Lines Matching refs:rc
241 int rc = SEPOL_ERR;
250 rc = symtab_insert(pdb, SYM_COMMONS, key, sepol_common, SCOPE_DECL, 0, &value);
251 if (rc != SEPOL_OK) {
257 rc = symtab_init(&sepol_common->permissions, PERM_SYMTAB_SIZE);
258 if (rc != SEPOL_OK) {
268 rc = hashtab_insert(sepol_common->permissions.table, key, sepol_perm);
269 if (rc != SEPOL_OK) {
284 return rc;
289 int rc = SEPOL_ERR;
303 rc = symtab_insert(pdb, SYM_CLASSES, key, sepol_class, SCOPE_DECL, 0, &value);
304 if (rc != SEPOL_OK) {
313 rc = symtab_init(&sepol_class->permissions, PERM_SYMTAB_SIZE);
314 if (rc != SEPOL_OK) {
325 rc = cil_common_to_policydb(pdb, cil_common, &sepol_common);
326 if (rc != SEPOL_OK) {
346 rc = hashtab_insert(sepol_class->permissions.table, key, sepol_perm);
347 if (rc != SEPOL_OK) {
361 return rc;
366 int rc = SEPOL_ERR;
375 rc = SEPOL_OK;
380 rc = symtab_insert(pdb, SYM_ROLES, (hashtab_key_t)key, sepol_role, SCOPE_DECL, 0, &value);
381 if (rc != SEPOL_OK) {
386 rc = SEPOL_ERR;
396 return rc;
401 int rc = SEPOL_ERR;
406 rc = __cil_get_sepol_role_datum(pdb, DATUM(cil_role), &sepol_role);
407 if (rc != SEPOL_OK) goto exit;
409 rc = __cil_get_sepol_role_datum(pdb, DATUM(cil_role->bounds), &sepol_parent);
410 if (rc != SEPOL_OK) goto exit;
424 int rc = SEPOL_ERR;
432 rc = __cil_get_sepol_role_datum(pdb, DATUM(role), &sepol_role);
433 if (rc != SEPOL_OK) goto exit;
436 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
437 if (rc != SEPOL_OK) goto exit;
441 rc = SEPOL_ERR;
450 return rc;
455 int rc = SEPOL_ERR;
464 rc = symtab_insert(pdb, SYM_TYPES, key, sepol_type, SCOPE_DECL, 0, &value);
465 if (rc != SEPOL_OK) {
479 return rc;
484 int rc = SEPOL_ERR;
489 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_type), &sepol_type);
490 if (rc != SEPOL_OK) goto exit;
492 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_type->bounds), &sepol_parent);
493 if (rc != SEPOL_OK) goto exit;
507 int rc = SEPOL_ERR;
513 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_alias->actual), &sepol_type);
514 if (rc != SEPOL_OK) goto exit;
519 rc = symtab_insert(pdb, SYM_TYPES, key, sepol_alias, SCOPE_DECL, 0, NULL);
520 if (rc != SEPOL_OK) {
532 return rc;
537 int rc = SEPOL_ERR;
540 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_typeperm->type), &sepol_type);
541 if (rc != SEPOL_OK) goto exit;
552 return rc;
558 int rc = SEPOL_ERR;
573 rc = symtab_insert(pdb, SYM_TYPES, key, sepol_attr, SCOPE_DECL, 0, &value);
574 if (rc != SEPOL_OK) {
587 return rc;
592 int rc = SEPOL_ERR;
602 rc = SEPOL_ERR;
607 rc = SEPOL_ERR;
617 return rc;
622 int rc = SEPOL_ERR;
633 rc = __cil_typeattr_bitmap_init(pdb);
634 if (rc != SEPOL_OK) {
639 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_attr), &sepol_type);
640 if (rc != SEPOL_OK) goto exit;
645 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
646 if (rc != SEPOL_OK) goto exit;
652 rc = SEPOL_OK;
654 return rc;
659 int rc = SEPOL_ERR;
674 return rc;
679 int rc = SEPOL_ERR;
686 rc = symtab_insert(pdb, SYM_USERS, key, sepol_user, SCOPE_DECL, 0, &value);
687 if (rc != SEPOL_OK) {
698 return rc;
703 int rc = SEPOL_ERR;
708 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_user), &sepol_user);
709 if (rc != SEPOL_OK) goto exit;
711 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_user->bounds), &sepol_parent);
712 if (rc != SEPOL_OK) goto exit;
726 int rc = SEPOL_ERR;
733 rc = __cil_get_sepol_user_datum(pdb, DATUM(user), &sepol_user);
734 if (rc != SEPOL_OK) {
739 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_role);
740 if (rc != SEPOL_OK) {
752 rc = SEPOL_ERR;
758 rc = SEPOL_OK;
761 return rc;
766 int rc = SEPOL_ERR;
773 rc = symtab_insert(pdb, SYM_BOOLS, key, sepol_bool, SCOPE_DECL, 0, &value);
774 if (rc != SEPOL_OK) {
785 return rc;
790 int rc = SEPOL_ERR;
803 rc = symtab_insert(pdb, SYM_CATS, key, sepol_cat, SCOPE_DECL, 0, &value);
804 if (rc != SEPOL_OK) {
816 return rc;
821 int rc = SEPOL_ERR;
