1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 33 #include <sepol/policydb/policydb.h> 34 #include <sepol/policydb/symtab.h> 35 36 #include "cil_internal.h" 37 #include "cil_flavor.h" 38 #include "cil_log.h" 39 #include "cil_mem.h" 40 #include "cil_tree.h" 41 #include "cil_list.h" 42 #include "cil_symtab.h" 43 #include "cil_build_ast.h" 44 45 #include "cil_parser.h" 46 #include "cil_build_ast.h" 47 #include "cil_resolve_ast.h" 48 #include "cil_fqn.h" 49 #include "cil_post.h" 50 #include "cil_binary.h" 51 #include "cil_policy.h" 52 #include "cil_strpool.h" 53 #include "dso.h" 54 55 #ifndef DISABLE_SYMVER 56 asm(".symver cil_build_policydb_pdb, cil_build_policydb@"); 57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); 58 59 asm(".symver cil_compile_pdb, cil_compile@"); 60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1"); 61 62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string@"); 63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1"); 64 65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string@"); 66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1"); 67 68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string@"); 69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1"); 70 #endif 71 72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { 73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} 78 }; 79 80 static void cil_init_keys(void) 81 { 82 /* Initialize CIL Keys into strpool */ 83 CIL_KEY_CONS_T1 = cil_strpool_add("t1"); 84 CIL_KEY_CONS_T2 = cil_strpool_add("t2"); 85 CIL_KEY_CONS_T3 = cil_strpool_add("t3"); 86 CIL_KEY_CONS_R1 = cil_strpool_add("r1"); 87 CIL_KEY_CONS_R2 = cil_strpool_add("r2"); 88 CIL_KEY_CONS_R3 = cil_strpool_add("r3"); 89 CIL_KEY_CONS_U1 = cil_strpool_add("u1"); 90 CIL_KEY_CONS_U2 = cil_strpool_add("u2"); 91 CIL_KEY_CONS_U3 = cil_strpool_add("u3"); 92 CIL_KEY_CONS_L1 = cil_strpool_add("l1"); 93 CIL_KEY_CONS_L2 = cil_strpool_add("l2"); 94 CIL_KEY_CONS_H1 = cil_strpool_add("h1"); 95 CIL_KEY_CONS_H2 = cil_strpool_add("h2"); 96 CIL_KEY_AND = cil_strpool_add("and"); 97 CIL_KEY_OR = cil_strpool_add("or"); 98 CIL_KEY_NOT = cil_strpool_add("not"); 99 CIL_KEY_EQ = cil_strpool_add("eq"); 100 CIL_KEY_NEQ = cil_strpool_add("neq"); 101 CIL_KEY_CONS_DOM = cil_strpool_add("dom"); 102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby"); 103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp"); 104 CIL_KEY_CONDTRUE = cil_strpool_add("true"); 105 CIL_KEY_CONDFALSE = cil_strpool_add("false"); 106 CIL_KEY_SELF = cil_strpool_add("self"); 107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r"); 108 CIL_KEY_STAR = cil_strpool_add("*"); 109 CIL_KEY_UDP = cil_strpool_add("udp"); 110 CIL_KEY_TCP = cil_strpool_add("tcp"); 111 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); 112 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); 113 CIL_KEY_ALLOW = cil_strpool_add("allow"); 114 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit"); 115 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition"); 116 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange"); 117 CIL_KEY_CALL = cil_strpool_add("call"); 118 CIL_KEY_TUNABLE = cil_strpool_add("tunable"); 119 CIL_KEY_XOR = cil_strpool_add("xor"); 120 CIL_KEY_ALL = cil_strpool_add("all"); 121 CIL_KEY_RANGE = cil_strpool_add("range"); 122 CIL_KEY_TYPE = cil_strpool_add("type"); 123 CIL_KEY_ROLE = cil_strpool_add("role"); 124 CIL_KEY_USER = cil_strpool_add("user"); 125 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute"); 126 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset"); 127 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity"); 128 CIL_KEY_CATEGORY = cil_strpool_add("category"); 129 CIL_KEY_CATSET = cil_strpool_add("categoryset"); 130 CIL_KEY_LEVEL = cil_strpool_add("level"); 131 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange"); 132 CIL_KEY_CLASS = cil_strpool_add("class"); 133 CIL_KEY_IPADDR = cil_strpool_add("ipaddr"); 134 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap"); 135 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission"); 136 CIL_KEY_BOOL = cil_strpool_add("boolean"); 137 CIL_KEY_STRING = cil_strpool_add("string"); 138 CIL_KEY_NAME = cil_strpool_add("name"); 139 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown"); 140 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow"); 141 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny"); 142 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject"); 143 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit"); 144 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract"); 145 CIL_KEY_CLASSORDER = cil_strpool_add("classorder"); 146 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping"); 147 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset"); 148 CIL_KEY_COMMON = cil_strpool_add("common"); 149 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon"); 150 CIL_KEY_SID = cil_strpool_add("sid"); 151 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext"); 152 CIL_KEY_SIDORDER = cil_strpool_add("sidorder"); 153 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel"); 154 CIL_KEY_USERRANGE = cil_strpool_add("userrange"); 155 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds"); 156 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix"); 157 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser"); 158 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault"); 159 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute"); 160 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset"); 161 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias"); 162 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual"); 163 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds"); 164 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive"); 165 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition"); 166 CIL_KEY_USERROLE = cil_strpool_add("userrole"); 167 CIL_KEY_ROLETYPE = cil_strpool_add("roletype"); 168 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition"); 169 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow"); 170 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute"); 171 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset"); 172 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds"); 173 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif"); 174 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow"); 175 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember"); 176 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias"); 177 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual"); 178 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias"); 179 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual"); 180 CIL_KEY_CATORDER = cil_strpool_add("categoryorder"); 181 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder"); 182 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory"); 183 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain"); 184 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain"); 185 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans"); 186 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans"); 187 CIL_KEY_CONTEXT = cil_strpool_add("context"); 188 CIL_KEY_FILECON = cil_strpool_add("filecon"); 189 CIL_KEY_PORTCON = cil_strpool_add("portcon"); 190 CIL_KEY_NODECON = cil_strpool_add("nodecon"); 191 CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); 192 CIL_KEY_NETIFCON = cil_strpool_add("netifcon"); 193 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon"); 194 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon"); 195 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon"); 196 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon"); 197 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon"); 198 CIL_KEY_FSUSE = cil_strpool_add("fsuse"); 199 CIL_KEY_POLICYCAP = cil_strpool_add("policycap"); 200 CIL_KEY_OPTIONAL = cil_strpool_add("optional"); 201 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser"); 202 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole"); 203 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype"); 204 CIL_KEY_MACRO = cil_strpool_add("macro"); 205 CIL_KEY_IN = cil_strpool_add("in"); 206 CIL_KEY_MLS = cil_strpool_add("mls"); 207 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange"); 208 CIL_KEY_GLOB = cil_strpool_add("*"); 209 CIL_KEY_FILE = cil_strpool_add("file"); 210 CIL_KEY_DIR = cil_strpool_add("dir"); 211 CIL_KEY_CHAR = cil_strpool_add("char"); 212 CIL_KEY_BLOCK = cil_strpool_add("block"); 