Lines Matching refs:state
54 static void expand_state_init(expand_state_t * state)
56 memset(state, 0, sizeof(expand_state_t));
112 expand_state_t *state;
116 state = (expand_state_t *) data;
123 if (!is_id_enabled(id, state->base, SYM_TYPES)) {
128 if (state->verbose)
129 INFO(state->handle, "copying type or attribute %s", id);
133 ERR(state->handle, "Out of memory!");
139 ERR(state->handle, "Out of memory!");
147 new_type->s.value = ++state->out->p_types.nprim;
151 ERR(state->handle, "type space overflow");
155 state->typemap[type->s.value - 1] = new_type->s.value;
157 ret = hashtab_insert(state->out->p_types.table,
163 ERR(state->handle, "hashtab overflow");
168 if (ebitmap_set_bit(&state->out->permissive_map, new_type->s.value, 1)) {
169 ERR(state->handle, "Out of memory!");
181 expand_state_t *state;
186 state = (expand_state_t *) data;
191 if (!is_id_enabled(id, state->base, SYM_TYPES)) {
196 if (state->verbose)
197 INFO(state->handle, "converting attribute %s", id);
199 new_type = hashtab_search(state->out->p_types.table, id);
201 ERR(state->handle, "attribute %s vanished!", id);
204 if (map_ebitmap(&type->types, &tmp_union, state->typemap)) {
205 ERR(state->handle, "out of memory");
211 ERR(state->handle, "Out of memory!");
262 expand_state_t *state;
266 state = (expand_state_t *) data;
268 if (state->verbose)
269 INFO(state->handle, "copying common %s", id);
273 ERR(state->handle, "Out of memory!");
278 ERR(state->handle, "Out of memory!");
285 ERR(state->handle, "Out of memory!");
293 state->out->p_commons.nprim++;
296 hashtab_insert(state->out->p_commons.table, new_id,
299 ERR(state->handle, "hashtab overflow");
308 ERR(state->handle, "Out of memory!");
317 expand_state_t * state)
350 state->typemap)) {
355 if (expand_convert_type_set(state->out,
356 state->
365 if (map_ebitmap(&expr->names, &new_expr->names, state->rolemap)) {
368 if (ebitmap_expand_roles(state->out, &new_expr->names)) {
372 if (map_ebitmap(&expr->names, &new_expr->names, state->usermap)) {
402 ERR(state->handle, "Out of memory!");
409 static int class_copy_default_new_object(expand_state_t *state,
415 ERR(state->handle, "Found conflicting default user definitions");
423 ERR(state->handle, "Found conflicting default role definitions");
430 ERR(state->handle, "Found conflicting default type definitions");
437 ERR(state->handle, "Found conflicting default range definitions");
451 expand_state_t *state;
455 state = (expand_state_t *) data;
457 if (!is_id_enabled(id, state->base, SYM_CLASSES)) {
462 if (state->verbose)
463 INFO(state->handle, "copying class %s", id);
467 ERR(state->handle, "Out of memory!");
472 ERR(state->handle, "Out of memory!");
478 state->out->p_classes.nprim++;
480 ret = class_copy_default_new_object(state, class, new_class);
488 ERR(state->handle, "Out of memory!");
494 hashtab_insert(state->out->p_classes.table, new_id,
497 ERR(state->handle, "hashtab overflow");
506 ERR(state->handle, "hashtab overflow");
513 ERR(state->handle, "Out of memory!");
518 hashtab_search(state->out->p_commons.table,
521 ERR(state->handle, "could not find common datum %s",
537 expand_state_t *state;
541 state = (expand_state_t *) data;
543 new_class = hashtab_search(state->out->p_classes.table, id);
545 ERR(state->handle, "class %s vanished", id);
551 (&new_class->constraints, class->constraints, state) == -1
553 class->validatetrans, state) == -1) {
566 expand_state_t *state = (expand_state_t *) data;
574 if (!is_id_enabled((char *)key, state->base, SYM_TYPES))
577 bounds_val = state->typemap[type->bounds - 1];
579 dest = hashtab_search(state->out->p_types.table, (char *)key);
581 ERR(state->handle, "Type lookup failed for %s", (char *)key);
585 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
596 expand_state_t *state = (expand_state_t *) data;
604 if (!is_id_enabled((char *)key, state->base, SYM_ROLES))
607 bounds_val = state->rolemap[role->bounds - 1];
609 dest = hashtab_search(state->out->p_roles.table, (char *)key);
