1 /* 2 * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * 1. Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * The views and conclusions contained in the software and documentation are those 26 * of the authors and should not be interpreted as representing official policies, 27 * either expressed or implied, of Tresys Technology, LLC. 28 */ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 33 #include <sepol/policydb/policydb.h> 34 #include <sepol/policydb/symtab.h> 35 36 #include "cil_internal.h" 37 #include "cil_flavor.h" 38 #include "cil_log.h" 39 #include "cil_mem.h" 40 #include "cil_tree.h" 41 #include "cil_list.h" 42 #include "cil_symtab.h" 43 #include "cil_build_ast.h" 44 45 #include "cil_parser.h" 46 #include "cil_build_ast.h" 47 #include "cil_resolve_ast.h" 48 #include "cil_fqn.h" 49 #include "cil_post.h" 50 #include "cil_binary.h" 51 #include "cil_policy.h" 52 #include "cil_strpool.h" 53 #include "dso.h" 54 55 #ifndef DISABLE_SYMVER 56 asm(".symver cil_build_policydb_pdb, cil_build_policydb (at) LIBSEPOL_1.0"); 57 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); 58 59 asm(".symver cil_compile_pdb, cil_compile (at) LIBSEPOL_1.0"); 60 asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1"); 61 62 asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string (at) LIBSEPOL_1.0"); 63 asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1"); 64 65 asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string (at) LIBSEPOL_1.0"); 66 asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1"); 67 68 asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string (at) LIBSEPOL_1.0"); 69 asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1"); 70 #endif 71 72 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { 73 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 74 {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, 75 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 76 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 77 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} 78 }; 79 80 static void cil_init_keys(void) 81 { 82 /* Initialize CIL Keys into strpool */ 83 CIL_KEY_CONS_T1 = cil_strpool_add("t1"); 84 CIL_KEY_CONS_T2 = cil_strpool_add("t2"); 85 CIL_KEY_CONS_T3 = cil_strpool_add("t3"); 86 CIL_KEY_CONS_R1 = cil_strpool_add("r1"); 87 CIL_KEY_CONS_R2 = cil_strpool_add("r2"); 88 CIL_KEY_CONS_R3 = cil_strpool_add("r3"); 89 CIL_KEY_CONS_U1 = cil_strpool_add("u1"); 90 CIL_KEY_CONS_U2 = cil_strpool_add("u2"); 91 CIL_KEY_CONS_U3 = cil_strpool_add("u3"); 92 CIL_KEY_CONS_L1 = cil_strpool_add("l1"); 93 CIL_KEY_CONS_L2 = cil_strpool_add("l2"); 94 CIL_KEY_CONS_H1 = cil_strpool_add("h1"); 95 CIL_KEY_CONS_H2 = cil_strpool_add("h2"); 96 CIL_KEY_AND = cil_strpool_add("and"); 97 CIL_KEY_OR = cil_strpool_add("or"); 98 CIL_KEY_NOT = cil_strpool_add("not"); 99 CIL_KEY_EQ = cil_strpool_add("eq"); 100 CIL_KEY_NEQ = cil_strpool_add("neq"); 101 CIL_KEY_CONS_DOM = cil_strpool_add("dom"); 102 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby"); 103 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp"); 104 CIL_KEY_CONDTRUE = cil_strpool_add("true"); 105 CIL_KEY_CONDFALSE = cil_strpool_add("false"); 106 CIL_KEY_SELF = cil_strpool_add("self"); 107 CIL_KEY_OBJECT_R = cil_strpool_add("object_r"); 108 CIL_KEY_STAR = cil_strpool_add("*"); 109 CIL_KEY_UDP = cil_strpool_add("udp"); 110 CIL_KEY_TCP = cil_strpool_add("tcp"); 111 CIL_KEY_DCCP = cil_strpool_add("dccp"); 112 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); 113 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); 114 CIL_KEY_ALLOW = cil_strpool_add("allow"); 115 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit"); 116 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition"); 117 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange"); 118 CIL_KEY_CALL = cil_strpool_add("call"); 119 CIL_KEY_TUNABLE = cil_strpool_add("tunable"); 120 CIL_KEY_XOR = cil_strpool_add("xor"); 121 CIL_KEY_ALL = cil_strpool_add("all"); 122 CIL_KEY_RANGE = cil_strpool_add("range"); 123 CIL_KEY_TYPE = cil_strpool_add("type"); 124 CIL_KEY_ROLE = cil_strpool_add("role"); 125 CIL_KEY_USER = cil_strpool_add("user"); 126 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute"); 127 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset"); 128 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity"); 129 CIL_KEY_CATEGORY = cil_strpool_add("category"); 130 CIL_KEY_CATSET = cil_strpool_add("categoryset"); 131 CIL_KEY_LEVEL = cil_strpool_add("level"); 132 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange"); 133 CIL_KEY_CLASS = cil_strpool_add("class"); 134 CIL_KEY_IPADDR = cil_strpool_add("ipaddr"); 135 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap"); 136 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission"); 137 CIL_KEY_BOOL = cil_strpool_add("boolean"); 138 CIL_KEY_STRING = cil_strpool_add("string"); 139 CIL_KEY_NAME = cil_strpool_add("name"); 140 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown"); 141 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow"); 142 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny"); 143 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject"); 144 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit"); 145 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract"); 146 CIL_KEY_CLASSORDER = cil_strpool_add("classorder"); 147 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping"); 148 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset"); 149 CIL_KEY_COMMON = cil_strpool_add("common"); 150 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon"); 151 CIL_KEY_SID = cil_strpool_add("sid"); 152 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext"); 153 CIL_KEY_SIDORDER = cil_strpool_add("sidorder"); 154 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel"); 155 CIL_KEY_USERRANGE = cil_strpool_add("userrange"); 156 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds"); 157 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix"); 158 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser"); 159 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault"); 160 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute"); 161 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset"); 162 CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute"); 163 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias"); 164 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual"); 165 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds"); 166 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive"); 167 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition"); 168 CIL_KEY_USERROLE = cil_strpool_add("userrole"); 169 CIL_KEY_ROLETYPE = cil_strpool_add("roletype"); 170 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition"); 171 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow"); 172 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute"); 173 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset"); 174 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds"); 175 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif"); 176 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow"); 177 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember"); 178 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias"); 179 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual"); 180 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias"); 181 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual"); 182 CIL_KEY_CATORDER = cil_strpool_add("categoryorder"); 183 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder"); 184 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory"); 185 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain"); 186 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain"); 187 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans"); 188 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans"); 189 CIL_KEY_CONTEXT = cil_strpool_add("context"); 190 CIL_KEY_FILECON = cil_strpool_add("filecon"); 191 CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon"); 192 CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon"); 193 CIL_KEY_PORTCON = cil_strpool_add("portcon"); 194 CIL_KEY_NODECON = cil_strpool_add("nodecon"); 195 CIL_KEY_GENFSCON = cil_strpool_add("genfscon"); 196 CIL_KEY_NETIFCON = cil_strpool_add("netifcon"); 197 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon"); 198 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon"); 199 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon"); 200 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon"); 201 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon"); 202 CIL_KEY_FSUSE = cil_strpool_add("fsuse"); 203 CIL_KEY_POLICYCAP = cil_strpool_add("policycap"); 204 CIL_KEY_OPTIONAL = cil_strpool_add("optional"); 205 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser"); 206 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole"); 207 