Lines Matching refs:state
52 static void expand_state_init(expand_state_t * state)
54 memset(state, 0, sizeof(expand_state_t));
80 expand_state_t *state;
84 state = (expand_state_t *) data;
91 if (!is_id_enabled(id, state->base, SYM_TYPES)) {
96 if (state->verbose)
97 INFO(state->handle, "copying type or attribute %s", id);
101 ERR(state->handle, "Out of memory!");
107 ERR(state->handle, "Out of memory!");
115 new_type->s.value = ++state->out->p_types.nprim;
119 ERR(state->handle, "type space overflow");
123 state->typemap[type->s.value - 1] = new_type->s.value;
125 ret = hashtab_insert(state->out->p_types.table,
131 ERR(state->handle, "hashtab overflow");
136 if (ebitmap_set_bit(&state->out->permissive_map, new_type->s.value, 1)) {
137 ERR(state->handle, "Out of memory!\n");
149 expand_state_t *state;
154 state = (expand_state_t *) data;
159 if (!is_id_enabled(id, state->base, SYM_TYPES)) {
164 if (state->verbose)
165 INFO(state->handle, "converting attribute %s", id);
167 new_type = hashtab_search(state->out->p_types.table, id);
169 ERR(state->handle, "attribute %s vanished!", id);
172 if (map_ebitmap(&type->types, &tmp_union, state->typemap)) {
173 ERR(state->handle, "out of memory");
179 ERR(state->handle, "Out of memory!");
230 expand_state_t *state;
234 state = (expand_state_t *) data;
236 if (state->verbose)
237 INFO(state->handle, "copying common %s", id);
241 ERR(state->handle, "Out of memory!");
246 ERR(state->handle, "Out of memory!");
253 ERR(state->handle, "Out of memory!");
260 state->out->p_commons.nprim++;
263 hashtab_insert(state->out->p_commons.table, new_id,
266 ERR(state->handle, "hashtab overflow");
276 ERR(state->handle, "Out of memory!");
285 expand_state_t * state)
312 if (expand_convert_type_set(state->out,
313 state->
322 if (map_ebitmap(&expr->names, &new_expr->names, state->rolemap)) {
326 if (map_ebitmap(&expr->names, &new_expr->names, state->usermap)) {
356 ERR(state->handle, "Out of memory!");
363 static int class_copy_default_new_object(expand_state_t *state,
369 ERR(state->handle, "Found conflicting default user definitions");
377 ERR(state->handle, "Found conflicting default role definitions");
384 ERR(state->handle, "Found conflicting default range definitions");
398 expand_state_t *state;
402 state = (expand_state_t *) data;
404 if (!is_id_enabled(id, state->base, SYM_CLASSES)) {
409 if (state->verbose)
410 INFO(state->handle, "copying class %s", id);
414 ERR(state->handle, "Out of memory!");
419 ERR(state->handle, "Out of memory!");
425 state->out->p_classes.nprim++;
427 ret = class_copy_default_new_object(state, class, new_class);
435 ERR(state->handle, "Out of memory!");
441 hashtab_insert(state->out->p_classes.table, new_id,
444 ERR(state->handle, "hashtab overflow");
453 ERR(state->handle, "hashtab overflow");
460 ERR(state->handle, "Out of memory!");
465 hashtab_search(state->out->p_commons.table,
468 ERR(state->handle, "could not find common datum %s",
484 expand_state_t *state;
488 state = (expand_state_t *) data;
490 new_class = hashtab_search(state->out->p_classes.table, id);
492 ERR(state->handle, "class %s vanished", id);
498 (&new_class->constraints, class->constraints, state) == -1
500 class->validatetrans, state) == -1) {
513 expand_state_t *state = (expand_state_t *) data;
521 if (!is_id_enabled((char *)key, state->base, SYM_TYPES))
524 bounds_val = state->typemap[type->bounds - 1];
526 dest = hashtab_search(state->out->p_types.table, (char *)key);
528 ERR(state->handle, "Type lookup failed for %s", (char *)key);
532 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
543 expand_state_t *state = (expand_state_t *) data;
551 if (!is_id_enabled((char *)key, state->base, SYM_ROLES))
554 bounds_val = state->rolemap[role->bounds - 1];
556 dest = hashtab_search(state->out->p_roles.table, (char *)key);
558 ERR(state->handle, "Role lookup failed for %s", (char *)key);
562 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
573 expand_state_t *state = (expand_state_t *) data;
581 if (!is_id_enabled((char *)key, state->base, SYM_USERS))
584 bounds_val = state->usermap[user->bounds - 1];
586 dest = hashtab_search(state->out->p_users.table, (char *)key);
588 ERR(state->handle, "User lookup failed for %s", (char *)key);
592 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
611 expand_state_t *state;
616 state = (expand_state_t *) data;
631 if (!is_id_enabled(state->base->p_type_val_to_name[prival - 1],
632 state->base, SYM_TYPES)) {
638 if (state->verbose)
639 INFO(state->handle, "copying alias %s", id);
643 ERR(state->handle, "Out of memory!");
649 ERR(state->handle, "Out of memory!");
655 new_alias->s.value = state->typemap[alias->s.value - 1];
657 new_alias->s.value = state->typemap[alias->primary - 1];
663 ret = hashtab_insert(state->out->p_types.table,
668 ERR(state->handle, "hashtab overflow");
674 state->typemap[alias->s.value - 1] = new_alias->s.value;
677 if (ebitmap_set_bit(&state->out->permissive_map, new_alias->s.value, 1)) {
678 ERR(state->handle, "Out of memory!");
689 expand_state_t *state = (expand_state_t *) data;
691 if (map_ebitmap(&role->dominates, &mapped_roles, state->rolemap))
707 * invoked after role_copy_callback so that state->rolemap is available.