827 rc = __cil_get_sepol_cat_datum(pdb, DATUM(cil_alias->actual), &sepol_cat);
828 if (rc != SEPOL_OK) goto exit;
831 rc = symtab_insert(pdb, SYM_CATS, key, sepol_alias, SCOPE_DECL, 0, NULL);
832 if (rc != SEPOL_OK) {
844 return rc;
849 int rc = SEPOL_ERR;
865 rc = symtab_insert(pdb, SYM_LEVELS, key, sepol_level, SCOPE_DECL, 0, &value);
866 if (rc != SEPOL_OK) {
881 return rc;
886 int rc = SEPOL_ERR;
893 rc = __cil_get_sepol_level_datum(pdb, DATUM(cil_alias->actual), &sepol_level);
894 if (rc != SEPOL_OK) goto exit;
897 rc = symtab_insert(pdb, SYM_LEVELS, key, sepol_alias, SCOPE_DECL, 0, NULL);
898 if (rc != SEPOL_OK) {
905 rc = mls_level_cpy(mls_level, sepol_level->level);
906 if (rc != SEPOL_OK) {
919 return rc;
924 int rc = SEPOL_OK;
930 rc = SEPOL_ERR;
954 return rc;
975 int rc = SEPOL_OK;
995 rc = SEPOL_ERR;
1016 rc = SEPOL_ERR;
1022 rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
1049 rc = SEPOL_ERR;
1059 rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
1063 return rc;
1075 int rc;
1080 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
1081 if (rc != SEPOL_OK) return rc;
1083 rc = __cil_insert_type_rule(
1088 if (rc != SEPOL_OK) return rc;
1095 int rc = SEPOL_ERR;
1112 rc = __cil_expand_type(src, &src_bitmap);
1113 if (rc != SEPOL_OK) goto exit;
1117 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_rule->result), &sepol_result);
1118 if (rc != SEPOL_OK) goto exit;
1122 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1123 if (rc != SEPOL_OK) goto exit;
1125 rc = __cil_type_rule_to_avtab_helper(
1129 if (rc != SEPOL_OK) goto exit;
1132 rc = __cil_expand_type(tgt, &tgt_bitmap);
1133 if (rc != SEPOL_OK) goto exit;
1136 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1137 if (rc != SEPOL_OK) goto exit;
1140 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
1141 if (rc != SEPOL_OK) goto exit;
1143 rc = __cil_type_rule_to_avtab_helper(
1148 if (rc != SEPOL_OK) goto exit;
1153 rc = SEPOL_OK;
1159 return rc;
1174 int rc;
1180 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
1181 if (rc != SEPOL_OK) return rc;
1183 rc = policydb_filetrans_insert(
1188 if (rc != SEPOL_OK) {
1189 if (rc == SEPOL_EEXIST) {
1193 rc = SEPOL_OK;
1198 if (rc != SEPOL_OK) {
1199 return rc;
1208 int rc = SEPOL_ERR;
1240 rc = __cil_expand_type(src, &src_bitmap);
1241 if (rc != SEPOL_OK) goto exit;
1245 rc = __cil_get_sepol_type_datum(pdb, DATUM(typetrans->result), &sepol_result);
1246 if (rc != SEPOL_OK) goto exit;
1250 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1251 if (rc != SEPOL_OK) goto exit;
1253 rc = __cil_typetransition_to_avtab_helper(
1257 if (rc != SEPOL_OK) goto exit;
1260 rc = __cil_expand_type(tgt, &tgt_bitmap);
1261 if (rc != SEPOL_OK) goto exit;
1264 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1265 if (rc != SEPOL_OK) goto exit;
1268 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
1269 if (rc != SEPOL_OK) goto exit;
1271 rc = __cil_typetransition_to_avtab_helper(
1275 if (rc != SEPOL_OK) goto exit;
1280 rc = SEPOL_OK;
1286 return rc;
1296 int rc;
1306 rc = SEPOL_ERR;
1315 return rc;
1320 int rc = SEPOL_ERR;
1330 rc = __perm_str_to_datum(key, sepol_class, &data);
1331 if (rc != SEPOL_OK) {
1341 return rc;
1346 int rc = SEPOL_OK;
1366 rc = SEPOL_ERR;
1375 rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
1384 rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
1388 return rc;
1393 int rc = SEPOL_ERR;
1399 rc = __cil_get_sepol_class_datum(pdb, DATUM(cp->class), &sepol_class);
1400 if (rc != SEPOL_OK) goto exit;
1402 rc = __cil_perms_to_datum(cp->perms, sepol_class, &data);
1403 if (rc != SEPOL_OK) goto exit;
1414 rc = __cil_get_sepol_type_datum(pdb, src, &sepol_src);
1415 if (rc != SEPOL_OK) goto exit;
1417 rc = __cil_get_sepol_type_datum(pdb, tgt, &sepol_tgt);
1418 if (rc != SEPOL_OK) goto exit;
1420 rc = __cil_insert_avrule(pdb, kind, sepol_src->s.value, sepol_tgt->s.value, sepol_class->s.value, data, cond_node, cond_flavor);
