default:
1774 node = node->parent;
1775 }
1776 }
1777
1778 if (*symtab == NULL) {
1779 goto exit;
1780 }
1781
1782 return SEPOL_OK;
1783
1784 exit:
1785 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
1786 return SEPOL_ERR;
1787 }
1788
cil_sort_init(struct cil_sort ** sort)1789 void cil_sort_init(struct cil_sort **sort)
1790 {
1791 *sort = cil_malloc(sizeof(**sort));
1792
1793 (*sort)->flavor = CIL_NONE;
1794 (*sort)->count = 0;
1795 (*sort)->index = 0;
1796 (*sort)->array = NULL;
1797 }
1798
cil_sort_destroy(struct cil_sort ** sort)1799 void cil_sort_destroy(struct cil_sort **sort)
1800 {
1801 (*sort)->flavor = CIL_NONE;
1802 (*sort)->count = 0;
1803 (*sort)->index = 0;
1804 if ((*sort)->array != NULL) {
1805 free((*sort)->array);
1806 }
1807 (*sort)->array = NULL;
1808
1809 free(*sort);
1810 *sort = NULL;
1811 }
1812
cil_netifcon_init(struct cil_netifcon ** netifcon)1813 void cil_netifcon_init(struct cil_netifcon **netifcon)
1814 {
1815 *netifcon = cil_malloc(sizeof(**netifcon));
1816
1817 (*netifcon)->interface_str = NULL;
1818 (*netifcon)->if_context_str = NULL;
1819 (*netifcon)->if_context = NULL;
1820 (*netifcon)->packet_context_str = NULL;
1821 (*netifcon)->packet_context = NULL;
1822 (*netifcon)->context_str = NULL;
1823 }
1824
cil_context_init(struct cil_context ** context)1825 void cil_context_init(struct cil_context **context)
1826 {
1827 *context = cil_malloc(sizeof(**context));
1828
1829 cil_symtab_datum_init(&(*context)->datum);
1830 (*context)->user_str = NULL;
1831 (*context)->user = NULL;
1832 (*context)->role_str = NULL;
1833 (*context)->role = NULL;
1834 (*context)->type_str = NULL;
1835 (*context)->type = NULL;
1836 (*context)->range_str = NULL;
1837 (*context)->range = NULL;
1838 }
1839
cil_level_init(struct cil_level ** level)1840 void cil_level_init(struct cil_level **level)
1841 {
1842 *level = cil_malloc(sizeof(**level));
1843
1844 cil_symtab_datum_init(&(*level)->datum);
1845 (*level)->sens_str = NULL;
1846 (*level)->sens = NULL;
1847 (*level)->cats = NULL;
1848 }
1849
cil_levelrange_init(struct cil_levelrange ** range)1850 void cil_levelrange_init(struct cil_levelrange **range)
1851 {
1852 *range = cil_malloc(sizeof(**range));
1853
1854 cil_symtab_datum_init(&(*range)->datum);
1855 (*range)->low_str = NULL;
1856 (*range)->low = NULL;
1857 (*range)->high_str = NULL;
1858 (*range)->high = NULL;
1859 }
1860
cil_sens_init(struct cil_sens ** sens)1861 void cil_sens_init(struct cil_sens **sens)
1862 {
1863 *sens = cil_malloc(sizeof(**sens));
1864
1865 cil_symtab_datum_init(&(*sens)->datum);
1866
1867 (*sens)->cats_list = NULL;
1868
1869 (*sens)->ordered = CIL_FALSE;
1870 }
1871
cil_block_init(struct cil_block ** block)1872 void cil_block_init(struct cil_block **block)
1873 {
1874 *block = cil_malloc(sizeof(**block));
1875
1876 cil_symtab_datum_init(&(*block)->datum);
1877
1878 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
1879
1880 (*block)->is_abstract = CIL_FALSE;
1881
1882 (*block)->bi_nodes = NULL;
1883 }
1884
cil_blockinherit_init(struct cil_blockinherit ** inherit)1885 void cil_blockinherit_init(struct cil_blockinherit **inherit)
1886 {
