1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 33 #include <sepol/policydb/policydb.h> 34 #include <sepol/policydb/symtab.h> 35 36 #include "cil_internal.h" 37 #include "cil_flavor.h" 38 #include "cil_log.h" 39 #include "cil_mem.h" 40 #include "cil_tree.h" 41 #include "cil_list.h" 42 #include "cil_symtab.h" 43 #include "cil_build_ast.h" 44 45 #include "cil_parser.h" 46 #include "cil_build_ast.h" 47 #include "cil_resolve_ast.h" 48 #include "cil_fqn.h" 49 #include "cil_post.h" 50 #include "cil_binary.h" 51 #include "cil_policy.h" 52 #include "cil_strpool.h" 53 #include "dso.h" 54 55 #ifndef DISABLE_SYMVER 56 asm(".symver cil_build_policydb_pdb, cil_build_policydb (at) LIBSEPOL_1.0"); 57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); 58 59 asm(".symver cil_compile_pdb, cil_compile (at) LIBSEPOL_1.0"); 60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1"); 61 62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string (at) LIBSEPOL_1.0"); 63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1"); 64 65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string (at) LIBSEPOL_1.0"); 66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1"); 67 68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string (at) LIBSEPOL_1.0"); 69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1"); 70 #endif 71 72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { 73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} 78 }; 79 80 static void cil_init_keys(void) 81 { 82 /* Initialize CIL Keys into strpool */ 83 CIL_KEY_CONS_T1 = cil_strpool_add("t1"); 84 CIL_KEY_CONS_T2 = cil_strpool_add("t2"); 85 CIL_KEY_CONS_T3 = cil_strpool_add("t3"); 86 CIL_KEY_CONS_R1 = cil_strpool_add("r1"); 87 CIL_KEY_CONS_R2 = cil_strpool_add("r2"); 88 CIL_KEY_CONS_R3 = cil_strpool_add("r3"); 89 CIL_KEY_CONS_U1 = cil_strpool_add("u1"); 90 CIL_KEY_CONS_U2 = cil_strpool_add("u2"); 91 CIL_KEY_CONS_U3 = cil_strpool_add("u3"); 92 CIL_KEY_CONS_L1 = cil_strpool_add("l1"); 93 CIL_KEY_CONS_L2 = cil_strpool_add("l2"); 94 CIL_KEY_CONS_H1 = cil_strpool_add("h1"); 95 CIL_KEY_CONS_H2 = cil_strpool_add("h2"); 96 CIL_KEY_AND = cil_strpool_add("and"); 97 CIL_KEY_OR = cil_strpool_add("or"); 98 CIL_KEY_NOT = cil_strpool_add("not"); 99 CIL_KEY_EQ = cil_strpool_add("eq"); 100 CIL_KEY_NEQ = cil_strpool_add("neq"); 101 CIL_KEY_CONS_DOM = cil_strpool_add("dom"); 102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby"); 103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp"); 104 CIL_KEY_CONDTRUE = cil_strpool_add("true"); 105 CIL_KEY_CONDFALSE = cil_strpool_add("false"); 106 CIL_KEY_SELF = cil_strpool_add("self"); 107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r"); 108 CIL_KEY_STAR = cil_strpool_add("*"); 109 CIL_KEY_UDP = cil_strpool_add("udp"); 110 CIL_KEY_TCP = cil_strpool_add("tcp"); 111 CIL_KEY_DCCP = cil_strpool_add("dccp"); 112 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); 113 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); 114 CIL_KEY_ALLOW = cil_strpool_add("allow"); 115 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit"); 116 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition"); 117 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange"); 118 CIL_KEY_CALL = cil_strpool_add("call"); 119 CIL_KEY_TUNABLE = cil_strpool_add("tunable"); 120 CIL_KEY_XOR = cil_strpool_add("xor"); 121 CIL_KEY_ALL = cil_strpool_add("all"); 122 CIL_KEY_RANGE = cil_strpool_add("range"); 123 CIL_KEY_TYPE = cil_strpool_add("type"); 124 CIL_KEY_ROLE = cil_strpool_add("role"); 125 CIL_KEY_USER = cil_strpool_add("user"); 126 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute"); 127 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset"); 128 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity"); 129 CIL_KEY_CATEGORY = cil_strpool_add("category"); 130 CIL_KEY_CATSET = cil_strpool_add("categoryset"); 131 CIL_KEY_LEVEL = cil_strpool_add("level"); 132 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange"); 133 CIL_KEY_CLASS = cil_strpool_add("class"); 134 CIL_KEY_IPADDR = cil_strpool_add("ipaddr"); 135 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap"); 136 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission"); 137 CIL_KEY_BOOL = cil_strpool_add("boolean"); 138 CIL_KEY_STRING = cil_strpool_add("string"); 139 CIL_KEY_NAME = cil_strpool_add("name"); 140 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown"); 141 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow"); 142 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny"); 143 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject"); 144 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit"); 145 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract"); 146 CIL_KEY_CLASSORDER = cil_strpool_add("classorder"); 147 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping"); 148 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset"); 149 CIL_KEY_COMMON = cil_strpool_add("common"); 150 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon"); 151 CIL_KEY_SID = cil_strpool_add("sid"); 152 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext"); 153 CIL_KEY_SIDORDER = cil_strpool_add("sidorder"); 154 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel"); 155 CIL_KEY_USERRANGE = cil_strpool_add("userrange"); 156 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds"); 157 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix"); 158 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser"); 159 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault"); 160 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute"); 161 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset"); 162 CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute"); 163 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias"); 164 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual"); 165 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds"); 166 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive"); 167 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition"); 168 CIL_KEY_USERROLE = cil_strpool_add("userrole"); 169 CIL_KEY_ROLETYPE = cil_strpool_add("roletype"); 170 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition"); 171 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow"); 172 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute"); 173 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset"); 174 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds"); 175 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif"); 176 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow"); 177 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember"); 178 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias"); 179 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual"); 180 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias"); 181 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual"); 182 CIL_KEY_CATORDER = cil_strpool_add("categoryorder"); 183 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder"); 184 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory"); 185 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain"); 186 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain"); 187 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans"); 188 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans"); 189 CIL_KEY_CONTEXT = cil_strpool_add("context"); 190 CIL_KEY_FILECON = cil_strpool_add("filecon"); 191 CIL_KEY_PORTCON = cil_strpool_add("portcon"); 192 CIL_KEY_NODECON = cil_strpool_add("nodecon"); 193 CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); 194 CIL_KEY_NETIFCON = cil_strpool_add("netifcon"); 195 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon"); 196 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon"); 197 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon"); 198 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon"); 199 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon"); 200 CIL_KEY_FSUSE = cil_strpool_add("fsuse"); 201 CIL_KEY_POLICYCAP = cil_strpool_add("policycap"); 202 CIL_KEY_OPTIONAL = cil_strpool_add("optional"); 203 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser"); 204 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole"); 205 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype"); 206 CIL_KEY_MACRO = cil_strpool_add("macro"); 207 CIL_KEY_IN = cil_strpool_add("in"); 208 CIL_KEY_MLS = cil_strpool_add("mls"); 209 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange"); 210 CIL_KEY_GLOB = cil_strpool_add("*"); 211 CIL_KEY_FILE = cil_strpool_add("file"); 212 CIL_KEY_DIR = cil_strpool_add("dir"); 213 CIL_KEY_CHAR = cil_strpool_add("char"); 214 CIL_KEY_BLOCK = cil_strpool_add("block"); 215 