Lines Matching refs:pdb
64 policydb_t *pdb;
74 policydb_t *pdb;
79 static int __cil_get_sepol_user_datum(policydb_t *pdb, struct cil_symtab_datum *datum, user_datum_t **sepol_user)
81 *sepol_user = hashtab_search(pdb->p_users.table, datum->fqn);
90 static int __cil_get_sepol_role_datum(policydb_t *pdb, struct cil_symtab_datum *datum, role_datum_t **sepol_role)
92 *sepol_role = hashtab_search(pdb->p_roles.table, datum->fqn);
101 static int __cil_get_sepol_type_datum(policydb_t *pdb, struct cil_symtab_datum *datum, type_datum_t **sepol_type)
103 *sepol_type = hashtab_search(pdb->p_types.table, datum->fqn);
112 static int __cil_get_sepol_class_datum(policydb_t *pdb, struct cil_symtab_datum *datum, class_datum_t **sepol_class)
114 *sepol_class = hashtab_search(pdb->p_classes.table, datum->fqn);
123 static int __cil_get_sepol_cat_datum(policydb_t *pdb, struct cil_symtab_datum *datum, cat_datum_t **sepol_cat)
125 *sepol_cat = hashtab_search(pdb->p_cats.table, datum->fqn);
134 static int __cil_get_sepol_level_datum(policydb_t *pdb, struct cil_symtab_datum *datum, level_datum_t **sepol_level)
136 *sepol_level = hashtab_search(pdb->p_levels.table, datum->fqn);
239 int cil_common_to_policydb(policydb_t *pdb, struct cil_class *cil_common, common_datum_t **common_out)
250 rc = symtab_insert(pdb, SYM_COMMONS, key, sepol_common, SCOPE_DECL, 0, &value);
287 static int cil_classorder_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_class *class_value_to_cil[], struct cil_perm **perm_value_to_cil[])
303 rc = symtab_insert(pdb, SYM_CLASSES, key, sepol_class, SCOPE_DECL, 0, &value);
323 sepol_common = hashtab_search(pdb->p_commons.table, key);
325 rc = cil_common_to_policydb(pdb, cil_common, &sepol_common);
364 int cil_role_to_policydb(policydb_t *pdb, struct cil_role *cil_role)
380 rc = symtab_insert(pdb, SYM_ROLES, (hashtab_key_t)key, sepol_role, SCOPE_DECL, 0, &value);
399 static int cil_role_bounds_to_policydb(policydb_t *pdb, struct cil_role *cil_role)
406 rc = __cil_get_sepol_role_datum(pdb, DATUM(cil_role), &sepol_role);
409 rc = __cil_get_sepol_role_datum(pdb, DATUM(cil_role->bounds), &sepol_parent);
422 int cil_roletype_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_role *role)
432 rc = __cil_get_sepol_role_datum(pdb, DATUM(role), &sepol_role);
436 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
453 int cil_type_to_policydb(policydb_t *pdb, struct cil_type *cil_type, void *type_value_to_cil[])
464 rc = symtab_insert(pdb, SYM_TYPES, key, sepol_type, SCOPE_DECL, 0, &value);
482 static int cil_type_bounds_to_policydb(policydb_t *pdb, struct cil_type *cil_type)
489 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_type), &sepol_type);
492 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_type->bounds), &sepol_parent);
505 int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias)
513 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_alias->actual), &sepol_type);
519 rc = symtab_insert(pdb, SYM_TYPES, key, sepol_alias, SCOPE_DECL, 0, NULL);
535 int cil_typepermissive_to_policydb(policydb_t *pdb, struct cil_typepermissive *cil_typeperm)
540 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_typeperm->type), &sepol_type);
543 if (ebitmap_set_bit(&pdb->permissive_map, sepol_type->s.value, 1)) {
556 int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil_attr, void *type_value_to_cil[])
573 rc = symtab_insert(pdb, SYM_TYPES, key, sepol_attr, SCOPE_DECL, 0, &value);
590 static int __cil_typeattr_bitmap_init(policydb_t *pdb)
595 pdb->type_attr_map = cil_malloc(pdb->p_types.nprim * sizeof(ebitmap_t));
596 pdb->attr_type_map = cil_malloc(pdb->p_types.nprim * sizeof(ebitmap_t));
598 for (i = 0; i < pdb->p_types.nprim; i++) {
599 ebitmap_init(&pdb->type_attr_map[i]);
600 ebitmap_init(&pdb->attr_type_map[i]);
601 if (ebitmap_set_bit(&pdb->type_attr_map[i], i, 1)) {
605 if (pdb->type_val_to_struct[i] && pdb->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
606 if (ebitmap_set_bit(&pdb->attr_type_map[i], i, 1)) {