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype"); 208 CIL_KEY_MACRO = cil_strpool_add("macro"); 209 CIL_KEY_IN = cil_strpool_add("in"); 210 CIL_KEY_MLS = cil_strpool_add("mls"); 211 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange"); 212 CIL_KEY_GLOB = cil_strpool_add("*"); 213 CIL_KEY_FILE = cil_strpool_add("file"); 214 CIL_KEY_DIR = cil_strpool_add("dir"); 215 CIL_KEY_CHAR = cil_strpool_add("char"); 216 CIL_KEY_BLOCK = cil_strpool_add("block"); 217 CIL_KEY_SOCKET = cil_strpool_add("socket"); 218 CIL_KEY_PIPE = cil_strpool_add("pipe"); 219 CIL_KEY_SYMLINK = cil_strpool_add("symlink"); 220 CIL_KEY_ANY = cil_strpool_add("any"); 221 CIL_KEY_XATTR = cil_strpool_add("xattr"); 222 CIL_KEY_TASK = cil_strpool_add("task"); 223 CIL_KEY_TRANS = cil_strpool_add("trans"); 224 CIL_KEY_SOURCE = cil_strpool_add("source"); 225 CIL_KEY_TARGET = cil_strpool_add("target"); 226 CIL_KEY_LOW = cil_strpool_add("low"); 227 CIL_KEY_HIGH = cil_strpool_add("high"); 228 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high"); 229 CIL_KEY_ROOT = cil_strpool_add("<root>"); 230 CIL_KEY_NODE = cil_strpool_add("<node>"); 231 CIL_KEY_PERM = cil_strpool_add("perm"); 232 CIL_KEY_ALLOWX = cil_strpool_add("allowx"); 233 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx"); 234 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx"); 235 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx"); 236 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx"); 237 CIL_KEY_IOCTL = cil_strpool_add("ioctl"); 238 CIL_KEY_UNORDERED = cil_strpool_add("unordered"); 239 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>"); 240 CIL_KEY_SRC_CIL = cil_strpool_add("<src_cil>"); 241 CIL_KEY_SRC_HLL = cil_strpool_add("<src_hll>"); 242 } 243 244 void cil_db_init(struct cil_db **db) 245 { 246 *db = cil_malloc(sizeof(**db)); 247 248 cil_strpool_init(); 249 cil_init_keys(); 250 251 cil_tree_init(&(*db)->parse); 252 cil_tree_init(&(*db)->ast); 253 cil_root_init((struct cil_root **)&(*db)->ast->root->data); 254 (*db)->sidorder = NULL; 255 (*db)->classorder = NULL; 256 (*db)->catorder = NULL; 257 (*db)->sensitivityorder = NULL; 258 cil_sort_init(&(*db)->netifcon); 259 cil_sort_init(&(*db)->genfscon); 260 cil_sort_init(&(*db)->filecon); 261 cil_sort_init(&(*db)->nodecon); 262 cil_sort_init(&(*db)->ibpkeycon); 263 cil_sort_init(&(*db)->ibendportcon); 264 cil_sort_init(&(*db)->portcon); 265 cil_sort_init(&(*db)->pirqcon); 266 cil_sort_init(&(*db)->iomemcon); 267 cil_sort_init(&(*db)->ioportcon); 268 cil_sort_init(&(*db)->pcidevicecon); 269 cil_sort_init(&(*db)->devicetreecon); 270 cil_sort_init(&(*db)->fsuse); 271 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM); 272 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM); 273 cil_list_init(&(*db)->names, CIL_LIST_ITEM); 274 275 cil_type_init(&(*db)->selftype); 276 (*db)->selftype->datum.name = CIL_KEY_SELF; 277 (*db)->selftype->datum.fqn = CIL_KEY_SELF; 278 (*db)->num_types_and_attrs = 0; 279 (*db)->num_classes = 0; 280 (*db)->num_types = 0; 281 (*db)->num_roles = 0; 282 (*db)->num_users = 0; 283 (*db)->num_cats = 0; 284 (*db)->val_to_type = NULL; 285 (*db)->val_to_role = NULL; 286 (*db)->val_to_user = NULL; 287 288 (*db)->disable_dontaudit = CIL_FALSE; 289 (*db)->disable_neverallow = CIL_FALSE; 290 (*db)->attrs_expand_generated = CIL_FALSE; 291 (*db)->attrs_expand_size = 1; 292 (*db)->preserve_tunables = CIL_FALSE; 293 (*db)->handle_unknown = -1; 294 (*db)->mls = -1; 295 (*db)->target_platform = SEPOL_TARGET_SELINUX; 296 (*db)->policy_version = POLICYDB_VERSION_MAX; 297 } 298 299 void cil_db_destroy(struct cil_db **db) 300 { 301 if (db == NULL || *db == NULL) { 302 return; 303 } 304 305 cil_tree_destroy(&(*db)->parse); 306 cil_tree_destroy(&(*db)->ast); 307 cil_list_destroy(&(*db)->sidorder, CIL_FALSE); 308 cil_list_destroy(&(*db)->classorder, CIL_FALSE); 309 cil_list_destroy(&(*db)->catorder, CIL_FALSE); 310 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE); 311 cil_sort_destroy(&(*db)->netifcon); 312 cil_sort_destroy(&(*db)->genfscon); 313 cil_sort_destroy(&(*db)->filecon); 314 cil_sort_destroy(&(*db)->nodecon); 315 cil_sort_destroy(&(*db)->ibpkeycon); 316 cil_sort_destroy(&(*db)->ibendportcon); 317 cil_sort_destroy(&(*db)->portcon); 318 cil_sort_destroy(&(*db)->pirqcon); 319 cil_sort_destroy(&(*db)->iomemcon); 320 cil_sort_destroy(&(*db)->ioportcon); 321 cil_sort_destroy(&(*db)->pcidevicecon); 322 cil_sort_destroy(&(*db)->devicetreecon); 323 cil_sort_destroy(&(*db)->fsuse); 324 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE); 325 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE); 326 cil_list_destroy(&(*db)->names, CIL_TRUE); 327 328 cil_destroy_type((*db)->selftype); 329 330 cil_strpool_destroy(); 331 free((*db)->val_to_type); 332 free((*db)->val_to_role); 333 free((*db)->val_to_user); 334 335 free(*db); 336 *db = NULL; 337 } 338 339 void cil_root_init(struct cil_root **root) 340 { 341 struct cil_root *r = cil_malloc(sizeof(*r)); 342 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]); 343 344 *root = r; 345 } 346 347 void cil_root_destroy(struct cil_root *root) 348 { 349 if (root == NULL) { 350 return; 351 } 352 cil_symtab_array_destroy(root->symtab); 353 free(root); 354 } 355 356 int cil_add_file(cil_db_t *db, char *name, char *data, size_t size) 357 { 358 char *buffer = NULL; 359 int rc; 360 361 cil_log(CIL_INFO, "Parsing %s\n", name); 362 363 buffer = cil_malloc(size + 2); 364 memcpy(buffer, data, size); 365 memset(buffer + size, 0, 2); 366 367 rc = cil_parser(name, buffer, size + 2, &db->parse); 368 if (rc != SEPOL_OK) { 369 cil_log(CIL_INFO, "Failed to parse %s\n", name); 370 goto exit; 371 } 372 373 free(buffer); 374 buffer = NULL; 375 376 rc = SEPOL_OK; 377 378 exit: 379 free(buffer); 380 381 return rc; 382 } 383 384 #ifdef DISABLE_SYMVER 385 int cil_compile(struct cil_db *db) 386 #else 387 int cil_compile_nopdb(struct cil_db *db) 388 #endif 389 { 390 int rc = SEPOL_ERR; 391 392 if (db == NULL) { 393 goto exit; 394 } 395 396 cil_log(CIL_INFO, "Building AST from Parse Tree\n"); 397 rc = cil_build_ast(db, db->parse->root, db->ast->root); 398 if (rc != SEPOL_OK) { 399 cil_log(CIL_INFO, "Failed to build ast\n"); 400 goto exit; 401 } 402 403 cil_log(CIL_INFO, "Destroying Parse Tree\n"); 404 cil_tree_destroy(&db->parse); 405 406 cil_log(CIL_INFO, "Resolving AST\n"); 407 rc = cil_resolve_ast(db, db->ast->root); 408 if (rc != SEPOL_OK) { 409 cil_log(CIL_INFO, "Failed to resolve ast\n"); 410 goto exit; 411 } 412 413 cil_log(CIL_INFO, "Qualifying Names\n"); 414 rc = cil_fqn_qualify(db->ast->root); 415 if (rc != SEPOL_OK) { 416 cil_log(CIL_INFO, "Failed to qualify names\n"); 417 goto exit; 418 } 419 420 cil_log(CIL_INFO, "Compile post process\n"); 421 rc = cil_post_process(db); 422 if (rc != SEPOL_OK ) { 423 cil_log(CIL_INFO, "Post process failed\n"); 424 goto exit; 425 } 426 427 exit: 428 429 return rc; 430 } 431 432 #ifndef DISABLE_SYMVER 433 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) 434 { 435 return cil_compile_nopdb(db); 436 } 437 438 int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db) 439 { 440 int rc; 441 442 cil_log(CIL_INFO, "Building policy binary\n"); 443 rc = cil_binary_create_allocated_pdb(db, sepol_db); 444 if (rc != SEPOL_OK) { 445 cil_log(CIL_ERR, "Failed to generate binary\n"); 446 goto exit; 447 } 448 449 exit: 450 return rc; 451 } 452 #endif 453 454 #ifdef DISABLE_SYMVER 455 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) 456 #else 457 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) 458 #endif 459 { 460 int rc; 461 462 cil_log(CIL_INFO, "Building policy binary\n"); 463 rc = cil_binary_create(db, sepol_db); 464 if (rc != SEPOL_OK) { 465 cil_log(CIL_ERR, "Failed to generate binary\n"); 466 goto exit; 467 } 468 469 exit: 470 return rc; 471 } 472 473 void cil_write_policy_conf(FILE *out, struct cil_db *db) 474 { 475 cil_log(CIL_INFO, "Writing policy.conf file\n"); 476 cil_gen_policy(out, db); 477 } 478 479 void cil_destroy_data(void **data, enum cil_flavor flavor) 480 { 481 if (*data == NULL) { 482 return; 483 } 484 485 switch(flavor) { 486 case CIL_NONE: 487 break; 488 case CIL_ROOT: 489 cil_root_destroy(*data); 490 break; 491 case CIL_NODE: 492 break; 493 case CIL_STRING: 494 break; 495 case CIL_DATUM: 496 break; 497 case CIL_LIST: 498 cil_list_destroy(*data, CIL_FALSE); 499 break; 500 case CIL_LIST_ITEM: 501 break; 502 case CIL_PARAM: 503 cil_destroy_param(*data); 504 break; 505 case CIL_ARGS: 506 cil_destroy_args(*data); 507 break; 508 case CIL_BLOCK: 509 cil_destroy_block(*data); 510 break; 511 case CIL_BLOCKINHERIT: 512 cil_destroy_blockinherit(*data); 513 break; 514 case CIL_BLOCKABSTRACT: 515 cil_destroy_blockabstract(*data); 516 break; 517 case CIL_IN: 518 cil_destroy_in(*data); 519 break; 520 case CIL_MACRO: 521 cil_destroy_macro(*data); 522 break; 523 case CIL_CALL: 524 cil_destroy_call(*data); 525 break; 526 case CIL_OPTIONAL: 527 cil_destroy_optional(*data); 528 break; 529 case CIL_BOOL: 530 cil_destroy_bool(*data); 531 break; 532 case