1 /*
2  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  *    1. Redistributions of source code must retain the above copyright notice,
8  *       this list of conditions and the following disclaimer.
9  *
10  *    2. Redistributions in binary form must reproduce the above copyright notice,
11  *       this list of conditions and the following disclaimer in the documentation
12  *       and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  * The views and conclusions contained in the software and documentation are those
26  * of the authors and should not be interpreted as representing official policies,
27  * either expressed or implied, of Tresys Technology, LLC.
28  */
29 
30 #ifndef _CIL_BINARY_H_
31 #define _CIL_BINARY_H_
32 
33 #include <sepol/policydb/policydb.h>
34 
35 #include "cil_internal.h"
36 #include "cil_tree.h"
37 #include "cil_list.h"
38 
39 /**
40  * Create a binary policydb from the cil db.
41  *
42  * @param[in] db The cil database.
43  * @param[in] pdb The policy database.
44  *
45  * @return SEPOL_OK upon success or an error otherwise.
46  */
47 int cil_binary_create(const struct cil_db *db, sepol_policydb_t **pdb);
48 
49 /**
50  * Create a pre allocated binary policydb from the cil db.
51  *
52  * It is assumed that pdb has been allocated and initialzed so that fields such
53  * as policy type and version are set appropriately. It is reccomended that
54  * instead of calling this, one instead calls cil_binary_create, which will
55  * properly allocate and initialize the pdb and then calls this function. This
56  * funcion is used to maintain binary backwards compatability.
57  *
58  * @param[in] db The cil database.
59  * @param[in] pdb The policy database.
60  *
61  * @return SEPOL_OK upon success or an error otherwise.
62  */
63 int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *pdb);
64 
65 /**
66  * Insert cil common structure into sepol policydb.
67  *
68  * @param[in] pdb The policy database to insert the common into.
69  * @param[in] datum The cil_common datum.
70  * @param[out] common_out The sepol common to send back.
71  *
72  * @return SEPOL_OK upon success or an error otherwise.
73  */
74 int cil_common_to_policydb(policydb_t *pdb, struct cil_class *cil_common, common_datum_t **common_out);
75 
76 /**
77  * Insert cil class structure into sepol policydb.
78  *
79  * @param[in] pdb The policy database to insert the class into.
80  * @param[in] datum The cil_class datum.
81  *
82  * @return SEPOL_OK upon success or an error otherwise.
83  */
84 int cil_class_to_policydb(policydb_t *pdb, struct cil_class *cil_class);
85 
86 /**
87  * Insert cil role structure into sepol policydb.
88  *
89  * @param[in] pdb The policy database to insert the role into.
90  * @param[in] datum The cil_role datum.
91  *
92  * @return SEPOL_OK upon success or an error otherwise.
93  */
94 int cil_role_to_policydb(policydb_t *pdb, struct cil_role *cil_role);
95 
96 /**
97  * Insert cil roletype structure into sepol policydb.
98  *
99  * @param[in] pdb The policy database to insert the roletype into.
100  * @param[in] db The cil database
101  * @param[in] datum The cil_roletype datum.
102  *
103  * @return SEPOL_OK upon success or SEPOL_ERR otherwise.
104  */
105 int cil_roletype_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_role *role);
106 
107 /**
108  * Insert cil type structure into sepol policydb.
109  *
110  * @param[in] pdb The policy database to insert the type into.
111  * @param[in] datum The cil_type datum.
112  *
113  * @return SEPOL_OK upon success or an error otherwise.
114  */
115 int cil_type_to_policydb(policydb_t *pdb, struct cil_type *cil_type, void *type_value_to_cil[]);
116 
117 /**
118  * Insert cil typealias structure into sepol policydb.
119  *
120  * @param[in] pdb The policy database to insert the typealias into.
121  * @param[in] datum The cil_typealias datum.
122  *
123  * @return SEPOL_OK upon success or an error otherwise.
124  */
125 int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias);
126 
127 /**
128  * Insert cil typepermissive structure into sepol policydb.
129  * The function looks up the perviously inserted type and flips the bit
130  * in the permssive types bitmap that corresponds to that type's value.
131  *
132  * @param[in] pdb The policy database to insert the typepermissive into.
133  * @param[in] datum The cil_typepermissive datum.
