1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 33 #include <sepol/policydb/policydb.h> 34 #include <sepol/policydb/symtab.h> 35 36 #include "cil_internal.h" 37 #include "cil_flavor.h" 38 #include "cil_log.h" 39 #include "cil_mem.h" 40 #include "cil_tree.h" 41 #include "cil_list.h" 42 #include "cil_symtab.h" 43 #include "cil_build_ast.h" 44 45 #include "cil_parser.h" 46 #include "cil_build_ast.h" 47 #include "cil_resolve_ast.h" 48 #include "cil_fqn.h" 49 #include "cil_post.h" 50 #include "cil_binary.h" 51 #include "cil_policy.h" 52 #include "cil_strpool.h" 53 #include "dso.h" 54 55 #ifndef DISABLE_SYMVER 56 asm(".symver cil_build_policydb_pdb, cil_build_policydb (at) LIBSEPOL_1.0"); 57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); 58 59 asm(".symver cil_compile_pdb, cil_compile (at) LIBSEPOL_1.0"); 60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1"); 61 62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string (at) LIBSEPOL_1.0"); 63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1"); 64 65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string (at) LIBSEPOL_1.0"); 66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1"); 67 68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string (at) LIBSEPOL_1.0"); 69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1"); 70 #endif 71 72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { 73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} 78 }; 79 80 static void cil_init_keys(void) 81 { 82 /* Initialize CIL Keys into strpool */ 83 CIL_KEY_CONS_T1 = cil_strpool_add("t1"); 84 CIL_KEY_CONS_T2 = cil_strpool_add("t2"); 85 CIL_KEY_CONS_T3 = cil_strpool_add("t3"); 86 CIL_KEY_CONS_R1 = cil_strpool_add("r1"); 87 CIL_KEY_CONS_R2 = cil_strpool_add("r2"); 88 CIL_KEY_CONS_R3 = cil_strpool_add("r3"); 89 CIL_KEY_CONS_U1 = cil_strpool_add("u1"); 90 CIL_KEY_CONS_U2 = cil_strpool_add("u2"); 91 CIL_KEY_CONS_U3 = cil_strpool_add("u3"); 92 CIL_KEY_CONS_L1 = cil_strpool_add("l1"); 93 CIL_KEY_CONS_L2 = cil_strpool_add("l2"); 94 CIL_KEY_CONS_H1 = cil_strpool_add("h1"); 95 CIL_KEY_CONS_H2 = cil_strpool_add("h2"); 96 CIL_KEY_AND = cil_strpool_add("and"); 97 CIL_KEY_OR = cil_strpool_add("or"); 98 CIL_KEY_NOT = cil_strpool_add("not"); 99 CIL_KEY_EQ = cil_strpool_add("eq"); 100 CIL_KEY_NEQ = cil_strpool_add("neq"); 101 CIL_KEY_CONS_DOM = cil_strpool_add("dom"); 102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby"); 103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp"); 104 CIL_KEY_CONDTRUE = cil_strpool_add("true"); 105 CIL_KEY_CONDFALSE = cil_strpool_add("false"); 106 CIL_KEY_SELF = cil_strpool_add("self"); 107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r"); 108 CIL_KEY_STAR = cil_strpool_add("*"); 109 CIL_KEY_UDP = cil_strpool_add("udp"); 110 CIL_KEY_TCP = cil_strpool_add("tcp"); 111 CIL_KEY_DCCP = cil_strpool_add("dccp"); 112 CIL_KEY_SCTP = cil_strpool_add("sctp"); 113 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); 114 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); 115 CIL_KEY_ALLOW = cil_strpool_add("allow"); 116 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit"); 117 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition"); 118 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange"); 119 CIL_KEY_CALL = cil_strpool_add("call"); 120 CIL_KEY_TUNABLE = cil_strpool_add("tunable"); 121 CIL_KEY_XOR = cil_strpool_add("xor"); 122 CIL_KEY_ALL = cil_strpool_add("all"); 123 CIL_KEY_RANGE = cil_strpool_add("range"); 124 CIL_KEY_TYPE = cil_strpool_add("type"); 125 CIL_KEY_ROLE = cil_strpool_add("role"); 126 CIL_KEY_USER = cil_strpool_add("user"); 127 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute"); 128 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset"); 129 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity"); 130 CIL_KEY_CATEGORY = cil_strpool_add("category"); 131 CIL_KEY_CATSET = cil_strpool_add("categoryset"); 132 CIL_KEY_LEVEL = cil_strpool_add("level"); 133 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange"); 134 CIL_KEY_CLASS = cil_strpool_add("class"); 135 CIL_KEY_IPADDR = cil_strpool_add("ipaddr"); 136 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap"); 137 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission"); 138 CIL_KEY_BOOL = cil_strpool_add("boolean"); 139 CIL_KEY_STRING = cil_strpool_add("string"); 140 CIL_KEY_NAME = cil_strpool_add("name"); 141 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown"); 142 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow"); 143 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny"); 144 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject"); 145 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit"); 146 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract"); 147 CIL_KEY_CLASSORDER = cil_strpool_add("classorder"); 148 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping"); 149 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset"); 150 CIL_KEY_COMMON = cil_strpool_add("common"); 151 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon"); 152 CIL_KEY_SID = cil_strpool_add("sid"); 153 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext"); 154 CIL_KEY_SIDORDER = cil_strpool_add("sidorder"); 155 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel"); 156 CIL_KEY_USERRANGE = cil_strpool_add("userrange"); 157 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds"); 158 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix"); 159 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser"); 160 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault"); 161 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute"); 162 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset"); 163 CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute"); 164 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias"); 165 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual"); 166 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds"); 167 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive"); 168 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition"); 169 CIL_KEY_USERROLE = cil_strpool_add("userrole"); 170 CIL_KEY_ROLETYPE = cil_strpool_add("roletype"); 171 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition"); 172 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow"); 173 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute"); 174 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset"); 175 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds"); 176 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif"); 177 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow"); 178 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember"); 179 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias"); 180 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual"); 181 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias"); 182 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual"); 183 CIL_KEY_CATORDER = cil_strpool_add("categoryorder"); 184 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder"); 185 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory"); 186 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain"); 187 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain"); 188 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans"); 189 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans"); 190 CIL_KEY_CONTEXT = cil_strpool_add("context"); 191 CIL_KEY_FILECON = cil_strpool_add("filecon"); 192 CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon"); 193 CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon"); 194 CIL_KEY_PORTCON = cil_strpool_add("portcon"); 195 CIL_KEY_NODECON = cil_strpool_add("nodecon"); 196 CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); 197 CIL_KEY_NETIFCON = cil_strpool_add("netifcon"); 198 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon"); 199 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon"); 200 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon"); 201 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon"); 202 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon"); 203 CIL_KEY_FSUSE = cil_strpool_add("fsuse"); 204 CIL_KEY_POLICYCAP = cil_strpool_add("policycap"); 205 CIL_KEY_OPTIONAL = cil_strpool_add("optional"); 206 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser"); 207 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole"); 208 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype"); 209 CIL_KEY_MACRO = cil_strpool_add("macro"); 210 CIL_KEY_IN = cil_strpool_add("in"); 211 CIL_KEY_MLS = cil_strpool_add("mls"); 212 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange"); 213 CIL_KEY_GLOB = cil_strpool_add("*"); 214 CIL_KEY_FILE = cil_strpool_add("file"); 215 CIL_KEY_DIR = cil_strpool_add("dir"); 216 CIL_KEY_CHAR = cil_strpool_add("char"); 217 CIL_KEY_BLOCK = cil_strpool_add("block"); 218 