CIL_BOOLEANIF: 533 cil_destroy_boolif(*data); 534 break; 535 case CIL_TUNABLE: 536 cil_destroy_tunable(*data); 537 break; 538 case CIL_TUNABLEIF: 539 cil_destroy_tunif(*data); 540 break; 541 case CIL_CONDBLOCK: 542 cil_destroy_condblock(*data); 543 break; 544 case CIL_CONDTRUE: 545 break; 546 case CIL_CONDFALSE: 547 break; 548 case CIL_PERM: 549 case CIL_MAP_PERM: 550 cil_destroy_perm(*data); 551 break; 552 case CIL_COMMON: 553 case CIL_CLASS: 554 case CIL_MAP_CLASS: 555 cil_destroy_class(*data); 556 break; 557 case CIL_CLASSORDER: 558 cil_destroy_classorder(*data); 559 break; 560 case CIL_CLASSPERMISSION: 561 cil_destroy_classpermission(*data); 562 break; 563 case CIL_CLASSCOMMON: 564 cil_destroy_classcommon(*data); 565 break; 566 case CIL_CLASSMAPPING: 567 cil_destroy_classmapping(*data); 568 break; 569 case CIL_CLASSPERMS: 570 cil_destroy_classperms(*data); 571 break; 572 case CIL_CLASSPERMS_SET: 573 cil_destroy_classperms_set(*data); 574 break; 575 case CIL_CLASSPERMISSIONSET: 576 cil_destroy_classpermissionset(*data); 577 break; 578 case CIL_USER: 579 cil_destroy_user(*data); 580 break; 581 case CIL_USERATTRIBUTE: 582 cil_destroy_userattribute(*data); 583 break; 584 case CIL_USERATTRIBUTESET: 585 cil_destroy_userattributeset(*data); 586 break; 587 case CIL_USERPREFIX: 588 cil_destroy_userprefix(*data); 589 break; 590 case CIL_USERROLE: 591 cil_destroy_userrole(*data); 592 break; 593 case CIL_USERLEVEL: 594 cil_destroy_userlevel(*data); 595 break; 596 case CIL_USERRANGE: 597 cil_destroy_userrange(*data); 598 break; 599 case CIL_USERBOUNDS: 600 cil_destroy_bounds(*data); 601 break; 602 case CIL_SELINUXUSER: 603 case CIL_SELINUXUSERDEFAULT: 604 cil_destroy_selinuxuser(*data); 605 break; 606 case CIL_ROLE: 607 cil_destroy_role(*data); 608 break; 609 case CIL_ROLEATTRIBUTE: 610 cil_destroy_roleattribute(*data); 611 break; 612 case CIL_ROLEATTRIBUTESET: 613 cil_destroy_roleattributeset(*data); 614 break; 615 case CIL_ROLETYPE: 616 cil_destroy_roletype(*data); 617 break; 618 case CIL_ROLEBOUNDS: 619 cil_destroy_bounds(*data); 620 break; 621 case CIL_TYPE: 622 cil_destroy_type(*data); 623 break; 624 case CIL_TYPEATTRIBUTE: 625 cil_destroy_typeattribute(*data); 626 break; 627 case CIL_TYPEALIAS: 628 cil_destroy_alias(*data); 629 break; 630 case CIL_TYPEATTRIBUTESET: 631 cil_destroy_typeattributeset(*data); 632 break; 633 case CIL_EXPANDTYPEATTRIBUTE: 634 cil_destroy_expandtypeattribute(*data); 635 break; 636 case CIL_TYPEALIASACTUAL: 637 cil_destroy_aliasactual(*data); 638 break; 639 case CIL_TYPEBOUNDS: 640 cil_destroy_bounds(*data); 641 break; 642 case CIL_TYPEPERMISSIVE: 643 cil_destroy_typepermissive(*data); 644 break; 645 case CIL_SENS: 646 cil_destroy_sensitivity(*data); 647 break; 648 case CIL_SENSALIAS: 649 cil_destroy_alias(*data); 650 break; 651 case CIL_SENSALIASACTUAL: 652 cil_destroy_aliasactual(*data); 653 break; 654 case CIL_SENSITIVITYORDER: 655 cil_destroy_sensitivityorder(*data); 656 break; 657 case CIL_SENSCAT: 658 cil_destroy_senscat(*data); 659 break; 660 case CIL_CAT: 661 cil_destroy_category(*data); 662 break; 663 case CIL_CATSET: 664 cil_destroy_catset(*data); 665 break; 666 case CIL_CATALIAS: 667 cil_destroy_alias(*data); 668 break; 669 case CIL_CATALIASACTUAL: 670 cil_destroy_aliasactual(*data); 671 break; 672 case CIL_CATORDER: 673 cil_destroy_catorder(*data); 674 break; 675 case CIL_LEVEL: 676 cil_destroy_level(*data); 677 break; 678 case CIL_LEVELRANGE: 679 cil_destroy_levelrange(*data); 680 break; 681 case CIL_SID: 682 cil_destroy_sid(*data); 683 break; 684 case CIL_SIDORDER: 685 cil_destroy_sidorder(*data); 686 break; 687 case CIL_NAME: 688 cil_destroy_name(*data); 689 break; 690 case CIL_ROLEALLOW: 691 cil_destroy_roleallow(*data); 692 break; 693 case CIL_AVRULE: 694 case CIL_AVRULEX: 695 cil_destroy_avrule(*data); 696 break; 697 case CIL_PERMISSIONX: 698 cil_destroy_permissionx(*data); 699 break; 700 case CIL_ROLETRANSITION: 701 cil_destroy_roletransition(*data); 702 break; 703 case CIL_TYPE_RULE: 704 cil_destroy_type_rule(*data); 705 break; 706 case CIL_NAMETYPETRANSITION: 707 cil_destroy_typetransition(*data); 708 break; 709 case CIL_RANGETRANSITION: 710 cil_destroy_rangetransition(*data); 711 break; 712 case CIL_CONSTRAIN: 713 cil_destroy_constrain(*data); 714 break; 715 case CIL_MLSCONSTRAIN: 716 cil_destroy_constrain(*data); 717 break; 718 case CIL_VALIDATETRANS: 719 case CIL_MLSVALIDATETRANS: 720 cil_destroy_validatetrans(*data); 721 break; 722 case CIL_CONTEXT: 723 cil_destroy_context(*data); 724 break; 725 case CIL_IPADDR: 726 cil_destroy_ipaddr(*data); 727 break; 728 case CIL_SIDCONTEXT: 729 cil_destroy_sidcontext(*data); 730 break; 731 case CIL_FSUSE: 732 cil_destroy_fsuse(*data); 733 break; 734 case CIL_FILECON: 735 cil_destroy_filecon(*data); 736 break; 737 case CIL_IBPKEYCON: 738 cil_destroy_ibpkeycon(*data); 739 break; 740 case CIL_PORTCON: 741 cil_destroy_portcon(*data); 742 break; 743 case CIL_IBENDPORTCON: 744 cil_destroy_ibendportcon(*data); 745 break; 746 case CIL_NODECON: 747 cil_destroy_nodecon(*data); 748 break; 749 case CIL_GENFSCON: 750 cil_destroy_genfscon(*data); 751 break; 752 case CIL_NETIFCON: 753 cil_destroy_netifcon(*data); 754 break; 755 case CIL_PIRQCON: 756 cil_destroy_pirqcon(*data); 757 break; 758 case CIL_IOMEMCON: 759 cil_destroy_iomemcon(*data); 760 break; 761 case CIL_IOPORTCON: 762 cil_destroy_ioportcon(*data); 763 break; 764 case CIL_PCIDEVICECON: 765 cil_destroy_pcidevicecon(*data); 766 break; 767 case CIL_DEVICETREECON: 768 cil_destroy_devicetreecon(*data); 769 break; 770 case CIL_POLICYCAP: 771 cil_destroy_policycap(*data); 772 break; 773 case CIL_DEFAULTUSER: 774 case CIL_DEFAULTROLE: 775 case CIL_DEFAULTTYPE: 776 cil_destroy_default(*data); 777 break; 778 case CIL_DEFAULTRANGE: 779 cil_destroy_defaultrange(*data); 780 break; 781 case CIL_HANDLEUNKNOWN: 782 cil_destroy_handleunknown(*data); 783 break; 784 case CIL_MLS: 785 cil_destroy_mls(*data); 786 break; 787 case CIL_SRC_INFO: 788 cil_destroy_src_info(*data); 789 break; 790 case CIL_OP: 791 case CIL_CONS_OPERAND: 792 break; 793 default: 794 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor); 795 break; 796 } 797 798 *data = NULL; 799 } 800 801 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index) 802 { 803 if (flavor < CIL_MIN_DECLARATIVE) { 804 return SEPOL_ERR; 805 } 806 807 switch(flavor) { 808 case CIL_BLOCK: 809 *sym_index = CIL_SYM_BLOCKS; 810 break; 811 case CIL_MACRO: 812 *sym_index = CIL_SYM_BLOCKS; 813 break; 814 case CIL_OPTIONAL: 815 *sym_index = CIL_SYM_BLOCKS; 816 break; 817 case CIL_BOOL: 818 *sym_index = CIL_SYM_BOOLS; 819 break; 820 case CIL_TUNABLE: 821 *sym_index = CIL_SYM_TUNABLES; 822 break; 823 case CIL_PERM: 824 case CIL_MAP_PERM: 825 *sym_index = CIL_SYM_PERMS; 826 break; 827 case CIL_COMMON: 828 *sym_index = CIL_SYM_COMMONS; 829 break; 830 case CIL_CLASS: 831 case CIL_MAP_CLASS: 832 *sym_index = CIL_SYM_CLASSES; 833 break; 834 case CIL_CLASSPERMISSION: 835 case CIL_CLASSPERMISSIONSET: 836 *sym_index = CIL_SYM_CLASSPERMSETS; 837 break; 838 case CIL_USER: 839 case CIL_USERATTRIBUTE: 840 *sym_index = CIL_SYM_USERS; 841 break; 842 case CIL_ROLE: 843 case CIL_ROLEATTRIBUTE: 844 *sym_index = CIL_SYM_ROLES; 845 break; 846 case CIL_TYPE: 847 case CIL_TYPEALIAS: 848 case CIL_TYPEATTRIBUTE: 849 *sym_index = CIL_SYM_TYPES; 850 break; 851 case CIL_SENS: 852 case CIL_SENSALIAS: 853 *sym_index = CIL_SYM_SENS; 854 break; 855 case CIL_CAT: 856 case CIL_CATSET: 857 case CIL_CATALIAS: 858 *sym_index = CIL_SYM_CATS; 859 break; 860 case CIL_LEVEL: 861 *sym_index = CIL_SYM_LEVELS; 862 break; 863 case CIL_LEVELRANGE: 864 *sym_index = CIL_SYM_LEVELRANGES; 865 break; 866 case CIL_SID: 867 *sym_index = CIL_SYM_SIDS; 868 break; 869 case CIL_NAME: 870 *sym_index = CIL_SYM_NAMES; 871 break; 872 case CIL_CONTEXT: 873 *sym_index = CIL_SYM_CONTEXTS; 874 break; 875 case CIL_IPADDR: 876 *sym_index = CIL_SYM_IPADDRS; 877 break; 878 case CIL_POLICYCAP: 879 *sym_index = CIL_SYM_POLICYCAPS; 880 break; 881 case CIL_PERMISSIONX: 882 *sym_index = CIL_SYM_PERMX; 883 break; 884 default: 885 *sym_index = CIL_SYM_UNKNOWN; 886 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor); 887 return SEPOL_ERR; 888 } 889 890 return SEPOL_OK; 891 } 892 893 const char * cil_node_to_string(struct cil_tree_node *node) 894 { 895 switch (node->flavor) { 896 case CIL_NONE: 897 return "<none>"; 898 case CIL_ROOT: 899 return CIL_KEY_ROOT; 900 case CIL_NODE: 901 return CIL_KEY_NODE; 902 case CIL_STRING: 903 return "string"; 904 case CIL_DATUM: 905 return "<datum>"; 906 case CIL_LIST: 907 return "<list>"; 908 case CIL_LIST_ITEM: 909 return "<list_item>"; 910 case CIL_PARAM: 911 return "<param>"; 912 case CIL_ARGS: 913 return "<args>"; 914 case CIL_BLOCK: 915 return CIL_KEY_BLOCK; 916 case CIL_BLOCKINHERIT: 917 return CIL_KEY_BLOCKINHERIT; 918 case CIL_BLOCKABSTRACT: 919 return CIL_KEY_BLOCKABSTRACT; 920 case CIL_IN: 921 return CIL_KEY_IN; 922 case CIL_MACRO: 923 return CIL_KEY_MACRO; 924 case CIL_CALL: 925 return CIL_KEY_CALL; 926 case