1887 *inherit = cil_malloc(sizeof(**inherit));
1888 (*inherit)->block_str = NULL;
1889 (*inherit)->block = NULL;
1890 }
1891
cil_blockabstract_init(struct cil_blockabstract ** abstract)1892 void cil_blockabstract_init(struct cil_blockabstract **abstract)
1893 {
1894 *abstract = cil_malloc(sizeof(**abstract));
1895 (*abstract)->block_str = NULL;
1896 }
1897
cil_in_init(struct cil_in ** in)1898 void cil_in_init(struct cil_in **in)
1899 {
1900 *in = cil_malloc(sizeof(**in));
1901
1902 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
1903 (*in)->block_str = NULL;
1904 }
1905
cil_class_init(struct cil_class ** class)1906 void cil_class_init(struct cil_class **class)
1907 {
1908 *class = cil_malloc(sizeof(**class));
1909
1910 cil_symtab_datum_init(&(*class)->datum);
1911
1912 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
1913
1914 (*class)->num_perms = 0;
1915 (*class)->common = NULL;
1916 (*class)->ordered = CIL_FALSE;
1917 }
1918
cil_classorder_init(struct cil_classorder ** classorder)1919 void cil_classorder_init(struct cil_classorder **classorder)
1920 {
1921 *classorder = cil_malloc(sizeof(**classorder));
1922
1923 (*classorder)->class_list_str = NULL;
1924 }
1925
cil_classcommon_init(struct cil_classcommon ** classcommon)1926 void cil_classcommon_init(struct cil_classcommon **classcommon)
1927 {
1928 *classcommon = cil_malloc(sizeof(**classcommon));
1929
1930 (*classcommon)->class_str = NULL;
1931 (*classcommon)->common_str = NULL;
1932 }
1933
cil_sid_init(struct cil_sid ** sid)1934 void cil_sid_init(struct cil_sid **sid)
1935 {
1936 *sid = cil_malloc(sizeof(**sid));
1937
1938 cil_symtab_datum_init(&(*sid)->datum);
1939
1940 (*sid)->ordered = CIL_FALSE;
1941 (*sid)->context = NULL;
1942 }
1943
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)1944 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
1945 {
1946 *sidcontext = cil_malloc(sizeof(**sidcontext));
1947
1948 (*sidcontext)->sid_str = NULL;
1949 (*sidcontext)->context_str = NULL;
1950 (*sidcontext)->context = NULL;
1951 }
1952
cil_sidorder_init(struct cil_sidorder ** sidorder)1953 void cil_sidorder_init(struct cil_sidorder **sidorder)
1954 {
1955 *sidorder = cil_malloc(sizeof(**sidorder));
1956
1957 (*sidorder)->sid_list_str = NULL;
1958 }
1959
cil_userrole_init(struct cil_userrole ** userrole)1960 void cil_userrole_init(struct cil_userrole **userrole)
1961 {
1962 *userrole = cil_malloc(sizeof(**userrole));
1963
1964 (*userrole)->user_str = NULL;
1965 (*userrole)->user = NULL;
1966 (*userrole)->role_str = NULL;
1967 (*userrole)->role = NULL;
1968 }
1969
cil_userprefix_init(struct cil_userprefix ** userprefix)1970 void cil_userprefix_init(struct cil_userprefix **userprefix)
1971 {
1972 *userprefix = cil_malloc(sizeof(**userprefix));
1973
1974 (*userprefix)->user_str = NULL;
1975 (*userprefix)->user = NULL;
1976 (*userprefix)->prefix_str = NULL;
1977 }
1978
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)1979 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
1980 {
1981 *selinuxuser = cil_malloc(sizeof(**selinuxuser));
1982
1983 (*selinuxuser)->name_str = NULL;
1984 (*selinuxuser)->user_str = NULL;
