Lines Matching full:state
52 static void expand_state_init(expand_state_t * state)
54 memset(state, 0, sizeof(expand_state_t));
80 expand_state_t *state;
84 state = (expand_state_t *) data;
91 if (!is_id_enabled(id, state->base, SYM_TYPES)) {
96 if (state->verbose)
97 INFO(state->handle, "copying type or attribute %s", id);
101 ERR(state->handle, "Out of memory!");
107 ERR(state->handle, "Out of memory!");
115 new_type->s.value = ++state->out->p_types.nprim;
119 ERR(state->handle, "type space overflow");
123 state->typemap[type->s.value - 1] = new_type->s.value;
125 ret = hashtab_insert(state->out->p_types.table,
131 ERR(state->handle, "hashtab overflow");
136 if (ebitmap_set_bit(&state->out->permissive_map, new_type->s.value, 1)) {
137 ERR(state->handle, "Out of memory!\n");
149 expand_state_t *state;
154 state = (expand_state_t *) data;
159 if (!is_id_enabled(id, state->base, SYM_TYPES)) {
164 if (state->verbose)
165 INFO(state->handle, "converting attribute %s", id);
167 new_type = hashtab_search(state->out->p_types.table, id);
169 ERR(state->handle, "attribute %s vanished!", id);
172 if (map_ebitmap(&type->types, &tmp_union, state->typemap)) {
173 ERR(state->handle, "out of memory");
179 ERR(state->handle, "Out of memory!");
230 expand_state_t *state;
234 state = (expand_state_t *) data;
236 if (state->verbose)
237 INFO(state->handle, "copying common %s", id);
241 ERR(state->handle, "Out of memory!");
246 ERR(state->handle, "Out of memory!");
253 ERR(state->handle, "Out of memory!");
259 state->out->p_commons.nprim++;
262 hashtab_insert(state->out->p_commons.table, new_id,
265 ERR(state->handle, "hashtab overflow");
274 ERR(state->handle, "Out of memory!");
283 expand_state_t * state)
310 if (expand_convert_type_set(state->out,
311 state->
320 if (map_ebitmap(&expr->names, &new_expr->names, state->rolemap)) {
324 if (map_ebitmap(&expr->names, &new_expr->names, state->usermap)) {
354 ERR(state->handle, "Out of memory!");
367 expand_state_t *state;
371 state = (expand_state_t *) data;
373 if (!is_id_enabled(id, state->base, SYM_CLASSES)) {
378 if (state->verbose)
379 INFO(state->handle, "copying class %s", id);
383 ERR(state->handle, "Out of memory!");
388 ERR(state->handle, "Out of memory!");
394 state->out->p_classes.nprim++;
398 ERR(state->handle, "Out of memory!");
404 hashtab_insert(state->out->p_classes.table, new_id,
407 ERR(state->handle, "hashtab overflow");
416 ERR(state->handle, "hashtab overflow");
423 ERR(state->handle, "Out of memory!");
428 hashtab_search(state->out->p_commons.table,
431 ERR(state->handle, "could not find common datum %s",
447 expand_state_t *state;
451 state = (expand_state_t *) data;
453 new_class = hashtab_search(state->out->p_classes.table, id);
455 ERR(state->handle, "class %s vanished", id);
461 (&new_class->constraints, class->constraints, state) == -1
463 class->validatetrans, state) == -1) {
476 expand_state_t *state = (expand_state_t *) data;
484 if (!is_id_enabled((char *)key, state->base, SYM_TYPES))
487 bounds_val = state->typemap[type->bounds - 1];
489 dest = hashtab_search(state->out->p_types.table, (char *)key);
491 ERR(state->handle, "Type lookup failed for %s", (char *)key);
495 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
506 expand_state_t *state = (expand_state_t *) data;
514 if (!is_id_enabled((char *)key, state->base, SYM_ROLES))
517 bounds_val = state->rolemap[role->bounds - 1];
519 dest = hashtab_search(state->out->p_roles.table, (char *)key);
521 ERR(state->handle, "Role lookup failed for %s", (char *)key);
525 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
536 expand_state_t *state = (expand_state_t *) data;
544 if (!is_id_enabled((char *)key, state->base, SYM_USERS))
547 bounds_val = state->usermap[user->bounds - 1];
549 dest = hashtab_search(state->out->p_users.table, (char *)key);
551 ERR(state->handle, "User lookup failed for %s", (char *)key);
555 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
574 expand_state_t *state;
579 state = (expand_state_t *) data;
594 if (!is_id_enabled(state->base->p_type_val_to_name[prival - 1],
595 state->base, SYM_TYPES)) {
601 if (state->verbose)
602 INFO(state->handle, "copying alias %s", id);
606 ERR(state->handle, "Out of memory!");
612 ERR(state->handle, "Out of memory!");
618 new_alias->s.value = state->typemap[alias->s.value - 1];
620 new_alias->s.value = state->typemap[alias->primary - 1];
626 ret = hashtab_insert(state->out->p_types.table,
631 ERR(state->handle, "hashtab overflow");
637 state->typemap[alias->s.value - 1] = new_alias->s.value;
640 if (ebitmap_set_bit(&state->out->permissive_map, new_alias->s.value, 1)) {
641 ERR(state->handle, "Out of memory!");
652 expand_state_t *state = (expand_state_t *) data;
654 if (map_ebitmap(&role->dominates, &mapped_roles, state->rolemap))
670 * invoked after role_copy_callback so that state->rolemap is available.
