1b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence/* 2b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * Copyright 2011 Tresys Technology, LLC. All rights reserved. 3b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * 4b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * Redistribution and use in source and binary forms, with or without 5b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * modification, are permitted provided that the following conditions are met: 6b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * 7b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * 1. Redistributions of source code must retain the above copyright notice, 8b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * this list of conditions and the following disclaimer. 9b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * 10b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * 2. Redistributions in binary form must reproduce the above copyright notice, 11b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * this list of conditions and the following disclaimer in the documentation 12b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * and/or other materials provided with the distribution. 13b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * 14b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS 15b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 16b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 17b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 18b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 19b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 21b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 22b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 23b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * 25b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * The views and conclusions contained in the software and documentation are those 26b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * of the authors and should not be interpreted as representing official policies, 27b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence * either expressed or implied, of Tresys Technology, LLC. 28b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence */ 29b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 30b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include <stdlib.h> 31b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include <stdio.h> 32b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include <string.h> 33b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include <stdint.h> 34b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include <unistd.h> 35b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 36b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include <sepol/policydb/conditional.h> 37b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include <sepol/errcodes.h> 38b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 39b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_internal.h" 40b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_flavor.h" 41b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_log.h" 42b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_mem.h" 43b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_tree.h" 44b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_list.h" 45b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_post.h" 46b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_policy.h" 47b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_verify.h" 48b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence#include "cil_symtab.h" 49b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 50b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db); 51b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db); 52b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 53b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int cil_verify_is_list(struct cil_list *list, enum cil_flavor flavor) 54b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 55b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list_item *curr; 56b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 57b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_for_each(curr, list) { 58b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch (curr->flavor) { 59b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_LIST: 60b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return CIL_FALSE; 61b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 62b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_OP: 63b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return CIL_FALSE; 64b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 65b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 66b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (flavor == CIL_CAT) { 67b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_symtab_datum *d = curr->data; 68b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *n = d->nodes->head->data; 69b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (n->flavor == CIL_CATSET) { 70b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return CIL_FALSE; 71b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 72b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 73b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 74b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 75b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 76b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return CIL_TRUE; 77b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 78b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 79b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencevoid cil_post_fc_fill_data(struct fc_data *fc, char *path) 80b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 81b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int c = 0; 82b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence fc->meta = 0; 83b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence fc->stem_len = 0; 84b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence fc->str_len = 0; 85b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 86b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence while (path[c] != '\0') { 87b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch (path[c]) { 88b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '.': 89b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '^': 90b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '$': 91b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '?': 92b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '*': 93b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '+': 94b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '|': 95b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '[': 96b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '(': 97b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '{': 98b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence fc->meta = 1; 99b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 100b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case '\\': 101b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence c++; 102b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 103b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (!fc->meta) { 104b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence fc->stem_len++; 105b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 106b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 107b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 108b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence fc->str_len++; 109b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence c++; 110b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 111b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 112b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 113b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_filecon_compare(const void *a, const void *b) 114b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 115b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = 0; 116b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_filecon *a_filecon = *(struct cil_filecon**)a; 117b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_filecon *b_filecon = *(struct cil_filecon**)b; 118b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct fc_data *a_data = cil_malloc(sizeof(*a_data)); 119b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct fc_data *b_data = cil_malloc(sizeof(*b_data)); 120b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence char *a_path = cil_malloc(strlen(a_filecon->path_str) + 1); 121b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence a_path[0] = '\0'; 122b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence char *b_path = cil_malloc(strlen(b_filecon->path_str) + 1); 123b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence b_path[0] = '\0'; 124b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence strcat(a_path, a_filecon->path_str); 125b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence strcat(b_path, b_filecon->path_str); 126b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_post_fc_fill_data(a_data, a_path); 127b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_post_fc_fill_data(b_data, b_path); 128b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (a_data->meta && !b_data->meta) { 129b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 130b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (b_data->meta && !a_data->meta) { 131b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 132b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (a_data->stem_len < b_data->stem_len) { 133b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 134b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (b_data->stem_len < a_data->stem_len) { 135b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 136b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (a_data->str_len < b_data->str_len) { 137b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 138b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (b_data->str_len < a_data->str_len) { 139b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 140b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (a_filecon->type < b_filecon->type) { 141b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 142b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (b_filecon->type < a_filecon->type) { 143b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 144b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 145b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 146b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence free(a_path); 147b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence free(b_path); 148b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence free(a_data); 149b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence free(b_data); 150b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 151b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 152b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 153b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 154b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_portcon_compare(const void *a, const void *b) 155b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 156b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 157b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_portcon *aportcon = *(struct cil_portcon**)a; 158b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_portcon *bportcon = *(struct cil_portcon**)b; 159b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 160b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = (aportcon->port_high - aportcon->port_low) 161b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence - (bportcon->port_high - bportcon->port_low); 162b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc == 0) { 163b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (aportcon->port_low < bportcon->port_low) { 164b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 165b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (bportcon->port_low < aportcon->port_low) { 166b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 167b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 168b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 169b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 170b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 171b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 172b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 173b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_genfscon_compare(const void *a, const void *b) 174b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 175b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 176b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_genfscon *agenfscon = *(struct cil_genfscon**)a; 177b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_genfscon *bgenfscon = *(struct cil_genfscon**)b; 178b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 179b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = strcmp(agenfscon->fs_str, bgenfscon->fs_str); 180b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc == 0) { 181b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = strcmp(agenfscon->path_str, bgenfscon->path_str); 182b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 183b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 184b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 185b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 186b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 187b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_netifcon_compare(const void *a, const void *b) 188b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 189b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_netifcon *anetifcon = *(struct cil_netifcon**)a; 190b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_netifcon *bnetifcon = *(struct cil_netifcon**)b; 191b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 192b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return strcmp(anetifcon->interface_str, bnetifcon->interface_str); 193b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 194b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 195b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_nodecon_compare(const void *a, const void *b) 196b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 197b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_nodecon *anodecon; 198b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_nodecon *bnodecon; 199b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence anodecon = *(struct cil_nodecon**)a; 200b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence bnodecon = *(struct cil_nodecon**)b; 201b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 202b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence /* sort ipv4 before ipv6 */ 203b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (anodecon->addr->family != bnodecon->addr->family) { 204b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (anodecon->addr->family == AF_INET) { 205b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return -1; 206b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 207b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return 1; 208b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 209b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 210b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 211b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence /* most specific netmask goes first, then order by ip addr */ 212b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (anodecon->addr->family == AF_INET) { 213b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = memcmp(&anodecon->mask->ip.v4, &bnodecon->mask->ip.v4, sizeof(anodecon->mask->ip.v4)); 214b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != