1/*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 *    1. Redistributions of source code must retain the above copyright notice,
8 *       this list of conditions and the following disclaimer.
9 *
10 *    2. Redistributions in binary form must reproduce the above copyright notice,
11 *       this list of conditions and the following disclaimer in the documentation
12 *       and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30#ifndef _CIL_BINARY_H_
31#define _CIL_BINARY_H_
32
33#include <sepol/policydb/policydb.h>
34
35#include "cil_internal.h"
36#include "cil_tree.h"
37#include "cil_list.h"
38
39/**
40 * Create a binary policydb from the cil db.
41 *
42 * @param[in] db The cil database.
43 * @param[in] pdb The policy database.
44 *
45 * @return SEPOL_OK upon success or an error otherwise.
46 */
47int cil_binary_create(const struct cil_db *db, sepol_policydb_t **pdb);
48
49/**
50 * Create a pre allocated binary policydb from the cil db.
51 *
52 * It is assumed that pdb has been allocated and initialzed so that fields such
53 * as policy type and version are set appropriately. It is reccomended that
54 * instead of calling this, one instead calls cil_binary_create, which will
55 * properly allocate and initialize the pdb and then calls this function. This
56 * funcion is used to maintain binary backwards compatability.
57 *
58 * @param[in] db The cil database.
59 * @param[in] pdb The policy database.
60 *
61 * @return SEPOL_OK upon success or an error otherwise.
62 */
63int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *pdb);
64
65/**
66 * Insert cil common structure into sepol policydb.
67 *
68 * @param[in] pdb The policy database to insert the common into.
69 * @param[in] datum The cil_common datum.
70 * @param[out] common_out The sepol common to send back.
71 *
72 * @return SEPOL_OK upon success or an error otherwise.
73 */
74int cil_common_to_policydb(policydb_t *pdb, struct cil_class *cil_common, common_datum_t **common_out);
75
76/**
77 * Insert cil class structure into sepol policydb.
78 *
79 * @param[in] pdb The policy database to insert the class into.
80 * @param[in] datum The cil_class datum.
81 *
82 * @return SEPOL_OK upon success or an error otherwise.
83 */
84int cil_class_to_policydb(policydb_t *pdb, struct cil_class *cil_class);
85
86/**
87 * Insert cil role structure into sepol policydb.
88 *
89 * @param[in] pdb The policy database to insert the role into.
90 * @param[in] datum The cil_role datum.
91 *
92 * @return SEPOL_OK upon success or an error otherwise.
93 */
94int cil_role_to_policydb(policydb_t *pdb, struct cil_role *cil_role);
95
96/**
97 * Insert cil roletype structure into sepol policydb.
98 *
99 * @param[in] pdb The policy database to insert the roletype into.
100 * @param[in] db The cil database
101 * @param[in] datum The cil_roletype datum.
102 *
103 * @return SEPOL_OK upon success or SEPOL_ERR otherwise.
104 */
105int cil_roletype_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_role *role);
106
107/**
108 * Insert cil type structure into sepol policydb.
109 *
110 * @param[in] pdb The policy database to insert the type into.
111 * @param[in] datum The cil_type datum.
112 *
113 * @return SEPOL_OK upon success or an error otherwise.
114 */
115int cil_type_to_policydb(policydb_t *pdb, struct cil_type *cil_type);
116
117/**
118 * Insert cil typealias structure into sepol policydb.
119 *
120 * @param[in] pdb The policy database to insert the typealias into.
121 * @param[in] datum The cil_typealias datum.
122 *
123 * @return SEPOL_OK upon success or an error otherwise.
124 */
125int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias);
126
127/**
128 * Insert cil typepermissive structure into sepol policydb.
129 * The function looks up the perviously inserted type and flips the bit
130 * in the permssive types bitmap that corresponds to that type's value.
131 *
132 * @param[in] pdb The policy database to insert the typepermissive into.
133 * @param[in] datum The cil_typepermissive datum.
134 *
135 * @return SEPOL_OK upon success or an error otherwise.
136 */
137int cil_typepermissive_to_policydb(policydb_t *pdb, struct cil_typepermissive *cil_typeperm);
138
139/**
140 * Insert cil attribute structure into sepol policydb.