677 expand_state_t *state;
684 state = (expand_state_t *)data;
694 if (state->verbose)
695 INFO(state->handle, "fixing role attribute %s", id);
698 (role_datum_t *)hashtab_search(state->out->p_roles.table, id);
703 if (map_ebitmap(&role->roles, &mapped_roles, state->rolemap))
706 ERR(state->handle, "Out of memory!");
716 base_reg_role_id = state->base->p_role_val_to_name[i];
718 state->out->p_roles.table,
725 ERR(state->handle, "Out of memory!");
741 expand_state_t *state;
746 state = (expand_state_t *) data;
750 state->rolemap[role->s.value - 1] = 1;
754 if (!is_id_enabled(id, state->base, SYM_ROLES)) {
759 if (state->verbose)
760 INFO(state->handle, "copying role %s", id);
763 (role_datum_t *) hashtab_search(state->out->p_roles.table, id);
767 ERR(state->handle, "Out of memory!");
774 ERR(state->handle, "Out of memory!");
778 state->out->p_roles.nprim++;
780 new_role->s.value = state->out->p_roles.nprim;
781 state->rolemap[role->s.value - 1] = new_role->s.value;
782 ret = hashtab_insert(state->out->p_roles.table,
787 ERR(state->handle, "hashtab overflow");
798 ERR(state->handle, "Out of memory!");
806 (state->out, state->typemap, &role->types, &tmp_union_types, 1)) {
808 ERR(state->handle, "Out of memory!");
813 ERR(state->handle, "Out of memory!");
891 expand_state_t *state;
899 state = (expand_state_t *) data;
901 if (!is_id_enabled(id, state->base, SYM_USERS)) {
906 if (state->verbose)
907 INFO(state->handle, "copying user %s", id);
910 (user_datum_t *) hashtab_search(state->out->p_users.table, id);
914 ERR(state->handle, "Out of memory!");
919 state->out->p_users.nprim++;
920 new_user->s.value = state->out->p_users.nprim;
921 state->usermap[user->s.value - 1] = new_user->s.value;
925 ERR(state->handle, "Out of memory!");
928 ret = hashtab_insert(state->out->p_users.table,
932 ERR(state->handle, "hashtab overflow");
942 state->out, state->handle)) {
947 state->out, state->handle)) {
953 ERR(state->handle, "default level not within user "
963 state->out, state->handle)) {
967 state->out, state->handle)) {
984 if (role_set_expand(&user->roles, &tmp_union, state->out, state->base, state->rolemap)) {
985 ERR(state->handle, "Out of memory!");
991 ERR(state->handle, "Out of memory!");
1004 expand_state_t *state;
1010 state = (expand_state_t *) data;
1012 if (!is_id_enabled(id, state->base, SYM_BOOLS)) {
1022 if (state->verbose)
1023 INFO(state->handle, "copying boolean %s", id);
1027 ERR(state->handle, "Out of memory!");
1033 ERR(state->handle, "Out of memory!");
1038 state->out->p_bools.nprim++;
1039 new_bool->s.value = state->out->p_bools.nprim;
1041 ret = hashtab_insert(state->out->p_bools.table,
1045 ERR(state->handle, "hashtab overflow");
1051 state->boolmap[bool->s.value - 1] = new_bool->s.value;
1053 new_bool->state = bool->state;
1062 expand_state_t *state = (expand_state_t *) data;
1066 if (!is_id_enabled(id, state->base, SYM_LEVELS)) {
1071 if (state->verbose)
1072 INFO(state->handle, "copying sensitivity level %s", id);
1090 state->out->p_levels.nprim++;
1092 if (hashtab_insert(state->out->p_levels.table,
1100 ERR(state->handle, "Out of memory!");
1114 expand_state_t *state = (expand_state_t *) data;
1118 if (!is_id_enabled(id, state->base, SYM_CATS)) {
1123 if (state->verbose)
1124 INFO(state->handle, "copying category attribute %s", id);
1136 state->out->p_cats.nprim++;
1137 if (hashtab_insert(state->out->p_cats.table,
1145 ERR(state->handle, "Out of memory!");
1152 static int copy_role_allows(expand_state_t * state, role_allow_rule_t * rules)
1161 for (l = state->out->role_allow; l && l->next; l = l->next) ;