1421 if (rc != SEPOL_OK) {
1428 return rc;
1434 int rc = SEPOL_ERR;
1441 rc = __cil_avrule_expand_helper(pdb, kind, src, tgt, cp, cond_node, cond_flavor);
1442 if (rc != SEPOL_OK) {
1449 rc = __cil_avrule_expand(pdb, kind, src, tgt, cmp->classperms, cond_node, cond_flavor);
1450 if (rc != SEPOL_OK) {
1458 rc = __cil_avrule_expand(pdb, kind, src, tgt, cp->classperms, cond_node, cond_flavor);
1459 if (rc != SEPOL_OK) {
1468 return rc;
1489 int rc = SEPOL_ERR;
1500 rc = SEPOL_OK;
1508 rc = __cil_expand_type(src, &src_bitmap);
1509 if (rc != SEPOL_OK) {
1515 rc = __cil_avrule_expand(pdb, kind, src, src, classperms, cond_node, cond_flavor);
1516 if (rc != SEPOL_OK) {
1526 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1527 if (rc != SEPOL_OK) {
1531 rc = __cil_expand_type(src, &src_bitmap);
1532 if (rc != SEPOL_OK) {
1536 rc = __cil_expand_type(tgt, &tgt_bitmap);
1537 if (rc != SEPOL_OK) {
1547 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1548 if (rc != SEPOL_OK) {
1558 rc = __cil_expand_type(src, &src_bitmap);
1559 if (rc != SEPOL_OK) {
1566 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1567 if (rc != SEPOL_OK) {
1574 rc = __cil_expand_type(tgt, &tgt_bitmap);
1575 if (rc != SEPOL_OK) {
1582 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1583 if (rc != SEPOL_OK) {
1595 return rc;
1705 int rc = SEPOL_OK;
1722 rc = __perm_str_to_datum(CIL_KEY_IOCTL, sepol_obj, &data);
1723 if (rc != SEPOL_OK) {
1728 rc = __cil_permx_bitmap_to_sepol_xperms_list(datum, &xperms_list);
1729 if (rc != SEPOL_OK) {
1735 rc = avtab_insert(&pdb->te_avtab, avtab_key, &avtab_datum);
1736 if (rc != SEPOL_OK) {
1741 rc = SEPOL_OK;
1750 return rc;
1758 int rc = SEPOL_ERR;
1771 rc = SEPOL_ERR;
1784 rc = ebitmap_cpy(hashtab_xperms, xperms);
1785 if (rc != SEPOL_OK) {
1790 rc = hashtab_insert(h, (hashtab_key_t)avtab_key, hashtab_xperms);
1791 if (rc != SEPOL_OK) {
1798 rc = ebitmap_union(hashtab_xperms, xperms);
1799 if (rc != SEPOL_OK) {
1807 return rc;
1812 int rc = SEPOL_ERR;
1819 rc = __cil_get_sepol_type_datum(pdb, src, &sepol_src);
1820 if (rc != SEPOL_OK) goto exit;
1822 rc = __cil_get_sepol_type_datum(pdb, tgt, &sepol_tgt);
1823 if (rc != SEPOL_OK) goto exit;
1828 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
1829 if (rc != SEPOL_OK) goto exit;
1833 rc = __cil_avrulex_ioctl_to_hashtable(args->avrulex_ioctl_table, kind, sepol_src->s.value, sepol_tgt->s.value, sepol_obj->s.value, permx->perms);
1834 if (rc != SEPOL_OK) goto exit;
1837 rc = SEPOL_ERR;
1842 rc = SEPOL_OK;
1847 return rc;
1852 int rc = SEPOL_ERR;
1862 rc = SEPOL_OK;
1871 rc = __cil_expand_type(src, &src_bitmap);
1872 if (rc != SEPOL_OK) goto exit;
1876 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, src, cil_avrulex->perms.x.permx, args);
1877 if (rc != SEPOL_OK) {
1887 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1888 if (rc != SEPOL_OK) {
1892 rc = __cil_expand_type(src, &src_bitmap);
1893 if (rc != SEPOL_OK) {
1897 rc = __cil_expand_type(tgt, &tgt_bitmap);
1898 if (rc != SEPOL_OK) {
1908 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1909 if (rc != SEPOL_OK) {
1919 rc = __cil_expand_type(src, &src_bitmap);
1920 if (rc != SEPOL_OK) {
1927 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1928 if (rc != SEPOL_OK) {
1935 rc = __cil_expand_type(tgt, &tgt_bitmap);
1936 if (rc != SEPOL_OK) {
1943 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1944 if (rc != SEPOL_OK) {
1956 return rc;
1970 int rc;
1990 rc = __cil_typetransition_to_avtab(pdb, db, cil_typetrans, cond_node, cond_flavor);
1991 if (rc != SEPOL_OK) {
1998 rc = __cil_type_rule_to_avtab(pdb, db, cil_type_rule, cond_node, cond_flavor);
1999 if (rc != SEPOL_OK) {
2006 rc = __cil_avrule_to_avtab(pdb, db, cil_avrule, cond_node, cond_flavor);
2007 if (rc != SEPOL_OK) {
2130 int rc = __cil_cond_expr_to_sepol_expr_helper(pdb, l, head, tail);
2131 if (rc != SEPOL_OK) {
2146 int rc = SEPOL_ERR;