CIL_OPTIONAL: 927 return CIL_KEY_OPTIONAL; 928 case CIL_BOOL: 929 return CIL_KEY_BOOL; 930 case CIL_BOOLEANIF: 931 return CIL_KEY_BOOLEANIF; 932 case CIL_TUNABLE: 933 return CIL_KEY_TUNABLE; 934 case CIL_TUNABLEIF: 935 return CIL_KEY_TUNABLEIF; 936 case CIL_CONDBLOCK: 937 switch (((struct cil_condblock*)node->data)->flavor) { 938 case CIL_CONDTRUE: 939 return CIL_KEY_CONDTRUE; 940 case CIL_CONDFALSE: 941 return CIL_KEY_CONDFALSE; 942 default: 943 break; 944 } 945 break; 946 case CIL_CONDTRUE: 947 return CIL_KEY_CONDTRUE; 948 case CIL_CONDFALSE: 949 return CIL_KEY_CONDFALSE; 950 case CIL_PERM: 951 return CIL_KEY_PERM; 952 case CIL_COMMON: 953 return CIL_KEY_COMMON; 954 case CIL_CLASS: 955 return CIL_KEY_CLASS; 956 case CIL_CLASSORDER: 957 return CIL_KEY_CLASSORDER; 958 case CIL_MAP_CLASS: 959 return CIL_KEY_MAP_CLASS; 960 case CIL_CLASSPERMISSION: 961 return CIL_KEY_CLASSPERMISSION; 962 case CIL_CLASSCOMMON: 963 return CIL_KEY_CLASSCOMMON; 964 case CIL_CLASSMAPPING: 965 return CIL_KEY_CLASSMAPPING; 966 case CIL_CLASSPERMISSIONSET: 967 return CIL_KEY_CLASSPERMISSIONSET; 968 case CIL_USER: 969 return CIL_KEY_USER; 970 case CIL_USERATTRIBUTE: 971 return CIL_KEY_USERATTRIBUTE; 972 case CIL_USERATTRIBUTESET: 973 return CIL_KEY_USERATTRIBUTESET; 974 case CIL_USERPREFIX: 975 return CIL_KEY_USERPREFIX; 976 case CIL_USERROLE: 977 return CIL_KEY_USERROLE; 978 case CIL_USERLEVEL: 979 return CIL_KEY_USERLEVEL; 980 case CIL_USERRANGE: 981 return CIL_KEY_USERRANGE; 982 case CIL_USERBOUNDS: 983 return CIL_KEY_USERBOUNDS; 984 case CIL_SELINUXUSER: 985 return CIL_KEY_SELINUXUSER; 986 case CIL_SELINUXUSERDEFAULT: 987 return CIL_KEY_SELINUXUSERDEFAULT; 988 case CIL_ROLE: 989 return CIL_KEY_ROLE; 990 case CIL_ROLEATTRIBUTE: 991 return CIL_KEY_ROLEATTRIBUTE; 992 case CIL_ROLEATTRIBUTESET: 993 return CIL_KEY_ROLEATTRIBUTESET; 994 case CIL_ROLETYPE: 995 return CIL_KEY_ROLETYPE; 996 case CIL_ROLEBOUNDS: 997 return CIL_KEY_ROLEBOUNDS; 998 case CIL_TYPE: 999 return CIL_KEY_TYPE; 1000 case CIL_TYPEATTRIBUTE: 1001 return CIL_KEY_TYPEATTRIBUTE; 1002 case CIL_TYPEALIAS: 1003 return CIL_KEY_TYPEALIAS; 1004 case CIL_TYPEATTRIBUTESET: 1005 return CIL_KEY_TYPEATTRIBUTESET; 1006 case CIL_EXPANDTYPEATTRIBUTE: 1007 return CIL_KEY_EXPANDTYPEATTRIBUTE; 1008 case CIL_TYPEALIASACTUAL: 1009 return CIL_KEY_TYPEALIASACTUAL; 1010 case CIL_TYPEBOUNDS: 1011 return CIL_KEY_TYPEBOUNDS; 1012 case CIL_TYPEPERMISSIVE: 1013 return CIL_KEY_TYPEPERMISSIVE; 1014 case CIL_SENS: 1015 return CIL_KEY_SENSITIVITY; 1016 case CIL_SENSALIAS: 1017 return CIL_KEY_SENSALIAS; 1018 case CIL_SENSALIASACTUAL: 1019 return CIL_KEY_SENSALIASACTUAL; 1020 case CIL_SENSITIVITYORDER: 1021 return CIL_KEY_SENSITIVITYORDER; 1022 case CIL_SENSCAT: 1023 return CIL_KEY_SENSCAT; 1024 case CIL_CAT: 1025 return CIL_KEY_CATEGORY; 1026 case CIL_CATSET: 1027 return CIL_KEY_CATSET; 1028 case CIL_CATALIAS: 1029 return CIL_KEY_CATALIAS; 1030 case CIL_CATALIASACTUAL: 1031 return CIL_KEY_CATALIASACTUAL; 1032 case CIL_CATORDER: 1033 return CIL_KEY_CATORDER; 1034 case CIL_LEVEL: 1035 return CIL_KEY_LEVEL; 1036 case CIL_LEVELRANGE: 1037 return CIL_KEY_LEVELRANGE; 1038 case CIL_SID: 1039 return CIL_KEY_SID; 1040 case CIL_SIDORDER: 1041 return CIL_KEY_SIDORDER; 1042 case CIL_NAME: 1043 return CIL_KEY_NAME; 1044 case CIL_ROLEALLOW: 1045 return CIL_KEY_ROLEALLOW; 1046 case CIL_AVRULE: 1047 switch (((struct cil_avrule *)node->data)->rule_kind) { 1048 case CIL_AVRULE_ALLOWED: 1049 return CIL_KEY_ALLOW; 1050 case CIL_AVRULE_AUDITALLOW: 1051 return CIL_KEY_AUDITALLOW; 1052 case CIL_AVRULE_DONTAUDIT: 1053 return CIL_KEY_DONTAUDIT; 1054 case CIL_AVRULE_NEVERALLOW: 1055 return CIL_KEY_NEVERALLOW; 1056 default: 1057 break; 1058 } 1059 break; 1060 case CIL_AVRULEX: 1061 switch (((struct cil_avrule *)node->data)->rule_kind) { 1062 case CIL_AVRULE_ALLOWED: 1063 return CIL_KEY_ALLOWX; 1064 case CIL_AVRULE_AUDITALLOW: 1065 return CIL_KEY_AUDITALLOWX; 1066 case CIL_AVRULE_DONTAUDIT: 1067 return CIL_KEY_DONTAUDITX; 1068 case CIL_AVRULE_NEVERALLOW: 1069 return CIL_KEY_NEVERALLOWX; 1070 default: 1071 break; 1072 } 1073 break; 1074 case CIL_PERMISSIONX: 1075 return CIL_KEY_PERMISSIONX; 1076 case CIL_ROLETRANSITION: 1077 return CIL_KEY_ROLETRANSITION; 1078 case CIL_TYPE_RULE: 1079 switch (((struct cil_type_rule *)node->data)->rule_kind) { 1080 case CIL_TYPE_TRANSITION: 1081 return CIL_KEY_TYPETRANSITION; 1082 case CIL_TYPE_MEMBER: 1083 return CIL_KEY_TYPEMEMBER; 1084 case CIL_TYPE_CHANGE: 1085 return CIL_KEY_TYPECHANGE; 1086 default: 1087 break; 1088 } 1089 break; 1090 case CIL_NAMETYPETRANSITION: 1091 return CIL_KEY_TYPETRANSITION; 1092 case CIL_RANGETRANSITION: 1093 return CIL_KEY_RANGETRANSITION; 1094 case CIL_CONSTRAIN: 1095 return CIL_KEY_CONSTRAIN; 1096 case CIL_MLSCONSTRAIN: 1097 return CIL_KEY_MLSCONSTRAIN; 1098 case CIL_VALIDATETRANS: 1099 return CIL_KEY_VALIDATETRANS; 1100 case CIL_MLSVALIDATETRANS: 1101 return CIL_KEY_MLSVALIDATETRANS; 1102 case CIL_CONTEXT: 1103 return CIL_KEY_CONTEXT; 1104 case CIL_IPADDR: 1105 return CIL_KEY_IPADDR; 1106 case CIL_SIDCONTEXT: 1107 return CIL_KEY_SIDCONTEXT; 1108 case CIL_FSUSE: 1109 return CIL_KEY_FSUSE; 1110 case CIL_FILECON: 1111 return CIL_KEY_FILECON; 1112 case CIL_IBPKEYCON: 1113 return CIL_KEY_IBPKEYCON; 1114 case CIL_IBENDPORTCON: 1115 return CIL_KEY_IBENDPORTCON; 1116 case CIL_PORTCON: 1117 return CIL_KEY_PORTCON; 1118 case CIL_NODECON: 1119 return CIL_KEY_NODECON; 1120 case CIL_GENFSCON: 1121 return CIL_KEY_GENFSCON; 1122 case CIL_NETIFCON: 1123 return CIL_KEY_NETIFCON; 1124 case CIL_PIRQCON: 1125 return CIL_KEY_PIRQCON; 1126 case CIL_IOMEMCON: 1127 return CIL_KEY_IOMEMCON; 1128 case CIL_IOPORTCON: 1129 return CIL_KEY_IOPORTCON; 1130 case CIL_PCIDEVICECON: 1131 return CIL_KEY_PCIDEVICECON; 1132 case CIL_DEVICETREECON: 1133 return CIL_KEY_DEVICETREECON; 1134 case CIL_POLICYCAP: 1135 return CIL_KEY_POLICYCAP; 1136 case CIL_DEFAULTUSER: 1137 return CIL_KEY_DEFAULTUSER; 1138 case CIL_DEFAULTROLE: 1139 return CIL_KEY_DEFAULTROLE; 1140 case CIL_DEFAULTTYPE: 1141 return CIL_KEY_DEFAULTTYPE; 1142 case CIL_DEFAULTRANGE: 1143 return CIL_KEY_DEFAULTRANGE; 1144 case CIL_HANDLEUNKNOWN: 1145 return CIL_KEY_HANDLEUNKNOWN; 1146 case CIL_MLS: 1147 return CIL_KEY_MLS; 1148 case CIL_SRC_INFO: 1149 return CIL_KEY_SRC_INFO; 1150 case CIL_ALL: 1151 return CIL_KEY_ALL; 1152 case CIL_RANGE: 1153 return CIL_KEY_RANGE; 1154 case CIL_AND: 1155 return CIL_KEY_AND; 1156 case CIL_OR: 1157 return CIL_KEY_OR; 1158 case CIL_XOR: 1159 return CIL_KEY_XOR; 1160 case CIL_NOT: 1161 return CIL_KEY_NOT; 1162 case CIL_EQ: 1163 return CIL_KEY_EQ; 1164 case CIL_NEQ: 1165 return CIL_KEY_NEQ; 1166 case CIL_CONS_DOM: 1167 return CIL_KEY_CONS_DOM; 1168 case CIL_CONS_DOMBY: 1169 return CIL_KEY_CONS_DOMBY; 1170 case CIL_CONS_INCOMP: 1171 return CIL_KEY_CONS_INCOMP; 1172 case CIL_CONS_U1: 1173 return CIL_KEY_CONS_U1; 1174 case CIL_CONS_U2: 1175 return CIL_KEY_CONS_U2; 1176 case CIL_CONS_U3: 1177 return CIL_KEY_CONS_U3; 1178 case CIL_CONS_T1: 1179 return CIL_KEY_CONS_T1; 1180 case CIL_CONS_T2: 1181 return CIL_KEY_CONS_T2; 1182 case CIL_CONS_T3: 1183 return CIL_KEY_CONS_T3; 1184 case CIL_CONS_R1: 1185 return CIL_KEY_CONS_R1; 1186 case CIL_CONS_R2: 1187 return CIL_KEY_CONS_R2; 1188 case CIL_CONS_R3: 1189 return CIL_KEY_CONS_R3; 1190 case CIL_CONS_L1: 1191 return CIL_KEY_CONS_L1; 1192 case CIL_CONS_L2: 1193 return CIL_KEY_CONS_L2; 1194 case CIL_CONS_H1: 1195 return CIL_KEY_CONS_H1; 1196 case CIL_CONS_H2: 1197 return CIL_KEY_CONS_H2; 1198 1199 default: 1200 break; 1201 } 1202 1203 return "<unknown>"; 1204 } 1205 1206 #ifdef DISABLE_SYMVER 1207 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) 1208 #else 1209 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1210 #endif 1211 { 1212 int rc = SEPOL_ERR; 1213 size_t str_len = 0; 1214 int buf_pos = 0; 1215 char *str_tmp = NULL; 1216 struct cil_list_item *curr; 1217 struct cil_userprefix *userprefix = NULL; 1218 struct cil_user *user = NULL; 1219 1220 *out = NULL; 1221 1222 if (db->userprefixes->head == NULL) { 1223 rc = SEPOL_OK; 1224 *size = 0; 1225 goto exit; 1226 } 1227 1228 cil_list_for_each(curr, db->userprefixes) { 1229 userprefix = curr->data; 1230 user = userprefix->user; 1231 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2; 1232 } 1233 1234 *size = str_len * sizeof(char); 1235 str_len++; 1236 str_tmp = cil_malloc(str_len * sizeof(char)); 1237 *out = str_tmp; 1238 1239 cil_list_for_each(curr, db->userprefixes) { 1240 userprefix = curr->data; 1241 user = userprefix->user; 1242 1243 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn, 1244 userprefix->prefix_str); 1245 str_len -= buf_pos; 1246 str_tmp += buf_pos; 1247 } 1248 1249 rc = SEPOL_OK; 1250 exit: 1251 return rc; 1252 1253 } 1254 1255 #ifndef DISABLE_SYMVER 1256 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1257 { 1258 return cil_userprefixes_to_string_nopdb(db, out, size); 1259 } 1260 #endif 1261 1262 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap) 1263 { 1264 int rc = SEPOL_ERR; 1265 struct cil_list_item *i; 1266 