Lines Matching refs:pdb
163 struct policydb *pdb;
197 /* A linked list of all roles stored in the pdb
333 struct policydb *pdb = arg;
339 scope = hashtab_search(pdb->scope[SYM_TYPES].table, key);
381 static int typealias_list_create(struct policydb *pdb)
388 for (block = pdb->global; block != NULL; block = block->next) {
400 rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb);
493 static int is_id_in_scope_with_start(struct policydb *pdb, struct stack *decl_stack, int start, uint32_t symbol_type, char *id)
500 scope = hashtab_search(pdb->scope[symbol_type].table, id);
518 static int is_id_in_ancestor_scope(struct policydb *pdb, struct stack *decl_stack, char *type, uint32_t symbol_type)
522 return is_id_in_scope_with_start(pdb, decl_stack, start, symbol_type, type);
525 static int is_id_in_scope(struct policydb *pdb, struct stack *decl_stack, char *type, uint32_t symbol_type)
529 return is_id_in_scope_with_start(pdb, decl_stack, start, symbol_type, type);
532 static int semantic_level_to_cil(struct policydb *pdb, int sens_offset, struct mls_semantic_level *level)
536 cil_printf("(%s ", pdb->p_sens_val_to_name[level->sens - sens_offset]);
544 cil_printf("%s", pdb->p_cat_val_to_name[cat->low - 1]);
546 cil_printf("range %s %s", pdb->p_cat_val_to_name[cat->low - 1], pdb->p_cat_val_to_name[cat->high - 1]);
563 static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const char *src, const char *tgt, const struct class_perm_node *classperms)
603 perms = sepol_av_to_string(pdb, classperm->tclass, classperm->data);
611 pdb->p_class_val_to_name[classperm->tclass - 1],
616 pdb->p_class_val_to_name[classperm->tclass - 1],
617 pdb->p_type_val_to_name[classperm->data - 1]);
685 static int avrulex_to_cil(int indent, struct policydb *pdb, uint32_t type, const char *src, const char *tgt, const class_perm_node_t *classperms, const av_extended_perms_t *xperms)
713 "ioctl", pdb->p_class_val_to_name[classperm->tclass - 1]);
734 static int ebitmap_to_cil(struct policydb *pdb, struct ebitmap *map, int type)
738 char **val_to_name = pdb->sym_val_to_name[type];
747 static char *get_new_attr_name(struct policydb *pdb, int is_type)
762 len = strlen(pdb->name) + strlen(infix) + num_digits(num_attrs) + 1;
769 rlen = snprintf(attr_name, len, "%s%s%i", pdb->name, infix, num_attrs);
809 static int cil_print_attr_strs(int indent, struct policydb *pdb, int is_type, void *set, char *attr_name)
831 val_to_name = pdb->p_type_val_to_name;
840 val_to_name = pdb->p_role_val_to_name;
896 static int cil_print_attr_list(int indent, struct policydb *pdb, struct list *attr_list)
904 rc = cil_print_attr_strs(indent, pdb, node->is_type, node->set, node->attr_name);
952 static int set_to_names(struct policydb *pdb, int is_type, void *set, struct list *attr_list, char ***names, unsigned int *num_names)
963 attr_name = get_new_attr_name(pdb, is_type);
1033 static int process_roleset(struct policydb *pdb, struct role_set *rs, struct list *attr_list, char ***names, unsigned int *num_names)
1041 rc = set_to_names(pdb, 0, &rs->roles, attr_list, names, num_names);
1046 rc = ebitmap_to_names(&rs->roles, pdb->p_role_val_to_name, names, num_names);
1056 static int process_typeset(struct policydb *pdb, struct type_set *ts, struct list *attr_list, char ***names, unsigned int *num_names)
1064 rc = set_to_names(pdb, 1, ts, attr_list, names, num_names);
1069 rc = ebitmap_to_names(&ts->types, pdb->p_type_val_to_name, names, num_names);
1086 static int roletype_role_in_ancestor_to_cil(struct policydb *pdb, struct stack *decl_stack, char *type_name, int indent)
1103 if (!is_id_in_ancestor_scope(pdb, decl_stack, role_node->role_name, SYM_ROLES)) {
1108 rc = process_typeset(pdb, ts, attr_list, &tnames, &num_tnames);
1120 rc = cil_print_attr_list(indent, pdb, attr_list);
1183 static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *avrule_list, struct list *attr_list)
1199 rc = process_typeset(pdb, ts, attr_list, &snames, &num_snames);
1205 rc = process_typeset(pdb, ts, attr_list, &tnames, &num_tnames);
1213 rc = avrulex_to_cil(indent, pdb, avrule->specified, snames[s], tnames[t], avrule->perms, avrule->xperms);
1215 rc = avrule_to_cil(indent, pdb, avrule->specified, snames[s], tnames[t], avrule->perms);