1985 (*selinuxuser)->user = NULL;
1986 (*selinuxuser)->range_str = NULL;
1987 (*selinuxuser)->range = NULL;
1988 }
1989
cil_roletype_init(struct cil_roletype ** roletype)1990 void cil_roletype_init(struct cil_roletype **roletype)
1991 {
1992 *roletype = cil_malloc(sizeof(**roletype));
1993
1994 (*roletype)->role_str = NULL;
1995 (*roletype)->role = NULL;
1996 (*roletype)->type_str = NULL;
1997 (*roletype)->type = NULL;
1998 }
1999
cil_roleattribute_init(struct cil_roleattribute ** attr)2000 void cil_roleattribute_init(struct cil_roleattribute **attr)
2001 {
2002 *attr = cil_malloc(sizeof(**attr));
2003
2004 cil_symtab_datum_init(&(*attr)->datum);
2005
2006 (*attr)->expr_list = NULL;
2007 (*attr)->roles = NULL;
2008 }
2009
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2010 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2011 {
2012 *attrset = cil_malloc(sizeof(**attrset));
2013
2014 (*attrset)->attr_str = NULL;
2015 (*attrset)->str_expr = NULL;
2016 (*attrset)->datum_expr = NULL;
2017 }
2018
cil_typeattribute_init(struct cil_typeattribute ** attr)2019 void cil_typeattribute_init(struct cil_typeattribute **attr)
2020 {
2021 *attr = cil_malloc(sizeof(**attr));
2022
2023 cil_symtab_datum_init(&(*attr)->datum);
2024
2025 (*attr)->expr_list = NULL;
2026 (*attr)->types = NULL;
2027 (*attr)->used = CIL_FALSE;
2028 }
2029
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2030 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2031 {
2032 *attrset = cil_malloc(sizeof(**attrset));
2033
2034 (*attrset)->attr_str = NULL;
2035 (*attrset)->str_expr = NULL;
2036 (*attrset)->datum_expr = NULL;
2037 }
2038
cil_alias_init(struct cil_alias ** alias)2039 void cil_alias_init(struct cil_alias **alias)
2040 {
2041 *alias = cil_malloc(sizeof(**alias));
2042
2043 (*alias)->actual = NULL;
2044
2045 cil_symtab_datum_init(&(*alias)->datum);
2046 }
2047
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2048 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2049 {
2050 *aliasactual = cil_malloc(sizeof(**aliasactual));
2051
2052 (*aliasactual)->alias_str = NULL;
2053 (*aliasactual)->actual_str = NULL;
2054 }
2055
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2056 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2057 {
2058 *typeperm = cil_malloc(sizeof(**typeperm));
2059
2060 (*typeperm)->type_str = NULL;
2061 (*typeperm)->type = NULL;
2062 }
2063
cil_name_init(struct cil_name ** name)2064 void cil_name_init(struct cil_name **name)
2065 {
2066 *name = cil_malloc(sizeof(**name));
2067
2068 cil_symtab_datum_init(&(*name)->datum);
2069 (*name)->name_str = NULL;
2070 }
2071
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2072 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2073 {
2074 *nametypetrans = cil_malloc(sizeof(**nametypetrans));
2075
2076 (*nametypetrans)->src_str = NULL;
2077 (*nametypetrans)->src = NULL;
2078 (*nametypetrans)->tgt_str = NULL;
2079 (*nametypetrans)->tgt = NULL;
2080 (*nametypetrans)->obj_str = NULL;
2081 (*nametypetrans)->obj = NULL;
2082 (*nametypetrans)->name_str = NULL;
2083 (*nametypetrans)->name = NULL;
2084 (*nametypetrans)->result_str = NULL;