714 expand_state_t *state;
721 state = (expand_state_t *)data;
728 if (!is_id_enabled(id, state->base, SYM_ROLES)) {
736 if (state->verbose)
737 INFO(state->handle, "fixing role attribute %s", id);
740 (role_datum_t *)hashtab_search(state->out->p_roles.table, id);
745 if (map_ebitmap(&role->roles, &mapped_roles, state->rolemap))
748 ERR(state->handle, "Out of memory!");
758 base_reg_role_id = state->base->p_role_val_to_name[i];
760 state->out->p_roles.table,
767 ERR(state->handle, "Out of memory!");
783 expand_state_t *state;
788 state = (expand_state_t *) data;
792 state->rolemap[role->s.value - 1] = 1;
796 if (!is_id_enabled(id, state->base, SYM_ROLES)) {
801 if (state->verbose)
802 INFO(state->handle, "copying role %s", id);
805 (role_datum_t *) hashtab_search(state->out->p_roles.table, id);
809 ERR(state->handle, "Out of memory!");
816 ERR(state->handle, "Out of memory!");
821 state->out->p_roles.nprim++;
823 new_role->s.value = state->out->p_roles.nprim;
824 state->rolemap[role->s.value - 1] = new_role->s.value;
825 ret = hashtab_insert(state->out->p_roles.table,
830 ERR(state->handle, "hashtab overflow");
841 ERR(state->handle, "Out of memory!");
849 (state->out, state->typemap, &role->types, &tmp_union_types, 1)) {
851 ERR(state->handle, "Out of memory!");
856 ERR(state->handle, "Out of memory!");
934 expand_state_t *state;
942 state = (expand_state_t *) data;
944 if (!is_id_enabled(id, state->base, SYM_USERS)) {
949 if (state->verbose)
950 INFO(state->handle, "copying user %s", id);
953 (user_datum_t *) hashtab_search(state->out->p_users.table, id);
957 ERR(state->handle, "Out of memory!");
962 state->out->p_users.nprim++;
963 new_user->s.value = state->out->p_users.nprim;
964 state->usermap[user->s.value - 1] = new_user->s.value;
968 ERR(state->handle, "Out of memory!");
972 ret = hashtab_insert(state->out->p_users.table,
976 ERR(state->handle, "hashtab overflow");
986 state->out, state->handle)) {
991 state->out, state->handle)) {
997 ERR(state->handle, "default level not within user "
1007 state->out, state->handle)) {
1011 state->out, state->handle)) {
1028 if (role_set_expand(&user->roles, &tmp_union, state->out, state->base, state->rolemap)) {
1029 ERR(state->handle, "Out of memory!");
1035 ERR(state->handle, "Out of memory!");
1048 expand_state_t *state;
1054 state = (expand_state_t *) data;
1056 if (!is_id_enabled(id, state->base, SYM_BOOLS)) {
1066 if (state->verbose)
1067 INFO(state->handle, "copying boolean %s", id);
1071 ERR(state->handle, "Out of memory!");
1077 ERR(state->handle, "Out of memory!");
1082 state->out->p_bools.nprim++;
1083 new_bool->s.value = state->out->p_bools.nprim;
1085 ret = hashtab_insert(state->out->p_bools.table,
1089 ERR(state->handle, "hashtab overflow");
1095 state->boolmap[bool->s.value - 1] = new_bool->s.value;
1097 new_bool->state = bool->state;
1106 expand_state_t *state = (expand_state_t *) data;
1110 if (!is_id_enabled(id, state->base, SYM_LEVELS)) {
1115 if (state->verbose)
1116 INFO(state->handle, "copying sensitivity level %s", id);
1134 state->out->p_levels.nprim++;
1136 if (hashtab_insert(state->out->p_levels.table,
1144 ERR(state->handle, "Out of memory!");
1158 expand_state_t *state = (expand_state_t *) data;
1162 if (!is_id_enabled(id, state->base, SYM_CATS)) {
1167 if (state->verbose)
1168 INFO(state->handle, "copying category attribute %s", id);
1180 state->out->p_cats.nprim++;
1181 if (hashtab_insert(state->out->p_cats.table,
1189 ERR(state->handle, "Out of memory!");
1196 static int copy_role_allows(expand_state_t * state, role_allow_rule_t * rules)