1168 if (role_set_expand(&cur->roles, &roles, state->out, state->base, state->rolemap)) {
1169 ERR(state->handle, "Out of memory!");
1173 if (role_set_expand(&cur->new_roles, &new_roles, state->out, state->base, state->rolemap)) {
1174 ERR(state->handle, "Out of memory!");
1185 cur_allow = state->out->role_allow;
1197 ERR(state->handle, "Out of memory!");
1206 state->out->role_allow = n;
1221 static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
1230 for (l = state->out->role_tr; l && l->next; l = l->next) ;
1237 if (role_set_expand(&cur->roles, &roles, state->out, state->base, state->rolemap)) {
1238 ERR(state->handle, "Out of memory!");
1242 (state->out, state->typemap, &cur->types, &types, 1)) {
1243 ERR(state->handle, "Out of memory!");
1256 cur_trans = state->out->role_tr;
1260 mapped_role = state->rolemap[cur->new_role - 1];
1271 ERR(state->handle,
1273 state->out->p_role_val_to_name[i],
1274 state->out->p_type_val_to_name[j],
1275 state->out->p_class_val_to_name[k],
1276 state->out->p_role_val_to_name[mapped_role - 1],
1277 state->out->p_role_val_to_name[cur_trans->new_role - 1]);
1289 ERR(state->handle,
1297 n->new_role = state->rolemap
1302 state->out->role_tr = n;
1317 static int expand_filename_trans(expand_state_t *state, filename_trans_rule_t *rules)
1326 tail = state->out->filename_trans;
1337 if (expand_convert_type_set(state->out, state->typemap,
1339 ERR(state->handle, "Out of memory!");
1343 if (expand_convert_type_set(state->out, state->typemap,
1345 ERR(state->handle, "Out of memory!");
1349 mapped_otype = state->typemap[cur_rule->otype - 1];
1358 cur_trans = state->out->filename_trans;
1368 ERR(state->handle, "Conflicting filename trans rules %s %s %s : %s otype1:%s otype2:%s",
1370 state->out->p_type_val_to_name[i],
1371 state->out->p_type_val_to_name[j],
1372 state->out->p_class_val_to_name[cur_trans->tclass - 1],
1373 state->out->p_type_val_to_name[cur_trans->otype - 1],
1374 state->out->p_type_val_to_name[mapped_otype - 1]);
1386 ERR(state->handle, "Out of memory!");
1393 state->out->filename_trans = new_trans;
1398 ERR(state->handle, "Out of memory!");
1418 expand_state_t * state)
1420 range_trans_t *rt, *check_rt = state->out->range_tr;
1424 if (mls_semantic_range_expand(trange, &exp_range, state->out,
1425 state->handle))
1438 ERR(state->handle,
1440 state->out->p_type_val_to_name[stype - 1],
1441 state->out->p_type_val_to_name[ttype - 1],
1442 state->out->p_class_val_to_name[tclass -
1457 ERR(state->handle, "Out of memory!");
1461 rt->next = state->out->range_tr;
1462 state->out->range_tr = rt;
1468 ERR(state->handle, "Out of memory!");
1479 static int expand_range_trans(expand_state_t * state,
1488 if (state->verbose)
1489 INFO(state->handle, "expanding range transitions");
1496 if (expand_convert_type_set(state->out, state->typemap,
1498 ERR(state->handle, "Out of memory!");
1501 if (expand_convert_type_set(state->out, state->typemap,
1504 ERR(state->handle, "Out of memory!");
1525 state)) {
1898 int enabled, expand_state_t * state)
1904 if (convert_and_expand_rule(state->handle, dest_pol,
1917 static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
1925 cur->bool = state->boolmap[cur->bool - 1];
1930 cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
1932 if (cond_normalize_expr(state->out, cn)) {
1933 ERR(state->handle, "Error while normalizing conditional");
1943 static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
1950 if (cond_node_copy(state, cn->next)) {
1960 if (cond_normalize_expr(state->base, cn)) {
