Lines Matching refs:pdb
31 static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
46 char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
121 static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr *expr, int *use_mls)
185 names = ebitmap_to_str(&ts->types, pdb->p_type_val_to_name, 1);
187 names = ebitmap_to_str(&curr->names, pdb->p_user_val_to_name, 1);
189 names = ebitmap_to_str(&curr->names, pdb->p_role_val_to_name, 1);
274 static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
292 expr = constraint_expr_to_str(pdb, curr->expr, &is_mls);
298 perms = sepol_av_to_string(pdb, class->s.value, curr->permissions);
321 static int class_validatetrans_rules_to_strs(struct policydb *pdb, char *classkey,
334 expr = constraint_expr_to_str(pdb, curr->expr, &is_mls);
359 static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, struct strs *non_mls_strs)
366 for (i=0; i < pdb->p_classes.nprim; i++) {
367 class = pdb->class_val_to_struct[i];
370 name = pdb->p_class_val_to_name[i];
371 rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs);
385 static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, struct strs *non_mls_strs)
392 for (i=0; i < pdb->p_classes.nprim; i++) {
393 class = pdb->class_val_to_struct[i];
396 name = pdb->p_class_val_to_name[i];
397 rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs);
411 static int write_handle_unknown_to_cil(FILE *out, struct policydb *pdb)
415 switch (pdb->handle_unknown) {
426 sepol_log_err("Unknown value for handle-unknown: %i", pdb->handle_unknown);
461 static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb)
471 for (i=0; i < pdb->p_classes.nprim; i++) {
472 class = pdb->class_val_to_struct[i];
474 name = pdb->p_class_val_to_name[i];
487 for (i=0; i < pdb->p_classes.nprim; i++) {
491 name = pdb->p_class_val_to_name[i];
499 for (i=0; i < pdb->p_classes.nprim; i++) {
500 class = pdb->class_val_to_struct[i];
502 name = pdb->p_class_val_to_name[i];
509 used = calloc(pdb->p_commons.nprim, sizeof(*used));
515 for (i=0; i < pdb->p_classes.nprim; i++) {
516 class = pdb->class_val_to_struct[i];
520 common = hashtab_search(pdb->p_commons.table, name);
625 static int write_sid_decl_rules_to_cil(FILE *out, struct policydb *pdb)
629 if (pdb->target_platform == SEPOL_TARGET_SELINUX) {
631 pdb->ocontexts[0]);
632 } else if (pdb->target_platform == SEPOL_TARGET_XEN) {
634 pdb->ocontexts[0]);
636 sepol_log_err("Unknown target platform: %i", pdb->target_platform);
738 static int write_default_rules_to_cil(FILE *out, struct policydb *pdb)
745 for (i=0; i < pdb->p_classes.nprim; i++) {
746 class = pdb->class_val_to_struct[i];
749 rc = write_default_user_to_cil(out, pdb->p_class_val_to_name[i], class);
757 for (i=0; i < pdb->p_classes.nprim; i++) {
758 class = pdb->class_val_to_struct[i];
761 rc = write_default_role_to_cil(out, pdb->p_class_val_to_name[i], class);
769 for (i=0; i < pdb->p_classes.nprim; i++) {
770 class = pdb->class_val_to_struct[i];
773 rc = write_default_type_to_cil(out, pdb->p_class_val_to_name[i], class);
780 if (!pdb->mls) {
785 for (i=0; i < pdb->p_classes.nprim; i++) {
786 class = pdb->class_val_to_struct[i];
789 rc = write_default_range_to_cil(out, pdb->p_class_val_to_name[i], class);
835 static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
844 for (i=0; i < pdb->p_levels.nprim; i++) {
845 name = pdb->p_sens_val_to_name[i];
852 for (i=0; i < pdb->p_levels.nprim; i++) {
853 name = pdb->p_sens_val_to_name[i];
864 rc = hashtab_map(pdb->p_levels.table, map_count_sensitivity_aliases, &num);
880 rc = hashtab_map(pdb->p_levels.table, map_sensitivity_aliases_to_strs, strs);