141 *
142 * @param[in] pdb The policy database to insert the attribute into.
143 * @param[in] datum The cil_attribute datum.
144 *
145 * @return SEPOL_OK upon success or an error otherwise.
146 */
147int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil_attr);
148
149/**
150 * Insert cil attribute structure into sepol type->attribute bitmap.
151 * The function calls helper functions to loop over the attributes lists
152 * of types and negative types. If either of the lists contain an attribute,
153 * the helper functions will recurse into the attribute and record the
154 * attribute's types and negative types. There is no minimum depth.
155 *
156 * @param[in] pdb The policy database that contains the type->attribute bitmap.
157 * @param[in] db The cil database
158 * @param[in] node The tree node that contains the cil_attribute.
159 *
160 * @return SEPOL_OK upon success or an error otherwise.
161 */
162int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *cdb, struct cil_typeattribute *cil_attr);
163
164/**
165 * Insert cil policycap structure into sepol policydb.
166 *
167 * @param[in] pdb The policy database to insert the policycap into.
168 * @param[in] node The tree node that contains the cil_policycap.
169 *
170 * @return SEPOL_OK upon success or SEPOL_ERR upon error.
171 */
172int cil_policycap_to_policydb(policydb_t *pdb, struct cil_policycap *cil_polcap);
173
174/**
175 * Insert cil user structure into sepol policydb.
176 *
177 * @param[in] pdb THe policy database to insert the user into.
178 * @param[in] node The tree node that contains the cil_user.
179 *
180 * @return SEPOL_OK upon success or an error otherwise.
181 */
182int cil_user_to_policydb(policydb_t *pdb, struct cil_user *cil_user);
183
184/**
185 * Insert cil userrole structure into sepol policydb.
186 *
187 * @param[in] pdb THe policy database to insert the userrole into.
188 * @param[in] datum The cil_userrole datum.
189 *
190 * @return SEPOL_OK upon success or SEPOL_ERR otherwise.
191 */
192int cil_userrole_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_userrole *userrole);
193
194/**
195 * Insert cil bool structure into sepol policydb.
196 *
197 * @param[in] pdb THe policy database to insert the bool into.
198 * @param[in] datum The cil_bool datum.
199 *
200 * @return SEPOL_OK upon success or an error otherwise.
201 */
202int cil_bool_to_policydb(policydb_t *pdb, struct cil_bool *cil_bool);
203
204/**
205 * Insert all ordered cil category structures into sepol policydb.
206 *
207 * @param[in] pdb The policy database to insert the categories into.
208 * @param[in] db The cil database that contains the category order list.
209 *
210 * @return SEPOL_OK upon success or an error otherwise.
211 */
212int cil_catorder_to_policydb(policydb_t *pdb, const struct cil_db *db);
213
214/**
215 * Insert cil category alias structure into sepol policydb.
216 *
217 * @param[in] pdb The policy database to insert the category alias into.
218 * @param[in] datum The cil_catalias datum.
219 *
220 * @return SEPOL_OK upon success or an error otherwise.
221 */
222int cil_catalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias);
223
224/**
225 * Insert the cil sensitivityorder into sepol policydb.
226 *
227 * @param[in] pdb The policy database to insert the sensitivityorder into.
228 * @param[in] db the cil database that contains the sensitivityorder list.
229 *
230 * @return SEPOL_OK upon success or an error otherwise.
231 */
232int cil_sensitivityorder_to_policydb(policydb_t *pdb, const struct cil_db *db);
233
234/**
235 * Insert cil type rule structure into sepol policydb.  This includes
236 * typetransition, typechange, and typemember.
237 *
238 * @param[in] pdb The policy database to insert the type rule into.
239 * @param[in] datum The cil_type_rule datum.
240 *
241 * @return SEPOL_OK upon success or an error otherwise.
242 */
243int cil_type_rule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_type_rule *cil_rule);
244
245/**
246 * Insert cil avrule structure into sepol policydb.
247 *
248 * @param[in] pdb The policy database to insert the avrule into.