CIL_KEY_SOCKET = cil_strpool_add("socket"); 216 CIL_KEY_PIPE = cil_strpool_add("pipe"); 217 CIL_KEY_SYMLINK = cil_strpool_add("symlink"); 218 CIL_KEY_ANY = cil_strpool_add("any"); 219 CIL_KEY_XATTR = cil_strpool_add("xattr"); 220 CIL_KEY_TASK = cil_strpool_add("task"); 221 CIL_KEY_TRANS = cil_strpool_add("trans"); 222 CIL_KEY_SOURCE = cil_strpool_add("source"); 223 CIL_KEY_TARGET = cil_strpool_add("target"); 224 CIL_KEY_LOW = cil_strpool_add("low"); 225 CIL_KEY_HIGH = cil_strpool_add("high"); 226 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high"); 227 CIL_KEY_ROOT = cil_strpool_add("<root>"); 228 CIL_KEY_NODE = cil_strpool_add("<node>"); 229 CIL_KEY_PERM = cil_strpool_add("perm"); 230 CIL_KEY_ALLOWX = cil_strpool_add("allowx"); 231 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx"); 232 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx"); 233 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx"); 234 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx"); 235 CIL_KEY_IOCTL = cil_strpool_add("ioctl"); 236 CIL_KEY_UNORDERED = cil_strpool_add("unordered"); 237 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>"); 238 CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>"); 239 CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>"); 240 } 241 242 void cil_db_init(struct cil_db **db) 243 { 244 *db = cil_malloc(sizeof(**db)); 245 246 cil_strpool_init(); 247 cil_init_keys(); 248 249 cil_tree_init(&(*db)->parse); 250 cil_tree_init(&(*db)->ast); 251 cil_root_init((struct cil_root **)&(*db)->ast->root->data); 252 (*db)->sidorder = NULL; 253 (*db)->classorder = NULL; 254 (*db)->catorder = NULL; 255 (*db)->sensitivityorder = NULL; 256 cil_sort_init(&(*db)->netifcon); 257 cil_sort_init(&(*db)->genfscon); 258 cil_sort_init(&(*db)->filecon); 259 cil_sort_init(&(*db)->nodecon); 260 cil_sort_init(&(*db)->portcon); 261 cil_sort_init(&(*db)->pirqcon); 262 cil_sort_init(&(*db)->iomemcon); 263 cil_sort_init(&(*db)->ioportcon); 264 cil_sort_init(&(*db)->pcidevicecon); 265 cil_sort_init(&(*db)->devicetreecon); 266 cil_sort_init(&(*db)->fsuse); 267 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM); 268 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM); 269 cil_list_init(&(*db)->names, CIL_LIST_ITEM); 270 271 cil_type_init(&(*db)->selftype); 272 (*db)->selftype->datum.name = CIL_KEY_SELF; 273 (*db)->selftype->datum.fqn = CIL_KEY_SELF; 274 (*db)->num_types_and_attrs = 0; 275 (*db)->num_classes = 0; 276 (*db)->num_types = 0; 277 (*db)->num_roles = 0; 278 (*db)->num_users = 0; 279 (*db)->num_cats = 0; 280 (*db)->val_to_type = NULL; 281 (*db)->val_to_role = NULL; 282 (*db)->val_to_user = NULL; 283 284 (*db)->disable_dontaudit = CIL_FALSE; 285 (*db)->disable_neverallow = CIL_FALSE; 286 (*db)->attrs_expand_generated = CIL_FALSE; 287 (*db)->attrs_expand_size = 1; 288 (*db)->preserve_tunables = CIL_FALSE; 289 (*db)->handle_unknown = -1; 290 (*db)->mls = -1; 291 (*db)->target_platform = SEPOL_TARGET_SELINUX; 292 (*db)->policy_version = POLICYDB_VERSION_MAX; 293 } 294 295 void cil_db_destroy(struct cil_db **db) 296 { 297 if (db == NULL || *db == NULL) { 298 return; 299 } 300 301 cil_tree_destroy(&(*db)->parse); 302 cil_tree_destroy(&(*db)->ast); 303 cil_list_destroy(&(*db)->sidorder, CIL_FALSE); 304 cil_list_destroy(&(*db)->classorder, CIL_FALSE); 305 cil_list_destroy(&(*db)->catorder, CIL_FALSE); 306 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE); 307 cil_sort_destroy(&(*db)->netifcon); 308 cil_sort_destroy(&(*db)->genfscon); 309 cil_sort_destroy(&(*db)->filecon); 310 cil_sort_destroy(&(*db)->nodecon); 311 cil_sort_destroy(&(*db)->portcon); 312 cil_sort_destroy(&(*db)->pirqcon); 313 cil_sort_destroy(&(*db)->iomemcon); 314 cil_sort_destroy(&(*db)->ioportcon); 315 cil_sort_destroy(&(*db)->pcidevicecon); 316 cil_sort_destroy(&(*db)->devicetreecon); 317 cil_sort_destroy(&(*db)->fsuse); 318 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE); 319 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE); 320 cil_list_destroy(&(*db)->names, CIL_TRUE); 321 322 cil_destroy_type((*db)->selftype); 323 324 cil_strpool_destroy(); 325 free((*db)->val_to_type); 326 free((*db)->val_to_role); 327 free((*db)->val_to_user); 328 329 free(*db); 330 *db = NULL; 331 } 332 333 void cil_root_init(struct cil_root **root) 334 { 335 struct cil_root *r = cil_malloc(sizeof(*r)); 336 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]); 337 338 *root = r; 339 } 340 341 void cil_root_destroy(struct cil_root *root) 342 { 343 if (root == NULL) { 344 return; 345 } 346 cil_symtab_array_destroy(root->symtab); 347 free(root); 348 } 349 350 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size) 351 { 352 char *buffer = NULL; 353 int rc; 354 355 cil_log(CIL_INFO, "Parsing %s\n", name); 356 357 buffer = cil_malloc(size + 2); 358 memcpy(buffer, data, size); 359 memset(buffer + size, 0, 2); 360 361 rc = cil_parser(name, buffer, size + 2, &db->parse); 362 if (rc != SEPOL_OK) { 363 cil_log(CIL_INFO, "Failed to parse %s\n", name); 364 goto exit; 365 } 366 367 free(buffer); 368 buffer = NULL; 369 370 rc = SEPOL_OK; 371 372 exit: 373 free(buffer); 374 375 return rc; 376 } 377 378 #ifdef DISABLE_SYMVER 379 int cil_compile(struct cil_db *db) 380 #else 381 int cil_compile_nopdb(struct cil_db *db) 382 #endif 383 { 384 int rc = SEPOL_ERR; 385 386 if (db == NULL) { 387 goto exit; 388 } 389 390 cil_log(CIL_INFO, "Building AST from Parse Tree\n"); 391 rc = cil_build_ast(db, db->parse->root, db->ast->root); 392 if (rc != SEPOL_OK) { 393 cil_log(CIL_INFO, "Failed to build ast\n"); 394 goto exit; 395 } 396 397 cil_log(CIL_INFO, "Destroying Parse Tree\n"); 398 cil_tree_destroy(&db->parse); 399 400 cil_log(CIL_INFO, "Resolving AST\n"); 401 rc = cil_resolve_ast(db, db->ast->root); 402 if (rc != SEPOL_OK) { 403 cil_log(CIL_INFO, "Failed to resolve ast\n"); 404 goto exit; 405 } 406 407 cil_log(CIL_INFO, "Qualifying Names\n"); 408 rc = cil_fqn_qualify(db->ast->root); 409 if (rc != SEPOL_OK) { 410 cil_log(CIL_INFO, "Failed to qualify names\n"); 411 goto exit; 412 } 413 414 cil_log(CIL_INFO, "Compile post process\n"); 415 rc = cil_post_process(db); 416 if (rc != SEPOL_OK ) { 417 cil_log(CIL_INFO, "Post process failed\n"); 418 goto exit; 419 } 420 421 exit: 422 423 return rc; 424 } 425 426 #ifndef DISABLE_SYMVER 427 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) 428 { 429 return cil_compile_nopdb(db); 430 } 431 432 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db) 433 { 434 int rc; 435 436 cil_log(CIL_INFO, "Building policy binary\n"); 437 rc = cil_binary_create_allocated_pdb(db, sepol_db); 438 if (rc != SEPOL_OK) { 439 cil_log(CIL_ERR, "Failed to generate binary\n"); 440 goto exit; 441 } 442 443 exit: 444 return rc; 445 } 446 #endif 447 448 #ifdef DISABLE_SYMVER 449 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) 450 #else 451 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) 452 #endif 453 { 454 int rc; 455 456 cil_log(CIL_INFO, "Building policy binary\n"); 457 rc = cil_binary_create(db, sepol_db); 458 if (rc != SEPOL_OK) { 459 cil_log(CIL_ERR, "Failed to generate binary\n"); 460 goto exit; 461 } 462 463 exit: 464 return rc; 465 } 466 467 void cil_write_policy_conf(FILE *out, struct cil_db *db) 468 { 469 cil_log(CIL_INFO, "Writing policy.conf file\n"); 470 cil_gen_policy(out, db); 471 } 472 473 void cil_destroy_data(void **data, enum cil_flavor flavor) 474 { 475 if (*data == NULL) { 476 return; 477 } 478 479 switch(flavor) { 480 case CIL_NONE: 481 break; 482 case CIL_ROOT: 483 cil_root_destroy(*data); 484 break; 485 case CIL_NODE: 486 break; 487 case CIL_STRING: 488 break; 489 case CIL_DATUM: 490 break; 491 case CIL_LIST: 492 cil_list_destroy(*data, CIL_FALSE); 493 break; 494 case CIL_LIST_ITEM: 495 break; 496 case CIL_PARAM: 497 cil_destroy_param(*data); 498 break; 499 case CIL_ARGS: 500 cil_destroy_args(*data); 501 break; 502 case CIL_BLOCK: 503 cil_destroy_block(*data); 504 break; 505 case CIL_BLOCKINHERIT: 506 cil_destroy_blockinherit(*data); 507 break; 508 case CIL_BLOCKABSTRACT: 509 cil_destroy_blockabstract(*data); 510 break; 511 case CIL_IN: 512 cil_destroy_in(*data); 513 break; 514 case CIL_MACRO: 515 cil_destroy_macro(*data); 516 break; 517 case CIL_CALL: 518 cil_destroy_call(*data); 519 break; 520 case CIL_OPTIONAL: 521 cil_destroy_optional(*data); 522 break; 523 case CIL_BOOL: 524 cil_destroy_bool(*data); 525 break; 526 case CIL_BOOLEANIF: 527 cil_destroy_boolif(*data); 528 break; 529 case CIL_TUNABLE: 530 cil_destroy_tunable(*data); 531 break; 532 case CIL_TUNABLEIF: 533 cil_destroy_tunif(*data); 534 break; 535 case CIL_CONDBLOCK: 536 cil_destroy_condblock(*data); 537 break; 538 case CIL_CONDTRUE: 539 break; 540 case CIL_CONDFALSE: 541 break; 542 case CIL_PERM: 543 case CIL_MAP_PERM: 544 