2085 (*nametypetrans)->result = NULL;
2086 }
2087
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2088 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2089 {
2090 *rangetrans = cil_malloc(sizeof(**rangetrans));
2091
2092 (*rangetrans)->src_str = NULL;
2093 (*rangetrans)->src = NULL;
2094 (*rangetrans)->exec_str = NULL;
2095 (*rangetrans)->exec = NULL;
2096 (*rangetrans)->obj_str = NULL;
2097 (*rangetrans)->obj = NULL;
2098 (*rangetrans)->range_str = NULL;
2099 (*rangetrans)->range = NULL;
2100 }
2101
cil_bool_init(struct cil_bool ** cilbool)2102 void cil_bool_init(struct cil_bool **cilbool)
2103 {
2104 *cilbool = cil_malloc(sizeof(**cilbool));
2105
2106 cil_symtab_datum_init(&(*cilbool)->datum);
2107 (*cilbool)->value = 0;
2108 }
2109
cil_tunable_init(struct cil_tunable ** ciltun)2110 void cil_tunable_init(struct cil_tunable **ciltun)
2111 {
2112 *ciltun = cil_malloc(sizeof(**ciltun));
2113
2114 cil_symtab_datum_init(&(*ciltun)->datum);
2115 (*ciltun)->value = 0;
2116 }
2117
cil_condblock_init(struct cil_condblock ** cb)2118 void cil_condblock_init(struct cil_condblock **cb)
2119 {
2120 *cb = cil_malloc(sizeof(**cb));
2121
2122 (*cb)->flavor = CIL_NONE;
2123 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2124 }
2125
cil_boolif_init(struct cil_booleanif ** bif)2126 void cil_boolif_init(struct cil_booleanif **bif)
2127 {
2128 *bif = cil_malloc(sizeof(**bif));
2129
2130 (*bif)->str_expr = NULL;
2131 (*bif)->datum_expr = NULL;
2132 }
2133
cil_tunif_init(struct cil_tunableif ** tif)2134 void cil_tunif_init(struct cil_tunableif **tif)
2135 {
2136 *tif = cil_malloc(sizeof(**tif));
2137
2138 (*tif)->str_expr = NULL;
2139 (*tif)->datum_expr = NULL;
2140 }
2141
cil_avrule_init(struct cil_avrule ** avrule)2142 void cil_avrule_init(struct cil_avrule **avrule)
2143 {
2144 *avrule = cil_malloc(sizeof(**avrule));
2145
2146 (*avrule)->is_extended = 0;
2147 (*avrule)->rule_kind = CIL_NONE;
2148 (*avrule)->src_str = NULL;
2149 (*avrule)->src = NULL;
2150 (*avrule)->tgt_str = NULL;
2151 (*avrule)->tgt = NULL;
2152 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2153 }
2154
cil_permissionx_init(struct cil_permissionx ** permx)2155 void cil_permissionx_init(struct cil_permissionx **permx)
2156 {
2157 *permx = cil_malloc(sizeof(**permx));
2158
2159 cil_symtab_datum_init(&(*permx)->datum);
2160 (*permx)->kind = CIL_NONE;
2161 (*permx)->obj_str = NULL;
2162 (*permx)->obj = NULL;
2163 (*permx)->expr_str = NULL;
2164 (*permx)->perms = NULL;
2165 }
2166
cil_type_rule_init(struct cil_type_rule ** type_rule)2167 void cil_type_rule_init(struct cil_type_rule **type_rule)
2168 {
2169 *type_rule = cil_malloc(sizeof(**type_rule));
2170
2171 (*type_rule)->rule_kind = CIL_NONE;
2172 (*type_rule)->src_str = NULL;
2173 (*type_rule)->src = NULL;
2174 (*type_rule)->tgt_str = NULL;
2175 (*type_rule)->tgt = NULL;
2176 (*type_rule)->obj_str = NULL;
2177 (*type_rule)->obj = NULL;
2178 (*type_rule)->result_str = NULL;
2179 (*type_rule)->result = NULL;
2180 }
2181
cil_roletransition_init(struct cil_roletransition ** role_trans)2182 void cil_roletransition_init(struct cil_roletransition **role_trans)
2183 {
