Lines Matching refs:pdb
30 static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
45 char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
119 static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr *expr, int *use_mls)
182 names = ebitmap_to_str(&ts->types, pdb->p_type_val_to_name, 1);
184 names = ebitmap_to_str(&curr->names, pdb->p_user_val_to_name, 1);
186 names = ebitmap_to_str(&curr->names, pdb->p_role_val_to_name, 1);
270 static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
287 expr = constraint_expr_to_str(pdb, curr->expr, &is_mls);
293 perms = sepol_av_to_string(pdb, class->s.value, curr->permissions);
325 static int class_validatetrans_rules_to_strs(struct policydb *pdb, char *classkey,
338 expr = constraint_expr_to_str(pdb, curr->expr, &is_mls);
363 static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, struct strs *non_mls_strs)
370 for (i=0; i < pdb->p_classes.nprim; i++) {
371 class = pdb->class_val_to_struct[i];
373 name = pdb->p_class_val_to_name[i];
374 rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs);
388 static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, struct strs *non_mls_strs)
395 for (i=0; i < pdb->p_classes.nprim; i++) {
396 class = pdb->class_val_to_struct[i];
398 name = pdb->p_class_val_to_name[i];
399 rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs);
413 static int write_handle_unknown_to_conf(FILE *out, struct policydb *pdb)
417 switch (pdb->handle_unknown) {
428 sepol_log_err("Unknown value for handle-unknown: %i", pdb->handle_unknown);
437 static int write_class_decl_rules_to_conf(FILE *out, struct policydb *pdb)
442 for (i=0; i < pdb->p_classes.nprim; i++) {
443 name = pdb->p_class_val_to_name[i];
504 static int write_sid_decl_rules_to_conf(FILE *out, struct policydb *pdb)
508 if (pdb->target_platform == SEPOL_TARGET_SELINUX) {
510 pdb->ocontexts[0]);
511 } else if (pdb->target_platform == SEPOL_TARGET_XEN) {
513 pdb->ocontexts[0]);
515 sepol_log_err("Unknown target platform: %i", pdb->target_platform);
547 static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb)
557 used = calloc(pdb->p_commons.nprim, sizeof(*used));
563 for (i=0; i < pdb->p_classes.nprim; i++) {
564 class = pdb->class_val_to_struct[i];
568 common = hashtab_search(pdb->p_commons.table, name);
590 for (i=0; i < pdb->p_classes.nprim; i++) {
591 class = pdb->class_val_to_struct[i];
593 name = pdb->p_class_val_to_name[i];
714 static int write_default_rules_to_conf(FILE *out, struct policydb *pdb)
721 for (i=0; i < pdb->p_classes.nprim; i++) {
722 class = pdb->class_val_to_struct[i];
725 rc = write_default_user_to_conf(out, pdb->p_class_val_to_name[i], class);
733 for (i=0; i < pdb->p_classes.nprim; i++) {
734 class = pdb->class_val_to_struct[i];
737 rc = write_default_role_to_conf(out, pdb->p_class_val_to_name[i], class);
745 for (i=0; i < pdb->p_classes.nprim; i++) {
746 class = pdb->class_val_to_struct[i];
749 rc = write_default_type_to_conf(out, pdb->p_class_val_to_name[i], class);
756 if (!pdb->mls) {
761 for (i=0; i < pdb->p_classes.nprim; i++) {
762 class = pdb->class_val_to_struct[i];
765 rc = write_default_range_to_conf(out, pdb->p_class_val_to_name[i], class);
793 static int write_sensitivity_rules_to_conf(FILE *out, struct policydb *pdb)
802 rc = strs_init(&strs, pdb->p_levels.nprim);
807 rc = hashtab_map(pdb->p_levels.table, map_sensitivity_aliases_to_strs, strs);
815 sens_alias_map = calloc(sizeof(*sens_alias_map), pdb->p_levels.nprim);
824 level = hashtab_search(pdb->p_levels.table, name);
849 for (i=0; i < pdb->p_levels.nprim; i++) {
