Lines Matching defs:policydb
58 #include "policydb.h"
77 static int context_struct_to_string(struct policydb *policydb,
82 static int sidtab_entry_to_string(struct policydb *policydb,
88 static void context_struct_compute_av(struct policydb *policydb,
95 static int selinux_set_mapping(struct policydb *pol,
248 mls_enabled = policy->policydb.mls_enabled;
264 static int constraint_expr_eval(struct policydb *policydb,
309 r1 = policydb->role_val_to_struct[val1 - 1];
310 r2 = policydb->role_val_to_struct[val2 - 1];
455 static void security_dump_masked_av(struct policydb *policydb,
476 tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);
477 tclass_dat = policydb->class_val_to_struct[tclass - 1];
491 if (context_struct_to_string(policydb, scontext,
495 if (context_struct_to_string(policydb, tcontext,
532 static void type_attribute_bounds_av(struct policydb *policydb,
545 source = policydb->type_val_to_struct[scontext->type - 1];
551 target = policydb->type_val_to_struct[tcontext->type - 1];
565 context_struct_compute_av(policydb, &lo_scontext,
580 security_dump_masked_av(policydb, scontext, tcontext,
611 static void context_struct_compute_av(struct policydb *policydb,
635 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
641 tclass_datum = policydb->class_val_to_struct[tclass - 1];
649 sattr = &policydb->type_attr_map_array[scontext->type - 1];
650 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
655 for (node = avtab_search_node(&policydb->te_avtab,
670 cond_compute_av(&policydb->te_cond_avtab, &avkey,
683 !constraint_expr_eval(policydb, scontext, tcontext, NULL,
695 if (tclass == policydb->process_class &&
696 (avd->allowed & policydb->process_trans_perms) &&
698 for (ra = policydb->role_allow; ra; ra = ra->next) {
704 avd->allowed &= ~policydb->process_trans_perms;
712 type_attribute_bounds_av(policydb, scontext, tcontext,
722 struct policydb *p = &policy->policydb;
751 struct policydb *policydb;
768 policydb = &policy->policydb;
776 if (!tclass || tclass > policydb->p_classes.nprim) {
780 tclass_datum = policydb->class_val_to_struct[tclass - 1];
808 if (!constraint_expr_eval(policydb, &oentry->context,
855 struct policydb *policydb;
867 policydb = &policy->policydb;
893 type = policydb->type_val_to_struct[index - 1];
914 if (!sidtab_entry_to_string(policydb, sidtab, old_entry,
916 !sidtab_entry_to_string(policydb, sidtab, new_entry,
1007 struct policydb *policydb;
1028 policydb = &policy->policydb;
1047 if (policydb->allow_unknown)
1053 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
1060 sattr = &policydb->type_attr_map_array[scontext->type - 1];
1061 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
1066 for (node = avtab_search_node(&policydb->te_avtab,
1072 cond_compute_xperms(&policydb->te_cond_avtab,
1102 struct policydb *policydb;
1114 policydb = &policy->policydb;
1125 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1137 if (policydb->allow_unknown)
1141 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1144 policydb->allow_unknown);
1159 struct policydb *policydb;
1169 policydb = &policy->policydb;
1180 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1191 if (policydb->allow_unknown)
1196 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1213 static int context_struct_to_string(struct policydb *p,
1263 static int sidtab_entry_to_string(struct policydb *p,
1313 struct policydb *policydb;
1344 policydb = &policy->policydb;
1360 rc = sidtab_entry_to_string(policydb, sidtab, entry, scontext,
1415 static int string_to_context_struct(struct policydb *pol,
1498 struct policydb *policydb;
1539 policydb = &policy->policydb;
1541 rc = string_to_context_struct(policydb, sidtab, scontext2,
1633 struct policydb *policydb = &policy->policydb;
1639 if (sidtab_entry_to_string(policydb, sidtab, sentry, &s, &slen))
1641 if (sidtab_entry_to_string(policydb, sidtab, tentry, &t, &tlen))
1643 if (context_struct_to_string(policydb, newcontext, &n, &nlen))
1653 s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
1664 static void filename_compute_type(struct policydb *policydb,
1677 if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))
1684 datum = policydb_filenametr_search(policydb, &ft);
1703 struct policydb *policydb;
1743 policydb = &policy->policydb;
1764 if (tclass && tclass <= policydb->p_classes.nprim)
1765 cladatum = policydb->class_val_to_struct[tclass - 1];
1791 if ((tclass == policydb->process_class) || sock)
1803 if ((tclass == policydb->process_class) || sock) {
1817 avnode = avtab_search_node(&policydb->te_avtab, &avkey);
1821 node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
1837 filename_compute_type(policydb, &newcontext, scontext->type,