 0) { 215b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return -1 * rc; 216b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 217b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return memcmp(&anodecon->addr->ip.v4, &bnodecon->addr->ip.v4, sizeof(anodecon->addr->ip.v4)); 218b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 219b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = memcmp(&anodecon->mask->ip.v6, &bnodecon->mask->ip.v6, sizeof(anodecon->mask->ip.v6)); 220b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != 0) { 221b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return -1 * rc; 222b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 223b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return memcmp(&anodecon->addr->ip.v6, &bnodecon->addr->ip.v6, sizeof(anodecon->addr->ip.v6)); 224b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 225b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 226b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 227b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_pirqcon_compare(const void *a, const void *b) 228b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 229b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 230b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_pirqcon *apirqcon = *(struct cil_pirqcon**)a; 231b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_pirqcon *bpirqcon = *(struct cil_pirqcon**)b; 232b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 233b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (apirqcon->pirq < bpirqcon->pirq) { 234b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 235b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (bpirqcon->pirq < apirqcon->pirq) { 236b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 237b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 238b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 0; 239b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 240b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 241b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 242b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 243b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 244b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_iomemcon_compare(const void *a, const void *b) 245b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 246b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 247b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_iomemcon *aiomemcon = *(struct cil_iomemcon**)a; 248b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_iomemcon *biomemcon = *(struct cil_iomemcon**)b; 249b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 250b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = (aiomemcon->iomem_high - aiomemcon->iomem_low) 251b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence - (biomemcon->iomem_high - biomemcon->iomem_low); 252b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc == 0) { 253b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (aiomemcon->iomem_low < biomemcon->iomem_low) { 254b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 255b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (biomemcon->iomem_low < aiomemcon->iomem_low) { 256b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 257b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 258b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 259b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 260b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 261b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 262b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 263b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_ioportcon_compare(const void *a, const void *b) 264b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 265b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 266b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_ioportcon *aioportcon = *(struct cil_ioportcon**)a; 267b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_ioportcon *bioportcon = *(struct cil_ioportcon**)b; 268b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 269b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = (aioportcon->ioport_high - aioportcon->ioport_low) 270b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence - (bioportcon->ioport_high - bioportcon->ioport_low); 271b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc == 0) { 272b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (aioportcon->ioport_low < bioportcon->ioport_low) { 273b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 274b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (bioportcon->ioport_low < aioportcon->ioport_low) { 275b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 276b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 277b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 278b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 279b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 280b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 281b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 282b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_pcidevicecon_compare(const void *a, const void *b) 283b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 284b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 285b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_pcidevicecon *apcidevicecon = *(struct cil_pcidevicecon**)a; 286b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_pcidevicecon *bpcidevicecon = *(struct cil_pcidevicecon**)b; 287b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 288b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (apcidevicecon->dev < bpcidevicecon->dev) { 289b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 290b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (bpcidevicecon->dev < apcidevicecon->dev) { 291b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 292b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 293b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 0; 294b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 295b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 296b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 297b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 298b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 299f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graafint cil_post_devicetreecon_compare(const void *a, const void *b) 300f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf{ 301f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf int rc = SEPOL_ERR; 302f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf struct cil_devicetreecon *adevicetreecon = *(struct cil_devicetreecon**)a; 303f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf struct cil_devicetreecon *bdevicetreecon = *(struct cil_devicetreecon**)b; 304f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 305f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf rc = strcmp(adevicetreecon->path, bdevicetreecon->path); 306f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 307f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf return rc; 308f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf} 309f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 310b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_fsuse_compare(const void *a, const void *b) 311b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 312b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc; 313b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_fsuse *afsuse; 314b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_fsuse *bfsuse; 315b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence afsuse = *(struct cil_fsuse**)a; 316b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence bfsuse = *(struct cil_fsuse**)b; 317b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (afsuse->type < bfsuse->type) { 318b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = -1; 319b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (bfsuse->type < afsuse->type) { 320b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = 1; 321b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 322b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = strcmp(afsuse->fs_str, bfsuse->fs_str); 323b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 324b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 325b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 326b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 327b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) 328b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 329b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_db *db = extra_args; 330b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 331b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch(node->flavor) { 332b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_BLOCK: { 333b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_block *blk = node->data; 334b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (blk->is_abstract == CIL_TRUE) { 335b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 336b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 337b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 338b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 339b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MACRO: 340b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 341b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 342b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_TYPE: { 343b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_type *type = node->data; 344b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (type->datum.nodes->head->data == node) { 345b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence // multiple AST nodes can point to the same cil_type data (like if 346b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence // copied from a macro). This check ensures we only count the 347b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence // duplicates once 348b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence type->value = db->num_types; 349b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->num_types++; 350b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 351b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 352b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 353b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_ROLE: { 354b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_role *role = node->data; 355b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (role->datum.nodes->head->data == node) { 356b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence // multiple AST nodes can point to the same cil_role data (like if 357b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence // copied from a macro). This check ensures we only count the 358b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence // duplicates once 359b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence role->value = db->num_roles; 360b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->num_roles++; 361b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 362b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 363b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 364b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_NETIFCON: 365b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->netifcon->count++; 366b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 367b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_GENFSCON: 368b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->genfscon->count++; 369b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 370b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_FILECON: 371b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->filecon->count++; 372b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 373b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_NODECON: 374b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->nodecon->count++; 375b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 376b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PORTCON: 377b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->portcon->count++; 378b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 379b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PIRQCON: 380b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->pirqcon->count++; 381b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 382b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_IOMEMCON: 383b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->iomemcon->count++; 384b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 385b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_IOPORTCON: 386b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->ioportcon->count++; 387b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 388b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PCIDEVICECON: 389b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->pcidevicecon->count++; 390b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 391f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf case CIL_DEVICETREECON: 392f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf db->devicetreecon->count++; 393f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf break; 394b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_FSUSE: 395b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->fsuse->count++; 396b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 397b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 398b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 399b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 400b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 401b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 402b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 403b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 404b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_post_db_array_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *extra_args) 405b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 406b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_db *db = extra_args; 407b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 408b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch(node->flavor) { 409b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_BLOCK: { 410b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_block *blk = node->data; 411b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (blk->is_abstract == CIL_TRUE) { 412b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 