1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 33 #include <sepol/policydb/policydb.h> 34 #include <sepol/policydb/symtab.h> 35 36 #include "cil_internal.h" 37 #include "cil_flavor.h" 38 #include "cil_log.h" 39 #include "cil_mem.h" 40 #include "cil_tree.h" 41 #include "cil_list.h" 42 #include "cil_symtab.h" 43 #include "cil_build_ast.h" 44 45 #include "cil_parser.h" 46 #include "cil_build_ast.h" 47 #include "cil_resolve_ast.h" 48 #include "cil_fqn.h" 49 #include "cil_post.h" 50 #include "cil_binary.h" 51 #include "cil_policy.h" 52 #include "cil_strpool.h" 53 #include "dso.h" 54 55 #ifndef DISABLE_SYMVER 56 asm(".symver cil_build_policydb_pdb, cil_build_policydb (at) LIBSEPOL_1.0"); 57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); 58 59 asm(".symver cil_compile_pdb, cil_compile (at) LIBSEPOL_1.0"); 60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1"); 61 62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string (at) LIBSEPOL_1.0"); 63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1"); 64 65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string (at) LIBSEPOL_1.0"); 66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1"); 67 68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string (at) LIBSEPOL_1.0"); 69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1"); 70 #endif 71 72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { 73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} 78 }; 79 80 static void cil_init_keys(void) 81 { 82 /* Initialize CIL Keys into strpool */ 83 CIL_KEY_CONS_T1 = cil_strpool_add("t1"); 84 CIL_KEY_CONS_T2 = cil_strpool_add("t2"); 85 CIL_KEY_CONS_T3 = cil_strpool_add("t3"); 86 CIL_KEY_CONS_R1 = cil_strpool_add("r1"); 87 CIL_KEY_CONS_R2 = cil_strpool_add("r2"); 88 CIL_KEY_CONS_R3 = cil_strpool_add("r3"); 89 CIL_KEY_CONS_U1 = cil_strpool_add("u1"); 90 CIL_KEY_CONS_U2 = cil_strpool_add("u2"); 91 CIL_KEY_CONS_U3 = cil_strpool_add("u3"); 92 CIL_KEY_CONS_L1 = cil_strpool_add("l1"); 93 CIL_KEY_CONS_L2 = cil_strpool_add("l2"); 94 CIL_KEY_CONS_H1 = cil_strpool_add("h1"); 95 CIL_KEY_CONS_H2 = cil_strpool_add("h2"); 96 CIL_KEY_AND = cil_strpool_add("and"); 97 CIL_KEY_OR = cil_strpool_add("or"); 98 CIL_KEY_NOT = cil_strpool_add("not"); 99 CIL_KEY_EQ = cil_strpool_add("eq"); 100 CIL_KEY_NEQ = cil_strpool_add("neq"); 101 CIL_KEY_CONS_DOM = cil_strpool_add("dom"); 102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby"); 103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp"); 104 CIL_KEY_CONDTRUE = cil_strpool_add("true"); 105 CIL_KEY_CONDFALSE = cil_strpool_add("false"); 106 CIL_KEY_SELF = cil_strpool_add("self"); 107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r"); 108 CIL_KEY_STAR = cil_strpool_add("*"); 109 CIL_KEY_UDP = cil_strpool_add("udp"); 110 CIL_KEY_TCP = cil_strpool_add("tcp"); 111 CIL_KEY_DCCP = cil_strpool_add("dccp"); 112 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); 113 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); 114 CIL_KEY_ALLOW = cil_strpool_add("allow"); 115 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit"); 116 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition"); 117 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange"); 118 CIL_KEY_CALL = cil_strpool_add("call"); 119 CIL_KEY_TUNABLE = cil_strpool_add("tunable"); 120 CIL_KEY_XOR = cil_strpool_add("xor"); 121 CIL_KEY_ALL = cil_strpool_add("all"); 122 CIL_KEY_RANGE = cil_strpool_add("range"); 123 CIL_KEY_TYPE = cil_strpool_add("type"); 124 CIL_KEY_ROLE = cil_strpool_add("role"); 125 CIL_KEY_USER = cil_strpool_add("user"); 126 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute"); 127 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset"); 128 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity"); 129 CIL_KEY_CATEGORY = cil_strpool_add("category"); 130 CIL_KEY_CATSET = cil_strpool_add("categoryset"); 131 CIL_KEY_LEVEL = cil_strpool_add("level"); 132 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange"); 133 CIL_KEY_CLASS = cil_strpool_add("class"); 134 CIL_KEY_IPADDR = cil_strpool_add("ipaddr"); 135 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap"); 136 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission"); 137 CIL_KEY_BOOL = cil_strpool_add("boolean"); 138 CIL_KEY_STRING = cil_strpool_add("string"); 139 CIL_KEY_NAME = cil_strpool_add("name"); 140 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown"); 141 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow"); 142 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny"); 143 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject"); 144 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit"); 145 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract"); 146 CIL_KEY_CLASSORDER = cil_strpool_add("classorder"); 147 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping"); 148 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset"); 149 CIL_KEY_COMMON = cil_strpool_add("common"); 150 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon"); 151 CIL_KEY_SID = cil_strpool_add("sid"); 152 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext"); 153 CIL_KEY_SIDORDER = cil_strpool_add("sidorder"); 154 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel"); 155 CIL_KEY_USERRANGE = cil_strpool_add("userrange"); 156 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds"); 157 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix"); 158 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser"); 159 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault"); 160 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute"); 161 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset"); 162 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias"); 163 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual"); 164 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds"); 165 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive"); 166 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition"); 167 CIL_KEY_USERROLE = cil_strpool_add("userrole"); 168 CIL_KEY_ROLETYPE = cil_strpool_add("roletype"); 169 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition"); 170 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow"); 171 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute"); 172 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset"); 173 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds"); 174 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif"); 175 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow"); 176 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember"); 177 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias"); 178 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual"); 179 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias"); 180 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual"); 181 CIL_KEY_CATORDER = cil_strpool_add("categoryorder"); 182 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder"); 183 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory"); 184 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain"); 185 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain"); 186 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans"); 187 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans"); 188 CIL_KEY_CONTEXT = cil_strpool_add("context"); 189 CIL_KEY_FILECON = cil_strpool_add("filecon"); 190 CIL_KEY_PORTCON = cil_strpool_add("portcon"); 191 CIL_KEY_NODECON = cil_strpool_add("nodecon"); 192 CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); 193 CIL_KEY_NETIFCON = cil_strpool_add("netifcon"); 194 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon"); 195 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon"); 196 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon"); 197 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon"); 198 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon"); 199 CIL_KEY_FSUSE = cil_strpool_add("fsuse"); 200 CIL_KEY_POLICYCAP = cil_strpool_add("policycap"); 201 CIL_KEY_OPTIONAL = cil_strpool_add("optional"); 202 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser"); 203 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole"); 204 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype"); 205 CIL_KEY_MACRO = cil_strpool_add("macro"); 206 CIL_KEY_IN = cil_strpool_add("in"); 207 CIL_KEY_MLS = cil_strpool_add("mls"); 208 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange"); 209 CIL_KEY_GLOB = cil_strpool_add("*"); 210 CIL_KEY_FILE = cil_strpool_add("file"); 211 CIL_KEY_DIR = cil_strpool_add("dir"); 212 CIL_KEY_CHAR = cil_strpool_add("char"); 213 CIL_KEY_BLOCK = cil_strpool_add("block"); 214 