2189 rc = __cil_cond_item_to_sepol_expr(pdb, item->next, &h1, &t1);
2190 if (rc != SEPOL_OK) {
2201 rc = __cil_cond_item_to_sepol_expr(pdb, item->next->next, &h2, &t2);
2202 if (rc != SEPOL_OK) {
2215 rc = __cil_cond_item_to_sepol_expr(pdb, item, &h1, &t1);
2216 if (rc != SEPOL_OK) {
2222 rc = __cil_cond_item_to_sepol_expr(pdb, item, &h2, &t2);
2223 if (rc != SEPOL_OK) {
2247 int rc;
2250 rc = __cil_cond_expr_to_sepol_expr_helper(pdb, cil_expr, &head, &tail);
2251 if (rc != SEPOL_OK) {
2306 int rc = SEPOL_ERR;
2321 rc = SEPOL_ERR;
2326 rc = __cil_cond_expr_to_sepol_expr(pdb, cil_boolif->datum_expr, &tmp_cond->expr);
2327 if (rc != SEPOL_OK) {
2332 rc = __cil_validate_cond_expr(tmp_cond->expr);
2333 if (rc != SEPOL_OK) {
2339 rc = cond_normalize_expr(pdb, tmp_cond);
2340 if (rc != SEPOL_OK) {
2351 rc = SEPOL_ERR;
2387 rc = cil_tree_walk(true_node, __cil_cond_to_policydb_helper, NULL, NULL, &bool_args);
2388 if (rc != SEPOL_OK) {
2396 rc = cil_tree_walk(false_node, __cil_cond_to_policydb_helper, NULL, NULL, &bool_args);
2397 if (rc != SEPOL_OK) {
2411 return rc;
2416 int rc = SEPOL_ERR;
2429 rc = __cil_expand_role(DATUM(roletrans->src), &role_bitmap);
2430 if (rc != SEPOL_OK) goto exit;
2432 rc = __cil_expand_type(roletrans->tgt, &type_bitmap);
2433 if (rc != SEPOL_OK) goto exit;
2437 rc = __cil_get_sepol_role_datum(pdb, DATUM(roletrans->result), &sepol_result);
2438 if (rc != SEPOL_OK) goto exit;
2441 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_src);
2442 if (rc != SEPOL_OK) goto exit;
2445 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
2446 if (rc != SEPOL_OK) goto exit;
2450 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
2451 if (rc != SEPOL_OK) goto exit;
2460 rc = hashtab_insert(role_trans_table, (hashtab_key_t)new, &(new->new_role));
2461 if (rc != SEPOL_OK) {
2462 if (rc == SEPOL_EEXIST) {
2468 rc = SEPOL_OK;
2480 if (rc != SEPOL_OK) {
2488 rc = SEPOL_OK;
2494 return rc;
2499 int rc = SEPOL_ERR;
2507 rc = __cil_expand_role(roleallow->src, &src_bitmap);
2508 if (rc != SEPOL_OK) goto exit;
2510 rc = __cil_expand_role(roleallow->tgt, &tgt_bitmap);
2511 if (rc != SEPOL_OK) goto exit;
2514 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_src);
2515 if (rc != SEPOL_OK) goto exit;
2518 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[j]), &sepol_tgt);
2519 if (rc != SEPOL_OK) goto exit;
2531 rc = SEPOL_OK;
2536 return rc;
2541 int rc = SEPOL_ERR;
2549 rc = __cil_expand_user(item->data, &user_bitmap);
2550 if (rc != SEPOL_OK) goto exit;
2553 rc = __cil_get_sepol_user_datum(pdb, DATUM(db->val_to_user[i]), &sepol_user);
2554 if (rc != SEPOL_OK) {
2571 rc = __cil_expand_role(item->data, &role_bitmap);
2572 if (rc != SEPOL_OK) goto exit;
2575 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_role);
2576 if (rc != SEPOL_OK) {
2594 rc = __cil_get_sepol_type_datum(pdb, item->data, &sepol_type);
2595 if (rc != SEPOL_OK) {
2599 rc = 0;
2605 rc = ebitmap_set_bit(&expr->type_names->types, sepol_type->s.value - 1, 1);
2608 if (rc != SEPOL_OK) {
2613 rc = __cil_expand_type(item->data, &type_bitmap);
2614 if (rc != SEPOL_OK) goto exit;
2617 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
2618 if (rc != SEPOL_OK) {
2641 int rc = SEPOL_ERR;
2709 rc = __cil_constrain_expr_datum_to_sepol_expr(pdb, db, r_item, expr_flavor, expr);
2710 if (rc != SEPOL_OK) {
2717 rc = __cil_constrain_expr_datum_to_sepol_expr(pdb, db, curr, expr_flavor, expr);
2718 if (rc != SEPOL_OK) {
2723 rc = SEPOL_ERR;
2731 return rc;
2736 int rc = SEPOL_ERR;
2751 rc = constraint_expr_init(op);
2752 if (rc != SEPOL_OK) {
2792 rc = __cil_constrain_expr_leaf_to_sepol_expr(pdb, db, item, flavor, op);
2793 if (rc != SEPOL_OK) {
2800 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, l_expr, &h1, &t1);
2801 if (rc != SEPOL_OK) {
2810 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, l_expr, &h1, &t1);
2811 if (rc != SEPOL_OK) {
2814 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, r_expr, &h2, &t2);