413b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 414b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 415b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 416b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MACRO: 417b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 418b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 419b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_TYPE: { 420b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_type *type = node->data; 421b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (db->val_to_type == NULL) { 422b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->val_to_type = cil_malloc(sizeof(*db->val_to_type) * db->num_types); 423b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 424b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->val_to_type[type->value] = type; 425b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 426b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 427b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_ROLE: { 428b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_role *role = node->data; 429b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (db->val_to_role == NULL) { 430b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->val_to_role = cil_malloc(sizeof(*db->val_to_role) * db->num_roles); 431b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 432b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->val_to_role[role->value] = role; 433b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 434b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 435b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_USERPREFIX: { 436b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_append(db->userprefixes, CIL_USERPREFIX, node->data); 437b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 438b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 439b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_SELINUXUSER: { 440b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_prepend(db->selinuxusers, CIL_SELINUXUSER, node->data); 441b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 442b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 443b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_SELINUXUSERDEFAULT: { 444b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_append(db->selinuxusers, CIL_SELINUXUSERDEFAULT, node->data); 445b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 446b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 447b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_NETIFCON: { 448b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->netifcon; 449b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 450b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 451b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 452b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 453b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 454b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 455b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 456b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 457b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 458b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_FSUSE: { 459b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->fsuse; 460b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 461b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 462b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 463b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 464b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 465b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 466b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 467b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 468b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 469b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_GENFSCON: { 470b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->genfscon; 471b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 472b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 473b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 474b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 475b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 476b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 477b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 478b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 479b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 480b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_FILECON: { 481b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->filecon; 482b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 483b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 484b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 485b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 486b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 487b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 488b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 489b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 490b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 491b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_NODECON: { 492b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->nodecon; 493b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 494b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 495b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 496b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 497b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 498b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 499b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 500b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 501b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 502b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PORTCON: { 503b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->portcon; 504b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 505b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 506b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 507b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 508b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 509b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 510b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 511b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 512b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 513b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PIRQCON: { 514b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->pirqcon; 515b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 516b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 517b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 518b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 519b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 520b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 521b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 522b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 523b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 524b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_IOMEMCON: { 525b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->iomemcon; 526b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 527b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 528b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 529b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 530b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 531b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 532b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 533b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 534b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 535b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_IOPORTCON: { 536b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->ioportcon; 537b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 538b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 539b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 540b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 541b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 542b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 543b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 544b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 545b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 546b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PCIDEVICECON: { 547b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sort *sort = db->pcidevicecon; 548b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t count = sort->count; 549b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence uint32_t i = sort->index; 550b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (sort->array == NULL) { 551b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array = cil_malloc(sizeof(*sort->array)*count); 552b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 553b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->array[i] = node->data; 554b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence sort->index++; 555b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 556b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 557f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf case CIL_DEVICETREECON: { 558f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf struct cil_sort *sort = db->devicetreecon; 559f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf uint32_t count = sort->count; 560f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf uint32_t i = sort->index; 561f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf if (sort->array == NULL) { 562f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf sort->array = cil_malloc(sizeof(*sort->array)*count); 563f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf } 564f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf sort->array[i] = node->data; 565f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf sort->index++; 566f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf break; 567f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf } 568b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 569b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 570b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 571b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 572b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 573b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 574b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 575b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_type_expression(struct cil_typeattribute *attr, struct cil_db *db) 576b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 577b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc; 578b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 579b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence attr->types = cil_malloc(sizeof(*attr->types)); 580b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_list_to_bitmap(attr->expr_list, attr->types, db->num_types, db); 581b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 582b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to expand type attribute to bitmap\n"); 583b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(attr->types); 584b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence free(attr->types); 585b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence attr->types = NULL; 586b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 587b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 588b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 589b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 590b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_type_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, struct cil_db *db) 591b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 592b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 593b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *node = datum->nodes->head->data; 594b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 595b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(bitmap); 596b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 597b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (node->flavor == CIL_TYPEATTRIBUTE) { 598b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_typeattribute *attr = (struct cil_typeattribute *)datum; 599b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (attr->types == NULL) { 600b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_type_expression(attr, db); 601b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) goto exit; 602b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 603b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_union(bitmap, attr->types); 604b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (node->flavor == CIL_TYPEALIAS) { 605b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_alias *alias = (struct cil_alias *)datum; 606b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_type *type = alias->actual; 607b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, type->value, 1)) { 608b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to set type bit\n"); 609b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 610b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 611b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 612b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 613b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_type *type = (struct cil_type *)datum; 614b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, type->value, 1)) { 615b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to set type bit\n"); 616b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 617b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 618b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 619b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 620b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 621b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 622b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 623b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 624b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 625b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 626b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 627b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_role_expression(struct cil_roleattribute *attr, struct cil_db *db) 628b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 629b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc; 630b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 631b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence attr->roles = cil_malloc(sizeof(*attr->roles)); 632b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_list_to_bitmap(attr->expr_list, attr->roles, db->num_roles, db); 633b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 634b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to expand role attribute to bitmap\n"); 635b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(attr->roles); 636b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence free(attr->roles); 637b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence attr->roles = NULL; 638b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 