Lines Matching refs:db
60 static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db);
61 static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db);
567 struct cil_db *db = extra_args;
584 db->num_classes++;
592 type->value = db->num_types;
593 db->num_types++;
594 db->num_types_and_attrs++;
602 db->num_types_and_attrs++;
611 role->value = db->num_roles;
612 db->num_roles++;
622 user->value = db->num_users;
623 db->num_users++;
628 db->netifcon->count++;
631 db->genfscon->count++;
634 db->filecon->count++;
637 db->nodecon->count++;
640 db->ibpkeycon->count++;
643 db->ibendportcon->count++;
646 db->portcon->count++;
649 db->pirqcon->count++;
652 db->iomemcon->count++;
655 db->ioportcon->count++;
658 db->pcidevicecon->count++;
661 db->devicetreecon->count++;
664 db->fsuse->count++;
675 struct cil_db *db = extra_args;
690 if (db->val_to_type == NULL) {
691 db->val_to_type = cil_malloc(sizeof(*db->val_to_type) * db->num_types);
693 db->val_to_type[type->value] = type;
698 if (db->val_to_role == NULL) {
699 db->val_to_role = cil_malloc(sizeof(*db->val_to_role) * db->num_roles);
701 db->val_to_role[role->value] = role;
706 if (db->val_to_user == NULL) {
707 db->val_to_user = cil_malloc(sizeof(*db->val_to_user) * db->num_users);
709 db->val_to_user[user->value] = user;
713 cil_list_append(db->userprefixes, CIL_USERPREFIX, node->data);
717 cil_list_prepend(db->selinuxusers, CIL_SELINUXUSER, node->data);
721 cil_list_append(db->selinuxusers, CIL_SELINUXUSERDEFAULT, node->data);
725 struct cil_sort *sort = db->netifcon;
736 struct cil_sort *sort = db->ibendportcon;
747 struct cil_sort *sort = db->fsuse;
758 struct cil_sort *sort = db->genfscon;
769 struct cil_sort *sort = db->filecon;
780 struct cil_sort *sort = db->nodecon;
791 struct cil_sort *sort = db->ibpkeycon;
802 struct cil_sort *sort = db->portcon;
813 struct cil_sort *sort = db->pirqcon;
824 struct cil_sort *sort = db->iomemcon;
835 struct cil_sort *sort = db->ioportcon;
846 struct cil_sort *sort = db->pcidevicecon;
857 struct cil_sort *sort = db->devicetreecon;
874 static int __evaluate_type_expression(struct cil_typeattribute *attr, struct cil_db *db)
879 rc = __cil_expr_list_to_bitmap(attr->expr_list, attr->types, db->num_types, db);
889 static int __cil_type_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, struct cil_db *db)
899 rc = __evaluate_type_expression(attr, db);
926 static int __evaluate_user_expression(struct cil_userattribute *attr, struct cil_db *db)
931 rc = __cil_expr_list_to_bitmap(attr->expr_list, attr->users, db->num_users, db);
941 static int __cil_user_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, struct cil_db *db)
953 rc = __evaluate_user_expression(attr, db);
974 static int __evaluate_role_expression(struct cil_roleattribute *attr, struct cil_db *db)
979 rc = __cil_expr_list_to_bitmap(attr->expr_list, attr->roles, db->num_roles, db);
989 static int __cil_role_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, struct cil_db *db)
999 rc = __evaluate_role_expression(attr, db);
1018 static int __evaluate_permissionx_expression(struct cil_permissionx *permx, struct cil_db *db)
1025 rc = __cil_expr_to_bitmap(permx->expr_str, permx->perms, 0x10000, db); // max is one more than 0xFFFF
1058 static int __cil_permx_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, __attribute__((unused)) struct cil_db *db)
1081 static int __cil_perm_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, __attribute__((unused)) struct cil_db *db)
1096 static int __evaluate_cat_expression(struct cil_cats *cats, struct cil_db *db)
1112 rc = __cil_expr_to_bitmap(cats->datum_expr, &bitmap, db->num_cats, db);
1121 cil_list_for_each(curr, db->catorder) {
1140 static int __cil_cat_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitmap, struct cil_db *db)
1151 rc = __evaluate_cat_expression(catset->cats, db);
1257 static int __cil_expr_to_bitmap_helper(struct cil_list_item *curr, enum cil_flavor flavor, ebitmap_t *bitmap, int max, struct cil_db *db)
1264 rc = __cil_type_to_bitmap(curr->data, bitmap, db);
1267 rc = __cil_role_to_bitmap(curr->data, bitmap, db);
1270 rc = __cil_user_to_bitmap(curr->data, bitmap, db);
1273 rc = __cil_perm_to_bitmap(curr->data, bitmap, db);
1276 rc = __cil_cat_to_bitmap(curr->data, bitmap, db);