1850 rtd = policydb_roletr_search(policydb, &rtk);
1857 rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,
1863 if (!policydb_context_isvalid(policydb, &newcontext)) {
1960 struct policydb *policydb,
1969 if (!context_struct_to_string(policydb, context, &s, &len)) {
2105 struct policydb *p;
2109 p = &policy->policydb;
2137 policydb_destroy(&policy->policydb);
2144 cond_policydb_destroy_dup(&policy->policydb);
2184 if (oldpolicy->policydb.mls_enabled && !newpolicy->policydb.mls_enabled)
2186 else if (!oldpolicy->policydb.mls_enabled && newpolicy->policydb.mls_enabled)
2258 rc = policydb_read(&newpolicy->policydb, fp);
2262 newpolicy->policydb.len = len;
2263 rc = selinux_set_mapping(&newpolicy->policydb, secclass_map,
2268 rc = policydb_load_isids(&newpolicy->policydb, newpolicy->sidtab);
2302 convert_data->args.oldp = &oldpolicy->policydb;
2303 convert_data->args.newp = &newpolicy->policydb;
2327 policydb_destroy(&newpolicy->policydb);
2382 struct policydb *policydb;
2396 policydb = &policy->policydb;
2399 c = policydb->ocontexts[OCON_PORT];
2434 struct policydb *policydb;
2448 policydb = &policy->policydb;
2451 c = policydb->ocontexts[OCON_IBPKEY];
2486 struct policydb *policydb;
2500 policydb = &policy->policydb;
2503 c = policydb->ocontexts[OCON_IBENDPORT];
2538 struct policydb *policydb;
2552 policydb = &policy->policydb;
2555 c = policydb->ocontexts[OCON_NETIF];
2604 struct policydb *policydb;
2617 policydb = &policy->policydb;
2630 c = policydb->ocontexts[OCON_NODE];
2643 c = policydb->ocontexts[OCON_NODE6];
2698 struct policydb *policydb;
2722 policydb = &policy->policydb;
2733 user = symtab_search(&policydb->p_users, username);
2740 role = policydb->role_val_to_struct[i];
2745 if (mls_setup_user_range(policydb, fromcon, user,
2822 struct policydb *policydb = &policy->policydb;
2835 for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
2907 struct policydb *policydb;
2923 policydb = &policy->policydb;
2926 c = policydb->ocontexts[OCON_FSUSE];
2965 struct policydb *policydb;
2969 policydb = &policy->policydb;
2975 *len = policydb->p_bools.nprim;
2990 (*values)[i] = policydb->bool_val_to_struct[i]->state;
2993 (*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),
3029 if (WARN_ON(len != oldpolicy->policydb.p_bools.nprim))
3037 * Deep copy only the parts of the policydb that might be
3040 rc = cond_policydb_dup(&newpolicy->policydb, &oldpolicy->policydb);
3049 int old_state = newpolicy->policydb.bool_val_to_struct[i]->state;
3055 sym_name(&newpolicy->policydb, SYM_BOOLS, i),
3060 newpolicy->policydb.bool_val_to_struct[i]->state = new_state;
3065 evaluate_cond_nodes(&newpolicy->policydb);
3075 * Free the conditional portions of the old policydb
3090 struct policydb *policydb;
3099 policydb = &policy->policydb;
3102 len = policydb->p_bools.nprim;
3106 rc = policydb->bool_val_to_struct[index]->state;
3124 booldatum = symtab_search(&newpolicy->policydb.p_bools,
3129 evaluate_cond_nodes(&newpolicy->policydb);
3148 struct policydb *policydb;
3168 policydb = &policy->policydb;
3171 if (!policydb->mls_enabled) {
3200 if (!policydb_context_isvalid(policydb, &newcon)) {
3201 rc = convert_context_handle_invalid_context(policydb,
3204 if (!context_struct_to_string(policydb, &newcon, &s,
3259 struct policydb *policydb;
3287 policydb = &policy->policydb;
3295 if (!policydb->mls_enabled) {
3345 struct policydb *policydb;
3348 policydb = &policy->policydb;
3351 *nclasses = policydb->p_classes.nprim;
3356 rc = hashtab_map(&policydb->p_classes.table, get_classes_callback,
3386 struct policydb *policydb;
3391 policydb = &policy->policydb;
3394 match = symtab_search(&policydb->p_classes, class);
3439 value = policy->policydb.reject_unknown;
3454 value = policy->policydb.allow_unknown;
3479 rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);
3504 struct policydb *policydb;
3548 policydb = &policy->policydb;
3553 userdatum = symtab_search(&policydb->p_users, rulestr);
3562 roledatum = symtab_search(&policydb->p_roles, rulestr);
3571 typedatum = symtab_search(&policydb->p_types, rulestr);
3582 rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,
3809 struct policydb *policydb;
3824 policydb = &policy->policydb;
3841 mls_import_netlbl_lvl(policydb, &ctx_new, secattr);
3843 rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);
3848 if (!mls_context_isvalid(policydb, &ctx_new)) {
3884 struct policydb *policydb;
3893 policydb = &policy->policydb;
3901 secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),
3908 mls_export_netlbl_lvl(policydb, ctx, secattr);
3909 rc = mls_export_netlbl_cat(policydb, ctx, secattr);
3932 rc = policydb_write(&policy->policydb, &fp);
3956 *len = policy->policydb.len;
3986 *len = policy->policydb.len;