639b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 640b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 641b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 642b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_role_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, struct cil_db *db) 643b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 644b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 645b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *node = datum->nodes->head->data; 646b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 647b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(bitmap); 648b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 649b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (node->flavor == CIL_ROLEATTRIBUTE) { 650b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_roleattribute *attr = (struct cil_roleattribute *)datum; 651b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (attr->roles == NULL) { 652b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_role_expression(attr, db); 653b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) goto exit; 654b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 655b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_union(bitmap, attr->roles); 656b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 657b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_role *role = (struct cil_role *)datum; 658b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, role->value, 1)) { 659b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to set role bit\n"); 660b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 661b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 662b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 663b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 664b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 665b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 666b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 667b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 668b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 669b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 670b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 671b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_perm_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, __attribute__((unused)) struct cil_db *db) 672b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 673b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_perm *perm = (struct cil_perm *)datum; 674b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence unsigned int value = perm->value; 675b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 676b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(bitmap); 677b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, value, 1)) { 678b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to set perm bit\n"); 679b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 680b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_ERR; 681b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 682b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 683b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 684b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 685b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 686b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_cat_expression(struct cil_cats *cats, struct cil_db *db) 687b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 688b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 689b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_t bitmap; 690b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list *new; 691b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list_item *curr; 692b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 693b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (cats->evaluated == CIL_TRUE) { 694b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 695b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 696b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 697b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (cil_verify_is_list(cats->datum_expr, CIL_CAT)) { 698b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 699b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 700b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 701b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(&bitmap); 702b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_to_bitmap(cats->datum_expr, &bitmap, db->num_cats, db); 703b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 704b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to expand category expression to bitmap\n"); 705b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&bitmap); 706b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 707b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 708b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 709b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_init(&new, CIL_CAT); 710b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 711b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_for_each(curr, db->catorder) { 712b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_cat *cat = curr->data; 713b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_get_bit(&bitmap, cat->value)) { 714b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_append(new, CIL_DATUM, cat); 715b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 716b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 717b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 718b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&bitmap); 719b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_destroy(&cats->datum_expr, CIL_FALSE); 720b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (new->head != NULL) { 721b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cats->datum_expr = new; 722b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 723b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence /* empty list */ 724b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_destroy(&new, CIL_FALSE); 725b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cats->datum_expr = NULL; 726b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 727b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 728b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cats->evaluated = CIL_TRUE; 729b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 730b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 731b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 732b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 733b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 734b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 735b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 736b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_cat_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, struct cil_db *db) 737b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 738b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 739b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *node = datum->nodes->head->data; 740b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 741b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(bitmap); 742b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 743b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (node->flavor == CIL_CATSET) { 744b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_catset *catset = (struct cil_catset *)datum; 745b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list_item *curr; 746b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (catset->cats->evaluated == CIL_FALSE) { 747b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_cat_expression(catset->cats, db); 748b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) goto exit; 749b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 750b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence for (curr = catset->cats->datum_expr->head; curr; curr = curr->next) { 751b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_cat *cat = (struct cil_cat *)curr->data; 752b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, cat->value, 1)) { 753b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to set cat bit\n"); 754b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 755b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 756b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 757b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 758b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (node->flavor == CIL_CATALIAS) { 759b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_alias *alias = (struct cil_alias *)datum; 760b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_cat *cat = alias->actual; 761b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, cat->value, 1)) { 762b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to set cat bit\n"); 763b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 764b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 765b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 766b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 767b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_cat *cat = (struct cil_cat *)datum; 768b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, cat->value, 1)) { 769b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to set cat bit\n"); 770b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 771b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 772b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 773b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 774b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 775b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 776b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 777b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 778b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 779b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 780b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 781b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_expr_range_to_bitmap_helper(struct cil_list_item *i1, struct cil_list_item *i2, ebitmap_t *bitmap) 782b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 783b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 784b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_symtab_datum *d1 = i1->data; 785b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_symtab_datum *d2 = i2->data; 786b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *n1 = d1->nodes->head->data; 787b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *n2 = d2->nodes->head->data; 788b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_cat *c1 = (struct cil_cat *)d1; 789b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_cat *c2 = (struct cil_cat *)d2; 790b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int i; 791b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 792b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (n1->flavor == CIL_CATSET || n2->flavor == CIL_CATSET) { 793b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Category sets cannont be used in a category range\n"); 794b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 795b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 796b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 797b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (n1->flavor == CIL_CATALIAS) { 798b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_alias *alias = (struct cil_alias *)d1; 799b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence c1 = alias->actual; 800b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 801b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 802b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (n2->flavor == CIL_CATALIAS) { 803b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_alias *alias = (struct cil_alias *)d2; 804b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence c2 = alias->actual; 805b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 806b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 807b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence for (i = c1->value; i <= c2->value; i++) { 808b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(bitmap, i, 1)) { 809b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to set cat bit\n"); 810b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 811b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 812b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 813b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 814b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 815b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 816b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 817b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 818b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 819b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 820b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 821b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_expr_to_bitmap_helper(struct cil_list_item *curr, enum cil_flavor flavor, ebitmap_t *bitmap, int max, struct cil_db *db) 822b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 823b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 824b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 825b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (curr->flavor == CIL_DATUM) { 826b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch (flavor) { 827b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_TYPE: 828b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_type_to_bitmap(curr->data, bitmap, db); 829b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 830b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_ROLE: 831b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_role_to_bitmap(curr->data, bitmap, db); 832b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 833b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PERM: 834b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_perm_to_bitmap(curr->data, bitmap, db); 835b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 836b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_CAT: 837b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_cat_to_bitmap(curr->data, bitmap, db); 838b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 839b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 840b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = SEPOL_ERR; 841b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 842b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (curr->flavor == CIL_LIST) { 843b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list *l = curr->data; 844b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(bitmap); 845b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_to_bitmap(l, bitmap, max, db); 846b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 847b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(bitmap); 848b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 849b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 850b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 851b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 852b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 853b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 