611 ERR(state->handle, "Role lookup failed for %s", (char *)key);
615 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
626 expand_state_t *state = (expand_state_t *) data;
634 if (!is_id_enabled((char *)key, state->base, SYM_USERS))
637 bounds_val = state->usermap[user->bounds - 1];
639 dest = hashtab_search(state->out->p_users.table, (char *)key);
641 ERR(state->handle, "User lookup failed for %s", (char *)key);
645 ERR(state->handle, "Inconsistent boundary for %s", (char *)key);
664 expand_state_t *state;
669 state = (expand_state_t *) data;
684 if (!is_id_enabled(state->base->p_type_val_to_name[prival - 1],
685 state->base, SYM_TYPES)) {
691 if (state->verbose)
692 INFO(state->handle, "copying alias %s", id);
696 ERR(state->handle, "Out of memory!");
702 ERR(state->handle, "Out of memory!");
708 new_alias->s.value = state->typemap[alias->s.value - 1];
710 new_alias->s.value = state->typemap[alias->primary - 1];
716 ret = hashtab_insert(state->out->p_types.table,
721 ERR(state->handle, "hashtab overflow");
727 state->typemap[alias->s.value - 1] = new_alias->s.value;
730 if (ebitmap_set_bit(&state->out->permissive_map, new_alias->s.value, 1)) {
731 ERR(state->handle, "Out of memory!");
742 expand_state_t *state = (expand_state_t *) data;
744 if (map_ebitmap(&role->dominates, &mapped_roles, state->rolemap))
760 * invoked after role_copy_callback so that state->rolemap is available.
767 expand_state_t *state;
774 state = (expand_state_t *)data;
781 if (!is_id_enabled(id, state->base, SYM_ROLES)) {
789 if (state->verbose)
790 INFO(state->handle, "fixing role attribute %s", id);
793 (role_datum_t *)hashtab_search(state->out->p_roles.table, id);
798 if (map_ebitmap(&role->roles, &mapped_roles, state->rolemap))
801 ERR(state->handle, "Out of memory!");
810 base_reg_role_id = state->base->p_role_val_to_name[i];
812 state->out->p_roles.table,
819 ERR(state->handle, "Out of memory!");
834 expand_state_t *state;
839 state = (expand_state_t *) data;
843 state->rolemap[role->s.value - 1] = 1;
847 if (!is_id_enabled(id, state->base, SYM_ROLES)) {
852 if (state->verbose)
853 INFO(state->handle, "copying role %s", id);
856 (role_datum_t *) hashtab_search(state->out->p_roles.table, id);
860 ERR(state->handle, "Out of memory!");
867 ERR(state->handle, "Out of memory!");
872 state->out->p_roles.nprim++;
874 new_role->s.value = state->out->p_roles.nprim;
875 state->rolemap[role->s.value - 1] = new_role->s.value;
876 ret = hashtab_insert(state->out->p_roles.table,
881 ERR(state->handle, "hashtab overflow");
892 ERR(state->handle, "Out of memory!");
900 (state->out, state->typemap, &role->types, &tmp_union_types, 1)) {
902 ERR(state->handle, "Out of memory!");
907 ERR(state->handle, "Out of memory!");
994 expand_state_t *state;
1002 state = (expand_state_t *) data;
1004 if (!is_id_enabled(id, state->base, SYM_USERS)) {
1009 if (state->verbose)
1010 INFO(state->handle, "copying user %s", id);
1013 (user_datum_t *) hashtab_search(state->out->p_users.table, id);
1017 ERR(state->handle, "Out of memory!");
1022 state->out->p_users.nprim++;
1023 new_user->s.value = state->out->p_users.nprim;
1024 state->usermap[user->s.value - 1] = new_user->s.value;
1028 ERR(state->handle, "Out of memory!");
1032 ret = hashtab_insert(state->out->p_users.table,
1036 ERR(state->handle, "hashtab overflow");
1046 state->out, state->handle)) {
1051 state->out, state->handle)) {
1057 ERR(state->handle, "default level not within user "
1067 state->out, state->handle)) {
1071 state->out, state->handle)) {
1088 if (role_set_expand(&user->roles, &tmp_union, state->out, state->base, state->rolemap)) {
1089 ERR(state->handle, "Out of memory!");
1095 ERR(state->handle, "Out of memory!");
1108 expand_state_t *state;
1114 state = (expand_state_t *) data;
1116 if (!is_id_enabled(id, state->base, SYM_BOOLS)) {
1126 if (state->verbose)
1127 INFO(state->handle, "copying boolean %s", id);
1131 ERR(state->handle, "Out of memory!");
