Lines Matching defs:policydb
57 #include "policydb.h"
71 struct policydb *oldp;
72 struct policydb *newp;
81 static int context_struct_to_string(struct policydb *policydb,
86 static int sidtab_entry_to_string(struct policydb *policydb,
92 static void context_struct_compute_av(struct policydb *policydb,
99 static int selinux_set_mapping(struct policydb *pol,
252 mls_enabled = policy->policydb.mls_enabled;
268 static int constraint_expr_eval(struct policydb *policydb,
313 r1 = policydb->role_val_to_struct[val1 - 1];
314 r2 = policydb->role_val_to_struct[val2 - 1];
459 static void security_dump_masked_av(struct policydb *policydb,
480 tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);
481 tclass_dat = policydb->class_val_to_struct[tclass - 1];
495 if (context_struct_to_string(policydb, scontext,
499 if (context_struct_to_string(policydb, tcontext,
538 static void type_attribute_bounds_av(struct policydb *policydb,
551 source = policydb->type_val_to_struct[scontext->type - 1];
557 target = policydb->type_val_to_struct[tcontext->type - 1];
571 context_struct_compute_av(policydb, &lo_scontext,
586 security_dump_masked_av(policydb, scontext, tcontext,
619 static void context_struct_compute_av(struct policydb *policydb,
643 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
649 tclass_datum = policydb->class_val_to_struct[tclass - 1];
657 sattr = &policydb->type_attr_map_array[scontext->type - 1];
658 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
663 for (node = avtab_search_node(&policydb->te_avtab,
678 cond_compute_av(&policydb->te_cond_avtab, &avkey,
691 !constraint_expr_eval(policydb, scontext, tcontext, NULL,
703 if (tclass == policydb->process_class &&
704 (avd->allowed & policydb->process_trans_perms) &&
706 for (ra = policydb->role_allow; ra; ra = ra->next) {
712 avd->allowed &= ~policydb->process_trans_perms;
720 type_attribute_bounds_av(policydb, scontext, tcontext,
731 struct policydb *p = &policy->policydb;
761 struct policydb *policydb;
778 policydb = &policy->policydb;
786 if (!tclass || tclass > policydb->p_classes.nprim) {
790 tclass_datum = policydb->class_val_to_struct[tclass - 1];
818 if (!constraint_expr_eval(policydb, &oentry->context,
869 struct policydb *policydb;
881 policydb = &policy->policydb;
907 type = policydb->type_val_to_struct[index - 1];
928 if (!sidtab_entry_to_string(policydb, sidtab, old_entry,
930 !sidtab_entry_to_string(policydb, sidtab, new_entry,
1022 struct policydb *policydb;
1043 policydb = &policy->policydb;
1062 if (policydb->allow_unknown)
1068 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
1075 sattr = &policydb->type_attr_map_array[scontext->type - 1];
1076 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
1081 for (node = avtab_search_node(&policydb->te_avtab,
1087 cond_compute_xperms(&policydb->te_cond_avtab,
1118 struct policydb *policydb;
1130 policydb = &policy->policydb;
1141 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1153 if (policydb->allow_unknown)
1157 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1160 policydb->allow_unknown);
1176 struct policydb *policydb;
1186 policydb = &policy->policydb;
1197 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1208 if (policydb->allow_unknown)
1213 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1230 static int context_struct_to_string(struct policydb *p,
1280 static int sidtab_entry_to_string(struct policydb *p,
1331 struct policydb *policydb;
1362 policydb = &policy->policydb;
1378 rc = sidtab_entry_to_string(policydb, sidtab, entry, scontext,
1434 static int string_to_context_struct(struct policydb *pol,
1518 struct policydb *policydb;
1559 policydb = &policy->policydb;
1561 rc = string_to_context_struct(policydb, sidtab, scontext2,
1657 struct policydb *policydb = &policy->policydb;
1663 if (sidtab_entry_to_string(policydb, sidtab, sentry, &s, &slen))
1665 if (sidtab_entry_to_string(policydb, sidtab, tentry, &t, &tlen))
1667 if (context_struct_to_string(policydb, newcontext, &n, &nlen))
1675 s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
1686 static void filename_compute_type(struct policydb *policydb,
1699 if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))
1706 datum = policydb_filenametr_search(policydb, &ft);
1726 struct policydb *policydb;
1767 policydb = &policy->policydb;
1788 if (tclass && tclass <= policydb->p_classes.nprim)
1789 cladatum = policydb->class_val_to_struct[tclass - 1];
1815 if ((tclass == policydb->process_class) || sock)
1827 if ((tclass == policydb->process_class) || sock) {
1841 avdatum = avtab_search(&policydb->te_avtab, &avkey);
1845 node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
1861 filename_compute_type(policydb, &newcontext, scontext->type,