1284 rc = __cil_expr_to_bitmap(l, bitmap, max, db);
1291 rc = __cil_permx_to_bitmap(curr->data, bitmap, db);
1297 static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db)
1340 rc = __cil_expr_to_bitmap_helper(curr->next, flavor, &b1, max, db);
1355 rc = __cil_expr_to_bitmap_helper(curr->next->next, flavor, &b2, max, db);
1383 rc = __cil_expr_to_bitmap_helper(curr, flavor, &b2, max, db);
1411 static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db)
1426 rc = __cil_expr_to_bitmap(l, &bitmap, max, db);
1442 static int cil_typeattribute_used(struct cil_typeattribute *attr, struct cil_db *db)
1460 if (db->attrs_expand_generated || attr->used == CIL_ATTR_NEVERALLOW) {
1473 if (ebitmap_cardinality(attr->types) < db->attrs_expand_size) {
1537 struct cil_db *db = extra_args;
1554 rc = __evaluate_type_expression(attr, db);
1557 attr->keep = cil_typeattribute_used(attr, db);
1563 rc = __evaluate_role_expression(attr, db);
1571 rc = __evaluate_permissionx_expression(rule->perms.x.permx, db);
1578 rc = __evaluate_permissionx_expression(permx, db);
1585 rc = __evaluate_user_expression(attr, db);
1638 struct cil_db *db = extra_args;
1666 role = db->val_to_role[i];
1724 struct cil_db *db = extra_args;
1757 user = db->val_to_user[i];
1785 static int __evaluate_level_expression(struct cil_level *level, struct cil_db *db)
1788 return __evaluate_cat_expression(level->cats, db);
1794 static int __evaluate_levelrange_expression(struct cil_levelrange *levelrange, struct cil_db *db)
1799 rc = __evaluate_cat_expression(levelrange->low->cats, db);
1805 rc = __evaluate_cat_expression(levelrange->high->cats, db);
1818 struct cil_db *db = extra_args;
1834 rc = __evaluate_cat_expression(catset->cats, db);
1842 rc = __evaluate_cat_expression(senscat->cats, db);
1849 rc = __evaluate_level_expression(node->data, db);
1856 rc = __evaluate_levelrange_expression(node->data, db);
1864 rc = __evaluate_level_expression(user->dftlevel, db);
1868 rc = __evaluate_levelrange_expression(user->range, db);
1877 rc = __evaluate_levelrange_expression(selinuxuser->range, db);
1885 rc = __evaluate_levelrange_expression(rangetrans->range, db);
1893 rc = __evaluate_levelrange_expression(context->range, db);
1901 rc = __evaluate_levelrange_expression(sidcontext->context->range, db);
1910 rc = __evaluate_levelrange_expression(filecon->context->range, db);
1920 rc = __evaluate_levelrange_expression(ibpkeycon->context->range, db);
1928 rc = __evaluate_levelrange_expression(ibendportcon->context->range, db);
1935 rc = __evaluate_levelrange_expression(portcon->context->range, db);
1943 rc = __evaluate_levelrange_expression(nodecon->context->range, db);
1951 rc = __evaluate_levelrange_expression(genfscon->context->range, db);
1959 rc = __evaluate_levelrange_expression(netifcon->if_context->range, db);
1963 rc = __evaluate_levelrange_expression(netifcon->packet_context->range, db);
1971 rc = __evaluate_levelrange_expression(pirqcon->context->range, db);
1979 rc = __evaluate_levelrange_expression(iomemcon->context->range, db);
1987 rc = __evaluate_levelrange_expression(ioportcon->context->range, db);
1995 rc = __evaluate_levelrange_expression(pcidevicecon->context->range, db);
2003 rc = __evaluate_levelrange_expression(devicetreecon->context->range, db);
2011 rc = __evaluate_levelrange_expression(fsuse->context->range, db);
2050 static int __evaluate_perm_expression(struct cil_list *perms, enum cil_flavor flavor, symtab_t *class_symtab, symtab_t *common_symtab, unsigned int num_perms, struct cil_list **new_list, struct cil_db *db)
2061 rc = __cil_expr_to_bitmap(perms, &bitmap, num_perms, db);
2086 static int __evaluate_classperms(struct cil_classperms *cp, struct cil_db *db)
2098 rc = __evaluate_perm_expression(cp->perms, CIL_PERM, &class->perms, common_symtab, class->num_perms, &new_list, db);
2117 static int __evaluate_classperms_list(struct cil_list *classperms, struct cil_db *db)
2126 rc = __evaluate_classperms(cp, db);
2132 rc = __evaluate_classperms(cp, db);
2138 rc = __evaluate_classperms_list(cmp->classperms, db);
2147 rc = __evaluate_classperms_list(cp->classperms, db);
2161 struct cil_db *db;
2170 int rc = __evaluate_classperms_list(cmp->classperms, map_args->db);