2815 if (rc != SEPOL_OK) {
2834 int rc;
2837 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, cil_expr, &head, &tail);
2838 if (rc != SEPOL_OK) {
2892 int rc = SEPOL_ERR;
2900 rc = __cil_get_sepol_class_datum(pdb, class, &sepol_class);
2901 if (rc != SEPOL_OK) goto exit;
2903 rc = __cil_perms_to_datum(perms, sepol_class, &sepol_constrain->permissions);
2904 if (rc != SEPOL_OK) {
2914 rc = __cil_constrain_expr_to_sepol_expr(pdb, db, expr, &sepol_expr);
2915 if (rc != SEPOL_OK) {
2919 rc = __cil_validate_constrain_expr(sepol_expr);
2920 if (rc != SEPOL_OK) {
2933 return rc;
2938 int rc = SEPOL_ERR;
2945 rc = cil_constrain_to_policydb_helper(pdb, db, DATUM(cp->class), cp->perms, expr);
2946 if (rc != SEPOL_OK) {
2953 rc = cil_constrain_expand(pdb, db, cmp->classperms, expr);
2954 if (rc != SEPOL_OK) {
2962 rc = cil_constrain_expand(pdb, db, cp->classperms, expr);
2963 if (rc != SEPOL_OK) {
2972 return rc;
2977 int rc = SEPOL_ERR;
2978 rc = cil_constrain_expand(pdb, db, cil_constrain->classperms, cil_constrain->datum_expr);
2979 if (rc != SEPOL_OK) {
2987 return rc;
2992 int rc = SEPOL_ERR;
3003 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3004 if (rc != SEPOL_OK) goto exit;
3009 rc = __cil_constrain_expr_to_sepol_expr(pdb, db, expr, &sepol_expr);
3010 if (rc != SEPOL_OK) {
3020 rc = SEPOL_OK;
3024 return rc;
3029 int rc = SEPOL_ERR;
3039 rc = __cil_get_sepol_cat_datum(pdb, j->data, &sepol_cat);
3040 if (rc != SEPOL_OK) goto exit;
3042 rc = ebitmap_set_bit(&mls_level->cat, sepol_cat->s.value - 1, 1);
3043 if (rc != SEPOL_OK) goto exit;
3046 rc = __cil_get_sepol_cat_datum(pdb, i->data, &sepol_cat);
3047 if (rc != SEPOL_OK) goto exit;
3049 rc = ebitmap_set_bit(&mls_level->cat, sepol_cat->s.value - 1, 1);
3050 if (rc != SEPOL_OK) goto exit;
3062 int rc = SEPOL_ERR;
3067 rc = __cil_get_sepol_level_datum(pdb, DATUM(cil_sens), &sepol_level);
3068 if (rc != SEPOL_OK) goto exit;
3077 rc = __cil_cats_to_mls_level(pdb, cats, mls_level);
3078 if (rc != SEPOL_OK) {
3090 return rc;
3095 int rc = SEPOL_ERR;
3100 rc = __cil_get_sepol_level_datum(pdb, DATUM(cil_sens), &sepol_level);
3101 if (rc != SEPOL_OK) goto exit;
3108 rc = __cil_cats_to_mls_level(pdb, cats, mls_level);
3109 if (rc != SEPOL_OK) {
3115 rc = SEPOL_OK;
3117 return rc;
3122 int rc = SEPOL_ERR;
3129 rc = cil_level_to_mls_level(pdb, low, mls_level);
3130 if (rc != SEPOL_OK) {
3136 rc = cil_level_to_mls_level(pdb, high, mls_level);
3137 if (rc != SEPOL_OK) {
3144 return rc;
3149 int rc = SEPOL_ERR;
3154 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_user), &sepol_user);
3155 if (rc != SEPOL_OK) goto exit;
3157 rc = cil_level_to_mls_level(pdb, cil_level, &sepol_user->exp_dfltlevel);
3158 if (rc != SEPOL_OK) {
3162 rc = __cil_levelrange_to_mls_range(pdb, cil_levelrange, &sepol_user->exp_range);
3163 if (rc != SEPOL_OK) {
3170 return rc;
3175 int rc = SEPOL_ERR;
3181 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_context->user), &sepol_user);
3182 if (rc != SEPOL_OK) goto exit;
3184 rc = __cil_get_sepol_role_datum(pdb, DATUM(cil_context->role), &sepol_role);
3185 if (rc != SEPOL_OK) goto exit;
3187 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_context->type), &sepol_type);
3188 if (rc != SEPOL_OK) goto exit;
3197 rc = __cil_levelrange_to_mls_range(pdb, cil_lvlrange, &sepol_context->range);
3198 if (rc != SEPOL_OK) {
3208 return rc;
3213 int rc = SEPOL_ERR;
3234 rc = __cil_context_to_sepol_context(pdb, cil_context, &new_ocon->context[0]);
3235 if (rc != SEPOL_OK) {
3245 return rc;
3250 int rc = SEPOL_ERR;
3263 rc = __cil_expand_type(rangetrans->src, &src_bitmap);
3264 if (rc != SEPOL_OK) goto exit;
3266 rc = __cil_expand_type(rangetrans->exec, &tgt_bitmap);
3267 if (rc != SEPOL_OK) goto exit;
3272 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
3273 if (rc != SEPOL_OK) goto exit;
3276 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
3277 if (rc != SEPOL_OK) goto exit;