896 level = hashtab_search(pdb->p_levels.table, name);
901 actual = pdb->p_sens_val_to_name[level->level->sens - 1];
939 static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
948 for (i=0; i < pdb->p_cats.nprim; i++) {
949 name = pdb->p_cat_val_to_name[i];
956 for (i=0; i < pdb->p_cats.nprim; i++) {
957 name = pdb->p_cat_val_to_name[i];
968 rc = hashtab_map(pdb->p_cats.table, map_count_category_aliases, &num);
984 rc = hashtab_map(pdb->p_cats.table, map_category_aliases_to_strs, strs);
1000 cat = hashtab_search(pdb->p_cats.table, name);
1005 actual = pdb->p_cat_val_to_name[cat->s.value - 1];
1117 static int write_sensitivitycategory_rules_to_cil(FILE *out, struct policydb *pdb)
1125 for (i=0; i < pdb->p_levels.nprim; i++) {
1126 name = pdb->p_sens_val_to_name[i];
1128 level = hashtab_search(pdb->p_levels.table, name);
1136 cats = cats_ebitmap_to_str(&level->level->cat, pdb->p_cat_val_to_name);
1150 static int write_mls_rules_to_cil(FILE *out, struct policydb *pdb)
1154 if (!pdb->mls) {
1163 rc = write_sensitivity_rules_to_cil(out, pdb);
1168 rc = write_category_rules_to_cil(out, pdb);
1173 rc = write_sensitivitycategory_rules_to_cil(out, pdb);
1186 static int write_polcap_rules_to_cil(FILE *out, struct policydb *pdb)
1199 ebitmap_for_each_positive_bit(&pdb->policycaps, node, i) {
1227 static int write_type_attributes_to_cil(FILE *out, struct policydb *pdb)
1235 rc = strs_init(&strs, pdb->p_types.nprim);
1240 for (i=0; i < pdb->p_types.nprim; i++) {
1241 type = pdb->type_val_to_struct[i];
1243 rc = strs_add(strs, pdb->p_type_val_to_name[i]);
1272 static int write_role_attributes_to_cil(FILE *out, struct policydb *pdb)
1280 rc = strs_init(&strs, pdb->p_roles.nprim);
1285 for (i=0; i < pdb->p_roles.nprim; i++) {
1286 role = pdb->role_val_to_struct[i];
1288 rc = strs_add(strs, pdb->p_role_val_to_name[i]);
1328 static int write_boolean_decl_rules_to_cil(FILE *out, struct policydb *pdb)
1338 rc = hashtab_map(pdb->p_bools.table, map_boolean_to_strs, strs);
1357 static int write_type_decl_rules_to_cil(FILE *out, struct policydb *pdb)
1365 rc = strs_init(&strs, pdb->p_types.nprim);
1370 for (i=0; i < pdb->p_types.nprim; i++) {
1371 type = pdb->type_val_to_struct[i];
1373 rc = strs_add(strs, pdb->p_type_val_to_name[i]);
1425 static int write_type_alias_rules_to_cil(FILE *out, struct policydb *pdb)
1434 rc = hashtab_map(pdb->p_types.table, map_count_type_aliases, &num);
1444 rc = hashtab_map(pdb->p_types.table, map_type_aliases_to_strs, strs);
1466 alias = hashtab_search(pdb->p_types.table, name);
1471 type = pdb->p_type_val_to_name[alias->s.value - 1];
1485 static int write_type_bounds_rules_to_cil(FILE *out, struct policydb *pdb)
1494 rc = strs_init(&strs, pdb->p_types.nprim);
1499 for (i=0; i < pdb->p_types.nprim; i++) {
1500 type = pdb->type_val_to_struct[i];
1503 rc = strs_add(strs, pdb->p_type_val_to_name[i]);
1520 type = hashtab_search(pdb->p_types.table, child);
1525 parent = pdb->p_type_val_to_name[type->bounds - 1];
1539 static int write_type_attribute_sets_to_cil(FILE *out, struct policydb *pdb)
1548 rc = strs_init(&strs, pdb->p_types.nprim);
1553 for (i=0; i < pdb->p_types.nprim; i++) {
1554 attr = pdb->type_val_to_struct[i];
1556 name = pdb->p_type_val_to_name[i];
1557 typemap = &pdb->attr_type_map[i];
1559 types = ebitmap_to_str(typemap, pdb->p_type_val_to_name, 1);
1587 static int write_type_permissive_rules_to_cil(FILE *out, struct policydb *pdb)
1595 rc = strs_init(&strs, pdb->p_types.nprim);
1600 ebitmap_for_each_positive_bit(&pdb->permissive_map, node, i) {
1601 rc = strs_add(strs, pdb->p_type_val_to_name[i-1]);