cil_destroy_perm(*data); 545 break; 546 case CIL_COMMON: 547 case CIL_CLASS: 548 case CIL_MAP_CLASS: 549 cil_destroy_class(*data); 550 break; 551 case CIL_CLASSORDER: 552 cil_destroy_classorder(*data); 553 break; 554 case CIL_CLASSPERMISSION: 555 cil_destroy_classpermission(*data); 556 break; 557 case CIL_CLASSCOMMON: 558 cil_destroy_classcommon(*data); 559 break; 560 case CIL_CLASSMAPPING: 561 cil_destroy_classmapping(*data); 562 break; 563 case CIL_CLASSPERMS: 564 cil_destroy_classperms(*data); 565 break; 566 case CIL_CLASSPERMS_SET: 567 cil_destroy_classperms_set(*data); 568 break; 569 case CIL_CLASSPERMISSIONSET: 570 cil_destroy_classpermissionset(*data); 571 break; 572 case CIL_USER: 573 cil_destroy_user(*data); 574 break; 575 case CIL_USERATTRIBUTE: 576 cil_destroy_userattribute(*data); 577 break; 578 case CIL_USERATTRIBUTESET: 579 cil_destroy_userattributeset(*data); 580 break; 581 case CIL_USERPREFIX: 582 cil_destroy_userprefix(*data); 583 break; 584 case CIL_USERROLE: 585 cil_destroy_userrole(*data); 586 break; 587 case CIL_USERLEVEL: 588 cil_destroy_userlevel(*data); 589 break; 590 case CIL_USERRANGE: 591 cil_destroy_userrange(*data); 592 break; 593 case CIL_USERBOUNDS: 594 cil_destroy_bounds(*data); 595 break; 596 case CIL_SELINUXUSER: 597 case CIL_SELINUXUSERDEFAULT: 598 cil_destroy_selinuxuser(*data); 599 break; 600 case CIL_ROLE: 601 cil_destroy_role(*data); 602 break; 603 case CIL_ROLEATTRIBUTE: 604 cil_destroy_roleattribute(*data); 605 break; 606 case CIL_ROLEATTRIBUTESET: 607 cil_destroy_roleattributeset(*data); 608 break; 609 case CIL_ROLETYPE: 610 cil_destroy_roletype(*data); 611 break; 612 case CIL_ROLEBOUNDS: 613 cil_destroy_bounds(*data); 614 break; 615 case CIL_TYPE: 616 cil_destroy_type(*data); 617 break; 618 case CIL_TYPEATTRIBUTE: 619 cil_destroy_typeattribute(*data); 620 break; 621 case CIL_TYPEALIAS: 622 cil_destroy_alias(*data); 623 break; 624 case CIL_TYPEATTRIBUTESET: 625 cil_destroy_typeattributeset(*data); 626 break; 627 case CIL_EXPANDTYPEATTRIBUTE: 628 cil_destroy_expandtypeattribute(*data); 629 break; 630 case CIL_TYPEALIASACTUAL: 631 cil_destroy_aliasactual(*data); 632 break; 633 case CIL_TYPEBOUNDS: 634 cil_destroy_bounds(*data); 635 break; 636 case CIL_TYPEPERMISSIVE: 637 cil_destroy_typepermissive(*data); 638 break; 639 case CIL_SENS: 640 cil_destroy_sensitivity(*data); 641 break; 642 case CIL_SENSALIAS: 643 cil_destroy_alias(*data); 644 break; 645 case CIL_SENSALIASACTUAL: 646 cil_destroy_aliasactual(*data); 647 break; 648 case CIL_SENSITIVITYORDER: 649 cil_destroy_sensitivityorder(*data); 650 break; 651 case CIL_SENSCAT: 652 cil_destroy_senscat(*data); 653 break; 654 case CIL_CAT: 655 cil_destroy_category(*data); 656 break; 657 case CIL_CATSET: 658 cil_destroy_catset(*data); 659 break; 660 case CIL_CATALIAS: 661 cil_destroy_alias(*data); 662 break; 663 case CIL_CATALIASACTUAL: 664 cil_destroy_aliasactual(*data); 665 break; 666 case CIL_CATORDER: 667 cil_destroy_catorder(*data); 668 break; 669 case CIL_LEVEL: 670 cil_destroy_level(*data); 671 break; 672 case CIL_LEVELRANGE: 673 cil_destroy_levelrange(*data); 674 break; 675 case CIL_SID: 676 cil_destroy_sid(*data); 677 break; 678 case CIL_SIDORDER: 679 cil_destroy_sidorder(*data); 680 break; 681 case CIL_NAME: 682 cil_destroy_name(*data); 683 break; 684 case CIL_ROLEALLOW: 685 cil_destroy_roleallow(*data); 686 break; 687 case CIL_AVRULE: 688 case CIL_AVRULEX: 689 cil_destroy_avrule(*data); 690 break; 691 case CIL_PERMISSIONX: 692 cil_destroy_permissionx(*data); 693 break; 694 case CIL_ROLETRANSITION: 695 cil_destroy_roletransition(*data); 696 break; 697 case CIL_TYPE_RULE: 698 cil_destroy_type_rule(*data); 699 break; 700 case CIL_NAMETYPETRANSITION: 701 cil_destroy_typetransition(*data); 702 break; 703 case CIL_RANGETRANSITION: 704 cil_destroy_rangetransition(*data); 705 break; 706 case CIL_CONSTRAIN: 707 cil_destroy_constrain(*data); 708 break; 709 case CIL_MLSCONSTRAIN: 710 cil_destroy_constrain(*data); 711 break; 712 case CIL_VALIDATETRANS: 713 case CIL_MLSVALIDATETRANS: 714 cil_destroy_validatetrans(*data); 715 break; 716 case CIL_CONTEXT: 717 cil_destroy_context(*data); 718 break; 719 case CIL_IPADDR: 720 cil_destroy_ipaddr(*data); 721 break; 722 case CIL_SIDCONTEXT: 723 cil_destroy_sidcontext(*data); 724 break; 725 case CIL_FSUSE: 726 cil_destroy_fsuse(*data); 727 break; 728 case CIL_FILECON: 729 cil_destroy_filecon(*data); 730 break; 731 case CIL_PORTCON: 732 cil_destroy_portcon(*data); 733 break; 734 case CIL_NODECON: 735 cil_destroy_nodecon(*data); 736 break; 737 case CIL_GENFSCON: 738 cil_destroy_genfscon(*data); 739 break; 740 case CIL_NETIFCON: 741 cil_destroy_netifcon(*data); 742 break; 743 case CIL_PIRQCON: 744 cil_destroy_pirqcon(*data); 745 break; 746 case CIL_IOMEMCON: 747 cil_destroy_iomemcon(*data); 748 break; 749 case CIL_IOPORTCON: 750 cil_destroy_ioportcon(*data); 751 break; 752 case CIL_PCIDEVICECON: 753 cil_destroy_pcidevicecon(*data); 754 break; 755 case CIL_DEVICETREECON: 756 cil_destroy_devicetreecon(*data); 757 break; 758 case CIL_POLICYCAP: 759 cil_destroy_policycap(*data); 760 break; 761 case CIL_DEFAULTUSER: 762 case CIL_DEFAULTROLE: 763 case CIL_DEFAULTTYPE: 764 cil_destroy_default(*data); 765 break; 766 case CIL_DEFAULTRANGE: 767 cil_destroy_defaultrange(*data); 768 break; 769 case CIL_HANDLEUNKNOWN: 770 cil_destroy_handleunknown(*data); 771 break; 772 case CIL_MLS: 773 cil_destroy_mls(*data); 774 break; 775 case CIL_SRC_INFO: 776 cil_destroy_src_info(*data); 777 break; 778 case CIL_OP: 779 case CIL_CONS_OPERAND: 780 break; 781 default: 782 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor); 783 break; 784 } 785 786 *data = NULL; 787 } 788 789 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index) 790 { 791 if (flavor < CIL_MIN_DECLARATIVE) { 792 return SEPOL_ERR; 793 } 794 795 switch(flavor) { 796 case CIL_BLOCK: 797 *sym_index = CIL_SYM_BLOCKS; 798 break; 799 case CIL_MACRO: 800 *sym_index = CIL_SYM_BLOCKS; 801 break; 802 case CIL_OPTIONAL: 803 *sym_index = CIL_SYM_BLOCKS; 804 break; 805 case CIL_BOOL: 806 *sym_index = CIL_SYM_BOOLS; 807 break; 808 case CIL_TUNABLE: 809 *sym_index = CIL_SYM_TUNABLES; 810 break; 811 case CIL_PERM: 812 case CIL_MAP_PERM: 813 *sym_index = CIL_SYM_PERMS; 814 break; 815 case CIL_COMMON: 816 *sym_index = CIL_SYM_COMMONS; 817 break; 818 case CIL_CLASS: 819 case CIL_MAP_CLASS: 820 *sym_index = CIL_SYM_CLASSES; 821 break; 822 case CIL_CLASSPERMISSION: 823 case CIL_CLASSPERMISSIONSET: 824 *sym_index = CIL_SYM_CLASSPERMSETS; 825 break; 826 case CIL_USER: 827 case CIL_USERATTRIBUTE: 828 *sym_index = CIL_SYM_USERS; 829 break; 830 case CIL_ROLE: 831 case CIL_ROLEATTRIBUTE: 832 *sym_index = CIL_SYM_ROLES; 833 break; 834 case CIL_TYPE: 835 case CIL_TYPEALIAS: 836 case CIL_TYPEATTRIBUTE: 837 *sym_index = CIL_SYM_TYPES; 838 break; 839 case CIL_SENS: 840 case CIL_SENSALIAS: 841 *sym_index = CIL_SYM_SENS; 842 break; 843 case CIL_CAT: 844 case CIL_CATSET: 845 case CIL_CATALIAS: 846 *sym_index = CIL_SYM_CATS; 847 break; 848 case CIL_LEVEL: 849 *sym_index = CIL_SYM_LEVELS; 850 break; 851 case CIL_LEVELRANGE: 852 *sym_index = CIL_SYM_LEVELRANGES; 853 break; 854 case CIL_SID: 855 *sym_index = CIL_SYM_SIDS; 856 break; 857 case CIL_NAME: 858 *sym_index = CIL_SYM_NAMES; 859 break; 860 case CIL_CONTEXT: 861 *sym_index = CIL_SYM_CONTEXTS; 862 break; 863 case CIL_IPADDR: 864 *sym_index = CIL_SYM_IPADDRS; 865 break; 866 case CIL_POLICYCAP: 867 *sym_index = CIL_SYM_POLICYCAPS; 868 break; 869 case CIL_PERMISSIONX: 870 *sym_index = CIL_SYM_PERMX; 871 break; 872 default: 873 *sym_index = CIL_SYM_UNKNOWN; 874 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor); 875 return SEPOL_ERR; 876 } 877 878 return SEPOL_OK; 879 } 880 881 const char * cil_node_to_string(struct cil_tree_node *node) 882 { 883 switch (node->flavor) { 884 case CIL_NONE: 885 return "<none>"; 886 case CIL_ROOT: 887 return CIL_KEY_ROOT; 888 case CIL_NODE: 889 return CIL_KEY_NODE; 890 case CIL_STRING: 891 return "string"; 892 case CIL_DATUM: 893 return "<datum>"; 894 case CIL_LIST: 895 return "<list>"; 896 case CIL_LIST_ITEM: 897 return "<list_item>"; 898 case CIL_PARAM: 899 return "<param>"; 900 case CIL_ARGS: 901 return "<args>"; 902 case CIL_BLOCK: 903 return CIL_KEY_BLOCK; 904 case CIL_BLOCKINHERIT: 905 return CIL_KEY_BLOCKINHERIT; 906 case CIL_BLOCKABSTRACT: 907 return CIL_KEY_BLOCKABSTRACT; 908 case CIL_IN: 909 return CIL_KEY_IN; 910 case CIL_MACRO: 911 return CIL_KEY_MACRO; 912 case CIL_CALL: 913 return CIL_KEY_CALL; 914 case CIL_OPTIONAL: 915 return CIL_KEY_OPTIONAL; 916 case CIL_BOOL: 917 return CIL_KEY_BOOL; 918 case CIL_BOOLEANIF: 919 return CIL_KEY_BOOLEANIF; 920 case CIL_TUNABLE: 921 return CIL_KEY_TUNABLE; 922 case CIL_TUNABLEIF: 923 return CIL_KEY_TUNABLEIF; 924 case CIL_CONDBLOCK: 925 switch (((struct cil_condblock*)node->data)->flavor) { 926 case CIL_CONDTRUE: 927 return CIL_KEY_CONDTRUE; 928 case CIL_CONDFALSE: 929 return CIL_KEY_CONDFALSE; 930 default: 931 break; 932 } 933 break; 934 case CIL_CONDTRUE: 935 return CIL_KEY_CONDTRUE; 936 case CIL_CONDFALSE: 937 return CIL_KEY_CONDFALSE; 938 case CIL_PERM: 939 return CIL_KEY_PERM; 940 case CIL_COMMON: 941 return CIL_KEY_COMMON; 942 case CIL_CLASS: 943 return CIL_KEY_CLASS; 944 case CIL_CLASSORDER: 945 return CIL_KEY_CLASSORDER; 946 case CIL_MAP_CLASS: 947 return CIL_KEY_MAP_CLASS; 948 case CIL_CLASSPERMISSION: 949 return CIL_KEY_CLASSPERMISSION; 950 case CIL_CLASSCOMMON: 951 return CIL_KEY_CLASSCOMMON; 952 case CIL_CLASSMAPPING: 953 return CIL_KEY_CLASSMAPPING; 954 case CIL_CLASSPERMISSIONSET: 955 return CIL_KEY_CLASSPERMISSIONSET; 956 case CIL_USER: 957 return CIL_KEY_USER; 958 case CIL_USERATTRIBUTE: 959 return CIL_KEY_USERATTRIBUTE; 960 case CIL_USERATTRIBUTESET: 961 return CIL_KEY_USERATTRIBUTESET; 962 case CIL_USERPREFIX: 963 return CIL_KEY_USERPREFIX; 964 case CIL_USERROLE: 965 return CIL_KEY_USERROLE; 966 case CIL_USERLEVEL: 967 return CIL_KEY_USERLEVEL; 968 case CIL_USERRANGE: 969 return CIL_KEY_USERRANGE; 970 case CIL_USERBOUNDS: 971 return CIL_KEY_USERBOUNDS; 972 case CIL_SELINUXUSER: 973 return CIL_KEY_SELINUXUSER; 974 case CIL_SELINUXUSERDEFAULT: 975 return CIL_KEY_SELINUXUSERDEFAULT; 976 case CIL_ROLE: 977 return CIL_KEY_ROLE; 978 case CIL_ROLEATTRIBUTE: 979 return CIL_KEY_ROLEATTRIBUTE; 980 case CIL_ROLEATTRIBUTESET: 981 return CIL_KEY_ROLEATTRIBUTESET; 982 case CIL_ROLETYPE: 983 return CIL_KEY_ROLETYPE; 984 case CIL_ROLEBOUNDS: 985 return CIL_KEY_ROLEBOUNDS; 986 case CIL_TYPE: 987 return CIL_KEY_TYPE; 988 case CIL_TYPEATTRIBUTE: 989 return CIL_KEY_TYPEATTRIBUTE; 990 case CIL_TYPEALIAS: 991 return CIL_KEY_TYPEALIAS; 992 case CIL_TYPEATTRIBUTESET: 993 return CIL_KEY_TYPEATTRIBUTESET; 994 case CIL_EXPANDTYPEATTRIBUTE: 995 return CIL_KEY_EXPANDTYPEATTRIBUTE; 996 case CIL_TYPEALIASACTUAL: 997 return CIL_KEY_TYPEALIASACTUAL; 998 case CIL_TYPEBOUNDS: 999 return CIL_KEY_TYPEBOUNDS; 1000 case CIL_TYPEPERMISSIVE: 1001 return CIL_KEY_TYPEPERMISSIVE; 1002 case CIL_SENS: 1003 return CIL_KEY_SENSITIVITY; 1004 case CIL_SENSALIAS: 1005 return CIL_KEY_SENSALIAS; 1006 case CIL_SENSALIASACTUAL: 1007 return CIL_KEY_SENSALIASACTUAL; 1008 case CIL_SENSITIVITYORDER: 1009 return CIL_KEY_SENSITIVITYORDER; 1010 case CIL_SENSCAT: 1011 return CIL_KEY_SENSCAT; 1012 case CIL_CAT: 1013 return CIL_KEY_CATEGORY; 1014 case CIL_CATSET: 1015 return CIL_KEY_CATSET; 1016 case CIL_CATALIAS: 1017 return CIL_KEY_CATALIAS; 1018 case CIL_CATALIASACTUAL: 1019 return CIL_KEY_CATALIASACTUAL; 1020 case CIL_CATORDER: 1021 return CIL_KEY_CATORDER; 1022 case CIL_LEVEL: 1023 return CIL_KEY_LEVEL; 1024 case CIL_LEVELRANGE: 1025 return CIL_KEY_LEVELRANGE; 1026 case CIL_SID: 1027 return CIL_KEY_SID; 1028 case CIL_SIDORDER: 1029 return CIL_KEY_SIDORDER; 1030 case CIL_NAME: 1031 return CIL_KEY_NAME; 1032 case CIL_ROLEALLOW: 1033 return CIL_KEY_ROLEALLOW; 1034 case CIL_AVRULE: 1035 switch (((struct cil_avrule *)node->data)->rule_kind) { 1036 case CIL_AVRULE_ALLOWED: 1037 return CIL_KEY_ALLOW; 1038 case CIL_AVRULE_AUDITALLOW: 1039 return CIL_KEY_AUDITALLOW; 1040 case CIL_AVRULE_DONTAUDIT: 1041 return CIL_KEY_DONTAUDIT; 1042 case CIL_AVRULE_NEVERALLOW: 1043 return CIL_KEY_NEVERALLOW; 1044 default: 1045 break; 1046 } 1047 break; 1048 case CIL_AVRULEX: 1049 switch (((struct cil_avrule *)node->data)->rule_kind) { 1050 case CIL_AVRULE_ALLOWED: 1051 return CIL_KEY_ALLOWX; 1052 case CIL_AVRULE_AUDITALLOW: 1053 return CIL_KEY_AUDITALLOWX; 1054 case CIL_AVRULE_DONTAUDIT: 1055 return CIL_KEY_DONTAUDITX; 1056 case CIL_AVRULE_NEVERALLOW: 1057 return CIL_KEY_NEVERALLOWX; 1058 default: 1059 break; 1060 } 1061 break; 1062 case CIL_PERMISSIONX: 1063 return CIL_KEY_PERMISSIONX; 1064 case CIL_ROLETRANSITION: 1065 return CIL_KEY_ROLETRANSITION; 1066 case CIL_TYPE_RULE: 1067 switch (((struct cil_type_rule *)node->data)->rule_kind) { 1068 case CIL_TYPE_TRANSITION: 1069 return CIL_KEY_TYPETRANSITION; 1070 case CIL_TYPE_MEMBER: 1071 return CIL_KEY_TYPEMEMBER; 1072 case CIL_TYPE_CHANGE: 1073 return CIL_KEY_TYPECHANGE; 1074 default: 1075 break; 1076 } 1077 break; 1078 case CIL_NAMETYPETRANSITION: 1079 return CIL_KEY_TYPETRANSITION; 1080 case CIL_RANGETRANSITION: 1081 return CIL_KEY_RANGETRANSITION; 1082 case CIL_CONSTRAIN: 1083 return CIL_KEY_CONSTRAIN; 1084 case CIL_MLSCONSTRAIN: 1085 return CIL_KEY_MLSCONSTRAIN; 1086 case CIL_VALIDATETRANS: 1087 return CIL_KEY_VALIDATETRANS; 1088 case CIL_MLSVALIDATETRANS: 1089 return CIL_KEY_MLSVALIDATETRANS; 1090 case CIL_CONTEXT: 1091 return CIL_KEY_CONTEXT; 1092 case CIL_IPADDR: 1093 return CIL_KEY_IPADDR; 1094 case CIL_SIDCONTEXT: 1095 return CIL_KEY_SIDCONTEXT; 1096 case CIL_FSUSE: 1097 return CIL_KEY_FSUSE; 1098 case CIL_FILECON: 1099 return CIL_KEY_FILECON; 1100 case CIL_PORTCON: 1101 return CIL_KEY_PORTCON; 1102 case CIL_NODECON: 1103 return CIL_KEY_NODECON; 1104 case CIL_GENFSCON: 1105 return CIL_KEY_GENFSCON; 1106 case CIL_NETIFCON: 1107 return CIL_KEY_NETIFCON; 1108 case CIL_PIRQCON: 1109 return CIL_KEY_PIRQCON; 1110 case CIL_IOMEMCON: 1111 return CIL_KEY_IOMEMCON; 1112 case CIL_IOPORTCON: 1113 return CIL_KEY_IOPORTCON; 1114 case CIL_PCIDEVICECON: 1115 return CIL_KEY_PCIDEVICECON; 1116 case CIL_DEVICETREECON: 1117 return CIL_KEY_DEVICETREECON; 1118 case CIL_POLICYCAP: 1119 return CIL_KEY_POLICYCAP; 1120 case CIL_DEFAULTUSER: 1121 return CIL_KEY_DEFAULTUSER; 1122 case CIL_DEFAULTROLE: 1123 return CIL_KEY_DEFAULTROLE; 1124 case CIL_DEFAULTTYPE: 1125 return CIL_KEY_DEFAULTTYPE; 1126 case CIL_DEFAULTRANGE: 1127 return CIL_KEY_DEFAULTRANGE; 1128 case CIL_HANDLEUNKNOWN: 1129 return CIL_KEY_HANDLEUNKNOWN; 1130 case CIL_MLS: 1131 return CIL_KEY_MLS; 1132 case CIL_SRC_INFO: 1133 return CIL_KEY_SRC_INFO; 1134 case CIL_ALL: 1135 return CIL_KEY_ALL; 1136 case CIL_RANGE: 1137 return CIL_KEY_RANGE; 1138 case CIL_AND: 1139 return CIL_KEY_AND; 1140 case CIL_OR: 1141 return CIL_KEY_OR; 1142 case CIL_XOR: 1143 return CIL_KEY_XOR; 1144 case CIL_NOT: 1145 return CIL_KEY_NOT; 1146 case CIL_EQ: 1147 return CIL_KEY_EQ; 1148 case CIL_NEQ: 1149 return CIL_KEY_NEQ; 1150 case CIL_CONS_DOM: 1151 return CIL_KEY_CONS_DOM; 1152 case CIL_CONS_DOMBY: 1153 return CIL_KEY_CONS_DOMBY; 1154 case CIL_CONS_INCOMP: 1155 return CIL_KEY_CONS_INCOMP; 1156 case CIL_CONS_U1: 1157 return CIL_KEY_CONS_U1; 1158 case CIL_CONS_U2: 1159 return CIL_KEY_CONS_U2; 1160 case CIL_CONS_U3: 1161 return CIL_KEY_CONS_U3; 1162 case CIL_CONS_T1: 1163 return CIL_KEY_CONS_T1; 1164 case CIL_CONS_T2: 1165 return CIL_KEY_CONS_T2; 1166 case CIL_CONS_T3: 1167 return CIL_KEY_CONS_T3; 1168 case CIL_CONS_R1: 1169 return CIL_KEY_CONS_R1; 1170 case CIL_CONS_R2: 1171 return CIL_KEY_CONS_R2; 1172 case CIL_CONS_R3: 1173 return CIL_KEY_CONS_R3; 1174 case CIL_CONS_L1: 1175 return CIL_KEY_CONS_L1; 1176 case CIL_CONS_L2: 1177 return CIL_KEY_CONS_L2; 1178 case CIL_CONS_H1: 1179 return CIL_KEY_CONS_H1; 1180 case CIL_CONS_H2: 1181 return CIL_KEY_CONS_H2; 1182 1183 default: 1184 break; 1185 } 1186 1187 return "<unknown>"; 1188 } 1189 1190 #ifdef DISABLE_SYMVER 1191 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) 1192 #else 1193 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1194 #endif 1195 { 1196 int rc = SEPOL_ERR; 1197 size_t str_len = 0; 1198 int buf_pos = 0; 1199 char *str_tmp = NULL; 1200 struct cil_list_item *curr; 1201 struct cil_userprefix *userprefix = NULL; 1202 struct cil_user *user = NULL; 1203 1204 *out = NULL; 1205 1206 if (db->userprefixes->head == NULL) { 1207 rc = SEPOL_OK; 1208 *size = 0; 1209 goto exit; 1210 } 1211 1212 cil_list_for_each(curr, db->userprefixes) { 1213 userprefix = curr->data; 1214 user = userprefix->user; 1215 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2; 1216 } 1217 1218 *size = str_len * sizeof(char); 1219 str_len++; 1220 str_tmp = cil_malloc(str_len * sizeof(char)); 1221 *out = str_tmp; 1222 1223 cil_list_for_each(curr, db->userprefixes) { 1224 userprefix = curr->data; 1225 user = userprefix->user; 1226 1227 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn, 1228 userprefix->prefix_str); 1229 str_len -= buf_pos; 1230 str_tmp += buf_pos; 1231 } 1232 1233 rc = SEPOL_OK; 1234 exit: 1235 return rc; 1236 1237 } 1238 1239 #ifndef DISABLE_SYMVER 1240 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1241 { 1242 return cil_userprefixes_to_string_nopdb(db, out, size); 1243 } 1244 #endif 1245 1246 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap) 1247 { 1248 int rc = SEPOL_ERR; 1249 struct cil_list_item *i; 1250 struct cil_list_item *j; 1251 struct cil_cat* cat; 1252 struct cil_catset *cs; 1253 struct cil_tree_node *node; 1254 1255 if (cats == NULL) { 1256 rc = SEPOL_OK; 1257 goto