134  *
135  * @return SEPOL_OK upon success or an error otherwise.
136  */
137 int cil_typepermissive_to_policydb(policydb_t *pdb, struct cil_typepermissive *cil_typeperm);
138 
139 /**
140  * Insert cil attribute structure into sepol policydb.
141  *
142  * @param[in] pdb The policy database to insert the attribute into.
143  * @param[in] datum The cil_attribute datum.
144  *
145  * @return SEPOL_OK upon success or an error otherwise.
146  */
147 int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil_attr, void *type_value_to_cil[]);
148 
149 /**
150  * Insert cil attribute structure into sepol type->attribute bitmap.
151  * The function calls helper functions to loop over the attributes lists
152  * of types and negative types. If either of the lists contain an attribute,
153  * the helper functions will recurse into the attribute and record the
154  * attribute's types and negative types. There is no minimum depth.
155  *
156  * @param[in] pdb The policy database that contains the type->attribute bitmap.
157  * @param[in] db The cil database
158  * @param[in] node The tree node that contains the cil_attribute.
159  *
160  * @return SEPOL_OK upon success or an error otherwise.
161  */
162 int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *cdb, struct cil_typeattribute *cil_attr);
163 
164 /**
165  * Insert cil policycap structure into sepol policydb.
166  *
167  * @param[in] pdb The policy database to insert the policycap into.
168  * @param[in] node The tree node that contains the cil_policycap.
169  *
170  * @return SEPOL_OK upon success or SEPOL_ERR upon error.
171  */
172 int cil_policycap_to_policydb(policydb_t *pdb, struct cil_policycap *cil_polcap);
173 
174 /**
175  * Insert cil user structure into sepol policydb.
176  *
177  * @param[in] pdb THe policy database to insert the user into.
178  * @param[in] node The tree node that contains the cil_user.
179  *
180  * @return SEPOL_OK upon success or an error otherwise.
181  */
182 int cil_user_to_policydb(policydb_t *pdb, struct cil_user *cil_user);
183 
184 /**
185  * Insert cil userrole structure into sepol policydb.
186  *
187  * @param[in] pdb The policy database to insert the userrole into.
188  * @param[in] db The cil database
189  * @param[in] datum The cil_user
190  *
191  * @return SEPOL_OK upon success or SEPOL_ERR otherwise.
192  */
193 int cil_userrole_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_user *user);
194 
195 /**
196  * Insert cil bool structure into sepol policydb.
197  *
198  * @param[in] pdb THe policy database to insert the bool into.
199  * @param[in] datum The cil_bool datum.
200  *
201  * @return SEPOL_OK upon success or an error otherwise.
202  */
203 int cil_bool_to_policydb(policydb_t *pdb, struct cil_bool *cil_bool);
204 
205 /**
206  * Insert all ordered cil category structures into sepol policydb.
207  *
208  * @param[in] pdb The policy database to insert the categories into.
209  * @param[in] db The cil database that contains the category order list.
210  *
211  * @return SEPOL_OK upon success or an error otherwise.
212  */
213 int cil_catorder_to_policydb(policydb_t *pdb, const struct cil_db *db);
214 
215 /**
216  * Insert cil category alias structure into sepol policydb.
217  *
218  * @param[in] pdb The policy database to insert the category alias into.
219  * @param[in] datum The cil_catalias datum.
220  *
221  * @return SEPOL_OK upon success or an error otherwise.
222  */
223 int cil_catalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias);
224 
225 /**
226  * Insert the cil sensitivityorder into sepol policydb.
227  *
228  * @param[in] pdb The policy database to insert the sensitivityorder into.
229  * @param[in] db the cil database that contains the sensitivityorder list.
230  *
231  * @return SEPOL_OK upon success or an error otherwise.
232  */
233 int cil_sensitivityorder_to_policydb(policydb_t *pdb, const struct cil_db *db);
234 
235 /**
236  * Insert cil type rule structure into sepol policydb.  This includes
237  * typetransition, typechange, and typemember.
238  *
239  * @param[in] pdb The policy database to insert the type rule into.
240  * @param[in] datum The cil_type_rule datum.
241  *
242  * @return SEPOL_OK upon success or an error otherwise.