1874 rtd = policydb_roletr_search(policydb, &rtk);
1881 rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,
1887 if (!policydb_context_isvalid(policydb, &newcontext)) {
1989 struct policydb *policydb,
1998 if (!context_struct_to_string(policydb, context, &s, &len)) {
2142 struct policydb *p;
2146 p = &policy->policydb;
2174 policydb_destroy(&policy->policydb);
2181 cond_policydb_destroy_dup(&policy->policydb);
2221 if (oldpolicy->policydb.mls_enabled && !newpolicy->policydb.mls_enabled)
2223 else if (!oldpolicy->policydb.mls_enabled && newpolicy->policydb.mls_enabled)
2293 rc = policydb_read(&newpolicy->policydb, fp);
2297 newpolicy->policydb.len = len;
2298 rc = selinux_set_mapping(&newpolicy->policydb, secclass_map,
2303 rc = policydb_load_isids(&newpolicy->policydb, newpolicy->sidtab);
2337 convert_data->args.oldp = &oldpolicy->policydb;
2338 convert_data->args.newp = &newpolicy->policydb;
2363 policydb_destroy(&newpolicy->policydb);
2419 struct policydb *policydb;
2433 policydb = &policy->policydb;
2436 c = policydb->ocontexts[OCON_PORT];
2472 struct policydb *policydb;
2486 policydb = &policy->policydb;
2489 c = policydb->ocontexts[OCON_IBPKEY];
2525 struct policydb *policydb;
2539 policydb = &policy->policydb;
2542 c = policydb->ocontexts[OCON_IBENDPORT];
2578 struct policydb *policydb;
2592 policydb = &policy->policydb;
2595 c = policydb->ocontexts[OCON_NETIF];
2645 struct policydb *policydb;
2658 policydb = &policy->policydb;
2671 c = policydb->ocontexts[OCON_NODE];
2684 c = policydb->ocontexts[OCON_NODE6];
2740 struct policydb *policydb;
2764 policydb = &policy->policydb;
2775 user = symtab_search(&policydb->p_users, username);
2782 role = policydb->role_val_to_struct[i];
2787 if (mls_setup_user_range(policydb, fromcon, user,
2864 struct policydb *policydb = &policy->policydb;
2878 for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
2951 struct policydb *policydb;
2968 policydb = &policy->policydb;
2971 c = policydb->ocontexts[OCON_FSUSE];
3010 struct policydb *policydb;
3014 policydb = &policy->policydb;
3020 *len = policydb->p_bools.nprim;
3035 (*values)[i] = policydb->bool_val_to_struct[i]->state;
3038 (*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),
3073 if (WARN_ON(len != oldpolicy->policydb.p_bools.nprim))
3081 * Deep copy only the parts of the policydb that might be
3084 rc = cond_policydb_dup(&newpolicy->policydb, &oldpolicy->policydb);
3093 int old_state = newpolicy->policydb.bool_val_to_struct[i]->state;
3099 sym_name(&newpolicy->policydb, SYM_BOOLS, i),
3104 newpolicy->policydb.bool_val_to_struct[i]->state = new_state;
3109 evaluate_cond_nodes(&newpolicy->policydb);
3119 * Free the conditional portions of the old policydb
3135 struct policydb *policydb;
3144 policydb = &policy->policydb;
3147 len = policydb->p_bools.nprim;
3151 rc = policydb->bool_val_to_struct[index]->state;
3169 booldatum = symtab_search(&newpolicy->policydb.p_bools,
3174 evaluate_cond_nodes(&newpolicy->policydb);
3194 struct policydb *policydb;
3214 policydb = &policy->policydb;
3217 if (!policydb->mls_enabled) {
3246 if (!policydb_context_isvalid(policydb, &newcon)) {
3247 rc = convert_context_handle_invalid_context(state, policydb,
3250 if (!context_struct_to_string(policydb, &newcon, &s,
3305 struct policydb *policydb;
3333 policydb = &policy->policydb;
3341 if (!policydb->mls_enabled) {
3391 struct policydb *policydb;
3394 policydb = &policy->policydb;
3397 *nclasses = policydb->p_classes.nprim;
3402 rc = hashtab_map(&policydb->p_classes.table, get_classes_callback,
3431 struct policydb *policydb;
3435 policydb = &policy->policydb;
3438 match = symtab_search(&policydb->p_classes, class);
3483 value = policy->policydb.reject_unknown;
3498 value = policy->policydb.allow_unknown;
3524 rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);
3549 struct policydb *policydb;
3594 policydb = &policy->policydb;
3602 userdatum = symtab_search(&policydb->p_users, rulestr);
3610 roledatum = symtab_search(&policydb->p_roles, rulestr);
3618 typedatum = symtab_search(&policydb->p_types, rulestr);
3627 rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,
3861 struct policydb *policydb;
3876 policydb = &policy->policydb;
3893 mls_import_netlbl_lvl(policydb, &ctx_new, secattr);
3895 rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);
3900 if (!mls_context_isvalid(policydb, &ctx_new)) {
3937 struct policydb *policydb;
3946 policydb = &policy->policydb;
3954 secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),
3961 mls_export_netlbl_lvl(policydb, ctx, secattr);
3962 rc = mls_export_netlbl_cat(policydb, ctx, secattr);
3987 *len = policy->policydb.len;
3995 rc = policydb_write(&policy->policydb, &fp);