2184 *role_trans = cil_malloc(sizeof(**role_trans));
2185
2186 (*role_trans)->src_str = NULL;
2187 (*role_trans)->src = NULL;
2188 (*role_trans)->tgt_str = NULL;
2189 (*role_trans)->tgt = NULL;
2190 (*role_trans)->obj_str = NULL;
2191 (*role_trans)->obj = NULL;
2192 (*role_trans)->result_str = NULL;
2193 (*role_trans)->result = NULL;
2194 }
2195
cil_roleallow_init(struct cil_roleallow ** roleallow)2196 void cil_roleallow_init(struct cil_roleallow **roleallow)
2197 {
2198 *roleallow = cil_malloc(sizeof(**roleallow));
2199
2200 (*roleallow)->src_str = NULL;
2201 (*roleallow)->src = NULL;
2202 (*roleallow)->tgt_str = NULL;
2203 (*roleallow)->tgt = NULL;
2204 }
2205
cil_catset_init(struct cil_catset ** catset)2206 void cil_catset_init(struct cil_catset **catset)
2207 {
2208 *catset = cil_malloc(sizeof(**catset));
2209
2210 cil_symtab_datum_init(&(*catset)->datum);
2211 (*catset)->cats = NULL;
2212 }
2213
cil_senscat_init(struct cil_senscat ** senscat)2214 void cil_senscat_init(struct cil_senscat **senscat)
2215 {
2216 *senscat = cil_malloc(sizeof(**senscat));
2217
2218 (*senscat)->sens_str = NULL;
2219 (*senscat)->cats = NULL;
2220 }
2221
cil_cats_init(struct cil_cats ** cats)2222 void cil_cats_init(struct cil_cats **cats)
2223 {
2224 *cats = cil_malloc(sizeof(**cats));
2225
2226 (*cats)->evaluated = CIL_FALSE;
2227 (*cats)->str_expr = NULL;
2228 (*cats)->datum_expr = NULL;
2229 }
2230
cil_filecon_init(struct cil_filecon ** filecon)2231 void cil_filecon_init(struct cil_filecon **filecon)
2232 {
2233 *filecon = cil_malloc(sizeof(**filecon));
2234
2235 (*filecon)->path_str = NULL;
2236 (*filecon)->type = 0;
2237 (*filecon)->context_str = NULL;
2238 (*filecon)->context = NULL;
2239 }
2240
cil_portcon_init(struct cil_portcon ** portcon)2241 void cil_portcon_init(struct cil_portcon **portcon)
2242 {
2243 *portcon = cil_malloc(sizeof(**portcon));
2244 (*portcon)->proto = 0;
2245 (*portcon)->port_low = 0;
2246 (*portcon)->port_high = 0;
2247 (*portcon)->context_str = NULL;
2248 (*portcon)->context = NULL;
2249 }
2250
cil_nodecon_init(struct cil_nodecon ** nodecon)2251 void cil_nodecon_init(struct cil_nodecon **nodecon)
2252 {
2253 *nodecon = cil_malloc(sizeof(**nodecon));
2254
2255 (*nodecon)->addr_str = NULL;
2256 (*nodecon)->addr = NULL;
2257 (*nodecon)->mask_str = NULL;
2258 (*nodecon)->mask = NULL;
2259 (*nodecon)->context_str = NULL;
2260 (*nodecon)->context = NULL;
2261 }
2262
cil_genfscon_init(struct cil_genfscon ** genfscon)2263 void cil_genfscon_init(struct cil_genfscon **genfscon)
2264 {
2265 *genfscon = cil_malloc(sizeof(**genfscon));
2266
2267 (*genfscon)->fs_str = NULL;
2268 (*genfscon)->path_str = NULL;
2269 (*genfscon)->context_str = NULL;
2270 (*genfscon)->context = NULL;
2271 }
2272
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2273 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2274 {
2275 *pirqcon = cil_malloc(sizeof(**pirqcon));
2276
2277 (*pirqcon)->pirq = 0;
2278 (*pirqcon)->context_str = NULL;
2279 (*pirqcon)->context = NULL;
2280 }
2281
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2282 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2283 {