620 int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct cil_typeattribute *cil_attr)
632 if (pdb->type_attr_map == NULL) {
633 rc = __cil_typeattr_bitmap_init(pdb);
639 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_attr), &sepol_type);
645 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
648 ebitmap_set_bit(&pdb->type_attr_map[sepol_type->s.value - 1], value - 1, 1);
649 ebitmap_set_bit(&pdb->attr_type_map[value - 1], sepol_type->s.value - 1, 1);
657 int cil_policycap_to_policydb(policydb_t *pdb, struct cil_policycap *cil_polcap)
667 if (ebitmap_set_bit(&pdb->policycaps, capnum, 1)) {
677 int cil_user_to_policydb(policydb_t *pdb, struct cil_user *cil_user)
686 rc = symtab_insert(pdb, SYM_USERS, key, sepol_user, SCOPE_DECL, 0, &value);
701 static int cil_user_bounds_to_policydb(policydb_t *pdb, struct cil_user *cil_user)
708 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_user), &sepol_user);
711 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_user->bounds), &sepol_parent);
724 int cil_userrole_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_user *user)
733 rc = __cil_get_sepol_user_datum(pdb, DATUM(user), &sepol_user);
739 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_role);
764 int cil_bool_to_policydb(policydb_t *pdb, struct cil_bool *cil_bool)
773 rc = symtab_insert(pdb, SYM_BOOLS, key, sepol_bool, SCOPE_DECL, 0, &value);
788 int cil_catorder_to_policydb(policydb_t *pdb, const struct cil_db *db)
803 rc = symtab_insert(pdb, SYM_CATS, key, sepol_cat, SCOPE_DECL, 0, &value);
819 int cil_catalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias)
827 rc = __cil_get_sepol_cat_datum(pdb, DATUM(cil_alias->actual), &sepol_cat);
831 rc = symtab_insert(pdb, SYM_CATS, key, sepol_alias, SCOPE_DECL, 0, NULL);
847 int cil_sensitivityorder_to_policydb(policydb_t *pdb, const struct cil_db *db)
865 rc = symtab_insert(pdb, SYM_LEVELS, key, sepol_level, SCOPE_DECL, 0, &value);
884 static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias)
893 rc = __cil_get_sepol_level_datum(pdb, DATUM(cil_alias->actual), &sepol_level);
897 rc = symtab_insert(pdb, SYM_LEVELS, key, sepol_alias, SCOPE_DECL, 0, NULL);
973 static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src, uint32_t tgt, uint32_t obj, uint32_t res, struct cil_type_rule *cil_rule, cond_node_t *cond_node, enum cil_flavor cond_flavor)
1001 existing = avtab_search_node(&pdb->te_avtab, &avtab_key);
1009 pdb->p_type_val_to_name[src - 1],
1010 pdb->p_type_val_to_name[tgt - 1],
1011 pdb->p_class_val_to_name[obj - 1],
1012 pdb->p_type_val_to_name[res - 1],
1013 pdb->p_type_val_to_name[existing->datum.data - 1]);
1022 rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
1024 existing = avtab_search_node(&pdb->te_cond_avtab, &avtab_key);
1042 pdb->p_type_val_to_name[src - 1],
1043 pdb->p_type_val_to_name[tgt - 1],
1044 pdb->p_class_val_to_name[obj - 1],
1045 pdb->p_type_val_to_name[res - 1],
1046 pdb->p_type_val_to_name[existing->datum.data - 1]);
1059 rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
1066 static int __cil_type_rule_to_avtab_helper(policydb_t *pdb,
1080 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
1084 pdb, cil_rule->rule_kind, sepol_src->s.value,
1093 static int __cil_type_rule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_type_rule *cil_rule, cond_node_t *cond_node, enum cil_flavor cond_flavor)
1117 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_rule->result), &sepol_result);
1122 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1126 pdb, sepol_src, sepol_src, class_list,
1136 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1140 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
1144 pdb, sepol_src, sepol_tgt, class_list,
1162 int cil_type_rule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_type_rule *cil_rule)
1164 return __cil_type_rule_to_avtab(pdb, db, cil_rule, NULL, CIL_FALSE);
1167 static int __cil_typetransition_to_avtab_helper(policydb_t *pdb,
1180 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
1184 pdb, sepol_src->s.value, sepol_tgt->s.value,