850 name = pdb->p_sens_val_to_name[i];
852 level = hashtab_search(pdb->p_levels.table, name);
874 for (i=0; i < pdb->p_levels.nprim; i++) {
875 name = pdb->p_sens_val_to_name[i];
877 level = hashtab_search(pdb->p_levels.table, name);
896 for (i=0; i < pdb->p_levels.nprim; i++) {
924 static int write_category_rules_to_conf(FILE *out, struct policydb *pdb)
933 rc = strs_init(&strs, pdb->p_cats.nprim);
938 rc = hashtab_map(pdb->p_cats.table, map_category_aliases_to_strs, strs);
946 cat_alias_map = calloc(sizeof(*cat_alias_map), pdb->p_cats.nprim);
955 cat = hashtab_search(pdb->p_cats.table, name);
980 for (i=0; i < pdb->p_cats.nprim; i++) {
981 name = pdb->p_cat_val_to_name[i];
983 cat = hashtab_search(pdb->p_cats.table, name);
1004 for (i=0; i < pdb->p_cats.nprim; i++) {
1104 static int write_level_rules_to_conf(FILE *out, struct policydb *pdb)
1111 for (i=0; i < pdb->p_levels.nprim; i++) {
1112 name = pdb->p_sens_val_to_name[i];
1114 level = hashtab_search(pdb->p_levels.table, name);
1122 cats = cats_ebitmap_to_str(&level->level->cat, pdb->p_cat_val_to_name);
1138 static int write_mls_rules_to_conf(FILE *out, struct policydb *pdb)
1142 if (!pdb->mls) {
1146 rc = write_sensitivity_rules_to_conf(out, pdb);
1151 rc = write_category_rules_to_conf(out, pdb);
1156 rc = write_level_rules_to_conf(out, pdb);
1169 static int write_polcap_rules_to_conf(FILE *out, struct policydb *pdb)
1182 ebitmap_for_each_positive_bit(&pdb->policycaps, node, i) {
1210 static int write_type_attributes_to_conf(FILE *out, struct policydb *pdb)
1218 rc = strs_init(&strs, pdb->p_types.nprim);
1223 for (i=0; i < pdb->p_types.nprim; i++) {
1224 type = pdb->type_val_to_struct[i];
1226 rc = strs_add(strs, pdb->p_type_val_to_name[i]);
1255 static int write_role_attributes_to_conf(FILE *out, struct policydb *pdb)
1263 rc = strs_init(&strs, pdb->p_roles.nprim);
1268 for (i=0; i < pdb->p_roles.nprim; i++) {
1269 role = pdb->role_val_to_struct[i];
1271 rc = strs_add(strs, pdb->p_role_val_to_name[i]);
1311 static int write_boolean_decl_rules_to_conf(FILE *out, struct policydb *pdb)
1321 rc = hashtab_map(pdb->p_bools.table, map_boolean_to_strs, strs);
1340 static int write_type_decl_rules_to_conf(FILE *out, struct policydb *pdb)
1348 rc = strs_init(&strs, pdb->p_types.nprim);
1353 for (i=0; i < pdb->p_types.nprim; i++) {
1354 type = pdb->type_val_to_struct[i];
1356 rc = strs_add(strs, pdb->p_type_val_to_name[i]);
1408 static int write_type_alias_rules_to_conf(FILE *out, struct policydb *pdb)
1417 rc = hashtab_map(pdb->p_types.table, map_count_type_aliases, &num);
1427 rc = hashtab_map(pdb->p_types.table, map_type_aliases_to_strs, strs);
1440 alias = hashtab_search(pdb->p_types.table, name);
1445 type = pdb->p_type_val_to_name[alias->s.value - 1];
1459 static int write_type_bounds_rules_to_conf(FILE *out, struct policydb *pdb)
1468 rc = strs_init(&strs, pdb->p_types.nprim);
1473 for (i=0; i < pdb->p_types.nprim; i++) {
1474 type = pdb->type_val_to_struct[i];
1477 rc = strs_add(strs, pdb->p_type_val_to_name[i]);
1494 type = hashtab_search(pdb->p_types.table, child);
1499 parent = pdb->p_type_val_to_name[type->bounds - 1];
1582 static int write_type_attribute_sets_to_conf(FILE *out, struct policydb *pdb)
1591 rc = strs_init(&strs, pdb->p_types.nprim);
1596 for (i=0; i < pdb->p_types.nprim; i++) {
1597 type = pdb->type_val_to_struct[i];
1599 if (ebitmap_cardinality(&pdb->type_attr_map[i]) == 1) continue;
1601 rc = ebitmap_cpy(&attrmap, &pdb->type_attr_map[i]);
1610 name = pdb->p_type_val_to_name[i];
1611 attrs = attrmap_to_str(&attrmap, pdb->p_type_val_to_name);