249 * @param[in] datum The cil_avrule datum.
250 *
251 * @return SEPOL_OK upon success or an error otherwise.
252 */
253int cil_avrule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, struct cil_list *neverallows);
254
255/**
256 * Insert cil booleanif structure into sepol policydb.  This populates the
257 * policydb conditional list.  Each conditional node contains an expression
258 * and true/false avtab_ptr lists that point into te_cond_avtab.
259 *
260 * @param[in] pdb The policy database to insert the booleanif into.
261 * @param[in] node The cil_booleanif node.
262 *
263 * @return SEPOL_OK upon success or an error otherwise.
264 */
265int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_tree_node *node, struct cil_list *neverallows, hashtab_t filename_trans_table);
266
267/**
268 * Insert cil role transition structure into sepol policydb.
269 *
270 * @param[in] pdb The policy database to insert the role transition into.
271 * @param[in] datum The cil_role_trans datum.
272 *
273 * @return SEPOL_OK upon success or SEPOL_ERR upon error.
274 */
275int cil_roletrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roletransition *roletrans, hashtab_t role_trans_table);
276
277/**
278 * Insert cil role allow structure into sepol policydb.
279 *
280 * @param[in] pdb The policy database to insert the role allow into.
281 * @param[in] datum The cil_role_allow datum.
282 *
283 * @return SEPOL_OK upon success or SEPOL_ERR upon error.
284 */
285int cil_roleallow_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roleallow *roleallow);
286
287/**
288 * Insert cil file transition structure into sepol policydb.
289 *
290 * @param[in] pdb The policy database to insert the file transition into.
291 * @param[in] datum The cil_nametypetransition datum.
292 *
293 * @return SEPOL_OK upon success or SEPOL_ERR upon error.
294 */
295int cil_typetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_nametypetransition *typetrans, hashtab_t filename_trans_table);
296
297/**
298 * Insert cil constrain/mlsconstrain structure(s) into sepol policydb.
299 *
300 * @param[in] pdb The policy database to insert the (mls)constrain into.
301 * @param[in] datum The cil_(mls)constrain datum.
302 *
303 * @return SEPOL_OK upon success or SEPOL_ERR upon error.
304 */
305int cil_constrain_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_constrain *cil_constrain);
306
307/**
308 * Define sepol level.
309 * Associates the sepol level (sensitivity) with categories.
310 * Looks at the cil_sens structure for a list of cil_cats to
311 * associate the sensitivity with.
312 * Sets the sepol level as defined in the sepol policy database.
313 *
314 * @param[in] pdb The policy database that holds the sepol level.
315 * @param[in] datum The cil_sens datum.
316 *
317 * @return SEPOL_OK upon success or SEPOL_ERR upon error.
318 */
319int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens);
320
321/**
322 * Insert cil rangetransition structure into sepol policydb.
323 *
324 * @param[in] pdb The policy database to insert the rangetransition into.
325 * @param[in] datum The cil_rangetransition datum.
326 *
327 * @return SEPOL_OK upon success or an error otherwise.
328 */
329int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans, hashtab_t range_trans_table);
330
331/**
332 * Insert cil portcon structure into sepol policydb.
333 * The function is given a structure containing the sorted portcons and
334 * loops over this structure inserting them into the policy database.
335 *
336 * @param[in] pdb The policy database to insert the portcon into.
337 * @param[in] node The cil_sort structure that contains the sorted portcons.
338 *
339 * @return SEPOL_OK upon success or an error otherwise.
340 */
341int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons);
342
343/**
344 * Insert cil netifcon structure into sepol policydb.
345 * The function is given a structure containing the sorted netifcons and
346 * loops over this structure inserting them into the policy database.
347 *
348 * @param[in] pdb The policy database to insert the netifcon into.
349 * @param[in] node The cil_sort structure that contains the sorted netifcons.
350 *
351 * @return SEPOL_OK upon success or an error otherwise.
352 */
353int cil_netifcon_to_policydb(policydb_t *pdb, struct cil_sort *netifcons);
354
355/**
356 * Insert cil nodecon structure into sepol policydb.