1704 static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_datum_t *datum)
1746 src = pdb->p_type_val_to_name[key->source_type - 1];
1747 tgt = pdb->p_type_val_to_name[key->target_type - 1];
1749 type = pdb->type_val_to_struct[key->source_type - 1];
1754 class = pdb->p_class_val_to_name[key->target_class - 1];
1757 perms = sepol_av_to_string(pdb, key->target_class, data);
1774 new = pdb->p_type_val_to_name[data - 1];
1790 struct policydb *pdb;
1799 struct policydb *pdb = map_args->pdb;
1805 rule = avtab_node_to_str(pdb, key, datum);
1821 static int write_avtab_flavor_to_cil(FILE *out, struct policydb *pdb, uint32_t flavor, int indent)
1832 args.pdb = pdb;
1836 rc = avtab_map(&pdb->te_avtab, map_avtab_write_helper, &args);
1851 static int write_avtab_to_cil(FILE *out, struct policydb *pdb, int indent)
1857 rc = write_avtab_flavor_to_cil(out, pdb, avtab_flavors[i], indent);
1872 struct policydb *pdb;
1881 struct policydb *pdb = map_args->pdb;
1888 tgt = pdb->p_type_val_to_name[ft->ttype - 1];
1889 class = pdb->p_class_val_to_name[ft->tclass - 1];
1892 new = pdb->p_type_val_to_name[datum->otype - 1];
1895 src = pdb->p_type_val_to_name[bit];
1909 static int write_filename_trans_rules_to_cil(FILE *out, struct policydb *pdb)
1920 args.pdb = pdb;
1923 rc = hashtab_map(pdb->filename_trans, map_filename_trans_to_str, &args);
1942 static char *level_to_str(struct policydb *pdb, struct mls_level *level)
1946 char *sens_str = pdb->p_sens_val_to_name[level->sens - 1];
1950 cats_str = cats_ebitmap_to_str(cats, pdb->p_cat_val_to_name);
1960 static char *range_to_str(struct policydb *pdb, mls_range_t *range)
1966 low = level_to_str(pdb, &range->level[0]);
1971 high = level_to_str(pdb, &range->level[1]);
1986 struct policydb *pdb;
1995 struct policydb *pdb = map_args->pdb;
2000 src = pdb->p_type_val_to_name[rt->source_type - 1];
2001 tgt = pdb->p_type_val_to_name[rt->target_type - 1];
2002 class = pdb->p_class_val_to_name[rt->target_class - 1];
2003 range = range_to_str(pdb, mls_range);
2020 static int write_range_trans_rules_to_cil(FILE *out, struct policydb *pdb)
2031 args.pdb = pdb;
2034 rc = hashtab_map(pdb->range_tr, map_range_trans_to_str, &args);
2053 static int write_cond_av_list_to_cil(FILE *out, struct policydb *pdb, cond_av_list_t *cond_list, int indent)
2077 rule = avtab_node_to_str(pdb, key, datum);
2116 static int write_cond_nodes_to_cil(FILE *out, struct policydb *pdb)
2124 for (cond = pdb->cond_list; cond != NULL; cond = cond->next) {
2135 for (cond = pdb->cond_list; cond != NULL; cond = cond->next) {
2137 expr = cond_expr_to_str(pdb, cond->expr);
2157 rc = write_cond_av_list_to_cil(out, pdb, cond->true_list, 2);
2168 rc = write_cond_av_list_to_cil(out, pdb, cond->false_list, 2);
2193 static int write_role_decl_rules_to_cil(FILE *out, struct policydb *pdb)
2203 rc = strs_init(&strs, pdb->p_roles.nprim);
2208 for (i=0; i < pdb->p_roles.nprim; i++) {
2209 role = pdb->role_val_to_struct[i];
2211 rc = strs_add(strs, pdb->p_role_val_to_name[i]);
2235 role = hashtab_search(pdb->p_roles.table, child);
2242 parent = pdb->p_role_val_to_name[role->bounds - 1];
2252 role = hashtab_search(pdb->p_roles.table, name);
2259 rc = strs_init(&type_strs, pdb->p_types.nprim);
2263 rc = ebitmap_to_strs(types, type_strs, pdb->p_type_val_to_name);
2281 rc = strs_init(&strs, pdb->p_types.nprim);
2286 for (i=0; i < pdb->p_types.nprim; i++) {
2287 type_datum = pdb->type_val_to_struct[i];
2289 rc = strs_add(strs, pdb->p_type_val_to_name[i]);
2318 static int write_role_transition_rules_to_cil(FILE *out, struct policydb *pdb)
2320 role_trans_t *curr = pdb->role_tr;