854b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db) 855b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 856b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 857b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list_item *curr; 858b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence enum cil_flavor flavor; 859b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_t tmp, b1, b2; 860b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 861b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (expr == NULL || expr->head == NULL) { 862b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 863b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 864b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 865b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence curr = expr->head; 866b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence flavor = expr->flavor; 867b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 868b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (curr->flavor == CIL_OP) { 869b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence enum cil_flavor op = (enum cil_flavor)curr->data; 870b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 871b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (op == CIL_ALL) { 872b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(&b1); /* all zeros */ 873b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = ebitmap_not(&tmp, &b1, max); 874b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&b1); 875b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 876b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to expand 'all' operator\n"); 877b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&tmp); 878b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 879b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 880b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (op == CIL_RANGE) { 881b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (flavor != CIL_CAT) { 882b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Range operation only supported for categories\n"); 883b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = SEPOL_ERR; 884b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 885b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 886b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(&tmp); 887b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_range_to_bitmap_helper(curr->next, curr->next->next, &tmp); 888b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 889b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to expand category range\n"); 890b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&tmp); 891b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 892b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 893b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 894b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_to_bitmap_helper(curr->next, flavor, &b1, max, db); 895b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 896b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to get first operand bitmap\n"); 897b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 898b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 899b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 900b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (op == CIL_NOT) { 901b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = ebitmap_not(&tmp, &b1, max); 902b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&b1); 903b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 904b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to NOT bitmap\n"); 905b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&tmp); 906b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 907b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 908b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 909b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_to_bitmap_helper(curr->next->next, flavor, &b2, max, db); 910b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 911b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to get second operand bitmap\n"); 912b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 913b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 914b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 915b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (op == CIL_OR) { 916b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = ebitmap_or(&tmp, &b1, &b2); 917b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (op == CIL_AND) { 918b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = ebitmap_and(&tmp, &b1, &b2); 919b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (op == CIL_XOR) { 920b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = ebitmap_xor(&tmp, &b1, &b2); 921b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 922b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = SEPOL_ERR; 923b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 924b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&b1); 925b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&b2); 926b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 927b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to apply operator to bitmaps\n"); 928b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&tmp); 929b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 930b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 931b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 932b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 933b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 934b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(&tmp); 935b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence for (;curr; curr = curr->next) { 936b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_to_bitmap_helper(curr, flavor, &b2, max, db); 937b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 938b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to get operand in list\n"); 939b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&tmp); 940b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 941b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 942b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence b1 = tmp; 943b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = ebitmap_or(&tmp, &b1, &b2); 944b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&b1); 945b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&b2); 946b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 947b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to OR operands in list\n"); 948b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&tmp); 949b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 950b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 951b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 952b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 953b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 954b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 955b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_union(out, &tmp); 956b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&tmp); 957b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 958b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 959b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 960b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 961b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 962b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 963b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 964b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db) 965b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 966b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 967b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list_item *expr; 968b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 969b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(out); 970b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 971b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (expr_list == NULL) { 972b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 973b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 974b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 975b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_for_each(expr, expr_list) { 976b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_t bitmap; 977b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list *l = (struct cil_list *)expr->data; 978b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(&bitmap); 979b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_to_bitmap(l, &bitmap, max, db); 980b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 981b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to expand expression list to bitmap\n"); 982b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&bitmap); 983b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 984b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 985b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_union(out, &bitmap); 986b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&bitmap); 987b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 988b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 989b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 990b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 991b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 992b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_ERR; 993b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 994b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 995b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_post_db_attr_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *extra_args) 996b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 997b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 998b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_db *db = extra_args; 999b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1000b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch (node->flavor) { 1001b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_BLOCK: { 1002b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_block *blk = node->data; 1003b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (blk->is_abstract == CIL_TRUE) { 1004b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1005b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1006b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1007b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1008b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MACRO: { 1009b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1010b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1011b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1012b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_TYPEATTRIBUTE: { 1013b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_typeattribute *attr = node->data; 1014b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (attr->types == NULL) { 1015b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_type_expression(attr, db); 1016b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) goto exit; 1017b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1018b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1019b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1020b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_ROLEATTRIBUTE: { 1021b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_roleattribute *attr = node->data; 1022b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (attr->roles == NULL) { 1023b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_role_expression(attr, db); 1024b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) goto exit; 1025b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1026b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1027b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1028b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 1029b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1030b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1031b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1032b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1033b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1034b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1035b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1036b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1037b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1038b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_role_assign_types(struct cil_role *role, struct cil_symtab_datum *datum) 1039b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1040b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *node = datum->nodes->head->data; 1041b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1042b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (role->types == NULL) { 1043b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence role->types = cil_malloc(sizeof(*role->types)); 1044b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(role->types); 1045b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1046b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1047b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (node->flavor == CIL_TYPE) { 1048b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_type *type = (struct cil_type *)datum; 1049b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(role->types, type->value, 1)) { 1050b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to set bit in role types bitmap\n"); 1051b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1052b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1053b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (node->flavor == CIL_TYPEALIAS) { 1054b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_alias *alias = (struct cil_alias *)datum; 1055b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_type *type = alias->actual; 1056b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (ebitmap_set_bit(role->types, type->value, 1)) { 1057b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to set bit in role types bitmap\n"); 1058b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1059b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1060b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else if (node->flavor == CIL_TYPEATTRIBUTE) { 1061b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_typeattribute *attr = (struct cil_typeattribute *)datum; 1062b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_union(role->types, attr->types); 1063b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1064b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1065b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1066b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1067b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1068b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_ERR; 1069b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1070b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1071b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_post_db_roletype_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *extra_args) 1072b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1073b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1074b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_db *db = extra_args; 1075b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1076b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch (node->flavor) { 1077b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_BLOCK: { 1078b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_block *blk = node->data; 1079b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (blk->is_abstract == CIL_TRUE) { 1080b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1081b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1082b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1083b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1084b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MACRO: { 1085b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1086b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1087b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1088b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_ROLETYPE: { 1089b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_roletype *roletype = node->data; 1090b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_symtab_datum *role_datum = roletype->role; 1091b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_symtab_datum *type_datum = roletype->type; 1092b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_tree_node *role_node = role_datum->nodes->head->data; 1093b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1094b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (role_node->flavor == CIL_ROLEATTRIBUTE) { 1095b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_roleattribute *attr = roletype->role; 1096b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_node_t *rnode; 1097b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence unsigned int i; 1098b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1099b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_for_each_bit(attr->roles, rnode, i) { 1100b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_role *role = NULL; 1101b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1102b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (!ebitmap_get_bit(attr->roles, i)) { 1103b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence continue; 1104b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1105b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1106b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence role = db->val_to_role[i]; 1107b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1108b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_role_assign_types(role, type_datum); 1109b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1110b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1111b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1112b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1113b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 1114b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_role *role = roletype->role; 1115b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1116b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_role_assign_types(role, type_datum); 1117b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1118b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1119b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1120b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1121b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1122b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1123b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 1124b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1125b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1126b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1127b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1128b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1129b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "cil_post_db_roletype_helper failed\n"); 1130b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1131b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1132b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1133b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_level_expression(struct cil_level *level, struct cil_db *db) 1134b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1135b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (level->cats != NULL) { 1136b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return __evaluate_cat_expression(level->cats, db); 1137b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1138b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1139b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1140b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1141b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1142b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_levelrange_expression(struct cil_levelrange *levelrange, struct cil_db *db) 1143b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1144b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_OK; 1145b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1146b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (levelrange->low != NULL && levelrange->low->cats != NULL) { 1147b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_cat_expression(levelrange->low->cats, db); 1148b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1149b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1150b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1151b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1152b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (levelrange->high != NULL && levelrange->high->cats != NULL) { 1153b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_cat_expression(levelrange->high->cats, db); 1154b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1155b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1156b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1157b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1158b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1159b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1160b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1161b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1162b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1163b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_post_db_cat_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) 1164b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1165b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1166b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_db *db = extra_args; 1167b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1168b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch (node->flavor) { 1169b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_BLOCK: { 1170b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_block *blk = node->data; 1171b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (blk->is_abstract == CIL_TRUE) { 1172b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1173b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1174b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1175b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1176b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MACRO: { 1177b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1178b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1179b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1180b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_CATSET: { 1181b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_catset *catset = node->data; 1182b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_cat_expression(catset->cats, db); 1183b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1184b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1185b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1186b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1187b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1188b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_SENSCAT: { 1189b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_senscat *senscat = node->data; 1190b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_cat_expression(senscat->cats, db); 1191b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1192b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1193b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1194b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1195b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1196b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_LEVEL: { 1197b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_level_expression(node->data, db); 1198b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1199b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1200b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1201b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1202b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1203b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_LEVELRANGE: { 1204b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(node->data, db); 1205b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1206b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1207b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1208b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1209b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1210b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_USER: { 1211b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_user *user = node->data; 1212b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_level_expression(user->dftlevel, db); 1213b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1214b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1215b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1216b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(user->range, db); 1217b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1218b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1219b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1220b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1221b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1222b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_SELINUXUSERDEFAULT: 1223b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_SELINUXUSER: { 1224b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_selinuxuser *selinuxuser = node->data; 1225b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(selinuxuser->range, db); 1226b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1227b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1228b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1229b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1230b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1231b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_RANGETRANSITION: { 1232b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_rangetransition *rangetrans = node->data; 1233b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(rangetrans->range, db); 1234b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1235b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1236b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1237b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1238b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1239b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_CONTEXT: { 1240b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_context *context = node->data; 1241b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(context->range, db); 1242b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1243b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1244b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1245b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1246b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1247b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_SIDCONTEXT: { 1248b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_sidcontext *sidcontext = node->data; 1249b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(sidcontext->context->range, db); 1250b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1251b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1252b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1253b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1254b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1255b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_FILECON: { 1256b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_filecon *filecon = node->data; 1257b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (filecon->context) { 1258b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(filecon->context->range, db); 1259b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1260b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1261b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1262b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1263b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1264b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1265b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PORTCON: { 1266b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_portcon *portcon = node->data; 1267b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(portcon->context->range, db); 1268b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1269b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1270b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1271b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1272b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1273b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_NODECON: { 1274b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_nodecon *nodecon = node->data; 1275b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(nodecon->context->range, db); 1276b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1277b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1278b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1279b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1280b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1281b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_GENFSCON: { 1282b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_genfscon *genfscon = node->data; 1283b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(genfscon->context->range, db); 1284b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1285b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1286b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1287b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1288b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1289b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_NETIFCON: { 1290b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_netifcon *netifcon = node->data; 1291b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(netifcon->if_context->range, db); 1292b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1293b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1294b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1295b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(netifcon->packet_context->range, db); 