struct cil_list_item *j; 1267 struct cil_cat* cat; 1268 struct cil_catset *cs; 1269 struct cil_tree_node *node; 1270 1271 if (cats == NULL) { 1272 rc = SEPOL_OK; 1273 goto exit; 1274 } 1275 1276 cil_list_for_each(i, cats->datum_expr) { 1277 node = DATUM(i->data)->nodes->head->data; 1278 if (node->flavor == CIL_CATSET) { 1279 cs = (struct cil_catset*)i->data; 1280 cil_list_for_each(j, cs->cats->datum_expr) { 1281 cat = (struct cil_cat*)j->data; 1282 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1283 if (rc != SEPOL_OK) { 1284 goto exit; 1285 } 1286 } 1287 } else { 1288 cat = (struct cil_cat*)i->data; 1289 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1); 1290 if (rc != SEPOL_OK) { 1291 goto exit; 1292 } 1293 } 1294 } 1295 1296 return SEPOL_OK; 1297 1298 exit: 1299 return rc; 1300 } 1301 1302 static int cil_level_equals(struct cil_level *low, struct cil_level *high) 1303 { 1304 int rc; 1305 struct ebitmap elow; 1306 struct ebitmap ehigh; 1307 1308 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) { 1309 rc = 0; 1310 goto exit; 1311 } 1312 1313 ebitmap_init(&elow); 1314 ebitmap_init(&ehigh); 1315 1316 rc = cil_cats_to_ebitmap(low->cats, &elow); 1317 if (rc != SEPOL_OK) { 1318 goto exit; 1319 } 1320 1321 rc = cil_cats_to_ebitmap(high->cats, &ehigh); 1322 if (rc != SEPOL_OK) { 1323 goto exit; 1324 } 1325 1326 rc = ebitmap_cmp(&elow, &ehigh); 1327 ebitmap_destroy(&elow); 1328 ebitmap_destroy(&ehigh); 1329 1330 exit: 1331 return rc; 1332 } 1333 1334 static int __cil_level_strlen(struct cil_level *lvl) 1335 { 1336 struct cil_list_item *item; 1337 struct cil_cats *cats = lvl->cats; 1338 int str_len = 0; 1339 char *str1 = NULL; 1340 char *str2 = NULL; 1341 int first = -1; 1342 int last = -1; 1343 1344 str_len += strlen(lvl->sens->datum.fqn); 1345 1346 if (cats && cats->datum_expr != NULL) { 1347 str_len++; /* initial ":" */ 1348 cil_list_for_each(item, cats->datum_expr) { 1349 struct cil_cat *cat = item->data; 1350 if (first == -1) { 1351 str1 = cat->datum.fqn; 1352 first = cat->value; 1353 last = first; 1354 } else if (cat->value == last + 1) { 1355 last++; 1356 str2 = cat->datum.fqn; 1357 } else { 1358 if (first == last) { 1359 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1; 1360 } else if (last == first + 1) { 1361 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1362 } else { 1363 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2; 1364 } 1365 first = -1; 1366 last = -1; 1367 if (item->next != NULL) { 1368 str_len++; /* space for "," after */ 1369 } 1370 } 1371 } 1372 if (first != -1) { 1373 if (first == last) { 1374 str_len += strlen(str1); 1375 } else if (last == first + 1) { 1376 str_len += strlen(str1) + strlen(str2) + 1; 1377 } else { 1378 str_len += strlen(str1) + strlen(str2) + 1; 1379 } 1380 } 1381 } 1382 1383 return str_len; 1384 } 1385 1386 static int __cil_level_to_string(struct cil_level *lvl, char *out) 1387 { 1388 struct cil_list_item *item; 1389 struct cil_cats *cats = lvl->cats; 1390 int buf_pos = 0; 1391 char *str_tmp = out; 1392 char *str1 = NULL; 1393 char *str2 = NULL; 1394 int first = -1; 1395 int last = -1; 1396 1397 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn); 1398 str_tmp += buf_pos; 1399 1400 if (cats && cats->datum_expr != NULL) { 1401 buf_pos = sprintf(str_tmp, ":"); 1402 str_tmp += buf_pos; 1403 1404 cil_list_for_each(item, cats->datum_expr) { 1405 struct cil_cat *cat = item->data; 1406 if (first == -1) { 1407 str1 = cat->datum.fqn; 1408 first = cat->value; 1409 last = first; 1410 } else if (cat->value == last + 1) { 1411 last++; 1412 str2 = cat->datum.fqn; 1413 } else { 1414 if (first == last) { 1415 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn); 1416 str_tmp += buf_pos; 1417 } else if (last == first + 1) { 1418 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn); 1419 str_tmp += buf_pos; 1420 } else { 1421 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn); 1422 str_tmp += buf_pos; 1423 } 1424 first = -1; 1425 last = -1; 1426 if (item->next != NULL) { 1427 buf_pos = sprintf(str_tmp, ","); 1428 str_tmp += buf_pos; 1429 } 1430 } 1431 } 1432 if (first != -1) { 1433 if (first == last) { 1434 buf_pos = sprintf(str_tmp, "%s", str1); 1435 str_tmp += buf_pos; 1436 } else if (last == first + 1) { 1437 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2); 1438 str_tmp += buf_pos; 1439 } else { 1440 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2); 1441 str_tmp += buf_pos; 1442 } 1443 } 1444 } 1445 1446 return str_tmp - out; 1447 } 1448 1449 #ifdef DISABLE_SYMVER 1450 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) 1451 #else 1452 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1453 #endif 1454 { 1455 size_t str_len = 0; 1456 int buf_pos = 0; 1457 char *str_tmp = NULL; 1458 struct cil_list_item *curr; 1459 1460 if (db->selinuxusers->head == NULL) { 1461 *size = 0; 1462 *out = NULL; 1463 return SEPOL_OK; 1464 } 1465 1466 cil_list_for_each(curr, db->selinuxusers) { 1467 struct cil_selinuxuser *selinuxuser = curr->data; 1468 struct cil_user *user = selinuxuser->user; 1469 1470 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1; 1471 1472 if (db->mls == CIL_TRUE) { 1473 struct cil_levelrange *range = selinuxuser->range; 1474 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1475 } 1476 1477 str_len++; 1478 } 1479 1480 *size = str_len * sizeof(char); 1481 str_tmp = cil_malloc(*size+1); 1482 *out = str_tmp; 1483 1484 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) { 1485 struct cil_selinuxuser *selinuxuser = curr->data; 1486 struct cil_user *user = selinuxuser->user; 1487 1488 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn); 1489 str_tmp += buf_pos; 1490 1491 if (db->mls == CIL_TRUE) { 1492 struct cil_levelrange *range = selinuxuser->range; 1493 buf_pos = sprintf(str_tmp, ":"); 1494 str_tmp += buf_pos; 1495 buf_pos = __cil_level_to_string(range->low, str_tmp); 1496 str_tmp += buf_pos; 1497 buf_pos = sprintf(str_tmp, "-"); 1498 str_tmp += buf_pos; 1499 buf_pos = __cil_level_to_string(range->high, str_tmp); 1500 str_tmp += buf_pos; 1501 } 1502 1503 buf_pos = sprintf(str_tmp, "\n"); 1504 str_tmp += buf_pos; 1505 } 1506 1507 return SEPOL_OK; 1508 } 1509 1510 #ifndef DISABLE_SYMVER 1511 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1512 { 1513 return cil_selinuxusers_to_string_nopdb(db, out, size); 1514 } 1515 #endif 1516 1517 #ifdef DISABLE_SYMVER 1518 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) 1519 #else 1520 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) 1521 #endif 1522 { 1523 uint32_t i = 0; 1524 int buf_pos = 0; 1525 size_t str_len = 0; 1526 char *str_tmp = NULL; 1527 struct cil_sort *filecons = db->filecon; 1528 1529 for (i = 0; i < filecons->count; i++) { 1530 struct cil_filecon *filecon = filecons->array[i]; 1531 struct cil_context *ctx = filecon->context; 1532 1533 str_len += strlen(filecon->path_str); 1534 1535 if (filecon->type != CIL_FILECON_ANY) { 1536 /* If a type is specified, 1537 +2 for type string, +1 for tab */ 1538 str_len += 3; 1539 } 1540 1541 if (ctx != NULL) { 1542 struct cil_user *user = ctx->user; 1543 struct cil_role *role = ctx->role; 1544 struct cil_type *type = ctx->type; 1545 1546 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3); 1547 1548 if (db->mls == CIL_TRUE) { 1549 struct cil_levelrange *range = ctx->range; 1550 if (cil_level_equals(range->low, range->high)) { 1551 str_len += __cil_level_strlen(range->low) + 1; 1552 } else { 1553 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2; 1554 } 1555 } 1556 } else { 1557 str_len += strlen("\t<<none>>"); 1558 } 1559 1560 str_len++; 1561 } 1562 1563 *size = str_len * sizeof(char); 1564 str_tmp = cil_malloc(*size+1); 1565 *out = str_tmp; 1566 1567 for (i = 0; i < filecons->count; i++) { 1568 struct cil_filecon *filecon = filecons->array[i]; 1569 struct cil_context *ctx = filecon->context; 1570 const char *str_type = NULL; 1571 1572 buf_pos = sprintf(str_tmp, "%s", filecon->path_str); 1573 str_tmp += buf_pos; 1574 1575 switch(filecon->type) { 1576 case CIL_FILECON_FILE: 1577 str_type = "\t--"; 1578 break; 1579 case CIL_FILECON_DIR: 1580 str_type = "\t-d"; 1581 break; 1582 case CIL_FILECON_CHAR: 1583 str_type = "\t-c"; 1584 break; 1585 case CIL_FILECON_BLOCK: 1586 str_type = "\t-b"; 1587 break; 1588 case CIL_FILECON_SOCKET: 1589 str_type = "\t-s"; 1590 break; 1591 case CIL_FILECON_PIPE: 1592 str_type = "\t-p"; 1593 break; 1594 case CIL_FILECON_SYMLINK: 1595 str_type = "\t-l"; 1596 break; 1597 default: 1598 str_type = ""; 1599 break; 1600 } 1601 buf_pos = sprintf(str_tmp, "%s", str_type); 1602 str_tmp += buf_pos; 1603 1604 if (ctx != NULL) { 1605 struct cil_user *user = ctx->user; 1606 struct cil_role *role = ctx->role; 1607 struct cil_type *type = ctx->type; 1608 1609 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn, 1610 type->datum.fqn); 1611 str_tmp += buf_pos; 1612 1613 if (db->mls == CIL_TRUE) { 1614 struct cil_levelrange *range = ctx->range; 1615 buf_pos = sprintf(str_tmp, ":"); 1616 str_tmp += buf_pos; 1617 