3280 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3281 if (rc != SEPOL_OK) goto exit;
3288 rc = __cil_levelrange_to_mls_range(pdb, rangetrans->range, newdatum);
3289 if (rc != SEPOL_OK) {
3295 rc = hashtab_insert(pdb->range_tr, (hashtab_key_t)newkey, newdatum);
3296 if (rc != SEPOL_OK) {
3297 if (rc == SEPOL_EEXIST) {
3302 rc = SEPOL_OK;
3319 if (rc != SEPOL_OK) {
3327 rc = SEPOL_OK;
3333 return rc;
3338 int rc = SEPOL_ERR;
3347 rc = inet_pton(AF_INET6, cil_ibpkeycon->subnet_prefix_str, &subnet_prefix);
3348 if (rc != 1) {
3350 rc = SEPOL_ERR;
3359 rc = __cil_context_to_sepol_context(pdb, cil_ibpkeycon->context, &new_ocon->context[0]);
3360 if (rc != SEPOL_OK)
3367 return rc;
3372 int rc = SEPOL_ERR;
3395 rc = SEPOL_ERR;
3402 rc = __cil_context_to_sepol_context(pdb, cil_portcon->context, &new_ocon->context[0]);
3403 if (rc != SEPOL_OK) {
3411 return rc;
3416 int rc = SEPOL_ERR;
3426 rc = __cil_context_to_sepol_context(pdb, cil_netifcon->if_context, &new_ocon->context[0]);
3427 if (rc != SEPOL_OK) {
3431 rc = __cil_context_to_sepol_context(pdb, cil_netifcon->packet_context, &new_ocon->context[1]);
3432 if (rc != SEPOL_OK) {
3441 return rc;
3446 int rc = SEPOL_ERR;
3457 rc = __cil_context_to_sepol_context(pdb, cil_ibendportcon->context, &new_ocon->context[0]);
3458 if (rc != SEPOL_OK)
3465 return rc;
3470 int rc = SEPOL_ERR;
3489 rc = SEPOL_ERR;
3493 rc = __cil_context_to_sepol_context(pdb, cil_nodecon->context, &new_ocon->context[0]);
3494 if (rc != SEPOL_OK) {
3502 return rc;
3507 int rc = SEPOL_ERR;
3518 rc = __cil_context_to_sepol_context(pdb, cil_fsuse->context, &new_ocon->context[0]);
3519 if (rc != SEPOL_OK) {
3527 return rc;
3532 int rc = SEPOL_ERR;
3588 rc = SEPOL_ERR;
3593 rc = SEPOL_ERR;
3599 rc = __cil_context_to_sepol_context(pdb, cil_genfscon->context, &new_ocon->context[0]);
3600 if (rc != SEPOL_OK) {
3608 return rc;
3613 int rc = SEPOL_ERR;
3623 rc = __cil_context_to_sepol_context(pdb, cil_pirqcon->context, &new_ocon->context[0]);
3624 if (rc != SEPOL_OK) {
3632 return rc;
3637 int rc = SEPOL_ERR;
3648 rc = __cil_context_to_sepol_context(pdb, cil_iomemcon->context, &new_ocon->context[0]);
3649 if (rc != SEPOL_OK) {
3657 return rc;
3662 int rc = SEPOL_ERR;
3673 rc = __cil_context_to_sepol_context(pdb, cil_ioportcon->context, &new_ocon->context[0]);
3674 if (rc != SEPOL_OK) {
3682 return rc;
3687 int rc = SEPOL_ERR;
3697 rc = __cil_context_to_sepol_context(pdb, cil_pcidevicecon->context, &new_ocon->context[0]);
3698 if (rc != SEPOL_OK) {
3706 return rc;
3711 int rc = SEPOL_ERR;
3721 rc = __cil_context_to_sepol_context(pdb, cil_devicetreecon->context, &new_ocon->context[0]);
3722 if (rc != SEPOL_OK) {
3730 return rc;
3745 int rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3746 if (rc != SEPOL_OK) goto exit;
3800 int rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3801 if (rc != SEPOL_OK) goto exit;
3823 int rc = SEPOL_OK;
3847 rc = cil_role_to_policydb(pdb, node->data);
3850 rc = cil_type_to_policydb(pdb, node->data, type_value_to_cil);
3853 rc = cil_typeattribute_to_policydb(pdb, node->data, type_value_to_cil);
3856 rc = cil_policycap_to_policydb(pdb, node->data);
3859 rc = cil_user_to_policydb(pdb, node->data);
3862 rc = cil_bool_to_policydb(pdb, node->data);
3866 rc = cil_catalias_to_policydb(pdb, node->data);
3871 rc = cil_sepol_level_define(pdb, node->data);
3881 rc = cil_type_bounds_to_policydb(pdb, node->data);
3884 rc = cil_typealias_to_policydb(pdb, node->data);
3887 rc = cil_typepermissive_to_policydb(pdb, node->data);
3890 rc = cil_typeattribute_to_bitmap(pdb, db, node->data);
3894 rc = cil_sensalias_to_policydb(pdb, node->data);
3898 rc = cil_role_bounds_to_policydb(pdb, node->data);
3899 if (rc != SEPOL_OK) goto exit;
3900 rc = cil_roletype_to_policydb(pdb, db, node->data);
3903 rc = cil_user_bounds_to_policydb(pdb, node->data);
3904 if (rc != SEPOL_OK) goto exit;
3906 rc = cil_userlevel_userrange_to_policydb(pdb, node->data);