1206 static int __cil_typetransition_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_nametypetransition *typetrans, cond_node_t *cond_node, enum cil_flavor cond_flavor)
1231 return __cil_type_rule_to_avtab(pdb, db, &trans, cond_node, cond_flavor);
1245 rc = __cil_get_sepol_type_datum(pdb, DATUM(typetrans->result), &sepol_result);
1250 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1254 pdb, sepol_src, sepol_src, class_list,
1264 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
1268 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
1272 pdb, sepol_src, sepol_tgt, class_list,
1289 int cil_typetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_nametypetransition *typetrans)
1291 return __cil_typetransition_to_avtab(pdb, db, typetrans, NULL, CIL_FALSE);
1344 static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uint32_t tgt, uint32_t obj, uint32_t data, cond_node_t *cond_node, enum cil_flavor cond_flavor)
1372 avtab_dup = avtab_search(&pdb->te_avtab, &avtab_key);
1375 rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
1384 rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
1391 static int __cil_avrule_expand_helper(policydb_t *pdb, uint16_t kind, struct cil_symtab_datum *src, struct cil_symtab_datum *tgt, struct cil_classperms *cp, cond_node_t *cond_node, enum cil_flavor cond_flavor)
1399 rc = __cil_get_sepol_class_datum(pdb, DATUM(cp->class), &sepol_class);
1414 rc = __cil_get_sepol_type_datum(pdb, src, &sepol_src);
1417 rc = __cil_get_sepol_type_datum(pdb, tgt, &sepol_tgt);
1420 rc = __cil_insert_avrule(pdb, kind, sepol_src->s.value, sepol_tgt->s.value, sepol_class->s.value, data, cond_node, cond_flavor);
1432 static int __cil_avrule_expand(policydb_t *pdb, uint16_t kind, struct cil_symtab_datum *src, struct cil_symtab_datum *tgt, struct cil_list *classperms, cond_node_t *cond_node, enum cil_flavor cond_flavor)
1441 rc = __cil_avrule_expand_helper(pdb, kind, src, tgt, cp, cond_node, cond_flavor);
1449 rc = __cil_avrule_expand(pdb, kind, src, tgt, cmp->classperms, cond_node, cond_flavor);
1458 rc = __cil_avrule_expand(pdb, kind, src, tgt, cp->classperms, cond_node, cond_flavor);
1487 static int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor)
1515 rc = __cil_avrule_expand(pdb, kind, src, src, classperms, cond_node, cond_flavor);
1526 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1547 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1566 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1582 rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
1598 int cil_avrule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule)
1600 return __cil_avrule_to_avtab(pdb, db, cil_avrule, NULL, CIL_FALSE);
1706 struct policydb *pdb;
1715 pdb = args;
1717 sepol_obj = pdb->class_val_to_struct[avtab_key->target_class - 1];
1735 rc = avtab_insert(&pdb->te_avtab, avtab_key, &avtab_datum);
1810 static int __cil_avrulex_to_hashtable_helper(policydb_t *pdb, uint16_t kind, struct cil_symtab_datum *src, struct cil_symtab_datum *tgt, struct cil_permissionx *permx, struct cil_args_binary *args)
1819 rc = __cil_get_sepol_type_datum(pdb, src, &sepol_src);
1822 rc = __cil_get_sepol_type_datum(pdb, tgt, &sepol_tgt);
1828 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
1850 static int cil_avrulex_to_hashtable(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrulex, struct cil_args_binary *args)
1876 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, src, cil_avrulex->perms.x.permx, args);
1887 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1908 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1927 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1943 rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
1974 policydb_t *pdb = args->pdb;
1990 rc = __cil_typetransition_to_avtab(pdb, db, cil_typetrans, cond_node, cond_flavor);
1998 rc = __cil_type_rule_to_avtab(pdb, db, cil_type_rule, cond_node, cond_flavor);
2006 rc = __cil_avrule_to_avtab(pdb, db, cil_avrule, cond_node, cond_flavor);