exit; 1258 } 1259 1260 cil_list_for_each(i, cats->datum_expr) { 1261 node = DATUM(i->data)->nodes->head->data; 1262 if (node->flavor == CIL_CATSET) { 1263 cs = (struct cil_catset*)i->data; 1264 cil_list_for_each(j, cs->cats->datum_expr) { 1265 cat = (struct cil_cat*)j->data; 1266 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1267 if (rc != SEPOL_OK) { 1268 goto exit; 1269 } 1270 } 1271 } else { 1272 cat = (struct cil_cat*)i->data; 1273 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1274 if (rc != SEPOL_OK) { 1275 goto exit; 1276 } 1277 } 1278 } 1279 1280 return SEPOL_OK; 1281 1282 exit: 1283 return rc; 1284 } 1285 1286 static int cil_level_equals(struct cil_level *low, struct cil_level *high) 1287 { 1288 int rc; 1289 struct ebitmap elow; 1290 struct ebitmap ehigh; 1291 1292 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) { 1293 rc = 0; 1294 goto exit; 1295 } 1296 1297 ebitmap_init(&elow); 1298 ebitmap_init(&ehigh); 1299 1300 rc = cil_cats_to_ebitmap(low->cats, &elow); 1301 if (rc != SEPOL_OK) { 1302 goto exit; 1303 } 1304 1305 rc = cil_cats_to_ebitmap(high->cats, &ehigh); 1306 if (rc != SEPOL_OK) { 1307 goto exit; 1308 } 1309 1310 rc = ebitmap_cmp(&elow, &ehigh); 1311 ebitmap_destroy(&elow); 1312 ebitmap_destroy(&ehigh); 1313 1314 exit: 1315 return rc; 1316 } 1317 1318 static int __cil_level_strlen(struct cil_level *lvl) 1319 { 1320 struct cil_list_item *item; 1321 struct cil_cats *cats = lvl->cats; 1322 int str_len = 0; 1323 char *str1 = NULL; 1324 char *str2 = NULL; 1325 int first = -1; 1326 int last = -1; 1327 1328 str_len += strlen(lvl->sens->datum.fqn); 1329 1330 if (cats && cats->datum_expr != NULL) { 1331 str_len++; /* initial ":" */ 1332 cil_list_for_each(item, cats->datum_expr) { 1333 struct cil_cat *cat = item->data; 1334 if (first == -1) { 1335 str1 = cat->datum.fqn; 1336 first = cat->value; 1337 last = first; 1338 } else if (cat->value == last + 1) { 1339 last++; 1340 str2 = cat->datum.fqn; 1341 } else { 1342 if (first == last) { 1343 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1; 1344 } else if (last == first + 1) { 1345 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1346 } else { 1347 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1348 } 1349 first = -1; 1350 last = -1; 1351 if (item->next != NULL) { 1352 str_len++; /* space for "," after */ 1353 } 1354 } 1355 } 1356 if (first != -1) { 1357 if (first == last) { 1358 str_len += strlen(str1); 1359 } else if (last == first + 1) { 1360 str_len += strlen(str1) + strlen(str2) + 1; 1361 } else { 1362 str_len += strlen(str1) + strlen(str2) + 1; 1363 } 1364 } 1365 } 1366 1367 return str_len; 1368 } 1369 1370 static int __cil_level_to_string(struct cil_level *lvl, char *out) 1371 { 1372 struct cil_list_item *item; 1373 struct cil_cats *cats = lvl->cats; 1374 int buf_pos = 0; 1375 char *str_tmp = out; 1376 char *str1 = NULL; 1377 char *str2 = NULL; 1378 int first = -1; 1379 int last = -1; 1380 1381 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn); 1382 str_tmp += buf_pos; 1383 1384 if (cats && cats->datum_expr != NULL) { 1385 buf_pos = sprintf(str_tmp, ":"); 1386 str_tmp += buf_pos; 1387 1388 cil_list_for_each(item, cats->datum_expr) { 1389 struct cil_cat *cat = item->data; 1390 if (first == -1) { 1391 str1 = cat->datum.fqn; 1392 first = cat->value; 1393 last = first; 1394 } else if (cat->value == last + 1) { 1395 last++; 1396 str2 = cat->datum.fqn; 1397 } else { 1398 if (first == last) { 1399 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn); 1400 str_tmp += buf_pos; 1401 } else if (last == first + 1) { 1402 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn); 1403 str_tmp += buf_pos; 1404 } else { 1405 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn); 1406 str_tmp += buf_pos; 1407 } 1408 first = -1; 1409 last = -1; 1410 if (item->next != NULL) { 1411 buf_pos = sprintf(str_tmp, ","); 1412 str_tmp += buf_pos; 1413 } 1414 } 1415 } 1416 if (first != -1) { 1417 if (first == last) { 1418 buf_pos = sprintf(str_tmp, "%s", str1); 1419 str_tmp += buf_pos; 1420 } else if (last == first + 1) { 1421 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2); 1422 str_tmp += buf_pos; 1423 } else { 1424 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2); 1425 str_tmp += buf_pos; 1426 } 1427 } 1428 } 1429 1430 return str_tmp - out; 1431 } 1432 1433 #ifdef DISABLE_SYMVER 1434 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) 1435 #else 1436 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1437 #endif 1438 { 1439 size_t str_len = 0; 1440 int buf_pos = 0; 1441 char *str_tmp = NULL; 1442 struct cil_list_item *curr; 1443 1444 if (db->selinuxusers->head == NULL) { 1445 *size = 0; 1446 *out = NULL; 1447 return SEPOL_OK; 1448 } 1449 1450 cil_list_for_each(curr, db->selinuxusers) { 1451 struct cil_selinuxuser *selinuxuser = curr->data; 1452 struct cil_user *user = selinuxuser->user; 1453 1454 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1; 1455 1456 if (db->mls == CIL_TRUE) { 1457 struct cil_levelrange *range = selinuxuser->range; 1458 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1459 } 1460 1461 str_len++; 1462 } 1463 1464 *size = str_len * sizeof(char); 1465 str_tmp = cil_malloc(*size+1); 1466 *out = str_tmp; 1467 1468 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) { 1469 struct cil_selinuxuser *selinuxuser = curr->data; 1470 struct cil_user *user = selinuxuser->user; 1471 1472 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn); 1473 str_tmp += buf_pos; 1474 1475 if (db->mls == CIL_TRUE) { 1476 struct cil_levelrange *range = selinuxuser->range; 1477 buf_pos = sprintf(str_tmp, ":"); 1478 str_tmp += buf_pos; 1479 buf_pos = __cil_level_to_string(range->low, str_tmp); 1480 str_tmp += buf_pos; 1481 buf_pos = sprintf(str_tmp, "-"); 1482 str_tmp += buf_pos; 1483 buf_pos = __cil_level_to_string(range->high, str_tmp); 1484 str_tmp += buf_pos; 1485 } 1486 1487 buf_pos = sprintf(str_tmp, "\n"); 1488 str_tmp += buf_pos; 1489 } 1490 1491 return SEPOL_OK; 1492 } 1493 1494 #ifndef DISABLE_SYMVER 1495 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1496 { 1497 return cil_selinuxusers_to_string_nopdb(db, out, size); 1498 } 1499 #endif 1500 1501 #ifdef DISABLE_SYMVER 1502 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) 1503 #else 1504 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1505 #endif 1506 { 1507 uint32_t i = 0; 1508 int buf_pos = 0; 1509 size_t str_len = 0; 1510 char *str_tmp = NULL; 1511 struct cil_sort *filecons = db->filecon; 1512 1513 for (i = 0; i < filecons->count; i++) { 1514 struct cil_filecon *filecon = filecons->array[i]; 1515 struct cil_context *ctx = filecon->context; 1516 1517 str_len += strlen(filecon->path_str); 1518 1519 if (filecon->type != CIL_FILECON_ANY) { 1520 /* If a type is specified, 1521 +2 for type string, +1 for tab */ 1522 str_len += 3; 1523 } 1524 1525 if (ctx != NULL) { 1526 struct cil_user *user = ctx->user; 1527 struct cil_role *role = ctx->role; 1528 struct cil_type *type = ctx->type; 1529 1530 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3); 1531 1532 if (db->mls == CIL_TRUE) { 1533 struct cil_levelrange *range = ctx->range; 1534 if (cil_level_equals(range->low, range->high)) { 1535 str_len += __cil_level_strlen(range->low) + 1; 1536 } else { 1537 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1538 } 1539 } 1540 } else { 1541 str_len += strlen("\t<<none>>"); 1542 } 1543 1544 str_len++; 1545 } 1546 1547 *size = str_len * sizeof(char); 1548 str_tmp = cil_malloc(*size+1); 1549 *out = str_tmp; 1550 1551 for (i = 0; i < filecons->count; i++) { 1552 struct cil_filecon *filecon = filecons->array[i]; 1553 struct cil_context *ctx = filecon->context; 1554 const char *str_type = NULL; 1555 1556 buf_pos = sprintf(str_tmp, "%s", filecon->path_str); 1557 str_tmp += buf_pos; 1558 1559 switch(filecon->type) { 1560 case CIL_FILECON_FILE: 1561 str_type = "\t--"; 1562 break; 1563 case CIL_FILECON_DIR: 1564 str_type = "\t-d"; 1565 break; 1566 case CIL_FILECON_CHAR: 1567 str_type = "\t-c"; 1568 break; 1569 case CIL_FILECON_BLOCK: 1570 str_type = "\t-b"; 1571 break; 1572 case CIL_FILECON_SOCKET: 1573 str_type = "\t-s"; 1574 break; 1575 case CIL_FILECON_PIPE: 1576 str_type = "\t-p"; 1577 break; 1578 case CIL_FILECON_SYMLINK: 1579 str_type = "\t-l"; 1580 break; 1581 default: 1582 str_type = ""; 1583 break; 1584 } 1585 buf_pos = sprintf(str_tmp, "%s", str_type); 1586 str_tmp += buf_pos; 1587 1588 if (ctx != NULL) { 1589 struct cil_user *user = ctx->user; 1590 struct cil_role *role = ctx->role; 1591 struct cil_type *type = ctx->type; 1592 1593 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn, 1594 type->datum.fqn); 1595 str_tmp += buf_pos; 1596 1597 if (db->mls == CIL_TRUE) { 1598 struct cil_levelrange *range = ctx->range; 1599 