1255e72915d4cbddceb435e13d81601755714e9fSE Android/* Authors: Jason Tang <jtang@tresys.com> 2255e72915d4cbddceb435e13d81601755714e9fSE Android * Joshua Brindle <jbrindle@tresys.com> 3255e72915d4cbddceb435e13d81601755714e9fSE Android * Karl MacMillan <kmacmillan@tresys.com> 4255e72915d4cbddceb435e13d81601755714e9fSE Android * 5255e72915d4cbddceb435e13d81601755714e9fSE Android * A set of utility functions that aid policy decision when dealing 6255e72915d4cbddceb435e13d81601755714e9fSE Android * with hierarchal items. 7255e72915d4cbddceb435e13d81601755714e9fSE Android * 8255e72915d4cbddceb435e13d81601755714e9fSE Android * Copyright (C) 2005 Tresys Technology, LLC 9255e72915d4cbddceb435e13d81601755714e9fSE Android * 10255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is free software; you can redistribute it and/or 11255e72915d4cbddceb435e13d81601755714e9fSE Android * modify it under the terms of the GNU Lesser General Public 12255e72915d4cbddceb435e13d81601755714e9fSE Android * License as published by the Free Software Foundation; either 13255e72915d4cbddceb435e13d81601755714e9fSE Android * version 2.1 of the License, or (at your option) any later version. 14255e72915d4cbddceb435e13d81601755714e9fSE Android * 15255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is distributed in the hope that it will be useful, 16255e72915d4cbddceb435e13d81601755714e9fSE Android * but WITHOUT ANY WARRANTY; without even the implied warranty of 17255e72915d4cbddceb435e13d81601755714e9fSE Android * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18255e72915d4cbddceb435e13d81601755714e9fSE Android * Lesser General Public License for more details. 19255e72915d4cbddceb435e13d81601755714e9fSE Android * 20255e72915d4cbddceb435e13d81601755714e9fSE Android * You should have received a copy of the GNU Lesser General Public 21255e72915d4cbddceb435e13d81601755714e9fSE Android * License along with this library; if not, write to the Free Software 22255e72915d4cbddceb435e13d81601755714e9fSE Android * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23255e72915d4cbddceb435e13d81601755714e9fSE Android */ 24255e72915d4cbddceb435e13d81601755714e9fSE Android 25255e72915d4cbddceb435e13d81601755714e9fSE Android#ifndef _SEPOL_POLICYDB_EXPAND_H 26255e72915d4cbddceb435e13d81601755714e9fSE Android#define _SEPOL_POLICYDB_EXPAND_H 27255e72915d4cbddceb435e13d81601755714e9fSE Android 28255e72915d4cbddceb435e13d81601755714e9fSE Android#include <stddef.h> 29255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/handle.h> 30255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/conditional.h> 31255e72915d4cbddceb435e13d81601755714e9fSE Android 32255e72915d4cbddceb435e13d81601755714e9fSE Android/* 33255e72915d4cbddceb435e13d81601755714e9fSE Android * Expand only the avrules for a module. It is valid for this function 34255e72915d4cbddceb435e13d81601755714e9fSE Android * to expand base into itself (i.e. base == out); the typemap for 35255e72915d4cbddceb435e13d81601755714e9fSE Android * this special case should map type[i] to i+1. Likewise the boolmap 36255e72915d4cbddceb435e13d81601755714e9fSE Android * should map bool[i] to i + 1. This function optionally expands 37255e72915d4cbddceb435e13d81601755714e9fSE Android * neverallow rules. If neverallow rules are expanded, there is no 38255e72915d4cbddceb435e13d81601755714e9fSE Android * need to copy them and doing so could cause duplicate entries when 39255e72915d4cbddceb435e13d81601755714e9fSE Android * base == out. If the neverallow rules are not expanded, they are 40255e72915d4cbddceb435e13d81601755714e9fSE Android * just copied to the destination policy so that assertion checking 41255e72915d4cbddceb435e13d81601755714e9fSE Android * can be performed after expand. No assertion or hierarchy checking 42255e72915d4cbddceb435e13d81601755714e9fSE Android * is performed by this function. 43255e72915d4cbddceb435e13d81601755714e9fSE Android */ 44255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int expand_module_avrules(sepol_handle_t * handle, policydb_t * base, 45255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t * out, uint32_t * typemap, uint32_t * boolmap, 46255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t * rolemap, uint32_t * usermap, 47255e72915d4cbddceb435e13d81601755714e9fSE Android int verbose, int expand_neverallow); 48255e72915d4cbddceb435e13d81601755714e9fSE Android/* 49255e72915d4cbddceb435e13d81601755714e9fSE Android * Expand all parts of a module. Neverallow rules are not expanded (only 50255e72915d4cbddceb435e13d81601755714e9fSE Android * copied). It is not valid to expand base into itself. If check is non-zero, 51255e72915d4cbddceb435e13d81601755714e9fSE Android * performs hierarchy and assertion checking. 52255e72915d4cbddceb435e13d81601755714e9fSE Android */ 53255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int expand_module(sepol_handle_t * handle, 54255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t * base, policydb_t * out, 55255e72915d4cbddceb435e13d81601755714e9fSE Android int verbose, int check); 56255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int convert_type_ebitmap(ebitmap_t * src, ebitmap_t * dst, 57255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t * typemap); 58255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int expand_convert_type_set(policydb_t * p, uint32_t * typemap, 59255e72915d4cbddceb435e13d81601755714e9fSE Android type_set_t * set, ebitmap_t * types, 60255e72915d4cbddceb435e13d81601755714e9fSE Android unsigned char alwaysexpand); 61255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p, 62255e72915d4cbddceb435e13d81601755714e9fSE Android unsigned char alwaysexpand); 63255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * out, policydb_t * base, uint32_t * rolemap); 64255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int mls_semantic_level_expand(mls_semantic_level_t *sl, mls_level_t *l, 65255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t *p, sepol_handle_t *h); 66255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int mls_semantic_range_expand(mls_semantic_range_t *sr, mls_range_t *r, 67255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t *p, sepol_handle_t *h); 68255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int expand_rule(sepol_handle_t * handle, 69255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t * source_pol, 70255e72915d4cbddceb435e13d81601755714e9fSE Android avrule_t * source_rule, avtab_t * dest_avtab, 71255e72915d4cbddceb435e13d81601755714e9fSE Android cond_av_list_t ** cond, cond_av_list_t ** other, 72255e72915d4cbddceb435e13d81601755714e9fSE Android int enabled); 73255e72915d4cbddceb435e13d81601755714e9fSE Android 74255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int expand_avtab(policydb_t * p, avtab_t * a, avtab_t * expa); 75255e72915d4cbddceb435e13d81601755714e9fSE Android 76255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int expand_cond_av_list(policydb_t * p, cond_av_list_t * l, 77255e72915d4cbddceb435e13d81601755714e9fSE Android cond_av_list_t ** newl, avtab_t * expa); 78255e72915d4cbddceb435e13d81601755714e9fSE Android 79255e72915d4cbddceb435e13d81601755714e9fSE Android#endif 80