CIL_KEY_SOCKET = cil_strpool_add("socket"); 215 CIL_KEY_PIPE = cil_strpool_add("pipe"); 216 CIL_KEY_SYMLINK = cil_strpool_add("symlink"); 217 CIL_KEY_ANY = cil_strpool_add("any"); 218 CIL_KEY_XATTR = cil_strpool_add("xattr"); 219 CIL_KEY_TASK = cil_strpool_add("task"); 220 CIL_KEY_TRANS = cil_strpool_add("trans"); 221 CIL_KEY_SOURCE = cil_strpool_add("source"); 222 CIL_KEY_TARGET = cil_strpool_add("target"); 223 CIL_KEY_LOW = cil_strpool_add("low"); 224 CIL_KEY_HIGH = cil_strpool_add("high"); 225 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high"); 226 CIL_KEY_ROOT = cil_strpool_add("<root>"); 227 CIL_KEY_NODE = cil_strpool_add("<node>"); 228 CIL_KEY_PERM = cil_strpool_add("perm"); 229 CIL_KEY_ALLOWX = cil_strpool_add("allowx"); 230 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx"); 231 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx"); 232 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx"); 233 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx"); 234 CIL_KEY_IOCTL = cil_strpool_add("ioctl"); 235 CIL_KEY_UNORDERED = cil_strpool_add("unordered"); 236 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>"); 237 CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>"); 238 CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>"); 239 } 240 241 void cil_db_init(struct cil_db **db) 242 { 243 *db = cil_malloc(sizeof(**db)); 244 245 cil_strpool_init(); 246 cil_init_keys(); 247 248 cil_tree_init(&(*db)->parse); 249 cil_tree_init(&(*db)->ast); 250 cil_root_init((struct cil_root **)&(*db)->ast->root->data); 251 (*db)->sidorder = NULL; 252 (*db)->classorder = NULL; 253 (*db)->catorder = NULL; 254 (*db)->sensitivityorder = NULL; 255 cil_sort_init(&(*db)->netifcon); 256 cil_sort_init(&(*db)->genfscon); 257 cil_sort_init(&(*db)->filecon); 258 cil_sort_init(&(*db)->nodecon); 259 cil_sort_init(&(*db)->portcon); 260 cil_sort_init(&(*db)->pirqcon); 261 cil_sort_init(&(*db)->iomemcon); 262 cil_sort_init(&(*db)->ioportcon); 263 cil_sort_init(&(*db)->pcidevicecon); 264 cil_sort_init(&(*db)->devicetreecon); 265 cil_sort_init(&(*db)->fsuse); 266 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM); 267 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM); 268 cil_list_init(&(*db)->names, CIL_LIST_ITEM); 269 270 cil_type_init(&(*db)->selftype); 271 (*db)->selftype->datum.name = CIL_KEY_SELF; 272 (*db)->selftype->datum.fqn = CIL_KEY_SELF; 273 (*db)->num_types_and_attrs = 0; 274 (*db)->num_classes = 0; 275 (*db)->num_types = 0; 276 (*db)->num_roles = 0; 277 (*db)->num_users = 0; 278 (*db)->num_cats = 0; 279 (*db)->val_to_type = NULL; 280 (*db)->val_to_role = NULL; 281 (*db)->val_to_user = NULL; 282 283 (*db)->disable_dontaudit = CIL_FALSE; 284 (*db)->disable_neverallow = CIL_FALSE; 285 (*db)->attrs_expand_generated = CIL_FALSE; 286 (*db)->attrs_expand_size = 1; 287 (*db)->preserve_tunables = CIL_FALSE; 288 (*db)->handle_unknown = -1; 289 (*db)->mls = -1; 290 (*db)->target_platform = SEPOL_TARGET_SELINUX; 291 (*db)->policy_version = POLICYDB_VERSION_MAX; 292 } 293 294 void cil_db_destroy(struct cil_db **db) 295 { 296 if (db == NULL || *db == NULL) { 297 return; 298 } 299 300 cil_tree_destroy(&(*db)->parse); 301 cil_tree_destroy(&(*db)->ast); 302 cil_list_destroy(&(*db)->sidorder, CIL_FALSE); 303 cil_list_destroy(&(*db)->classorder, CIL_FALSE); 304 cil_list_destroy(&(*db)->catorder, CIL_FALSE); 305 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE); 306 cil_sort_destroy(&(*db)->netifcon); 307 cil_sort_destroy(&(*db)->genfscon); 308 cil_sort_destroy(&(*db)->filecon); 309 cil_sort_destroy(&(*db)->nodecon); 310 cil_sort_destroy(&(*db)->portcon); 311 cil_sort_destroy(&(*db)->pirqcon); 312 cil_sort_destroy(&(*db)->iomemcon); 313 cil_sort_destroy(&(*db)->ioportcon); 314 cil_sort_destroy(&(*db)->pcidevicecon); 315 cil_sort_destroy(&(*db)->devicetreecon); 316 cil_sort_destroy(&(*db)->fsuse); 317 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE); 318 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE); 319 cil_list_destroy(&(*db)->names, CIL_TRUE); 320 321 cil_destroy_type((*db)->selftype); 322 323 cil_strpool_destroy(); 324 free((*db)->val_to_type); 325 free((*db)->val_to_role); 326 free((*db)->val_to_user); 327 328 free(*db); 329 *db = NULL; 330 } 331 332 void cil_root_init(struct cil_root **root) 333 { 334 struct cil_root *r = cil_malloc(sizeof(*r)); 335 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]); 336 337 *root = r; 338 } 339 340 void cil_root_destroy(struct cil_root *root) 341 { 342 if (root == NULL) { 343 return; 344 } 345 cil_symtab_array_destroy(root->symtab); 346 free(root); 347 } 348 349 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size) 350 { 351 char *buffer = NULL; 352 int rc; 353 354 cil_log(CIL_INFO, "Parsing %s\n", name); 355 356 buffer = cil_malloc(size + 2); 357 memcpy(buffer, data, size); 358 memset(buffer + size, 0, 2); 359 360 rc = cil_parser(name, buffer, size + 2, &db->parse); 361 if (rc != SEPOL_OK) { 362 cil_log(CIL_INFO, "Failed to parse %s\n", name); 363 goto exit; 364 } 365 366 free(buffer); 367 buffer = NULL; 368 369 rc = SEPOL_OK; 370 371 exit: 372 free(buffer); 373 374 return rc; 375 } 376 377 #ifdef DISABLE_SYMVER 378 int cil_compile(struct cil_db *db) 379 #else 380 int cil_compile_nopdb(struct cil_db *db) 381 #endif 382 { 383 int rc = SEPOL_ERR; 384 385 if (db == NULL) { 386 goto exit; 387 } 388 389 cil_log(CIL_INFO, "Building AST from Parse Tree\n"); 390 rc = cil_build_ast(db, db->parse->root, db->ast->root); 391 if (rc != SEPOL_OK) { 392 cil_log(CIL_INFO, "Failed to build ast\n"); 393 goto exit; 394 } 395 396 cil_log(CIL_INFO, "Destroying Parse Tree\n"); 397 cil_tree_destroy(&db->parse); 398 399 cil_log(CIL_INFO, "Resolving AST\n"); 400 rc = cil_resolve_ast(db, db->ast->root); 401 if (rc != SEPOL_OK) { 402 cil_log(CIL_INFO, "Failed to resolve ast\n"); 403 goto exit; 404 } 405 406 cil_log(CIL_INFO, "Qualifying Names\n"); 407 rc = cil_fqn_qualify(db->ast->root); 408 if (rc != SEPOL_OK) { 409 cil_log(CIL_INFO, "Failed to qualify names\n"); 410 goto exit; 411 } 412 413 cil_log(CIL_INFO, "Compile post process\n"); 414 rc = cil_post_process(db); 415 if (rc != SEPOL_OK ) { 416 cil_log(CIL_INFO, "Post process failed\n"); 417 goto exit; 418 } 419 420 exit: 421 422 return rc; 423 } 424 425 #ifndef DISABLE_SYMVER 426 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) 427 { 428 return cil_compile_nopdb(db); 429 } 430 431 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db) 432 { 433 int rc; 434 435 cil_log(CIL_INFO, "Building policy binary\n"); 436 rc = cil_binary_create_allocated_pdb(db, sepol_db); 437 if (rc != SEPOL_OK) { 438 cil_log(CIL_ERR, "Failed to generate binary\n"); 439 goto exit; 440 } 441 442 exit: 443 return rc; 444 } 445 #endif 446 447 #ifdef DISABLE_SYMVER 448 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) 449 #else 450 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) 451 #endif 452 { 453 int rc; 454 455 cil_log(CIL_INFO, "Building policy binary\n"); 456 rc = cil_binary_create(db, sepol_db); 457 if (rc != SEPOL_OK) { 458 cil_log(CIL_ERR, "Failed to generate binary\n"); 459 goto exit; 460 } 461 462 exit: 463 return rc; 464 } 465 466 void cil_write_policy_conf(FILE *out, struct cil_db *db) 467 { 468 cil_log(CIL_INFO, "Writing policy.conf file\n"); 469 cil_gen_policy(out, db); 470 } 471 472 void cil_destroy_data(void **data, enum cil_flavor flavor) 473 { 474 if (*data == NULL) { 475 return; 476 } 477 478 switch(flavor) { 479 case CIL_NONE: 480 break; 481 case CIL_ROOT: 482 cil_root_destroy(*data); 483 break; 484 case CIL_NODE: 485 break; 486 case CIL_STRING: 487 break; 488 case CIL_DATUM: 489 break; 490 case CIL_LIST: 491 cil_list_destroy(*data, CIL_FALSE); 492 break; 493 case CIL_LIST_ITEM: 494 break; 495 case CIL_PARAM: 496 cil_destroy_param(*data); 497 break; 498 case CIL_ARGS: 499 cil_destroy_args(*data); 500 break; 501 case CIL_BLOCK: 502 cil_destroy_block(*data); 503 break; 504 case CIL_BLOCKINHERIT: 505 cil_destroy_blockinherit(*data); 506 break; 507 case CIL_BLOCKABSTRACT: 508 cil_destroy_blockabstract(*data); 509 break; 510 case CIL_IN: 511 cil_destroy_in(*data); 512 break; 513 case CIL_MACRO: 514 cil_destroy_macro(*data); 515 break; 516 case CIL_CALL: 517 cil_destroy_call(*data); 518 break; 519 case CIL_OPTIONAL: 520 cil_destroy_optional(*data); 521 break; 522 case CIL_BOOL: 523 cil_destroy_bool(*data); 524 break; 525 case CIL_BOOLEANIF: 526 cil_destroy_boolif(*data); 527 break; 528 case CIL_TUNABLE: 529 cil_destroy_tunable(*data); 530 break; 531 case CIL_TUNABLEIF: 532 cil_destroy_tunif(*data); 533 break; 534 case CIL_CONDBLOCK: 535 cil_destroy_condblock(*data); 536 break; 537 case CIL_CONDTRUE: 538 break; 539 case CIL_CONDFALSE: 