1205 for (l = state->out->role_allow; l && l->next; l = l->next) ;
1212 if (role_set_expand(&cur->roles, &roles, state->out, state->base, state->rolemap)) {
1213 ERR(state->handle, "Out of memory!");
1217 if (role_set_expand(&cur->new_roles, &new_roles, state->out, state->base, state->rolemap)) {
1218 ERR(state->handle, "Out of memory!");
1229 cur_allow = state->out->role_allow;
1241 ERR(state->handle, "Out of memory!");
1250 state->out->role_allow = n;
1265 static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
1274 for (l = state->out->role_tr; l && l->next; l = l->next) ;
1281 if (role_set_expand(&cur->roles, &roles, state->out, state->base, state->rolemap)) {
1282 ERR(state->handle, "Out of memory!");
1286 (state->out, state->typemap, &cur->types, &types, 1)) {
1287 ERR(state->handle, "Out of memory!");
1300 cur_trans = state->out->role_tr;
1304 mapped_role = state->rolemap[cur->new_role - 1];
1315 ERR(state->handle,
1317 state->out->p_role_val_to_name[i],
1318 state->out->p_type_val_to_name[j],
1319 state->out->p_class_val_to_name[k],
1320 state->out->p_role_val_to_name[mapped_role - 1],
1321 state->out->p_role_val_to_name[cur_trans->new_role - 1]);
1333 ERR(state->handle,
1341 n->new_role = state->rolemap
1346 state->out->role_tr = n;
1361 static int expand_filename_trans(expand_state_t *state, filename_trans_rule_t *rules)
1376 if (expand_convert_type_set(state->out, state->typemap,
1378 ERR(state->handle, "Out of memory!");
1382 if (expand_convert_type_set(state->out, state->typemap,
1384 ERR(state->handle, "Out of memory!");
1388 mapped_otype = state->typemap[cur_rule->otype - 1];
1397 cur_trans = state->out->filename_trans;
1407 ERR(state->handle, "Conflicting filename trans rules %s %s %s : %s otype1:%s otype2:%s",
1409 state->out->p_type_val_to_name[i],
1410 state->out->p_type_val_to_name[j],
1411 state->out->p_class_val_to_name[cur_trans->tclass - 1],
1412 state->out->p_type_val_to_name[cur_trans->otype - 1],
1413 state->out->p_type_val_to_name[mapped_otype - 1]);
1425 ERR(state->handle, "Out of memory!");
1429 new_trans->next = state->out->filename_trans;
1430 state->out->filename_trans = new_trans;
1434 ERR(state->handle, "Out of memory!");
1454 expand_state_t * state)
1456 range_trans_t *rt, *check_rt = state->out->range_tr;
1460 if (mls_semantic_range_expand(trange, &exp_range, state->out,
1461 state->handle))
1474 ERR(state->handle,
1476 state->out->p_type_val_to_name[stype - 1],
1477 state->out->p_type_val_to_name[ttype - 1],
1478 state->out->p_class_val_to_name[tclass -
1493 ERR(state->handle, "Out of memory!");
1497 rt->next = state->out->range_tr;
1498 state->out->range_tr = rt;
1504 ERR(state->handle, "Out of memory!");
1515 static int expand_range_trans(expand_state_t * state,
1524 if (state->verbose)
1525 INFO(state->handle, "expanding range transitions");
1532 if (expand_convert_type_set(state->out, state->typemap,
1534 ERR(state->handle, "Out of memory!");
1537 if (expand_convert_type_set(state->out, state->typemap,
1540 ERR(state->handle, "Out of memory!");
1561 state)) {
1912 int enabled, expand_state_t * state)
1918 if (convert_and_expand_rule(state->handle, dest_pol,
1931 static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
1939 cur->bool = state->boolmap[cur->bool - 1];
1944 cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
1946 if (cond_normalize_expr(state->out, cn)) {
1947 ERR(state->handle, "Error while normalizing conditional");
1957 static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
1964 if (cond_node_copy(state, cn->next)) {
1974 if (cond_normalize_expr(state->base, cn)) {