CIL_KEY_SOCKET = cil_strpool_add("socket"); 219 CIL_KEY_PIPE = cil_strpool_add("pipe"); 220 CIL_KEY_SYMLINK = cil_strpool_add("symlink"); 221 CIL_KEY_ANY = cil_strpool_add("any"); 222 CIL_KEY_XATTR = cil_strpool_add("xattr"); 223 CIL_KEY_TASK = cil_strpool_add("task"); 224 CIL_KEY_TRANS = cil_strpool_add("trans"); 225 CIL_KEY_SOURCE = cil_strpool_add("source"); 226 CIL_KEY_TARGET = cil_strpool_add("target"); 227 CIL_KEY_LOW = cil_strpool_add("low"); 228 CIL_KEY_HIGH = cil_strpool_add("high"); 229 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high"); 230 CIL_KEY_ROOT = cil_strpool_add("<root>"); 231 CIL_KEY_NODE = cil_strpool_add("<node>"); 232 CIL_KEY_PERM = cil_strpool_add("perm"); 233 CIL_KEY_ALLOWX = cil_strpool_add("allowx"); 234 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx"); 235 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx"); 236 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx"); 237 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx"); 238 CIL_KEY_IOCTL = cil_strpool_add("ioctl"); 239 CIL_KEY_UNORDERED = cil_strpool_add("unordered"); 240 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>"); 241 CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>"); 242 CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>"); 243 } 244 245 void cil_db_init(struct cil_db **db) 246 { 247 *db = cil_malloc(sizeof(**db)); 248 249 cil_strpool_init(); 250 cil_init_keys(); 251 252 cil_tree_init(&(*db)->parse); 253 cil_tree_init(&(*db)->ast); 254 cil_root_init((struct cil_root **)&(*db)->ast->root->data); 255 (*db)->sidorder = NULL; 256 (*db)->classorder = NULL; 257 (*db)->catorder = NULL; 258 (*db)->sensitivityorder = NULL; 259 cil_sort_init(&(*db)->netifcon); 260 cil_sort_init(&(*db)->genfscon); 261 cil_sort_init(&(*db)->filecon); 262 cil_sort_init(&(*db)->nodecon); 263 cil_sort_init(&(*db)->ibpkeycon); 264 cil_sort_init(&(*db)->ibendportcon); 265 cil_sort_init(&(*db)->portcon); 266 cil_sort_init(&(*db)->pirqcon); 267 cil_sort_init(&(*db)->iomemcon); 268 cil_sort_init(&(*db)->ioportcon); 269 cil_sort_init(&(*db)->pcidevicecon); 270 cil_sort_init(&(*db)->devicetreecon); 271 cil_sort_init(&(*db)->fsuse); 272 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM); 273 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM); 274 cil_list_init(&(*db)->names, CIL_LIST_ITEM); 275 276 cil_type_init(&(*db)->selftype); 277 (*db)->selftype->datum.name = CIL_KEY_SELF; 278 (*db)->selftype->datum.fqn = CIL_KEY_SELF; 279 (*db)->num_types_and_attrs = 0; 280 (*db)->num_classes = 0; 281 (*db)->num_types = 0; 282 (*db)->num_roles = 0; 283 (*db)->num_users = 0; 284 (*db)->num_cats = 0; 285 (*db)->val_to_type = NULL; 286 (*db)->val_to_role = NULL; 287 (*db)->val_to_user = NULL; 288 289 (*db)->disable_dontaudit = CIL_FALSE; 290 (*db)->disable_neverallow = CIL_FALSE; 291 (*db)->attrs_expand_generated = CIL_FALSE; 292 (*db)->attrs_expand_size = 1; 293 (*db)->preserve_tunables = CIL_FALSE; 294 (*db)->handle_unknown = -1; 295 (*db)->mls = -1; 296 (*db)->target_platform = SEPOL_TARGET_SELINUX; 297 (*db)->policy_version = POLICYDB_VERSION_MAX; 298 } 299 300 void cil_db_destroy(struct cil_db **db) 301 { 302 if (db == NULL || *db == NULL) { 303 return; 304 } 305 306 cil_tree_destroy(&(*db)->parse); 307 cil_tree_destroy(&(*db)->ast); 308 cil_list_destroy(&(*db)->sidorder, CIL_FALSE); 309 cil_list_destroy(&(*db)->classorder, CIL_FALSE); 310 cil_list_destroy(&(*db)->catorder, CIL_FALSE); 311 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE); 312 cil_sort_destroy(&(*db)->netifcon); 313 cil_sort_destroy(&(*db)->genfscon); 314 cil_sort_destroy(&(*db)->filecon); 315 cil_sort_destroy(&(*db)->nodecon); 316 cil_sort_destroy(&(*db)->ibpkeycon); 317 cil_sort_destroy(&(*db)->ibendportcon); 318 cil_sort_destroy(&(*db)->portcon); 319 cil_sort_destroy(&(*db)->pirqcon); 320 cil_sort_destroy(&(*db)->iomemcon); 321 cil_sort_destroy(&(*db)->ioportcon); 322 cil_sort_destroy(&(*db)->pcidevicecon); 323 cil_sort_destroy(&(*db)->devicetreecon); 324 cil_sort_destroy(&(*db)->fsuse); 325 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE); 326 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE); 327 cil_list_destroy(&(*db)->names, CIL_TRUE); 328 329 cil_destroy_type((*db)->selftype); 330 331 cil_strpool_destroy(); 332 free((*db)->val_to_type); 333 free((*db)->val_to_role); 334 free((*db)->val_to_user); 335 336 free(*db); 337 *db = NULL; 338 } 339 340 void cil_root_init(struct cil_root **root) 341 { 342 struct cil_root *r = cil_malloc(sizeof(*r)); 343 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]); 344 345 *root = r; 346 } 347 348 void cil_root_destroy(struct cil_root *root) 349 { 350 if (root == NULL) { 351 return; 352 } 353 cil_symtab_array_destroy(root->symtab); 354 free(root); 355 } 356 357 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size) 358 { 359 char *buffer = NULL; 360 int rc; 361 362 cil_log(CIL_INFO, "Parsing %s\n", name); 363 364 buffer = cil_malloc(size + 2); 365 memcpy(buffer, data, size); 366 memset(buffer + size, 0, 2); 367 368 rc = cil_parser(name, buffer, size + 2, &db->parse); 369 if (rc != SEPOL_OK) { 370 cil_log(CIL_INFO, "Failed to parse %s\n", name); 371 goto exit; 372 } 373 374 free(buffer); 375 buffer = NULL; 376 377 rc = SEPOL_OK; 378 379 exit: 380 free(buffer); 381 382 return rc; 383 } 384 385 #ifdef DISABLE_SYMVER 386 int cil_compile(struct cil_db *db) 387 #else 388 int cil_compile_nopdb(struct cil_db *db) 389 #endif 390 { 391 int rc = SEPOL_ERR; 392 393 if (db == NULL) { 394 goto exit; 395 } 396 397 cil_log(CIL_INFO, "Building AST from Parse Tree\n"); 398 rc = cil_build_ast(db, db->parse->root, db->ast->root); 399 if (rc != SEPOL_OK) { 400 cil_log(CIL_INFO, "Failed to build ast\n"); 401 goto exit; 402 } 403 404 cil_log(CIL_INFO, "Destroying Parse Tree\n"); 405 cil_tree_destroy(&db->parse); 406 407 cil_log(CIL_INFO, "Resolving AST\n"); 408 rc = cil_resolve_ast(db, db->ast->root); 409 if (rc != SEPOL_OK) { 410 cil_log(CIL_INFO, "Failed to resolve ast\n"); 411 goto exit; 412 } 413 414 cil_log(CIL_INFO, "Qualifying Names\n"); 415 rc = cil_fqn_qualify(db->ast->root); 416 if (rc != SEPOL_OK) { 417 cil_log(CIL_INFO, "Failed to qualify names\n"); 418 goto exit; 419 } 420 421 cil_log(CIL_INFO, "Compile post process\n"); 422 rc = cil_post_process(db); 423 if (rc != SEPOL_OK ) { 424 cil_log(CIL_INFO, "Post process failed\n"); 425 goto exit; 426 } 427 428 exit: 429 430 return rc; 431 } 432 433 #ifndef DISABLE_SYMVER 434 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) 435 { 436 return cil_compile_nopdb(db); 437 } 438 439 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db) 440 { 441 int rc; 442 443 cil_log(CIL_INFO, "Building policy binary\n"); 444 rc = cil_binary_create_allocated_pdb(db, sepol_db); 445 if (rc != SEPOL_OK) { 446 cil_log(CIL_ERR, "Failed to generate binary\n"); 447 goto exit; 448 } 449 450 exit: 451 return rc; 452 } 453 #endif 454 455 #ifdef DISABLE_SYMVER 456 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) 457 #else 458 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) 459 #endif 460 { 461 int rc; 462 463 cil_log(CIL_INFO, "Building policy binary\n"); 464 rc = cil_binary_create(db, sepol_db); 465 if (rc != SEPOL_OK) { 466 cil_log(CIL_ERR, "Failed to generate binary\n"); 467 goto exit; 468 } 469 470 exit: 471 return rc; 472 } 473 474 void cil_write_policy_conf(FILE *out, struct cil_db *db) 475 { 476 cil_log(CIL_INFO, "Writing policy.conf file\n"); 477 cil_gen_policy(out, db); 478 } 479 480 void cil_destroy_data(void **data, enum cil_flavor flavor) 481 { 482 if (*data == NULL) { 483 return; 484 } 485 486 switch(flavor) { 487 case CIL_NONE: 488 break; 489 case CIL_ROOT: 490 cil_root_destroy(*data); 491 break; 492 case CIL_NODE: 493 break; 494 case CIL_STRING: 495 break; 496 case CIL_DATUM: 497 break; 498 case CIL_LIST: 499 cil_list_destroy(*data, CIL_FALSE); 500 break; 501 case CIL_LIST_ITEM: 502 break; 503 case CIL_PARAM: 504 cil_destroy_param(*data); 505 break; 506 case CIL_ARGS: 507 cil_destroy_args(*data); 508 break; 509 case CIL_BLOCK: 510 cil_destroy_block(*data); 511 break; 512 case CIL_BLOCKINHERIT: 513 cil_destroy_blockinherit(*data); 514 break; 515 case CIL_BLOCKABSTRACT: 516 cil_destroy_blockabstract(*data); 517 break; 518 case CIL_IN: 519 cil_destroy_in(*data); 520 break; 521 case CIL_MACRO: 522 cil_destroy_macro(*data); 523 break; 524 case CIL_CALL: 525 cil_destroy_call(*data); 526 break; 527 case CIL_OPTIONAL: 528 cil_destroy_optional(*data); 529 break; 530 case CIL_BOOL: 531 cil_destroy_bool(*data); 532 break; 533 case CIL_BOOLEANIF: 534 cil_destroy_boolif(*data); 535 break; 536 case CIL_TUNABLE: 537 cil_destroy_tunable(*data); 538 break; 539 case CIL_TUNABLEIF: 540 cil_destroy_tunif(*data); 541 break; 542 case CIL_CONDBLOCK: 543 cil_destroy_condblock(*data); 544 break; 545 case CIL_CONDTRUE: 546 break; 547 case CIL_CONDFALSE: 548 break; 549 case CIL_PERM: 550 case CIL_MAP_PERM: 551 cil_destroy_perm(*data); 