2110 static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list *cil_expr, cond_expr_t **head, cond_expr_t **tail);
2112 static int __cil_cond_item_to_sepol_expr(policydb_t *pdb, struct cil_list_item *item, cond_expr_t **head, cond_expr_t **tail)
2118 cond_bool_datum_t *sepol_bool = hashtab_search(pdb->p_bools.table, key);
2130 int rc = __cil_cond_expr_to_sepol_expr_helper(pdb, l, head, tail);
2144 static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list *cil_expr, cond_expr_t **head, cond_expr_t **tail)
2189 rc = __cil_cond_item_to_sepol_expr(pdb, item->next, &h1, &t1);
2201 rc = __cil_cond_item_to_sepol_expr(pdb, item->next->next, &h2, &t2);
2215 rc = __cil_cond_item_to_sepol_expr(pdb, item, &h1, &t1);
2222 rc = __cil_cond_item_to_sepol_expr(pdb, item, &h2, &t2);
2245 static int __cil_cond_expr_to_sepol_expr(policydb_t *pdb, struct cil_list *cil_expr, cond_expr_t **sepol_expr)
2250 rc = __cil_cond_expr_to_sepol_expr_helper(pdb, cil_expr, &head, &tail);
2304 int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_tree_node *node)
2319 tmp_cond = cond_node_create(pdb, NULL);
2326 rc = __cil_cond_expr_to_sepol_expr(pdb, cil_boolif->datum_expr, &tmp_cond->expr);
2339 rc = cond_normalize_expr(pdb, tmp_cond);
2349 cond_node = cond_node_find(pdb, tmp_cond, pdb->cond_list, &was_created);
2356 cond_node->next = pdb->cond_list;
2357 pdb->cond_list = cond_node;
2382 bool_args.pdb = pdb;
2414 int cil_roletrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roletransition *roletrans, hashtab_t role_trans_table)
2437 rc = __cil_get_sepol_role_datum(pdb, DATUM(roletrans->result), &sepol_result);
2441 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_src);
2445 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
2450 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
2476 new->next = pdb->role_tr;
2477 pdb->role_tr = new;
2497 int cil_roleallow_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roleallow *roleallow)
2514 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_src);
2518 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[j]), &sepol_tgt);
2526 sepol_roleallow->next = pdb->role_allow;
2527 pdb->role_allow = sepol_roleallow;
2539 static int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_db *db, struct cil_list_item *item, enum cil_flavor expr_flavor, constraint_expr_t *expr)
2553 rc = __cil_get_sepol_user_datum(pdb, DATUM(db->val_to_user[i]), &sepol_user);
2575 rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_role);
2593 if (pdb->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES) {
2594 rc = __cil_get_sepol_type_datum(pdb, item->data, &sepol_type);
2617 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
2639 static int __cil_constrain_expr_leaf_to_sepol_expr(policydb_t *pdb, const struct cil_db *db, struct cil_list_item *op_item, enum cil_flavor expr_flavor, constraint_expr_t *expr)
2709 rc = __cil_constrain_expr_datum_to_sepol_expr(pdb, db, r_item, expr_flavor, expr);
2717 rc = __cil_constrain_expr_datum_to_sepol_expr(pdb, db, curr, expr_flavor, expr);
2734 static int __cil_constrain_expr_to_sepol_expr_helper(policydb_t *pdb, const struct cil_db *db, const struct cil_list *cil_expr, constraint_expr_t **head, constraint_expr_t **tail)
2792 rc = __cil_constrain_expr_leaf_to_sepol_expr(pdb, db, item, flavor, op);
2800 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, l_expr, &h1, &t1);
2810 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, l_expr, &h1, &t1);
2814 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, r_expr, &h2, &t2);
2832 static int __cil_constrain_expr_to_sepol_expr(policydb_t *pdb, const struct cil_db *db, const struct cil_list *cil_expr, constraint_expr_t **sepol_expr)
2837 rc = __cil_constrain_expr_to_sepol_expr_helper(pdb, db, cil_expr, &head, &tail);
2890 static int cil_constrain_to_policydb_helper(policydb_t *pdb, const struct cil_db *db, struct cil_symtab_datum *class, struct cil_list *perms, struct cil_list *expr)
2900 rc = __cil_get_sepol_class_datum(pdb, class, &sepol_class);