2179 static int __evaluate_map_class(struct cil_class *mc, struct cil_db *db)
2183 map_args.db = db;
2193 struct cil_db *db = extra_args;
2207 rc = __evaluate_map_class(node->data, db);
2215 rc = __evaluate_classperms_list(cp->classperms, db);
2223 rc = __evaluate_classperms_list(avrule->perms.classperms, db);
2232 rc = __evaluate_classperms_list(constrain->classperms, db);
2268 static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)(const void *, const void *), int (*concompar)(const void *, const void *), struct cil_db *db, enum cil_flavor flavor, const char *flavor_str)
2292 if (!db->multiple_decls || concompar(&sort->array[i], &sort->array[j]) != 0) {
2302 rc2 = cil_tree_walk(db->ast->root, __cil_post_report_conflict,
2308 rc2 = cil_tree_walk(db->ast->root, __cil_post_report_conflict,
2325 static int cil_post_db(struct cil_db *db)
2329 rc = cil_tree_walk(db->ast->root, __cil_post_db_count_helper, NULL, NULL, db);
2335 rc = cil_tree_walk(db->ast->root, __cil_post_db_array_helper, NULL, NULL, db);
2341 rc = cil_tree_walk(db->ast->root, __cil_post_db_neverallow_attr_helper, NULL, NULL, db);
2347 rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db);
2353 rc = cil_tree_walk(db->ast->root, __cil_post_db_roletype_helper, NULL, NULL, db);
2359 rc = cil_tree_walk(db->ast->root, __cil_post_db_userrole_helper, NULL, NULL, db);
2365 rc = cil_tree_walk(db->ast->root, __cil_post_db_classperms_helper, NULL, NULL, db);
2371 rc = cil_tree_walk(db->ast->root, __cil_post_db_cat_helper, NULL, NULL, db);
2377 rc = __cil_post_process_context_rules(db->netifcon, cil_post_netifcon_compare, cil_post_netifcon_context_compare, db, CIL_NETIFCON, CIL_KEY_NETIFCON);
2383 rc = __cil_post_process_context_rules(db->genfscon, cil_post_genfscon_compare, cil_post_genfscon_context_compare, db, CIL_GENFSCON, CIL_KEY_GENFSCON);
2389 rc = __cil_post_process_context_rules(db->ibpkeycon, cil_post_ibpkeycon_compare, cil_post_ibpkeycon_context_compare, db, CIL_IBPKEYCON, CIL_KEY_IBPKEYCON);
2395 rc = __cil_post_process_context_rules(db->ibendportcon, cil_post_ibendportcon_compare, cil_post_ibendportcon_context_compare, db, CIL_IBENDPORTCON, CIL_KEY_IBENDPORTCON);
2401 rc = __cil_post_process_context_rules(db->portcon, cil_post_portcon_compare, cil_post_portcon_context_compare, db, CIL_PORTCON, CIL_KEY_PORTCON);
2407 rc = __cil_post_process_context_rules(db->nodecon, cil_post_nodecon_compare, cil_post_nodecon_context_compare, db, CIL_NODECON, CIL_KEY_NODECON);
2413 rc = __cil_post_process_context_rules(db->fsuse, cil_post_fsuse_compare, cil_post_fsuse_context_compare, db, CIL_FSUSE, CIL_KEY_FSUSE);
2419 rc = __cil_post_process_context_rules(db->filecon, cil_post_filecon_compare, cil_post_filecon_context_compare, db, CIL_FILECON, CIL_KEY_FILECON);
2425 rc = __cil_post_process_context_rules(db->pirqcon, cil_post_pirqcon_compare, cil_post_pirqcon_context_compare, db, CIL_PIRQCON, CIL_KEY_IOMEMCON);
2431 rc = __cil_post_process_context_rules(db->iomemcon, cil_post_iomemcon_compare, cil_post_iomemcon_context_compare, db, CIL_IOMEMCON, CIL_KEY_IOMEMCON);
2437 rc = __cil_post_process_context_rules(db->ioportcon, cil_post_ioportcon_compare, cil_post_ioportcon_context_compare, db, CIL_IOPORTCON, CIL_KEY_IOPORTCON);
2443 rc = __cil_post_process_context_rules(db->pcidevicecon, cil_post_pcidevicecon_compare, cil_post_pcidevicecon_context_compare, db, CIL_PCIDEVICECON, CIL_KEY_PCIDEVICECON);
2449 rc = __cil_post_process_context_rules(db->devicetreecon, cil_post_devicetreecon_compare, cil_post_devicetreecon_context_compare, db, CIL_DEVICETREECON, CIL_KEY_DEVICETREECON);
2459 static int cil_post_verify(struct cil_db *db)
2472 extra_args.db = db;
2481 rc = cil_tree_walk(db->ast->root, __cil_verify_helper, NULL, NULL, &extra_args);
2488 if (db->handle_unknown == -1) {
2490 db->handle_unknown = SEPOL_DENY_UNKNOWN;
2492 db->handle_unknown = handleunknown;
2496 if (db->mls == -1) {
2498 db->mls = CIL_FALSE;
2500 db->mls = mls;
2521 static int cil_pre_verify(struct cil_db *db)
2526 extra_args.db = db;
2528 rc = cil_tree_walk(db->ast->root, __cil_pre_verify_helper, NULL, NULL, &extra_args);
2538 int cil_post_process(struct cil_db *db)
2542 rc = cil_pre_verify(db);
2548 rc = cil_post_db(db);
2550 cil_log(CIL_ERR, "Failed post db handling\n");
2554 rc = cil_post_verify(db);