2331 role = pdb->p_role_val_to_name[curr->role - 1];
2332 type = pdb->p_type_val_to_name[curr->type - 1];
2333 class = pdb->p_class_val_to_name[curr->tclass - 1];
2334 new = pdb->p_role_val_to_name[curr->new_role - 1];
2359 static int write_role_allow_rules_to_cil(FILE *out, struct policydb *pdb)
2361 role_allow_t *curr = pdb->role_allow;
2372 role = pdb->p_role_val_to_name[curr->role - 1];
2373 new = pdb->p_role_val_to_name[curr->new_role - 1];
2397 static int write_user_decl_rules_to_cil(FILE *out, struct policydb *pdb)
2406 rc = strs_init(&strs, pdb->p_users.nprim);
2411 for (i=0; i < pdb->p_users.nprim; i++) {
2412 if (!pdb->p_user_val_to_name[i]) continue;
2413 rc = strs_add(strs, pdb->p_user_val_to_name[i]);
2437 user = hashtab_search(pdb->p_users.table, name);
2445 rc = strs_init(&role_strs, pdb->p_roles.nprim);
2449 rc = ebitmap_to_strs(roles, role_strs, pdb->p_role_val_to_name);
2478 user = hashtab_search(pdb->p_users.table, name);
2486 if (pdb->mls) {
2487 level = level_to_str(pdb, &user->exp_dfltlevel);
2506 user = hashtab_search(pdb->p_users.table, name);
2513 if (pdb->mls) {
2514 range = range_to_str(pdb, &user->exp_range);
2538 static char *context_to_str(struct policydb *pdb, struct context_struct *con)
2543 user = pdb->p_user_val_to_name[con->user - 1];
2544 role = pdb->p_role_val_to_name[con->role - 1];
2545 type = pdb->p_type_val_to_name[con->type - 1];
2547 if (pdb->mls) {
2548 range = range_to_str(pdb, &con->range);
2563 static int write_sid_context_rules_to_cil(FILE *out, struct policydb *pdb, const char *const *sid_to_str, unsigned num_sids)
2578 for (isid = pdb->ocontexts[0]; isid != NULL; isid = isid->next) {
2587 ctx = context_to_str(pdb, &isid->context[0]);
2620 static int write_selinux_isid_rules_to_cil(FILE *out, struct policydb *pdb)
2622 return write_sid_context_rules_to_cil(out, pdb, selinux_sid_to_str,
2626 static int write_selinux_fsuse_rules_to_cil(FILE *out, struct policydb *pdb)
2633 for (fsuse = pdb->ocontexts[5]; fsuse != NULL; fsuse = fsuse->next) {
2645 ctx = context_to_str(pdb, &fsuse->context[0]);
2664 static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
2679 for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
2687 const char *class_name = pdb->p_class_val_to_name[sclass-1];
2708 ctx = context_to_str(pdb, &ocon->context[0]);
2742 static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb)
2752 for (portcon = pdb->ocontexts[2]; portcon != NULL; portcon = portcon->next) {
2776 ctx = context_to_str(pdb, &portcon->context[0]);
2797 static int write_selinux_netif_rules_to_cil(FILE *out, struct policydb *pdb)
2803 for (netif = pdb->ocontexts[3]; netif != NULL; netif = netif->next) {
2805 ctx1 = context_to_str(pdb, &netif->context[0]);
2810 ctx2 = context_to_str(pdb, &netif->context[1]);
2831 static int write_selinux_node_rules_to_cil(FILE *out, struct policydb *pdb)
2839 for (node = pdb->ocontexts[4]; node != NULL; node = node->next) {
2852 ctx = context_to_str(pdb, &node->context[0]);
2871 static int write_selinux_node6_rules_to_cil(FILE *out, struct policydb *pdb)
2879 for (node = pdb->ocontexts[6]; node != NULL; node = node->next) {
2892 ctx = context_to_str(pdb, &node->context[0]);
2911 static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb)
2922 for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL;
2946 ctx = context_to_str(pdb, &ibpkeycon->context[0]);
2967 static int write_selinux_ibendport_rules_to_cil(FILE *out, struct policydb *pdb)
2974 for (ibendportcon = pdb->ocontexts[OCON_IBENDPORT];
2982 ctx = context_to_str(pdb, &ibendportcon->context[0]);
3004 static int write_xen_isid_rules_to_cil(FILE *out, struct policydb *pdb)