2914 rc = __cil_constrain_expr_to_sepol_expr(pdb, db, expr, &sepol_expr);
2936 static int cil_constrain_expand(policydb_t *pdb, const struct cil_db *db, struct cil_list *classperms, struct cil_list *expr)
2945 rc = cil_constrain_to_policydb_helper(pdb, db, DATUM(cp->class), cp->perms, expr);
2953 rc = cil_constrain_expand(pdb, db, cmp->classperms, expr);
2962 rc = cil_constrain_expand(pdb, db, cp->classperms, expr);
2975 int cil_constrain_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_constrain *cil_constrain)
2978 rc = cil_constrain_expand(pdb, db, cil_constrain->classperms, cil_constrain->datum_expr);
2990 static int cil_validatetrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_validatetrans *cil_validatetrans)
3003 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3009 rc = __cil_constrain_expr_to_sepol_expr(pdb, db, expr, &sepol_expr);
3027 static int __cil_cats_to_mls_level(policydb_t *pdb, struct cil_cats *cats, mls_level_t *mls_level)
3039 rc = __cil_get_sepol_cat_datum(pdb, j->data, &sepol_cat);
3046 rc = __cil_get_sepol_cat_datum(pdb, i->data, &sepol_cat);
3060 int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens)
3067 rc = __cil_get_sepol_level_datum(pdb, DATUM(cil_sens), &sepol_level);
3077 rc = __cil_cats_to_mls_level(pdb, cats, mls_level);
3093 int cil_level_to_mls_level(policydb_t *pdb, struct cil_level *cil_level, mls_level_t *mls_level)
3100 rc = __cil_get_sepol_level_datum(pdb, DATUM(cil_sens), &sepol_level);
3108 rc = __cil_cats_to_mls_level(pdb, cats, mls_level);
3120 static int __cil_levelrange_to_mls_range(policydb_t *pdb, struct cil_levelrange *cil_lvlrange, mls_range_t *mls_range)
3129 rc = cil_level_to_mls_level(pdb, low, mls_level);
3136 rc = cil_level_to_mls_level(pdb, high, mls_level);
3147 static int cil_userlevel_userrange_to_policydb(policydb_t *pdb, struct cil_user *cil_user)
3154 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_user), &sepol_user);
3157 rc = cil_level_to_mls_level(pdb, cil_level, &sepol_user->exp_dfltlevel);
3162 rc = __cil_levelrange_to_mls_range(pdb, cil_levelrange, &sepol_user->exp_range);
3173 static int __cil_context_to_sepol_context(policydb_t *pdb, struct cil_context *cil_context, context_struct_t *sepol_context)
3181 rc = __cil_get_sepol_user_datum(pdb, DATUM(cil_context->user), &sepol_user);
3184 rc = __cil_get_sepol_role_datum(pdb, DATUM(cil_context->role), &sepol_role);
3187 rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_context->type), &sepol_type);
3194 if (pdb->mls == CIL_TRUE) {
3197 rc = __cil_levelrange_to_mls_range(pdb, cil_lvlrange, &sepol_context->range);
3211 static int cil_sidorder_to_policydb(policydb_t *pdb, const struct cil_db *db)
3231 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_ISID], &tail);
3234 rc = __cil_context_to_sepol_context(pdb, cil_context, &new_ocon->context[0]);
3248 int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans)
3272 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
3276 rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
3280 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3288 rc = __cil_levelrange_to_mls_range(pdb, rangetrans->range, newdatum);
3295 rc = hashtab_insert(pdb->range_tr, (hashtab_key_t)newkey, newdatum);
3298 o_range = hashtab_search(pdb->range_tr, (hashtab_key_t)newkey);
3336 int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons)
3345 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_IBPKEY], &tail);
3359 rc = __cil_context_to_sepol_context(pdb, cil_ibpkeycon->context, &new_ocon->context[0]);
3370 int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons)
3378 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_PORT], &tail);
3402 rc = __cil_context_to_sepol_context(pdb, cil_portcon->context, &new_ocon->context[0]);
3414 int cil_netifcon_to_policydb(policydb_t *pdb, struct cil_sort *netifcons)
3421 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_NETIF], &tail);
3426 rc = __cil_context_to_sepol_context(pdb, cil_netifcon->if_context, &new_ocon->context[0]);