552 break; 553 case CIL_COMMON: 554 case CIL_CLASS: 555 case CIL_MAP_CLASS: 556 cil_destroy_class(*data); 557 break; 558 case CIL_CLASSORDER: 559 cil_destroy_classorder(*data); 560 break; 561 case CIL_CLASSPERMISSION: 562 cil_destroy_classpermission(*data); 563 break; 564 case CIL_CLASSCOMMON: 565 cil_destroy_classcommon(*data); 566 break; 567 case CIL_CLASSMAPPING: 568 cil_destroy_classmapping(*data); 569 break; 570 case CIL_CLASSPERMS: 571 cil_destroy_classperms(*data); 572 break; 573 case CIL_CLASSPERMS_SET: 574 cil_destroy_classperms_set(*data); 575 break; 576 case CIL_CLASSPERMISSIONSET: 577 cil_destroy_classpermissionset(*data); 578 break; 579 case CIL_USER: 580 cil_destroy_user(*data); 581 break; 582 case CIL_USERATTRIBUTE: 583 cil_destroy_userattribute(*data); 584 break; 585 case CIL_USERATTRIBUTESET: 586 cil_destroy_userattributeset(*data); 587 break; 588 case CIL_USERPREFIX: 589 cil_destroy_userprefix(*data); 590 break; 591 case CIL_USERROLE: 592 cil_destroy_userrole(*data); 593 break; 594 case CIL_USERLEVEL: 595 cil_destroy_userlevel(*data); 596 break; 597 case CIL_USERRANGE: 598 cil_destroy_userrange(*data); 599 break; 600 case CIL_USERBOUNDS: 601 cil_destroy_bounds(*data); 602 break; 603 case CIL_SELINUXUSER: 604 case CIL_SELINUXUSERDEFAULT: 605 cil_destroy_selinuxuser(*data); 606 break; 607 case CIL_ROLE: 608 cil_destroy_role(*data); 609 break; 610 case CIL_ROLEATTRIBUTE: 611 cil_destroy_roleattribute(*data); 612 break; 613 case CIL_ROLEATTRIBUTESET: 614 cil_destroy_roleattributeset(*data); 615 break; 616 case CIL_ROLETYPE: 617 cil_destroy_roletype(*data); 618 break; 619 case CIL_ROLEBOUNDS: 620 cil_destroy_bounds(*data); 621 break; 622 case CIL_TYPE: 623 cil_destroy_type(*data); 624 break; 625 case CIL_TYPEATTRIBUTE: 626 cil_destroy_typeattribute(*data); 627 break; 628 case CIL_TYPEALIAS: 629 cil_destroy_alias(*data); 630 break; 631 case CIL_TYPEATTRIBUTESET: 632 cil_destroy_typeattributeset(*data); 633 break; 634 case CIL_EXPANDTYPEATTRIBUTE: 635 cil_destroy_expandtypeattribute(*data); 636 break; 637 case CIL_TYPEALIASACTUAL: 638 cil_destroy_aliasactual(*data); 639 break; 640 case CIL_TYPEBOUNDS: 641 cil_destroy_bounds(*data); 642 break; 643 case CIL_TYPEPERMISSIVE: 644 cil_destroy_typepermissive(*data); 645 break; 646 case CIL_SENS: 647 cil_destroy_sensitivity(*data); 648 break; 649 case CIL_SENSALIAS: 650 cil_destroy_alias(*data); 651 break; 652 case CIL_SENSALIASACTUAL: 653 cil_destroy_aliasactual(*data); 654 break; 655 case CIL_SENSITIVITYORDER: 656 cil_destroy_sensitivityorder(*data); 657 break; 658 case CIL_SENSCAT: 659 cil_destroy_senscat(*data); 660 break; 661 case CIL_CAT: 662 cil_destroy_category(*data); 663 break; 664 case CIL_CATSET: 665 cil_destroy_catset(*data); 666 break; 667 case CIL_CATALIAS: 668 cil_destroy_alias(*data); 669 break; 670 case CIL_CATALIASACTUAL: 671 cil_destroy_aliasactual(*data); 672 break; 673 case CIL_CATORDER: 674 cil_destroy_catorder(*data); 675 break; 676 case CIL_LEVEL: 677 cil_destroy_level(*data); 678 break; 679 case CIL_LEVELRANGE: 680 cil_destroy_levelrange(*data); 681 break; 682 case CIL_SID: 683 cil_destroy_sid(*data); 684 break; 685 case CIL_SIDORDER: 686 cil_destroy_sidorder(*data); 687 break; 688 case CIL_NAME: 689 cil_destroy_name(*data); 690 break; 691 case CIL_ROLEALLOW: 692 cil_destroy_roleallow(*data); 693 break; 694 case CIL_AVRULE: 695 case CIL_AVRULEX: 696 cil_destroy_avrule(*data); 697 break; 698 case CIL_PERMISSIONX: 699 cil_destroy_permissionx(*data); 700 break; 701 case CIL_ROLETRANSITION: 702 cil_destroy_roletransition(*data); 703 break; 704 case CIL_TYPE_RULE: 705 cil_destroy_type_rule(*data); 706 break; 707 case CIL_NAMETYPETRANSITION: 708 cil_destroy_typetransition(*data); 709 break; 710 case CIL_RANGETRANSITION: 711 cil_destroy_rangetransition(*data); 712 break; 713 case CIL_CONSTRAIN: 714 cil_destroy_constrain(*data); 715 break; 716 case CIL_MLSCONSTRAIN: 717 cil_destroy_constrain(*data); 718 break; 719 case CIL_VALIDATETRANS: 720 case CIL_MLSVALIDATETRANS: 721 cil_destroy_validatetrans(*data); 722 break; 723 case CIL_CONTEXT: 724 cil_destroy_context(*data); 725 break; 726 case CIL_IPADDR: 727 cil_destroy_ipaddr(*data); 728 break; 729 case CIL_SIDCONTEXT: 730 cil_destroy_sidcontext(*data); 731 break; 732 case CIL_FSUSE: 733 cil_destroy_fsuse(*data); 734 break; 735 case CIL_FILECON: 736 cil_destroy_filecon(*data); 737 break; 738 case CIL_IBPKEYCON: 739 cil_destroy_ibpkeycon(*data); 740 break; 741 case CIL_PORTCON: 742 cil_destroy_portcon(*data); 743 break; 744 case CIL_IBENDPORTCON: 745 cil_destroy_ibendportcon(*data); 746 break; 747 case CIL_NODECON: 748 cil_destroy_nodecon(*data); 749 break; 750 case CIL_GENFSCON: 751 cil_destroy_genfscon(*data); 752 break; 753 case CIL_NETIFCON: 754 cil_destroy_netifcon(*data); 755 break; 756 case CIL_PIRQCON: 757 cil_destroy_pirqcon(*data); 758 break; 759 case CIL_IOMEMCON: 760 cil_destroy_iomemcon(*data); 761 break; 762 case CIL_IOPORTCON: 763 cil_destroy_ioportcon(*data); 764 break; 765 case CIL_PCIDEVICECON: 766 cil_destroy_pcidevicecon(*data); 767 break; 768 case CIL_DEVICETREECON: 769 cil_destroy_devicetreecon(*data); 770 break; 771 case CIL_POLICYCAP: 772 cil_destroy_policycap(*data); 773 break; 774 case CIL_DEFAULTUSER: 775 case CIL_DEFAULTROLE: 776 case CIL_DEFAULTTYPE: 777 cil_destroy_default(*data); 778 break; 779 case CIL_DEFAULTRANGE: 780 cil_destroy_defaultrange(*data); 781 break; 782 case CIL_HANDLEUNKNOWN: 783 cil_destroy_handleunknown(*data); 784 break; 785 case CIL_MLS: 786 cil_destroy_mls(*data); 787 break; 788 case CIL_SRC_INFO: 789 cil_destroy_src_info(*data); 790 break; 791 case CIL_OP: 792 case CIL_CONS_OPERAND: 793 break; 794 default: 795 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor); 796 break; 797 } 798 799 *data = NULL; 800 } 801 802 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index) 803 { 804 if (flavor < CIL_MIN_DECLARATIVE) { 805 return SEPOL_ERR; 806 } 807 808 switch(flavor) { 809 case CIL_BLOCK: 810 *sym_index = CIL_SYM_BLOCKS; 811 break; 812 case CIL_MACRO: 813 *sym_index = CIL_SYM_BLOCKS; 814 break; 815 case CIL_OPTIONAL: 816 *sym_index = CIL_SYM_BLOCKS; 817 break; 818 case CIL_BOOL: 819 *sym_index = CIL_SYM_BOOLS; 820 break; 821 case CIL_TUNABLE: 822 *sym_index = CIL_SYM_TUNABLES; 823 break; 824 case CIL_PERM: 825 case CIL_MAP_PERM: 826 *sym_index = CIL_SYM_PERMS; 827 break; 828 case CIL_COMMON: 829 *sym_index = CIL_SYM_COMMONS; 830 break; 831 case CIL_CLASS: 832 case CIL_MAP_CLASS: 833 *sym_index = CIL_SYM_CLASSES; 834 break; 835 case CIL_CLASSPERMISSION: 836 case CIL_CLASSPERMISSIONSET: 837 *sym_index = CIL_SYM_CLASSPERMSETS; 838 break; 839 case CIL_USER: 840 case CIL_USERATTRIBUTE: 841 *sym_index = CIL_SYM_USERS; 842 break; 843 case CIL_ROLE: 844 case CIL_ROLEATTRIBUTE: 845 *sym_index = CIL_SYM_ROLES; 846 break; 847 case CIL_TYPE: 848 case CIL_TYPEALIAS: 849 case CIL_TYPEATTRIBUTE: 850 *sym_index = CIL_SYM_TYPES; 851 break; 852 case CIL_SENS: 853 case CIL_SENSALIAS: 854 *sym_index = CIL_SYM_SENS; 855 break; 856 case CIL_CAT: 857 case CIL_CATSET: 858 case CIL_CATALIAS: 859 *sym_index = CIL_SYM_CATS; 860 break; 861 case CIL_LEVEL: 862 *sym_index = CIL_SYM_LEVELS; 863 break; 864 case CIL_LEVELRANGE: 865 *sym_index = CIL_SYM_LEVELRANGES; 866 break; 867 case CIL_SID: 868 *sym_index = CIL_SYM_SIDS; 869 break; 870 case CIL_NAME: 871 *sym_index = CIL_SYM_NAMES; 872 break; 873 case CIL_CONTEXT: 874 *sym_index = CIL_SYM_CONTEXTS; 875 break; 876 case CIL_IPADDR: 877 *sym_index = CIL_SYM_IPADDRS; 878 break; 879 case CIL_POLICYCAP: 880 *sym_index = CIL_SYM_POLICYCAPS; 881 break; 882 case CIL_PERMISSIONX: 883 *sym_index = CIL_SYM_PERMX; 884 break; 885 default: 886 *sym_index = CIL_SYM_UNKNOWN; 887 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor); 888 return SEPOL_ERR; 889 } 890 891 return SEPOL_OK; 892 } 893 894 const char * cil_node_to_string(struct cil_tree_node *node) 895 { 896 switch (node->flavor) { 897 case CIL_NONE: 898 return "<none>"; 899 case CIL_ROOT: 900 return CIL_KEY_ROOT; 901 case CIL_NODE: 902 return CIL_KEY_NODE; 903 case CIL_STRING: 904 return "string"; 905 case CIL_DATUM: 906 return "<datum>"; 907 case CIL_LIST: 908 return "<list>"; 909 case CIL_LIST_ITEM: 910 return "<list_item>"; 911 case CIL_PARAM: 912 return "<param>"; 913 case CIL_ARGS: 914 return "<args>"; 915 case CIL_BLOCK: 916 return CIL_KEY_BLOCK; 917 case CIL_BLOCKINHERIT: 918 return CIL_KEY_BLOCKINHERIT; 919 case CIL_BLOCKABSTRACT: 920 return CIL_KEY_BLOCKABSTRACT; 921 case CIL_IN: 922 return CIL_KEY_IN; 923 case CIL_MACRO: 924 return CIL_KEY_MACRO; 925 case CIL_CALL: 926 return CIL_KEY_CALL; 927 case CIL_OPTIONAL: 928 return CIL_KEY_OPTIONAL; 929 case CIL_BOOL: 930 return CIL_KEY_BOOL; 931 case CIL_BOOLEANIF: 932 return CIL_KEY_BOOLEANIF; 933 case CIL_TUNABLE: 934 return CIL_KEY_TUNABLE; 935 case CIL_TUNABLEIF: 936 return CIL_KEY_TUNABLEIF; 937 case CIL_CONDBLOCK: 938 switch (((struct cil_condblock*)node->data)->flavor) { 