540 break; 541 case CIL_PERM: 542 case CIL_MAP_PERM: 543 cil_destroy_perm(*data); 544 break; 545 case CIL_COMMON: 546 case CIL_CLASS: 547 case CIL_MAP_CLASS: 548 cil_destroy_class(*data); 549 break; 550 case CIL_CLASSORDER: 551 cil_destroy_classorder(*data); 552 break; 553 case CIL_CLASSPERMISSION: 554 cil_destroy_classpermission(*data); 555 break; 556 case CIL_CLASSCOMMON: 557 cil_destroy_classcommon(*data); 558 break; 559 case CIL_CLASSMAPPING: 560 cil_destroy_classmapping(*data); 561 break; 562 case CIL_CLASSPERMS: 563 cil_destroy_classperms(*data); 564 break; 565 case CIL_CLASSPERMS_SET: 566 cil_destroy_classperms_set(*data); 567 break; 568 case CIL_CLASSPERMISSIONSET: 569 cil_destroy_classpermissionset(*data); 570 break; 571 case CIL_USER: 572 cil_destroy_user(*data); 573 break; 574 case CIL_USERATTRIBUTE: 575 cil_destroy_userattribute(*data); 576 break; 577 case CIL_USERATTRIBUTESET: 578 cil_destroy_userattributeset(*data); 579 break; 580 case CIL_USERPREFIX: 581 cil_destroy_userprefix(*data); 582 break; 583 case CIL_USERROLE: 584 cil_destroy_userrole(*data); 585 break; 586 case CIL_USERLEVEL: 587 cil_destroy_userlevel(*data); 588 break; 589 case CIL_USERRANGE: 590 cil_destroy_userrange(*data); 591 break; 592 case CIL_USERBOUNDS: 593 cil_destroy_bounds(*data); 594 break; 595 case CIL_SELINUXUSER: 596 case CIL_SELINUXUSERDEFAULT: 597 cil_destroy_selinuxuser(*data); 598 break; 599 case CIL_ROLE: 600 cil_destroy_role(*data); 601 break; 602 case CIL_ROLEATTRIBUTE: 603 cil_destroy_roleattribute(*data); 604 break; 605 case CIL_ROLEATTRIBUTESET: 606 cil_destroy_roleattributeset(*data); 607 break; 608 case CIL_ROLETYPE: 609 cil_destroy_roletype(*data); 610 break; 611 case CIL_ROLEBOUNDS: 612 cil_destroy_bounds(*data); 613 break; 614 case CIL_TYPE: 615 cil_destroy_type(*data); 616 break; 617 case CIL_TYPEATTRIBUTE: 618 cil_destroy_typeattribute(*data); 619 break; 620 case CIL_TYPEALIAS: 621 cil_destroy_alias(*data); 622 break; 623 case CIL_TYPEATTRIBUTESET: 624 cil_destroy_typeattributeset(*data); 625 break; 626 case CIL_TYPEALIASACTUAL: 627 cil_destroy_aliasactual(*data); 628 break; 629 case CIL_TYPEBOUNDS: 630 cil_destroy_bounds(*data); 631 break; 632 case CIL_TYPEPERMISSIVE: 633 cil_destroy_typepermissive(*data); 634 break; 635 case CIL_SENS: 636 cil_destroy_sensitivity(*data); 637 break; 638 case CIL_SENSALIAS: 639 cil_destroy_alias(*data); 640 break; 641 case CIL_SENSALIASACTUAL: 642 cil_destroy_aliasactual(*data); 643 break; 644 case CIL_SENSITIVITYORDER: 645 cil_destroy_sensitivityorder(*data); 646 break; 647 case CIL_SENSCAT: 648 cil_destroy_senscat(*data); 649 break; 650 case CIL_CAT: 651 cil_destroy_category(*data); 652 break; 653 case CIL_CATSET: 654 cil_destroy_catset(*data); 655 break; 656 case CIL_CATALIAS: 657 cil_destroy_alias(*data); 658 break; 659 case CIL_CATALIASACTUAL: 660 cil_destroy_aliasactual(*data); 661 break; 662 case CIL_CATORDER: 663 cil_destroy_catorder(*data); 664 break; 665 case CIL_LEVEL: 666 cil_destroy_level(*data); 667 break; 668 case CIL_LEVELRANGE: 669 cil_destroy_levelrange(*data); 670 break; 671 case CIL_SID: 672 cil_destroy_sid(*data); 673 break; 674 case CIL_SIDORDER: 675 cil_destroy_sidorder(*data); 676 break; 677 case CIL_NAME: 678 cil_destroy_name(*data); 679 break; 680 case CIL_ROLEALLOW: 681 cil_destroy_roleallow(*data); 682 break; 683 case CIL_AVRULE: 684 case CIL_AVRULEX: 685 cil_destroy_avrule(*data); 686 break; 687 case CIL_PERMISSIONX: 688 cil_destroy_permissionx(*data); 689 break; 690 case CIL_ROLETRANSITION: 691 cil_destroy_roletransition(*data); 692 break; 693 case CIL_TYPE_RULE: 694 cil_destroy_type_rule(*data); 695 break; 696 case CIL_NAMETYPETRANSITION: 697 cil_destroy_typetransition(*data); 698 break; 699 case CIL_RANGETRANSITION: 700 cil_destroy_rangetransition(*data); 701 break; 702 case CIL_CONSTRAIN: 703 cil_destroy_constrain(*data); 704 break; 705 case CIL_MLSCONSTRAIN: 706 cil_destroy_constrain(*data); 707 break; 708 case CIL_VALIDATETRANS: 709 case CIL_MLSVALIDATETRANS: 710 cil_destroy_validatetrans(*data); 711 break; 712 case CIL_CONTEXT: 713 cil_destroy_context(*data); 714 break; 715 case CIL_IPADDR: 716 cil_destroy_ipaddr(*data); 717 break; 718 case CIL_SIDCONTEXT: 719 cil_destroy_sidcontext(*data); 720 break; 721 case CIL_FSUSE: 722 cil_destroy_fsuse(*data); 723 break; 724 case CIL_FILECON: 725 cil_destroy_filecon(*data); 726 break; 727 case CIL_PORTCON: 728 cil_destroy_portcon(*data); 729 break; 730 case CIL_NODECON: 731 cil_destroy_nodecon(*data); 732 break; 733 case CIL_GENFSCON: 734 cil_destroy_genfscon(*data); 735 break; 736 case CIL_NETIFCON: 737 cil_destroy_netifcon(*data); 738 break; 739 case CIL_PIRQCON: 740 cil_destroy_pirqcon(*data); 741 break; 742 case CIL_IOMEMCON: 743 cil_destroy_iomemcon(*data); 744 break; 745 case CIL_IOPORTCON: 746 cil_destroy_ioportcon(*data); 747 break; 748 case CIL_PCIDEVICECON: 749 cil_destroy_pcidevicecon(*data); 750 break; 751 case CIL_DEVICETREECON: 752 cil_destroy_devicetreecon(*data); 753 break; 754 case CIL_POLICYCAP: 755 cil_destroy_policycap(*data); 756 break; 757 case CIL_DEFAULTUSER: 758 case CIL_DEFAULTROLE: 759 case CIL_DEFAULTTYPE: 760 cil_destroy_default(*data); 761 break; 762 case CIL_DEFAULTRANGE: 763 cil_destroy_defaultrange(*data); 764 break; 765 case CIL_HANDLEUNKNOWN: 766 cil_destroy_handleunknown(*data); 767 break; 768 case CIL_MLS: 769 cil_destroy_mls(*data); 770 break; 771 case CIL_SRC_INFO: 772 cil_destroy_src_info(*data); 773 break; 774 case CIL_OP: 775 case CIL_CONS_OPERAND: 776 break; 777 default: 778 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor); 779 break; 780 } 781 782 *data = NULL; 783 } 784 785 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index) 786 { 787 if (flavor < CIL_MIN_DECLARATIVE) { 788 return SEPOL_ERR; 789 } 790 791 switch(flavor) { 792 case CIL_BLOCK: 793 *sym_index = CIL_SYM_BLOCKS; 794 break; 795 case CIL_MACRO: 796 *sym_index = CIL_SYM_BLOCKS; 797 break; 798 case CIL_OPTIONAL: 799 *sym_index = CIL_SYM_BLOCKS; 800 break; 801 case CIL_BOOL: 802 *sym_index = CIL_SYM_BOOLS; 803 break; 804 case CIL_TUNABLE: 805 *sym_index = CIL_SYM_TUNABLES; 806 break; 807 case CIL_PERM: 808 case CIL_MAP_PERM: 809 *sym_index = CIL_SYM_PERMS; 810 break; 811 case CIL_COMMON: 812 *sym_index = CIL_SYM_COMMONS; 813 break; 814 case CIL_CLASS: 815 case CIL_MAP_CLASS: 816 *sym_index = CIL_SYM_CLASSES; 817 break; 818 case CIL_CLASSPERMISSION: 819 case CIL_CLASSPERMISSIONSET: 820 *sym_index = CIL_SYM_CLASSPERMSETS; 821 break; 822 case CIL_USER: 823 case CIL_USERATTRIBUTE: 824 *sym_index = CIL_SYM_USERS; 825 break; 826 case CIL_ROLE: 827 case CIL_ROLEATTRIBUTE: 828 *sym_index = CIL_SYM_ROLES; 829 break; 830 case CIL_TYPE: 831 case CIL_TYPEALIAS: 832 case CIL_TYPEATTRIBUTE: 833 *sym_index = CIL_SYM_TYPES; 834 break; 835 case CIL_SENS: 836 case CIL_SENSALIAS: 837 *sym_index = CIL_SYM_SENS; 838 break; 839 case CIL_CAT: 840 case CIL_CATSET: 841 case CIL_CATALIAS: 842 *sym_index = CIL_SYM_CATS; 843 break; 844 case CIL_LEVEL: 845 *sym_index = CIL_SYM_LEVELS; 846 break; 847 case CIL_LEVELRANGE: 848 *sym_index = CIL_SYM_LEVELRANGES; 849 break; 850 case CIL_SID: 851 *sym_index = CIL_SYM_SIDS; 852 break; 853 case CIL_NAME: 854 *sym_index = CIL_SYM_NAMES; 855 break; 856 case CIL_CONTEXT: 857 *sym_index = CIL_SYM_CONTEXTS; 858 break; 859 case CIL_IPADDR: 860 *sym_index = CIL_SYM_IPADDRS; 861 break; 862 case CIL_POLICYCAP: 863 *sym_index = CIL_SYM_POLICYCAPS; 864 break; 865 case CIL_PERMISSIONX: 866 *sym_index = CIL_SYM_PERMX; 867 break; 868 default: 869 *sym_index = CIL_SYM_UNKNOWN; 870 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor); 871 return SEPOL_ERR; 872 } 873 874 return SEPOL_OK; 875 } 876 877 const char * cil_node_to_string(struct cil_tree_node *node) 878 { 879 switch (node->flavor) { 880 case CIL_NONE: 881 return "<none>"; 882 case CIL_ROOT: 883 return CIL_KEY_ROOT; 884 case CIL_NODE: 885 return CIL_KEY_NODE; 886 case CIL_STRING: 887 return "string"; 888 case CIL_DATUM: 889 return "<datum>"; 890 case CIL_LIST: 891 return "<list>"; 892 case CIL_LIST_ITEM: 893 return "<list_item>"; 894 case CIL_PARAM: 895 return "<param>"; 896 case CIL_ARGS: 897 return "<args>"; 898 case CIL_BLOCK: 899 return CIL_KEY_BLOCK; 900 case CIL_BLOCKINHERIT: 901 return CIL_KEY_BLOCKINHERIT; 902 case CIL_BLOCKABSTRACT: 903 return CIL_KEY_BLOCKABSTRACT; 904 case CIL_IN: 905 return CIL_KEY_IN; 906 case CIL_MACRO: 907 return CIL_KEY_MACRO; 908 case CIL_CALL: 909 return CIL_KEY_CALL; 910 case CIL_OPTIONAL: 911 return CIL_KEY_OPTIONAL; 912 case CIL_BOOL: 913 return CIL_KEY_BOOL; 914 case CIL_BOOLEANIF: 915 return CIL_KEY_BOOLEANIF; 916 case CIL_TUNABLE: 917 return CIL_KEY_TUNABLE; 918 case CIL_TUNABLEIF: 919 return