113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <ctype.h> 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <errno.h> 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/policydb.h> 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/conditional.h> 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "debug.h" 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "private.h" 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "dso.h" 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* -- Deprecated -- */ 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic char *strtrim(char *dest, char *source, int size) 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int i = 0; 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *ptr = source; 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = 0; 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (isspace(*ptr) && i < size) { 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ptr++; 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i++; 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strncpy(dest, ptr, size); 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = strlen(dest) - 1; i > 0; i--) { 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!isspace(dest[i])) 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dest[i + 1] = '\0'; 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return dest; 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int process_boolean(char *buffer, char *name, int namesize, int *val) 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char name1[BUFSIZ]; 36afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7Eric Paris char *ptr = NULL; 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *tok = strtok_r(buffer, "=", &ptr); 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (tok) { 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strncpy(name1, tok, BUFSIZ - 1); 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strtrim(name, name1, namesize - 1); 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (name[0] == '#') 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tok = strtok_r(NULL, "\0", &ptr); 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (tok) { 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (isspace(*tok)) 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tok++; 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *val = -1; 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (isdigit(tok[0])) 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *val = atoi(tok); 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (!strncasecmp(tok, "true", sizeof("true") - 1)) 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *val = 1; 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (!strncasecmp 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (tok, "false", sizeof("false") - 1)) 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *val = 0; 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (*val != 0 && *val != 1) { 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "illegal value for boolean " 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "%s=%s", name, tok); 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int load_booleans(struct policydb *policydb, const char *path, 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int *changesp) 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *boolf; 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *buffer = NULL; 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t size = 0; 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char localbools[BUFSIZ]; 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char name[BUFSIZ]; 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int val; 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int errors = 0, changes = 0; 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct cond_bool_datum *datum; 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle boolf = fopen(path, "r"); 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (boolf == NULL) 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto localbool; 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8284f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley#ifdef DARWIN 8384f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley if ((buffer = (char *)malloc(255 * sizeof(char))) == NULL) { 8484f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley ERR(NULL, "out of memory"); 8584f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley return -1; 8684f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley } 8784f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley 8884f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley while(fgets(buffer, 255, boolf) != NULL) { 8984f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley#else 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (getline(&buffer, &size, boolf) > 0) { 9184f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley#endif 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int ret = process_boolean(buffer, name, sizeof(name), &val); 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errors++; 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == 1) { 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle datum = hashtab_search(policydb->p_bools.table, name); 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!datum) { 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "unknown boolean %s", name); 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errors++; 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (datum->state != val) { 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle datum->state = val; 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle changes++; 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(boolf); 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle localbool: 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle snprintf(localbools, sizeof(localbools), "%s.local", path); 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle boolf = fopen(localbools, "r"); 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (boolf != NULL) { 11384f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley 11484f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley#ifdef DARWIN 11584f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley 11684f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley while(fgets(buffer, 255, boolf) != NULL) { 11784f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley#else 11884f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley 11984f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley while (getline(&buffer, &size, boolf) > 0) { 12084f6ac246f5980f831a5777d53c0a0bd6ad17d3cStephen Smalley#endif 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int ret = 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle process_boolean(buffer, name, sizeof(name), &val); 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errors++; 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == 1) { 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle datum = 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_search(policydb->p_bools.table, 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name); 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!datum) { 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "unknown boolean %s", name); 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errors++; 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (datum->state != val) { 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle datum->state = val; 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle changes++; 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(boolf); 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(buffer); 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (errors) 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errno = EINVAL; 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *changesp = changes; 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return errors ? -1 : 0; 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint sepol_genbools(void *data, size_t len, char *booleans) 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policydb policydb; 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file pf; 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc, changes = 0; 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_init(&policydb)) 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_from_image(NULL, data, len, &policydb) < 0) 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (load_booleans(&policydb, booleans, &changes) < 0) { 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle WARN(NULL, "error while reading %s", booleans); 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!changes) 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (evaluate_conds(&policydb) < 0) { 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "error while re-evaluating conditionals"); 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errno = EINVAL; 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err_destroy; 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_file_init(&pf); 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pf.type = PF_USE_MEMORY; 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pf.data = data; 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pf.len = len; 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = policydb_write(&policydb, &pf); 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) { 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "unable to write new binary policy image"); 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errno = EINVAL; 18113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err_destroy; 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out: 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err_destroy: 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint hidden sepol_genbools_policydb(policydb_t * policydb, const char *booleans) 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc, changes = 0; 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = load_booleans(policydb, booleans, &changes); 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!rc && changes) 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = evaluate_conds(policydb); 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errno = EINVAL; 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* -- End Deprecated -- */ 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint sepol_genbools_array(void *data, size_t len, char **names, int *values, 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int nel) 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policydb policydb; 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file pf; 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc, i, errors = 0; 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct cond_bool_datum *datum; 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Create policy database from image */ 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_init(&policydb)) 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_from_image(NULL, data, len, &policydb) < 0) 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle datum = hashtab_search(policydb.p_bools.table, names[i]); 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!datum) { 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "boolean %s no longer in policy", names[i]); 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errors++; 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (values[i] != 0 && values[i] != 1) { 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "illegal value %d for boolean %s", 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle values[i], names[i]); 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errors++; 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle datum->state = values[i]; 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (evaluate_conds(&policydb) < 0) { 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "error while re-evaluating conditionals"); 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errno = EINVAL; 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err_destroy; 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_file_init(&pf); 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pf.type = PF_USE_MEMORY; 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pf.data = data; 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pf.len = len; 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = policydb_write(&policydb, &pf); 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) { 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "unable to write binary policy"); 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errno = EINVAL; 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err_destroy; 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (errors) { 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errno = EINVAL; 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err_destroy; 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err_destroy: 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 269