243  */
244 int cil_type_rule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_type_rule *cil_rule);
245 
246 /**
247  * Insert cil avrule structure into sepol policydb.
248  *
249  * @param[in] pdb The policy database to insert the avrule into.
250  * @param[in] datum The cil_avrule datum.
251  *
252  * @return SEPOL_OK upon success or an error otherwise.
253  */
254 int cil_avrule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule);
255 
256 /**
257  * Insert cil booleanif structure into sepol policydb.  This populates the
258  * policydb conditional list.  Each conditional node contains an expression
259  * and true/false avtab_ptr lists that point into te_cond_avtab.
260  *
261  * @param[in] pdb The policy database to insert the booleanif into.
262  * @param[in] node The cil_booleanif node.
263  *
264  * @return SEPOL_OK upon success or an error otherwise.
265  */
266 int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_tree_node *node, hashtab_t filename_trans_table);
267 
268 /**
269  * Insert cil role transition structure into sepol policydb.
270  *
271  * @param[in] pdb The policy database to insert the role transition into.
272  * @param[in] datum The cil_role_trans datum.
273  *
274  * @return SEPOL_OK upon success or SEPOL_ERR upon error.
275  */
276 int cil_roletrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roletransition *roletrans, hashtab_t role_trans_table);
277 
278 /**
279  * Insert cil role allow structure into sepol policydb.
280  *
281  * @param[in] pdb The policy database to insert the role allow into.
282  * @param[in] datum The cil_role_allow datum.
283  *
284  * @return SEPOL_OK upon success or SEPOL_ERR upon error.
285  */
286 int cil_roleallow_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roleallow *roleallow);
287 
288 /**
289  * Insert cil file transition structure into sepol policydb.
290  *
291  * @param[in] pdb The policy database to insert the file transition into.
292  * @param[in] datum The cil_nametypetransition datum.
293  *
294  * @return SEPOL_OK upon success or SEPOL_ERR upon error.
295  */
296 int cil_typetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_nametypetransition *typetrans, hashtab_t filename_trans_table);
297 
298 /**
299  * Insert cil constrain/mlsconstrain structure(s) into sepol policydb.
300  *
301  * @param[in] pdb The policy database to insert the (mls)constrain into.
302  * @param[in] datum The cil_(mls)constrain datum.
303  *
304  * @return SEPOL_OK upon success or SEPOL_ERR upon error.
305  */
306 int cil_constrain_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_constrain *cil_constrain);
307 
308 /**
309  * Define sepol level.
310  * Associates the sepol level (sensitivity) with categories.
311  * Looks at the cil_sens structure for a list of cil_cats to
312  * associate the sensitivity with.
313  * Sets the sepol level as defined in the sepol policy database.
314  *
315  * @param[in] pdb The policy database that holds the sepol level.
316  * @param[in] datum The cil_sens datum.
317  *
318  * @return SEPOL_OK upon success or SEPOL_ERR upon error.
319  */
320 int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens);
321 
322 /**
323  * Insert cil rangetransition structure into sepol policydb.
324  *
325  * @param[in] pdb The policy database to insert the rangetransition into.
326  * @param[in] datum The cil_rangetransition datum.
327  *
328  * @return SEPOL_OK upon success or an error otherwise.
329  */
330 int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans, hashtab_t range_trans_table);
331 
332 /**
333  * Insert cil portcon structure into sepol policydb.
334  * The function is given a structure containing the sorted portcons and
335  * loops over this structure inserting them into the policy database.
336  *
337  * @param[in] pdb The policy database to insert the portcon into.
338  * @param[in] node The cil_sort structure that contains the sorted portcons.
339  *
340  * @return SEPOL_OK upon success or an error otherwise.
341  */
342 int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons);
343 
344 /**
345  * Insert cil netifcon structure into sepol policydb.
346  * The function is given a structure containing the sorted netifcons and
347  * loops over this structure inserting them into the policy database.
348  *
349  * @param[in] pdb The policy database to insert the netifcon into.
350  * @param[in] node The cil_sort structure that contains the sorted netifcons.
351  *
352  * @return SEPOL_OK upon success or an error otherwise.
353  */
354 int cil_netifcon_to_policydb(policydb_t *pdb, struct cil_sort *netifcons);
355 
356 /**
357  * Insert cil nodecon structure into sepol policydb.