1975 ERR(state->handle, "Error while normalizing conditional");
1981 tmp = cond_node_create(state->base, cn);
1983 ERR(state->handle, "Out of memory");
1987 if (cond_node_map_bools(state, tmp)) {
1988 ERR(state->handle, "Error mapping booleans");
1993 new_cond = cond_node_search(state->out, state->out->cond_list, tmp);
1997 ERR(state->handle, "Out of memory!");
2004 (state->out, cn->avtrue_list, &state->out->te_cond_avtab,
2005 &new_cond->true_list, &new_cond->false_list, state->typemap,
2006 new_cond->cur_state, state))
2009 (state->out, cn->avfalse_list, &state->out->te_cond_avtab,
2010 &new_cond->false_list, &new_cond->true_list, state->typemap,
2011 !new_cond->cur_state, state))
2018 expand_state_t * state)
2020 dst->user = state->usermap[src->user - 1];
2021 dst->role = state->rolemap[src->role - 1];
2022 dst->type = state->typemap[src->type - 1];
2026 static int ocontext_copy_xen(expand_state_t *state)
2033 for (c = state->base->ocontexts[i]; c; c = c->next) {
2036 ERR(state->handle, "Out of memory!");
2043 state->out->ocontexts[i] = n;
2048 ERR(state->handle,
2072 ERR(state->handle, "Unknown ocontext");
2076 state)) {
2077 ERR(state->handle, "Out of memory!");
2085 static int ocontext_copy_selinux(expand_state_t *state)
2092 for (c = state->base->ocontexts[i]; c; c = c->next) {
2095 ERR(state->handle, "Out of memory!");
2102 state->out->ocontexts[i] = n;
2107 ERR(state->handle,
2118 ERR(state->handle, "Out of memory!");
2122 (&n->context[1], &c->context[1], state)) {
2123 ERR(state->handle, "Out of memory!");
2140 ERR(state->handle, "Out of memory!");
2152 ERR(state->handle, "Unknown ocontext");
2155 if (context_copy(&n->context[0], &c->context[0], state)) {
2156 ERR(state->handle, "Out of memory!");
2164 static int ocontext_copy(expand_state_t *state, uint32_t target)
2169 rc = ocontext_copy_selinux(state);
2172 rc = ocontext_copy_xen(state);
2175 ERR(state->handle, "Unknown target");
2181 static int genfs_copy(expand_state_t * state)
2187 for (genfs = state->base->genfs; genfs; genfs = genfs->next) {
2190 ERR(state->handle, "Out of memory!");
2196 ERR(state->handle, "Out of memory!");
2205 ERR(state->handle, "Out of memory!");
2213 ERR(state->handle, "Out of memory!");
2220 context_copy(&newc->context[0], &c->context[0], state);
2228 state->out->genfs = newgenfs;
2242 expand_state_t *state = ptr;
2243 policydb_t *p = state->out;
2251 ERR(state->handle, "Out of memory!");
2259 ERR(state->handle, "Out of memory!");
2599 * rules are copied or expanded as per the settings in the state object; all
2603 static int copy_and_expand_avrule_block(expand_state_t * state)
2605 avrule_block_t *curblock = state->base->global;
2609 if (avtab_alloc(&state->out->te_avtab, MAX_AVTAB_SIZE)) {
2610 ERR(state->handle, "Out of Memory!");
2614 if (avtab_alloc(&state->out->te_cond_avtab, MAX_AVTAB_SIZE)) {
2615 ERR(state->handle, "Out of Memory!");
2629 if (copy_role_allows(state, decl->role_allow_rules) != 0 ||
2630 copy_role_trans(state, decl->role_tr_rules) != 0) {
2634 if (expand_filename_trans(state, decl->filename_trans_rules))
2638 if (expand_range_trans(state, decl->range_tr_rules))
2644 if (!(state->expand_neverallow)
2648 (state->out, state->typemap, cur_avrule))
2649 ERR(state->handle,
2653 state->out->unsupported_format = 1;
2656 (state->handle, state->out, state->typemap,
2657 cur_avrule, &state->out->te_avtab, NULL,
2659 state->expand_neverallow) !=
2668 if (cond_node_copy(state, decl->cond_list))
2675 if (state->handle && state->handle->expand_consume_base) {
2679 state->base->global = curblock;
2701 expand_state_t state;
2703 expand_state_init(&state);