buf_pos = sprintf(str_tmp, ":"); 1600 str_tmp += buf_pos; 1601 buf_pos = __cil_level_to_string(range->low, str_tmp); 1602 str_tmp += buf_pos; 1603 1604 if (!cil_level_equals(range->low, range->high)) { 1605 buf_pos = sprintf(str_tmp, "-"); 1606 str_tmp += buf_pos; 1607 buf_pos = __cil_level_to_string(range->high, str_tmp); 1608 str_tmp += buf_pos; 1609 } 1610 } 1611 } else { 1612 buf_pos = sprintf(str_tmp, "\t<<none>>"); 1613 str_tmp += buf_pos; 1614 } 1615 1616 buf_pos = sprintf(str_tmp, "\n"); 1617 str_tmp += buf_pos; 1618 } 1619 1620 return SEPOL_OK; 1621 } 1622 1623 #ifndef DISABLE_SYMVER 1624 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1625 { 1626 return cil_filecons_to_string_nopdb(db, out, size); 1627 } 1628 #endif 1629 1630 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit) 1631 { 1632 db->disable_dontaudit = disable_dontaudit; 1633 } 1634 1635 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow) 1636 { 1637 db->disable_neverallow = disable_neverallow; 1638 } 1639 1640 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated) 1641 { 1642 db->attrs_expand_generated = attrs_expand_generated; 1643 } 1644 1645 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size) 1646 { 1647 db->attrs_expand_size = attrs_expand_size; 1648 } 1649 1650 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables) 1651 { 1652 db->preserve_tunables = preserve_tunables; 1653 } 1654 1655 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown) 1656 { 1657 int rc = 0; 1658 1659 switch (handle_unknown) { 1660 case SEPOL_DENY_UNKNOWN: 1661 case SEPOL_REJECT_UNKNOWN: 1662 case SEPOL_ALLOW_UNKNOWN: 1663 db->handle_unknown = handle_unknown; 1664 break; 1665 default: 1666 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown); 1667 rc = -1; 1668 } 1669 1670 return rc; 1671 } 1672 1673 void cil_set_mls(struct cil_db *db, int mls) 1674 { 1675 db->mls = mls; 1676 } 1677 1678 void cil_set_target_platform(struct cil_db *db, int target_platform) 1679 { 1680 db->target_platform = target_platform; 1681 } 1682 1683 void cil_set_policy_version(struct cil_db *db, int policy_version) 1684 { 1685 db->policy_version = policy_version; 1686 } 1687 1688 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM]) 1689 { 1690 uint32_t i = 0; 1691 for (i = 0; i < CIL_SYM_NUM; i++) { 1692 cil_symtab_init(&symtab[i], symtab_sizes[i]); 1693 } 1694 } 1695 1696 void cil_symtab_array_destroy(symtab_t symtab[]) 1697 { 1698 int i = 0; 1699 for (i = 0; i < CIL_SYM_NUM; i++) { 1700 cil_symtab_destroy(&symtab[i]); 1701 } 1702 } 1703 1704 void cil_destroy_ast_symtabs(struct cil_tree_node *current) 1705 { 1706 while (current) { 1707 switch (current->flavor) { 1708 case CIL_BLOCK: 1709 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab); 1710 break; 1711 case CIL_IN: 1712 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab); 1713 break; 1714 case CIL_CLASS: 1715 case CIL_COMMON: 1716 case CIL_MAP_CLASS: 1717 cil_symtab_destroy(&((struct cil_class*)current->data)->perms); 1718 break; 1719 case CIL_MACRO: 1720 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab); 1721 break; 1722 case CIL_CONDBLOCK: 1723 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab); 1724 break; 1725 default: 1726 break; 1727 } 1728 1729 if (current->cl_head) { 1730 cil_destroy_ast_symtabs(current->cl_head); 1731 } 1732 1733 current = current->next; 1734 } 1735 } 1736 1737 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index) 1738 { 1739 struct cil_tree_node *node = ast_node; 1740 *symtab = NULL; 1741 1742 if (sym_index == CIL_SYM_PERMS) { 1743 /* Class statements are not blocks, so the passed node should be the class */ 1744 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS || 1745 node->flavor == CIL_COMMON) { 1746 *symtab = &((struct cil_class*)node->data)->perms; 1747 return SEPOL_OK; 1748 } 1749 goto exit; 1750 } 1751 1752 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) { 1753 cil_log(CIL_ERR, "Invalid symtab type\n"); 1754 goto exit; 1755 } 1756 1757 while (node != NULL && *symtab == NULL) { 1758 switch (node->flavor) { 1759 case CIL_ROOT: 1760 *symtab = &((struct cil_root *)node->data)->symtab[sym_index]; 1761 break; 1762 case CIL_BLOCK: 1763 *symtab = &((struct cil_block*)node->data)->symtab[sym_index]; 1764 break; 1765 case CIL_MACRO: 1766 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index]; 1767 break; 1768 case CIL_IN: 1769 /* In blocks only exist before resolving the AST */ 1770 *symtab = &((struct cil_in*)node->data)->symtab[sym_index]; 1771 break; 1772 case CIL_CONDBLOCK: { 1773 if (node->parent->flavor == CIL_TUNABLEIF) { 1774 /* Cond blocks only exist before resolving the AST */ 1775 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index]; 1776 } else if (node->parent->flavor == CIL_BOOLEANIF) { 1777 node = node->parent->parent; 1778 } 1779 break; 1780 } 1781 default: 1782 node = node->parent; 1783 } 1784 } 1785 1786 if (*symtab == NULL) { 1787 goto exit; 1788 } 1789 1790 return SEPOL_OK; 1791 1792 exit: 1793 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node"); 1794 return SEPOL_ERR; 1795 } 1796 1797 void cil_sort_init(struct cil_sort **sort) 1798 { 1799 *sort = cil_malloc(sizeof(**sort)); 1800 1801 (*sort)->flavor = CIL_NONE; 1802 (*sort)->count = 0; 1803 (*sort)->index = 0; 1804 (*sort)->array = NULL; 1805 } 1806 1807 void cil_sort_destroy(struct cil_sort **sort) 1808 { 1809 (*sort)->flavor = CIL_NONE; 1810 (*sort)->count = 0; 1811 (*sort)->index = 0; 1812 if ((*sort)->array != NULL) { 1813 free((*sort)->array); 1814 } 1815 (*sort)->array = NULL; 1816 1817 free(*sort); 1818 *sort = NULL; 1819 } 1820 1821 void cil_netifcon_init(struct cil_netifcon **netifcon) 1822 { 1823 *netifcon = cil_malloc(sizeof(**netifcon)); 1824 1825 (*netifcon)->interface_str = NULL; 1826 (*netifcon)->if_context_str = NULL; 1827 (*netifcon)->if_context = NULL; 1828 (*netifcon)->packet_context_str = NULL; 1829 (*netifcon)->packet_context = NULL; 1830 (*netifcon)->context_str = NULL; 1831 } 1832 1833 void cil_context_init(struct cil_context **context) 1834 { 1835 *context = cil_malloc(sizeof(**context)); 1836 1837 cil_symtab_datum_init(&(*context)->datum); 1838 (*context)->user_str = NULL; 1839 (*context)->user = NULL; 1840 (*context)->role_str = NULL; 1841 (*context)->role = NULL; 1842 (*context)->type_str = NULL; 1843 (*context)->type = NULL; 1844 (*context)->range_str = NULL; 1845 (*context)->range = NULL; 1846 } 1847 1848 void cil_level_init(struct cil_level **level) 1849 { 1850 *level = cil_malloc(sizeof(**level)); 1851 1852 cil_symtab_datum_init(&(*level)->datum); 1853 (*level)->sens_str = NULL; 1854 (*level)->sens = NULL; 1855 (*level)->cats = NULL; 1856 } 1857 1858 void cil_levelrange_init(struct cil_levelrange **range) 1859 { 1860 *range = cil_malloc(sizeof(**range)); 1861 1862 cil_symtab_datum_init(&(*range)->datum); 1863 (*range)->low_str = NULL; 1864 (*range)->low = NULL; 1865 (*range)->high_str = NULL; 1866 (*range)->high = NULL; 1867 } 1868 1869 void cil_sens_init(struct cil_sens **sens) 1870 { 1871 *sens = cil_malloc(sizeof(**sens)); 1872 1873 cil_symtab_datum_init(&(*sens)->datum); 1874 1875 (*sens)->cats_list = NULL; 1876 1877 (*sens)->ordered = CIL_FALSE; 1878 } 1879 1880 void cil_block_init(struct cil_block **block) 1881 { 1882 *block = cil_malloc(sizeof(**block)); 1883 1884 cil_symtab_datum_init(&(*block)->datum); 1885 1886 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]); 1887 1888 (*block)->is_abstract = CIL_FALSE; 1889 1890 (*block)->bi_nodes = NULL; 1891 } 1892 1893 void cil_blockinherit_init(struct cil_blockinherit **inherit) 1894 { 1895 *inherit = cil_malloc(sizeof(**inherit)); 1896 (*inherit)->block_str = NULL; 1897 (*inherit)->block = NULL; 1898 } 1899 1900 void cil_blockabstract_init(struct cil_blockabstract **abstract) 1901 { 1902 *abstract = cil_malloc(sizeof(**abstract)); 1903 (*abstract)->block_str = NULL; 1904 } 1905 1906 void cil_in_init(struct cil_in **in) 1907 { 1908 *in = cil_malloc(sizeof(**in)); 1909 1910 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]); 1911 (*in)->block_str = NULL; 1912 } 1913 1914 void cil_class_init(struct cil_class **class) 1915 { 1916 *class = cil_malloc(sizeof(**class)); 1917 1918 cil_symtab_datum_init(&(*class)->datum); 1919 1920 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE); 1921 1922 (*class)->num_perms = 0; 1923 (*class)->common = NULL; 1924 (*class)->ordered = CIL_FALSE; 1925 } 1926 1927 void cil_classorder_init(struct cil_classorder **classorder) 1928 { 1929 *classorder = cil_malloc(sizeof(**classorder)); 1930 1931 (*classorder)->class_list_str = NULL; 1932 } 1933 1934 void cil_classcommon_init(struct cil_classcommon **classcommon) 1935 { 1936 *classcommon = cil_malloc(sizeof(**classcommon)); 1937 1938 (*classcommon)->class_str = NULL; 1939 (*classcommon)->common_str = NULL; 1940 } 1941 1942 void cil_sid_init(struct cil_sid **sid) 1943 { 1944 *sid = cil_malloc(sizeof(**sid)); 1945 1946 cil_symtab_datum_init(&(*sid)->datum); 1947 1948 (*sid)->ordered = CIL_FALSE; 1949 (*sid)->context = NULL; 1950 } 1951 1952 void cil_sidcontext_init(struct cil_sidcontext **sidcontext) 1953 { 1954 *sidcontext = cil_malloc(sizeof(**sidcontext)); 1955 1956 (*sidcontext)->sid_str = NULL; 1957 (*sidcontext)->context_str = NULL; 1958 (*sidcontext)->context = NULL; 1959 } 1960 1961 void cil_sidorder_init(struct cil_sidorder **sidorder) 1962 { 1963 *sidorder = cil_malloc(sizeof(**sidorder)); 1964 1965 (*sidorder)->sid_list_str = NULL; 1966 } 1967 1968 void cil_userrole_init(struct cil_userrole **userrole) 1969 { 1970 *userrole = cil_malloc(sizeof(**userrole)); 1971 1972 (*userrole)->user_str = NULL; 1973 (*userrole)->user = NULL; 1974 (*userrole)->role_str = NULL; 1975 (*userrole)->role = NULL; 1976 } 1977 1978 void cil_userprefix_init(struct cil_userprefix **userprefix) 1979 { 1980 *userprefix = cil_malloc(sizeof(**userprefix)); 1981 1982 (*userprefix)->user_str = NULL; 1983 (*userprefix)->user = NULL; 1984 (*userprefix)->prefix_str = NULL; 1985 } 1986 1987 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser) 1988 { 1989 *selinuxuser = cil_malloc(sizeof(**selinuxuser)); 1990 1991 (*selinuxuser)->name_str = NULL; 1992 (*selinuxuser)->user_str = NULL; 1993 (*selinuxuser)->user = NULL; 1994 (*selinuxuser)->range_str = NULL; 1995 (*selinuxuser)->range = NULL; 1996 } 1997 1998 void cil_roletype_init(struct cil_roletype **roletype) 1999 { 2000 *roletype = cil_malloc(sizeof(**roletype)); 2001 2002 (*roletype)->role_str = NULL; 2003 (*roletype)->role = NULL; 2004 (*roletype)->type_str = NULL; 2005 (*roletype)->type = NULL; 2006 } 2007 2008 void cil_roleattribute_init(struct cil_roleattribute **attr) 2009 { 2010 *attr = cil_malloc(sizeof(**attr)); 2011 2012 cil_symtab_datum_init(&(*attr)->datum); 2013 2014 (*attr)->expr_list = NULL; 2015 (*attr)->roles = NULL; 2016 } 2017 2018 void cil_roleattributeset_init(struct cil_roleattributeset **attrset) 2019 { 2020 *attrset = cil_malloc(sizeof(**attrset)); 2021 2022 (*attrset)->attr_str = NULL; 2023 (*attrset)->str_expr = NULL; 2024 (*attrset)->datum_expr = NULL; 2025 } 2026 2027 void cil_typeattribute_init(struct cil_typeattribute **attr) 2028 { 2029 *attr = cil_malloc(sizeof(**attr)); 2030 2031 cil_symtab_datum_init(&(*attr)->datum); 2032 2033 (*attr)->expr_list = NULL; 2034 (*attr)->types = NULL; 2035 (*attr)->used = CIL_FALSE; 2036 } 2037 2038 void cil_typeattributeset_init(struct cil_typeattributeset **attrset) 2039 { 2040 *attrset = cil_malloc(sizeof(**attrset)); 2041 2042 (*attrset)->attr_str = NULL; 2043 (*attrset)->str_expr = NULL; 2044 (*attrset)->datum_expr = NULL; 2045 } 2046 2047 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr) 2048 { 2049 *expandattr = cil_malloc(sizeof(**expandattr)); 2050 2051 (*expandattr)->attr_strs = NULL; 2052 (*expandattr)->attr_datums = NULL; 2053 (*expandattr)->expand = 0; 2054 } 2055 2056 void cil_alias_init(struct cil_alias **alias) 2057 { 2058 *alias = cil_malloc(sizeof(**alias)); 2059 2060 (*alias)->actual = NULL; 2061 2062 cil_symtab_datum_init(&(*alias)->datum); 2063 } 2064 2065 void cil_aliasactual_init(struct cil_aliasactual **aliasactual) 2066 { 2067 *aliasactual = cil_malloc(sizeof(**aliasactual)); 2068 2069 (*aliasactual)->alias_str = NULL; 2070 (*aliasactual)->actual_str = NULL; 2071 } 2072 2073 void cil_typepermissive_init(struct cil_typepermissive **typeperm) 2074 { 2075 *typeperm = cil_malloc(sizeof(**typeperm)); 2076 2077 (*typeperm)->type_str = NULL; 2078 (*typeperm)->type = NULL; 2079 } 2080 2081 void cil_name_init(struct cil_name **name) 2082 { 2083 *name = cil_malloc(sizeof(**name)); 2084 2085 cil_symtab_datum_init(&(*name)->datum); 2086 (*name)->name_str = NULL; 2087 } 2088 2089 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans) 2090 { 2091 *nametypetrans = cil_malloc(sizeof(**nametypetrans)); 2092 2093 (*nametypetrans)->src_str = NULL; 2094 (*nametypetrans)->src = NULL; 2095 (*nametypetrans)->tgt_str = NULL; 2096 (*nametypetrans)->tgt = NULL; 2097 (*nametypetrans)->obj_str = NULL; 2098 (*nametypetrans)->obj = NULL; 2099 (*nametypetrans)->name_str = NULL; 2100 (*nametypetrans)->name = NULL; 2101 (*nametypetrans)->result_str = NULL; 2102 (*nametypetrans)->result = NULL; 2103 } 2104 2105 void cil_rangetransition_init(struct cil_rangetransition **rangetrans) 2106 { 2107 *rangetrans = cil_malloc(sizeof(**rangetrans)); 2108 2109 (*rangetrans)->src_str = NULL; 2110 (*rangetrans)->src = NULL; 2111 (*rangetrans)->exec_str = NULL; 2112 (*rangetrans)->exec = NULL; 2113 (*rangetrans)->obj_str = NULL; 2114 (*rangetrans)->obj = NULL; 2115 (*rangetrans)->range_str = NULL; 2116 (*rangetrans)->range = NULL; 2117 } 2118 2119 void cil_bool_init(struct cil_bool **cilbool) 2120 { 2121 *cilbool = cil_malloc(sizeof(**cilbool)); 2122 2123 cil_symtab_datum_init(&(*cilbool)->datum); 2124 (*cilbool)->value = 0; 2125 } 2126 2127 void cil_tunable_init(struct cil_tunable **ciltun) 2128 { 2129 *ciltun = cil_malloc(sizeof(**ciltun)); 2130 2131 cil_symtab_datum_init(&(*ciltun)->datum); 2132 (*ciltun)->value = 0; 2133 } 2134 2135 void cil_condblock_init(struct cil_condblock **cb) 2136 { 2137 *cb = cil_malloc(sizeof(**cb)); 2138 2139 (*cb)->flavor = CIL_NONE; 2140 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]); 2141 } 2142 2143 void cil_boolif_init(struct cil_booleanif **bif) 2144 { 2145 *bif = cil_malloc(sizeof(**bif)); 2146 2147 (*bif)->str_expr = NULL; 2148 (*bif)->datum_expr = NULL; 2149 } 2150 2151 void cil_tunif_init(struct cil_tunableif **tif) 2152 { 2153 *tif = cil_malloc(sizeof(**tif)); 2154 2155 (*tif)->str_expr = NULL; 2156 (*tif)->datum_expr = NULL; 2157 } 2158 2159 void cil_avrule_init(struct cil_avrule **avrule) 2160 { 2161 *avrule = cil_malloc(sizeof(**avrule)); 2162 2163 (*avrule)->is_extended = 0; 2164 (*avrule)->rule_kind = CIL_NONE; 2165 (*avrule)->src_str = NULL; 2166 (*avrule)->src = NULL; 2167 (*avrule)->tgt_str = NULL; 2168 (*avrule)->tgt = NULL; 2169 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms)); 2170 } 2171 2172 void cil_permissionx_init(struct cil_permissionx **permx) 2173 { 2174 *permx = cil_malloc(sizeof(**permx)); 2175 2176 cil_symtab_datum_init(&(*permx)->datum); 2177 (*permx)->kind = CIL_NONE; 2178 (*permx)->obj_str = NULL; 2179 (*permx)->obj = NULL; 2180 (*permx)->expr_str = NULL; 2181 (*permx)->perms = NULL; 2182 } 2183 2184 void cil_type_rule_init(struct cil_type_rule **type_rule) 2185 { 2186 *type_rule = cil_malloc(sizeof(**type_rule)); 2187 2188 (*type_rule)->rule_kind = CIL_NONE; 2189 (*type_rule)->src_str = NULL; 2190 (*type_rule)->src = NULL; 2191 (*type_rule)->tgt_str = NULL; 2192 (*type_rule)->tgt = NULL; 2193 (*type_rule)->obj_str = NULL; 2194 (*type_rule)->obj = NULL; 2195 (*type_rule)->result_str = NULL; 2196 (*type_rule)->result = NULL; 2197 } 2198 2199 void cil_roletransition_init(struct cil_roletransition **role_trans) 2200 { 2201 *role_trans = cil_malloc(sizeof(**role_trans)); 2202 2203 (*role_trans)->src_str = NULL; 2204 (*role_trans)->src = NULL; 2205 (*role_trans)->tgt_str = NULL; 2206 (*role_trans)->tgt = NULL; 2207 (*role_trans)->obj_str = NULL; 2208 (*role_trans)->obj = NULL; 2209 (*role_trans)->result_str = NULL; 2210 (*role_trans)->result = NULL; 2211 } 2212 2213 void cil_roleallow_init(struct cil_roleallow **roleallow) 2214 { 2215 *roleallow = cil_malloc(sizeof(**roleallow)); 2216 2217 (*roleallow)->src_str = NULL; 2218 (*roleallow)->src = NULL; 2219 (*roleallow)->tgt_str = NULL; 2220 (*roleallow)->tgt = NULL; 2221 } 2222 2223 void cil_catset_init(struct cil_catset **catset) 2224 { 2225 *catset = cil_malloc(sizeof(**catset)); 2226 2227 cil_symtab_datum_init(&(*catset)->datum); 2228 (*catset)->cats = NULL; 2229 } 2230 2231 void cil_senscat_init(struct cil_senscat **senscat) 2232 { 2233 *senscat = cil_malloc(sizeof(**senscat)); 2234 2235 (*senscat)->sens_str = NULL; 2236 (*senscat)->cats = NULL; 2237 } 2238 2239 void cil_cats_init(struct cil_cats **cats) 2240 { 2241 *cats = cil_malloc(sizeof(**cats)); 2242 2243 (*cats)->evaluated = CIL_FALSE; 2244 (*cats)->str_expr = NULL; 2245 (*cats)->datum_expr = NULL; 2246 } 2247 2248 void cil_filecon_init(struct cil_filecon **filecon) 2249 { 2250 *filecon = cil_malloc(sizeof(**filecon)); 2251 2252 (*filecon)->path_str = NULL; 2253 (*filecon)->type = 0; 2254 (*filecon)->context_str = NULL; 2255 (*filecon)->context = NULL; 2256 } 2257 2258 void cil_portcon_init(struct cil_portcon **portcon) 2259 { 2260 *portcon = cil_malloc(sizeof(**portcon)); 2261 (*portcon)->proto = 0; 2262 (*portcon)->port_low = 0; 2263 (*portcon)->port_high = 0; 2264 (*portcon)->context_str = NULL; 2265 (*portcon)->context = NULL; 2266 } 2267 2268 void cil_nodecon_init(struct cil_nodecon **nodecon) 2269 { 2270 *nodecon = cil_malloc(sizeof(**nodecon)); 2271 2272 (*nodecon)->addr_str = NULL; 2273 (*nodecon)->addr = NULL; 2274 (*nodecon)->mask_str = NULL; 2275 (*nodecon)->mask = NULL; 2276 (*nodecon)->context_str = NULL; 2277 (*nodecon)->context = NULL; 2278 } 2279 2280 void cil_genfscon_init(struct cil_genfscon **genfscon) 2281 { 2282 *genfscon = cil_malloc(sizeof(**genfscon)); 2283 2284 (*genfscon)->fs_str = NULL; 2285 (*genfscon)->path_str = NULL; 2286 (*genfscon)->context_str = NULL; 2287 (*genfscon)->context = NULL; 2288 } 2289 2290 void cil_pirqcon_init(struct cil_pirqcon **pirqcon) 2291 { 2292 *pirqcon = cil_malloc(sizeof(**pirqcon)); 2293 2294 (*pirqcon)->pirq = 0; 2295 (*pirqcon)->context_str = NULL; 2296 (*pirqcon)->context = NULL; 2297 } 2298 2299 void cil_iomemcon_init(struct cil_iomemcon **iomemcon) 2300 { 2301 *iomemcon = cil_malloc(sizeof(**iomemcon)); 2302 2303 (*iomemcon)->iomem_low = 0; 2304 (*iomemcon)->iomem_high = 0; 2305 (*iomemcon)->context_str = NULL; 2306 (*iomemcon)->context = NULL; 2307 } 2308 2309 void cil_ioportcon_init(struct cil_ioportcon **ioportcon) 2310 { 2311 *ioportcon = cil_malloc(sizeof(**ioportcon)); 2312 2313 (*ioportcon)->context_str = NULL; 2314 (*ioportcon)->context = NULL; 2315 } 2316 2317 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon) 2318 { 2319 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon)); 2320 2321 (*pcidevicecon)->dev = 0; 2322 (*pcidevicecon)->context_str = NULL; 2323 (*pcidevicecon)->context = NULL; 2324 } 2325 2326 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon) 2327 { 2328 *dtcon = cil_malloc(sizeof(**dtcon)); 2329 2330 (*dtcon)->path = NULL; 2331 (*dtcon)->context_str = NULL; 2332 (*dtcon)->context = NULL; 2333 } 2334 2335 void cil_fsuse_init(struct cil_fsuse **fsuse) 2336 { 2337 *fsuse = cil_malloc(sizeof(**fsuse)); 2338 2339 (*fsuse)->type = 0; 2340 (*fsuse)->fs_str = NULL; 2341 (*fsuse)->context_str = NULL; 2342 (*fsuse)->context = NULL; 2343 } 2344 2345 void cil_constrain_init(struct cil_constrain **constrain) 2346 { 2347 *constrain = cil_malloc(sizeof(**constrain)); 2348 2349 (*constrain)->classperms = NULL; 2350 (*constrain)->str_expr = NULL; 2351 (*constrain)->datum_expr = NULL; 2352 } 2353 2354 void cil_validatetrans_init(struct cil_validatetrans **validtrans) 2355 { 2356 *validtrans = cil_malloc(sizeof(**validtrans)); 2357 2358 (*validtrans)->class_str = NULL; 2359 (*validtrans)->class = NULL; 2360 (*validtrans)->str_expr = NULL; 2361 (*validtrans)->datum_expr = NULL; 2362 } 2363 2364 void cil_ipaddr_init(struct cil_ipaddr **ipaddr) 2365 { 2366 *ipaddr = cil_malloc(sizeof(**ipaddr)); 2367 2368 cil_symtab_datum_init(&(*ipaddr)->datum); 2369 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip)); 2370 } 2371 2372 void cil_perm_init(struct cil_perm **perm) 2373 { 2374 *perm = cil_malloc(sizeof(**perm)); 2375 2376 cil_symtab_datum_init(&(*perm)->datum); 2377 (*perm)->value = 0; 2378 (*perm)->classperms = NULL; 2379 } 2380 2381 void cil_classpermission_init(struct cil_classpermission **cp) 2382 { 2383 *cp = cil_malloc(sizeof(**cp)); 2384 2385 cil_symtab_datum_init(&(*cp)->datum); 2386 (*cp)->classperms = NULL; 2387 } 2388 2389 void cil_classpermissionset_init(struct cil_classpermissionset **cps) 2390 { 2391 *cps = cil_malloc(sizeof(**cps)); 2392 2393 (*cps)->set_str = NULL; 2394 (*cps)->classperms = NULL; 2395 } 2396 2397 void cil_classperms_set_init(struct cil_classperms_set **cp_set) 2398 { 2399 *cp_set = cil_malloc(sizeof(**cp_set)); 2400 (*cp_set)->set_str = NULL; 2401 (*cp_set)->set = NULL; 2402 } 2403 2404 void cil_classperms_init(struct cil_classperms **cp) 2405 { 2406 *cp = cil_malloc(sizeof(**cp)); 2407 (*cp)->class_str = NULL; 2408 (*cp)->class = NULL; 2409 (*cp)->perm_strs = NULL; 2410 (*cp)->perms = NULL; 2411 } 2412 2413 void cil_classmapping_init(struct cil_classmapping **mapping) 2414 { 2415 *mapping = cil_malloc(sizeof(**mapping)); 2416 2417 (*mapping)->map_class_str = NULL; 2418 (*mapping)->map_perm_str = NULL; 2419 (*mapping)->classperms = NULL; 2420 } 2421 2422 void cil_user_init(struct cil_user **user) 2423 { 2424 *user = cil_malloc(sizeof(**user)); 2425 2426 cil_symtab_datum_init(&(*user)->datum); 2427 (*user)->bounds = NULL; 2428 (*user)->roles = NULL; 2429 (*user)->dftlevel = NULL; 2430 (*user)->range = NULL; 2431 (*user)->value = 0; 2432 } 2433 2434 void cil_userattribute_init(struct cil_userattribute **attr) 2435 { 2436 *attr = cil_malloc(sizeof(**attr)); 2437 2438 cil_symtab_datum_init(&(*attr)->datum); 2439 2440 (*attr)->expr_list = NULL; 2441 (*attr)->users = NULL; 2442 } 2443 2444 void cil_userattributeset_init(struct cil_userattributeset **attrset) 2445 { 2446 *attrset = cil_malloc(sizeof(**attrset)); 2447 2448 (*attrset)->attr_str = NULL; 2449 (*attrset)->str_expr = NULL; 2450 (*attrset)->datum_expr = NULL; 2451 } 2452 2453 void cil_userlevel_init(struct cil_userlevel **usrlvl) 2454 { 2455 *usrlvl = cil_malloc(sizeof(**usrlvl)); 2456 2457 (*usrlvl)->user_str = NULL; 2458 (*usrlvl)->level_str = NULL; 2459 (*usrlvl)->level = NULL; 2460 } 2461 2462 void cil_userrange_init(struct cil_userrange **userrange) 2463 { 2464 *userrange = cil_malloc(sizeof(**userrange)); 2465 2466 (*userrange)->user_str = NULL; 2467 (*userrange)->range_str = NULL; 2468 (*userrange)->range = NULL; 2469 } 2470 2471 void cil_role_init(struct cil_role **role) 2472 { 2473 *role = cil_malloc(sizeof(**role)); 2474 2475 cil_symtab_datum_init(&(*role)->datum); 2476 (*role)->bounds = NULL; 2477 (*role)->types = NULL; 2478 (*role)->value = 0; 2479 } 2480 2481 void cil_type_init(struct cil_type **type) 2482 { 2483 *type = cil_malloc(sizeof(**type)); 2484 2485 cil_symtab_datum_init(&(*type)->datum); 2486 (*type)->bounds = NULL; 2487 (*type)->value = 0; 2488 } 2489 2490 void cil_cat_init(struct cil_cat **cat) 2491 { 2492 *cat = cil_malloc(sizeof(**cat)); 2493 2494 cil_symtab_datum_init(&(*cat)->datum); 2495 (*cat)->ordered = CIL_FALSE; 2496 (*cat)->value = 0; 2497 } 2498 2499 void cil_catorder_init(struct cil_catorder **catorder) 2500 { 2501 *catorder = cil_malloc(sizeof(**catorder)); 2502 2503 (*catorder)->cat_list_str = NULL; 2504 } 2505 2506 void cil_sensorder_init(struct cil_sensorder **sensorder) 2507 { 2508 *sensorder = cil_malloc(sizeof(**sensorder)); 2509 2510 (*sensorder)->sens_list_str = NULL; 2511 } 2512 2513 void cil_args_init(struct cil_args **args) 2514 { 2515 *args = cil_malloc(sizeof(**args)); 2516 (*args)->arg_str = NULL; 2517 (*args)->arg = NULL; 2518 (*args)->param_str = NULL; 2519 (*args)->flavor = CIL_NONE; 2520 } 2521 2522 void cil_call_init(struct cil_call **call) 2523 { 2524 *call = cil_malloc(sizeof(**call)); 2525 2526 (*call)->macro_str = NULL; 2527 (*call)->macro = NULL; 2528 (*call)->args_tree = NULL; 2529 (*call)->args = NULL; 2530 (*call)->copied = 0; 2531 } 2532 2533 void cil_optional_init(struct cil_optional **optional) 2534 { 2535 *optional = cil_malloc(sizeof(**optional)); 2536 (*optional)->enabled = CIL_TRUE; 2537 cil_symtab_datum_init(&(*optional)->datum); 2538 } 2539 2540 void cil_param_init(struct cil_param **param) 2541 { 2542 *param = cil_malloc(sizeof(**param)); 2543 2544 (*param)->str = NULL; 2545 (*param)->flavor = CIL_NONE; 2546 } 2547 2548 void cil_macro_init(struct cil_macro **macro) 2549 { 2550 *macro = cil_malloc(sizeof(**macro)); 2551 2552 cil_symtab_datum_init(&(*macro)->datum); 2553 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]); 2554 (*macro)->params = NULL; 2555 } 2556 2557 void cil_policycap_init(struct cil_policycap **policycap) 2558 { 2559 *policycap = cil_malloc(sizeof(**policycap)); 2560 2561 cil_symtab_datum_init(&(*policycap)->datum); 2562 } 2563 2564 void cil_bounds_init(struct cil_bounds **bounds) 2565 { 2566 *bounds = cil_malloc(sizeof(**bounds)); 2567 2568 (*bounds)->parent_str = NULL; 2569 (*bounds)->child_str = NULL; 2570 } 2571 2572 void cil_default_init(struct cil_default **def) 2573 { 2574 *def = cil_malloc(sizeof(**def)); 2575 2576 (*def)->flavor = CIL_NONE; 2577 (*def)->class_strs = NULL; 2578 (*def)->class_datums = NULL; 2579 } 2580 2581 void cil_defaultrange_init(struct cil_defaultrange **def) 2582 { 2583 *def = cil_malloc(sizeof(**def)); 2584 2585 (*def)->class_strs = NULL; 2586 (*def)->class_datums = NULL; 2587 } 2588 2589 void cil_handleunknown_init(struct cil_handleunknown **unk) 2590 { 2591 *unk = cil_malloc(sizeof(**unk)); 2592 } 2593 2594 void cil_mls_init(struct cil_mls **mls) 2595 { 2596 *mls = cil_malloc(sizeof(**mls)); 2597 (*mls)->value = 0; 2598 } 2599 2600 void cil_src_info_init(struct cil_src_info **info) 2601 { 2602 *info = cil_malloc(sizeof(**info)); 2603 (*info)->is_cil = 0; 2604 (*info)->path = NULL; 2605 } 2606