Home | History | Annotate | Download | only in src

Lines Matching defs:avrule

34 	avrule_t *avrule;
39 static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule,
43 	if (avrule->source_filename) {
45 		    avrule->source_line, avrule->source_filename, avrule->line,
50 	} else if (avrule->line) {
52 		    avrule->line, p->p_type_val_to_name[stype],
141 				policydb_t *p, const avrule_t *avrule,
176 				rc = check_extended_permissions(avrule->xperms, xperms);
179 					extended_permissions_violated(&error, avrule->xperms, xperms);
182 							avrule->source_line, avrule->source_filename, avrule->line,
199 				avrule->source_line, avrule->source_filename, avrule->line,
218 	avrule_t *avrule = a->avrule;
228 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
236 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
244 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);
248 	if (avrule->flags == RULE_SELF) {
252 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);
266 	for (cp = avrule->perms; cp; cp = cp->next) {
280 				if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
281 					a->errors += report_assertion_extended_permissions(handle,p, avrule,
285 					report_failure(handle, p, avrule, i, j, cp, perms);
303 int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avrule_t *avrule)
310 	args.avrule = avrule;
331 static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t *avtab,
338 	av_extended_perms_t *neverallow_xperms = avrule->xperms;
376  * avrule neverallowxperm entry, enumerate over the matching
390 static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab,
405 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
413 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types,
418 	if (avrule->flags == RULE_SELF) {
423 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);
437 	for (cp = avrule->perms; cp; cp = cp->next) {
448 						avrule, avtab, i, j, k, p);
471 	avrule_t *avrule = a->avrule;
477 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
480 	rc = ebitmap_match_any(&avrule->stypes.types, &p->attr_type_map[k->source_type - 1]);
484 	if (avrule->flags == RULE_SELF) {
496 		rc2 = ebitmap_match_any(&avrule->stypes.types, &match);
501 	rc = ebitmap_match_any(&avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);
505 	if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
506 		rc = check_assertion_extended_permissions(avrule, avtab, k, p);
520 int check_assertion(policydb_t *p, avrule_t *avrule)
527 	args.avrule = avrule;