3907 if (rc != SEPOL_OK) {
3911 rc = cil_userrole_to_policydb(pdb, db, node->data);
3914 rc = cil_type_rule_to_policydb(pdb, db, node->data);
3926 rc = cil_roletrans_to_policydb(pdb, db, node->data, role_trans_table);
3929 /*rc = cil_roleattributeset_to_policydb(pdb, node->data);*/
3932 rc = cil_typetransition_to_policydb(pdb, db, node->data);
3935 rc = cil_constrain_to_policydb(pdb, db, node->data);
3939 rc = cil_constrain_to_policydb(pdb, db, node->data);
3943 rc = cil_validatetrans_to_policydb(pdb, db, node->data);
3947 rc = cil_validatetrans_to_policydb(pdb, db, node->data);
3952 rc = cil_rangetransition_to_policydb(pdb, db, node->data);
3958 rc = cil_default_to_policydb(pdb, node->data);
3961 rc = cil_defaultrange_to_policydb(pdb, node->data);
3970 rc = cil_booleanif_to_policydb(pdb, db, node);
3975 rc = cil_avrule_to_policydb(pdb, db, node->data);
3982 rc = cil_avrulex_to_hashtable(pdb, db, node->data, args);
3987 rc = cil_roleallow_to_policydb(pdb, db, node->data);
3997 if (rc != SEPOL_OK) {
4000 return rc;
4005 int rc = SEPOL_ERR;
4011 rc = SEPOL_OK;
4016 rc = SEPOL_OK;
4022 rc = __cil_node_to_policydb(node, extra_args);
4023 if (rc != SEPOL_OK) {
4028 return rc;
4033 int rc = SEPOL_ERR;
4035 rc = cil_portcon_to_policydb(pdb, db->portcon);
4036 if (rc != SEPOL_OK) {
4040 rc = cil_netifcon_to_policydb(pdb, db->netifcon);
4041 if (rc != SEPOL_OK) {
4045 rc = cil_nodecon_to_policydb(pdb, db->nodecon);
4046 if (rc != SEPOL_OK) {
4050 rc = cil_fsuse_to_policydb(pdb, db->fsuse);
4051 if (rc != SEPOL_OK) {
4055 rc = cil_genfscon_to_policydb(pdb, db->genfscon);
4056 if (rc != SEPOL_OK) {
4060 rc = cil_ibpkeycon_to_policydb(pdb, db->ibpkeycon);
4061 if (rc != SEPOL_OK) {
4065 rc = cil_ibendportcon_to_policydb(pdb, db->ibendportcon);
4066 if (rc != SEPOL_OK) {
4071 rc = cil_pirqcon_to_policydb(pdb, db->pirqcon);
4072 if (rc != SEPOL_OK) {
4076 rc = cil_iomemcon_to_policydb(pdb, db->iomemcon);
4077 if (rc != SEPOL_OK) {
4081 rc = cil_ioportcon_to_policydb(pdb, db->ioportcon);
4082 if (rc != SEPOL_OK) {
4086 rc = cil_pcidevicecon_to_policydb(pdb, db->pcidevicecon);
4087 if (rc != SEPOL_OK) {
4091 rc = cil_devicetreecon_to_policydb(pdb, db->devicetreecon);
4092 if (rc != SEPOL_OK) {
4098 return rc;
4212 int rc = SEPOL_ERR;
4215 rc = hashtab_map(policydb->p_commons.table, &__cil_common_val_array_insert, policydb);
4216 if (rc != SEPOL_OK) {
4222 rc = hashtab_map(policydb->p_classes.table, &__cil_class_val_array_insert, policydb);
4223 if (rc != SEPOL_OK) {
4229 rc = hashtab_map(policydb->p_roles.table, &__cil_role_val_array_insert, policydb);
4230 if (rc != SEPOL_OK) {
4236 rc = hashtab_map(policydb->p_types.table, &__cil_type_val_array_insert, policydb);
4237 if (rc != SEPOL_OK) {
4243 rc = hashtab_map(policydb->p_users.table, &__cil_user_val_array_insert, policydb);
4244 if (rc != SEPOL_OK) {
4250 rc = hashtab_map(policydb->p_bools.table, &__cil_bool_val_array_insert, policydb);
4251 if (rc != SEPOL_OK) {
4256 rc = hashtab_map(policydb->p_levels.table, &__cil_level_val_array_insert, policydb);
4257 if (rc != SEPOL_OK) {
4262 rc = hashtab_map(policydb->p_cats.table, &__cil_cat_val_array_insert, policydb);
4263 if (rc != SEPOL_OK) {
4268 return rc;
4307 int rc;
4310 rc = sepol_policydb_create(spdb);
4311 if (rc < 0) {
4330 return rc;
4336 int rc = SEPOL_ERR;
4344 rc = cil_classorder_to_policydb(pdb, db, class_value_to_cil, perm_value_to_cil);
4345 if (rc != SEPOL_OK) {
4350 rc = cil_catorder_to_policydb(pdb, db);
4351 if (rc != SEPOL_OK) {
4355 rc = cil_sensitivityorder_to_policydb(pdb, db);
4356 if (rc != SEPOL_OK) {
4361 rc = avtab_alloc(&pdb->te_avtab, MAX_AVTAB_SIZE);
4362 if (rc != SEPOL_OK) {
4366 rc = avtab_alloc(&pdb->te_cond_avtab, MAX_AVTAB_SIZE);
4367 if (rc != SEPOL_OK) {
4375 return rc;
4449 int rc = SEPOL_ERR;
4452 rc = __cil_policydb_create(db, &pdb);
4453 if (rc != SEPOL_OK) {
4457 rc = cil_binary_create_allocated_pdb(db, pdb);