buf_pos = __cil_level_to_string(range->low, str_tmp); 1618 str_tmp += buf_pos; 1619 1620 if (!cil_level_equals(range->low, range->high)) { 1621 buf_pos = sprintf(str_tmp, "-"); 1622 str_tmp += buf_pos; 1623 buf_pos = __cil_level_to_string(range->high, str_tmp); 1624 str_tmp += buf_pos; 1625 } 1626 } 1627 } else { 1628 buf_pos = sprintf(str_tmp, "\t<<none>>"); 1629 str_tmp += buf_pos; 1630 } 1631 1632 buf_pos = sprintf(str_tmp, "\n"); 1633 str_tmp += buf_pos; 1634 } 1635 1636 return SEPOL_OK; 1637 } 1638 1639 #ifndef DISABLE_SYMVER 1640 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) 1641 { 1642 return cil_filecons_to_string_nopdb(db, out, size); 1643 } 1644 #endif 1645 1646 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit) 1647 { 1648 db->disable_dontaudit = disable_dontaudit; 1649 } 1650 1651 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow) 1652 { 1653 db->disable_neverallow = disable_neverallow; 1654 } 1655 1656 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated) 1657 { 1658 db->attrs_expand_generated = attrs_expand_generated; 1659 } 1660 1661 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size) 1662 { 1663 db->attrs_expand_size = attrs_expand_size; 1664 } 1665 1666 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables) 1667 { 1668 db->preserve_tunables = preserve_tunables; 1669 } 1670 1671 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown) 1672 { 1673 int rc = 0; 1674 1675 switch (handle_unknown) { 1676 case SEPOL_DENY_UNKNOWN: 1677 case SEPOL_REJECT_UNKNOWN: 1678 case SEPOL_ALLOW_UNKNOWN: 1679 db->handle_unknown = handle_unknown; 1680 break; 1681 default: 1682 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown); 1683 rc = -1; 1684 } 1685 1686 return rc; 1687 } 1688 1689 void cil_set_mls(struct cil_db *db, int mls) 1690 { 1691 db->mls = mls; 1692 } 1693 1694 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls) 1695 { 1696 db->multiple_decls = multiple_decls; 1697 } 1698 1699 void cil_set_target_platform(struct cil_db *db, int target_platform) 1700 { 1701 db->target_platform = target_platform; 1702 } 1703 1704 void cil_set_policy_version(struct cil_db *db, int policy_version) 1705 { 1706 db->policy_version = policy_version; 1707 } 1708 1709 void cil_symtab_array_init(symtab_t symtab[], int symtab_sizes[CIL_SYM_NUM]) 1710 { 1711 uint32_t i = 0; 1712 for (i = 0; i < CIL_SYM_NUM; i++) { 1713 cil_symtab_init(&symtab[i], symtab_sizes[i]); 1714 } 1715 } 1716 1717 void cil_symtab_array_destroy(symtab_t symtab[]) 1718 { 1719 int i = 0; 1720 for (i = 0; i < CIL_SYM_NUM; i++) { 1721 cil_symtab_destroy(&symtab[i]); 1722 } 1723 } 1724 1725 void cil_destroy_ast_symtabs(struct cil_tree_node *current) 1726 { 1727 while (current) { 1728 switch (current->flavor) { 1729 case CIL_BLOCK: 1730 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab); 1731 break; 1732 case CIL_IN: 1733 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab); 1734 break; 1735 case CIL_CLASS: 1736 case CIL_COMMON: 1737 case CIL_MAP_CLASS: 1738 cil_symtab_destroy(&((struct cil_class*)current->data)->perms); 1739 break; 1740 case CIL_MACRO: 1741 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab); 1742 break; 1743 case CIL_CONDBLOCK: 1744 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab); 1745 break; 1746 default: 1747 break; 1748 } 1749 1750 if (current->cl_head) { 1751 cil_destroy_ast_symtabs(current->cl_head); 1752 } 1753 1754 current = current->next; 1755 } 1756 } 1757 1758 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index) 1759 { 1760 struct cil_tree_node *node = ast_node; 1761 *symtab = NULL; 1762 1763 if (sym_index == CIL_SYM_PERMS) { 1764 /* Class statements are not blocks, so the passed node should be the class */ 1765 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS || 1766 node->flavor == CIL_COMMON) { 1767 *symtab = &((struct cil_class*)node->data)->perms; 1768 return SEPOL_OK; 1769 } 1770 goto exit; 1771 } 1772 1773 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) { 1774 cil_log(CIL_ERR, "Invalid symtab type\n"); 1775 goto exit; 1776 } 1777 1778 while (node != NULL && *symtab == NULL) { 1779 switch (node->flavor) { 1780 case CIL_ROOT: 1781 *symtab = &((struct cil_root *)node->data)->symtab[sym_index]; 1782 break; 1783 case CIL_BLOCK: 1784 *symtab = &((struct cil_block*)node->data)->symtab[sym_index]; 1785 break; 1786 case CIL_MACRO: 1787 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index]; 1788 break; 1789 case CIL_IN: 1790 /* In blocks only exist before resolving the AST */ 1791 *symtab = &((struct cil_in*)node->data)->symtab[sym_index]; 1792 break; 1793 case CIL_CONDBLOCK: { 1794 if (node->parent->flavor == CIL_TUNABLEIF) { 1795 /* Cond blocks only exist before resolving the AST */ 1796 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index]; 1797 } else if (node->parent->flavor == CIL_BOOLEANIF) { 1798 node = node->parent->parent; 1799 } 1800 break; 1801 } 1802 default: 1803 node = node->parent; 1804 } 1805 } 1806 1807 if (*symtab == NULL) { 1808 goto exit; 1809 } 1810 1811 return SEPOL_OK; 1812 1813 exit: 1814 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node"); 1815 return SEPOL_ERR; 1816 } 1817 1818 void cil_sort_init(struct cil_sort **sort) 1819 { 1820 *sort = cil_malloc(sizeof(**sort)); 1821 1822 (*sort)->flavor = CIL_NONE; 1823 (*sort)->count = 0; 1824 (*sort)->index = 0; 1825 (*sort)->array = NULL; 1826 } 1827 1828 void cil_sort_destroy(struct cil_sort **sort) 1829 { 1830 (*sort)->flavor = CIL_NONE; 1831 (*sort)->count = 0; 1832 (*sort)->index = 0; 1833 if ((*sort)->array != NULL) { 1834 free((*sort)->array); 1835 } 1836 (*sort)->array = NULL; 1837 1838 free(*sort); 1839 *sort = NULL; 1840 } 1841 1842 void cil_netifcon_init(struct cil_netifcon **netifcon) 1843 { 1844 *netifcon = cil_malloc(sizeof(**netifcon)); 1845 1846 (*netifcon)->interface_str = NULL; 1847 (*netifcon)->if_context_str = NULL; 1848 (*netifcon)->if_context = NULL; 1849 (*netifcon)->packet_context_str = NULL; 1850 (*netifcon)->packet_context = NULL; 1851 (*netifcon)->context_str = NULL; 1852 } 1853 1854 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon) 1855 { 1856 *ibendportcon = cil_malloc(sizeof(**ibendportcon)); 1857 1858 (*ibendportcon)->dev_name_str = NULL; 1859 (*ibendportcon)->port = 0; 1860 (*ibendportcon)->context_str = NULL; 1861 (*ibendportcon)->context = NULL; 1862 } 1863 1864 void cil_context_init(struct cil_context **context) 1865 { 1866 *context = cil_malloc(sizeof(**context)); 1867 1868 cil_symtab_datum_init(&(*context)->datum); 1869 (*context)->user_str = NULL; 1870 (*context)->user = NULL; 1871 (*context)->role_str = NULL; 1872 (*context)->role = NULL; 1873 (*context)->type_str = NULL; 1874 (*context)->type = NULL; 1875 (*context)->range_str = NULL; 1876 (*context)->range = NULL; 1877 } 1878 1879 void cil_level_init(struct cil_level **level) 1880 { 1881 *level = cil_malloc(sizeof(**level)); 1882 1883 cil_symtab_datum_init(&(*level)->datum); 1884 (*level)->sens_str = NULL; 1885 (*level)->sens = NULL; 1886 (*level)->cats = NULL; 1887 } 1888 1889 void cil_levelrange_init(struct cil_levelrange **range) 1890 { 1891 *range = cil_malloc(sizeof(**range)); 1892 1893 cil_symtab_datum_init(&(*range)->datum); 1894 (*range)->low_str = NULL; 1895 (*range)->low = NULL; 1896 (*range)->high_str = NULL; 1897 (*range)->high = NULL; 1898 } 1899 1900 void cil_sens_init(struct cil_sens **sens) 1901 { 1902 *sens = cil_malloc(sizeof(**sens)); 1903 1904 cil_symtab_datum_init(&(*sens)->datum); 1905 1906 (*sens)->cats_list = NULL; 1907 1908 (*sens)->ordered = CIL_FALSE; 1909 } 1910 1911 void cil_block_init(struct cil_block **block) 1912 { 1913 *block = cil_malloc(sizeof(**block)); 1914 1915 cil_symtab_datum_init(&(*block)->datum); 1916 1917 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]); 1918 1919 (*block)->is_abstract = CIL_FALSE; 1920 1921 (*block)->bi_nodes = NULL; 1922 } 1923 1924 void cil_blockinherit_init(struct cil_blockinherit **inherit) 1925 { 1926 *inherit = cil_malloc(sizeof(**inherit)); 1927 (*inherit)->block_str = NULL; 1928 (*inherit)->block = NULL; 1929 } 1930 1931 void cil_blockabstract_init(struct cil_blockabstract **abstract) 1932 { 1933 *abstract = cil_malloc(sizeof(**abstract)); 1934 (*abstract)->block_str = NULL; 1935 } 1936 1937 void cil_in_init(struct cil_in **in) 1938 { 1939 *in = cil_malloc(sizeof(**in)); 1940 1941 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]); 1942 (*in)->block_str = NULL; 1943 } 1944 1945 void cil_class_init(struct cil_class **class) 1946 { 1947 *class = cil_malloc(sizeof(**class)); 1948 1949 cil_symtab_datum_init(&(*class)->datum); 1950 1951 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE); 1952 1953 (*class)->num_perms = 0; 1954 (*class)->common = NULL; 1955 (*class)->ordered = CIL_FALSE; 1956 } 1957 1958 void cil_classorder_init(struct cil_classorder **classorder) 1959 { 1960 *classorder = cil_malloc(sizeof(**classorder)); 1961 1962 (*classorder)->class_list_str = NULL; 1963 } 1964 1965 void cil_classcommon_init(struct