1640 static int write_type_permissive_rules_to_conf(FILE *out, struct policydb *pdb)
1648 rc = strs_init(&strs, pdb->p_types.nprim);
1653 ebitmap_for_each_positive_bit(&pdb->permissive_map, node, i) {
1654 rc = strs_add(strs, pdb->p_type_val_to_name[i-1]);
1682 static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_datum_t *datum)
1723 src = pdb->p_type_val_to_name[key->source_type - 1];
1724 tgt = pdb->p_type_val_to_name[key->target_type - 1];
1726 type = pdb->type_val_to_struct[key->source_type - 1];
1731 class = pdb->p_class_val_to_name[key->target_class - 1];
1734 perms = sepol_av_to_string(pdb, key->target_class, data);
1750 new = pdb->p_type_val_to_name[data - 1];
1766 struct policydb *pdb;
1775 struct policydb *pdb = map_args->pdb;
1781 rule = avtab_node_to_str(pdb, key, datum);
1797 static int write_avtab_flavor_to_conf(FILE *out, struct policydb *pdb, uint32_t flavor, int indent)
1808 args.pdb = pdb;
1812 rc = avtab_map(&pdb->te_avtab, map_avtab_write_helper, &args);
1827 static int write_avtab_to_conf(FILE *out, struct policydb *pdb, int indent)
1833 rc = write_avtab_flavor_to_conf(out, pdb, avtab_flavors[i], indent);
1848 struct policydb *pdb;
1857 struct policydb *pdb = map_args->pdb;
1864 tgt = pdb->p_type_val_to_name[ft->ttype - 1];
1865 class = pdb->p_class_val_to_name[ft->tclass - 1];
1868 new = pdb->p_type_val_to_name[datum->otype - 1];
1871 src = pdb->p_type_val_to_name[bit];
1885 static int write_filename_trans_rules_to_conf(FILE *out, struct policydb *pdb)
1896 args.pdb = pdb;
1899 rc = hashtab_map(pdb->filename_trans, map_filename_trans_to_str, &args);
1918 static char *level_to_str(struct policydb *pdb, struct mls_level *level)
1922 char *sens_str = pdb->p_sens_val_to_name[level->sens - 1];
1926 cats_str = cats_ebitmap_to_str(cats, pdb->p_cat_val_to_name);
1936 static char *range_to_str(struct policydb *pdb, mls_range_t *range)
1942 low = level_to_str(pdb, &range->level[0]);
1947 high = level_to_str(pdb, &range->level[1]);
1962 struct policydb *pdb;
1971 struct policydb *pdb = map_args->pdb;
1976 src = pdb->p_type_val_to_name[rt->source_type - 1];
1977 tgt = pdb->p_type_val_to_name[rt->target_type - 1];
1978 class = pdb->p_class_val_to_name[rt->target_class - 1];
1979 range = range_to_str(pdb, mls_range);
1996 static int write_range_trans_rules_to_conf(FILE *out, struct policydb *pdb)
2007 args.pdb = pdb;
2010 rc = hashtab_map(pdb->range_tr, map_range_trans_to_str, &args);
2029 static int write_cond_av_list_to_conf(FILE *out, struct policydb *pdb, cond_av_list_t *cond_list, int indent)
2053 rule = avtab_node_to_str(pdb, key, datum);
2092 static int write_cond_nodes_to_conf(FILE *out, struct policydb *pdb)
2101 for (cond = pdb->cond_list; cond != NULL; cond = cond->next) {
2116 for (cond = pdb->cond_list; cond != NULL; cond = cond->next) {
2118 expr = cond_expr_to_str(pdb, cond->expr);
2136 rc = write_cond_av_list_to_conf(out, pdb, cond->true_list, 1);
2144 rc = write_cond_av_list_to_conf(out, pdb, cond->false_list, 1);
2167 static int write_role_decl_rules_to_conf(FILE *out, struct policydb *pdb)
2175 rc = strs_init(&strs, pdb->p_roles.nprim);
2181 for (i=1; i < pdb->p_roles.nprim; i++) {
2182 role = pdb->role_val_to_struct[i];
2184 rc = strs_add(strs, pdb->p_role_val_to_name[i]);
2206 role = hashtab_search(pdb->p_roles.table, name);
2212 types = ebitmap_to_str(&role->types.types, pdb->p_type_val_to_name, 1);
2249 static int write_role_transition_rules_to_conf(FILE *out, struct policydb *pdb)
2251 role_trans_t *curr = pdb->role_tr;
2262 role = pdb->p_role_val_to_name[curr->role - 1];