213 CIL_KEY_SOCKET = cil_strpool_add("socket"); 214 CIL_KEY_PIPE = cil_strpool_add("pipe"); 215 CIL_KEY_SYMLINK = cil_strpool_add("symlink"); 216 CIL_KEY_ANY = cil_strpool_add("any"); 217 CIL_KEY_XATTR = cil_strpool_add("xattr"); 218 CIL_KEY_TASK = cil_strpool_add("task"); 219 CIL_KEY_TRANS = cil_strpool_add("trans"); 220 CIL_KEY_SOURCE = cil_strpool_add("source"); 221 CIL_KEY_TARGET = cil_strpool_add("target"); 222 CIL_KEY_LOW = cil_strpool_add("low"); 223 CIL_KEY_HIGH = cil_strpool_add("high"); 224 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high"); 225 CIL_KEY_ROOT = cil_strpool_add("<root>"); 226 CIL_KEY_NODE = cil_strpool_add("<node>"); 227 CIL_KEY_PERM = cil_strpool_add("perm"); 228 CIL_KEY_ALLOWX = cil_strpool_add("allowx"); 229 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx"); 230 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx"); 231 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx"); 232 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx"); 233 CIL_KEY_IOCTL = cil_strpool_add("ioctl"); 234 CIL_KEY_UNORDERED = cil_strpool_add("unordered"); 235 } 236 237 void cil_db_init(struct cil_db **db) 238 { 239 *db = cil_malloc(sizeof(**db)); 240 241 cil_strpool_init(); 242 cil_init_keys(); 243 244 cil_tree_init(&(*db)->parse); 245 cil_tree_init(&(*db)->ast); 246 cil_root_init((struct cil_root **)&(*db)->ast->root->data); 247 (*db)->sidorder = NULL; 248 (*db)->classorder = NULL; 249 (*db)->catorder = NULL; 250 (*db)->sensitivityorder = NULL; 251 cil_sort_init(&(*db)->netifcon); 252 cil_sort_init(&(*db)->genfscon); 253 cil_sort_init(&(*db)->filecon); 254 cil_sort_init(&(*db)->nodecon); 255 cil_sort_init(&(*db)->portcon); 256 cil_sort_init(&(*db)->pirqcon); 257 cil_sort_init(&(*db)->iomemcon); 258 cil_sort_init(&(*db)->ioportcon); 259 cil_sort_init(&(*db)->pcidevicecon); 260 cil_sort_init(&(*db)->devicetreecon); 261 cil_sort_init(&(*db)->fsuse); 262 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM); 263 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM); 264 cil_list_init(&(*db)->names, CIL_LIST_ITEM); 265 266 cil_type_init(&(*db)->selftype); 267 (*db)->selftype->datum.name = CIL_KEY_SELF; 268 (*db)->selftype->datum.fqn = CIL_KEY_SELF; 269 (*db)->num_types_and_attrs = 0; 270 (*db)->num_classes = 0; 271 (*db)->num_types = 0; 272 (*db)->num_roles = 0; 273 (*db)->num_users = 0; 274 (*db)->num_cats = 0; 275 (*db)->val_to_type = NULL; 276 (*db)->val_to_role = NULL; 277 (*db)->val_to_user = NULL; 278 279 (*db)->disable_dontaudit = CIL_FALSE; 280 (*db)->disable_neverallow = CIL_FALSE; 281 (*db)->preserve_tunables = CIL_FALSE; 282 (*db)->handle_unknown = -1; 283 (*db)->mls = -1; 284 (*db)->target_platform = SEPOL_TARGET_SELINUX; 285 (*db)->policy_version = POLICYDB_VERSION_MAX; 286 } 287 288 void cil_db_destroy(struct cil_db **db) 289 { 290 if (db == NULL || *db == NULL) { 291 return; 292 } 293 294 cil_tree_destroy(&(*db)->parse); 295 cil_tree_destroy(&(*db)->ast); 296 cil_list_destroy(&(*db)->sidorder, CIL_FALSE); 297 cil_list_destroy(&(*db)->classorder, CIL_FALSE); 298 cil_list_destroy(&(*db)->catorder, CIL_FALSE); 299 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE); 300 cil_sort_destroy(&(*db)->netifcon); 301 cil_sort_destroy(&(*db)->genfscon); 302 cil_sort_destroy(&(*db)->filecon); 303 cil_sort_destroy(&(*db)->nodecon); 304 cil_sort_destroy(&(*db)->portcon); 305 cil_sort_destroy(&(*db)->pirqcon); 306 cil_sort_destroy(&(*db)->iomemcon); 307 cil_sort_destroy(&(*db)->ioportcon); 308 cil_sort_destroy(&(*db)->pcidevicecon); 309 cil_sort_destroy(&(*db)->devicetreecon); 310 cil_sort_destroy(&(*db)->fsuse); 311 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE); 312 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE); 313 cil_list_destroy(&(*db)->names, CIL_TRUE); 314 315 cil_destroy_type((*db)->selftype); 316 317 cil_strpool_destroy(); 318 free((*db)->val_to_type); 319 free((*db)->val_to_role); 320 free((*db)->val_to_user); 321 322 free(*db); 323 *db = NULL; 324 } 325 326 void cil_root_init(struct cil_root **root) 327 { 328 struct cil_root *r = cil_malloc(sizeof(*r)); 329 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]); 330 331 *root = r; 332 } 333 334 void cil_root_destroy(struct cil_root *root) 335 { 336 if (root == NULL) { 337 return; 338 } 339 cil_symtab_array_destroy(root->symtab); 340 free(root); 341 } 342 343 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size) 344 { 345 char *buffer = NULL; 346 int rc; 347 348 cil_log(CIL_INFO, "Parsing %s\n", name); 349 350 buffer = cil_malloc(size + 2); 351 memcpy(buffer, data, size); 352 memset(buffer + size, 0, 2); 353 354 rc = cil_parser(name, buffer, size + 2, &db->parse); 355 if (rc != SEPOL_OK) { 356 cil_log(CIL_INFO, "Failed to parse %s\n", name); 357 goto exit; 358 } 359 360 free(buffer); 361 buffer = NULL; 362 363 rc = SEPOL_OK; 364 365 exit: 366 free(buffer); 367 368 return rc; 369 } 370 371 #ifdef DISABLE_SYMVER 372 int cil_compile(struct cil_db *db) 373 #else 374 int cil_compile_nopdb(struct cil_db *db) 375 #endif 376 { 377 int rc = SEPOL_ERR; 378 379 if (db == NULL) { 380 goto exit; 381 } 382 383 cil_log(CIL_INFO, "Building AST from Parse Tree\n"); 384 rc = cil_build_ast(db, db->parse->root, db->ast->root); 385 if (rc != SEPOL_OK) { 386 cil_log(CIL_INFO, "Failed to build ast\n"); 387 goto exit; 388 } 389 390 cil_log(CIL_INFO, "Destroying Parse Tree\n"); 391 cil_tree_destroy(&db->parse); 392 393 cil_log(CIL_INFO, "Resolving AST\n"); 394 rc = cil_resolve_ast(db, db->ast->root); 395 if (rc != SEPOL_OK) { 396 cil_log(CIL_INFO, "Failed to resolve ast\n"); 397 goto exit; 398 } 399 400 cil_log(CIL_INFO, "Qualifying Names\n"); 401 rc = cil_fqn_qualify(db->ast->root); 402 if (rc != SEPOL_OK) { 403 cil_log(CIL_INFO, "Failed to qualify names\n"); 404 goto exit; 405 } 406 407 cil_log(CIL_INFO, "Compile post process\n"); 408 rc = cil_post_process(db); 409 if (rc != SEPOL_OK ) { 410 cil_log(CIL_INFO, "Post process failed\n"); 411 goto exit; 412 } 413 414 exit: 415 416 return rc; 417 } 418 419 #ifndef DISABLE_SYMVER 420 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) 421 { 422 return cil_compile_nopdb(db); 423 } 424 425 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db) 426 { 427 int rc; 428 429 cil_log(CIL_INFO, "Building policy binary\n"); 430 rc = cil_binary_create_allocated_pdb(db, sepol_db); 431 if (rc != SEPOL_OK) { 432 cil_log(CIL_ERR, "Failed to generate binary\n"); 433 goto exit; 434 } 435 436 exit: 437 return rc; 438 } 439 #endif 440 441 #ifdef DISABLE_SYMVER 442 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) 443 #else 444 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) 445 #endif 446 { 447 int rc; 448 449 cil_log(CIL_INFO, "Building policy binary\n"); 450 rc = cil_binary_create(db, sepol_db); 451 if (rc != SEPOL_OK) { 452 cil_log(CIL_ERR, "Failed to generate binary\n"); 453 goto exit; 454 } 455 456 exit: 457 return rc; 458 } 459 460 void cil_destroy_data(void **data, enum cil_flavor flavor) 461 { 462 if (*data == NULL) { 463 return; 464 } 465 466 switch(flavor) { 467 case CIL_NONE: 468 break; 469 case CIL_ROOT: 470 cil_root_destroy(*data); 471 break; 472 case CIL_NODE: 473 break; 474 case CIL_STRING: 475 break; 476 case CIL_DATUM: 477 break; 478 case CIL_LIST: 479 cil_list_destroy(*data, CIL_FALSE); 480 break; 481 case CIL_LIST_ITEM: 482 break; 483 case CIL_PARAM: 484 cil_destroy_param(*data); 485 break; 486 case CIL_ARGS: 487 cil_destroy_args(*data); 488 break; 489 case CIL_BLOCK: 490 cil_destroy_block(*data); 491 break; 492 case CIL_BLOCKINHERIT: 493 cil_destroy_blockinherit(*data); 494 break; 495 case CIL_BLOCKABSTRACT: 496 cil_destroy_blockabstract(*data); 497 break; 498 case CIL_IN: 499 cil_destroy_in(*data); 500 break; 501 case CIL_MACRO: 502 cil_destroy_macro(*data); 503 break; 504 case CIL_CALL: 505 cil_destroy_call(*data); 506 break; 507 case CIL_OPTIONAL: 508 cil_destroy_optional(*data); 509 break; 510 case CIL_BOOL: 511 cil_destroy_bool(*data); 512 break; 513 case CIL_BOOLEANIF: 514 cil_destroy_boolif(*data); 515 break; 516 case CIL_TUNABLE: 517 cil_destroy_tunable(*data); 518 break; 519 case CIL_TUNABLEIF: 520 cil_destroy_tunif(*data); 521 break; 522 case CIL_CONDBLOCK: 523 cil_destroy_condblock(*data); 524 break; 525 case CIL_CONDTRUE: 526 break; 527 case CIL_CONDFALSE: 528 break; 529 case CIL_PERM: 530 case CIL_MAP_PERM: 531 cil_destroy_perm(*data); 532 break; 533 case CIL_COMMON: 534 case CIL_CLASS: 535 case CIL_MAP_CLASS: 536 cil_destroy_class(*data); 537 break; 538 case CIL_CLASSORDER: 539 cil_destroy_classorder(*data); 540 break; 541 case