1296b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1297b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1298b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1299b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1300b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1301b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PIRQCON: { 1302b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_pirqcon *pirqcon = node->data; 1303b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(pirqcon->context->range, db); 1304b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1305b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1306b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1307b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1308b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1309b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_IOMEMCON: { 1310b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_iomemcon *iomemcon = node->data; 1311b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(iomemcon->context->range, db); 1312b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1313b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1314b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1315b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1316b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1317b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_IOPORTCON: { 1318b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_ioportcon *ioportcon = node->data; 1319b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(ioportcon->context->range, db); 1320b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1321b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1322b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1323b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1324b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1325b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_PCIDEVICECON: { 1326b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_pcidevicecon *pcidevicecon = node->data; 1327b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(pcidevicecon->context->range, db); 1328b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1329b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1330b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1331b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1332b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1333f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf case CIL_DEVICETREECON: { 1334f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf struct cil_devicetreecon *devicetreecon = node->data; 1335f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf rc = __evaluate_levelrange_expression(devicetreecon->context->range, db); 1336f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf if (rc != SEPOL_OK) { 1337f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf goto exit; 1338f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf } 1339f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf break; 1340f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf } 1341b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_FSUSE: { 1342b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_fsuse *fsuse = node->data; 1343b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_levelrange_expression(fsuse->context->range, db); 1344b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1345b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1346b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1347b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1348b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1349b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 1350b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1351b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1352b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1353b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1354b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1355b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1356b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1357b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1358b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1359b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestruct perm_to_list { 1360b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence enum cil_flavor flavor; 1361b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_t *perms; 1362b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list *new_list; 1363b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence}; 1364b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1365b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __perm_bits_to_list(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) 1366b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1367b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct perm_to_list *perm_args = (struct perm_to_list *)args; 1368b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_t *perms = perm_args->perms; 1369b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list *new_list = perm_args->new_list; 1370b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_perm *perm = (struct cil_perm *)d; 1371b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence unsigned int value = perm->value; 1372b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1373b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (!ebitmap_get_bit(perms, value)) { 1374b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1375b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1376b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1377b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_append(new_list, CIL_DATUM, d); 1378b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1379b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1380b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1381b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1382b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_perm_expression(struct cil_list *perms, enum cil_flavor flavor, symtab_t *class_symtab, symtab_t *common_symtab, unsigned int num_perms, struct cil_list **new_list, struct cil_db *db) 1383b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1384b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1385b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct perm_to_list args; 1386b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_t bitmap; 1387b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1388b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (cil_verify_is_list(perms, CIL_PERM)) { 1389b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1390b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1391b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1392b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_init(&bitmap); 1393b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __cil_expr_to_bitmap(perms, &bitmap, num_perms, db); 1394b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1395b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&bitmap); 1396b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1397b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1398b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1399b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_init(new_list, flavor); 1400b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1401b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence args.flavor = flavor; 1402b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence args.perms = &bitmap; 1403b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence args.new_list = *new_list; 1404b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1405b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_symtab_map(class_symtab, __perm_bits_to_list, &args); 1406b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1407b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (common_symtab != NULL) { 1408b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_symtab_map(common_symtab, __perm_bits_to_list, &args); 1409b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1410b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1411b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence ebitmap_destroy(&bitmap); 1412b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1413b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1414b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1415b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1416b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1417b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1418b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_classperms(struct cil_classperms *cp, struct cil_db *db) 1419b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1420b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1421b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_class *class = cp->class; 1422b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_class *common = class->common; 1423b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence symtab_t *common_symtab = NULL; 1424b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list *new_list = NULL; 1425b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1426b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (common) { 1427b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence common_symtab = &common->perms; 1428b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1429b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1430b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_perm_expression(cp->perms, CIL_PERM, &class->perms, common_symtab, class->num_perms, &new_list, db); 1431b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1432b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1433b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1434b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1435b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (new_list == NULL) { 1436b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1437b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1438b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1439b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_destroy(&cp->perms, CIL_FALSE); 1440b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1441b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cp->perms = new_list; 1442b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1443b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1444b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1445b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1446b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1447b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1448b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1449b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_classperms_list(struct cil_list *classperms, struct cil_db *db) 1450b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1451b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1452b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list_item *curr; 1453b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1454b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_for_each(curr, classperms) { 1455b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (curr->flavor == CIL_CLASSPERMS) { 1456b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_classperms *cp = curr->data; 1457b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (FLAVOR(cp->class) == CIL_CLASS) { 1458b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_classperms(cp, db); 1459b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1460b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1461b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1462b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { /* MAP */ 1463b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_list_item *i = NULL; 1464b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_list_for_each(i, cp->perms) { 1465b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_perm *cmp = i->data; 1466b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_classperms_list(cmp->classperms, db); 1467b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1468b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1469b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1470b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1471b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1472b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { /* SET */ 1473b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_classperms_set *cp_set = curr->data; 1474b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_classpermission *cp = cp_set->set; 1475b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_classperms_list(cp->classperms, db); 1476b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1477b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1478b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1479b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1480b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1481b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1482b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1483b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1484b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1485b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1486b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1487b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1488b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestruct class_map_args { 1489b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_db *db; 1490b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc; 1491b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence}; 1492b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1493b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_map_perm_classperms(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) 1494b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1495b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct class_map_args *map_args = args; 1496b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_perm *cmp = (struct cil_perm *)d; 1497b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1498b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = __evaluate_classperms_list(cmp->classperms, map_args->db); 1499b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1500b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1501b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence map_args->rc = rc; 1502b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1503b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1504b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1505b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1506b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1507b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __evaluate_map_class(struct cil_class *mc, struct cil_db *db) 1508b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1509b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct class_map_args map_args; 1510b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1511b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence map_args.db = db; 1512b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence map_args.rc = SEPOL_OK; 1513b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_symtab_map(&mc->perms, __evaluate_map_perm_classperms, &map_args); 1514b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1515b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return map_args.rc; 1516b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1517b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1518b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int __cil_post_db_classperms_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) 1519b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1520b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1521b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_db *db = extra_args; 1522b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1523b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence switch (node->flavor) { 1524b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_BLOCK: { 1525b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_block *blk = node->data; 1526b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (blk->is_abstract == CIL_TRUE) { 1527b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1528b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1529b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1530b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1531b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MACRO: 1532b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence *finished = CIL_TREE_SKIP_HEAD; 1533b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1534b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MAP_CLASS: { 1535b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_map_class(node->data, db); 1536b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1537b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1538b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1539b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1540b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1541b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_CLASSPERMISSION: { 1542b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_classpermission *cp = node->data; 1543b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_classperms_list(cp->classperms, db); 1544b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1545b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1546b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1547b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1548b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1549b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_AVRULE: { 1550b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_avrule *avrule = node->data; 1551b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_classperms_list(avrule->classperms, db); 1552b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1553b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1554b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1555b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1556b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1557b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_CONSTRAIN: 1558b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence case CIL_MLSCONSTRAIN: { 1559b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_constrain *constrain = node->data; 1560b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = __evaluate_classperms_list(constrain->classperms, db); 1561b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1562b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1563b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1564b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1565b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1566b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence default: 1567b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence break; 1568b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1569b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1570b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return SEPOL_OK; 1571b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1572b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1573b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1574b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1575b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1576b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int cil_post_db(struct cil_db *db) 1577b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1578b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1579b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1580b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_tree_walk(db->ast->root, __cil_post_db_count_helper, NULL, NULL, db); 1581b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1582b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failure during cil databse count helper\n"); 1583b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1584b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1585b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1586b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_tree_walk(db->ast->root, __cil_post_db_array_helper, NULL, NULL, db); 1587b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1588b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failure during cil database array helper\n"); 1589b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1590b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1591b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1592b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db); 1593b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1594b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to create attribute bitmaps\n"); 1595b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1596b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1597b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1598b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_tree_walk(db->ast->root, __cil_post_db_roletype_helper, NULL, NULL, db); 1599b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1600b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed during roletype association\n"); 1601b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1602b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1603b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1604b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_tree_walk(db->ast->root, __cil_post_db_classperms_helper, NULL, NULL, db); 1605b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1606b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to evaluate class mapping permissions expressions\n"); 1607b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1608b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1609b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1610b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_tree_walk(db->ast->root, __cil_post_db_cat_helper, NULL, NULL, db); 1611b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1612b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_INFO, "Failed to evaluate category expressions\n"); 1613b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1614b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1615b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1616b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare); 1617b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare); 1618b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare); 1619b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare); 1620b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare); 1621b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->filecon->array, db->filecon->count, sizeof(db->filecon->array), cil_post_filecon_compare); 1622b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->pirqcon->array, db->pirqcon->count, sizeof(db->pirqcon->array), cil_post_pirqcon_compare); 1623b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->iomemcon->array, db->iomemcon->count, sizeof(db->iomemcon->array), cil_post_iomemcon_compare); 1624b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->ioportcon->array, db->ioportcon->count, sizeof(db->ioportcon->array), cil_post_ioportcon_compare); 1625b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence qsort(db->pcidevicecon->array, db->pcidevicecon->count, sizeof(db->pcidevicecon->array), cil_post_pcidevicecon_compare); 1626f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf qsort(db->devicetreecon->array, db->devicetreecon->count, sizeof(db->devicetreecon->array), cil_post_devicetreecon_compare); 1627b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1628b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1629b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1630b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1631b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1632b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrencestatic int cil_post_verify(struct cil_db *db) 1633b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1634b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1635b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int avrule_cnt = 0; 1636b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int handleunknown = -1; 1637b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int mls = -1; 1638b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int nseuserdflt = 0; 1639b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int pass = 0; 1640b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_args_verify extra_args; 1641b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence struct cil_complex_symtab csymtab; 1642b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1643b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_complex_symtab_init(&csymtab, CIL_CLASS_SYM_SIZE); 1644b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1645b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence extra_args.db = db; 1646b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence extra_args.csymtab = &csymtab; 1647b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence extra_args.avrule_cnt = &avrule_cnt; 1648b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence extra_args.handleunknown = &handleunknown; 1649b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence extra_args.mls = &mls; 1650b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence extra_args.nseuserdflt = &nseuserdflt; 1651b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence extra_args.pass = &pass; 1652b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1653b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence for (pass = 0; pass < 2; pass++) { 1654b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_tree_walk(db->ast->root, __cil_verify_helper, NULL, NULL, &extra_args); 1655b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1656b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to verify cil database\n"); 1657b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1658b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1659b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1660b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1661b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (db->handle_unknown == -1) { 1662b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (handleunknown == -1) { 1663b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->handle_unknown = SEPOL_DENY_UNKNOWN; 1664b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 1665b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->handle_unknown = handleunknown; 1666b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1667b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1668b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1669b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (db->mls == -1) { 1670b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (mls == -1) { 1671b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->mls = CIL_FALSE; 1672b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } else { 1673b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence db->mls = mls; 1674b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1675b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1676b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1677b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (avrule_cnt == 0) { 1678b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Policy must include at least one avrule\n"); 1679b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = SEPOL_ERR; 1680b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1681b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1682b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1683b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (nseuserdflt > 1) { 1684b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Policy cannot contain more than one selinuxuserdefault, found: %d\n", nseuserdflt); 1685b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = SEPOL_ERR; 1686b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1687b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1688b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1689b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1690b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_complex_symtab_destroy(&csymtab); 1691b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1692b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1693b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1694b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceint cil_post_process(struct cil_db *db) 1695b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence{ 1696b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence int rc = SEPOL_ERR; 1697b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1698b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_verify_no_classperms_loop(db); 1699b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1700b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1701b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1702b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1703b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_post_db(db); 1704b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1705b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed post db handling\n"); 1706b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1707b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1708b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1709b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence rc = cil_post_verify(db); 1710b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence if (rc != SEPOL_OK) { 1711b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence cil_log(CIL_ERR, "Failed to verify cil database\n"); 1712b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence goto exit; 1713b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence } 1714b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1715b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrenceexit: 1716b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence return rc; 1717b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence 1718b19eafb97feb6389d78e1693f276fc5b10e25bdSteve Lawrence} 1719