assertion.c - OpenGrok cross reference for /third_party/selinux/libsepol/src/assertion.c

Lines Matching defs:avrule
34 	avrule_t *avrule;
47 static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule,
51 	if (avrule->source_filename) {
53 		    avrule->source_line, avrule->source_filename, avrule->line, policy_name(p),
58 	} else if (avrule->line) {
60 		    avrule->line, p->p_type_val_to_name[stype],
146 				policydb_t *p, const avrule_t *avrule,
178 				rc = check_extended_permissions(avrule->xperms, xperms);
181 					extended_permissions_violated(&error, avrule->xperms, xperms);
184 							avrule->source_line, avrule->source_filename, avrule->line, policy_name(p),
200 				avrule->source_line, avrule->source_filename, avrule->line, policy_name(p),
219 	avrule_t *avrule = a->avrule;
225 	const int is_avrule_self = (avrule->flags & RULE_SELF) != 0;
230 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
237 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
245 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);
264 	for (cp = avrule->perms; cp; cp = cp->next) {
275 				if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
276 					a->errors += report_assertion_extended_permissions(handle,p, avrule,
280 					report_failure(handle, p, avrule, i, j, cp, perms);
294 static int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avrule_t *avrule)
301 	args.avrule = avrule;
324 static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t *avtab,
331 	av_extended_perms_t *neverallow_xperms = avrule->xperms;
365  * avrule neverallowxperm entry, enumerate over the matching
379 static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab,
385 	const int is_avrule_self = (avrule->flags & RULE_SELF) != 0;
392 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
402 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types,
428 			if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) {
445 static int check_assertion_self_match(avtab_key_t *k, avrule_t *avrule, policydb_t *p)
450 	/* The key's target must match something in the matches of the avrule's source
454 	rc = ebitmap_and(&src_matches, &avrule->stypes.types, &p->attr_type_map[k->source_type - 1]);
476 	avrule_t *avrule = a->avrule;
482 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
485 	if (!ebitmap_match_any(&avrule->stypes.types, &p->attr_type_map[k->source_type - 1]))
489 	if (!ebitmap_match_any(&avrule->ttypes.types, &p->attr_type_map[k->target_type -1])) {
490 		if (avrule->flags == RULE_SELF) {
491 			rc = check_assertion_self_match(k, avrule, p);
501 	if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
502 		rc = check_assertion_extended_permissions(avrule, avtab, k, p);
517 int check_assertion(policydb_t *p, avrule_t *avrule)
524 	args.avrule = avrule;