3431 rc = __cil_context_to_sepol_context(pdb, cil_netifcon->packet_context, &new_ocon->context[1]);
3444 int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *ibendportcons)
3451 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_IBENDPORT], &tail);
3457 rc = __cil_context_to_sepol_context(pdb, cil_ibendportcon->context, &new_ocon->context[0]);
3468 int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons)
3480 new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_NODE], &tail);
3484 new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_NODE6], &tail6);
3493 rc = __cil_context_to_sepol_context(pdb, cil_nodecon->context, &new_ocon->context[0]);
3505 int cil_fsuse_to_policydb(policydb_t *pdb, struct cil_sort *fsuses)
3512 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_FSUSE], &tail);
3518 rc = __cil_context_to_sepol_context(pdb, cil_fsuse->context, &new_ocon->context[0]);
3530 int cil_genfscon_to_policydb(policydb_t *pdb, struct cil_sort *genfscons)
3553 pdb->genfs = new_genfs;
3591 class_datum = hashtab_search(pdb->p_classes.table, class_name);
3599 rc = __cil_context_to_sepol_context(pdb, cil_genfscon->context, &new_ocon->context[0]);
3611 int cil_pirqcon_to_policydb(policydb_t *pdb, struct cil_sort *pirqcons)
3618 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_XEN_PIRQ], &tail);
3623 rc = __cil_context_to_sepol_context(pdb, cil_pirqcon->context, &new_ocon->context[0]);
3635 int cil_iomemcon_to_policydb(policydb_t *pdb, struct cil_sort *iomemcons)
3642 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_XEN_IOMEM], &tail);
3648 rc = __cil_context_to_sepol_context(pdb, cil_iomemcon->context, &new_ocon->context[0]);
3660 int cil_ioportcon_to_policydb(policydb_t *pdb, struct cil_sort *ioportcons)
3667 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_XEN_IOPORT], &tail);
3673 rc = __cil_context_to_sepol_context(pdb, cil_ioportcon->context, &new_ocon->context[0]);
3685 int cil_pcidevicecon_to_policydb(policydb_t *pdb, struct cil_sort *pcidevicecons)
3692 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_XEN_PCIDEVICE], &tail);
3697 rc = __cil_context_to_sepol_context(pdb, cil_pcidevicecon->context, &new_ocon->context[0]);
3709 static int cil_devicetreecon_to_policydb(policydb_t *pdb, struct cil_sort *devicetreecons)
3716 ocontext_t *new_ocon = cil_add_ocontext(&pdb->ocontexts[OCON_XEN_DEVICETREE], &tail);
3721 rc = __cil_context_to_sepol_context(pdb, cil_devicetreecon->context, &new_ocon->context[0]);
3733 static int cil_default_to_policydb(policydb_t *pdb, struct cil_default *def)
3745 int rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3788 static int cil_defaultrange_to_policydb(policydb_t *pdb, struct cil_defaultrange *def)
3800 int rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_class);
3827 policydb_t *pdb;
3832 pdb = args->pdb;
3847 rc = cil_role_to_policydb(pdb, node->data);
3850 rc = cil_type_to_policydb(pdb, node->data, type_value_to_cil);
3853 rc = cil_typeattribute_to_policydb(pdb, node->data, type_value_to_cil);
3856 rc = cil_policycap_to_policydb(pdb, node->data);
3859 rc = cil_user_to_policydb(pdb, node->data);
3862 rc = cil_bool_to_policydb(pdb, node->data);
3865 if (pdb->mls == CIL_TRUE) {
3866 rc = cil_catalias_to_policydb(pdb, node->data);
3870 if (pdb->mls == CIL_TRUE) {
3871 rc = cil_sepol_level_define(pdb, node->data);
3881 rc = cil_type_bounds_to_policydb(pdb, node->data);
3884 rc = cil_typealias_to_policydb(pdb, node->data);
3887 rc = cil_typepermissive_to_policydb(pdb, node->data);
3890 rc = cil_typeattribute_to_bitmap(pdb, db, node->data);
3893 if (pdb->mls == CIL_TRUE) {
3894 rc = cil_sensalias_to_policydb(pdb, node->data);
3898 rc = cil_role_bounds_to_policydb(pdb, node->data);
3900 rc = cil_roletype_to_policydb(pdb, db, node->data);
3903 rc = cil_user_bounds_to_policydb(pdb, node->data);
3905 if (pdb->mls == CIL_TRUE) {
3906 rc = cil_userlevel_userrange_to_policydb(pdb, node->data);
3911 rc = cil_userrole_to_policydb(pdb, db, node->data);
3914 rc = cil_type_rule_to_policydb(pdb, db, node->data);