358  * The function is given a structure containing the sorted nodecons and
359  * loops over this structure inserting them into the policy database.
360  *
361  * @param[in] pdb The policy database to insert the nodecon into.
362  * @param[in] node The cil_sort structure that contains the sorted nodecons.
363  *
364  * @return SEPOL_OK upon success or an error otherwise.
365  */
366 int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons);
367 
368 /**
369  * Insert cil fsuse structure into sepol policydb.
370  * The function is given a structure containing the sorted fsuses and
371  * loops over this structure inserting them into the policy database.
372  *
373  * @param[in] pdb The policy database to insert the fsuse into.
374  * @param[in] node The cil_sort structure that contains the sorted fsuses.
375  *
376  * @return SEPOL_OK upon success or an error otherwise.
377  */
378 int cil_fsuse_to_policydb(policydb_t *pdb, struct cil_sort *fsuses);
379 
380 /**
381  * Insert cil genfscon structure into sepol policydb.
382  * The function is given a structure containing the sorted genfscons and
383  * loops over this structure inserting them into the policy database.
384  *
385  * @param[in] pdb The policy database to insert the genfscon into.
386  * @param[in] node The cil_sort structure that contains the sorted genfscons.
387  *
388  * @return SEPOL_OK upon success or an error otherwise.
389  */
390 int cil_genfscon_to_policydb(policydb_t *pdb, struct cil_sort *genfscons);
391 
392 /**
393  * Insert cil pirqcon structure into sepol policydb.
394  * The function is given a structure containing the sorted pirqcons and
395  * loops over this structure inserting them into the policy database.
396  *
397  * @param[in] pdb The policy database to insert the pirqcon into.
398  * @param[in] node The cil_sort structure that contains the sorted pirqcons.
399  *
400  * @return SEPOL_OK upon success or an error otherwise.
401  */
402 int cil_pirqcon_to_policydb(policydb_t *pdb, struct cil_sort *pirqcons);
403 
404 /**
405  * Insert cil iomemcon structure into sepol policydb.
406  * The function is given a structure containing the sorted iomemcons and
407  * loops over this structure inserting them into the policy database.
408  *
409  * @param[in] pdb The policy database to insert the iomemcon into.
410  * @param[in] node The cil_sort structure that contains the sorted iomemcons.
411  *
412  * @return SEPOL_OK upon success or an error otherwise.
413  */
414 int cil_iomemcon_to_policydb(policydb_t *pdb, struct cil_sort *iomemcons);
415 
416 /**
417  * Insert cil ioportcon structure into sepol policydb.
418  * The function is given a structure containing the sorted ioportcons and
419  * loops over this structure inserting them into the policy database.
420  *
421  * @param[in] pdb The policy database to insert the ioportcon into.
422  * @param[in] node The cil_sort structure that contains the sorted ioportcons.
423  *
424  * @return SEPOL_OK upon success or an error otherwise.
425  */
426 int cil_ioportcon_to_policydb(policydb_t *pdb, struct cil_sort *ioportcons);
427 
428 /**
429  * Insert cil pcidevicecon structure into sepol policydb.
430  * The function is given a structure containing the sorted pcidevicecons and
431  * loops over this structure inserting them into the policy database.
432  *
433  * @param[in] pdb The policy database to insert the pcidevicecon into.
434  * @param[in] node The cil_sort structure that contains the sorted pcidevicecons.
435  *
436  * @return SEPOL_OK upon success or an error otherwise.
437  */
438 int cil_pcidevicecon_to_policydb(policydb_t *pdb, struct cil_sort *pcidevicecons);
439 
440 /**
441  * Create an mls level using a cil level.
442  * The function is given a structure containing the a cil_level and
443  * outputs a created mls_level_t.
444  *
445  * @param[in] pdb The policy database to use to get sepol level from cil_level's sensitivity.
446  * @param[in] cil_level The cil_level that will be used to create an mls_level_t.
447  * @param[out] mls_level The mls_level that is created.
448  *
449  * @return SEPOL_OK upon success or an error otherwise.
450  */
451 int cil_level_to_mls_level(policydb_t *pdb, struct cil_level *cil_level, mls_level_t *mls_level);
452 
453 #endif //_CIL_BINARY_H_
454