2284 *iomemcon = cil_malloc(sizeof(**iomemcon));
2285
2286 (*iomemcon)->iomem_low = 0;
2287 (*iomemcon)->iomem_high = 0;
2288 (*iomemcon)->context_str = NULL;
2289 (*iomemcon)->context = NULL;
2290 }
2291
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2292 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2293 {
2294 *ioportcon = cil_malloc(sizeof(**ioportcon));
2295
2296 (*ioportcon)->context_str = NULL;
2297 (*ioportcon)->context = NULL;
2298 }
2299
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2300 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2301 {
2302 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2303
2304 (*pcidevicecon)->dev = 0;
2305 (*pcidevicecon)->context_str = NULL;
2306 (*pcidevicecon)->context = NULL;
2307 }
2308
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2309 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2310 {
2311 *dtcon = cil_malloc(sizeof(**dtcon));
2312
2313 (*dtcon)->path = NULL;
2314 (*dtcon)->context_str = NULL;
2315 (*dtcon)->context = NULL;
2316 }
2317
cil_fsuse_init(struct cil_fsuse ** fsuse)2318 void cil_fsuse_init(struct cil_fsuse **fsuse)
2319 {
2320 *fsuse = cil_malloc(sizeof(**fsuse));
2321
2322 (*fsuse)->type = 0;
2323 (*fsuse)->fs_str = NULL;
2324 (*fsuse)->context_str = NULL;
2325 (*fsuse)->context = NULL;
2326 }
2327
cil_constrain_init(struct cil_constrain ** constrain)2328 void cil_constrain_init(struct cil_constrain **constrain)
2329 {
2330 *constrain = cil_malloc(sizeof(**constrain));
2331
2332 (*constrain)->classperms = NULL;
2333 (*constrain)->str_expr = NULL;
2334 (*constrain)->datum_expr = NULL;
2335 }
2336
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2337 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2338 {
2339 *validtrans = cil_malloc(sizeof(**validtrans));
2340
2341 (*validtrans)->class_str = NULL;
2342 (*validtrans)->class = NULL;
2343 (*validtrans)->str_expr = NULL;
2344 (*validtrans)->datum_expr = NULL;
2345 }
2346
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2347 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2348 {
2349 *ipaddr = cil_malloc(sizeof(**ipaddr));
2350
2351 cil_symtab_datum_init(&(*ipaddr)->datum);
2352 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2353 }
2354
cil_perm_init(struct cil_perm ** perm)2355 void cil_perm_init(struct cil_perm **perm)
2356 {
2357 *perm = cil_malloc(sizeof(**perm));
2358
2359 cil_symtab_datum_init(&(*perm)->datum);
2360 (*perm)->value = 0;
2361 (*perm)->classperms = NULL;
2362 }
2363
cil_classpermission_init(struct cil_classpermission ** cp)2364 void cil_classpermission_init(struct cil_classpermission **cp)
2365 {
2366 *cp = cil_malloc(sizeof(**cp));
2367
2368 cil_symtab_datum_init(&(*cp)->datum);
2369 (*cp)->classperms = NULL;
2370 }
2371
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2372 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2373 {
2374 *cps = cil_malloc(sizeof(**cps));
2375
2376 (*cps)->set_str = NULL;
2377 (*cps)->classperms = NULL;
2378 }
2379
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2380 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2381 {
2382 *cp_set = cil_malloc(sizeof(**cp_set));