1137 ERR(state->handle, "Out of memory!");
1142 state->out->p_bools.nprim++;
1143 new_bool->s.value = state->out->p_bools.nprim;
1145 ret = hashtab_insert(state->out->p_bools.table,
1149 ERR(state->handle, "hashtab overflow");
1155 state->boolmap[bool->s.value - 1] = new_bool->s.value;
1157 new_bool->state = bool->state;
1166 expand_state_t *state = (expand_state_t *) data;
1170 if (!is_id_enabled(id, state->base, SYM_LEVELS)) {
1175 if (state->verbose)
1176 INFO(state->handle, "copying sensitivity level %s", id);
1194 state->out->p_levels.nprim++;
1196 if (hashtab_insert(state->out->p_levels.table,
1204 ERR(state->handle, "Out of memory!");
1218 expand_state_t *state = (expand_state_t *) data;
1222 if (!is_id_enabled(id, state->base, SYM_CATS)) {
1227 if (state->verbose)
1228 INFO(state->handle, "copying category attribute %s", id);
1240 state->out->p_cats.nprim++;
1241 if (hashtab_insert(state->out->p_cats.table,
1249 ERR(state->handle, "Out of memory!");
1256 static int copy_role_allows(expand_state_t * state, role_allow_rule_t * rules)
1265 for (l = state->out->role_allow; l && l->next; l = l->next) ;
1272 if (role_set_expand(&cur->roles, &roles, state->out, state->base, state->rolemap)) {
1273 ERR(state->handle, "Out of memory!");
1277 if (role_set_expand(&cur->new_roles, &new_roles, state->out, state->base, state->rolemap)) {
1278 ERR(state->handle, "Out of memory!");
1285 cur_allow = state->out->role_allow;
1297 ERR(state->handle, "Out of memory!");
1306 state->out->role_allow = n;
1321 static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
1330 for (l = state->out->role_tr; l && l->next; l = l->next) ;
1337 if (role_set_expand(&cur->roles, &roles, state->out, state->base, state->rolemap)) {
1338 ERR(state->handle, "Out of memory!");
1342 (state->out, state->typemap, &cur->types, &types, 1)) {
1343 ERR(state->handle, "Out of memory!");
1349 cur_trans = state->out->role_tr;
1353 mapped_role = state->rolemap[cur->new_role - 1];
1364 ERR(state->handle,
1366 state->out->p_role_val_to_name[i],
1367 state->out->p_type_val_to_name[j],
1368 state->out->p_class_val_to_name[k],
1369 state->out->p_role_val_to_name[mapped_role - 1],
1370 state->out->p_role_val_to_name[cur_trans->new_role - 1]);
1382 ERR(state->handle,
1390 n->new_role = state->rolemap
1395 state->out->role_tr = n;
1410 static int expand_filename_trans_helper(expand_state_t *state,
1417 mapped_otype = state->typemap[rule->otype - 1];
1420 state->out, s + 1, t + 1,
1429 ERR(state->handle, "Conflicting name-based type_transition %s %s:%s \"%s\": %s vs %s",
1430 state->out->p_type_val_to_name[s],
1431 state->out->p_type_val_to_name[t],
1432 state->out->p_class_val_to_name[rule->tclass - 1],
1434 state->out->p_type_val_to_name[present_otype - 1],
1435 state->out->p_type_val_to_name[mapped_otype - 1]);
1438 ERR(state->handle, "Out of memory!");
1444 static int expand_filename_trans(expand_state_t *state, filename_trans_rule_t *rules)
1457 if (expand_convert_type_set(state->out, state->typemap,
1459 ERR(state->handle, "Out of memory!");
1463 if (expand_convert_type_set(state->out, state->typemap,
1465 ERR(state->handle, "Out of memory!");
1473 state, cur_rule, i, j
1480 state, cur_rule, i, i
1497 expand_state_t * state)
1505 ERR(state->handle, "Out of memory!");
1509 if (mls_semantic_range_expand(trange, exp_range, state->out,
1510 state->handle))
1517 r = hashtab_search(state->out->range_tr, (hashtab_key_t) &key);
1527 ERR(state->handle,
1529 state->out->p_type_val_to_name[stype - 1],
1530 state->out->p_type_val_to_name[ttype - 1],
1531 state->out->p_class_val_to_name[tclass - 1]);
1537 ERR(state->handle, "Out of memory!");
1544 rc = hashtab_insert(state->out->range_tr, (hashtab_key_t) rt,
1547 ERR(state->handle, "Out of memory!");
1562 static int expand_range_trans(expand_state_t * state,
1571 if (state->verbose)
1572 INFO(state->handle, "expanding range transitions");
1579 if (expand_convert_type_set(state->out, state->typemap,