CIL_CLASSPERMISSION: 542 cil_destroy_classpermission(*data); 543 break; 544 case CIL_CLASSCOMMON: 545 cil_destroy_classcommon(*data); 546 break; 547 case CIL_CLASSMAPPING: 548 cil_destroy_classmapping(*data); 549 break; 550 case CIL_CLASSPERMS: 551 cil_destroy_classperms(*data); 552 break; 553 case CIL_CLASSPERMS_SET: 554 cil_destroy_classperms_set(*data); 555 break; 556 case CIL_CLASSPERMISSIONSET: 557 cil_destroy_classpermissionset(*data); 558 break; 559 case CIL_USER: 560 cil_destroy_user(*data); 561 break; 562 case CIL_USERATTRIBUTE: 563 cil_destroy_userattribute(*data); 564 break; 565 case CIL_USERATTRIBUTESET: 566 cil_destroy_userattributeset(*data); 567 break; 568 case CIL_USERPREFIX: 569 cil_destroy_userprefix(*data); 570 break; 571 case CIL_USERROLE: 572 cil_destroy_userrole(*data); 573 break; 574 case CIL_USERLEVEL: 575 cil_destroy_userlevel(*data); 576 break; 577 case CIL_USERRANGE: 578 cil_destroy_userrange(*data); 579 break; 580 case CIL_USERBOUNDS: 581 cil_destroy_bounds(*data); 582 break; 583 case CIL_SELINUXUSER: 584 case CIL_SELINUXUSERDEFAULT: 585 cil_destroy_selinuxuser(*data); 586 break; 587 case CIL_ROLE: 588 cil_destroy_role(*data); 589 break; 590 case CIL_ROLEATTRIBUTE: 591 cil_destroy_roleattribute(*data); 592 break; 593 case CIL_ROLEATTRIBUTESET: 594 cil_destroy_roleattributeset(*data); 595 break; 596 case CIL_ROLETYPE: 597 cil_destroy_roletype(*data); 598 break; 599 case CIL_ROLEBOUNDS: 600 cil_destroy_bounds(*data); 601 break; 602 case CIL_TYPE: 603 cil_destroy_type(*data); 604 break; 605 case CIL_TYPEATTRIBUTE: 606 cil_destroy_typeattribute(*data); 607 break; 608 case CIL_TYPEALIAS: 609 cil_destroy_alias(*data); 610 break; 611 case CIL_TYPEATTRIBUTESET: 612 cil_destroy_typeattributeset(*data); 613 break; 614 case CIL_TYPEALIASACTUAL: 615 cil_destroy_aliasactual(*data); 616 break; 617 case CIL_TYPEBOUNDS: 618 cil_destroy_bounds(*data); 619 break; 620 case CIL_TYPEPERMISSIVE: 621 cil_destroy_typepermissive(*data); 622 break; 623 case CIL_SENS: 624 cil_destroy_sensitivity(*data); 625 break; 626 case CIL_SENSALIAS: 627 cil_destroy_alias(*data); 628 break; 629 case CIL_SENSALIASACTUAL: 630 cil_destroy_aliasactual(*data); 631 break; 632 case CIL_SENSITIVITYORDER: 633 cil_destroy_sensitivityorder(*data); 634 break; 635 case CIL_SENSCAT: 636 cil_destroy_senscat(*data); 637 break; 638 case CIL_CAT: 639 cil_destroy_category(*data); 640 break; 641 case CIL_CATSET: 642 cil_destroy_catset(*data); 643 break; 644 case CIL_CATALIAS: 645 cil_destroy_alias(*data); 646 break; 647 case CIL_CATALIASACTUAL: 648 cil_destroy_aliasactual(*data); 649 break; 650 case CIL_CATORDER: 651 cil_destroy_catorder(*data); 652 break; 653 case CIL_LEVEL: 654 cil_destroy_level(*data); 655 break; 656 case CIL_LEVELRANGE: 657 cil_destroy_levelrange(*data); 658 break; 659 case CIL_SID: 660 cil_destroy_sid(*data); 661 break; 662 case CIL_SIDORDER: 663 cil_destroy_sidorder(*data); 664 break; 665 case CIL_NAME: 666 cil_destroy_name(*data); 667 break; 668 case CIL_ROLEALLOW: 669 cil_destroy_roleallow(*data); 670 break; 671 case CIL_AVRULE: 672 case CIL_AVRULEX: 673 cil_destroy_avrule(*data); 674 break; 675 case CIL_PERMISSIONX: 676 cil_destroy_permissionx(*data); 677 break; 678 case CIL_ROLETRANSITION: 679 cil_destroy_roletransition(*data); 680 break; 681 case CIL_TYPE_RULE: 682 cil_destroy_type_rule(*data); 683 break; 684 case CIL_NAMETYPETRANSITION: 685 cil_destroy_typetransition(*data); 686 break; 687 case CIL_RANGETRANSITION: 688 cil_destroy_rangetransition(*data); 689 break; 690 case CIL_CONSTRAIN: 691 cil_destroy_constrain(*data); 692 break; 693 case CIL_MLSCONSTRAIN: 694 cil_destroy_constrain(*data); 695 break; 696 case CIL_VALIDATETRANS: 697 case CIL_MLSVALIDATETRANS: 698 cil_destroy_validatetrans(*data); 699 break; 700 case CIL_CONTEXT: 701 cil_destroy_context(*data); 702 break; 703 case CIL_IPADDR: 704 cil_destroy_ipaddr(*data); 705 break; 706 case CIL_SIDCONTEXT: 707 cil_destroy_sidcontext(*data); 708 break; 709 case CIL_FSUSE: 710 cil_destroy_fsuse(*data); 711 break; 712 case CIL_FILECON: 713 cil_destroy_filecon(*data); 714 break; 715 case CIL_PORTCON: 716 cil_destroy_portcon(*data); 717 break; 718 case CIL_NODECON: 719 cil_destroy_nodecon(*data); 720 break; 721 case CIL_GENFSCON: 722 cil_destroy_genfscon(*data); 723 break; 724 case CIL_NETIFCON: 725 cil_destroy_netifcon(*data); 726 break; 727 case CIL_PIRQCON: 728 cil_destroy_pirqcon(*data); 729 break; 730 case CIL_IOMEMCON: 731 cil_destroy_iomemcon(*data); 732 break; 733 case CIL_IOPORTCON: 734 cil_destroy_ioportcon(*data); 735 break; 736 case CIL_PCIDEVICECON: 737 cil_destroy_pcidevicecon(*data); 738 break; 739 case CIL_DEVICETREECON: 740 cil_destroy_devicetreecon(*data); 741 break; 742 case CIL_POLICYCAP: 743 cil_destroy_policycap(*data); 744 break; 745 case CIL_DEFAULTUSER: 746 case CIL_DEFAULTROLE: 747 case CIL_DEFAULTTYPE: 748 cil_destroy_default(*data); 749 break; 750 case CIL_DEFAULTRANGE: 751 cil_destroy_defaultrange(*data); 752 break; 753 case CIL_HANDLEUNKNOWN: 754 cil_destroy_handleunknown(*data); 755 break; 756 case CIL_MLS: 757 cil_destroy_mls(*data); 758 break; 759 case CIL_OP: 760 case CIL_CONS_OPERAND: 761 break; 762 default: 763 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor); 764 break; 765 } 766 767 *data = NULL; 768 } 769 770 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index) 771 { 772 if (flavor < CIL_MIN_DECLARATIVE) { 773 return SEPOL_ERR; 774 } 775 776 switch(flavor) { 777 case CIL_BLOCK: 778 *sym_index = CIL_SYM_BLOCKS; 779 break; 780 case CIL_MACRO: 781 *sym_index = CIL_SYM_BLOCKS; 782 break; 783 case CIL_OPTIONAL: 784 *sym_index = CIL_SYM_BLOCKS; 785 break; 786 case CIL_BOOL: 787 *sym_index = CIL_SYM_BOOLS; 788 break; 789 case CIL_TUNABLE: 790 *sym_index = CIL_SYM_TUNABLES; 791 break; 792 case CIL_PERM: 793 case CIL_MAP_PERM: 794 *sym_index = CIL_SYM_PERMS; 795 break; 796 case CIL_COMMON: 797 *sym_index = CIL_SYM_COMMONS; 798 break; 799 case CIL_CLASS: 800 case CIL_MAP_CLASS: 801 *sym_index = CIL_SYM_CLASSES; 802 break; 803 case CIL_CLASSPERMISSION: 804 case CIL_CLASSPERMISSIONSET: 805 *sym_index = CIL_SYM_CLASSPERMSETS; 806 break; 807 case CIL_USER: 808 case CIL_USERATTRIBUTE: 809 *sym_index = CIL_SYM_USERS; 810 break; 811 case CIL_ROLE: 812 case CIL_ROLEATTRIBUTE: 813 *sym_index = CIL_SYM_ROLES; 814 break; 815 case CIL_TYPE: 816 case CIL_TYPEALIAS: 817 case CIL_TYPEATTRIBUTE: 818 *sym_index = CIL_SYM_TYPES; 819 break; 820 case CIL_SENS: 821 case CIL_SENSALIAS: 822 *sym_index = CIL_SYM_SENS; 823 break; 824 case CIL_CAT: 825 case CIL_CATSET: 826 case CIL_CATALIAS: 827 *sym_index = CIL_SYM_CATS; 828 break; 829 case CIL_LEVEL: 830 *sym_index = CIL_SYM_LEVELS; 831 break; 832 case CIL_LEVELRANGE: 833 *sym_index = CIL_SYM_LEVELRANGES; 834 break; 835 case CIL_SID: 836 *sym_index = CIL_SYM_SIDS; 837 break; 838 case CIL_NAME: 839 *sym_index = CIL_SYM_NAMES; 840 break; 841 case CIL_CONTEXT: 842 *sym_index = CIL_SYM_CONTEXTS; 843 break; 844 case CIL_IPADDR: 845 *sym_index = CIL_SYM_IPADDRS; 846 break; 847 case CIL_POLICYCAP: 848 *sym_index = CIL_SYM_POLICYCAPS; 849 break; 850 case CIL_PERMISSIONX: 851 *sym_index = CIL_SYM_PERMX; 852 break; 853 default: 854 *sym_index = CIL_SYM_UNKNOWN; 855 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor); 856 return SEPOL_ERR; 857 } 858 859 return SEPOL_OK; 860 } 861 862 const char * cil_node_to_string(struct cil_tree_node *node) 863 { 864 switch (node->flavor) { 865 case CIL_NONE: 866 return "<none>"; 867 case CIL_ROOT: 868 return CIL_KEY_ROOT; 869 case CIL_NODE: 870 return CIL_KEY_NODE; 871 case CIL_STRING: 872 return "string"; 873 case CIL_DATUM: 874 return "<datum>"; 875 case CIL_LIST: 876 return "<list>"; 877 case CIL_LIST_ITEM: 878 return "<list_item>"; 879 case CIL_PARAM: 880 return "<param>"; 881 case CIL_ARGS: 882 return "<args>"; 883 case CIL_BLOCK: 884 return CIL_KEY_BLOCK; 885 case CIL_BLOCKINHERIT: 886 return CIL_KEY_BLOCKINHERIT; 887 case CIL_BLOCKABSTRACT: 888 return CIL_KEY_BLOCKABSTRACT; 889 case CIL_IN: 890 return CIL_KEY_IN; 891 case CIL_MACRO: 892 return CIL_KEY_MACRO; 893 case CIL_CALL: 894 return CIL_KEY_CALL; 895 case CIL_OPTIONAL: 896 return CIL_KEY_OPTIONAL; 897 case CIL_BOOL: 898 return CIL_KEY_BOOL; 899 case CIL_BOOLEANIF: 900 return CIL_KEY_BOOLEANIF; 901 case CIL_TUNABLE: 902 return CIL_KEY_TUNABLE; 903 case CIL_TUNABLEIF: 904 return CIL_KEY_TUNABLEIF; 905 case CIL_CONDBLOCK: 906 switch (((struct cil_condblock*)node->data)->flavor) { 907 case CIL_CONDTRUE: 908 return CIL_KEY_CONDTRUE; 909 case CIL_CONDFALSE: 910 return CIL_KEY_CONDFALSE; 911 default: 912 