4458 if (rc != SEPOL_OK) {
4469 return rc;
4485 int rc = SEPOL_ERR;
4495 rc = __cil_get_sepol_class_datum(pdb, DATUM(cp->class), &sepol_class);
4496 if (rc != SEPOL_OK) goto exit;
4498 rc = __cil_perms_to_datum(cp->perms, sepol_class, &data);
4499 if (rc != SEPOL_OK) goto exit;
4511 rc = __cil_rule_to_sepol_class_perms(pdb, cmp->classperms, sepol_class_perms);
4512 if (rc != SEPOL_OK) {
4520 rc = __cil_rule_to_sepol_class_perms(pdb, cp->classperms, sepol_class_perms);
4521 if (rc != SEPOL_OK) {
4529 return rc;
4534 int rc = SEPOL_OK;
4545 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
4546 if (rc != SEPOL_OK) {
4555 rc = SEPOL_ERR;
4559 rc = __perm_str_to_datum(perm_str, sepol_obj, &data);
4560 if (rc != SEPOL_OK) {
4574 return rc;
4586 int rc = SEPOL_ERR;
4596 rc = __cil_get_sepol_type_datum(pdb, datum, &sepol_datum);
4597 if (rc != SEPOL_OK) goto exit;
4601 rc = __cil_get_sepol_type_datum(pdb, datum, &sepol_datum);
4602 if (rc != SEPOL_OK) goto exit;
4609 return rc;
4730 int rc;
4762 rc = cil_find_matching_avrule_in_ast(db->ast->root, avrule_flavor, &target, matching, CIL_FALSE);
4763 if (rc) {
4787 return rc;
4792 int rc = SEPOL_OK;
4809 rc = __cil_add_sepol_type(pdb, db, cil_rule->src, &rule->stypes.types);
4810 if (rc != SEPOL_OK) {
4817 rc = __cil_add_sepol_type(pdb, db, cil_rule->tgt, &rule->ttypes.types);
4818 if (rc != SEPOL_OK) {
4824 rc = __cil_rule_to_sepol_class_perms(pdb, cil_rule->perms.classperms, &rule->perms);
4825 if (rc != SEPOL_OK) {
4829 rc = check_assertion(pdb, rule);
4830 if (rc == CIL_TRUE) {
4832 rc = __cil_print_neverallow_failure(db, node);
4833 if (rc != SEPOL_OK) {
4839 rc = __cil_permx_to_sepol_class_perms(pdb, cil_rule->perms.x.permx, &rule->perms);
4840 if (rc != SEPOL_OK) {
4844 rc = __cil_permx_bitmap_to_sepol_xperms_list(cil_rule->perms.x.permx->perms, &xperms);
4845 if (rc != SEPOL_OK) {
4851 rc = check_assertion(pdb, rule);
4852 if (rc == CIL_TRUE) {
4854 rc = __cil_print_neverallow_failure(db, node);
4855 if (rc != SEPOL_OK) {
4874 return rc;
4879 int rc = SEPOL_OK;
4883 rc = cil_check_neverallow(db, pdb, item->data, violation);
4884 if (rc != SEPOL_OK) {
4890 return rc;
4927 int rc = SEPOL_ERR;
4943 return rc;
4948 int rc = SEPOL_OK;
4960 rc = __cil_get_sepol_type_datum(pdb, DATUM(t), &child);
4961 if (rc != SEPOL_OK) goto exit;
4963 rc = __cil_get_sepol_type_datum(pdb, DATUM(t->bounds), &parent);
4964 if (rc != SEPOL_OK) goto exit;
4966 rc = bounds_check_type(NULL, pdb, child->s.value, parent->s.value, &bad, &numbad);
4967 if (rc != SEPOL_OK) goto exit;
4991 rc = cil_avrule_from_sepol(pdb, cur, &target, type_value_to_cil, class_value_to_cil, perm_value_to_cil);
4992 if (rc != SEPOL_OK) {
4999 rc = cil_find_matching_avrule_in_ast(db->ast->root, CIL_AVRULE, &target, matching, CIL_TRUE);
5000 if (rc) {
5039 return rc;
5046 int rc = SEPOL_ERR;
5082 rc = __cil_policydb_init(pdb, db, class_value_to_cil, perm_value_to_cil);
5083 if (rc != SEPOL_OK) {
5112 rc = cil_tree_walk(db->ast->root, __cil_binary_create_helper, NULL, NULL, &extra_args);
5113 if (rc != SEPOL_OK) {
5119 rc = __cil_policydb_val_arrays_create(pdb);
5120 if (rc != SEPOL_OK) {
5127 rc = hashtab_map(avrulex_ioctl_table, __cil_avrulex_ioctl_to_policydb, pdb);
5128 if (rc != SEPOL_OK) {
5135 rc = cil_sidorder_to_policydb(pdb, db);
5136 if (rc != SEPOL_OK) {
5140 rc = __cil_contexts_to_policydb(pdb, db);
5141 if (rc != SEPOL_OK) {
5147 rc = __cil_typeattr_bitmap_init(pdb);
5148 if (rc != SEPOL_OK) {
5160 rc = cil_check_neverallows(db, pdb, neverallows, &violation);
5161 if (rc != SEPOL_OK) goto exit;
5164 rc = bounds_check_users(NULL, pdb);
5165 if (rc) {
5170 rc = bounds_check_roles(NULL, pdb);
5171 if (rc) {
5176 rc = cil_check_type_bounds(db, pdb, type_value_to_cil, class_value_to_cil, perm_value_to_cil, &violation);
5177 if (rc != SEPOL_OK) goto exit;
5180 rc = SEPOL_ERR;
5189 rc = SEPOL_ERR;
5195 rc = SEPOL_ERR;
5199 rc = SEPOL_OK;
5216 return rc;