cil_classcommon **classcommon) 1966 { 1967 *classcommon = cil_malloc(sizeof(**classcommon)); 1968 1969 (*classcommon)->class_str = NULL; 1970 (*classcommon)->common_str = NULL; 1971 } 1972 1973 void cil_sid_init(struct cil_sid **sid) 1974 { 1975 *sid = cil_malloc(sizeof(**sid)); 1976 1977 cil_symtab_datum_init(&(*sid)->datum); 1978 1979 (*sid)->ordered = CIL_FALSE; 1980 (*sid)->context = NULL; 1981 } 1982 1983 void cil_sidcontext_init(struct cil_sidcontext **sidcontext) 1984 { 1985 *sidcontext = cil_malloc(sizeof(**sidcontext)); 1986 1987 (*sidcontext)->sid_str = NULL; 1988 (*sidcontext)->context_str = NULL; 1989 (*sidcontext)->context = NULL; 1990 } 1991 1992 void cil_sidorder_init(struct cil_sidorder **sidorder) 1993 { 1994 *sidorder = cil_malloc(sizeof(**sidorder)); 1995 1996 (*sidorder)->sid_list_str = NULL; 1997 } 1998 1999 void cil_userrole_init(struct cil_userrole **userrole) 2000 { 2001 *userrole = cil_malloc(sizeof(**userrole)); 2002 2003 (*userrole)->user_str = NULL; 2004 (*userrole)->user = NULL; 2005 (*userrole)->role_str = NULL; 2006 (*userrole)->role = NULL; 2007 } 2008 2009 void cil_userprefix_init(struct cil_userprefix **userprefix) 2010 { 2011 *userprefix = cil_malloc(sizeof(**userprefix)); 2012 2013 (*userprefix)->user_str = NULL; 2014 (*userprefix)->user = NULL; 2015 (*userprefix)->prefix_str = NULL; 2016 } 2017 2018 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser) 2019 { 2020 *selinuxuser = cil_malloc(sizeof(**selinuxuser)); 2021 2022 (*selinuxuser)->name_str = NULL; 2023 (*selinuxuser)->user_str = NULL; 2024 (*selinuxuser)->user = NULL; 2025 (*selinuxuser)->range_str = NULL; 2026 (*selinuxuser)->range = NULL; 2027 } 2028 2029 void cil_roletype_init(struct cil_roletype **roletype) 2030 { 2031 *roletype = cil_malloc(sizeof(**roletype)); 2032 2033 (*roletype)->role_str = NULL; 2034 (*roletype)->role = NULL; 2035 (*roletype)->type_str = NULL; 2036 (*roletype)->type = NULL; 2037 } 2038 2039 void cil_roleattribute_init(struct cil_roleattribute **attr) 2040 { 2041 *attr = cil_malloc(sizeof(**attr)); 2042 2043 cil_symtab_datum_init(&(*attr)->datum); 2044 2045 (*attr)->expr_list = NULL; 2046 (*attr)->roles = NULL; 2047 } 2048 2049 void cil_roleattributeset_init(struct cil_roleattributeset **attrset) 2050 { 2051 *attrset = cil_malloc(sizeof(**attrset)); 2052 2053 (*attrset)->attr_str = NULL; 2054 (*attrset)->str_expr = NULL; 2055 (*attrset)->datum_expr = NULL; 2056 } 2057 2058 void cil_typeattribute_init(struct cil_typeattribute **attr) 2059 { 2060 *attr = cil_malloc(sizeof(**attr)); 2061 2062 cil_symtab_datum_init(&(*attr)->datum); 2063 2064 (*attr)->expr_list = NULL; 2065 (*attr)->types = NULL; 2066 (*attr)->used = CIL_FALSE; 2067 (*attr)->keep = CIL_FALSE; 2068 } 2069 2070 void cil_typeattributeset_init(struct cil_typeattributeset **attrset) 2071 { 2072 *attrset = cil_malloc(sizeof(**attrset)); 2073 2074 (*attrset)->attr_str = NULL; 2075 (*attrset)->str_expr = NULL; 2076 (*attrset)->datum_expr = NULL; 2077 } 2078 2079 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr) 2080 { 2081 *expandattr = cil_malloc(sizeof(**expandattr)); 2082 2083 (*expandattr)->attr_strs = NULL; 2084 (*expandattr)->attr_datums = NULL; 2085 (*expandattr)->expand = 0; 2086 } 2087 2088 void cil_alias_init(struct cil_alias **alias) 2089 { 2090 *alias = cil_malloc(sizeof(**alias)); 2091 2092 (*alias)->actual = NULL; 2093 2094 cil_symtab_datum_init(&(*alias)->datum); 2095 } 2096 2097 void cil_aliasactual_init(struct cil_aliasactual **aliasactual) 2098 { 2099 *aliasactual = cil_malloc(sizeof(**aliasactual)); 2100 2101 (*aliasactual)->alias_str = NULL; 2102 (*aliasactual)->actual_str = NULL; 2103 } 2104 2105 void cil_typepermissive_init(struct cil_typepermissive **typeperm) 2106 { 2107 *typeperm = cil_malloc(sizeof(**typeperm)); 2108 2109 (*typeperm)->type_str = NULL; 2110 (*typeperm)->type = NULL; 2111 } 2112 2113 void cil_name_init(struct cil_name **name) 2114 { 2115 *name = cil_malloc(sizeof(**name)); 2116 2117 cil_symtab_datum_init(&(*name)->datum); 2118 (*name)->name_str = NULL; 2119 } 2120 2121 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans) 2122 { 2123 *nametypetrans = cil_malloc(sizeof(**nametypetrans)); 2124 2125 (*nametypetrans)->src_str = NULL; 2126 (*nametypetrans)->src = NULL; 2127 (*nametypetrans)->tgt_str = NULL; 2128 (*nametypetrans)->tgt = NULL; 2129 (*nametypetrans)->obj_str = NULL; 2130 (*nametypetrans)->obj = NULL; 2131 (*nametypetrans)->name_str = NULL; 2132 (*nametypetrans)->name = NULL; 2133 (*nametypetrans)->result_str = NULL; 2134 (*nametypetrans)->result = NULL; 2135 } 2136 2137 void cil_rangetransition_init(struct cil_rangetransition **rangetrans) 2138 { 2139 *rangetrans = cil_malloc(sizeof(**rangetrans)); 2140 2141 (*rangetrans)->src_str = NULL; 2142 (*rangetrans)->src = NULL; 2143 (*rangetrans)->exec_str = NULL; 2144 (*rangetrans)->exec = NULL; 2145 (*rangetrans)->obj_str = NULL; 2146 (*rangetrans)->obj = NULL; 2147 (*rangetrans)->range_str = NULL; 2148 (*rangetrans)->range = NULL; 2149 } 2150 2151 void cil_bool_init(struct cil_bool **cilbool) 2152 { 2153 *cilbool = cil_malloc(sizeof(**cilbool)); 2154 2155 cil_symtab_datum_init(&(*cilbool)->datum); 2156 (*cilbool)->value = 0; 2157 } 2158 2159 void cil_tunable_init(struct cil_tunable **ciltun) 2160 { 2161 *ciltun = cil_malloc(sizeof(**ciltun)); 2162 2163 cil_symtab_datum_init(&(*ciltun)->datum); 2164 (*ciltun)->value = 0; 2165 } 2166 2167 void cil_condblock_init(struct cil_condblock **cb) 2168 { 2169 *cb = cil_malloc(sizeof(**cb)); 2170 2171 (*cb)->flavor = CIL_NONE; 2172 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]); 2173 } 2174 2175 void cil_boolif_init(struct cil_booleanif **bif) 2176 { 2177 *bif = cil_malloc(sizeof(**bif)); 2178 2179 (*bif)->str_expr = NULL; 2180 (*bif)->datum_expr = NULL; 2181 } 2182 2183 void cil_tunif_init(struct cil_tunableif **tif) 2184 { 2185 *tif = cil_malloc(sizeof(**tif)); 2186 2187 (*tif)->str_expr = NULL; 2188 (*tif)->datum_expr = NULL; 2189 } 2190 2191 void cil_avrule_init(struct cil_avrule **avrule) 2192 { 2193 *avrule = cil_malloc(sizeof(**avrule)); 2194 2195 (*avrule)->is_extended = 0; 2196 (*avrule)->rule_kind = CIL_NONE; 2197 (*avrule)->src_str = NULL; 2198 (*avrule)->src = NULL; 2199 (*avrule)->tgt_str = NULL; 2200 (*avrule)->tgt = NULL; 2201 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms)); 2202 } 2203 2204 void cil_permissionx_init(struct cil_permissionx **permx) 2205 { 2206 *permx = cil_malloc(sizeof(**permx)); 2207 2208 cil_symtab_datum_init(&(*permx)->datum); 2209 (*permx)->kind = CIL_NONE; 2210 (*permx)->obj_str = NULL; 2211 (*permx)->obj = NULL; 2212 (*permx)->expr_str = NULL; 2213 (*permx)->perms = NULL; 2214 } 2215 2216 void cil_type_rule_init(struct cil_type_rule **type_rule) 2217 { 2218 *type_rule = cil_malloc(sizeof(**type_rule)); 2219 2220 (*type_rule)->rule_kind = CIL_NONE; 2221 (*type_rule)->src_str = NULL; 2222 (*type_rule)->src = NULL; 2223 (*type_rule)->tgt_str = NULL; 2224 (*type_rule)->tgt = NULL; 2225 (*type_rule)->obj_str = NULL; 2226 (*type_rule)->obj = NULL; 2227 (*type_rule)->result_str = NULL; 2228 (*type_rule)->result = NULL; 2229 } 2230 2231 void cil_roletransition_init(struct cil_roletransition **role_trans) 2232 { 2233 *role_trans = cil_malloc(sizeof(**role_trans)); 2234 2235 (*role_trans)->src_str = NULL; 2236 (*role_trans)->src = NULL; 2237 (*role_trans)->tgt_str = NULL; 2238 (*role_trans)->tgt = NULL; 2239 (*role_trans)->obj_str = NULL; 2240 (*role_trans)->obj = NULL; 2241 (*role_trans)->result_str = NULL; 2242 (*role_trans)->result = NULL; 2243 } 2244 2245 void cil_roleallow_init(struct cil_roleallow **roleallow) 2246 { 2247 *roleallow = cil_malloc(sizeof(**roleallow)); 2248 2249 (*roleallow)->src_str = NULL; 2250 (*roleallow)->src = NULL; 2251 (*roleallow)->tgt_str = NULL; 2252 (*roleallow)->tgt = NULL; 2253 } 2254 2255 void cil_catset_init(struct cil_catset **catset) 2256 { 2257 *catset = cil_malloc(sizeof(**catset)); 2258 2259 cil_symtab_datum_init(&(*catset)->datum); 2260 (*catset)->cats = NULL; 2261 } 2262 2263 void cil_senscat_init(struct cil_senscat **senscat) 2264 { 2265 *senscat = cil_malloc(sizeof(**senscat)); 2266 2267 (*senscat)->sens_str = NULL; 2268 (*senscat)->cats = NULL; 2269 } 2270 2271 void cil_cats_init(struct cil_cats **cats) 2272 { 2273 *cats = cil_malloc(sizeof(**cats)); 2274 2275 (*cats)->evaluated = CIL_FALSE; 2276 (*cats)->str_expr = NULL; 2277 (*cats)->datum_expr = NULL; 2278 } 2279 2280 void cil_filecon_init(struct cil_filecon **filecon) 2281 { 2282 *filecon = cil_malloc(sizeof(**filecon)); 2283 2284 (*filecon)->path_str = NULL; 2285 (*filecon)->type = 0; 2286 (*filecon)->context_str = NULL; 2287 (*filecon)->context = NULL; 2288 } 2289 2290 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon) 2291 { 2292 *ibpkeycon = cil_malloc(sizeof(**ibpkeycon)); 2293 2294 (*ibpkeycon)->subnet_prefix_str = NULL; 2295 (*ibpkeycon)->pkey_low = 0; 2296 (*ibpkeycon)->pkey_high = 0; 2297 (*ibpkeycon)->context_str = NULL; 2298 (*ibpkeycon)->context = NULL; 