CIL_KEY_TUNABLEIF; 920 case CIL_CONDBLOCK: 921 switch (((struct cil_condblock*)node->data)->flavor) { 922 case CIL_CONDTRUE: 923 return CIL_KEY_CONDTRUE; 924 case CIL_CONDFALSE: 925 return CIL_KEY_CONDFALSE; 926 default: 927 break; 928 } 929 break; 930 case CIL_CONDTRUE: 931 return CIL_KEY_CONDTRUE; 932 case CIL_CONDFALSE: 933 return CIL_KEY_CONDFALSE; 934 case CIL_PERM: 935 return CIL_KEY_PERM; 936 case CIL_COMMON: 937 return CIL_KEY_COMMON; 938 case CIL_CLASS: 939 return CIL_KEY_CLASS; 940 case CIL_CLASSORDER: 941 return CIL_KEY_CLASSORDER; 942 case CIL_MAP_CLASS: 943 return CIL_KEY_MAP_CLASS; 944 case CIL_CLASSPERMISSION: 945 return CIL_KEY_CLASSPERMISSION; 946 case CIL_CLASSCOMMON: 947 return CIL_KEY_CLASSCOMMON; 948 case CIL_CLASSMAPPING: 949 return CIL_KEY_CLASSMAPPING; 950 case CIL_CLASSPERMISSIONSET: 951 return CIL_KEY_CLASSPERMISSIONSET; 952 case CIL_USER: 953 return CIL_KEY_USER; 954 case CIL_USERATTRIBUTE: 955 return CIL_KEY_USERATTRIBUTE; 956 case CIL_USERATTRIBUTESET: 957 return CIL_KEY_USERATTRIBUTESET; 958 case CIL_USERPREFIX: 959 return CIL_KEY_USERPREFIX; 960 case CIL_USERROLE: 961 return CIL_KEY_USERROLE; 962 case CIL_USERLEVEL: 963 return CIL_KEY_USERLEVEL; 964 case CIL_USERRANGE: 965 return CIL_KEY_USERRANGE; 966 case CIL_USERBOUNDS: 967 return CIL_KEY_USERBOUNDS; 968 case CIL_SELINUXUSER: 969 return CIL_KEY_SELINUXUSER; 970 case CIL_SELINUXUSERDEFAULT: 971 return CIL_KEY_SELINUXUSERDEFAULT; 972 case CIL_ROLE: 973 return CIL_KEY_ROLE; 974 case CIL_ROLEATTRIBUTE: 975 return CIL_KEY_ROLEATTRIBUTE; 976 case CIL_ROLEATTRIBUTESET: 977 return CIL_KEY_ROLEATTRIBUTESET; 978 case CIL_ROLETYPE: 979 return CIL_KEY_ROLETYPE; 980 case CIL_ROLEBOUNDS: 981 return CIL_KEY_ROLEBOUNDS; 982 case CIL_TYPE: 983 return CIL_KEY_TYPE; 984 case CIL_TYPEATTRIBUTE: 985 return CIL_KEY_TYPEATTRIBUTE; 986 case CIL_TYPEALIAS: 987 return CIL_KEY_TYPEALIAS; 988 case CIL_TYPEATTRIBUTESET: 989 return CIL_KEY_TYPEATTRIBUTESET; 990 case CIL_TYPEALIASACTUAL: 991 return CIL_KEY_TYPEALIASACTUAL; 992 case CIL_TYPEBOUNDS: 993 return CIL_KEY_TYPEBOUNDS; 994 case CIL_TYPEPERMISSIVE: 995 return CIL_KEY_TYPEPERMISSIVE; 996 case CIL_SENS: 997 return CIL_KEY_SENSITIVITY; 998 case CIL_SENSALIAS: 999 return CIL_KEY_SENSALIAS; 1000 case CIL_SENSALIASACTUAL: 1001 return CIL_KEY_SENSALIASACTUAL; 1002 case CIL_SENSITIVITYORDER: 1003 return CIL_KEY_SENSITIVITYORDER; 1004 case CIL_SENSCAT: 1005 return CIL_KEY_SENSCAT; 1006 case CIL_CAT: 1007 return CIL_KEY_CATEGORY; 1008 case CIL_CATSET: 1009 return CIL_KEY_CATSET; 1010 case CIL_CATALIAS: 1011 return CIL_KEY_CATALIAS; 1012 case CIL_CATALIASACTUAL: 1013 return CIL_KEY_CATALIASACTUAL; 1014 case CIL_CATORDER: 1015 return CIL_KEY_CATORDER; 1016 case CIL_LEVEL: 1017 return CIL_KEY_LEVEL; 1018 case CIL_LEVELRANGE: 1019 return CIL_KEY_LEVELRANGE; 1020 case CIL_SID: 1021 return CIL_KEY_SID; 1022 case CIL_SIDORDER: 1023 return CIL_KEY_SIDORDER; 1024 case CIL_NAME: 1025 return CIL_KEY_NAME; 1026 case CIL_ROLEALLOW: 1027 return CIL_KEY_ROLEALLOW; 1028 case CIL_AVRULE: 1029 switch (((struct cil_avrule *)node->data)->rule_kind) { 1030 case CIL_AVRULE_ALLOWED: 1031 return CIL_KEY_ALLOW; 1032 case CIL_AVRULE_AUDITALLOW: 1033 return CIL_KEY_AUDITALLOW; 1034 case CIL_AVRULE_DONTAUDIT: 1035 return CIL_KEY_DONTAUDIT; 1036 case CIL_AVRULE_NEVERALLOW: 1037 return CIL_KEY_NEVERALLOW; 1038 default: 1039 break; 1040 } 1041 break; 1042 case CIL_AVRULEX: 1043 switch (((struct cil_avrule *)node->data)->rule_kind) { 1044 case CIL_AVRULE_ALLOWED: 1045 return CIL_KEY_ALLOWX; 1046 case CIL_AVRULE_AUDITALLOW: 1047 return CIL_KEY_AUDITALLOWX; 1048 case CIL_AVRULE_DONTAUDIT: 1049 return CIL_KEY_DONTAUDITX; 1050 case CIL_AVRULE_NEVERALLOW: 1051 return CIL_KEY_NEVERALLOWX; 1052 default: 1053 break; 1054 } 1055 break; 1056 case CIL_PERMISSIONX: 1057 return CIL_KEY_PERMISSIONX; 1058 case CIL_ROLETRANSITION: 1059 return CIL_KEY_ROLETRANSITION; 1060 case CIL_TYPE_RULE: 1061 switch (((struct cil_type_rule *)node->data)->rule_kind) { 1062 case CIL_TYPE_TRANSITION: 1063 return CIL_KEY_TYPETRANSITION; 1064 case CIL_TYPE_MEMBER: 1065 return CIL_KEY_TYPEMEMBER; 1066 case CIL_TYPE_CHANGE: 1067 return CIL_KEY_TYPECHANGE; 1068 default: 1069 break; 1070 } 1071 break; 1072 case CIL_NAMETYPETRANSITION: 1073 return CIL_KEY_TYPETRANSITION; 1074 case CIL_RANGETRANSITION: 1075 return CIL_KEY_RANGETRANSITION; 1076 case CIL_CONSTRAIN: 1077 return CIL_KEY_CONSTRAIN; 1078 case CIL_MLSCONSTRAIN: 1079 return CIL_KEY_MLSCONSTRAIN; 1080 case CIL_VALIDATETRANS: 1081 return CIL_KEY_VALIDATETRANS; 1082 case CIL_MLSVALIDATETRANS: 1083 return CIL_KEY_MLSVALIDATETRANS; 1084 case CIL_CONTEXT: 1085 return CIL_KEY_CONTEXT; 1086 case CIL_IPADDR: 1087 return CIL_KEY_IPADDR; 1088 case CIL_SIDCONTEXT: 1089 return CIL_KEY_SIDCONTEXT; 1090 case CIL_FSUSE: 1091 return CIL_KEY_FSUSE; 1092 case CIL_FILECON: 1093 return CIL_KEY_FILECON; 1094 case CIL_PORTCON: 1095 return CIL_KEY_PORTCON; 1096 case CIL_NODECON: 1097 return CIL_KEY_NODECON; 1098 case CIL_GENFSCON: 1099 return CIL_KEY_GENFSCON; 1100 case CIL_NETIFCON: 1101 return CIL_KEY_NETIFCON; 1102 case CIL_PIRQCON: 1103 return CIL_KEY_PIRQCON; 1104 case CIL_IOMEMCON: 1105 return CIL_KEY_IOMEMCON; 1106 case CIL_IOPORTCON: 1107 return CIL_KEY_IOPORTCON; 1108 case CIL_PCIDEVICECON: 1109 return CIL_KEY_PCIDEVICECON; 1110 case CIL_DEVICETREECON: 1111 return CIL_KEY_DEVICETREECON; 1112 case CIL_POLICYCAP: 1113 return CIL_KEY_POLICYCAP; 1114 case CIL_DEFAULTUSER: 1115 return CIL_KEY_DEFAULTUSER; 1116 case CIL_DEFAULTROLE: 1117 return CIL_KEY_DEFAULTROLE; 1118 case CIL_DEFAULTTYPE: 1119 return CIL_KEY_DEFAULTTYPE; 1120 case CIL_DEFAULTRANGE: 1121 return CIL_KEY_DEFAULTRANGE; 1122 case CIL_HANDLEUNKNOWN: 1123 return CIL_KEY_HANDLEUNKNOWN; 1124 case CIL_MLS: 1125 return CIL_KEY_MLS; 1126 case CIL_SRC_INFO: 1127 return CIL_KEY_SRC_INFO; 1128 case CIL_ALL: 1129 return CIL_KEY_ALL; 1130 case CIL_RANGE: 1131 return CIL_KEY_RANGE; 1132 case CIL_AND: 1133 return CIL_KEY_AND; 1134 case CIL_OR: 1135 return CIL_KEY_OR; 1136 case CIL_XOR: 1137 return CIL_KEY_XOR; 1138 case CIL_NOT: 1139 return CIL_KEY_NOT; 1140 case CIL_EQ: 1141 return CIL_KEY_EQ; 1142 case CIL_NEQ: 1143 return CIL_KEY_NEQ; 1144 case CIL_CONS_DOM: 1145 return CIL_KEY_CONS_DOM; 1146 case CIL_CONS_DOMBY: 1147 return CIL_KEY_CONS_DOMBY; 1148 case CIL_CONS_INCOMP: 1149 return CIL_KEY_CONS_INCOMP; 1150 case CIL_CONS_U1: 1151 return CIL_KEY_CONS_U1; 1152 case CIL_CONS_U2: 1153 return CIL_KEY_CONS_U2; 1154 case CIL_CONS_U3: 1155 return CIL_KEY_CONS_U3; 1156 case CIL_CONS_T1: 1157 return CIL_KEY_CONS_T1; 1158 case CIL_CONS_T2: 1159 return CIL_KEY_CONS_T2; 1160 case CIL_CONS_T3: 1161 return CIL_KEY_CONS_T3; 1162 case CIL_CONS_R1: 1163 return CIL_KEY_CONS_R1; 1164 case CIL_CONS_R2: 1165 return CIL_KEY_CONS_R2; 1166 case CIL_CONS_R3: 1167 return CIL_KEY_CONS_R3; 1168 case CIL_CONS_L1: 1169 return CIL_KEY_CONS_L1; 1170 case CIL_CONS_L2: 1171 return CIL_KEY_CONS_L2; 1172 case CIL_CONS_H1: 1173 return CIL_KEY_CONS_H1; 1174 case CIL_CONS_H2: 1175 return CIL_KEY_CONS_H2; 1176 1177 default: 1178 break; 1179 } 1180 1181 return "<unknown>"; 1182 } 1183 1184 #ifdef DISABLE_SYMVER 1185 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) 1186 #else 1187 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1188 #endif 1189 { 1190 int rc = SEPOL_ERR; 1191 size_t str_len = 0; 1192 int buf_pos = 0; 1193 char *str_tmp = NULL; 1194 struct cil_list_item *curr; 1195 struct cil_userprefix *userprefix = NULL; 1196 struct cil_user *user = NULL; 1197 1198 *out = NULL; 1199 1200 if (db->userprefixes->head == NULL) { 1201 rc = SEPOL_OK; 1202 *size = 0; 1203 goto exit; 1204 } 1205 1206 cil_list_for_each(curr, db->userprefixes) { 1207 userprefix = curr->data; 1208 user = userprefix->user; 1209 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2; 1210 } 1211 1212 *size = str_len * sizeof(char); 1213 str_len++; 1214 str_tmp = cil_malloc(str_len * sizeof(char)); 1215 *out = str_tmp; 1216 1217 cil_list_for_each(curr, db->userprefixes) { 1218 userprefix = curr->data; 1219 user = userprefix->user; 1220 1221 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn, 1222 userprefix->prefix_str); 1223 str_len -= buf_pos; 1224 str_tmp += buf_pos; 1225 } 1226 1227 rc = SEPOL_OK; 1228 exit: 1229 return rc; 1230 1231 } 1232 1233 #ifndef DISABLE_SYMVER 1234 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1235 { 1236 return cil_userprefixes_to_string_nopdb(db, out, size); 1237 } 1238 #endif 1239 1240 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap) 1241 { 1242 int rc = SEPOL_ERR; 1243 struct cil_list_item *i; 1244 struct cil_list_item *j; 1245 struct cil_cat* cat; 1246 struct cil_catset *cs; 1247 struct cil_tree_node *node; 1248 1249 if (cats == NULL) { 1250 rc = SEPOL_OK; 1251 goto exit; 1252 } 1253 1254 cil_list_for_each(i, cats->datum_expr) { 1255 node = DATUM(i->data)->nodes->head->data; 1256 if (node->flavor == CIL_CATSET) { 1257 cs = (struct cil_catset*)i->data; 1258 cil_list_for_each(j, cs->cats->datum_expr) { 1259 cat = (struct cil_cat*)j->data; 1260 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1261 if (rc != SEPOL_OK) { 1262 goto exit; 1263 } 1264 } 1265 } else { 1266 cat = (struct cil_cat*)i->data; 1267 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1268 if (rc != SEPOL_OK) { 1269 goto exit; 1270 } 1271 } 1272 } 1273 1274 return SEPOL_OK; 1275 1276 exit: 1277 return rc; 1278 } 1279 1280 static int cil_level_equals(struct cil_level *low, struct cil_level *high) 1281 { 1282 int rc; 1283 struct ebitmap elow; 1284 struct ebitmap ehigh; 1285 1286 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) { 1287 rc = 0; 1288 goto exit; 1289 } 1290 1291 ebitmap_init(&elow); 1292 ebitmap_init(&ehigh); 1293 1294 rc = cil_cats_to_ebitmap(low->cats, &elow); 1295 if (rc != SEPOL_OK) { 1296 goto exit; 1297 } 1298 1299 rc = cil_cats_to_ebitmap(high->cats, &ehigh); 1300 if (rc != SEPOL_OK) { 1301 goto exit; 1302 } 1303 1304 return ebitmap_cmp(&elow, &ehigh); 1305 1306 exit: 1307 return rc; 1308 } 1309 1310 static int __cil_level_strlen(struct cil_level *lvl) 1311 { 1312 struct cil_list_item *item; 1313 struct cil_cats *cats = lvl->cats; 1314 int str_len = 0; 1315 char *str1 = NULL; 1316 char *str2 = NULL; 1317 int first = -1; 1318 int last = -1; 1319 1320 str_len += strlen(lvl->sens->datum.fqn); 1321 1322 if (cats && cats->datum_expr != NULL) { 1323 str_len++; /* initial ":" */ 1324 cil_list_for_each(item, cats->datum_expr) { 1325 struct cil_cat *cat = item->data; 1326 if (first == -1) { 1327 str1 = cat->datum.fqn; 1328 first = cat->value; 1329 last = first; 1330 } else if (cat->value == last + 1) { 1331 last++; 1332 str2 = cat->datum.fqn; 1333 } else { 1334 if (first == last) { 1335 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1; 1336 } else if (last == first + 1) { 1337 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1338 } else { 1339 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1340 } 1341 first = -1; 1342 last = -1; 1343 if (item->next != NULL) { 1344 str_len++; /* space for "," after */ 1345 } 1346 } 1347 } 1348 if (first != -1) { 1349 if (first == last) { 1350 str_len += strlen(str1); 1351 } else if (last == first + 1) { 1352 str_len += strlen(str1) + strlen(str2) + 1; 1353 } else { 1354 str_len += strlen(str1) + strlen(str2) + 1; 1355 } 1356 } 1357 } 1358 1359 return str_len; 1360 } 1361 1362 static int __cil_level_to_string(struct cil_level *lvl, char *out) 1363 { 1364 struct cil_list_item *item; 1365 struct cil_cats *cats = lvl->cats; 1366 int buf_pos = 0; 1367 char *str_tmp = out; 1368 char *str1 = NULL; 1369 char *str2 = NULL; 1370 int first = -1; 1371 int last = -1; 1372 1373 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn); 1374 str_tmp += buf_pos; 1375 1376 if (cats && cats->datum_expr != NULL) { 1377 buf_pos = sprintf(str_tmp, ":"); 1378 str_tmp += buf_pos; 1379 1380 cil_list_for_each(item, cats->datum_expr) { 1381 struct cil_cat *cat = item->data; 1382 if (first == -1) { 1383 str1 = cat->datum.fqn; 1384 first = cat->value; 1385 last = first; 1386 } else if (cat->value == last + 1) { 1387 last++; 1388 str2 = cat->datum.fqn; 1389 } else { 1390 if (first == last) { 1391 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn); 1392 str_tmp += buf_pos; 1393 } else if (last == first + 1) { 1394 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn); 1395 str_tmp += buf_pos; 1396 } else { 1397 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn); 1398 str_tmp += buf_pos; 1399 } 1400 first = -1; 1401 last = -1; 1402 if (item->next != NULL) { 1403 buf_pos = sprintf(str_tmp, ","); 1404 str_tmp += buf_pos; 1405 } 1406 } 1407 } 1408 if (first != -1) { 1409 if (first == last) { 1410 buf_pos = sprintf(str_tmp, "%s", str1); 1411 str_tmp += buf_pos; 1412 } else if (last == first + 1) { 1413 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2); 1414 str_tmp += buf_pos; 1415 } else { 1416 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2); 1417 str_tmp += buf_pos; 1418 } 1419 } 1420 } 1421 1422 return str_tmp - out; 1423 } 1424 1425 #ifdef DISABLE_SYMVER 1426 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) 1427 #else 1428 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1429 #endif 1430 { 1431 size_t str_len = 0; 1432 int buf_pos = 0; 1433 char *str_tmp = NULL; 1434 struct cil_list_item *curr; 1435 1436 if (db->selinuxusers->head == NULL) { 1437 *size = 0; 1438 *out = NULL; 1439 return SEPOL_OK; 1440 } 1441 1442 cil_list_for_each(curr, db->selinuxusers) { 1443 struct cil_selinuxuser *selinuxuser = curr->data; 1444 struct cil_user *user = selinuxuser->user; 1445 1446 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1; 1447 1448 if (db->mls == CIL_TRUE) { 1449 struct cil_levelrange *range = selinuxuser->range; 1450 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1451 } 1452 1453 str_len++; 1454 } 1455 1456 *size = str_len * sizeof(char); 1457 str_tmp = cil_malloc(*size+1); 1458 *out = str_tmp; 1459 1460 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) { 1461 struct cil_selinuxuser *selinuxuser = curr->data; 1462 struct cil_user *user = selinuxuser->user; 1463 1464 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn); 1465 str_tmp += buf_pos; 1466 1467 if (db->mls == CIL_TRUE) { 1468 struct cil_levelrange *range = selinuxuser->range; 1469 buf_pos = sprintf(str_tmp, ":"); 1470 str_tmp += buf_pos; 1471 buf_pos = __cil_level_to_string(range->low, str_tmp); 1472 str_tmp += buf_pos; 1473 buf_pos = sprintf(str_tmp, "-"); 1474 str_tmp += buf_pos; 1475 buf_pos = __cil_level_to_string(range->high, str_tmp); 1476 str_tmp += buf_pos; 1477 } 1478 1479 buf_pos = sprintf(str_tmp, "\n"); 1480 str_tmp += buf_pos; 1481 } 1482 1483 return SEPOL_OK; 1484 } 1485 1486 #ifndef DISABLE_SYMVER 1487 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1488 { 1489 return cil_selinuxusers_to_string_nopdb(db, out, size); 1490 } 1491 #endif 1492 1493 #ifdef DISABLE_SYMVER 1494 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) 1495 #else 1496 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1497 #endif 1498 { 1499 uint32_t i = 0; 1500 int buf_pos = 0; 1501 size_t str_len = 0; 1502 char *str_tmp = NULL; 1503 struct cil_sort *filecons = db->filecon; 1504 1505 for (i = 0; i < filecons->count; i++) { 1506 struct cil_filecon *filecon = filecons->array[i]; 1507 struct cil_context *ctx = filecon->context; 1508 1509 str_len += strlen(filecon->path_str); 1510 1511 if (filecon->type != CIL_FILECON_ANY) { 1512 /* If a type is specified, 1513 +2 for type string, +1 for tab */ 1514 str_len += 3; 1515 } 1516 1517 if (ctx != NULL) { 1518 struct cil_user *user = ctx->user; 1519 struct cil_role *role = ctx->role; 1520 struct cil_type *type = ctx->type; 1521 1522 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3); 1523 1524 if (db->mls == CIL_TRUE) { 1525 struct cil_levelrange *range = ctx->range; 1526 if (cil_level_equals(range->low, range->high)) { 1527 str_len += __cil_level_strlen(range->low) + 1; 1528 } else { 1529 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1530 } 1531 } 1532 } else { 1533 str_len += strlen("\t<<none>>"); 1534 } 1535 1536 str_len++; 1537 } 1538 1539 *size = str_len * sizeof(char); 1540 str_tmp = cil_malloc(*size+1); 1541 *out = str_tmp; 1542 1543 for (i = 0; i < filecons->count; i++) { 1544 struct cil_filecon *filecon = filecons->array[i]; 1545 struct cil_context *ctx = filecon->context; 1546 const char *str_type = NULL; 1547 1548 buf_pos = sprintf(str_tmp, "%s", filecon->path_str); 1549 str_tmp += buf_pos; 1550 1551 switch(filecon->type) { 1552 case CIL_FILECON_FILE: 1553 str_type = "\t--"; 1554 break; 1555 case CIL_FILECON_DIR: 1556 str_type = "\t-d"; 1557 break; 1558 case CIL_FILECON_CHAR: 1559 str_type = "\t-c"; 1560 break; 1561 case CIL_FILECON_BLOCK: 1562 str_type = "\t-b"; 1563 break; 1564 case CIL_FILECON_SOCKET: 1565 str_type = "\t-s"; 1566 break; 1567 case CIL_FILECON_PIPE: 1568 str_type = "\t-p"; 1569 break; 1570 case CIL_FILECON_SYMLINK: 1571 str_type = "\t-l"; 1572 break; 1573 default: 1574 str_type = ""; 1575 break; 1576 } 1577 buf_pos = sprintf(str_tmp, "%s", str_type); 1578 str_tmp += buf_pos; 1579 1580 if (ctx != NULL) { 1581 struct cil_user *user = ctx->user; 1582 struct cil_role *role = ctx->role; 1583 struct cil_type *type = ctx->type; 1584 1585 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn, 1586 type->datum.fqn); 1587 str_tmp += buf_pos; 1588 1589 if (db->mls == CIL_TRUE) { 1590 