3926 rc = cil_roletrans_to_policydb(pdb, db, node->data, role_trans_table);
3929 /*rc = cil_roleattributeset_to_policydb(pdb, node->data);*/
3932 rc = cil_typetransition_to_policydb(pdb, db, node->data);
3935 rc = cil_constrain_to_policydb(pdb, db, node->data);
3938 if (pdb->mls == CIL_TRUE) {
3939 rc = cil_constrain_to_policydb(pdb, db, node->data);
3943 rc = cil_validatetrans_to_policydb(pdb, db, node->data);
3946 if (pdb->mls == CIL_TRUE) {
3947 rc = cil_validatetrans_to_policydb(pdb, db, node->data);
3951 if (pdb->mls == CIL_TRUE) {
3952 rc = cil_rangetransition_to_policydb(pdb, db, node->data);
3958 rc = cil_default_to_policydb(pdb, node->data);
3961 rc = cil_defaultrange_to_policydb(pdb, node->data);
3970 rc = cil_booleanif_to_policydb(pdb, db, node);
3975 rc = cil_avrule_to_policydb(pdb, db, node->data);
3982 rc = cil_avrulex_to_hashtable(pdb, db, node->data, args);
3987 rc = cil_roleallow_to_policydb(pdb, db, node->data);
4031 static int __cil_contexts_to_policydb(policydb_t *pdb, const struct cil_db *db)
4035 rc = cil_portcon_to_policydb(pdb, db->portcon);
4040 rc = cil_netifcon_to_policydb(pdb, db->netifcon);
4045 rc = cil_nodecon_to_policydb(pdb, db->nodecon);
4050 rc = cil_fsuse_to_policydb(pdb, db->fsuse);
4055 rc = cil_genfscon_to_policydb(pdb, db->genfscon);
4060 rc = cil_ibpkeycon_to_policydb(pdb, db->ibpkeycon);
4065 rc = cil_ibendportcon_to_policydb(pdb, db->ibendportcon);
4071 rc = cil_pirqcon_to_policydb(pdb, db->pirqcon);
4076 rc = cil_iomemcon_to_policydb(pdb, db->iomemcon);
4081 rc = cil_ioportcon_to_policydb(pdb, db->ioportcon);
4086 rc = cil_pcidevicecon_to_policydb(pdb, db->pcidevicecon);
4091 rc = cil_devicetreecon_to_policydb(pdb, db->devicetreecon);
4103 policydb_t *pdb = data;
4106 if (common->s.value < 1 || common->s.value > pdb->p_commons.nprim) {
4109 pdb->p_common_val_to_name[common->s.value - 1] = (char *)key;
4116 policydb_t *pdb = data;
4119 if (class->s.value < 1 || class->s.value > pdb->p_classes.nprim) {
4122 pdb->p_class_val_to_name[class->s.value - 1] = (char *)key;
4123 pdb->class_val_to_struct[class->s.value - 1] = class;
4130 policydb_t *pdb = data;
4133 if (role->s.value < 1 || role->s.value > pdb->p_roles.nprim) {
4136 pdb->p_role_val_to_name[role->s.value - 1] = (char *)key;
4137 pdb->role_val_to_struct[role->s.value - 1] = role;
4144 policydb_t *pdb = data;
4147 if (type->s.value < 1 || type->s.value > pdb->p_types.nprim) {
4150 pdb->p_type_val_to_name[type->s.value - 1] = (char *)key;
4151 pdb->type_val_to_struct[type->s.value - 1] = type;
4158 policydb_t *pdb = data;
4161 if (user->s.value < 1 || user->s.value > pdb->p_users.nprim) {
4164 pdb->p_user_val_to_name[user->s.value - 1] = (char *)key;
4165 pdb->user_val_to_struct[user->s.value - 1] = user;
4172 policydb_t *pdb = data;
4175 if (bool->s.value < 1 || bool->s.value > pdb->p_bools.nprim) {
4178 pdb->p_bool_val_to_name[bool->s.value - 1] = (char *)key;
4179 pdb->bool_val_to_struct[bool->s.value - 1] = bool;
4186 policydb_t *pdb = data;
4189 if (level->level->sens < 1 || level->level->sens > pdb->p_levels.nprim) {
4192 pdb->p_sens_val_to_name[level->level->sens - 1] = (char *)key;
4199 policydb_t *pdb = data;
4202 if (cat->s.value < 1 || cat->s.value > pdb->p_cats.nprim) {
4205 pdb->p_cat_val_to_name[cat->s.value - 1] = (char *)key;
4271 static void __cil_set_conditional_state_and_flags(policydb_t *pdb)
4275 for (cur = pdb->cond_list; cur != NULL; cur = cur->next) {
4279 new_state = cond_evaluate_expr(pdb, cur->expr);
4308 struct policydb *pdb = NULL;
4319 pdb = &(*spdb)->p;
4321 pdb->policy_type = POLICY_KERN;
4322 pdb->target_platform = db->target_platform;
4323 pdb->policyvers = db->policy_version;
4324 pdb->handle_unknown = db->handle_unknown;
4325 pdb->mls = db->mls;
4334 static int __cil_policydb_init(policydb_t *pdb, const struct cil_db *db, struct cil_class *class_value_to_cil[], struct cil_perm **perm_value_to_cil[])
4341 pdb->handle_unknown = db->handle_unknown;
4342 pdb->mls = db->mls;
4344 rc = cil_classorder_to_policydb(pdb, db, class_value_to_cil, perm_value_to_cil);