3006 return write_sid_context_rules_to_cil(out, pdb, xen_sid_to_str, XEN_SID_SZ);
3009 static int write_xen_pirq_rules_to_cil(FILE *out, struct policydb *pdb)
3016 for (pirq = pdb->ocontexts[1]; pirq != NULL; pirq = pirq->next) {
3023 ctx = context_to_str(pdb, &pirq->context[0]);
3044 static int write_xen_ioport_rules_to_cil(FILE *out, struct policydb *pdb)
3053 for (ioport = pdb->ocontexts[2]; ioport != NULL; ioport = ioport->next) {
3066 ctx = context_to_str(pdb, &ioport->context[0]);
3087 static int write_xen_iomem_rules_to_cil(FILE *out, struct policydb *pdb)
3096 for (iomem = pdb->ocontexts[3]; iomem != NULL; iomem = iomem->next) {
3109 ctx = context_to_str(pdb, &iomem->context[0]);
3130 static int write_xen_pcidevice_rules_to_cil(FILE *out, struct policydb *pdb)
3137 for (pcid = pdb->ocontexts[4]; pcid != NULL; pcid = pcid->next) {
3144 ctx = context_to_str(pdb, &pcid->context[0]);
3165 static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
3171 for (dtree = pdb->ocontexts[5]; dtree != NULL; dtree = dtree->next) {
3173 ctx = context_to_str(pdb, &dtree->context[0]);
3192 int sepol_kernel_policydb_to_cil(FILE *out, struct policydb *pdb)
3220 if (pdb == NULL) {
3226 if (pdb->policy_type != SEPOL_POLICY_KERN) {
3232 if (pdb->policyvers >= POLICYDB_VERSION_AVTAB && pdb->policyvers <= POLICYDB_VERSION_PERMISSIVE) {
3244 rc = constraint_rules_to_strs(pdb, mls_constraints, non_mls_constraints);
3249 rc = validatetrans_rules_to_strs(pdb, mls_validatetrans, non_mls_validatetrans);
3254 rc = write_handle_unknown_to_cil(out, pdb);
3259 rc = write_class_decl_rules_to_cil(out, pdb);
3264 rc = write_sid_decl_rules_to_cil(out, pdb);
3269 rc = write_default_rules_to_cil(out, pdb);
3274 rc = write_mls_rules_to_cil(out, pdb);
3282 rc = write_polcap_rules_to_cil(out, pdb);
3287 rc = write_type_attributes_to_cil(out, pdb);
3292 rc = write_role_attributes_to_cil(out, pdb);
3297 rc = write_boolean_decl_rules_to_cil(out, pdb);
3302 rc = write_type_decl_rules_to_cil(out, pdb);
3307 rc = write_type_alias_rules_to_cil(out, pdb);
3312 rc = write_type_bounds_rules_to_cil(out, pdb);
3317 rc = write_type_attribute_sets_to_cil(out, pdb);
3322 rc = write_type_permissive_rules_to_cil(out, pdb);
3327 rc = write_avtab_to_cil(out, pdb, 0);
3332 rc = write_filename_trans_rules_to_cil(out, pdb);
3337 if (pdb->mls) {
3338 rc = write_range_trans_rules_to_cil(out, pdb);
3344 rc = write_cond_nodes_to_cil(out, pdb);
3349 rc = write_role_decl_rules_to_cil(out, pdb);
3354 rc = write_role_transition_rules_to_cil(out, pdb);
3359 rc = write_role_allow_rules_to_cil(out, pdb);
3364 rc = write_user_decl_rules_to_cil(out, pdb);
3372 rc = sort_ocontexts(pdb);
3377 if (pdb->target_platform == SEPOL_TARGET_SELINUX) {
3378 rc = write_selinux_isid_rules_to_cil(out, pdb);
3383 rc = write_selinux_fsuse_rules_to_cil(out, pdb);
3388 rc = write_genfscon_rules_to_cil(out, pdb);
3393 rc = write_selinux_port_rules_to_cil(out, pdb);
3398 rc = write_selinux_netif_rules_to_cil(out, pdb);
3403 rc = write_selinux_node_rules_to_cil(out, pdb);
3408 rc = write_selinux_node6_rules_to_cil(out, pdb);
3413 rc = write_selinux_ibpkey_rules_to_cil(out, pdb);
3418 rc = write_selinux_ibendport_rules_to_cil(out, pdb);
3422 } else if (pdb->target_platform == SEPOL_TARGET_XEN) {
3423 rc = write_xen_isid_rules_to_cil(out, pdb);
3428 rc = write_xen_pirq_rules_to_cil(out, pdb);
3433 rc = write_xen_ioport_rules_to_cil(out, pdb);
3438 rc = write_xen_iomem_rules_to_cil(out, pdb);
3443 rc = write_xen_pcidevice_rules_to_cil(out, pdb);
3448 rc = write_xen_devicetree_rules_to_cil(out, pdb);