939 case CIL_CONDTRUE: 940 return CIL_KEY_CONDTRUE; 941 case CIL_CONDFALSE: 942 return CIL_KEY_CONDFALSE; 943 default: 944 break; 945 } 946 break; 947 case CIL_CONDTRUE: 948 return CIL_KEY_CONDTRUE; 949 case CIL_CONDFALSE: 950 return CIL_KEY_CONDFALSE; 951 case CIL_PERM: 952 return CIL_KEY_PERM; 953 case CIL_COMMON: 954 return CIL_KEY_COMMON; 955 case CIL_CLASS: 956 return CIL_KEY_CLASS; 957 case CIL_CLASSORDER: 958 return CIL_KEY_CLASSORDER; 959 case CIL_MAP_CLASS: 960 return CIL_KEY_MAP_CLASS; 961 case CIL_CLASSPERMISSION: 962 return CIL_KEY_CLASSPERMISSION; 963 case CIL_CLASSCOMMON: 964 return CIL_KEY_CLASSCOMMON; 965 case CIL_CLASSMAPPING: 966 return CIL_KEY_CLASSMAPPING; 967 case CIL_CLASSPERMISSIONSET: 968 return CIL_KEY_CLASSPERMISSIONSET; 969 case CIL_USER: 970 return CIL_KEY_USER; 971 case CIL_USERATTRIBUTE: 972 return CIL_KEY_USERATTRIBUTE; 973 case CIL_USERATTRIBUTESET: 974 return CIL_KEY_USERATTRIBUTESET; 975 case CIL_USERPREFIX: 976 return CIL_KEY_USERPREFIX; 977 case CIL_USERROLE: 978 return CIL_KEY_USERROLE; 979 case CIL_USERLEVEL: 980 return CIL_KEY_USERLEVEL; 981 case CIL_USERRANGE: 982 return CIL_KEY_USERRANGE; 983 case CIL_USERBOUNDS: 984 return CIL_KEY_USERBOUNDS; 985 case CIL_SELINUXUSER: 986 return CIL_KEY_SELINUXUSER; 987 case CIL_SELINUXUSERDEFAULT: 988 return CIL_KEY_SELINUXUSERDEFAULT; 989 case CIL_ROLE: 990 return CIL_KEY_ROLE; 991 case CIL_ROLEATTRIBUTE: 992 return CIL_KEY_ROLEATTRIBUTE; 993 case CIL_ROLEATTRIBUTESET: 994 return CIL_KEY_ROLEATTRIBUTESET; 995 case CIL_ROLETYPE: 996 return CIL_KEY_ROLETYPE; 997 case CIL_ROLEBOUNDS: 998 return CIL_KEY_ROLEBOUNDS; 999 case CIL_TYPE: 1000 return CIL_KEY_TYPE; 1001 case CIL_TYPEATTRIBUTE: 1002 return CIL_KEY_TYPEATTRIBUTE; 1003 case CIL_TYPEALIAS: 1004 return CIL_KEY_TYPEALIAS; 1005 case CIL_TYPEATTRIBUTESET: 1006 return CIL_KEY_TYPEATTRIBUTESET; 1007 case CIL_EXPANDTYPEATTRIBUTE: 1008 return CIL_KEY_EXPANDTYPEATTRIBUTE; 1009 case CIL_TYPEALIASACTUAL: 1010 return CIL_KEY_TYPEALIASACTUAL; 1011 case CIL_TYPEBOUNDS: 1012 return CIL_KEY_TYPEBOUNDS; 1013 case CIL_TYPEPERMISSIVE: 1014 return CIL_KEY_TYPEPERMISSIVE; 1015 case CIL_SENS: 1016 return CIL_KEY_SENSITIVITY; 1017 case CIL_SENSALIAS: 1018 return CIL_KEY_SENSALIAS; 1019 case CIL_SENSALIASACTUAL: 1020 return CIL_KEY_SENSALIASACTUAL; 1021 case CIL_SENSITIVITYORDER: 1022 return CIL_KEY_SENSITIVITYORDER; 1023 case CIL_SENSCAT: 1024 return CIL_KEY_SENSCAT; 1025 case CIL_CAT: 1026 return CIL_KEY_CATEGORY; 1027 case CIL_CATSET: 1028 return CIL_KEY_CATSET; 1029 case CIL_CATALIAS: 1030 return CIL_KEY_CATALIAS; 1031 case CIL_CATALIASACTUAL: 1032 return CIL_KEY_CATALIASACTUAL; 1033 case CIL_CATORDER: 1034 return CIL_KEY_CATORDER; 1035 case CIL_LEVEL: 1036 return CIL_KEY_LEVEL; 1037 case CIL_LEVELRANGE: 1038 return CIL_KEY_LEVELRANGE; 1039 case CIL_SID: 1040 return CIL_KEY_SID; 1041 case CIL_SIDORDER: 1042 return CIL_KEY_SIDORDER; 1043 case CIL_NAME: 1044 return CIL_KEY_NAME; 1045 case CIL_ROLEALLOW: 1046 return CIL_KEY_ROLEALLOW; 1047 case CIL_AVRULE: 1048 switch (((struct cil_avrule *)node->data)->rule_kind) { 1049 case CIL_AVRULE_ALLOWED: 1050 return CIL_KEY_ALLOW; 1051 case CIL_AVRULE_AUDITALLOW: 1052 return CIL_KEY_AUDITALLOW; 1053 case CIL_AVRULE_DONTAUDIT: 1054 return CIL_KEY_DONTAUDIT; 1055 case CIL_AVRULE_NEVERALLOW: 1056 return CIL_KEY_NEVERALLOW; 1057 default: 1058 break; 1059 } 1060 break; 1061 case CIL_AVRULEX: 1062 switch (((struct cil_avrule *)node->data)->rule_kind) { 1063 case CIL_AVRULE_ALLOWED: 1064 return CIL_KEY_ALLOWX; 1065 case CIL_AVRULE_AUDITALLOW: 1066 return CIL_KEY_AUDITALLOWX; 1067 case CIL_AVRULE_DONTAUDIT: 1068 return CIL_KEY_DONTAUDITX; 1069 case CIL_AVRULE_NEVERALLOW: 1070 return CIL_KEY_NEVERALLOWX; 1071 default: 1072 break; 1073 } 1074 break; 1075 case CIL_PERMISSIONX: 1076 return CIL_KEY_PERMISSIONX; 1077 case CIL_ROLETRANSITION: 1078 return CIL_KEY_ROLETRANSITION; 1079 case CIL_TYPE_RULE: 1080 switch (((struct cil_type_rule *)node->data)->rule_kind) { 1081 case CIL_TYPE_TRANSITION: 1082 return CIL_KEY_TYPETRANSITION; 1083 case CIL_TYPE_MEMBER: 1084 return CIL_KEY_TYPEMEMBER; 1085 case CIL_TYPE_CHANGE: 1086 return CIL_KEY_TYPECHANGE; 1087 default: 1088 break; 1089 } 1090 break; 1091 case CIL_NAMETYPETRANSITION: 1092 return CIL_KEY_TYPETRANSITION; 1093 case CIL_RANGETRANSITION: 1094 return CIL_KEY_RANGETRANSITION; 1095 case CIL_CONSTRAIN: 1096 return CIL_KEY_CONSTRAIN; 1097 case CIL_MLSCONSTRAIN: 1098 return CIL_KEY_MLSCONSTRAIN; 1099 case CIL_VALIDATETRANS: 1100 return CIL_KEY_VALIDATETRANS; 1101 case CIL_MLSVALIDATETRANS: 1102 return CIL_KEY_MLSVALIDATETRANS; 1103 case CIL_CONTEXT: 1104 return CIL_KEY_CONTEXT; 1105 case CIL_IPADDR: 1106 return CIL_KEY_IPADDR; 1107 case CIL_SIDCONTEXT: 1108 return CIL_KEY_SIDCONTEXT; 1109 case CIL_FSUSE: 1110 return CIL_KEY_FSUSE; 1111 case CIL_FILECON: 1112 return CIL_KEY_FILECON; 1113 case CIL_IBPKEYCON: 1114 return CIL_KEY_IBPKEYCON; 1115 case CIL_IBENDPORTCON: 1116 return CIL_KEY_IBENDPORTCON; 1117 case CIL_PORTCON: 1118 return CIL_KEY_PORTCON; 1119 case CIL_NODECON: 1120 return CIL_KEY_NODECON; 1121 case CIL_GENFSCON: 1122 return CIL_KEY_GENFSCON; 1123 case CIL_NETIFCON: 1124 return CIL_KEY_NETIFCON; 1125 case CIL_PIRQCON: 1126 return CIL_KEY_PIRQCON; 1127 case CIL_IOMEMCON: 1128 return CIL_KEY_IOMEMCON; 1129 case CIL_IOPORTCON: 1130 return CIL_KEY_IOPORTCON; 1131 case CIL_PCIDEVICECON: 1132 return CIL_KEY_PCIDEVICECON; 1133 case CIL_DEVICETREECON: 1134 return CIL_KEY_DEVICETREECON; 1135 case CIL_POLICYCAP: 1136 return CIL_KEY_POLICYCAP; 1137 case CIL_DEFAULTUSER: 1138 return CIL_KEY_DEFAULTUSER; 1139 case CIL_DEFAULTROLE: 1140 return CIL_KEY_DEFAULTROLE; 1141 case CIL_DEFAULTTYPE: 1142 return CIL_KEY_DEFAULTTYPE; 1143 case CIL_DEFAULTRANGE: 1144 return CIL_KEY_DEFAULTRANGE; 1145 case CIL_HANDLEUNKNOWN: 1146 return CIL_KEY_HANDLEUNKNOWN; 1147 case CIL_MLS: 1148 return CIL_KEY_MLS; 1149 case CIL_SRC_INFO: 1150 return CIL_KEY_SRC_INFO; 1151 case CIL_ALL: 1152 return CIL_KEY_ALL; 1153 case CIL_RANGE: 1154 return CIL_KEY_RANGE; 1155 case CIL_AND: 1156 return CIL_KEY_AND; 1157 case CIL_OR: 1158 return CIL_KEY_OR; 1159 case CIL_XOR: 1160 return CIL_KEY_XOR; 1161 case CIL_NOT: 1162 return CIL_KEY_NOT; 1163 case CIL_EQ: 1164 return CIL_KEY_EQ; 1165 case CIL_NEQ: 1166 return CIL_KEY_NEQ; 1167 case CIL_CONS_DOM: 1168 return CIL_KEY_CONS_DOM; 1169 case CIL_CONS_DOMBY: 1170 return CIL_KEY_CONS_DOMBY; 1171 case CIL_CONS_INCOMP: 1172 return CIL_KEY_CONS_INCOMP; 1173 case CIL_CONS_U1: 1174 return CIL_KEY_CONS_U1; 1175 case CIL_CONS_U2: 1176 return CIL_KEY_CONS_U2; 1177 case CIL_CONS_U3: 1178 return CIL_KEY_CONS_U3; 1179 case CIL_CONS_T1: 1180 return CIL_KEY_CONS_T1; 1181 case CIL_CONS_T2: 1182 return CIL_KEY_CONS_T2; 1183 case CIL_CONS_T3: 1184 return CIL_KEY_CONS_T3; 1185 case CIL_CONS_R1: 1186 return CIL_KEY_CONS_R1; 1187 case CIL_CONS_R2: 1188 return CIL_KEY_CONS_R2; 1189 case CIL_CONS_R3: 1190 return CIL_KEY_CONS_R3; 1191 case CIL_CONS_L1: 1192 return CIL_KEY_CONS_L1; 1193 case CIL_CONS_L2: 1194 return CIL_KEY_CONS_L2; 1195 case CIL_CONS_H1: 1196 return CIL_KEY_CONS_H1; 1197 case CIL_CONS_H2: 1198 return CIL_KEY_CONS_H2; 1199 1200 default: 1201 break; 1202 } 1203 1204 return "<unknown>"; 1205 } 1206 1207 #ifdef DISABLE_SYMVER 1208 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) 1209 #else 1210 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1211 #endif 1212 { 1213 int rc = SEPOL_ERR; 1214 size_t str_len = 0; 1215 int buf_pos = 0; 1216 char *str_tmp = NULL; 1217 struct cil_list_item *curr; 1218 struct cil_userprefix *userprefix = NULL; 1219 struct cil_user *user = NULL; 1220 1221 *out = NULL; 1222 1223 if (db->userprefixes->head == NULL) { 1224 rc = SEPOL_OK; 1225 *size = 0; 1226 goto exit; 1227 } 1228 1229 cil_list_for_each(curr, db->userprefixes) { 1230 userprefix = curr->data; 1231 user = userprefix->user; 1232 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2; 1233 } 1234 1235 *size = str_len * sizeof(char); 1236 str_len++; 1237 str_tmp = cil_malloc(str_len * sizeof(char)); 1238 *out = str_tmp; 1239 1240 cil_list_for_each(curr, db->userprefixes) { 1241 userprefix = curr->data; 1242 user = userprefix->user; 1243 1244 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn, 1245 userprefix->prefix_str); 1246 str_len -= buf_pos; 1247 str_tmp += buf_pos; 1248 } 1249 1250 rc = SEPOL_OK; 1251 exit: 1252 return rc; 1253 1254 } 1255 1256 #ifndef DISABLE_SYMVER 1257 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1258 { 1259 return cil_userprefixes_to_string_nopdb(db, out, size); 1260 } 1261 #endif 1262 1263 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap) 1264 { 1265 int rc = SEPOL_ERR; 1266 struct cil_list_item *i; 1267 struct cil_list_item *j; 1268 struct cil_cat* cat; 1269 struct cil_catset *cs; 1270 struct cil_tree_node *node; 1271 1272 if (cats == NULL) { 1273 rc = SEPOL_OK; 1274 goto exit; 1275 } 1276 1277 cil_list_for_each(i, cats->datum_expr) { 1278 node = DATUM(i->data)->nodes->head->data; 1279 if (node->flavor == CIL_CATSET) { 1280 cs = (struct cil_catset*)i->data; 1281 cil_list_for_each(j, cs->cats->datum_expr) { 1282 cat = (struct cil_cat*)j->data; 1283 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1284 if (rc != SEPOL_OK) { 1285 goto exit; 1286 } 1287 } 1288 } else { 1289 cat = (struct cil_cat*)i->data; 1290 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1291 if (rc != SEPOL_OK) { 1292 goto exit; 1293 } 1294 } 1295 } 1296 1297 return SEPOL_OK; 1298 1299 exit: 1300 return rc; 1301 } 1302 1303 static int cil_level_equals(struct cil_level *low, struct cil_level *high) 1304 { 1305 int rc; 1306 struct ebitmap elow; 1307 struct ebitmap ehigh; 1308 1309 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) { 1310 rc = 0; 1311 goto exit; 1312 } 1313 1314 ebitmap_init(&elow); 1315 ebitmap_init(&ehigh); 1316 1317 rc = cil_cats_to_ebitmap(low->cats, &elow); 1318 if (rc != SEPOL_OK) { 1319 goto exit; 1320 } 1321 1322 rc = cil_cats_to_ebitmap(high->cats, &ehigh); 1323 if (rc != SEPOL_OK) { 1324 goto exit; 1325 } 1326 1327 rc = ebitmap_cmp(&elow, &ehigh); 1328 ebitmap_destroy(&elow); 1329 ebitmap_destroy(&ehigh); 1330 1331 exit: 1332 return rc; 1333 } 1334 1335 static int __cil_level_strlen(struct cil_level *lvl) 1336 { 1337 struct cil_list_item *item; 1338 struct cil_cats *cats = lvl->cats; 1339 int str_len = 0; 1340 char *str1 = NULL; 1341 char *str2 = NULL; 1342 int first = -1; 1343 int last = -1; 1344 1345 str_len += strlen(lvl->sens->datum.fqn); 1346 1347 if (cats && cats->datum_expr != NULL) { 1348 str_len++; /* initial ":" */ 1349 cil_list_for_each(item, cats->datum_expr) { 1350 struct cil_cat *cat = item->data; 1351 if (first == -1) { 1352 str1 = cat->datum.fqn; 1353 first = cat->value; 1354 last = first; 1355 } else if (cat->value == last + 1) { 1356 last++; 1357 str2 = cat->datum.fqn; 1358 } else { 1359 if (first == last) { 1360 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1; 1361 } else if (last == first + 1) { 1362 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1363 } else { 1364 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1365 } 1366 first = -1; 1367 last = -1; 1368 if (item->next != NULL) { 1369 str_len++; /* space for "," after */ 1370 } 1371 } 1372 } 1373 if (first != -1) { 1374 if (first == last) { 1375 str_len += strlen(str1); 1376 } else if (last == first + 1) { 1377 str_len += strlen(str1) + strlen(str2) + 1; 1378 } else { 1379 str_len += strlen(str1) + strlen(str2) + 1; 1380 } 1381 } 1382 } 1383 1384 return str_len; 1385 } 1386 1387 static int __cil_level_to_string(struct cil_level *lvl, char *out) 1388 { 1389 struct cil_list_item *item; 1390 struct cil_cats *cats = lvl->cats; 1391 int buf_pos = 0; 1392 char *str_tmp = out; 1393 char *str1 = NULL; 1394 char *str2 = NULL; 1395 int first = -1; 1396 int last = -1; 1397 1398 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn); 1399 str_tmp += buf_pos; 1400 1401 if (cats && cats->datum_expr != NULL) { 1402 buf_pos = sprintf(str_tmp, ":"); 1403 str_tmp += buf_pos; 1404 1405 cil_list_for_each(item, cats->datum_expr) { 1406 struct cil_cat *cat = item->data; 1407 if (first == -1) { 1408 str1 = cat->datum.fqn; 1409 first = cat->value; 1410 last = first; 1411 } else if (cat->value == last + 1) { 1412 last++; 1413 str2 = cat->datum.fqn; 1414 } else { 1415 if (first == last) { 1416 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn); 1417 str_tmp += buf_pos; 1418 } else if (last == first + 1) { 1419 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn); 1420 str_tmp += buf_pos; 1421 } else { 1422 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn); 1423 str_tmp += buf_pos; 1424 } 1425 first = -1; 1426 last = -1; 1427 if (item->next != NULL) { 1428 buf_pos = sprintf(str_tmp, ","); 1429 str_tmp += buf_pos; 1430 } 1431 } 1432 } 1433 if (first != -1) { 1434 if (first == last) { 1435 buf_pos = sprintf(str_tmp, "%s", str1); 1436 str_tmp += buf_pos; 1437 } else if (last == first + 1) { 1438 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2); 1439 str_tmp += buf_pos; 1440 } else { 1441 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2); 1442 str_tmp += buf_pos; 1443 } 1444 } 1445 } 1446 1447 return str_tmp - out; 1448 } 1449 1450 #ifdef DISABLE_SYMVER 1451 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) 1452 #else 1453 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1454 #endif 1455 { 1456 size_t str_len = 0; 1457 int buf_pos = 0; 1458 char *str_tmp = NULL; 1459 struct cil_list_item *curr; 1460 1461 if (db->selinuxusers->head == NULL) { 1462 *size = 0; 1463 *out = NULL; 1464 return SEPOL_OK; 1465 } 1466 1467 cil_list_for_each(curr, db->selinuxusers) { 1468 struct cil_selinuxuser *selinuxuser = curr->data; 1469 struct cil_user *user = selinuxuser->user; 1470 1471 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1; 1472 1473 if (db->mls == CIL_TRUE) { 1474 struct cil_levelrange *range = selinuxuser->range; 1475 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1476 } 1477 1478 str_len++; 1479 } 1480 1481 *size = str_len * sizeof(char); 1482 str_tmp = cil_malloc(*size+1); 1483 *out = str_tmp; 1484 1485 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) { 1486 struct cil_selinuxuser *selinuxuser = curr->data; 1487 struct cil_user *user = selinuxuser->user; 1488 1489 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn); 1490 str_tmp += buf_pos; 1491 1492 if (db->mls == CIL_TRUE) { 1493 struct cil_levelrange *range = selinuxuser->range; 1494 buf_pos = sprintf(str_tmp, ":"); 1495 str_tmp += buf_pos; 1496 buf_pos = __cil_level_to_string(range->low, str_tmp); 1497 str_tmp += buf_pos; 1498 buf_pos = sprintf(str_tmp, "-"); 1499 str_tmp += buf_pos; 1500 buf_pos = __cil_level_to_string(range->high, str_tmp); 1501 str_tmp += buf_pos; 1502 } 1503 1504 buf_pos = sprintf(str_tmp, "\n"); 1505 str_tmp += buf_pos; 1506 } 1507 1508 return SEPOL_OK; 1509 } 1510 1511 #ifndef DISABLE_SYMVER 1512 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1513 { 1514 return cil_selinuxusers_to_string_nopdb(db, out, size); 1515 } 1516 #endif 1517 1518 #ifdef DISABLE_SYMVER 1519 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) 1520 #else 1521 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1522 #endif 1523 { 1524 uint32_t i = 0; 1525 int buf_pos = 0; 1526 size_t str_len = 0; 1527 char *str_tmp = NULL; 1528 struct cil_sort *filecons = db->filecon; 1529 1530 for (i = 0; i < filecons->count; i++) { 1531 struct cil_filecon *filecon = filecons->array[i]; 1532 struct cil_context *ctx = filecon->context; 1533 1534 str_len += strlen(filecon->path_str); 1535 1536 if (filecon->type != CIL_FILECON_ANY) { 1537 /* If a type is specified, 1538 +2 for type string, +1 for tab */ 1539 str_len += 3; 1540 } 1541 1542 if (ctx != NULL) { 1543 struct cil_user *user = ctx->user; 1544 struct cil_role *role = ctx->role; 1545 struct cil_type *type = ctx->type; 1546 1547 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3); 1548 1549 if (db->mls == CIL_TRUE) { 1550 struct cil_levelrange *range = ctx->range; 1551 if (cil_level_equals(range->low, range->high)) { 1552 str_len += __cil_level_strlen(range->low) + 1; 1553 } else { 1554 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1555 } 1556 } 1557 } else { 1558 str_len += strlen("\t<<none>>"); 1559 } 1560 1561 str_len++; 1562 } 1563 1564 *size = str_len * sizeof(char); 1565 str_tmp = cil_malloc(*size+1); 1566 *out = str_tmp; 1567 1568 for (i = 0; i < filecons->count; i++) { 1569 struct cil_filecon *filecon = filecons->array[i]; 1570 struct cil_context *ctx = filecon->context; 1571 const char *str_type = NULL; 1572 1573 buf_pos = sprintf(str_tmp, "%s", filecon->path_str); 1574 str_tmp += buf_pos; 1575 1576 switch(filecon->type) { 1577 case CIL_FILECON_FILE: 1578 str_type = "\t--"; 1579 break; 1580 case CIL_FILECON_DIR: 1581 str_type = "\t-d"; 1582 break; 1583 case CIL_FILECON_CHAR: 1584 str_type = "\t-c"; 1585 break; 1586 case CIL_FILECON_BLOCK: 1587 str_type = "\t-b"; 1588 break; 1589 case CIL_FILECON_SOCKET: 1590 str_type = "\t-s"; 1591 break; 1592 case CIL_FILECON_PIPE: 1593 str_type = "\t-p"; 1594 break; 1595 case CIL_FILECON_SYMLINK: 1596 str_type = "\t-l"; 1597 break; 1598 default: 1599 str_type = ""; 1600 break; 1601 } 1602 buf_pos = sprintf(str_tmp, "%s", str_type); 1603 str_tmp += buf_pos; 1604 1605 if (ctx != NULL) { 1606 struct cil_user *user = ctx->user; 1607 struct cil_role *role = ctx->role; 1608 struct cil_type *type = ctx->type; 1609 1610 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn, 1611 type->datum.fqn); 1612 str_tmp += buf_pos; 1613 1614 if (db->mls == CIL_TRUE) { 1615 struct cil_levelrange *range = ctx->range; 1616 buf_pos = sprintf(str_tmp, ":"); 1617 str_tmp += buf_pos; 1618 buf_pos = __cil_level_to_string(range->low, str_tmp); 1619 str_tmp += buf_pos; 1620 1621 if (!cil_level_equals(range->low, range->high)) { 1622 buf_pos = sprintf(str_tmp, "-"); 1623 str_tmp += buf_pos; 1624 buf_pos = __cil_level_to_string(range->high, str_tmp); 1625 str_tmp += buf_pos; 1626 } 1627 } 1628 } else { 1629 buf_pos = sprintf(str_tmp, "\t<<none>>"); 1630 str_tmp += buf_pos; 1631 } 1632 1633 buf_pos = sprintf(str_tmp, "\n"); 1634 str_tmp += buf_pos; 1635 } 1636 1637 return SEPOL_OK; 1638 } 1639 1640 #ifndef DISABLE_SYMVER 1641 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1642 { 1643 return cil_filecons_to_string_nopdb(db, out, size); 1644 } 1645 #endif 1646 1647 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit) 1648 { 1649 db->disable_dontaudit = disable_dontaudit; 1650 } 1651 1652 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow) 1653 { 1654 db->disable_neverallow = disable_neverallow; 1655 } 1656 1657 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated) 1658 { 1659 db->attrs_expand_generated = attrs_expand_generated; 1660 } 1661 1662 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size) 1663 { 1664 db->attrs_expand_size = attrs_expand_size; 1665 } 1666 1667 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables) 1668 { 1669 db->preserve_tunables = preserve_tunables; 1670 } 1671 1672 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown) 1673 { 1674 int rc = 0; 1675 1676 switch (handle_unknown) { 1677 case SEPOL_DENY_UNKNOWN: 1678 case SEPOL_REJECT_UNKNOWN: 1679 case SEPOL_ALLOW_UNKNOWN: 1680 db->handle_unknown = handle_unknown; 1681 break; 1682 default: 1683 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown); 1684 rc = -1; 1685 } 1686 1687 return rc; 1688 } 1689 1690 void cil_set_mls(struct cil_db *db, int mls) 1691 { 1692 db->mls = mls; 1693 } 1694 1695 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls) 1696 { 1697 db->multiple_decls = multiple_decls; 1698 } 1699 1700 void cil_set_target_platform(struct cil_db *db, int target_platform) 1701 { 1702 db->target_platform = target_platform; 1703 } 1704 1705 void cil_set_policy_version(struct cil_db *db, int policy_version) 1706 { 1707 db->policy_version = policy_version; 1708 } 1709 1710 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM]) 1711 { 1712 uint32_t i = 0; 1713 for (i = 0; i < CIL_SYM_NUM; i++) { 1714 cil_symtab_init(&symtab[i], symtab_sizes[i]); 1715 } 1716 } 1717 1718 void cil_symtab_array_destroy(symtab_t symtab[]) 1719 { 1720 int i = 0; 1721 for (i = 0; i < CIL_SYM_NUM; i++) { 1722 cil_symtab_destroy(&symtab[i]); 1723 } 1724 } 1725 1726 void cil_destroy_ast_symtabs(struct cil_tree_node *current) 1727 { 1728 while (current) { 1729 switch (current->flavor) { 1730 case CIL_BLOCK: 1731 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab); 1732 break; 1733 case CIL_IN: 1734 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab); 1735 break; 1736 case CIL_CLASS: 1737 case CIL_COMMON: 1738 case CIL_MAP_CLASS: 1739 cil_symtab_destroy(&((struct cil_class*)current->data)->perms); 1740 break; 1741 case CIL_MACRO: 1742 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab); 1743 break; 1744 case CIL_CONDBLOCK: 1745 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab); 1746 break; 1747 default: 1748 break; 1749 } 1750 1751 if (current->cl_head) { 1752 cil_destroy_ast_symtabs(current->cl_head); 1753 } 1754 1755 current = current->next; 1756 } 1757 } 1758 1759 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index) 1760 { 1761 struct cil_tree_node *node = ast_node; 1762 *symtab = NULL; 1763 1764 if (sym_index == CIL_SYM_PERMS) { 1765 /* Class statements are not blocks, so the passed node should be the class */ 1766 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS || 1767 node->flavor == CIL_COMMON) { 1768 *symtab = &((struct cil_class*)node->data)->perms; 1769 return SEPOL_OK; 1770 } 1771 goto exit; 1772 } 1773 1774 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) { 1775 cil_log(CIL_ERR, "Invalid symtab type\n"); 1776 goto exit; 1777 } 1778 1779 while (node != NULL && *symtab == NULL) { 1780 switch (node->flavor) { 1781 case CIL_ROOT: 1782 *symtab = &((struct cil_root *)node->data)->symtab[sym_index]; 1783 break; 1784 case CIL_BLOCK: 1785 *symtab = &((struct cil_block*)node->data)->symtab[sym_index]; 1786 break; 1787 case CIL_MACRO: 1788 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index]; 1789 break; 1790 case CIL_IN: 1791 /* In blocks only exist before resolving the AST */ 1792 *symtab = &((struct cil_in*)node->data)->symtab[sym_index]; 1793 break; 1794 case CIL_CONDBLOCK: { 1795 if (node->parent->flavor == CIL_TUNABLEIF) { 1796 /* Cond blocks only exist before resolving the AST */ 1797 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index]; 1798 } else if (node->parent->flavor == CIL_BOOLEANIF) { 1799 node = node->parent->parent; 1800 } 1801 break; 1802 } 1803 default: 1804 node = node->parent; 1805 } 1806 } 1807 1808 if (*symtab == NULL) { 1809 goto exit; 1810 } 1811 1812 return SEPOL_OK; 1813 1814 exit: 1815 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node"); 1816 return SEPOL_ERR; 1817 } 1818 1819 void cil_sort_init(struct cil_sort **sort) 1820 { 1821 *sort = cil_malloc(sizeof(**sort)); 1822 1823 (*sort)->flavor = CIL_NONE; 1824 (*sort)->count = 0; 1825 (*sort)->index = 0; 1826 (*sort)->array = NULL; 1827 } 1828 1829 void cil_sort_destroy(struct cil_sort **sort) 1830 { 1831 (*sort)->flavor = CIL_NONE; 1832 (*sort)->count = 0; 1833 (*sort)->index = 0; 1834 if ((*sort)->array != NULL) { 1835 free((*sort)->array); 1836 } 1837 (*sort)->array = NULL; 1838 1839 free(*sort); 1840 *sort = NULL; 1841 } 1842 1843 void cil_netifcon_init(struct cil_netifcon **netifcon) 1844 { 1845 *netifcon = cil_malloc(sizeof(**netifcon)); 1846 1847 (*netifcon)->interface_str = NULL; 1848 (*netifcon)->if_context_str = NULL; 1849 (*netifcon)->if_context = NULL; 1850 (*netifcon)->packet_context_str = NULL; 1851 (*netifcon)->packet_context = NULL; 1852 (*netifcon)->context_str = NULL; 1853 } 1854 1855 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon) 1856 { 1857 *ibendportcon = cil_malloc(sizeof(**ibendportcon)); 1858 1859 (*ibendportcon)->dev_name_str = NULL; 1860 (*ibendportcon)->port = 0; 1861 (*ibendportcon)->context_str = NULL; 1862 (*ibendportcon)->context = NULL; 1863 } 1864 1865 void cil_context_init(struct cil_context **context) 1866 { 1867 *context = cil_malloc(sizeof(**context)); 1868 1869 cil_symtab_datum_init(&(*context)->datum); 1870 (*context)->user_str = NULL; 1871 (*context)->user = NULL; 1872 (*context)->role_str = NULL; 1873 (*context)->role = NULL; 1874 (*context)->type_str = NULL; 1875 (*context)->type = NULL; 1876 (*context)->range_str = NULL; 1877 (*context)->range = NULL; 1878 } 1879 1880 void cil_level_init(struct cil_level **level) 1881 { 1882 *level = cil_malloc(sizeof(**level)); 1883 1884 cil_symtab_datum_init(&(*level)->datum); 1885 (*level)->sens_str = NULL; 1886 (*level)->sens = NULL; 1887 (*level)->cats = NULL; 1888 } 1889 1890 void cil_levelrange_init(struct cil_levelrange **range) 1891 { 1892 *range = cil_malloc(sizeof(**range)); 1893 1894 cil_symtab_datum_init(&(*range)->datum); 1895 (*range)->low_str = NULL; 1896 (*range)->low = NULL; 1897 (*range)->high_str = NULL; 1898 (*range)->high = NULL; 1899 } 1900 1901 void cil_sens_init(struct cil_sens **sens) 1902 { 1903 *sens = cil_malloc(sizeof(**sens)); 1904 1905 cil_symtab_datum_init(&(*sens)->datum); 1906 1907 (*sens)->cats_list = NULL; 1908 1909 (*sens)->ordered = CIL_FALSE; 1910 } 1911 1912 void cil_block_init(struct cil_block **block) 1913 { 1914 *block = cil_malloc(sizeof(**block)); 1915 1916 cil_symtab_datum_init(&(*block)->datum); 1917 1918 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]); 1919 1920 (*block)->is_abstract = CIL_FALSE; 1921 1922 (*block)->bi_nodes = NULL; 1923 } 1924 1925 void cil_blockinherit_init(struct cil_blockinherit **inherit) 1926 { 1927 *inherit = cil_malloc(sizeof(**inherit)); 1928 (*inherit)->block_str = NULL; 1929 (*inherit)->block = NULL; 1930 } 1931 1932 void cil_blockabstract_init(struct cil_blockabstract **abstract) 1933 { 1934 *abstract = cil_malloc(sizeof(**abstract)); 1935 (*abstract)->block_str = NULL; 1936 } 1937 1938 void cil_in_init(struct cil_in **in) 1939 { 1940 *in = cil_malloc(sizeof(**in)); 1941 1942 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]); 1943 (*in)->block_str = NULL; 1944 } 1945 1946 void cil_class_init(struct cil_class **class) 1947 { 1948 *class = cil_malloc(sizeof(**class)); 1949 1950 cil_symtab_datum_init(&(*class)->datum); 1951 1952 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE); 1953 1954 (*class)->num_perms = 0; 1955 (*class)->common = NULL; 1956 (*class)->ordered = CIL_FALSE; 1957 } 1958 1959 void cil_classorder_init(struct cil_classorder **classorder) 1960 { 1961 *classorder = cil_malloc(sizeof(**classorder)); 1962 1963 (*classorder)->class_list_str = NULL; 1964 } 1965 1966 void cil_classcommon_init(struct cil_classcommon **classcommon) 1967 { 1968 *classcommon = cil_malloc(sizeof(**classcommon)); 1969 1970 (*classcommon)->class_str = NULL; 