1581 ERR(state->handle, "Out of memory!");
1584 if (expand_convert_type_set(state->out, state->typemap,
1587 ERR(state->handle, "Out of memory!");
1601 state)) {
2002 int enabled, expand_state_t * state)
2008 if (convert_and_expand_rule(state->handle, dest_pol,
2021 static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
2029 cur->bool = state->boolmap[cur->bool - 1];
2034 cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
2036 if (cond_normalize_expr(state->out, cn)) {
2037 ERR(state->handle, "Error while normalizing conditional");
2047 static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
2054 if (cond_node_copy(state, cn->next)) {
2064 if (cond_normalize_expr(state->base, cn)) {
2065 ERR(state->handle, "Error while normalizing conditional");
2071 tmp = cond_node_create(state->base, cn);
2073 ERR(state->handle, "Out of memory");
2077 if (cond_node_map_bools(state, tmp)) {
2080 ERR(state->handle, "Error mapping booleans");
2084 new_cond = cond_node_search(state->out, state->out->cond_list, tmp);
2088 ERR(state->handle, "Out of memory!");
2095 (state->out, cn->avtrue_list, &state->out->te_cond_avtab,
2096 &new_cond->true_list, &new_cond->false_list, state->typemap,
2097 new_cond->cur_state, state))
2100 (state->out, cn->avfalse_list, &state->out->te_cond_avtab,
2101 &new_cond->false_list, &new_cond->true_list, state->typemap,
2102 !new_cond->cur_state, state))
2109 expand_state_t * state)
2111 dst->user = state->usermap[src->user - 1];
2112 dst->role = state->rolemap[src->role - 1];
2113 dst->type = state->typemap[src->type - 1];
2117 static int ocontext_copy_xen(expand_state_t *state)
2124 for (c = state->base->ocontexts[i]; c; c = c->next) {
2126 INFO(state->handle,
2133 ERR(state->handle, "Out of memory!");
2140 state->out->ocontexts[i] = n;
2164 ERR(state->handle, "Out of memory!");
2170 ERR(state->handle, "Unknown ocontext");
2174 state)) {
2175 ERR(state->handle, "Out of memory!");
2183 static int ocontext_copy_selinux(expand_state_t *state)
2190 for (c = state->base->ocontexts[i]; c; c = c->next) {
2192 INFO(state->handle,
2199 ERR(state->handle, "Out of memory!");
2206 state->out->ocontexts[i] = n;
2216 ERR(state->handle, "Out of memory!");
2220 (&n->context[1], &c->context[1], state)) {
2221 ERR(state->handle, "Out of memory!");
2234 ERR(state->handle, "Out of memory!");
2252 ERR(state->handle, "Out of memory!");
2264 ERR(state->handle, "Unknown ocontext");
2267 if (context_copy(&n->context[0], &c->context[0], state)) {
2268 ERR(state->handle, "Out of memory!");
2276 static int ocontext_copy(expand_state_t *state, uint32_t target)
2281 rc = ocontext_copy_selinux(state);
2284 rc = ocontext_copy_xen(state);
2287 ERR(state->handle, "Unknown target");
2293 static int genfs_copy(expand_state_t * state)
2299 for (genfs = state->base->genfs; genfs; genfs = genfs->next) {
2302 ERR(state->handle, "Out of memory!");
2309 ERR(state->handle, "Out of memory!");
2313 state->out->genfs = newgenfs;
2322 ERR(state->handle, "Out of memory!");
2328 ERR(state->handle, "Out of memory!");
2333 context_copy(&newc->context[0], &c->context[0], state);
2349 expand_state_t *state = ptr;
2350 policydb_t *p = state->out;
2383 ERR(state->handle, "Out of memory!");
2738 * rules are copied or expanded as per the settings in the state object; all
2742 static int copy_and_expand_avrule_block(expand_state_t * state)
2744 avrule_block_t *curblock = state->base->global;
2748 if (avtab_alloc(&state->out->te_avtab, MAX_AVTAB_SIZE)) {
2749 ERR(state->handle, "Out of Memory!");
2753 if (avtab_alloc(&state->out->te_cond_avtab, MAX_AVTAB_SIZE)) {
2754 ERR(state->handle, "Out of Memory!");
2768 if (copy_role_allows(state, decl->role_allow_rules) != 0 ||
2769 copy_role_trans(state, decl->role_tr_rules) != 0) {
2773 if (expand_filename_trans(state, decl->filename_trans_rules))
2777 if (expand_range_trans(state, decl->range_tr_rules))
2783 if (!(state->expand_neverallow)
2787 (state->out, state->typemap, cur_avrule))
2788 ERR(state->handle,
