Home | History | Annotate | Download | only in src

Lines Matching defs:avrule

34 	avrule_t *avrule;
39 static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule,
43 	if (avrule->source_filename) {
45 		    avrule->source_line, avrule->source_filename, avrule->line,
50 	} else if (avrule->line) {
52 		    avrule->line, p->p_type_val_to_name[stype],
141 				policydb_t *p, const avrule_t *avrule,
176 				rc = check_extended_permissions(avrule->xperms, xperms);
179 					extended_permissions_violated(&error, avrule->xperms, xperms);
182 							avrule->source_line, avrule->source_filename, avrule->line,
199 				avrule->source_line, avrule->source_filename, avrule->line,
218 	avrule_t *avrule = a->avrule;
228 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
235 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
243 	if (avrule->flags == RULE_SELF) {
247 		rc = ebitmap_and(&tgt_matches, &avrule->stypes.types, &matches);
251 		rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);
259 	for (cp = avrule->perms; cp; cp = cp->next) {
273 				if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
274 					a->errors += report_assertion_extended_permissions(handle,p, avrule,
278 					report_failure(handle, p, avrule, i, j, cp, perms);
295 int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avrule_t *avrule)
302 	args.avrule = avrule;
323 static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t *avtab,
330 	av_extended_perms_t *neverallow_xperms = avrule->xperms;
368  * avrule neverallowxperm entry, enumerate over the matching
382 static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab,
395 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
403 	if (avrule->flags == RULE_SELF) {
408 		rc = ebitmap_and(&tgt_matches, &avrule->stypes.types, &matches);
412 		rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types,
421 	for (cp = avrule->perms; cp; cp = cp->next) {
432 						avrule, avtab, i, j, k, p);
455 	avrule_t *avrule = a->avrule;
461 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
464 	rc = ebitmap_match_any(&avrule->stypes.types, &p->attr_type_map[k->source_type - 1]);
468 	if (avrule->flags == RULE_SELF) {
480 		rc = ebitmap_match_any(&avrule->stypes.types, &match);
483 		rc = ebitmap_match_any(&avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);
488 	if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
489 		rc = check_assertion_extended_permissions(avrule, avtab, k, p);
503 int check_assertion(policydb_t *p, avrule_t *avrule)
510 	args.avrule = avrule;