1bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <stdio.h> 2bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <string> 3bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sstream> 4bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <stdlib.h> 5bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <unistd.h> 6bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <iostream> 7bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sys/mman.h> 8bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sys/stat.h> 9bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sepol/policydb/avtab.h> 10bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sepol/policydb/policydb.h> 11bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sepol/policydb/services.h> 12bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sepol/policydb/util.h> 13bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sys/types.h> 14bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <fstream> 15bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 16bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <android-base/file.h> 17bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <android-base/strings.h> 18bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep#include <sepol_wrap.h> 19bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 20bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 21bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepstruct type_iter { 22bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep type_datum *d; 23bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep ebitmap_node *n; 24bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep unsigned int length; 25bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep unsigned int bit; 26bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep}; 27bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 28bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepvoid *init_type_iter(void *policydbp, const char *type, bool is_attr) 29bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 30bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_t *db = static_cast<policydb_t *>(policydbp); 31bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct type_iter *out = (struct type_iter *) 32bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep calloc(1, sizeof(struct type_iter)); 33bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 34bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!out) { 35bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to allocate type type iterator" << std::endl; 36bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 37bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 38bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 39bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep out->d = static_cast<type_datum *>(hashtab_search(db->p_types.table, type)); 40bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (is_attr && out->d->flavor != TYPE_ATTRIB) { 41bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "\"" << type << "\" MUST be an attribute in the policy" << std::endl; 42bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(out); 43bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 44bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } else if (!is_attr && out->d->flavor !=TYPE_TYPE) { 45bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "\"" << type << "\" MUST be a type in the policy" << std::endl; 46bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(out); 47bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 48bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 49bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 50bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (is_attr) { 51bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep out->bit = ebitmap_start(&db->attr_type_map[out->d->s.value - 1], &out->n); 52bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep out->length = ebitmap_length(&db->attr_type_map[out->d->s.value - 1]); 53bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } else { 54bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep out->bit = ebitmap_start(&db->type_attr_map[out->d->s.value - 1], &out->n); 55bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep out->length = ebitmap_length(&db->type_attr_map[out->d->s.value - 1]); 56bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 57bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 58bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return static_cast<void *>(out); 59bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 60bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 61bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepvoid destroy_type_iter(void *type_iterp) 62bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 63bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct type_iter *type_i = static_cast<struct type_iter *>(type_iterp); 64bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(type_i); 65bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 66bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 67bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep/* 68bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * print allow rule into *out buffer. 69bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * 70bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * Returns -1 on error. 71bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * Returns 0 on successfully reading an avtab entry. 72bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * Returns 1 on complete 73bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep */ 74bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepint get_type(char *out, size_t max_size, void *policydbp, void *type_iterp) 75bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 76bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep size_t len; 77bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_t *db = static_cast<policydb_t *>(policydbp); 78bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct type_iter *i = static_cast<struct type_iter *>(type_iterp); 79bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 80bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep for (; i->bit < i->length; i->bit = ebitmap_next(&i->n, i->bit)) { 81bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!ebitmap_node_get_bit(i->n, i->bit)) { 82bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep continue; 83bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 84bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep len = snprintf(out, max_size, "%s", db->p_type_val_to_name[i->bit]); 85bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (len >= max_size) { 86bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "type name exceeds buffer size." << std::endl; 87bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return -1; 88bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 89bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep i->bit = ebitmap_next(&i->n, i->bit); 90bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return 0; 91bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 92bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 93bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return 1; 94bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 95bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 96bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepvoid *load_policy(const char *policy_path) 97bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 98bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep FILE *fp; 99bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_t *db; 100bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 101bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep fp = fopen(policy_path, "re"); 102bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!fp) { 103bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Invalid or non-existing policy file: " << policy_path << std::endl; 104bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 105bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 106bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 107bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep db = (policydb_t *) calloc(1, sizeof(policydb_t)); 108bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!db) { 109bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to allocate memory for policy db." << std::endl; 110bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep fclose(fp); 111bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 112bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 113bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 114bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep sidtab_t sidtab; 115bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep sepol_set_sidtab(&sidtab); 116bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep sepol_set_policydb(db); 117bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 118bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct stat sb; 119bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (fstat(fileno(fp), &sb)) { 120bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to stat the policy file" << std::endl; 121bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(db); 122bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep fclose(fp); 123bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 124bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 125bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 126bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep auto unmap = [=](void *ptr) { munmap(ptr, sb.st_size); }; 127bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::unique_ptr<void, decltype(unmap)> map( 128bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fileno(fp), 0), unmap); 129bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!map) { 130bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to map the policy file" << std::endl; 131bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(db); 132bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep fclose(fp); 133bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 134bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 135bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 136bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct policy_file pf; 137bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policy_file_init(&pf); 138bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep pf.type = PF_USE_MEMORY; 139bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep pf.data = static_cast<char *>(map.get()); 140bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep pf.len = sb.st_size; 141bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (policydb_init(db)) { 142bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to initialize policydb" << std::endl; 143bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(db); 144bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep fclose(fp); 145bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 146bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 147bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 148bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (policydb_read(db, &pf, 0)) { 149bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to read binary policy" << std::endl; 150bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_destroy(db); 151bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(db); 152bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep fclose(fp); 153bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 154bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 155bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 156bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return static_cast<void *>(db); 157bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 158bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 159bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep/* items needed to iterate over the avtab */ 160bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepstruct avtab_iter { 161bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep avtab_t avtab; 162bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep uint32_t i; 163bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep avtab_ptr_t cur; 164bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep}; 165bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 166bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep/* 167bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * print allow rule into *out buffer. 168bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * 169bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * Returns -1 on error. 170bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * Returns 0 on successfully reading an avtab entry. 171bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * Returns 1 on complete 172bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep */ 173bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepstatic int get_avtab_allow_rule(char *out, size_t max_size, policydb_t *db, 174bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct avtab_iter *avtab_i) 175bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 176bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep size_t len; 177bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 178bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep for (; avtab_i->i < avtab_i->avtab.nslot; (avtab_i->i)++) { 179bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (avtab_i->cur == NULL) { 180bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep avtab_i->cur = avtab_i->avtab.htable[avtab_i->i]; 181bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 182bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep for (; avtab_i->cur; avtab_i->cur = (avtab_i->cur)->next) { 183bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!((avtab_i->cur)->key.specified & AVTAB_ALLOWED)) continue; 184bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 185bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep len = snprintf(out, max_size, "allow,%s,%s,%s,%s", 186bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep db->p_type_val_to_name[(avtab_i->cur)->key.source_type - 1], 187bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep db->p_type_val_to_name[(avtab_i->cur)->key.target_type - 1], 188bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep db->p_class_val_to_name[(avtab_i->cur)->key.target_class - 1], 189bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep sepol_av_to_string(db, (avtab_i->cur)->key.target_class, (avtab_i->cur)->datum.data)); 190bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep avtab_i->cur = (avtab_i->cur)->next; 191bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!(avtab_i->cur)) 192bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep (avtab_i->i)++; 193bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (len >= max_size) { 194bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Allow rule exceeds buffer size." << std::endl; 195bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return -1; 196bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 197bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return 0; 198bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 199bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep avtab_i->cur = NULL; 200bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 201bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 202bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return 1; 203bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 204bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 205bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepint get_allow_rule(char *out, size_t len, void *policydbp, void *avtab_iterp) 206bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 207bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_t *db = static_cast<policydb_t *>(policydbp); 208bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct avtab_iter *avtab_i = static_cast<struct avtab_iter *>(avtab_iterp); 209bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 210bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return get_avtab_allow_rule(out, len, db, avtab_i); 211bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 212bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 213bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep/* 214bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * <sepol/policydb/expand.h->conditional.h> uses 'bool' as a variable name 215bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * inside extern "C" { .. } construct, which clang doesn't like. 216bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep * So, declare the function we need from expand.h ourselves. 217bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep */ 218bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepextern "C" int expand_avtab(policydb_t *p, avtab_t *a, avtab_t *expa); 219bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 220bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepstatic avtab_iter *init_avtab_common(avtab_t *in, policydb_t *p) 221bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 222bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct avtab_iter *out = (struct avtab_iter *) 223bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep calloc(1, sizeof(struct avtab_iter)); 224bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (!out) { 225bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to allocate avtab" << std::endl; 226bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 227bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 228bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 229bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (avtab_init(&out->avtab)) { 230bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to initialize avtab" << std::endl; 231bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(out); 232bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 233bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 234bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 235bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep if (expand_avtab(p, in, &out->avtab)) { 236bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep std::cerr << "Failed to expand avtab" << std::endl; 237bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(out); 238bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return NULL; 239bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep } 240bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return out; 241bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 242bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 243bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepvoid *init_avtab(void *policydbp) 244bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 245bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_t *p = static_cast<policydb_t *>(policydbp); 246bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return static_cast<void *>(init_avtab_common(&p->te_avtab, p)); 247bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 248bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 249bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepvoid *init_cond_avtab(void *policydbp) 250bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 251bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_t *p = static_cast<policydb_t *>(policydbp); 252bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep return static_cast<void *>(init_avtab_common(&p->te_cond_avtab, p)); 253bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 254bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 255bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepvoid destroy_avtab(void *avtab_iterp) 256bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 257bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep struct avtab_iter *avtab_i = static_cast<struct avtab_iter *>(avtab_iterp); 258bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep avtab_destroy(&avtab_i->avtab); 259bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep free(avtab_i); 260bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 261bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep 262bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoepvoid destroy_policy(void *policydbp) 263bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep{ 264bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_t *p = static_cast<policydb_t *>(policydbp); 265bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep policydb_destroy(p); 266bdfc0301a1a5b6c6060fca429521816ac9c86928Jeff Vander Stoep} 267