2383 (*cp_set)->set_str = NULL;
2384 (*cp_set)->set = NULL;
2385 }
2386
cil_classperms_init(struct cil_classperms ** cp)2387 void cil_classperms_init(struct cil_classperms **cp)
2388 {
2389 *cp = cil_malloc(sizeof(**cp));
2390 (*cp)->class_str = NULL;
2391 (*cp)->class = NULL;
2392 (*cp)->perm_strs = NULL;
2393 (*cp)->perms = NULL;
2394 }
2395
cil_classmapping_init(struct cil_classmapping ** mapping)2396 void cil_classmapping_init(struct cil_classmapping **mapping)
2397 {
2398 *mapping = cil_malloc(sizeof(**mapping));
2399
2400 (*mapping)->map_class_str = NULL;
2401 (*mapping)->map_perm_str = NULL;
2402 (*mapping)->classperms = NULL;
2403 }
2404
cil_user_init(struct cil_user ** user)2405 void cil_user_init(struct cil_user **user)
2406 {
2407 *user = cil_malloc(sizeof(**user));
2408
2409 cil_symtab_datum_init(&(*user)->datum);
2410 (*user)->bounds = NULL;
2411 (*user)->roles = NULL;
2412 (*user)->dftlevel = NULL;
2413 (*user)->range = NULL;
2414 (*user)->value = 0;
2415 }
2416
cil_userattribute_init(struct cil_userattribute ** attr)2417 void cil_userattribute_init(struct cil_userattribute **attr)
2418 {
2419 *attr = cil_malloc(sizeof(**attr));
2420
2421 cil_symtab_datum_init(&(*attr)->datum);
2422
2423 (*attr)->expr_list = NULL;
2424 (*attr)->users = NULL;
2425 }
2426
cil_userattributeset_init(struct cil_userattributeset ** attrset)2427 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2428 {
2429 *attrset = cil_malloc(sizeof(**attrset));
2430
2431 (*attrset)->attr_str = NULL;
2432 (*attrset)->str_expr = NULL;
2433 (*attrset)->datum_expr = NULL;
2434 }
2435
cil_userlevel_init(struct cil_userlevel ** usrlvl)2436 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2437 {
2438 *usrlvl = cil_malloc(sizeof(**usrlvl));
2439
2440 (*usrlvl)->user_str = NULL;
2441 (*usrlvl)->level_str = NULL;
2442 (*usrlvl)->level = NULL;
2443 }
2444
cil_userrange_init(struct cil_userrange ** userrange)2445 void cil_userrange_init(struct cil_userrange **userrange)
2446 {
2447 *userrange = cil_malloc(sizeof(**userrange));
2448
2449 (*userrange)->user_str = NULL;
2450 (*userrange)->range_str = NULL;
2451 (*userrange)->range = NULL;
2452 }
2453
cil_role_init(struct cil_role ** role)2454 void cil_role_init(struct cil_role **role)
2455 {
2456 *role = cil_malloc(sizeof(**role));
2457
2458 cil_symtab_datum_init(&(*role)->datum);
2459 (*role)->bounds = NULL;
2460 (*role)->types = NULL;
2461 (*role)->value = 0;
2462 }
2463
cil_type_init(struct cil_type ** type)2464 void cil_type_init(struct cil_type **type)
2465 {
2466 *type = cil_malloc(sizeof(**type));
2467
2468 cil_symtab_datum_init(&(*type)->datum);
2469 (*type)->bounds = NULL;
2470 (*type)->value = 0;
2471 }
2472
cil_cat_init(struct cil_cat ** cat)2473 void cil_cat_init(struct cil_cat **cat)
2474 {
2475 *cat = cil_malloc(sizeof(**cat));
2476
2477 cil_symtab_datum_init(&(*cat)->datum);
2478 (*cat)->ordered = CIL_FALSE;
2479 (*cat)->value = 0;
2480 }
2481
cil_catorder_init(struct cil_catorder ** catorder)2482 void cil_catorder_init(struct cil_catorder **catorder)
2483 {
2484 *catorder = cil_malloc(sizeof(**catorder));
2485