struct cil_levelrange *range = ctx->range; 1591 buf_pos = sprintf(str_tmp, ":"); 1592 str_tmp += buf_pos; 1593 buf_pos = __cil_level_to_string(range->low, str_tmp); 1594 str_tmp += buf_pos; 1595 1596 if (!cil_level_equals(range->low, range->high)) { 1597 buf_pos = sprintf(str_tmp, "-"); 1598 str_tmp += buf_pos; 1599 buf_pos = __cil_level_to_string(range->high, str_tmp); 1600 str_tmp += buf_pos; 1601 } 1602 } 1603 } else { 1604 buf_pos = sprintf(str_tmp, "\t<<none>>"); 1605 str_tmp += buf_pos; 1606 } 1607 1608 buf_pos = sprintf(str_tmp, "\n"); 1609 str_tmp += buf_pos; 1610 } 1611 1612 return SEPOL_OK; 1613 } 1614 1615 #ifndef DISABLE_SYMVER 1616 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1617 { 1618 return cil_filecons_to_string_nopdb(db, out, size); 1619 } 1620 #endif 1621 1622 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit) 1623 { 1624 db->disable_dontaudit = disable_dontaudit; 1625 } 1626 1627 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow) 1628 { 1629 db->disable_neverallow = disable_neverallow; 1630 } 1631 1632 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated) 1633 { 1634 db->attrs_expand_generated = attrs_expand_generated; 1635 } 1636 1637 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size) 1638 { 1639 db->attrs_expand_size = attrs_expand_size; 1640 } 1641 1642 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables) 1643 { 1644 db->preserve_tunables = preserve_tunables; 1645 } 1646 1647 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown) 1648 { 1649 int rc = 0; 1650 1651 switch (handle_unknown) { 1652 case SEPOL_DENY_UNKNOWN: 1653 case SEPOL_REJECT_UNKNOWN: 1654 case SEPOL_ALLOW_UNKNOWN: 1655 db->handle_unknown = handle_unknown; 1656 break; 1657 default: 1658 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown); 1659 rc = -1; 1660 } 1661 1662 return rc; 1663 } 1664 1665 void cil_set_mls(struct cil_db *db, int mls) 1666 { 1667 db->mls = mls; 1668 } 1669 1670 void cil_set_target_platform(struct cil_db *db, int target_platform) 1671 { 1672 db->target_platform = target_platform; 1673 } 1674 1675 void cil_set_policy_version(struct cil_db *db, int policy_version) 1676 { 1677 db->policy_version = policy_version; 1678 } 1679 1680 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM]) 1681 { 1682 uint32_t i = 0; 1683 for (i = 0; i < CIL_SYM_NUM; i++) { 1684 cil_symtab_init(&symtab[i], symtab_sizes[i]); 1685 } 1686 } 1687 1688 void cil_symtab_array_destroy(symtab_t symtab[]) 1689 { 1690 int i = 0; 1691 for (i = 0; i < CIL_SYM_NUM; i++) { 1692 cil_symtab_destroy(&symtab[i]); 1693 } 1694 } 1695 1696 void cil_destroy_ast_symtabs(struct cil_tree_node *current) 1697 { 1698 while (current) { 1699 switch (current->flavor) { 1700 case CIL_BLOCK: 1701 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab); 1702 break; 1703 case CIL_IN: 1704 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab); 1705 break; 1706 case CIL_CLASS: 1707 case CIL_COMMON: 1708 case CIL_MAP_CLASS: 1709 cil_symtab_destroy(&((struct cil_class*)current->data)->perms); 1710 break; 1711 case CIL_MACRO: 1712 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab); 1713 break; 1714 case CIL_CONDBLOCK: 1715 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab); 1716 break; 1717 default: 1718 break; 1719 } 1720 1721 if (current->cl_head) { 1722 cil_destroy_ast_symtabs(current->cl_head); 1723 } 1724 1725 current = current->next; 1726 } 1727 } 1728 1729 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index) 1730 { 1731 struct cil_tree_node *node = ast_node; 1732 *symtab = NULL; 1733 1734 if (sym_index == CIL_SYM_PERMS) { 1735 /* Class statements are not blocks, so the passed node should be the class */ 1736 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS || 1737 node->flavor == CIL_COMMON) { 1738 *symtab = &((struct cil_class*)node->data)->perms; 1739 return SEPOL_OK; 1740 } 1741 goto exit; 1742 } 1743 1744 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) { 1745 cil_log(CIL_ERR, "Invalid symtab type\n"); 1746 goto exit; 1747 } 1748 1749 while (node != NULL && *symtab == NULL) { 1750 switch (node->flavor) { 1751 case CIL_ROOT: 1752 *symtab = &((struct cil_root *)node->data)->symtab[sym_index]; 1753 break; 1754 case CIL_BLOCK: 1755 *symtab = &((struct cil_block*)node->data)->symtab[sym_index]; 1756 break; 1757 case CIL_MACRO: 1758 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index]; 1759 break; 1760 case CIL_IN: 1761 /* In blocks only exist before resolving the AST */ 1762 *symtab = &((struct cil_in*)node->data)->symtab[sym_index]; 1763 break; 1764 case CIL_CONDBLOCK: { 1765 if (node->parent->flavor == CIL_TUNABLEIF) { 1766 /* Cond blocks only exist before resolving the AST */ 1767 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index]; 1768 } else if (node->parent->flavor == CIL_BOOLEANIF) { 1769 node = node->parent->parent; 1770 } 1771 break; 1772 } 1773 default: 1774 node = node->parent; 1775 } 1776 } 1777 1778 if (*symtab == NULL) { 1779 goto exit; 1780 } 1781 1782 return SEPOL_OK; 1783 1784 exit: 1785 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node"); 1786 return SEPOL_ERR; 1787 } 1788 1789 void cil_sort_init(struct cil_sort **sort) 1790 { 1791 *sort = cil_malloc(sizeof(**sort)); 1792 1793 (*sort)->flavor = CIL_NONE; 1794 (*sort)->count = 0; 1795 (*sort)->index = 0; 1796 (*sort)->array = NULL; 1797 } 1798 1799 void cil_sort_destroy(struct cil_sort **sort) 1800 { 1801 (*sort)->flavor = CIL_NONE; 1802 (*sort)->count = 0; 1803 (*sort)->index = 0; 1804 if ((*sort)->array != NULL) { 1805 free((*sort)->array); 1806 } 1807 (*sort)->array = NULL; 1808 1809 free(*sort); 1810 *sort = NULL; 1811 } 1812 1813 void cil_netifcon_init(struct cil_netifcon **netifcon) 1814 { 1815 *netifcon = cil_malloc(sizeof(**netifcon)); 1816 1817 (*netifcon)->interface_str = NULL; 1818 (*netifcon)->if_context_str = NULL; 1819 (*netifcon)->if_context = NULL; 1820 (*netifcon)->packet_context_str = NULL; 1821 (*netifcon)->packet_context = NULL; 1822 (*netifcon)->context_str = NULL; 1823 } 1824 1825 void cil_context_init(struct cil_context **context) 1826 { 1827 *context = cil_malloc(sizeof(**context)); 1828 1829 cil_symtab_datum_init(&(*context)->datum); 1830 (*context)->user_str = NULL; 1831 (*context)->user = NULL; 1832 (*context)->role_str = NULL; 1833 (*context)->role = NULL; 1834 (*context)->type_str = NULL; 1835 (*context)->type = NULL; 1836 (*context)->range_str = NULL; 1837 (*context)->range = NULL; 1838 } 1839 1840 void cil_level_init(struct cil_level **level) 1841 { 1842 *level = cil_malloc(sizeof(**level)); 1843 1844 cil_symtab_datum_init(&(*level)->datum); 1845 (*level)->sens_str = NULL; 1846 (*level)->sens = NULL; 1847 (*level)->cats = NULL; 1848 } 1849 1850 void cil_levelrange_init(struct cil_levelrange **range) 1851 { 1852 *range = cil_malloc(sizeof(**range)); 1853 1854 cil_symtab_datum_init(&(*range)->datum); 1855 (*range)->low_str = NULL; 1856 (*range)->low = NULL; 1857 (*range)->high_str = NULL; 1858 (*range)->high = NULL; 1859 } 1860 1861 void cil_sens_init(struct cil_sens **sens) 1862 { 1863 *sens = cil_malloc(sizeof(**sens)); 1864 1865 cil_symtab_datum_init(&(*sens)->datum); 1866 1867 (*sens)->cats_list = NULL; 1868 1869 (*sens)->ordered = CIL_FALSE; 1870 } 1871 1872 void cil_block_init(struct cil_block **block) 1873 { 1874 *block = cil_malloc(sizeof(**block)); 1875 1876 cil_symtab_datum_init(&(*block)->datum); 1877 1878 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]); 1879 1880 (*block)->is_abstract = CIL_FALSE; 1881 1882 (*block)->bi_nodes = NULL; 1883 } 1884 1885 void cil_blockinherit_init(struct cil_blockinherit **inherit) 1886 { 1887 *inherit = cil_malloc(sizeof(**inherit)); 1888 (*inherit)->block_str = NULL; 1889 (*inherit)->block = NULL; 1890 } 1891 1892 void cil_blockabstract_init(struct cil_blockabstract **abstract) 1893 { 1894 *abstract = cil_malloc(sizeof(**abstract)); 1895 (*abstract)->block_str = NULL; 1896 } 1897 1898 void cil_in_init(struct cil_in **in) 1899 { 1900 *in = cil_malloc(sizeof(**in)); 1901 1902 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]); 1903 (*in)->block_str = NULL; 1904 } 1905 1906 void cil_class_init(struct cil_class **class) 1907 { 1908 *class = cil_malloc(sizeof(**class)); 1909 1910 cil_symtab_datum_init(&(*class)->datum); 1911 1912 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE); 1913 1914 (*class)->num_perms = 0; 1915 (*class)->common = NULL; 1916 (*class)->ordered = CIL_FALSE; 1917 } 1918 1919 void cil_classorder_init(struct cil_classorder **classorder) 1920 { 1921 *classorder = cil_malloc(sizeof(**classorder)); 1922 1923 (*classorder)->class_list_str = NULL; 1924 } 1925 1926 void cil_classcommon_init(struct cil_classcommon **classcommon) 1927 { 1928 *classcommon = cil_malloc(sizeof(**classcommon)); 1929 1930 (*classcommon)->class_str = NULL; 1931 (*classcommon)->common_str = NULL; 1932 } 1933 1934 void cil_sid_init(struct cil_sid **sid) 1935 { 1936 *sid = cil_malloc(sizeof(**sid)); 1937 1938 cil_symtab_datum_init(&(*sid)->datum); 1939 1940 (*sid)->ordered = CIL_FALSE; 1941 (*sid)->context = NULL; 1942 } 1943 1944 void cil_sidcontext_init(struct cil_sidcontext **sidcontext) 1945 { 1946 *sidcontext = cil_malloc(sizeof(**sidcontext)); 1947 1948 (*sidcontext)->sid_str = NULL; 1949 (*sidcontext)->context_str = NULL; 1950 (*sidcontext)->context = NULL; 1951 } 1952 1953 void cil_sidorder_init(struct cil_sidorder **sidorder) 1954 { 1955 *sidorder = cil_malloc(sizeof(**sidorder)); 1956 1957 (*sidorder)->sid_list_str = NULL; 1958 } 1959 1960 void cil_userrole_init(struct cil_userrole **userrole) 1961 { 1962 *userrole = cil_malloc(sizeof(**userrole)); 1963 1964 (*userrole)->user_str = NULL; 1965 (*userrole)->user = NULL; 1966 (*userrole)->role_str = NULL; 1967 (*userrole)->role = NULL; 1968 } 1969 1970 void cil_userprefix_init(struct cil_userprefix **userprefix) 1971 { 1972 *userprefix = cil_malloc(sizeof(**userprefix)); 1973 1974 (*userprefix)->user_str = NULL; 1975 (*userprefix)->user = NULL; 1976 (*userprefix)->prefix_str = NULL; 1977 } 1978 1979 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser) 1980 { 1981 *selinuxuser = cil_malloc(sizeof(**selinuxuser)); 1982 1983 (*selinuxuser)->name_str = NULL; 1984 (*selinuxuser)->user_str = NULL; 1985 (*selinuxuser)->user = NULL; 1986 (*selinuxuser)->range_str = NULL; 1987 (*selinuxuser)->range = NULL; 1988 } 1989 1990 void cil_roletype_init(struct cil_roletype **roletype) 1991 { 1992 *roletype = cil_malloc(sizeof(**roletype)); 1993 1994 (*roletype)->role_str = NULL; 1995 (*roletype)->role = NULL; 1996 (*roletype)->type_str = NULL; 1997 (*roletype)->type = NULL; 1998 } 1999 2000 void cil_roleattribute_init(struct cil_roleattribute **attr) 2001 { 2002 *attr = cil_malloc(sizeof(**attr)); 2003 2004 cil_symtab_datum_init(&(*attr)->datum); 2005 2006 (*attr)->expr_list = NULL; 2007 (*attr)->roles = NULL; 2008 } 2009 2010 void cil_roleattributeset_init(struct cil_roleattributeset **attrset) 2011 { 2012 *attrset = cil_malloc(sizeof(**attrset)); 2013 2014 (*attrset)->attr_str = NULL; 2015 (*attrset)->str_expr = NULL; 2016 (*attrset)->datum_expr = NULL; 2017 } 2018 2019 void cil_typeattribute_init(struct cil_typeattribute **attr) 2020 { 2021 *attr = cil_malloc(sizeof(**attr)); 2022 2023 cil_symtab_datum_init(&(*attr)->datum); 2024 2025 (*attr)->expr_list = NULL; 2026 (*attr)->types = NULL; 2027 (*attr)->used = CIL_FALSE; 2028 } 2029 2030 void cil_typeattributeset_init(struct cil_typeattributeset **attrset) 2031 { 2032 *attrset = cil_malloc(sizeof(**attrset)); 2033 2034 (*attrset)->attr_str = NULL; 2035 (*attrset)->str_expr = NULL; 2036 (*attrset)->datum_expr = NULL; 2037 } 2038 2039 void cil_alias_init(struct cil_alias **alias) 2040 { 2041 *alias = cil_malloc(sizeof(**alias)); 2042 2043 (*alias)->actual = NULL; 2044 2045 cil_symtab_datum_init(&(*alias)->datum); 2046 } 2047 2048 void cil_aliasactual_init(struct cil_aliasactual **aliasactual) 2049 { 2050 *aliasactual = cil_malloc(sizeof(**aliasactual)); 2051 2052 (*aliasactual)->alias_str = NULL; 2053 (*aliasactual)->actual_str = NULL; 2054 } 2055 2056 void cil_typepermissive_init(struct cil_typepermissive **typeperm) 2057 { 2058 *typeperm = cil_malloc(sizeof(**typeperm)); 2059 2060 (*typeperm)->type_str = NULL; 2061 (*typeperm)->type = NULL; 2062 } 2063 2064 void cil_name_init(struct cil_name **name) 2065 { 2066 *name = cil_malloc(sizeof(**name)); 2067 2068 cil_symtab_datum_init(&(*name)->datum); 2069 (*name)->name_str = NULL; 2070 } 2071 2072 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans) 2073 { 2074 *nametypetrans = cil_malloc(sizeof(**nametypetrans)); 2075 2076 (*nametypetrans)->src_str = NULL; 2077 (*nametypetrans)->src = NULL; 2078 (*nametypetrans)->tgt_str = NULL; 2079 (*nametypetrans)->tgt = NULL; 2080 (*nametypetrans)->obj_str = NULL; 2081 (*nametypetrans)->obj = NULL; 2082 (*nametypetrans)->name_str = NULL; 2083 (*nametypetrans)->name = NULL; 2084 (*nametypetrans)->result_str = NULL; 2085 (*nametypetrans)->result = NULL; 2086 } 2087 2088 void cil_rangetransition_init(struct cil_rangetransition **rangetrans) 2089 { 2090 *rangetrans = cil_malloc(sizeof(**rangetrans)); 2091 2092 (*rangetrans)->src_str = NULL; 2093 (*rangetrans)->src = NULL; 2094 (*rangetrans)->exec_str = NULL; 2095 (*rangetrans)->exec = NULL; 2096 (*rangetrans)->obj_str = NULL; 2097 (*rangetrans)->obj = NULL; 2098 (*rangetrans)->range_str = NULL; 2099 (*rangetrans)->range = NULL; 2100 } 2101 2102 void cil_bool_init(struct cil_bool **cilbool) 2103 { 2104 *cilbool = cil_malloc(sizeof(**cilbool)); 2105 2106 cil_symtab_datum_init(&(*cilbool)->datum); 2107 (*cilbool)->value = 0; 2108 } 2109 2110 void cil_tunable_init(struct cil_tunable **ciltun) 2111 { 2112 *ciltun = cil_malloc(sizeof(**ciltun)); 2113 2114 cil_symtab_datum_init(&(*ciltun)->datum); 2115 (*ciltun)->value = 0; 2116 } 2117 2118 void cil_condblock_init(struct cil_condblock **cb) 2119 { 2120 *cb = cil_malloc(sizeof(**cb)); 2121 2122 (*cb)->flavor = CIL_NONE; 2123 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]); 2124 } 2125 2126 void cil_boolif_init(struct cil_booleanif **bif) 2127 { 2128 *bif = cil_malloc(sizeof(**bif)); 2129 2130 (*bif)->str_expr = NULL; 2131 (*bif)->datum_expr = NULL; 2132 } 2133 2134 void cil_tunif_init(struct cil_tunableif **tif) 2135 { 2136 *tif = cil_malloc(sizeof(**tif)); 2137 2138 (*tif)->str_expr = NULL; 2139 (*tif)->datum_expr = NULL; 2140 } 2141 2142 void cil_avrule_init(struct cil_avrule **avrule) 2143 { 2144 *avrule = cil_malloc(sizeof(**avrule)); 2145 2146 (*avrule)->is_extended = 0; 2147 (*avrule)->rule_kind = CIL_NONE; 2148 (*avrule)->src_str = NULL; 2149 (*avrule)->src = NULL; 2150 (*avrule)->tgt_str = NULL; 2151 (*avrule)->tgt = NULL; 2152 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms)); 2153 } 2154 2155 void cil_permissionx_init(struct cil_permissionx **permx) 2156 { 2157 *permx = cil_malloc(sizeof(**permx)); 2158 2159 cil_symtab_datum_init(&(*permx)->datum); 2160 (*permx)->kind = CIL_NONE; 2161 (*permx)->obj_str = NULL; 2162 (*permx)->obj = NULL; 2163 (*permx)->expr_str = NULL; 2164 (*permx)->perms = NULL; 2165 } 2166 2167 void cil_type_rule_init(struct cil_type_rule **type_rule) 2168 { 2169 *type_rule = cil_malloc(sizeof(**type_rule)); 2170 2171 (*type_rule)->rule_kind = CIL_NONE; 2172 (*type_rule)->src_str = NULL; 2173 (*type_rule)->src = NULL; 2174 (*type_rule)->tgt_str = NULL; 2175 (*type_rule)->tgt = NULL; 2176 (*type_rule)->obj_str = NULL; 2177 (*type_rule)->obj = NULL; 2178 (*type_rule)->result_str = NULL; 2179 (*type_rule)->result = NULL; 2180 } 2181 2182 void cil_roletransition_init(struct cil_roletransition **role_trans) 2183 { 2184 *role_trans = cil_malloc(sizeof(**role_trans)); 2185 2186 (*role_trans)->src_str = NULL; 2187 (*role_trans)->src = NULL; 2188 (*role_trans)->tgt_str = NULL; 2189 (*role_trans)->tgt = NULL; 2190 (*role_trans)->obj_str = NULL; 2191 (*role_trans)->obj = NULL; 2192 (*role_trans)->result_str = NULL; 2193 (*role_trans)->result = NULL; 2194 } 2195 2196 void cil_roleallow_init(struct cil_roleallow **roleallow) 2197 { 2198 *roleallow = cil_malloc(sizeof(**roleallow)); 2199 2200 (*roleallow)->src_str = NULL; 2201 (*roleallow)->src = NULL; 2202 (*roleallow)->tgt_str = NULL; 2203 (*roleallow)->tgt = NULL; 2204 } 2205 2206 void cil_catset_init(struct cil_catset **catset) 2207 { 2208 *catset = cil_malloc(sizeof(**catset)); 2209 2210 cil_symtab_datum_init(&(*catset)->datum); 2211 (*catset)->cats = NULL; 2212 } 2213 2214 void cil_senscat_init(struct cil_senscat **senscat) 2215 { 2216 *senscat = cil_malloc(sizeof(**senscat)); 2217 2218 (*senscat)->sens_str = NULL; 2219 (*senscat)->cats = NULL; 2220 } 2221 2222 void cil_cats_init(struct cil_cats **cats) 2223 { 2224 *cats = cil_malloc(sizeof(**cats)); 2225 2226 (*cats)->evaluated = CIL_FALSE; 2227 (*cats)->str_expr = NULL; 2228 (*cats)->datum_expr = NULL; 2229 } 2230 2231 void cil_filecon_init(struct cil_filecon **filecon) 2232 { 2233 *filecon = cil_malloc(sizeof(**filecon)); 2234 2235 (*filecon)->path_str = NULL; 2236 (*filecon)->type = 0; 2237 (*filecon)->context_str = NULL; 2238 (*filecon)->context = NULL; 2239 } 2240 2241 void cil_portcon_init(struct cil_portcon **portcon) 2242 { 2243 *portcon = cil_malloc(sizeof(**portcon)); 2244 (*portcon)->proto = 0; 2245 (*portcon)->port_low = 0; 2246 (*portcon)->port_high = 0; 2247 (*portcon)->context_str = NULL; 2248 (*portcon)->context = NULL; 2249 } 2250 2251 void