2792 state->out->unsupported_format = 1;
2794 (state->handle, state->out, state->typemap,
2795 cur_avrule, &state->out->te_avtab, NULL,
2797 state->expand_neverallow) !=
2806 if (cond_node_copy(state, decl->cond_list))
2813 if (state->handle && state->handle->expand_consume_base) {
2817 state->base->global = curblock;
2839 expand_state_t state;
2841 expand_state_init(&state);
2843 state.base = base;
2844 state.out = out;
2845 state.typemap = typemap;
2846 state.boolmap = boolmap;
2847 state.rolemap = rolemap;
2848 state.usermap = usermap;
2849 state.handle = handle;
2850 state.verbose = verbose;
2851 state.expand_neverallow = expand_neverallow;
2853 return copy_and_expand_avrule_block(&state);
2869 * is about tunable, calculate its state value and concatenate one of
2966 expand_state_t state;
2970 * of its home decl depending on its state value, so that the effect
2979 expand_state_init(&state);
2981 state.verbose = verbose;
2982 state.typemap = NULL;
2983 state.base = base;
2984 state.out = out;
2985 state.handle = handle;
2992 state.out->policy_type = POLICY_KERN;
2993 state.out->policyvers = POLICYDB_VERSION_MAX;
2994 if (state.base->name) {
2995 state.out->name = strdup(state.base->name);
2998 /* Copy mls state from base to out */
3011 if ((state.typemap =
3012 (uint32_t *) calloc(state.base->p_types.nprim,
3018 state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
3019 if (!state.boolmap) {
3024 state.rolemap = (uint32_t *)calloc(state.base->p_roles.nprim, sizeof(uint32_t));
3025 if (!state.rolemap) {
3030 state.usermap = (uint32_t *)calloc(state.base->p_users.nprim, sizeof(uint32_t));
3031 if (!state.usermap) {
3039 if (hashtab_map(state.base->p_types.table, type_copy_callback, &state)) {
3045 (state.base->p_types.table, attr_convert_callback, &state)) {
3051 (state.base->p_commons.table, common_copy_callback, &state)) {
3058 (state.base->p_classes.table, class_copy_callback, &state)) {
3063 if (hashtab_map(state.base->p_types.table,
3064 type_bounds_copy_callback, &state))
3068 if (hashtab_map(state.base->p_types.table, alias_copy_callback, &state))
3078 if (hashtab_map(state.base->p_roles.table, role_copy_callback, &state))
3080 if (hashtab_map(state.base->p_roles.table,
3081 role_bounds_copy_callback, &state))
3086 if (hashtab_map(state.base->p_levels.table, sens_copy_callback, &state))
3088 if (hashtab_map(state.base->p_cats.table, cats_copy_callback, &state))
3096 if (hashtab_map(state.base->p_users.table, user_copy_callback, &state))
3098 if (hashtab_map(state.base->p_users.table,
3099 user_bounds_copy_callback, &state))
3103 if (hashtab_map(state.base->p_bools.table, bool_copy_callback, &state))
3116 for (curblock = state.base->global; curblock != NULL;
3127 (decl->p_types.table, attr_convert_callback, &state)) {
3133 (decl->p_roles.table, role_copy_callback, &state))
3138 (decl->p_users.table, user_copy_callback, &state))
3144 if (hashtab_map(state.out->p_roles.table, role_remap_dominates, &state)) {
3150 if (hashtab_map(state.base->p_roles.table, role_fix_callback, &state))
3153 if (copy_and_expand_avrule_block(&state) < 0) {
3160 (state.base->p_classes.table, constraint_copy_callback, &state)) {
3164 cond_optimize_lists(state.out->cond_list);
3165 if (evaluate_conds(state.out))
3169 if (ocontext_copy(&state, out->target_platform))
3173 if (genfs_copy(&state))
3177 state.out->attr_type_map = calloc(state.out->p_types.nprim,
3179 state.out->type_attr_map = calloc(state.out->p_types.nprim,
3181 if (!state.out->attr_type_map || !state.out->type_attr_map) {
3185 for (i = 0; i < state.out->p_types.nprim; i++) {
3187 if (ebitmap_set_bit(&state.out->type_attr_map[i], i, 1)) {
3192 if (hashtab_map(state.out->p_types.table, type_attr_map, &state))
3195 if (hierarchy_check_constraints(handle, state.out))
3199 (handle, state.out,
3200 state.out->global->branch_list->avrules))
3207 free(state.typemap);
3208 free(state.boolmap);
3209 free(state.rolemap);
3210 free(state.usermap);