1971 (*classcommon)->common_str = NULL; 1972 } 1973 1974 void cil_sid_init(struct cil_sid **sid) 1975 { 1976 *sid = cil_malloc(sizeof(**sid)); 1977 1978 cil_symtab_datum_init(&(*sid)->datum); 1979 1980 (*sid)->ordered = CIL_FALSE; 1981 (*sid)->context = NULL; 1982 } 1983 1984 void cil_sidcontext_init(struct cil_sidcontext **sidcontext) 1985 { 1986 *sidcontext = cil_malloc(sizeof(**sidcontext)); 1987 1988 (*sidcontext)->sid_str = NULL; 1989 (*sidcontext)->context_str = NULL; 1990 (*sidcontext)->context = NULL; 1991 } 1992 1993 void cil_sidorder_init(struct cil_sidorder **sidorder) 1994 { 1995 *sidorder = cil_malloc(sizeof(**sidorder)); 1996 1997 (*sidorder)->sid_list_str = NULL; 1998 } 1999 2000 void cil_userrole_init(struct cil_userrole **userrole) 2001 { 2002 *userrole = cil_malloc(sizeof(**userrole)); 2003 2004 (*userrole)->user_str = NULL; 2005 (*userrole)->user = NULL; 2006 (*userrole)->role_str = NULL; 2007 (*userrole)->role = NULL; 2008 } 2009 2010 void cil_userprefix_init(struct cil_userprefix **userprefix) 2011 { 2012 *userprefix = cil_malloc(sizeof(**userprefix)); 2013 2014 (*userprefix)->user_str = NULL; 2015 (*userprefix)->user = NULL; 2016 (*userprefix)->prefix_str = NULL; 2017 } 2018 2019 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser) 2020 { 2021 *selinuxuser = cil_malloc(sizeof(**selinuxuser)); 2022 2023 (*selinuxuser)->name_str = NULL; 2024 (*selinuxuser)->user_str = NULL; 2025 (*selinuxuser)->user = NULL; 2026 (*selinuxuser)->range_str = NULL; 2027 (*selinuxuser)->range = NULL; 2028 } 2029 2030 void cil_roletype_init(struct cil_roletype **roletype) 2031 { 2032 *roletype = cil_malloc(sizeof(**roletype)); 2033 2034 (*roletype)->role_str = NULL; 2035 (*roletype)->role = NULL; 2036 (*roletype)->type_str = NULL; 2037 (*roletype)->type = NULL; 2038 } 2039 2040 void cil_roleattribute_init(struct cil_roleattribute **attr) 2041 { 2042 *attr = cil_malloc(sizeof(**attr)); 2043 2044 cil_symtab_datum_init(&(*attr)->datum); 2045 2046 (*attr)->expr_list = NULL; 2047 (*attr)->roles = NULL; 2048 } 2049 2050 void cil_roleattributeset_init(struct cil_roleattributeset **attrset) 2051 { 2052 *attrset = cil_malloc(sizeof(**attrset)); 2053 2054 (*attrset)->attr_str = NULL; 2055 (*attrset)->str_expr = NULL; 2056 (*attrset)->datum_expr = NULL; 2057 } 2058 2059 void cil_typeattribute_init(struct cil_typeattribute **attr) 2060 { 2061 *attr = cil_malloc(sizeof(**attr)); 2062 2063 cil_symtab_datum_init(&(*attr)->datum); 2064 2065 (*attr)->expr_list = NULL; 2066 (*attr)->types = NULL; 2067 (*attr)->used = CIL_FALSE; 2068 (*attr)->keep = CIL_FALSE; 2069 } 2070 2071 void cil_typeattributeset_init(struct cil_typeattributeset **attrset) 2072 { 2073 *attrset = cil_malloc(sizeof(**attrset)); 2074 2075 (*attrset)->attr_str = NULL; 2076 (*attrset)->str_expr = NULL; 2077 (*attrset)->datum_expr = NULL; 2078 } 2079 2080 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr) 2081 { 2082 *expandattr = cil_malloc(sizeof(**expandattr)); 2083 2084 (*expandattr)->attr_strs = NULL; 2085 (*expandattr)->attr_datums = NULL; 2086 (*expandattr)->expand = 0; 2087 } 2088 2089 void cil_alias_init(struct cil_alias **alias) 2090 { 2091 *alias = cil_malloc(sizeof(**alias)); 2092 2093 (*alias)->actual = NULL; 2094 2095 cil_symtab_datum_init(&(*alias)->datum); 2096 } 2097 2098 void cil_aliasactual_init(struct cil_aliasactual **aliasactual) 2099 { 2100 *aliasactual = cil_malloc(sizeof(**aliasactual)); 2101 2102 (*aliasactual)->alias_str = NULL; 2103 (*aliasactual)->actual_str = NULL; 2104 } 2105 2106 void cil_typepermissive_init(struct cil_typepermissive **typeperm) 2107 { 2108 *typeperm = cil_malloc(sizeof(**typeperm)); 2109 2110 (*typeperm)->type_str = NULL; 2111 (*typeperm)->type = NULL; 2112 } 2113 2114 void cil_name_init(struct cil_name **name) 2115 { 2116 *name = cil_malloc(sizeof(**name)); 2117 2118 cil_symtab_datum_init(&(*name)->datum); 2119 (*name)->name_str = NULL; 2120 } 2121 2122 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans) 2123 { 2124 *nametypetrans = cil_malloc(sizeof(**nametypetrans)); 2125 2126 (*nametypetrans)->src_str = NULL; 2127 (*nametypetrans)->src = NULL; 2128 (*nametypetrans)->tgt_str = NULL; 2129 (*nametypetrans)->tgt = NULL; 2130 (*nametypetrans)->obj_str = NULL; 2131 (*nametypetrans)->obj = NULL; 2132 (*nametypetrans)->name_str = NULL; 2133 (*nametypetrans)->name = NULL; 2134 (*nametypetrans)->result_str = NULL; 2135 (*nametypetrans)->result = NULL; 2136 } 2137 2138 void cil_rangetransition_init(struct cil_rangetransition **rangetrans) 2139 { 2140 *rangetrans = cil_malloc(sizeof(**rangetrans)); 2141 2142 (*rangetrans)->src_str = NULL; 2143 (*rangetrans)->src = NULL; 2144 (*rangetrans)->exec_str = NULL; 2145 (*rangetrans)->exec = NULL; 2146 (*rangetrans)->obj_str = NULL; 2147 (*rangetrans)->obj = NULL; 2148 (*rangetrans)->range_str = NULL; 2149 (*rangetrans)->range = NULL; 2150 } 2151 2152 void cil_bool_init(struct cil_bool **cilbool) 2153 { 2154 *cilbool = cil_malloc(sizeof(**cilbool)); 2155 2156 cil_symtab_datum_init(&(*cilbool)->datum); 2157 (*cilbool)->value = 0; 2158 } 2159 2160 void cil_tunable_init(struct cil_tunable **ciltun) 2161 { 2162 *ciltun = cil_malloc(sizeof(**ciltun)); 2163 2164 cil_symtab_datum_init(&(*ciltun)->datum); 2165 (*ciltun)->value = 0; 2166 } 2167 2168 void cil_condblock_init(struct cil_condblock **cb) 2169 { 2170 *cb = cil_malloc(sizeof(**cb)); 2171 2172 (*cb)->flavor = CIL_NONE; 2173 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]); 2174 } 2175 2176 void cil_boolif_init(struct cil_booleanif **bif) 2177 { 2178 *bif = cil_malloc(sizeof(**bif)); 2179 2180 (*bif)->str_expr = NULL; 2181 (*bif)->datum_expr = NULL; 2182 } 2183 2184 void cil_tunif_init(struct cil_tunableif **tif) 2185 { 2186 *tif = cil_malloc(sizeof(**tif)); 2187 2188 (*tif)->str_expr = NULL; 2189 (*tif)->datum_expr = NULL; 2190 } 2191 2192 void cil_avrule_init(struct cil_avrule **avrule) 2193 { 2194 *avrule = cil_malloc(sizeof(**avrule)); 2195 2196 (*avrule)->is_extended = 0; 2197 (*avrule)->rule_kind = CIL_NONE; 2198 (*avrule)->src_str = NULL; 2199 (*avrule)->src = NULL; 2200 (*avrule)->tgt_str = NULL; 2201 (*avrule)->tgt = NULL; 2202 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms)); 2203 } 2204 2205 void cil_permissionx_init(struct cil_permissionx **permx) 2206 { 2207 *permx = cil_malloc(sizeof(**permx)); 2208 2209 cil_symtab_datum_init(&(*permx)->datum); 2210 (*permx)->kind = CIL_NONE; 2211 (*permx)->obj_str = NULL; 2212 (*permx)->obj = NULL; 2213 (*permx)->expr_str = NULL; 2214 (*permx)->perms = NULL; 2215 } 2216 2217 void cil_type_rule_init(struct cil_type_rule **type_rule) 2218 { 2219 *type_rule = cil_malloc(sizeof(**type_rule)); 2220 2221 (*type_rule)->rule_kind = CIL_NONE; 2222 (*type_rule)->src_str = NULL; 2223 (*type_rule)->src = NULL; 2224 (*type_rule)->tgt_str = NULL; 2225 (*type_rule)->tgt = NULL; 2226 (*type_rule)->obj_str = NULL; 2227 (*type_rule)->obj = NULL; 2228 (*type_rule)->result_str = NULL; 2229 (*type_rule)->result = NULL; 2230 } 2231 2232 void cil_roletransition_init(struct cil_roletransition **role_trans) 2233 { 2234 *role_trans = cil_malloc(sizeof(**role_trans)); 2235 2236 (*role_trans)->src_str = NULL; 2237 (*role_trans)->src = NULL; 2238 (*role_trans)->tgt_str = NULL; 2239 (*role_trans)->tgt = NULL; 2240 (*role_trans)->obj_str = NULL; 2241 (*role_trans)->obj = NULL; 2242 (*role_trans)->result_str = NULL; 2243 (*role_trans)->result = NULL; 2244 } 2245 2246 void cil_roleallow_init(struct cil_roleallow **roleallow) 2247 { 2248 *roleallow = cil_malloc(sizeof(**roleallow)); 2249 2250 (*roleallow)->src_str = NULL; 2251 (*roleallow)->src = NULL; 2252 (*roleallow)->tgt_str = NULL; 2253 (*roleallow)->tgt = NULL; 2254 } 2255 2256 void cil_catset_init(struct cil_catset **catset) 2257 { 2258 *catset = cil_malloc(sizeof(**catset)); 2259 2260 cil_symtab_datum_init(&(*catset)->datum); 2261 (*catset)->cats = NULL; 2262 } 2263 2264 void cil_senscat_init(struct cil_senscat **senscat) 2265 { 2266 *senscat = cil_malloc(sizeof(**senscat)); 2267 2268 (*senscat)->sens_str = NULL; 2269 (*senscat)->cats = NULL; 2270 } 2271 2272 void cil_cats_init(struct cil_cats **cats) 2273 { 2274 *cats = cil_malloc(sizeof(**cats)); 2275 2276 (*cats)->evaluated = CIL_FALSE; 2277 (*cats)->str_expr = NULL; 2278 (*cats)->datum_expr = NULL; 2279 } 2280 2281 void cil_filecon_init(struct cil_filecon **filecon) 2282 { 2283 *filecon = cil_malloc(sizeof(**filecon)); 2284 2285 (*filecon)->path_str = NULL; 2286 (*filecon)->type = 0; 2287 (*filecon)->context_str = NULL; 2288 (*filecon)->context = NULL; 2289 } 2290 2291 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon) 2292 { 2293 *ibpkeycon = cil_malloc(sizeof(**ibpkeycon)); 2294 2295 (*ibpkeycon)->subnet_prefix_str = NULL; 2296 (*ibpkeycon)->pkey_low = 0; 2297 (*ibpkeycon)->pkey_high = 0; 2298 (*ibpkeycon)->context_str = NULL; 2299 (*ibpkeycon)->context = NULL; 2300 } 2301 2302 void cil_portcon_init(struct cil_portcon **portcon) 