2299 } 2300 2301 void cil_portcon_init(struct cil_portcon **portcon) 2302 { 2303 *portcon = cil_malloc(sizeof(**portcon)); 2304 (*portcon)->proto = 0; 2305 (*portcon)->port_low = 0; 2306 (*portcon)->port_high = 0; 2307 (*portcon)->context_str = NULL; 2308 (*portcon)->context = NULL; 2309 } 2310 2311 void cil_nodecon_init(struct cil_nodecon **nodecon) 2312 { 2313 *nodecon = cil_malloc(sizeof(**nodecon)); 2314 2315 (*nodecon)->addr_str = NULL; 2316 (*nodecon)->addr = NULL; 2317 (*nodecon)->mask_str = NULL; 2318 (*nodecon)->mask = NULL; 2319 (*nodecon)->context_str = NULL; 2320 (*nodecon)->context = NULL; 2321 } 2322 2323 void cil_genfscon_init(struct cil_genfscon **genfscon) 2324 { 2325 *genfscon = cil_malloc(sizeof(**genfscon)); 2326 2327 (*genfscon)->fs_str = NULL; 2328 (*genfscon)->path_str = NULL; 2329 (*genfscon)->context_str = NULL; 2330 (*genfscon)->context = NULL; 2331 } 2332 2333 void cil_pirqcon_init(struct cil_pirqcon **pirqcon) 2334 { 2335 *pirqcon = cil_malloc(sizeof(**pirqcon)); 2336 2337 (*pirqcon)->pirq = 0; 2338 (*pirqcon)->context_str = NULL; 2339 (*pirqcon)->context = NULL; 2340 } 2341 2342 void cil_iomemcon_init(struct cil_iomemcon **iomemcon) 2343 { 2344 *iomemcon = cil_malloc(sizeof(**iomemcon)); 2345 2346 (*iomemcon)->iomem_low = 0; 2347 (*iomemcon)->iomem_high = 0; 2348 (*iomemcon)->context_str = NULL; 2349 (*iomemcon)->context = NULL; 2350 } 2351 2352 void cil_ioportcon_init(struct cil_ioportcon **ioportcon) 2353 { 2354 *ioportcon = cil_malloc(sizeof(**ioportcon)); 2355 2356 (*ioportcon)->context_str = NULL; 2357 (*ioportcon)->context = NULL; 2358 } 2359 2360 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon) 2361 { 2362 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon)); 2363 2364 (*pcidevicecon)->dev = 0; 2365 (*pcidevicecon)->context_str = NULL; 2366 (*pcidevicecon)->context = NULL; 2367 } 2368 2369 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon) 2370 { 2371 *dtcon = cil_malloc(sizeof(**dtcon)); 2372 2373 (*dtcon)->path = NULL; 2374 (*dtcon)->context_str = NULL; 2375 (*dtcon)->context = NULL; 2376 } 2377 2378 void cil_fsuse_init(struct cil_fsuse **fsuse) 2379 { 2380 *fsuse = cil_malloc(sizeof(**fsuse)); 2381 2382 (*fsuse)->type = 0; 2383 (*fsuse)->fs_str = NULL; 2384 (*fsuse)->context_str = NULL; 2385 (*fsuse)->context = NULL; 2386 } 2387 2388 void cil_constrain_init(struct cil_constrain **constrain) 2389 { 2390 *constrain = cil_malloc(sizeof(**constrain)); 2391 2392 (*constrain)->classperms = NULL; 2393 (*constrain)->str_expr = NULL; 2394 (*constrain)->datum_expr = NULL; 2395 } 2396 2397 void cil_validatetrans_init(struct cil_validatetrans **validtrans) 2398 { 2399 *validtrans = cil_malloc(sizeof(**validtrans)); 2400 2401 (*validtrans)->class_str = NULL; 2402 (*validtrans)->class = NULL; 2403 (*validtrans)->str_expr = NULL; 2404 (*validtrans)->datum_expr = NULL; 2405 } 2406 2407 void cil_ipaddr_init(struct cil_ipaddr **ipaddr) 2408 { 2409 *ipaddr = cil_malloc(sizeof(**ipaddr)); 2410 2411 cil_symtab_datum_init(&(*ipaddr)->datum); 2412 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip)); 2413 } 2414 2415 void cil_perm_init(struct cil_perm **perm) 2416 { 2417 *perm = cil_malloc(sizeof(**perm)); 2418 2419 cil_symtab_datum_init(&(*perm)->datum); 2420 (*perm)->value = 0; 2421 (*perm)->classperms = NULL; 2422 } 2423 2424 void cil_classpermission_init(struct cil_classpermission **cp) 2425 { 2426 *cp = cil_malloc(sizeof(**cp)); 2427 2428 cil_symtab_datum_init(&(*cp)->datum); 2429 (*cp)->classperms = NULL; 2430 } 2431 2432 void cil_classpermissionset_init(struct cil_classpermissionset **cps) 2433 { 2434 *cps = cil_malloc(sizeof(**cps)); 2435 2436 (*cps)->set_str = NULL; 2437 (*cps)->classperms = NULL; 2438 } 2439 2440 void cil_classperms_set_init(struct cil_classperms_set **cp_set) 2441 { 2442 *cp_set = cil_malloc(sizeof(**cp_set)); 2443 (*cp_set)->set_str = NULL; 2444 (*cp_set)->set = NULL; 2445 } 2446 2447 void cil_classperms_init(struct cil_classperms **cp) 2448 { 2449 *cp = cil_malloc(sizeof(**cp)); 2450 (*cp)->class_str = NULL; 2451 (*cp)->class = NULL; 2452 (*cp)->perm_strs = NULL; 2453 (*cp)->perms = NULL; 2454 } 2455 2456 void cil_classmapping_init(struct cil_classmapping **mapping) 2457 { 2458 *mapping = cil_malloc(sizeof(**mapping)); 2459 2460 (*mapping)->map_class_str = NULL; 2461 (*mapping)->map_perm_str = NULL; 2462 (*mapping)->classperms = NULL; 2463 } 2464 2465 void cil_user_init(struct cil_user **user) 2466 { 2467 *user = cil_malloc(sizeof(**user)); 2468 2469 cil_symtab_datum_init(&(*user)->datum); 2470 (*user)->bounds = NULL; 2471 (*user)->roles = NULL; 2472 (*user)->dftlevel = NULL; 2473 (*user)->range = NULL; 2474 (*user)->value = 0; 2475 } 2476 2477 void cil_userattribute_init(struct cil_userattribute **attr) 2478 { 2479 *attr = cil_malloc(sizeof(**attr)); 2480 2481 cil_symtab_datum_init(&(*attr)->datum); 2482 2483 (*attr)->expr_list = NULL; 2484 (*attr)->users = NULL; 2485 } 2486 2487 void cil_userattributeset_init(struct cil_userattributeset **attrset) 2488 { 2489 *attrset = cil_malloc(sizeof(**attrset)); 2490 2491 (*attrset)->attr_str = NULL; 2492 (*attrset)->str_expr = NULL; 2493 (*attrset)->datum_expr = NULL; 2494 } 2495 2496 void cil_userlevel_init(struct cil_userlevel **usrlvl) 2497 { 2498 *usrlvl = cil_malloc(sizeof(**usrlvl)); 2499 2500 (*usrlvl)->user_str = NULL; 2501 (*usrlvl)->level_str = NULL; 2502 (*usrlvl)->level = NULL; 2503 } 2504 2505 void cil_userrange_init(struct cil_userrange **userrange) 2506 { 2507 *userrange = cil_malloc(sizeof(**userrange)); 2508 2509 (*userrange)->user_str = NULL; 2510 (*userrange)->range_str = NULL; 2511 (*userrange)->range = NULL; 2512 } 2513 2514 void cil_role_init(struct cil_role **role) 2515 { 2516 *role = cil_malloc(sizeof(**role)); 2517 2518 cil_symtab_datum_init(&(*role)->datum); 2519 (*role)->bounds = NULL; 2520 (*role)->types = NULL; 2521 (*role)->value = 0; 2522 } 2523 2524 void cil_type_init(struct cil_type **type) 2525 { 2526 *type = cil_malloc(sizeof(**type)); 2527 2528 cil_symtab_datum_init(&(*type)->datum); 2529 (*type)->bounds = NULL; 2530 (*type)->value = 0; 2531 } 2532 2533 void cil_cat_init(struct cil_cat **cat) 2534 { 2535 *cat = cil_malloc(sizeof(**cat)); 2536 2537 cil_symtab_datum_init(&(*cat)->datum); 2538 (*cat)->ordered = CIL_FALSE; 2539 (*cat)->value = 0; 2540 } 2541 2542 void cil_catorder_init(struct cil_catorder **catorder) 2543 { 2544 *catorder = cil_malloc(sizeof(**catorder)); 2545 2546 (*catorder)->cat_list_str = NULL; 2547 } 2548 2549 void cil_sensorder_init(struct cil_sensorder **sensorder) 2550 { 2551 *sensorder = cil_malloc(sizeof(**sensorder)); 2552 2553 (*sensorder)->sens_list_str = NULL; 2554 } 2555 2556 void cil_args_init(struct cil_args **args) 2557 { 2558 *args = cil_malloc(sizeof(**args)); 2559 (*args)->arg_str = NULL; 2560 (*args)->arg = NULL; 2561 (*args)->param_str = NULL; 2562 (*args)->flavor = CIL_NONE; 2563 } 2564 2565 void cil_call_init(struct cil_call **call) 2566 { 2567 *call = cil_malloc(sizeof(**call)); 2568 2569 (*call)->macro_str = NULL; 2570 (*call)->macro = NULL; 2571 (*call)->args_tree = NULL; 2572 (*call)->args = NULL; 2573 (*call)->copied = 0; 2574 } 2575 2576 void cil_optional_init(struct cil_optional **optional) 2577 { 2578 *optional = cil_malloc(sizeof(**optional)); 2579 (*optional)->enabled = CIL_TRUE; 2580 cil_symtab_datum_init(&(*optional)->datum); 2581 } 2582 2583 void cil_param_init(struct cil_param **param) 2584 { 2585 *param = cil_malloc(sizeof(**param)); 2586 2587 (*param)->str = NULL; 2588 (*param)->flavor = CIL_NONE; 2589 } 2590 2591 void cil_macro_init(struct cil_macro **macro) 2592 { 2593 *macro = cil_malloc(sizeof(**macro)); 2594 2595 cil_symtab_datum_init(&(*macro)->datum); 2596 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]); 2597 (*macro)->params = NULL; 2598 } 2599 2600 void cil_policycap_init(struct cil_policycap **policycap) 2601 { 2602 *policycap = cil_malloc(sizeof(**policycap)); 2603 2604 cil_symtab_datum_init(&(*policycap)->datum); 2605 } 2606 2607 void cil_bounds_init(struct cil_bounds **bounds) 2608 { 2609 *bounds = cil_malloc(sizeof(**bounds)); 2610 2611 (*bounds)->parent_str = NULL; 2612 (*bounds)->child_str = NULL; 2613 } 2614 2615 void cil_default_init(struct cil_default **def) 2616 { 2617 *def = cil_malloc(sizeof(**def)); 2618 2619 (*def)->flavor = CIL_NONE; 2620 (*def)->class_strs = NULL; 2621 (*def)->class_datums = NULL; 2622 } 2623 2624 void cil_defaultrange_init(struct cil_defaultrange **def) 2625 { 2626 *def = cil_malloc(sizeof(**def)); 2627 2628 (*def)->class_strs = NULL; 2629 (*def)->class_datums = NULL; 2630 } 2631 2632 void cil_handleunknown_init(struct cil_handleunknown **unk) 2633 { 2634 *unk = cil_malloc(sizeof(**unk)); 2635 } 2636 2637 void cil_mls_init(struct cil_mls **mls) 2638 { 2639 *mls = cil_malloc(sizeof(**mls)); 2640 (*mls)->value = 0; 2641 } 2642 2643 void cil_src_info_init(struct cil_src_info **info) 2644 { 2645 *info = cil_malloc(sizeof(**info)); 2646 (*info)->is_cil = 0; 2647 (*info)->path = NULL; 2648 } 2649