break; 913 } 914 break; 915 case CIL_CONDTRUE: 916 return CIL_KEY_CONDTRUE; 917 case CIL_CONDFALSE: 918 return CIL_KEY_CONDFALSE; 919 case CIL_PERM: 920 return CIL_KEY_PERM; 921 case CIL_COMMON: 922 return CIL_KEY_COMMON; 923 case CIL_CLASS: 924 return CIL_KEY_CLASS; 925 case CIL_CLASSORDER: 926 return CIL_KEY_CLASSORDER; 927 case CIL_MAP_CLASS: 928 return CIL_KEY_MAP_CLASS; 929 case CIL_CLASSPERMISSION: 930 return CIL_KEY_CLASSPERMISSION; 931 case CIL_CLASSCOMMON: 932 return CIL_KEY_CLASSCOMMON; 933 case CIL_CLASSMAPPING: 934 return CIL_KEY_CLASSMAPPING; 935 case CIL_CLASSPERMISSIONSET: 936 return CIL_KEY_CLASSPERMISSIONSET; 937 case CIL_USER: 938 return CIL_KEY_USER; 939 case CIL_USERATTRIBUTE: 940 return CIL_KEY_USERATTRIBUTE; 941 case CIL_USERATTRIBUTESET: 942 return CIL_KEY_USERATTRIBUTESET; 943 case CIL_USERPREFIX: 944 return CIL_KEY_USERPREFIX; 945 case CIL_USERROLE: 946 return CIL_KEY_USERROLE; 947 case CIL_USERLEVEL: 948 return CIL_KEY_USERLEVEL; 949 case CIL_USERRANGE: 950 return CIL_KEY_USERRANGE; 951 case CIL_USERBOUNDS: 952 return CIL_KEY_USERBOUNDS; 953 case CIL_SELINUXUSER: 954 return CIL_KEY_SELINUXUSER; 955 case CIL_SELINUXUSERDEFAULT: 956 return CIL_KEY_SELINUXUSERDEFAULT; 957 case CIL_ROLE: 958 return CIL_KEY_ROLE; 959 case CIL_ROLEATTRIBUTE: 960 return CIL_KEY_ROLEATTRIBUTE; 961 case CIL_ROLEATTRIBUTESET: 962 return CIL_KEY_ROLEATTRIBUTESET; 963 case CIL_ROLETYPE: 964 return CIL_KEY_ROLETYPE; 965 case CIL_ROLEBOUNDS: 966 return CIL_KEY_ROLEBOUNDS; 967 case CIL_TYPE: 968 return CIL_KEY_TYPE; 969 case CIL_TYPEATTRIBUTE: 970 return CIL_KEY_TYPEATTRIBUTE; 971 case CIL_TYPEALIAS: 972 return CIL_KEY_TYPEALIAS; 973 case CIL_TYPEATTRIBUTESET: 974 return CIL_KEY_TYPEATTRIBUTESET; 975 case CIL_TYPEALIASACTUAL: 976 return CIL_KEY_TYPEALIASACTUAL; 977 case CIL_TYPEBOUNDS: 978 return CIL_KEY_TYPEBOUNDS; 979 case CIL_TYPEPERMISSIVE: 980 return CIL_KEY_TYPEPERMISSIVE; 981 case CIL_SENS: 982 return CIL_KEY_SENSITIVITY; 983 case CIL_SENSALIAS: 984 return CIL_KEY_SENSALIAS; 985 case CIL_SENSALIASACTUAL: 986 return CIL_KEY_SENSALIASACTUAL; 987 case CIL_SENSITIVITYORDER: 988 return CIL_KEY_SENSITIVITYORDER; 989 case CIL_SENSCAT: 990 return CIL_KEY_SENSCAT; 991 case CIL_CAT: 992 return CIL_KEY_CATEGORY; 993 case CIL_CATSET: 994 return CIL_KEY_CATSET; 995 case CIL_CATALIAS: 996 return CIL_KEY_CATALIAS; 997 case CIL_CATALIASACTUAL: 998 return CIL_KEY_CATALIASACTUAL; 999 case CIL_CATORDER: 1000 return CIL_KEY_CATORDER; 1001 case CIL_LEVEL: 1002 return CIL_KEY_LEVEL; 1003 case CIL_LEVELRANGE: 1004 return CIL_KEY_LEVELRANGE; 1005 case CIL_SID: 1006 return CIL_KEY_SID; 1007 case CIL_SIDORDER: 1008 return CIL_KEY_SIDORDER; 1009 case CIL_NAME: 1010 return CIL_KEY_NAME; 1011 case CIL_ROLEALLOW: 1012 return CIL_KEY_ROLEALLOW; 1013 case CIL_AVRULE: 1014 switch (((struct cil_avrule *)node->data)->rule_kind) { 1015 case CIL_AVRULE_ALLOWED: 1016 return CIL_KEY_ALLOW; 1017 case CIL_AVRULE_AUDITALLOW: 1018 return CIL_KEY_AUDITALLOW; 1019 case CIL_AVRULE_DONTAUDIT: 1020 return CIL_KEY_DONTAUDIT; 1021 case CIL_AVRULE_NEVERALLOW: 1022 return CIL_KEY_NEVERALLOW; 1023 default: 1024 break; 1025 } 1026 break; 1027 case CIL_AVRULEX: 1028 switch (((struct cil_avrule *)node->data)->rule_kind) { 1029 case CIL_AVRULE_ALLOWED: 1030 return CIL_KEY_ALLOWX; 1031 case CIL_AVRULE_AUDITALLOW: 1032 return CIL_KEY_AUDITALLOWX; 1033 case CIL_AVRULE_DONTAUDIT: 1034 return CIL_KEY_DONTAUDITX; 1035 case CIL_AVRULE_NEVERALLOW: 1036 return CIL_KEY_NEVERALLOWX; 1037 default: 1038 break; 1039 } 1040 break; 1041 case CIL_PERMISSIONX: 1042 return CIL_KEY_PERMISSIONX; 1043 case CIL_ROLETRANSITION: 1044 return CIL_KEY_ROLETRANSITION; 1045 case CIL_TYPE_RULE: 1046 switch (((struct cil_type_rule *)node->data)->rule_kind) { 1047 case CIL_TYPE_TRANSITION: 1048 return CIL_KEY_TYPETRANSITION; 1049 case CIL_TYPE_MEMBER: 1050 return CIL_KEY_TYPEMEMBER; 1051 case CIL_TYPE_CHANGE: 1052 return CIL_KEY_TYPECHANGE; 1053 default: 1054 break; 1055 } 1056 break; 1057 case CIL_NAMETYPETRANSITION: 1058 return CIL_KEY_TYPETRANSITION; 1059 case CIL_RANGETRANSITION: 1060 return CIL_KEY_RANGETRANSITION; 1061 case CIL_CONSTRAIN: 1062 return CIL_KEY_CONSTRAIN; 1063 case CIL_MLSCONSTRAIN: 1064 return CIL_KEY_MLSCONSTRAIN; 1065 case CIL_VALIDATETRANS: 1066 return CIL_KEY_VALIDATETRANS; 1067 case CIL_MLSVALIDATETRANS: 1068 return CIL_KEY_MLSVALIDATETRANS; 1069 case CIL_CONTEXT: 1070 return CIL_KEY_CONTEXT; 1071 case CIL_IPADDR: 1072 return CIL_KEY_IPADDR; 1073 case CIL_SIDCONTEXT: 1074 return CIL_KEY_SIDCONTEXT; 1075 case CIL_FSUSE: 1076 return CIL_KEY_FSUSE; 1077 case CIL_FILECON: 1078 return CIL_KEY_FILECON; 1079 case CIL_PORTCON: 1080 return CIL_KEY_PORTCON; 1081 case CIL_NODECON: 1082 return CIL_KEY_NODECON; 1083 case CIL_GENFSCON: 1084 return CIL_KEY_GENFSCON; 1085 case CIL_NETIFCON: 1086 return CIL_KEY_NETIFCON; 1087 case CIL_PIRQCON: 1088 return CIL_KEY_PIRQCON; 1089 case CIL_IOMEMCON: 1090 return CIL_KEY_IOMEMCON; 1091 case CIL_IOPORTCON: 1092 return CIL_KEY_IOPORTCON; 1093 case CIL_PCIDEVICECON: 1094 return CIL_KEY_PCIDEVICECON; 1095 case CIL_DEVICETREECON: 1096 return CIL_KEY_DEVICETREECON; 1097 case CIL_POLICYCAP: 1098 return CIL_KEY_POLICYCAP; 1099 case CIL_DEFAULTUSER: 1100 return CIL_KEY_DEFAULTUSER; 1101 case CIL_DEFAULTROLE: 1102 return CIL_KEY_DEFAULTROLE; 1103 case CIL_DEFAULTTYPE: 1104 return CIL_KEY_DEFAULTTYPE; 1105 case CIL_DEFAULTRANGE: 1106 return CIL_KEY_DEFAULTRANGE; 1107 case CIL_HANDLEUNKNOWN: 1108 return CIL_KEY_HANDLEUNKNOWN; 1109 case CIL_MLS: 1110 return CIL_KEY_MLS; 1111 case CIL_ALL: 1112 return CIL_KEY_ALL; 1113 case CIL_RANGE: 1114 return CIL_KEY_RANGE; 1115 case CIL_AND: 1116 return CIL_KEY_AND; 1117 case CIL_OR: 1118 return CIL_KEY_OR; 1119 case CIL_XOR: 1120 return CIL_KEY_XOR; 1121 case CIL_NOT: 1122 return CIL_KEY_NOT; 1123 case CIL_EQ: 1124 return CIL_KEY_EQ; 1125 case CIL_NEQ: 1126 return CIL_KEY_NEQ; 1127 case CIL_CONS_DOM: 1128 return CIL_KEY_CONS_DOM; 1129 case CIL_CONS_DOMBY: 1130 return CIL_KEY_CONS_DOMBY; 1131 case CIL_CONS_INCOMP: 1132 return CIL_KEY_CONS_INCOMP; 1133 case CIL_CONS_U1: 1134 return CIL_KEY_CONS_U1; 1135 case CIL_CONS_U2: 1136 return CIL_KEY_CONS_U2; 1137 case CIL_CONS_U3: 1138 return CIL_KEY_CONS_U3; 1139 case CIL_CONS_T1: 1140 return CIL_KEY_CONS_T1; 1141 case CIL_CONS_T2: 1142 return CIL_KEY_CONS_T2; 1143 case CIL_CONS_T3: 1144 return CIL_KEY_CONS_T3; 1145 case CIL_CONS_R1: 1146 return CIL_KEY_CONS_R1; 1147 case CIL_CONS_R2: 1148 return CIL_KEY_CONS_R2; 1149 case CIL_CONS_R3: 1150 return CIL_KEY_CONS_R3; 1151 case CIL_CONS_L1: 1152 return CIL_KEY_CONS_L1; 1153 case CIL_CONS_L2: 1154 return CIL_KEY_CONS_L2; 1155 case CIL_CONS_H1: 1156 return CIL_KEY_CONS_H1; 1157 case CIL_CONS_H2: 1158 return CIL_KEY_CONS_H2; 1159 1160 default: 1161 break; 1162 } 1163 1164 return "<unknown>"; 1165 } 1166 1167 #ifdef DISABLE_SYMVER 1168 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) 1169 #else 1170 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1171 #endif 1172 { 1173 int rc = SEPOL_ERR; 1174 size_t str_len = 0; 1175 int buf_pos = 0; 1176 char *str_tmp = NULL; 1177 struct cil_list_item *curr; 1178 struct cil_userprefix *userprefix = NULL; 1179 struct cil_user *user = NULL; 1180 1181 *out = NULL; 1182 1183 if (db->userprefixes->head == NULL) { 1184 rc = SEPOL_OK; 1185 *size = 0; 1186 goto exit; 1187 } 1188 1189 cil_list_for_each(curr, db->userprefixes) { 1190 userprefix = curr->data; 1191 user = userprefix->user; 1192 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2; 1193 } 1194 1195 *size = str_len * sizeof(char); 1196 str_len++; 1197 str_tmp = cil_malloc(str_len * sizeof(char)); 1198 *out = str_tmp; 1199 1200 cil_list_for_each(curr, db->userprefixes) { 1201 userprefix = curr->data; 1202 user = userprefix->user; 1203 1204 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn, 1205 userprefix->prefix_str); 1206 str_len -= buf_pos; 1207 str_tmp += buf_pos; 1208 } 1209 1210 rc = SEPOL_OK; 1211 exit: 1212 return rc; 1213 1214 } 1215 1216 #ifndef DISABLE_SYMVER 1217 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1218 { 1219 return cil_userprefixes_to_string_nopdb(db, out, size); 1220 } 1221 #endif 1222 1223 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap) 1224 { 1225 int rc = SEPOL_ERR; 1226 struct cil_list_item *i; 1227 struct cil_list_item *j; 1228 struct cil_cat* cat; 1229 struct cil_catset *cs; 1230 struct cil_tree_node *node; 1231 1232 if (cats == NULL) { 1233 rc = SEPOL_OK; 1234 goto exit; 1235 } 1236 1237 cil_list_for_each(i, cats->datum_expr) { 1238 node = DATUM(i->data)->nodes->head->data; 