2263 type = pdb->p_type_val_to_name[curr->type - 1];
2264 class = pdb->p_class_val_to_name[curr->tclass - 1];
2265 new = pdb->p_role_val_to_name[curr->new_role - 1];
2290 static int write_role_allow_rules_to_conf(FILE *out, struct policydb *pdb)
2292 role_allow_t *curr = pdb->role_allow;
2303 role = pdb->p_role_val_to_name[curr->role - 1];
2304 new = pdb->p_role_val_to_name[curr->new_role - 1];
2328 static int write_user_decl_rules_to_conf(FILE *out, struct policydb *pdb)
2336 rc = strs_init(&strs, pdb->p_users.nprim);
2341 for (i=0; i < pdb->p_users.nprim; i++) {
2342 if (!pdb->p_user_val_to_name[i]) continue;
2343 rc = strs_add(strs, pdb->p_user_val_to_name[i]);
2358 user = hashtab_search(pdb->p_users.table, name);
2367 pdb->p_role_val_to_name, 1);
2380 if (pdb->mls) {
2381 level = level_to_str(pdb, &user->exp_dfltlevel);
2389 range = range_to_str(pdb, &user->exp_range);
2411 static char *context_to_str(struct policydb *pdb, struct context_struct *con)
2416 user = pdb->p_user_val_to_name[con->user - 1];
2417 role = pdb->p_role_val_to_name[con->role - 1];
2418 type = pdb->p_type_val_to_name[con->type - 1];
2420 if (pdb->mls) {
2421 range = range_to_str(pdb, &con->range);
2431 static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, const char *const *sid_to_str, unsigned num_sids)
2446 for (isid = pdb->ocontexts[0]; isid != NULL; isid = isid->next) {
2455 ctx = context_to_str(pdb, &isid->context[0]);
2488 static int write_selinux_isid_rules_to_conf(FILE *out, struct policydb *pdb)
2490 return write_sid_context_rules_to_conf(out, pdb, selinux_sid_to_str,
2494 static int write_selinux_fsuse_rules_to_conf(FILE *out, struct policydb *pdb)
2501 for (fsuse = pdb->ocontexts[5]; fsuse != NULL; fsuse = fsuse->next) {
2513 ctx = context_to_str(pdb, &fsuse->context[0]);
2532 static int write_genfscon_rules_to_conf(FILE *out, struct policydb *pdb)
2547 for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
2555 const char *class_name = pdb->p_class_val_to_name[sclass-1];
2576 ctx = context_to_str(pdb, &ocon->context[0]);
2610 static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb)
2620 for (portcon = pdb->ocontexts[2]; portcon != NULL; portcon = portcon->next) {
2644 ctx = context_to_str(pdb, &portcon->context[0]);
2665 static int write_selinux_netif_rules_to_conf(FILE *out, struct policydb *pdb)
2671 for (netif = pdb->ocontexts[3]; netif != NULL; netif = netif->next) {
2673 ctx1 = context_to_str(pdb, &netif->context[0]);
2678 ctx2 = context_to_str(pdb, &netif->context[1]);
2699 static int write_selinux_node_rules_to_conf(FILE *out, struct policydb *pdb)
2707 for (node = pdb->ocontexts[4]; node != NULL; node = node->next) {
2720 ctx = context_to_str(pdb, &node->context[0]);
2740 static int write_selinux_node6_rules_to_conf(FILE *out, struct policydb *pdb)
2748 for (node6 = pdb->ocontexts[6]; node6 != NULL; node6 = node6->next) {
2761 ctx = context_to_str(pdb, &node6->context[0]);
2780 static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb)
2791 for (ibpkeycon = pdb->ocontexts[OCON_IBPKEY]; ibpkeycon != NULL;
2815 ctx = context_to_str(pdb, &ibpkeycon->context[0]);
2837 static int write_selinux_ibendport_rules_to_conf(FILE *out, struct policydb *pdb)
2844 for (ibendportcon = pdb->ocontexts[OCON_IBENDPORT];
2852 ctx = context_to_str(pdb, &ibendportcon->context[0]);
2873 static int write_xen_isid_rules_to_conf(FILE *out, struct policydb *pdb)
2875 return write_sid_context_rules_to_conf(out, pdb, xen_sid_to_str, XEN_SID_SZ);
2879 static int write_xen_pirq_rules_to_conf(FILE *out, struct policydb *pdb)