357 * The function is given a structure containing the sorted nodecons and
358 * loops over this structure inserting them into the policy database.
359 *
360 * @param[in] pdb The policy database to insert the nodecon into.
361 * @param[in] node The cil_sort structure that contains the sorted nodecons.
362 *
363 * @return SEPOL_OK upon success or an error otherwise.
364 */
365int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons);
366
367/**
368 * Insert cil fsuse structure into sepol policydb.
369 * The function is given a structure containing the sorted fsuses and
370 * loops over this structure inserting them into the policy database.
371 *
372 * @param[in] pdb The policy database to insert the fsuse into.
373 * @param[in] node The cil_sort structure that contains the sorted fsuses.
374 *
375 * @return SEPOL_OK upon success or an error otherwise.
376 */
377int cil_fsuse_to_policydb(policydb_t *pdb, struct cil_sort *fsuses);
378
379/**
380 * Insert cil genfscon structure into sepol policydb.
381 * The function is given a structure containing the sorted genfscons and
382 * loops over this structure inserting them into the policy database.
383 *
384 * @param[in] pdb The policy database to insert the genfscon into.
385 * @param[in] node The cil_sort structure that contains the sorted genfscons.
386 *
387 * @return SEPOL_OK upon success or an error otherwise.
388 */
389int cil_genfscon_to_policydb(policydb_t *pdb, struct cil_sort *genfscons);
390
391/**
392 * Insert cil pirqcon structure into sepol policydb.
393 * The function is given a structure containing the sorted pirqcons and
394 * loops over this structure inserting them into the policy database.
395 *
396 * @param[in] pdb The policy database to insert the pirqcon into.
397 * @param[in] node The cil_sort structure that contains the sorted pirqcons.
398 *
399 * @return SEPOL_OK upon success or an error otherwise.
400 */
401int cil_pirqcon_to_policydb(policydb_t *pdb, struct cil_sort *pirqcons);
402
403/**
404 * Insert cil iomemcon structure into sepol policydb.
405 * The function is given a structure containing the sorted iomemcons and
406 * loops over this structure inserting them into the policy database.
407 *
408 * @param[in] pdb The policy database to insert the iomemcon into.
409 * @param[in] node The cil_sort structure that contains the sorted iomemcons.
410 *
411 * @return SEPOL_OK upon success or an error otherwise.
412 */
413int cil_iomemcon_to_policydb(policydb_t *pdb, struct cil_sort *iomemcons);
414
415/**
416 * Insert cil ioportcon structure into sepol policydb.
417 * The function is given a structure containing the sorted ioportcons and
418 * loops over this structure inserting them into the policy database.
419 *
420 * @param[in] pdb The policy database to insert the ioportcon into.
421 * @param[in] node The cil_sort structure that contains the sorted ioportcons.
422 *
423 * @return SEPOL_OK upon success or an error otherwise.
424 */
425int cil_ioportcon_to_policydb(policydb_t *pdb, struct cil_sort *ioportcons);
426
427/**
428 * Insert cil pcidevicecon structure into sepol policydb.
429 * The function is given a structure containing the sorted pcidevicecons and
430 * loops over this structure inserting them into the policy database.
431 *
432 * @param[in] pdb The policy database to insert the pcidevicecon into.
433 * @param[in] node The cil_sort structure that contains the sorted pcidevicecons.
434 *
435 * @return SEPOL_OK upon success or an error otherwise.
436 */
437int cil_pcidevicecon_to_policydb(policydb_t *pdb, struct cil_sort *pcidevicecons);
438
439/**
440 * Create an mls level using a cil level.
441 * The function is given a structure containing the a cil_level and
442 * outputs a created mls_level_t.
443 *
444 * @param[in] pdb The policy database to use to get sepol level from cil_level's sensitivity.
445 * @param[in] cil_level The cil_level that will be used to create an mls_level_t.
446 * @param[out] mls_level The mls_level that is created.
447 *
448 * @return SEPOL_OK upon success or an error otherwise.
449 */
450int cil_level_to_mls_level(policydb_t *pdb, struct cil_level *cil_level, mls_level_t *mls_level);
451
452#endif //_CIL_BINARY_H_
453