1239 if (node->flavor == CIL_CATSET) { 1240 cs = (struct cil_catset*)i->data; 1241 cil_list_for_each(j, cs->cats->datum_expr) { 1242 cat = (struct cil_cat*)j->data; 1243 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1244 if (rc != SEPOL_OK) { 1245 goto exit; 1246 } 1247 } 1248 } else { 1249 cat = (struct cil_cat*)i->data; 1250 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1251 if (rc != SEPOL_OK) { 1252 goto exit; 1253 } 1254 } 1255 } 1256 1257 return SEPOL_OK; 1258 1259 exit: 1260 return rc; 1261 } 1262 1263 static int cil_level_equals(struct cil_level *low, struct cil_level *high) 1264 { 1265 int rc; 1266 struct ebitmap elow; 1267 struct ebitmap ehigh; 1268 1269 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) { 1270 rc = 0; 1271 goto exit; 1272 } 1273 1274 ebitmap_init(&elow); 1275 ebitmap_init(&ehigh); 1276 1277 rc = cil_cats_to_ebitmap(low->cats, &elow); 1278 if (rc != SEPOL_OK) { 1279 goto exit; 1280 } 1281 1282 rc = cil_cats_to_ebitmap(high->cats, &ehigh); 1283 if (rc != SEPOL_OK) { 1284 goto exit; 1285 } 1286 1287 return ebitmap_cmp(&elow, &ehigh); 1288 1289 exit: 1290 return rc; 1291 } 1292 1293 static int __cil_level_strlen(struct cil_level *lvl) 1294 { 1295 struct cil_list_item *item; 1296 struct cil_cats *cats = lvl->cats; 1297 int str_len = 0; 1298 char *str1 = NULL; 1299 char *str2 = NULL; 1300 int first = -1; 1301 int last = -1; 1302 1303 str_len += strlen(lvl->sens->datum.fqn); 1304 1305 if (cats && cats->datum_expr != NULL) { 1306 str_len++; /* initial ":" */ 1307 cil_list_for_each(item, cats->datum_expr) { 1308 struct cil_cat *cat = item->data; 1309 if (first == -1) { 1310 str1 = cat->datum.fqn; 1311 first = cat->value; 1312 last = first; 1313 } else if (cat->value == last + 1) { 1314 last++; 1315 str2 = cat->datum.fqn; 1316 } else { 1317 if (first == last) { 1318 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1; 1319 } else if (last == first + 1) { 1320 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1321 } else { 1322 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1323 } 1324 first = -1; 1325 last = -1; 1326 if (item->next != NULL) { 1327 str_len++; /* space for "," after */ 1328 } 1329 } 1330 } 1331 if (first != -1) { 1332 if (first == last) { 1333 str_len += strlen(str1); 1334 } else if (last == first + 1) { 1335 str_len += strlen(str1) + strlen(str2) + 1; 1336 } else { 1337 str_len += strlen(str1) + strlen(str2) + 1; 1338 } 1339 } 1340 } 1341 1342 return str_len; 1343 } 1344 1345 static int __cil_level_to_string(struct cil_level *lvl, char *out) 1346 { 1347 struct cil_list_item *item; 1348 struct cil_cats *cats = lvl->cats; 1349 int buf_pos = 0; 1350 char *str_tmp = out; 1351 char *str1 = NULL; 1352 char *str2 = NULL; 1353 int first = -1; 1354 int last = -1; 1355 1356 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn); 1357 str_tmp += buf_pos; 1358 1359 if (cats && cats->datum_expr != NULL) { 1360 buf_pos = sprintf(str_tmp, ":"); 1361 str_tmp += buf_pos; 1362 1363 cil_list_for_each(item, cats->datum_expr) { 1364 struct cil_cat *cat = item->data; 1365 if (first == -1) { 1366 str1 = cat->datum.fqn; 1367 first = cat->value; 1368 last = first; 1369 } else if (cat->value == last + 1) { 1370 last++; 1371 str2 = cat->datum.fqn; 1372 } else { 1373 if (first == last) { 1374 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn); 1375 str_tmp += buf_pos; 1376 } else if (last == first + 1) { 1377 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn); 1378 str_tmp += buf_pos; 1379 } else { 1380 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn); 1381 str_tmp += buf_pos; 1382 } 1383 first = -1; 1384 last = -1; 1385 if (item->next != NULL) { 1386 buf_pos = sprintf(str_tmp, ","); 1387 str_tmp += buf_pos; 1388 } 1389 } 1390 } 1391 if (first != -1) { 1392 if (first == last) { 1393 buf_pos = sprintf(str_tmp, "%s", str1); 1394 str_tmp += buf_pos; 1395 } else if (last == first + 1) { 1396 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2); 1397 str_tmp += buf_pos; 1398 } else { 1399 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2); 1400 str_tmp += buf_pos; 1401 } 1402 } 1403 } 1404 1405 return str_tmp - out; 1406 } 1407 1408 #ifdef DISABLE_SYMVER 1409 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) 1410 #else 1411 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1412 #endif 1413 { 1414 size_t str_len = 0; 1415 int buf_pos = 0; 1416 char *str_tmp = NULL; 1417 struct cil_list_item *curr; 1418 1419 if (db->selinuxusers->head == NULL) { 1420 *size = 0; 1421 *out = NULL; 1422 return SEPOL_OK; 1423 } 1424 1425 cil_list_for_each(curr, db->selinuxusers) { 1426 struct cil_selinuxuser *selinuxuser = curr->data; 1427 struct cil_user *user = selinuxuser->user; 1428 1429 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1; 1430 1431 if (db->mls == CIL_TRUE) { 1432 struct cil_levelrange *range = selinuxuser->range; 1433 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1434 } 1435 1436 str_len++; 1437 } 1438 1439 *size = str_len * sizeof(char); 1440 str_tmp = cil_malloc(*size+1); 1441 *out = str_tmp; 1442 1443 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) { 1444 struct cil_selinuxuser *selinuxuser = curr->data; 1445 struct cil_user *user = selinuxuser->user; 1446 1447 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn); 1448 str_tmp += buf_pos; 1449 1450 if (db->mls == CIL_TRUE) { 1451 struct cil_levelrange *range = selinuxuser->range; 1452 buf_pos = sprintf(str_tmp, ":"); 1453 str_tmp += buf_pos; 1454 buf_pos = __cil_level_to_string(range->low, str_tmp); 1455 str_tmp += buf_pos; 1456 buf_pos = sprintf(str_tmp, "-"); 1457 str_tmp += buf_pos; 1458 buf_pos = __cil_level_to_string(range->high, str_tmp); 1459 str_tmp += buf_pos; 1460 } 1461 1462 buf_pos = sprintf(str_tmp, "\n"); 1463 str_tmp += buf_pos; 1464 } 1465 1466 return SEPOL_OK; 1467 } 1468 1469 #ifndef DISABLE_SYMVER 1470 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1471 { 1472 return cil_selinuxusers_to_string_nopdb(db, out, size); 1473 } 1474 #endif 1475 1476 #ifdef DISABLE_SYMVER 1477 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) 1478 #else 1479 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1480 #endif 1481 { 1482 uint32_t i = 0; 1483 int buf_pos = 0; 1484 size_t str_len = 0; 1485 char *str_tmp = NULL; 1486 struct cil_sort *filecons = db->filecon; 1487 1488 for (i = 0; i < filecons->count; i++) { 1489 struct cil_filecon *filecon = filecons->array[i]; 1490 struct cil_context *ctx = filecon->context; 1491 1492 str_len += strlen(filecon->path_str); 1493 1494 if (filecon->type != CIL_FILECON_ANY) { 1495 /* If a type is specified, 1496 +2 for type string, +1 for tab */ 1497 str_len += 3; 1498 } 1499 1500 if (ctx != NULL) { 1501 struct cil_user *user = ctx->user; 1502 struct cil_role *role = ctx->role; 1503 struct cil_type *type = ctx->type; 1504 1505 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3); 1506 1507 if (db->mls == CIL_TRUE) { 1508 struct cil_levelrange *range = ctx->range; 1509 if (cil_level_equals(range->low, range->high)) { 1510 str_len += __cil_level_strlen(range->low) + 1; 1511 } else { 1512 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1513 } 1514 } 1515 } else { 1516 str_len += strlen("\t<<none>>"); 1517 } 1518 1519 str_len++; 1520 } 1521 1522 *size = str_len * sizeof(char); 1523 str_tmp = cil_malloc(*size+1); 1524 *out = str_tmp; 1525 1526 for (i = 0; i < filecons->count; i++) { 1527 struct cil_filecon *filecon = filecons->array[i]; 1528 struct cil_context *ctx = filecon->context; 1529 const char *str_type = NULL; 1530 1531 buf_pos = sprintf(str_tmp, "%s", filecon->path_str); 1532 str_tmp += buf_pos; 1533 1534 switch(filecon->type) { 1535 case CIL_FILECON_FILE: 1536 str_type = "\t--"; 1537 break; 1538 case CIL_FILECON_DIR: 1539 str_type = "\t-d"; 1540 break; 1541 case CIL_FILECON_CHAR: 1542 str_type = "\t-c"; 1543 break; 1544 case CIL_FILECON_BLOCK: 1545 str_type = "\t-b"; 1546 break; 1547 case CIL_FILECON_SOCKET: 1548 str_type = "\t-s"; 1549 break; 1550 case CIL_FILECON_PIPE: 1551 str_type = "\t-p"; 1552 break; 1553 case CIL_FILECON_SYMLINK: 1554 str_type = "\t-l"; 1555 break; 1556 default: 1557 str_type = ""; 1558 break; 1559 } 1560 buf_pos = sprintf(str_tmp, "%s", str_type); 1561 str_tmp += buf_pos; 1562 1563 if (ctx != NULL) { 1564 struct cil_user *user = ctx->user; 1565 struct cil_role *role = ctx->role; 1566 struct cil_type *type = ctx->type; 1567 1568 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn, 1569 type->datum.fqn); 1570 str_tmp += buf_pos; 1571 1572 if (db->mls == CIL_TRUE) { 1573 struct cil_levelrange *range = ctx->range; 1574 buf_pos = sprintf(str_tmp, ":"); 1575 str_tmp += buf_pos; 1576 buf_pos = __cil_level_to_string(range->low, str_tmp); 1577 str_tmp += buf_pos; 1578 1579 if (!cil_level_equals(range->low, range->high)) { 1580 buf_pos = sprintf(str_tmp, "-"); 1581 str_tmp += buf_pos; 1582 buf_pos = __cil_level_to_string(range->high, str_tmp); 1583 str_tmp += buf_pos; 1584 } 1585 } 1586 } else { 1587 buf_pos = sprintf(str_tmp, "\t<<none>>"); 1588 str_tmp += buf_pos; 1589 } 1590 1591 buf_pos = sprintf(str_tmp, "\n"); 1592 str_tmp += buf_pos; 1593 } 1594 1595 return SEPOL_OK; 1596 } 1597 1598 #ifndef DISABLE_SYMVER 1599 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1600 { 1601 return cil_filecons_to_string_nopdb(db, out, size); 1602 } 1603 #endif 1604 1605 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit) 1606 { 1607 db->disable_dontaudit = disable_dontaudit; 1608 } 1609 1610 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow) 1611 { 1612 db->disable_neverallow = disable_neverallow; 1613 } 1614 1615 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables) 1616 { 1617 db->preserve_tunables = preserve_tunables; 1618 } 1619 1620 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown) 1621 { 1622 int rc = 0; 1623 1624 switch (handle_unknown) { 1625 case SEPOL_DENY_UNKNOWN: 1626 case SEPOL_REJECT_UNKNOWN: 1627 case SEPOL_ALLOW_UNKNOWN: 1628 db->handle_unknown = handle_unknown; 1629 break; 1630 default: 1631 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown); 1632 rc = -1; 1633 } 1634 1635 return rc; 1636 } 1637 1638 void cil_set_mls(struct cil_db *db, int mls) 1639 { 1640 db->mls = mls; 1641 } 1642 1643 void cil_set_target_platform(struct cil_db *db, int target_platform) 1644 { 1645 db->target_platform = target_platform; 1646 } 1647 1648 void cil_set_policy_version(struct cil_db *db, int policy_version) 1649 { 1650 db->policy_version = policy_version; 1651 } 1652 1653 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM]) 1654 { 1655 uint32_t i = 0; 1656 for (i = 0; i < CIL_SYM_NUM; i++) { 1657 cil_symtab_init(&symtab[i], symtab_sizes[i]); 1658 } 1659 } 1660 1661 void cil_symtab_array_destroy(symtab_t symtab[]) 1662 { 1663 int i = 0; 1664 for (i = 0; i < CIL_SYM_NUM; i++) { 1665 cil_symtab_destroy(&symtab[i]); 1666 } 1667 } 1668 1669 void cil_destroy_ast_symtabs(struct cil_tree_node *current) 1670 { 1671 while (current) { 1672 switch (current->flavor) { 1673 case CIL_BLOCK: 1674 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab); 1675 break; 1676 case CIL_IN: 1677 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab); 1678 break; 1679 case CIL_CLASS: 1680 case CIL_COMMON: 1681 case CIL_MAP_CLASS: 1682 cil_symtab_destroy(&((struct cil_class*)current->data)->perms); 1683 break; 1684 case CIL_MACRO: 1685 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab); 1686 break; 1687 case CIL_CONDBLOCK: 1688 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab); 1689 break; 1690 default: 1691 break; 1692 } 1693 1694 if (current->cl_head) { 1695 cil_destroy_ast_symtabs(current->cl_head); 1696 } 1697 1698 current = current->next; 1699 } 1700 } 1701 1702 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index) 1703 { 1704 struct cil_tree_node *node = ast_node; 1705 *symtab = NULL; 1706 1707 if (sym_index == CIL_SYM_PERMS) { 1708 /* Class statements are not blocks, so the passed node should be the class */ 1709 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS || 1710 node->flavor == CIL_COMMON) { 1711 *symtab = &((struct cil_class*)node->data)->perms; 1712 return SEPOL_OK; 1713 } 1714 goto exit; 1715 } 1716 1717 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) { 1718 cil_log(CIL_ERR, "Invalid symtab type\n"); 1719 goto exit; 1720 } 1721 1722 while (node != NULL && *symtab == NULL) { 1723 switch (node->flavor) { 1724 case CIL_ROOT: 1725 *symtab = &((struct cil_root *)node->data)->symtab[sym_index]; 1726 break; 1727 case CIL_BLOCK: 1728 *symtab = &((struct cil_block*)node->data)->symtab[sym_index]; 1729 break; 1730 case CIL_MACRO: 1731 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index]; 1732 break; 1733 case CIL_IN: 1734 /* In blocks only exist before resolving the AST */ 1735 *symtab = &((struct cil_in*)node->data)->symtab[sym_index]; 1736 break; 1737 case CIL_CONDBLOCK: { 1738 if (node->parent->flavor == CIL_TUNABLEIF) { 1739 /* Cond blocks only exist before resolving the AST */ 1740 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index]; 1741 } else if (node->parent->flavor == CIL_BOOLEANIF) { 1742 node = node->parent->parent; 1743 } 1744 break; 1745 } 1746 default: 1747 node = node->parent; 1748 } 1749 } 1750 1751 if (*symtab == NULL) { 1752 goto exit; 1753 } 1754 1755 return SEPOL_OK; 1756 1757 exit: 1758 cil_log(CIL_ERR, "Failed to get symtab from node at line %d of %s\n", 1759 ast_node->line, ast_node->path); 1760 return SEPOL_ERR; 1761 } 1762 1763 void cil_sort_init(struct cil_sort **sort) 1764 { 1765 *sort = cil_malloc(sizeof(**sort)); 1766 1767 (*sort)->flavor = CIL_NONE; 1768 (*sort)->count = 0; 1769 (*sort)->index = 0; 1770 (*sort)->array = NULL; 1771 } 1772 1773 void cil_sort_destroy(struct cil_sort **sort) 1774 { 1775 (*sort)->flavor = CIL_NONE; 1776 (*sort)->count = 0; 1777 (*sort)->index = 0; 1778 if ((*sort)->array != NULL) { 1779 free((*sort)->array); 1780 } 1781 (*sort)->array = NULL; 1782 1783 free(*sort); 1784 *sort = NULL; 1785 } 1786 1787 void cil_netifcon_init(struct cil_netifcon **netifcon) 1788 { 1789 *netifcon = cil_malloc(sizeof(**netifcon)); 1790 1791 (*netifcon)->interface_str = NULL; 1792 (*netifcon)->if_context_str = NULL; 1793 (*netifcon)->if_context = NULL; 1794 (*netifcon)->packet_context_str = NULL; 1795 (*netifcon)->packet_context = NULL; 1796 (*netifcon)->context_str = NULL; 1797 } 1798 1799 void cil_context_init(struct cil_context **context) 1800 { 1801 *context = cil_malloc(sizeof(**context)); 1802 1803 cil_symtab_datum_init(&(*context)->datum); 1804 (*context)->user_str = NULL; 1805 (*context)->user = NULL; 1806 (*context)->role_str = NULL; 1807 (*context)->role = NULL; 1808 (*context)->type_str = NULL; 1809 (*context)->type = NULL; 1810 (*context)->range_str = NULL; 1811 (*context)->range = NULL; 1812 } 1813 1814 void cil_level_init(struct cil_level **level) 1815 { 1816 *level = cil_malloc(sizeof(**level)); 1817 1818 cil_symtab_datum_init(&(*level)->datum); 1819 (*level)->sens_str = NULL; 1820 (*level)->sens = NULL; 1821 (*level)->cats = NULL; 1822 } 1823 1824 void cil_levelrange_init(struct cil_levelrange **range) 1825 { 1826 *range = cil_malloc(sizeof(**range)); 1827 1828 cil_symtab_datum_init(&(*range)->datum); 1829 (*range)->low_str = NULL; 1830 (*range)->low = NULL; 1831 (*range)->high_str = NULL; 1832 (*range)->high = NULL; 1833 } 1834 1835 void cil_sens_init(struct cil_sens **sens) 1836 { 1837 *sens = cil_malloc(sizeof(**sens)); 1838 1839 cil_symtab_datum_init(&(*sens)->datum); 1840 1841 (*sens)->cats_list = NULL; 1842 1843 (*sens)->ordered = CIL_FALSE; 1844 } 1845 1846 void cil_block_init(struct cil_block **block) 1847 { 1848 *block = cil_malloc(sizeof(**block)); 1849 1850 cil_symtab_datum_init(&(*block)->datum); 1851 1852 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]); 1853 1854 (*block)->is_abstract = CIL_FALSE; 1855 1856 (*block)->bi_nodes = NULL; 1857 } 1858 1859 void cil_blockinherit_init(struct cil_blockinherit **inherit) 1860 { 1861 *inherit = cil_malloc(sizeof(**inherit)); 1862 (*inherit)->block_str = NULL; 1863 (*inherit)->block = NULL; 1864 } 1865 1866 void cil_blockabstract_init(struct cil_blockabstract **abstract) 1867 { 1868 *abstract = cil_malloc(sizeof(**abstract)); 1869 (*abstract)->block_str = NULL; 1870 } 1871 1872 void cil_in_init(struct cil_in **in) 1873 { 1874 *in = cil_malloc(sizeof(**in)); 1875 1876 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]); 1877 (*in)->block_str = NULL; 1878 } 1879 1880 void cil_class_init(struct cil_class **class) 1881 { 1882 *class = cil_malloc(sizeof(**class)); 1883 1884 cil_symtab_datum_init(&(*class)->datum); 1885 1886 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE); 1887 1888 (*class)->num_perms = 0; 1889 (*class)->common = NULL; 1890 (*class)->ordered = CIL_FALSE; 1891 } 1892 1893 void cil_classorder_init(struct cil_classorder **classorder) 1894 { 1895 *classorder = cil_malloc(sizeof(**classorder)); 1896 1897 (*classorder)->class_list_str = NULL; 1898 } 1899 1900 void cil_classcommon_init(struct cil_classcommon **classcommon) 1901 { 1902 *classcommon = cil_malloc(sizeof(**classcommon)); 1903 1904 (*classcommon)->class_str = NULL; 1905 (*classcommon)->common_str = NULL; 1906 } 1907 1908 void cil_sid_init(struct cil_sid **sid) 1909 { 1910 *sid = cil_malloc(sizeof(**sid)); 1911 1912 cil_symtab_datum_init(&(*sid)->datum); 1913 1914 (*sid)->ordered = CIL_FALSE; 1915 (*sid)->context = NULL; 1916 } 1917 1918 void cil_sidcontext_init(struct cil_sidcontext **sidcontext) 1919 { 1920 *sidcontext = cil_malloc(sizeof(**sidcontext)); 1921 1922 (*sidcontext)->sid_str = NULL; 1923 (*sidcontext)->context_str = NULL; 1924 (*sidcontext)->context = NULL; 1925 } 1926 1927 void cil_sidorder_init(struct cil_sidorder **sidorder) 1928 { 1929 *sidorder = cil_malloc(sizeof(**sidorder)); 1930 1931 (*sidorder)->sid_list_str = NULL; 1932 } 1933 1934 void cil_userrole_init(struct cil_userrole **userrole) 1935 { 1936 *userrole = cil_malloc(sizeof(**userrole)); 1937 1938 (*userrole)->user_str = NULL; 1939 (*userrole)->user = NULL; 1940 (*userrole)->role_str = NULL; 1941 (*userrole)->role = NULL; 1942 } 1943 1944 void cil_userprefix_init(struct cil_userprefix **userprefix) 1945 { 1946 *userprefix = cil_malloc(sizeof(**userprefix)); 1947 1948 (*userprefix)->user_str = NULL; 1949 (*userprefix)->user = NULL; 1950 (*userprefix)->prefix_str = NULL; 1951 } 1952 1953 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser) 1954 { 1955 *selinuxuser = cil_malloc(sizeof(**selinuxuser)); 1956 1957 (*selinuxuser)->name_str = NULL; 1958 (*selinuxuser)->user_str = NULL; 1959 (*selinuxuser)->user = NULL; 1960 (*selinuxuser)->range_str = NULL; 1961 (*selinuxuser)->range = NULL; 1962 } 1963 1964 void cil_roletype_init(struct cil_roletype **roletype) 1965 { 1966 *roletype = cil_malloc(sizeof(**roletype)); 1967 1968 (*roletype)->role_str = NULL; 1969 (*roletype)->role = NULL; 1970 (*roletype)->type_str = NULL; 1971 (*roletype)->type = NULL; 1972 } 1973 1974 void cil_roleattribute_init(struct cil_roleattribute **attr) 1975 { 1976 *attr = cil_malloc(sizeof(**attr)); 1977 1978 cil_symtab_datum_init(&(*attr)->datum); 1979 1980 (*attr)->expr_list = NULL; 1981 (*attr)->roles = NULL; 1982 } 1983 1984 void cil_roleattributeset_init(struct cil_roleattributeset **attrset) 1985 { 1986 *attrset = cil_malloc(sizeof(**attrset)); 1987 1988 (*attrset)->attr_str = NULL; 1989 (*attrset)->str_expr = NULL; 1990 (*attrset)->datum_expr = NULL; 1991 } 1992 1993 void cil_typeattribute_init(struct cil_typeattribute **attr) 1994 { 1995 *attr = cil_malloc(sizeof(**attr)); 1996 1997 cil_symtab_datum_init(&(*attr)->datum); 1998 1999 (*attr)->expr_list = NULL; 2000 (*attr)->types = NULL; 2001 (*attr)->used = CIL_FALSE; 2002 } 2003 2004 void cil_typeattributeset_init(struct cil_typeattributeset **attrset) 2005 { 2006 *attrset = cil_malloc(sizeof(**attrset)); 2007 2008 (*attrset)->attr_str = NULL; 2009 (*attrset)->str_expr = NULL; 2010 (*attrset)->datum_expr = NULL; 2011 } 2012 2013 void cil_alias_init(struct cil_alias **alias) 2014 { 2015 *alias = cil_malloc(sizeof(**alias)); 2016 2017 (*alias)->actual = NULL; 2018 2019 cil_symtab_datum_init(&(*alias)->datum); 2020 } 2021 2022 void cil_aliasactual_init(struct cil_aliasactual **aliasactual) 2023 { 2024 *aliasactual = cil_malloc(sizeof(**aliasactual)); 2025 2026 (*aliasactual)->alias_str = NULL; 2027 (*aliasactual)->actual_str = NULL; 2028 } 2029 2030 void cil_typepermissive_init(struct cil_typepermissive **typeperm) 2031 { 2032 *typeperm = cil_malloc(sizeof(**typeperm)); 2033 2034 (*typeperm)->type_str = NULL; 2035 (*typeperm)->type = NULL; 2036 } 2037 2038 void cil_name_init(struct cil_name **name) 2039 { 2040 *name = cil_malloc(sizeof(**name)); 2041 2042 cil_symtab_datum_init(&(*name)->datum); 2043 (*name)->name_str = NULL; 2044 } 2045 2046 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans) 2047 { 2048 *nametypetrans = cil_malloc(sizeof(**nametypetrans)); 2049 2050 (*nametypetrans)->src_str = NULL; 2051 (*nametypetrans)->src = NULL; 2052 (*nametypetrans)->tgt_str = NULL; 2053 (*nametypetrans)->tgt = NULL; 2054 (*nametypetrans)->obj_str = NULL; 2055 (*nametypetrans)->obj = NULL; 2056 (*nametypetrans)->name_str = NULL; 2057 (*nametypetrans)->name = NULL; 2058 (*nametypetrans)->result_str = NULL; 2059 (*nametypetrans)->result = NULL; 2060 } 2061 2062 void cil_rangetransition_init(struct cil_rangetransition **rangetrans) 2063 { 2064 *rangetrans = cil_malloc(sizeof(**rangetrans)); 2065 2066 (*rangetrans)->src_str = NULL; 2067 (*rangetrans)->src = NULL; 2068 (*rangetrans)->exec_str = NULL; 2069 (*rangetrans)->exec = NULL; 2070 (*rangetrans)->obj_str = NULL; 2071 (*rangetrans)->obj = NULL; 2072 (*rangetrans)->range_str = NULL; 2073 (*rangetrans)->range = NULL; 2074 } 2075 2076 void cil_bool_init(struct cil_bool **cilbool) 2077 { 2078 *cilbool = cil_malloc(sizeof(**cilbool)); 2079 2080 cil_symtab_datum_init(&(*cilbool)->datum); 2081 (*cilbool)->value = 0; 2082 } 2083 2084 void cil_tunable_init(struct cil_tunable **ciltun) 2085 { 2086 *ciltun = cil_malloc(sizeof(**ciltun)); 2087 2088 cil_symtab_datum_init(&(*ciltun)->datum); 2089 (*ciltun)->value = 0; 2090 } 2091 2092 void cil_condblock_init(struct cil_condblock **cb) 2093 { 2094 *cb = cil_malloc(sizeof(**cb)); 2095 2096 (*cb)->flavor = CIL_NONE; 2097 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]); 2098 } 2099 2100 void cil_boolif_init(struct cil_booleanif **bif) 2101 { 2102 *bif = cil_malloc(sizeof(**bif)); 2103 2104 (*bif)->str_expr = NULL; 2105 (*bif)->datum_expr = NULL; 2106 } 2107 2108 void cil_tunif_init(struct cil_tunableif **tif) 2109 { 2110 *tif = cil_malloc(sizeof(**tif)); 2111 2112 (*tif)->str_expr = NULL; 2113 (*tif)->datum_expr = NULL; 2114 } 2115 2116 void cil_avrule_init(struct cil_avrule **avrule) 2117 { 2118 *avrule = cil_malloc(sizeof(**avrule)); 2119 2120 (*avrule)->is_extended = 0; 2121 (*avrule)->rule_kind = CIL_NONE; 2122 (*avrule)->src_str = NULL; 2123 (*avrule)->src = NULL; 2124 (*avrule)->tgt_str = NULL; 2125 (*avrule)->tgt = NULL; 2126 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms)); 2127 } 2128 2129 void cil_permissionx_init(struct cil_permissionx **permx) 2130 { 2131 *permx = cil_malloc(sizeof(**permx)); 2132 2133 cil_symtab_datum_init(&(*permx)->datum); 2134 (*permx)->kind = CIL_NONE; 2135 (*permx)->obj_str = NULL; 2136 (*permx)->obj = NULL; 2137 (*permx)->expr_str = NULL; 2138 (*permx)->perms = NULL; 2139 } 2140 2141 void cil_type_rule_init(struct cil_type_rule **type_rule) 2142 { 2143 *type_rule = cil_malloc(sizeof(**type_rule)); 2144 2145 (*type_rule)->rule_kind = CIL_NONE; 2146 (*type_rule)->src_str = NULL; 2147 (*type_rule)->src = NULL; 2148 (*type_rule)->tgt_str = NULL; 2149 (*type_rule)->tgt = NULL; 2150 (*type_rule)->obj_str = NULL; 2151 (*type_rule)->obj = NULL; 2152 (*type_rule)->result_str = NULL; 2153 (*type_rule)->result = NULL; 2154 } 2155 2156 void cil_roletransition_init(struct cil_roletransition **role_trans) 2157 { 2158 *role_trans = cil_malloc(sizeof(**role_trans)); 2159 2160 (*role_trans)->src_str = NULL; 2161 (*role_trans)->src = NULL; 2162 (*role_trans)->tgt_str = NULL; 2163 (*role_trans)->tgt = NULL; 2164 (*role_trans)->obj_str = NULL; 2165 (*role_trans)->obj = NULL; 2166 (*role_trans)->result_str = NULL; 2167 (*role_trans)->result = NULL; 2168 } 2169 2170 void cil_roleallow_init(struct cil_roleallow **roleallow) 2171 { 2172 *roleallow = cil_malloc(sizeof(**roleallow)); 2173 2174 (*roleallow)->src_str = NULL; 2175 (*roleallow)->src = NULL; 2176 (*roleallow)->tgt_str = NULL; 2177 (*roleallow)->tgt = NULL; 2178 } 2179 2180 void cil_catset_init(struct cil_catset **catset) 2181 { 2182 *catset = cil_malloc(sizeof(**catset)); 2183 2184 cil_symtab_datum_init(&(*catset)->datum); 2185 (*catset)->cats = NULL; 2186 } 2187 2188 void cil_senscat_init(struct cil_senscat **senscat) 2189 { 2190 *senscat = cil_malloc(sizeof(**senscat)); 2191 2192 (*senscat)->sens_str = NULL; 2193 (*senscat)->cats = NULL; 2194 } 2195 2196 void cil_cats_init(struct cil_cats **cats) 2197 { 2198 *cats = cil_malloc(sizeof(**cats)); 2199 2200 (*cats)->evaluated = CIL_FALSE; 2201 (*cats)->str_expr = NULL; 2202 (*cats)->datum_expr = NULL; 2203 } 2204 2205 void cil_filecon_init(struct cil_filecon **filecon) 2206 { 2207 *filecon = cil_malloc(sizeof(**filecon)); 2208 2209 (*filecon)->path_str = NULL; 2210 (*filecon)->type = 0; 2211 (*filecon)->context_str = NULL; 2212 (*filecon)->context = NULL; 2213 } 2214 2215 void cil_portcon_init(struct cil_portcon **portcon) 2216 { 2217 *portcon = cil_malloc(sizeof(**portcon)); 2218 (*portcon)->proto = 0; 2219 (*portcon)->port_low = 0; 2220 (*portcon)->port_high = 0; 2221 (*portcon)->context_str = NULL; 2222 (*portcon)->context = NULL; 2223 } 2224 2225 void cil_nodecon_init(struct cil_nodecon **nodecon) 2226 { 2227 *nodecon = cil_malloc(sizeof(**nodecon)); 2228 2229 (*nodecon)->addr_str = NULL; 2230 (*nodecon)->addr = NULL; 2231 (*nodecon)->mask_str = NULL; 2232 (*nodecon)->mask = NULL; 2233 (*nodecon)->context_str = NULL; 2234 (*nodecon)->context = NULL; 2235 } 2236 2237 void cil_genfscon_init(struct cil_genfscon **genfscon) 2238 { 2239 *genfscon = cil_malloc(sizeof(**genfscon)); 2240 2241 (*genfscon)->fs_str = NULL; 2242 (*genfscon)->path_str = NULL; 2243 (*genfscon)->context_str = NULL; 2244 (*genfscon)->context = NULL; 2245 } 2246 2247 void cil_pirqcon_init(struct cil_pirqcon **pirqcon) 2248 { 2249 *pirqcon = cil_malloc(sizeof(**pirqcon)); 2250 2251 (*pirqcon)->pirq = 0; 2252 (*pirqcon)->context_str = NULL; 2253 (*pirqcon)->context = NULL; 2254 } 2255 2256 void cil_iomemcon_init(struct cil_iomemcon **iomemcon) 2257 { 2258 *iomemcon = cil_malloc(sizeof(**iomemcon)); 2259 2260 (*iomemcon)->iomem_low = 0; 2261 (*iomemcon)->iomem_high = 0; 2262 (*iomemcon)->context_str = NULL; 2263 (*iomemcon)->context = NULL; 2264 } 2265 2266 void cil_ioportcon_init(struct cil_ioportcon **ioportcon) 2267 { 2268 *ioportcon = cil_malloc(sizeof(**ioportcon)); 2269 2270 (*ioportcon)->context_str = NULL; 2271 (*ioportcon)->context = NULL; 2272 } 2273 2274 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon) 2275 { 2276 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon)); 2277 2278 (*pcidevicecon)->dev = 0; 2279 (*pcidevicecon)->context_str = NULL; 2280 (*pcidevicecon)->context = NULL; 2281 } 2282 2283 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon) 2284 { 2285 *dtcon = cil_malloc(sizeof(**dtcon)); 2286 2287 (*dtcon)->path = NULL; 2288 (*dtcon)->context_str = NULL; 2289 (*dtcon)->context = NULL; 2290 } 2291 2292 void cil_fsuse_init(struct cil_fsuse **fsuse) 2293 { 2294 *fsuse = cil_malloc(sizeof(**fsuse)); 2295 2296 (*fsuse)->type = 0; 2297 (*fsuse)->fs_str = NULL; 2298 (*fsuse)->context_str = NULL; 2299 (*fsuse)->context = NULL; 2300 } 2301 2302 void cil_constrain_init(struct cil_constrain **constrain) 2303 { 2304 *constrain = cil_malloc(sizeof(**constrain)); 2305 2306 (*constrain)->classperms = NULL; 2307 (*constrain)->str_expr = NULL; 2308 (*constrain)->datum_expr = NULL; 2309 } 2310 2311 void cil_validatetrans_init(struct cil_validatetrans **validtrans) 2312 { 2313 *validtrans = cil_malloc(sizeof(**validtrans)); 2314 2315 (*validtrans)->class_str = NULL; 2316 (*validtrans)->class = NULL; 2317 (*validtrans)->str_expr = NULL; 2318 (*validtrans)->datum_expr = NULL; 2319 } 2320 2321 void cil_ipaddr_init(struct cil_ipaddr **ipaddr) 2322 { 2323 *ipaddr = cil_malloc(sizeof(**ipaddr)); 2324 2325 cil_symtab_datum_init(&(*ipaddr)->datum); 2326 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip)); 2327 } 2328 2329 void cil_perm_init(struct cil_perm **perm) 2330 { 2331 *perm = cil_malloc(sizeof(**perm)); 2332 2333 cil_symtab_datum_init(&(*perm)->datum); 2334 (*perm)->value = 0; 2335 (*perm)->classperms = NULL; 2336 } 2337 2338 void cil_classpermission_init(struct cil_classpermission **cp) 2339 { 2340 *cp = cil_malloc(sizeof(**cp)); 2341 2342 cil_symtab_datum_init(&(*cp)->datum); 2343 (*cp)->classperms = NULL; 2344 } 2345 2346 void cil_classpermissionset_init(struct cil_classpermissionset **cps) 2347 { 2348 *cps = cil_malloc(sizeof(**cps)); 2349 2350 (*cps)->set_str = NULL; 2351 (*cps)->classperms = NULL; 2352 } 2353 2354 void cil_classperms_set_init(struct cil_classperms_set **cp_set) 2355 { 2356 *cp_set = cil_malloc(sizeof(**cp_set)); 2357 (*cp_set)->set_str = NULL; 2358 (*cp_set)->set = NULL; 2359 } 2360 2361 void cil_classperms_init(struct cil_classperms **cp) 2362 { 2363 *cp = cil_malloc(sizeof(**cp)); 2364 (*cp)->class_str = NULL; 2365 (*cp)->class = NULL; 2366 (*cp)->perm_strs = NULL; 2367 (*cp)->perms = NULL; 2368 } 2369 2370 void cil_classmapping_init(struct cil_classmapping **mapping) 2371 { 2372 *mapping = cil_malloc(sizeof(**mapping)); 2373 2374 (*mapping)->map_class_str = NULL; 2375 (*mapping)->map_perm_str = NULL; 2376 (*mapping)->classperms = NULL; 2377 } 2378 2379 void cil_user_init(struct cil_user **user) 2380 { 2381 *user = cil_malloc(sizeof(**user)); 2382 2383 cil_symtab_datum_init(&(*user)->datum); 2384 (*user)->bounds = NULL; 2385 (*user)->roles = NULL; 2386 (*user)->dftlevel = NULL; 2387 (*user)->range = NULL; 2388 (*user)->value = 0; 2389 } 2390 2391 void cil_userattribute_init(struct cil_userattribute **attr) 2392 { 2393 *attr = cil_malloc(sizeof(**attr)); 2394 2395 cil_symtab_datum_init(&(*attr)->datum); 2396 2397 (*attr)->expr_list = NULL; 2398 (*attr)->users = NULL; 2399 } 2400 2401 void cil_userattributeset_init(struct cil_userattributeset **attrset) 2402 { 2403 *attrset = cil_malloc(sizeof(**attrset)); 2404 2405 (*attrset)->attr_str = NULL; 2406 (*attrset)->str_expr = NULL; 2407 (*attrset)->datum_expr = NULL; 2408 } 2409 2410 void cil_userlevel_init(struct cil_userlevel **usrlvl) 2411 { 2412 *usrlvl = cil_malloc(sizeof(**usrlvl)); 2413 2414 (*usrlvl)->user_str = NULL; 2415 (*usrlvl)->level_str = NULL; 2416 (*usrlvl)->level = NULL; 2417 } 2418 2419 void cil_userrange_init(struct cil_userrange **userrange) 2420 { 2421 *userrange = cil_malloc(sizeof(**userrange)); 2422 2423 (*userrange)->user_str = NULL; 2424 (*userrange)->range_str = NULL; 2425 (*userrange)->range = NULL; 2426 } 2427 2428 void cil_role_init(struct cil_role **role) 2429 { 2430 *role = cil_malloc(sizeof(**role)); 2431 2432 cil_symtab_datum_init(&(*role)->datum); 2433 (*role)->bounds = NULL; 2434 (*role)->types = NULL; 2435 (*role)->value = 0; 2436 } 2437 2438 void cil_type_init(struct cil_type **type) 2439 { 2440 *type = cil_malloc(sizeof(**type)); 2441 2442 cil_symtab_datum_init(&(*type)->datum); 2443 (*type)->bounds = NULL; 2444 (*type)->value = 0; 2445 } 2446 2447 void cil_cat_init(struct cil_cat **cat) 2448 { 2449 *cat = cil_malloc(sizeof(**cat)); 2450 2451 cil_symtab_datum_init(&(*cat)->datum); 2452 (*cat)->ordered = CIL_FALSE; 2453 (*cat)->value = 0; 2454 } 2455 2456 void cil_catorder_init(struct cil_catorder **catorder) 2457 { 2458 *catorder = cil_malloc(sizeof(**catorder)); 2459 2460 (*catorder)->cat_list_str = NULL; 2461 } 2462 2463 void cil_sensorder_init(struct cil_sensorder **sensorder) 2464 { 2465 *sensorder = cil_malloc(sizeof(**sensorder)); 2466 2467 (*sensorder)->sens_list_str = NULL; 2468 } 2469 2470 void cil_args_init(struct cil_args **args) 2471 { 2472 *args = cil_malloc(sizeof(**args)); 2473 (*args)->arg_str = NULL; 2474 (*args)->arg = NULL; 2475 (*args)->param_str = NULL; 2476 (*args)->flavor = CIL_NONE; 2477 } 2478 2479 void cil_call_init(struct cil_call **call) 2480 { 2481 *call = cil_malloc(sizeof(**call)); 2482 2483 (*call)->macro_str = NULL; 2484 (*call)->macro = NULL; 2485 (*call)->args_tree = NULL; 2486 (*call)->args = NULL; 2487 (*call)->copied = 0; 2488 } 2489 2490 void cil_optional_init(struct cil_optional **optional) 2491 { 2492 *optional = cil_malloc(sizeof(**optional)); 2493 (*optional)->enabled = CIL_TRUE; 2494 cil_symtab_datum_init(&(*optional)->datum); 2495 } 2496 2497 void cil_param_init(struct cil_param **param) 2498 { 2499 *param = cil_malloc(sizeof(**param)); 2500 2501 (*param)->str = NULL; 2502 (*param)->flavor = CIL_NONE; 2503 } 2504 2505 void cil_macro_init(struct cil_macro **macro) 2506 { 2507 *macro = cil_malloc(sizeof(**macro)); 2508 2509 cil_symtab_datum_init(&(*macro)->datum); 2510 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]); 2511 (*macro)->params = NULL; 2512 } 2513 2514 void cil_policycap_init(struct cil_policycap **policycap) 2515 { 2516 *policycap = cil_malloc(sizeof(**policycap)); 2517 2518 cil_symtab_datum_init(&(*policycap)->datum); 2519 } 2520 2521 void cil_bounds_init(struct cil_bounds **bounds) 2522 { 2523 *bounds = cil_malloc(sizeof(**bounds)); 2524 2525 (*bounds)->parent_str = NULL; 2526 (*bounds)->child_str = NULL; 2527 } 2528 2529 void cil_default_init(struct cil_default **def) 2530 { 2531 *def = cil_malloc(sizeof(**def)); 2532 2533 (*def)->flavor = CIL_NONE; 2534 (*def)->class_strs = NULL; 2535 (*def)->class_datums = NULL; 2536 } 2537 2538 void cil_defaultrange_init(struct cil_defaultrange **def) 2539 { 2540 *def = cil_malloc(sizeof(**def)); 2541 2542 (*def)->class_strs = NULL; 2543 (*def)->class_datums = NULL; 2544 } 2545 2546 void cil_handleunknown_init(struct cil_handleunknown **unk) 2547 { 2548 *unk = cil_malloc(sizeof(**unk)); 2549 } 2550 2551 void cil_mls_init(struct cil_mls **mls) 2552 { 2553 *mls = cil_malloc(sizeof(**mls)); 2554 (*mls)->value = 0; 2555 } 2556