1961 ERR(state->handle, "Error while normalizing conditional");
1967 tmp = cond_node_create(state->base, cn);
1969 ERR(state->handle, "Out of memory");
1973 if (cond_node_map_bools(state, tmp)) {
1974 ERR(state->handle, "Error mapping booleans");
1978 state->out, state->out->cond_list, tmp);
1982 ERR(state->handle, "Out of memory!");
1989 (state->out, cn->avtrue_list, &state->out->te_cond_avtab,
1990 &new_cond->true_list, &new_cond->false_list, state->typemap,
1991 new_cond->cur_state, state))
1994 (state->out, cn->avfalse_list, &state->out->te_cond_avtab,
1995 &new_cond->false_list, &new_cond->true_list, state->typemap,
1996 !new_cond->cur_state, state))
2003 expand_state_t * state)
2005 dst->user = state->usermap[src->user - 1];
2006 dst->role = state->rolemap[src->role - 1];
2007 dst->type = state->typemap[src->type - 1];
2011 static int ocontext_copy_xen(expand_state_t *state)
2018 for (c = state->base->ocontexts[i]; c; c = c->next) {
2021 ERR(state->handle, "Out of memory!");
2028 state->out->ocontexts[i] = n;
2031 state)) {
2032 ERR(state->handle, "Out of memory!");
2056 ERR(state->handle, "Unknown ocontext");
2064 static int ocontext_copy_selinux(expand_state_t *state)
2071 for (c = state->base->ocontexts[i]; c; c = c->next) {
2074 ERR(state->handle, "Out of memory!");
2081 state->out->ocontexts[i] = n;
2083 if (context_copy(&n->context[0], &c->context[0], state)) {
2084 ERR(state->handle, "Out of memory!");
2095 ERR(state->handle, "Out of memory!");
2099 (&n->context[1], &c->context[1], state)) {
2100 ERR(state->handle, "Out of memory!");
2117 ERR(state->handle, "Out of memory!");
2129 ERR(state->handle, "Unknown ocontext");
2137 static int ocontext_copy(expand_state_t *state, uint32_t target)
2142 rc = ocontext_copy_selinux(state);
2145 rc = ocontext_copy_xen(state);
2148 ERR(state->handle, "Unknown target");
2154 static int genfs_copy(expand_state_t * state)
2160 for (genfs = state->base->genfs; genfs; genfs = genfs->next) {
2163 ERR(state->handle, "Out of memory!");
2169 ERR(state->handle, "Out of memory!");
2177 ERR(state->handle, "Out of memory!");
2183 ERR(state->handle, "Out of memory!");
2187 context_copy(&newc->context[0], &c->context[0], state);
2195 state->out->genfs = newgenfs;
2209 expand_state_t *state = ptr;
2210 policydb_t *p = state->out;
2218 ERR(state->handle, "Out of memory!");
2226 ERR(state->handle, "Out of memory!");
2566 * rules are copied or expanded as per the settings in the state object; all
2570 static int copy_and_expand_avrule_block(expand_state_t * state)
2572 avrule_block_t *curblock = state->base->global;
2576 if (avtab_alloc(&state->out->te_avtab, MAX_AVTAB_SIZE)) {
2577 ERR(state->handle, "Out of Memory!");
2581 if (avtab_alloc(&state->out->te_cond_avtab, MAX_AVTAB_SIZE)) {
2582 ERR(state->handle, "Out of Memory!");
2596 if (copy_role_allows(state, decl->role_allow_rules) != 0 ||
2597 copy_role_trans(state, decl->role_tr_rules) != 0) {
2601 if (expand_filename_trans(state, decl->filename_trans_rules))
2605 if (expand_range_trans(state, decl->range_tr_rules))
2611 if (!(state->expand_neverallow)
2615 (state->out, state->typemap, cur_avrule))
2616 ERR(state->handle,
2620 state->out->unsupported_format = 1;
2623 (state->handle, state->out, state->typemap,
2624 cur_avrule, &state->out->te_avtab, NULL,
2626 state->expand_neverallow) !=
2635 if (cond_node_copy(state, decl->cond_list))
2642 if (state->handle && state->handle->expand_consume_base) {
2646 state->base->global = curblock;
2668 expand_state_t state;
2670 expand_state_init(&state);
2672 state.base = base;
2673 state.out = out;