2486 (*catorder)->cat_list_str = NULL;
2487 }
2488
cil_sensorder_init(struct cil_sensorder ** sensorder)2489 void cil_sensorder_init(struct cil_sensorder **sensorder)
2490 {
2491 *sensorder = cil_malloc(sizeof(**sensorder));
2492
2493 (*sensorder)->sens_list_str = NULL;
2494 }
2495
cil_args_init(struct cil_args ** args)2496 void cil_args_init(struct cil_args **args)
2497 {
2498 *args = cil_malloc(sizeof(**args));
2499 (*args)->arg_str = NULL;
2500 (*args)->arg = NULL;
2501 (*args)->param_str = NULL;
2502 (*args)->flavor = CIL_NONE;
2503 }
2504
cil_call_init(struct cil_call ** call)2505 void cil_call_init(struct cil_call **call)
2506 {
2507 *call = cil_malloc(sizeof(**call));
2508
2509 (*call)->macro_str = NULL;
2510 (*call)->macro = NULL;
2511 (*call)->args_tree = NULL;
2512 (*call)->args = NULL;
2513 (*call)->copied = 0;
2514 }
2515
cil_optional_init(struct cil_optional ** optional)2516 void cil_optional_init(struct cil_optional **optional)
2517 {
2518 *optional = cil_malloc(sizeof(**optional));
2519 (*optional)->enabled = CIL_TRUE;
2520 cil_symtab_datum_init(&(*optional)->datum);
2521 }
2522
cil_param_init(struct cil_param ** param)2523 void cil_param_init(struct cil_param **param)
2524 {
2525 *param = cil_malloc(sizeof(**param));
2526
2527 (*param)->str = NULL;
2528 (*param)->flavor = CIL_NONE;
2529 }
2530
cil_macro_init(struct cil_macro ** macro)2531 void cil_macro_init(struct cil_macro **macro)
2532 {
2533 *macro = cil_malloc(sizeof(**macro));
2534
2535 cil_symtab_datum_init(&(*macro)->datum);
2536 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2537 (*macro)->params = NULL;
2538 }
2539
cil_policycap_init(struct cil_policycap ** policycap)2540 void cil_policycap_init(struct cil_policycap **policycap)
2541 {
2542 *policycap = cil_malloc(sizeof(**policycap));
2543
2544 cil_symtab_datum_init(&(*policycap)->datum);
2545 }
2546
cil_bounds_init(struct cil_bounds ** bounds)2547 void cil_bounds_init(struct cil_bounds **bounds)
2548 {
2549 *bounds = cil_malloc(sizeof(**bounds));
2550
2551 (*bounds)->parent_str = NULL;
2552 (*bounds)->child_str = NULL;
2553 }
2554
cil_default_init(struct cil_default ** def)2555 void cil_default_init(struct cil_default **def)
2556 {
2557 *def = cil_malloc(sizeof(**def));
2558
2559 (*def)->flavor = CIL_NONE;
2560 (*def)->class_strs = NULL;
2561 (*def)->class_datums = NULL;
2562 }
2563
cil_defaultrange_init(struct cil_defaultrange ** def)2564 void cil_defaultrange_init(struct cil_defaultrange **def)
2565 {
2566 *def = cil_malloc(sizeof(**def));
2567
2568 (*def)->class_strs = NULL;
2569 (*def)->class_datums = NULL;
2570 }
2571
cil_handleunknown_init(struct cil_handleunknown ** unk)2572 void cil_handleunknown_init(struct cil_handleunknown **unk)
2573 {
2574 *unk = cil_malloc(sizeof(**unk));
2575 }
2576
cil_mls_init(struct cil_mls ** mls)2577 void cil_mls_init(struct cil_mls **mls)
2578 {
2579 *mls = cil_malloc(sizeof(**mls));
2580 (*mls)->value = 0;
2581 }
2582
cil_src_info_init(struct cil_src_info ** info)2583 void cil_src_info_init(struct cil_src_info **info)
2584 {
2585 *info = cil_malloc(sizeof(**info));
2586 (*info)->is_cil = 0;
2587 (*info)->path = NULL;
2588 }
2589