cil_nodecon_init(struct cil_nodecon **nodecon) 2252 { 2253 *nodecon = cil_malloc(sizeof(**nodecon)); 2254 2255 (*nodecon)->addr_str = NULL; 2256 (*nodecon)->addr = NULL; 2257 (*nodecon)->mask_str = NULL; 2258 (*nodecon)->mask = NULL; 2259 (*nodecon)->context_str = NULL; 2260 (*nodecon)->context = NULL; 2261 } 2262 2263 void cil_genfscon_init(struct cil_genfscon **genfscon) 2264 { 2265 *genfscon = cil_malloc(sizeof(**genfscon)); 2266 2267 (*genfscon)->fs_str = NULL; 2268 (*genfscon)->path_str = NULL; 2269 (*genfscon)->context_str = NULL; 2270 (*genfscon)->context = NULL; 2271 } 2272 2273 void cil_pirqcon_init(struct cil_pirqcon **pirqcon) 2274 { 2275 *pirqcon = cil_malloc(sizeof(**pirqcon)); 2276 2277 (*pirqcon)->pirq = 0; 2278 (*pirqcon)->context_str = NULL; 2279 (*pirqcon)->context = NULL; 2280 } 2281 2282 void cil_iomemcon_init(struct cil_iomemcon **iomemcon) 2283 { 2284 *iomemcon = cil_malloc(sizeof(**iomemcon)); 2285 2286 (*iomemcon)->iomem_low = 0; 2287 (*iomemcon)->iomem_high = 0; 2288 (*iomemcon)->context_str = NULL; 2289 (*iomemcon)->context = NULL; 2290 } 2291 2292 void cil_ioportcon_init(struct cil_ioportcon **ioportcon) 2293 { 2294 *ioportcon = cil_malloc(sizeof(**ioportcon)); 2295 2296 (*ioportcon)->context_str = NULL; 2297 (*ioportcon)->context = NULL; 2298 } 2299 2300 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon) 2301 { 2302 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon)); 2303 2304 (*pcidevicecon)->dev = 0; 2305 (*pcidevicecon)->context_str = NULL; 2306 (*pcidevicecon)->context = NULL; 2307 } 2308 2309 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon) 2310 { 2311 *dtcon = cil_malloc(sizeof(**dtcon)); 2312 2313 (*dtcon)->path = NULL; 2314 (*dtcon)->context_str = NULL; 2315 (*dtcon)->context = NULL; 2316 } 2317 2318 void cil_fsuse_init(struct cil_fsuse **fsuse) 2319 { 2320 *fsuse = cil_malloc(sizeof(**fsuse)); 2321 2322 (*fsuse)->type = 0; 2323 (*fsuse)->fs_str = NULL; 2324 (*fsuse)->context_str = NULL; 2325 (*fsuse)->context = NULL; 2326 } 2327 2328 void cil_constrain_init(struct cil_constrain **constrain) 2329 { 2330 *constrain = cil_malloc(sizeof(**constrain)); 2331 2332 (*constrain)->classperms = NULL; 2333 (*constrain)->str_expr = NULL; 2334 (*constrain)->datum_expr = NULL; 2335 } 2336 2337 void cil_validatetrans_init(struct cil_validatetrans **validtrans) 2338 { 2339 *validtrans = cil_malloc(sizeof(**validtrans)); 2340 2341 (*validtrans)->class_str = NULL; 2342 (*validtrans)->class = NULL; 2343 (*validtrans)->str_expr = NULL; 2344 (*validtrans)->datum_expr = NULL; 2345 } 2346 2347 void cil_ipaddr_init(struct cil_ipaddr **ipaddr) 2348 { 2349 *ipaddr = cil_malloc(sizeof(**ipaddr)); 2350 2351 cil_symtab_datum_init(&(*ipaddr)->datum); 2352 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip)); 2353 } 2354 2355 void cil_perm_init(struct cil_perm **perm) 2356 { 2357 *perm = cil_malloc(sizeof(**perm)); 2358 2359 cil_symtab_datum_init(&(*perm)->datum); 2360 (*perm)->value = 0; 2361 (*perm)->classperms = NULL; 2362 } 2363 2364 void cil_classpermission_init(struct cil_classpermission **cp) 2365 { 2366 *cp = cil_malloc(sizeof(**cp)); 2367 2368 cil_symtab_datum_init(&(*cp)->datum); 2369 (*cp)->classperms = NULL; 2370 } 2371 2372 void cil_classpermissionset_init(struct cil_classpermissionset **cps) 2373 { 2374 *cps = cil_malloc(sizeof(**cps)); 2375 2376 (*cps)->set_str = NULL; 2377 (*cps)->classperms = NULL; 2378 } 2379 2380 void cil_classperms_set_init(struct cil_classperms_set **cp_set) 2381 { 2382 *cp_set = cil_malloc(sizeof(**cp_set)); 2383 (*cp_set)->set_str = NULL; 2384 (*cp_set)->set = NULL; 2385 } 2386 2387 void cil_classperms_init(struct cil_classperms **cp) 2388 { 2389 *cp = cil_malloc(sizeof(**cp)); 2390 (*cp)->class_str = NULL; 2391 (*cp)->class = NULL; 2392 (*cp)->perm_strs = NULL; 2393 (*cp)->perms = NULL; 2394 } 2395 2396 void cil_classmapping_init(struct cil_classmapping **mapping) 2397 { 2398 *mapping = cil_malloc(sizeof(**mapping)); 2399 2400 (*mapping)->map_class_str = NULL; 2401 (*mapping)->map_perm_str = NULL; 2402 (*mapping)->classperms = NULL; 2403 } 2404 2405 void cil_user_init(struct cil_user **user) 2406 { 2407 *user = cil_malloc(sizeof(**user)); 2408 2409 cil_symtab_datum_init(&(*user)->datum); 2410 (*user)->bounds = NULL; 2411 (*user)->roles = NULL; 2412 (*user)->dftlevel = NULL; 2413 (*user)->range = NULL; 2414 (*user)->value = 0; 2415 } 2416 2417 void cil_userattribute_init(struct cil_userattribute **attr) 2418 { 2419 *attr = cil_malloc(sizeof(**attr)); 2420 2421 cil_symtab_datum_init(&(*attr)->datum); 2422 2423 (*attr)->expr_list = NULL; 2424 (*attr)->users = NULL; 2425 } 2426 2427 void cil_userattributeset_init(struct cil_userattributeset **attrset) 2428 { 2429 *attrset = cil_malloc(sizeof(**attrset)); 2430 2431 (*attrset)->attr_str = NULL; 2432 (*attrset)->str_expr = NULL; 2433 (*attrset)->datum_expr = NULL; 2434 } 2435 2436 void cil_userlevel_init(struct cil_userlevel **usrlvl) 2437 { 2438 *usrlvl = cil_malloc(sizeof(**usrlvl)); 2439 2440 (*usrlvl)->user_str = NULL; 2441 (*usrlvl)->level_str = NULL; 2442 (*usrlvl)->level = NULL; 2443 } 2444 2445 void cil_userrange_init(struct cil_userrange **userrange) 2446 { 2447 *userrange = cil_malloc(sizeof(**userrange)); 2448 2449 (*userrange)->user_str = NULL; 2450 (*userrange)->range_str = NULL; 2451 (*userrange)->range = NULL; 2452 } 2453 2454 void cil_role_init(struct cil_role **role) 2455 { 2456 *role = cil_malloc(sizeof(**role)); 2457 2458 cil_symtab_datum_init(&(*role)->datum); 2459 (*role)->bounds = NULL; 2460 (*role)->types = NULL; 2461 (*role)->value = 0; 2462 } 2463 2464 void cil_type_init(struct cil_type **type) 2465 { 2466 *type = cil_malloc(sizeof(**type)); 2467 2468 cil_symtab_datum_init(&(*type)->datum); 2469 (*type)->bounds = NULL; 2470 (*type)->value = 0; 2471 } 2472 2473 void cil_cat_init(struct cil_cat **cat) 2474 { 2475 *cat = cil_malloc(sizeof(**cat)); 2476 2477 cil_symtab_datum_init(&(*cat)->datum); 2478 (*cat)->ordered = CIL_FALSE; 2479 (*cat)->value = 0; 2480 } 2481 2482 void cil_catorder_init(struct cil_catorder **catorder) 2483 { 2484 *catorder = cil_malloc(sizeof(**catorder)); 2485 2486 (*catorder)->cat_list_str = NULL; 2487 } 2488 2489 void cil_sensorder_init(struct cil_sensorder **sensorder) 2490 { 2491 *sensorder = cil_malloc(sizeof(**sensorder)); 2492 2493 (*sensorder)->sens_list_str = NULL; 2494 } 2495 2496 void cil_args_init(struct cil_args **args) 2497 { 2498 *args = cil_malloc(sizeof(**args)); 2499 (*args)->arg_str = NULL; 2500 (*args)->arg = NULL; 2501 (*args)->param_str = NULL; 2502 (*args)->flavor = CIL_NONE; 2503 } 2504 2505 void cil_call_init(struct cil_call **call) 2506 { 2507 *call = cil_malloc(sizeof(**call)); 2508 2509 (*call)->macro_str = NULL; 2510 (*call)->macro = NULL; 2511 (*call)->args_tree = NULL; 2512 (*call)->args = NULL; 2513 (*call)->copied = 0; 2514 } 2515 2516 void cil_optional_init(struct cil_optional **optional) 2517 { 2518 *optional = cil_malloc(sizeof(**optional)); 2519 (*optional)->enabled = CIL_TRUE; 2520 cil_symtab_datum_init(&(*optional)->datum); 2521 } 2522 2523 void cil_param_init(struct cil_param **param) 2524 { 2525 *param = cil_malloc(sizeof(**param)); 2526 2527 (*param)->str = NULL; 2528 (*param)->flavor = CIL_NONE; 2529 } 2530 2531 void cil_macro_init(struct cil_macro **macro) 2532 { 2533 *macro = cil_malloc(sizeof(**macro)); 2534 2535 cil_symtab_datum_init(&(*macro)->datum); 2536 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]); 2537 (*macro)->params = NULL; 2538 } 2539 2540 void cil_policycap_init(struct cil_policycap **policycap) 2541 { 2542 *policycap = cil_malloc(sizeof(**policycap)); 2543 2544 cil_symtab_datum_init(&(*policycap)->datum); 2545 } 2546 2547 void cil_bounds_init(struct cil_bounds **bounds) 2548 { 2549 *bounds = cil_malloc(sizeof(**bounds)); 2550 2551 (*bounds)->parent_str = NULL; 2552 (*bounds)->child_str = NULL; 2553 } 2554 2555 void cil_default_init(struct cil_default **def) 2556 { 2557 *def = cil_malloc(sizeof(**def)); 2558 2559 (*def)->flavor = CIL_NONE; 2560 (*def)->class_strs = NULL; 2561 (*def)->class_datums = NULL; 2562 } 2563 2564 void cil_defaultrange_init(struct cil_defaultrange **def) 2565 { 2566 *def = cil_malloc(sizeof(**def)); 2567 2568 (*def)->class_strs = NULL; 2569 (*def)->class_datums = NULL; 2570 } 2571 2572 void cil_handleunknown_init(struct cil_handleunknown **unk) 2573 { 2574 *unk = cil_malloc(sizeof(**unk)); 2575 } 2576 2577 void cil_mls_init(struct cil_mls **mls) 2578 { 2579 *mls = cil_malloc(sizeof(**mls)); 2580 (*mls)->value = 0; 2581 } 2582 2583 void cil_src_info_init(struct cil_src_info **info) 2584 { 2585 *info = cil_malloc(sizeof(**info)); 2586 (*info)->is_cil = 0; 2587 (*info)->path = NULL; 2588 } 2589