2886 for (pirq = pdb->ocontexts[1]; pirq != NULL; pirq = pirq->next) {
2894 ctx = context_to_str(pdb, &pirq->context[0]);
2916 static int write_xen_ioport_rules_to_conf(FILE *out, struct policydb *pdb)
2925 for (ioport = pdb->ocontexts[2]; ioport != NULL; ioport = ioport->next) {
2938 ctx = context_to_str(pdb, &ioport->context[0]);
2959 static int write_xen_iomem_rules_to_conf(FILE *out, struct policydb *pdb)
2968 for (iomem = pdb->ocontexts[3]; iomem != NULL; iomem = iomem->next) {
2981 ctx = context_to_str(pdb, &iomem->context[0]);
3002 static int write_xen_pcidevice_rules_to_conf(FILE *out, struct policydb *pdb)
3009 for (pcid = pdb->ocontexts[4]; pcid != NULL; pcid = pcid->next) {
3016 ctx = context_to_str(pdb, &pcid->context[0]);
3037 static int write_xen_devicetree_rules_to_conf(FILE *out, struct policydb *pdb)
3043 for (dtree = pdb->ocontexts[5]; dtree != NULL; dtree = dtree->next) {
3045 ctx = context_to_str(pdb, &dtree->context[0]);
3064 int sepol_kernel_policydb_to_conf(FILE *out, struct policydb *pdb)
3092 if (pdb == NULL) {
3098 if (pdb->policy_type != SEPOL_POLICY_KERN) {
3104 if (pdb->policyvers >= POLICYDB_VERSION_AVTAB && pdb->policyvers <= POLICYDB_VERSION_PERMISSIVE) {
3116 rc = constraint_rules_to_strs(pdb, mls_constraints, non_mls_constraints);
3121 rc = validatetrans_rules_to_strs(pdb, mls_validatetrans, non_mls_validatetrans);
3126 rc = write_handle_unknown_to_conf(out, pdb);
3131 rc = write_class_decl_rules_to_conf(out, pdb);
3136 rc = write_sid_decl_rules_to_conf(out, pdb);
3141 rc = write_class_and_common_rules_to_conf(out, pdb);
3146 rc = write_default_rules_to_conf(out, pdb);
3151 rc = write_mls_rules_to_conf(out, pdb);
3159 rc = write_polcap_rules_to_conf(out, pdb);
3164 rc = write_type_attributes_to_conf(out, pdb);
3169 rc = write_role_attributes_to_conf(out, pdb);
3174 rc = write_boolean_decl_rules_to_conf(out, pdb);
3179 rc = write_type_decl_rules_to_conf(out, pdb);
3184 rc = write_type_alias_rules_to_conf(out, pdb);
3189 rc = write_type_bounds_rules_to_conf(out, pdb);
3194 rc = write_type_attribute_sets_to_conf(out, pdb);
3199 rc = write_type_permissive_rules_to_conf(out, pdb);
3204 rc = write_avtab_to_conf(out, pdb, 0);
3208 write_filename_trans_rules_to_conf(out, pdb);
3210 if (pdb->mls) {
3211 rc = write_range_trans_rules_to_conf(out, pdb);
3217 rc = write_cond_nodes_to_conf(out, pdb);
3222 rc = write_role_decl_rules_to_conf(out, pdb);
3227 rc = write_role_transition_rules_to_conf(out, pdb);
3232 rc = write_role_allow_rules_to_conf(out, pdb);
3237 rc = write_user_decl_rules_to_conf(out, pdb);
3245 rc = sort_ocontexts(pdb);
3250 if (pdb->target_platform == SEPOL_TARGET_SELINUX) {
3251 rc = write_selinux_isid_rules_to_conf(out, pdb);
3256 rc = write_selinux_fsuse_rules_to_conf(out, pdb);
3261 rc = write_genfscon_rules_to_conf(out, pdb);
3266 rc = write_selinux_port_rules_to_conf(out, pdb);
3271 rc = write_selinux_netif_rules_to_conf(out, pdb);
3276 rc = write_selinux_node_rules_to_conf(out, pdb);
3281 rc = write_selinux_node6_rules_to_conf(out, pdb);
3286 rc = write_selinux_ibpkey_rules_to_conf(out, pdb);
3291 rc = write_selinux_ibendport_rules_to_conf(out, pdb);
3295 } else if (pdb->target_platform == SEPOL_TARGET_XEN) {
3296 rc = write_xen_isid_rules_to_conf(out, pdb);
3301 rc = write_genfscon_rules_to_conf(out, pdb);
3306 rc = write_xen_pirq_rules_to_conf(out, pdb);
3311 rc = write_xen_iomem_rules_to_conf(out, pdb);
3316 rc = write_xen_ioport_rules_to_conf(out, pdb);
3321 rc = write_xen_pcidevice_rules_to_conf(out, pdb);
3326 rc = write_xen_devicetree_rules_to_conf(out, pdb);