2303 { 2304 *portcon = cil_malloc(sizeof(**portcon)); 2305 (*portcon)->proto = 0; 2306 (*portcon)->port_low = 0; 2307 (*portcon)->port_high = 0; 2308 (*portcon)->context_str = NULL; 2309 (*portcon)->context = NULL; 2310 } 2311 2312 void cil_nodecon_init(struct cil_nodecon **nodecon) 2313 { 2314 *nodecon = cil_malloc(sizeof(**nodecon)); 2315 2316 (*nodecon)->addr_str = NULL; 2317 (*nodecon)->addr = NULL; 2318 (*nodecon)->mask_str = NULL; 2319 (*nodecon)->mask = NULL; 2320 (*nodecon)->context_str = NULL; 2321 (*nodecon)->context = NULL; 2322 } 2323 2324 void cil_genfscon_init(struct cil_genfscon **genfscon) 2325 { 2326 *genfscon = cil_malloc(sizeof(**genfscon)); 2327 2328 (*genfscon)->fs_str = NULL; 2329 (*genfscon)->path_str = NULL; 2330 (*genfscon)->context_str = NULL; 2331 (*genfscon)->context = NULL; 2332 } 2333 2334 void cil_pirqcon_init(struct cil_pirqcon **pirqcon) 2335 { 2336 *pirqcon = cil_malloc(sizeof(**pirqcon)); 2337 2338 (*pirqcon)->pirq = 0; 2339 (*pirqcon)->context_str = NULL; 2340 (*pirqcon)->context = NULL; 2341 } 2342 2343 void cil_iomemcon_init(struct cil_iomemcon **iomemcon) 2344 { 2345 *iomemcon = cil_malloc(sizeof(**iomemcon)); 2346 2347 (*iomemcon)->iomem_low = 0; 2348 (*iomemcon)->iomem_high = 0; 2349 (*iomemcon)->context_str = NULL; 2350 (*iomemcon)->context = NULL; 2351 } 2352 2353 void cil_ioportcon_init(struct cil_ioportcon **ioportcon) 2354 { 2355 *ioportcon = cil_malloc(sizeof(**ioportcon)); 2356 2357 (*ioportcon)->context_str = NULL; 2358 (*ioportcon)->context = NULL; 2359 } 2360 2361 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon) 2362 { 2363 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon)); 2364 2365 (*pcidevicecon)->dev = 0; 2366 (*pcidevicecon)->context_str = NULL; 2367 (*pcidevicecon)->context = NULL; 2368 } 2369 2370 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon) 2371 { 2372 *dtcon = cil_malloc(sizeof(**dtcon)); 2373 2374 (*dtcon)->path = NULL; 2375 (*dtcon)->context_str = NULL; 2376 (*dtcon)->context = NULL; 2377 } 2378 2379 void cil_fsuse_init(struct cil_fsuse **fsuse) 2380 { 2381 *fsuse = cil_malloc(sizeof(**fsuse)); 2382 2383 (*fsuse)->type = 0; 2384 (*fsuse)->fs_str = NULL; 2385 (*fsuse)->context_str = NULL; 2386 (*fsuse)->context = NULL; 2387 } 2388 2389 void cil_constrain_init(struct cil_constrain **constrain) 2390 { 2391 *constrain = cil_malloc(sizeof(**constrain)); 2392 2393 (*constrain)->classperms = NULL; 2394 (*constrain)->str_expr = NULL; 2395 (*constrain)->datum_expr = NULL; 2396 } 2397 2398 void cil_validatetrans_init(struct cil_validatetrans **validtrans) 2399 { 2400 *validtrans = cil_malloc(sizeof(**validtrans)); 2401 2402 (*validtrans)->class_str = NULL; 2403 (*validtrans)->class = NULL; 2404 (*validtrans)->str_expr = NULL; 2405 (*validtrans)->datum_expr = NULL; 2406 } 2407 2408 void cil_ipaddr_init(struct cil_ipaddr **ipaddr) 2409 { 2410 *ipaddr = cil_malloc(sizeof(**ipaddr)); 2411 2412 cil_symtab_datum_init(&(*ipaddr)->datum); 2413 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip)); 2414 } 2415 2416 void cil_perm_init(struct cil_perm **perm) 2417 { 2418 *perm = cil_malloc(sizeof(**perm)); 2419 2420 cil_symtab_datum_init(&(*perm)->datum); 2421 (*perm)->value = 0; 2422 (*perm)->classperms = NULL; 2423 } 2424 2425 void cil_classpermission_init(struct cil_classpermission **cp) 2426 { 2427 *cp = cil_malloc(sizeof(**cp)); 2428 2429 cil_symtab_datum_init(&(*cp)->datum); 2430 (*cp)->classperms = NULL; 2431 } 2432 2433 void cil_classpermissionset_init(struct cil_classpermissionset **cps) 2434 { 2435 *cps = cil_malloc(sizeof(**cps)); 2436 2437 (*cps)->set_str = NULL; 2438 (*cps)->classperms = NULL; 2439 } 2440 2441 void cil_classperms_set_init(struct cil_classperms_set **cp_set) 2442 { 2443 *cp_set = cil_malloc(sizeof(**cp_set)); 2444 (*cp_set)->set_str = NULL; 2445 (*cp_set)->set = NULL; 2446 } 2447 2448 void cil_classperms_init(struct cil_classperms **cp) 2449 { 2450 *cp = cil_malloc(sizeof(**cp)); 2451 (*cp)->class_str = NULL; 2452 (*cp)->class = NULL; 2453 (*cp)->perm_strs = NULL; 2454 (*cp)->perms = NULL; 2455 } 2456 2457 void cil_classmapping_init(struct cil_classmapping **mapping) 2458 { 2459 *mapping = cil_malloc(sizeof(**mapping)); 2460 2461 (*mapping)->map_class_str = NULL; 2462 (*mapping)->map_perm_str = NULL; 2463 (*mapping)->classperms = NULL; 2464 } 2465 2466 void cil_user_init(struct cil_user **user) 2467 { 2468 *user = cil_malloc(sizeof(**user)); 2469 2470 cil_symtab_datum_init(&(*user)->datum); 2471 (*user)->bounds = NULL; 2472 (*user)->roles = NULL; 2473 (*user)->dftlevel = NULL; 2474 (*user)->range = NULL; 2475 (*user)->value = 0; 2476 } 2477 2478 void cil_userattribute_init(struct cil_userattribute **attr) 2479 { 2480 *attr = cil_malloc(sizeof(**attr)); 2481 2482 cil_symtab_datum_init(&(*attr)->datum); 2483 2484 (*attr)->expr_list = NULL; 2485 (*attr)->users = NULL; 2486 } 2487 2488 void cil_userattributeset_init(struct cil_userattributeset **attrset) 2489 { 2490 *attrset = cil_malloc(sizeof(**attrset)); 2491 2492 (*attrset)->attr_str = NULL; 2493 (*attrset)->str_expr = NULL; 2494 (*attrset)->datum_expr = NULL; 2495 } 2496 2497 void cil_userlevel_init(struct cil_userlevel **usrlvl) 2498 { 2499 *usrlvl = cil_malloc(sizeof(**usrlvl)); 2500 2501 (*usrlvl)->user_str = NULL; 2502 (*usrlvl)->level_str = NULL; 2503 (*usrlvl)->level = NULL; 2504 } 2505 2506 void cil_userrange_init(struct cil_userrange **userrange) 2507 { 2508 *userrange = cil_malloc(sizeof(**userrange)); 2509 2510 (*userrange)->user_str = NULL; 2511 (*userrange)->range_str = NULL; 2512 (*userrange)->range = NULL; 2513 } 2514 2515 void cil_role_init(struct cil_role **role) 2516 { 2517 *role = cil_malloc(sizeof(**role)); 2518 2519 cil_symtab_datum_init(&(*role)->datum); 2520 (*role)->bounds = NULL; 2521 (*role)->types = NULL; 2522 (*role)->value = 0; 2523 } 2524 2525 void cil_type_init(struct cil_type **type) 2526 { 2527 *type = cil_malloc(sizeof(**type)); 2528 2529 cil_symtab_datum_init(&(*type)->datum); 2530 (*type)->bounds = NULL; 2531 (*type)->value = 0; 2532 } 2533 2534 void cil_cat_init(struct cil_cat **cat) 2535 { 2536 *cat = cil_malloc(sizeof(**cat)); 2537 2538 cil_symtab_datum_init(&(*cat)->datum); 2539 (*cat)->ordered = CIL_FALSE; 2540 (*cat)->value = 0; 2541 } 2542 2543 void cil_catorder_init(struct cil_catorder **catorder) 2544 { 2545 *catorder = cil_malloc(sizeof(**catorder)); 2546 2547 (*catorder)->cat_list_str = NULL; 2548 } 2549 2550 void cil_sensorder_init(struct cil_sensorder **sensorder) 2551 { 2552 *sensorder = cil_malloc(sizeof(**sensorder)); 2553 2554 (*sensorder)->sens_list_str = NULL; 2555 } 2556 2557 void cil_args_init(struct cil_args **args) 2558 { 2559 *args = cil_malloc(sizeof(**args)); 2560 (*args)->arg_str = NULL; 2561 (*args)->arg = NULL; 2562 (*args)->param_str = NULL; 2563 (*args)->flavor = CIL_NONE; 2564 } 2565 2566 void cil_call_init(struct cil_call **call) 2567 { 2568 *call = cil_malloc(sizeof(**call)); 2569 2570 (*call)->macro_str = NULL; 2571 (*call)->macro = NULL; 2572 (*call)->args_tree = NULL; 2573 (*call)->args = NULL; 2574 (*call)->copied = 0; 2575 } 2576 2577 void cil_optional_init(struct cil_optional **optional) 2578 { 2579 *optional = cil_malloc(sizeof(**optional)); 2580 (*optional)->enabled = CIL_TRUE; 2581 cil_symtab_datum_init(&(*optional)->datum); 2582 } 2583 2584 void cil_param_init(struct cil_param **param) 2585 { 2586 *param = cil_malloc(sizeof(**param)); 2587 2588 (*param)->str = NULL; 2589 (*param)->flavor = CIL_NONE; 2590 } 2591 2592 void cil_macro_init(struct cil_macro **macro) 2593 { 2594 *macro = cil_malloc(sizeof(**macro)); 2595 2596 cil_symtab_datum_init(&(*macro)->datum); 2597 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]); 2598 (*macro)->params = NULL; 2599 } 2600 2601 void cil_policycap_init(struct cil_policycap **policycap) 2602 { 2603 *policycap = cil_malloc(sizeof(**policycap)); 2604 2605 cil_symtab_datum_init(&(*policycap)->datum); 2606 } 2607 2608 void cil_bounds_init(struct cil_bounds **bounds) 2609 { 2610 *bounds = cil_malloc(sizeof(**bounds)); 2611 2612 (*bounds)->parent_str = NULL; 2613 (*bounds)->child_str = NULL; 2614 } 2615 2616 void cil_default_init(struct cil_default **def) 2617 { 2618 *def = cil_malloc(sizeof(**def)); 2619 2620 (*def)->flavor = CIL_NONE; 2621 (*def)->class_strs = NULL; 2622 (*def)->class_datums = NULL; 2623 } 2624 2625 void cil_defaultrange_init(struct cil_defaultrange **def) 2626 { 2627 *def = cil_malloc(sizeof(**def)); 2628 2629 (*def)->class_strs = NULL; 2630 (*def)->class_datums = NULL; 2631 } 2632 2633 void cil_handleunknown_init(struct cil_handleunknown **unk) 2634 { 2635 *unk = cil_malloc(sizeof(**unk)); 2636 } 2637 2638 void cil_mls_init(struct cil_mls **mls) 2639 { 2640 *mls = cil_malloc(sizeof(**mls)); 2641 (*mls)->value = 0; 2642 } 2643 2644 void cil_src_info_init(struct cil_src_info **info) 2645 { 2646 *info = cil_malloc(sizeof(**info)); 2647 (*info)->is_cil = 0; 2648 (*info)->path = NULL; 2649 } 2650