4349 if (pdb->mls == CIL_TRUE) {
4350 rc = cil_catorder_to_policydb(pdb, db);
4355 rc = cil_sensitivityorder_to_policydb(pdb, db);
4361 rc = avtab_alloc(&pdb->te_avtab, MAX_AVTAB_SIZE);
4366 rc = avtab_alloc(&pdb->te_cond_avtab, MAX_AVTAB_SIZE);
4450 struct sepol_policydb *pdb = NULL;
4452 rc = __cil_policydb_create(db, &pdb);
4457 rc = cil_binary_create_allocated_pdb(db, pdb);
4462 *policydb = pdb;
4467 sepol_policydb_free(pdb);
4483 static int __cil_rule_to_sepol_class_perms(policydb_t *pdb, struct cil_list *classperms, class_perm_node_t **sepol_class_perms)
4495 rc = __cil_get_sepol_class_datum(pdb, DATUM(cp->class), &sepol_class);
4511 rc = __cil_rule_to_sepol_class_perms(pdb, cmp->classperms, sepol_class_perms);
4520 rc = __cil_rule_to_sepol_class_perms(pdb, cp->classperms, sepol_class_perms);
4532 static int __cil_permx_to_sepol_class_perms(policydb_t *pdb, struct cil_permissionx *permx, class_perm_node_t **sepol_class_perms)
4545 rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj);
4584 static int __cil_add_sepol_type(policydb_t *pdb, const struct cil_db *db, struct cil_symtab_datum *datum, ebitmap_t *map)
4596 rc = __cil_get_sepol_type_datum(pdb, datum, &sepol_datum);
4601 rc = __cil_get_sepol_type_datum(pdb, datum, &sepol_datum);
4790 static int cil_check_neverallow(const struct cil_db *db, policydb_t *pdb, struct cil_tree_node *node, int *violation)
4809 rc = __cil_add_sepol_type(pdb, db, cil_rule->src, &rule->stypes.types);
4817 rc = __cil_add_sepol_type(pdb, db, cil_rule->tgt, &rule->ttypes.types);
4824 rc = __cil_rule_to_sepol_class_perms(pdb, cil_rule->perms.classperms, &rule->perms);
4829 rc = check_assertion(pdb, rule);
4839 rc = __cil_permx_to_sepol_class_perms(pdb, cil_rule->perms.x.permx, &rule->perms);
4851 rc = check_assertion(pdb, rule);
4877 static int cil_check_neverallows(const struct cil_db *db, policydb_t *pdb, struct cil_list *neverallows, int *violation)
4883 rc = cil_check_neverallow(db, pdb, item->data, violation);
4893 static struct cil_list *cil_classperms_from_sepol(policydb_t *pdb, uint16_t class, uint32_t data, struct cil_class *class_value_to_cil[], struct cil_perm **perm_value_to_cil[])
4897 class_datum_t *sepol_class = pdb->class_val_to_struct[class - 1];
4925 static int cil_avrule_from_sepol(policydb_t *pdb, avtab_ptr_t sepol_rule, struct cil_avrule *cil_rule, void *type_value_to_cil[], struct cil_class *class_value_to_cil[], struct cil_perm **perm_value_to_cil[])
4936 cil_rule->perms.classperms = cil_classperms_from_sepol(pdb, k->target_class, d->data, class_value_to_cil, perm_value_to_cil);
4946 static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void *type_value_to_cil, struct cil_class *class_value_to_cil[], struct cil_perm **perm_value_to_cil[], int *violation)
4960 rc = __cil_get_sepol_type_datum(pdb, DATUM(t), &child);
4963 rc = __cil_get_sepol_type_datum(pdb, DATUM(t->bounds), &parent);
4966 rc = bounds_check_type(NULL, pdb, child->s.value, parent->s.value, &bad, &numbad);
4991 rc = cil_avrule_from_sepol(pdb, cur, &target, type_value_to_cil, class_value_to_cil, perm_value_to_cil);
5049 policydb_t *pdb = &policydb->p;
5082 rc = __cil_policydb_init(pdb, db, class_value_to_cil, perm_value_to_cil);
5103 extra_args.pdb = pdb;
5119 rc = __cil_policydb_val_arrays_create(pdb);
5127 rc = hashtab_map(avrulex_ioctl_table, __cil_avrulex_ioctl_to_policydb, pdb);
5135 rc = cil_sidorder_to_policydb(pdb, db);
5140 rc = __cil_contexts_to_policydb(pdb, db);
5146 if (pdb->type_attr_map == NULL) {
5147 rc = __cil_typeattr_bitmap_init(pdb);
5154 cond_optimize_lists(pdb->cond_list);
5155 __cil_set_conditional_state_and_flags(pdb);
5160 rc = cil_check_neverallows(db, pdb, neverallows, &violation);
5164 rc = bounds_check_users(NULL, pdb);
5170 rc = bounds_check_roles(NULL, pdb);
5176 rc = cil_check_type_bounds(db, pdb, type_value_to_cil, class_value_to_cil, perm_value_to_cil, &violation);
5187 if (hashtab_map(pdb->p_roles.table, policydb_role_cache, pdb)) {
5193 if (hashtab_map(pdb->p_users.table, policydb_user_cache, pdb)) {