2705 state.base = base;
2706 state.out = out;
2707 state.typemap = typemap;
2708 state.boolmap = boolmap;
2709 state.rolemap = rolemap;
2710 state.usermap = usermap;
2711 state.handle = handle;
2712 state.verbose = verbose;
2713 state.expand_neverallow = expand_neverallow;
2715 return copy_and_expand_avrule_block(&state);
2731 * is about tunable, calculate its state value and concatenate one of
2828 expand_state_t state;
2832 * of its home decl depending on its state value, so that the effect
2841 expand_state_init(&state);
2843 state.verbose = verbose;
2844 state.typemap = NULL;
2845 state.base = base;
2846 state.out = out;
2847 state.handle = handle;
2854 state.out->policy_type = POLICY_KERN;
2855 state.out->policyvers = POLICYDB_VERSION_MAX;
2857 /* Copy mls state from base to out */
2870 if ((state.typemap =
2871 (uint32_t *) calloc(state.base->p_types.nprim,
2877 state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
2878 if (!state.boolmap) {
2883 state.rolemap = (uint32_t *)calloc(state.base->p_roles.nprim, sizeof(uint32_t));
2884 if (!state.rolemap) {
2889 state.usermap = (uint32_t *)calloc(state.base->p_users.nprim, sizeof(uint32_t));
2890 if (!state.usermap) {
2898 if (hashtab_map(state.base->p_types.table, type_copy_callback, &state)) {
2904 (state.base->p_types.table, attr_convert_callback, &state)) {
2910 (state.base->p_commons.table, common_copy_callback, &state)) {
2917 (state.base->p_classes.table, class_copy_callback, &state)) {
2922 if (hashtab_map(state.base->p_types.table,
2923 type_bounds_copy_callback, &state))
2927 if (hashtab_map(state.base->p_types.table, alias_copy_callback, &state))
2937 if (hashtab_map(state.base->p_roles.table, role_copy_callback, &state))
2939 if (hashtab_map(state.base->p_roles.table,
2940 role_bounds_copy_callback, &state))
2944 if (hashtab_map(state.base->p_roles.table, role_fix_callback, &state))
2949 if (hashtab_map(state.base->p_levels.table, sens_copy_callback, &state))
2951 if (hashtab_map(state.base->p_cats.table, cats_copy_callback, &state))
2959 if (hashtab_map(state.base->p_users.table, user_copy_callback, &state))
2961 if (hashtab_map(state.base->p_users.table,
2962 user_bounds_copy_callback, &state))
2966 if (hashtab_map(state.base->p_bools.table, bool_copy_callback, &state))
2979 for (curblock = state.base->global; curblock != NULL;
2990 (decl->p_types.table, attr_convert_callback, &state)) {
2996 (decl->p_roles.table, role_copy_callback, &state))
3001 (decl->p_users.table, user_copy_callback, &state))
3007 if (hashtab_map(state.out->p_roles.table, role_remap_dominates, &state)) {
3011 if (copy_and_expand_avrule_block(&state) < 0) {
3018 (state.base->p_classes.table, constraint_copy_callback, &state)) {
3022 cond_optimize_lists(state.out->cond_list);
3023 evaluate_conds(state.out);
3026 if (ocontext_copy(&state, out->target_platform))
3030 if (genfs_copy(&state))
3034 state.out->attr_type_map = malloc(state.out->p_types.nprim *
3036 state.out->type_attr_map = malloc(state.out->p_types.nprim *
3038 if (!state.out->attr_type_map || !state.out->type_attr_map) {
3042 for (i = 0; i < state.out->p_types.nprim; i++) {
3043 ebitmap_init(&state.out->type_attr_map[i]);
3044 ebitmap_init(&state.out->attr_type_map[i]);
3046 if (ebitmap_set_bit(&state.out->type_attr_map[i], i, 1)) {
3051 if (hashtab_map(state.out->p_types.table, type_attr_map, &state))
3054 if (hierarchy_check_constraints(handle, state.out))
3058 (handle, state.out,
3059 state.out->global->branch_list->avrules))
3066 free(state.typemap);
3067 free(state.boolmap);
3068 free(state.rolemap);
3069 free(state.usermap);