2674 state.typemap = typemap;
2675 state.boolmap = boolmap;
2676 state.rolemap = rolemap;
2677 state.usermap = usermap;
2678 state.handle = handle;
2679 state.verbose = verbose;
2680 state.expand_neverallow = expand_neverallow;
2682 return copy_and_expand_avrule_block(&state);
2698 * is about tunable, calculate its state value and concatenate one of
2795 expand_state_t state;
2799 * of its home decl depending on its state value, so that the effect
2808 expand_state_init(&state);
2810 state.verbose = verbose;
2811 state.typemap = NULL;
2812 state.base = base;
2813 state.out = out;
2814 state.handle = handle;
2821 state.out->policy_type = POLICY_KERN;
2822 state.out->policyvers = POLICYDB_VERSION_MAX;
2824 /* Copy mls state from base to out */
2837 if ((state.typemap =
2838 (uint32_t *) calloc(state.base->p_types.nprim,
2844 state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
2845 if (!state.boolmap) {
2850 state.rolemap = (uint32_t *)calloc(state.base->p_roles.nprim, sizeof(uint32_t));
2851 if (!state.rolemap) {
2856 state.usermap = (uint32_t *)calloc(state.base->p_users.nprim, sizeof(uint32_t));
2857 if (!state.usermap) {
2865 if (hashtab_map(state.base->p_types.table, type_copy_callback, &state)) {
2871 (state.base->p_types.table, attr_convert_callback, &state)) {
2877 (state.base->p_commons.table, common_copy_callback, &state)) {
2884 (state.base->p_classes.table, class_copy_callback, &state)) {
2889 if (hashtab_map(state.base->p_types.table,
2890 type_bounds_copy_callback, &state))
2894 if (hashtab_map(state.base->p_types.table, alias_copy_callback, &state))
2904 if (hashtab_map(state.base->p_roles.table, role_copy_callback, &state))
2906 if (hashtab_map(state.base->p_roles.table,
2907 role_bounds_copy_callback, &state))
2911 if (hashtab_map(state.base->p_roles.table, role_fix_callback, &state))
2916 if (hashtab_map(state.base->p_levels.table, sens_copy_callback, &state))
2918 if (hashtab_map(state.base->p_cats.table, cats_copy_callback, &state))
2926 if (hashtab_map(state.base->p_users.table, user_copy_callback, &state))
2928 if (hashtab_map(state.base->p_users.table,
2929 user_bounds_copy_callback, &state))
2933 if (hashtab_map(state.base->p_bools.table, bool_copy_callback, &state))
2946 for (curblock = state.base->global; curblock != NULL;
2957 (decl->p_types.table, attr_convert_callback, &state)) {
2963 (decl->p_roles.table, role_copy_callback, &state))
2968 (decl->p_users.table, user_copy_callback, &state))
2974 if (hashtab_map(state.out->p_roles.table, role_remap_dominates, &state)) {
2978 if (copy_and_expand_avrule_block(&state) < 0) {
2985 (state.base->p_classes.table, constraint_copy_callback, &state)) {
2989 cond_optimize_lists(state.out->cond_list);
2990 evaluate_conds(state.out);
2993 if (ocontext_copy(&state, out->target_platform))
2997 if (genfs_copy(&state))
3001 state.out->attr_type_map = malloc(state.out->p_types.nprim *
3003 state.out->type_attr_map = malloc(state.out->p_types.nprim *
3005 if (!state.out->attr_type_map || !state.out->type_attr_map) {
3009 for (i = 0; i < state.out->p_types.nprim; i++) {
3010 ebitmap_init(&state.out->type_attr_map[i]);
3011 ebitmap_init(&state.out->attr_type_map[i]);
3013 if (ebitmap_set_bit(&state.out->type_attr_map[i], i, 1)) {
3018 if (hashtab_map(state.out->p_types.table, type_attr_map, &state))
3021 if (hierarchy_check_constraints(handle, state.out))
3025 (handle, state.out,
3026 state.out->global->branch_list->avrules))
3033 free(state.typemap);
3034 free(state.boolmap);
3035 free(state.rolemap);
3036 free(state.usermap);