1224 rc = avrulex_to_cil(indent, pdb, avrule->specified, snames[s], "self", avrule->perms, avrule->xperms);
1226 rc = avrule_to_cil(indent, pdb, avrule->specified, snames[s], "self", avrule->perms);
1252 static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *cond_expr, uint32_t flags)
1275 val1 = pdb->p_bool_val_to_name[curr->bool - 1];
1392 static int cond_list_to_cil(int indent, struct policydb *pdb, struct cond_node *cond_list, struct list *attr_list)
1399 rc = cond_expr_to_cil(indent, pdb, cond->expr, cond->flags);
1406 rc = avrule_list_to_cil(indent + 2, pdb, cond->avtrue_list, attr_list);
1415 rc = avrule_list_to_cil(indent + 2, pdb, cond->avfalse_list, attr_list);
1429 static int role_trans_to_cil(int indent, struct policydb *pdb, struct role_trans_rule *rules, struct list *role_attr_list, struct list *type_attr_list)
1446 rc = process_roleset(pdb, rs, role_attr_list, &role_names, &num_role_names);
1452 rc = process_typeset(pdb, ts, type_attr_list, &type_names, &num_type_names);
1462 pdb->p_class_val_to_name[i],
1463 pdb->p_role_val_to_name[rule->new_role - 1]);
1479 static int role_allows_to_cil(int indent, struct policydb *pdb, struct role_allow_rule *rules, struct list *attr_list)
1492 rc = process_roleset(pdb, rs, attr_list, &roles, &num_roles);
1498 rc = process_roleset(pdb, rs, attr_list, &new_roles, &num_new_roles);
1522 static int range_trans_to_cil(int indent, struct policydb *pdb, struct range_trans_rule *rules, struct list *attr_list)
1536 if (!pdb->mls) {
1542 rc = process_typeset(pdb, ts, attr_list, &stypes, &num_stypes);
1548 rc = process_typeset(pdb, ts, attr_list, &ttypes, &num_ttypes);
1557 cil_printf("(rangetransition %s %s %s ", stypes[stype], ttypes[ttype], pdb->p_class_val_to_name[i]);
1561 rc = semantic_level_to_cil(pdb, 1, &rule->trange.level[0]);
1568 rc = semantic_level_to_cil(pdb, 1, &rule->trange.level[1]);
1592 static int filename_trans_to_cil(int indent, struct policydb *pdb, struct filename_trans_rule *rules, struct list *attr_list)
1606 rc = process_typeset(pdb, ts, attr_list, &stypes, &num_stypes);
1612 rc = process_typeset(pdb, ts, attr_list, &ttypes, &num_ttypes);
1621 pdb->p_class_val_to_name[rule->tclass - 1],
1623 pdb->p_type_val_to_name[rule->otype - 1]);
1628 pdb->p_class_val_to_name[rule->tclass - 1],
1630 pdb->p_type_val_to_name[rule->otype - 1]);
1708 static int constraint_expr_to_string(struct policydb *pdb, struct constraint_expr *exprs, char **expr_string)
1787 rc = ebitmap_to_names(&ts->types, pdb->p_type_val_to_name, &name_list, &num_names);
1792 rc = ebitmap_to_names(&expr->names, pdb->p_user_val_to_name, &name_list, &num_names);
1797 rc = ebitmap_to_names(&expr->names, pdb->p_role_val_to_name, &name_list, &num_names);
1940 static int constraints_to_cil(int indent, struct policydb *pdb, char *classkey, struct class_datum *class, struct constraint_node *constraints, int is_constraint)
1948 mls = pdb->mls ? "mls" : "";
1952 rc = constraint_expr_to_string(pdb, node->expr, &expr);
1958 perms = sepol_av_to_string(pdb, class->s.value, node->permissions);
1975 static int class_to_cil(int indent, struct policydb *pdb, struct avrule_block *UNUSED(block), struct stack *UNUSED(decl_stack), char *key, void *datum, int scope)
2065 rc = constraints_to_cil(indent, pdb, key, class, class->constraints, 1);
2072 rc = constraints_to_cil(indent, pdb, key, class, class->validatetrans, 0);
2085 static int class_order_to_cil(int indent, struct policydb *pdb, struct ebitmap order)
2098 cil_printf("%s ", pdb->sym_val_to_name[SYM_CLASSES][i]);
2106 static int role_to_cil(int indent, struct policydb *pdb, struct avrule_block *UNUSED(block), struct stack *decl_stack, char *key, void *datum, int scope)
2164 if ((is_base_role && pdb->policy_type == SEPOL_POLICY_BASE) ||
2175 rc = process_typeset(pdb, ts, attr_list, &types, &num_types);
2181 if (is_id_in_scope(pdb, decl_stack, types[j], SYM_TYPES)) {
2187 cil_println(indent, "(rolebounds %s %s)", key, pdb->p_role_val_to_name[role->bounds - 1]);
2200 cil_printf("%s ", pdb->p_role_val_to_name[i]);
2206 rc = process_typeset(pdb, ts, attr_list, &types, &num_types);
2213 if (is_id_in_scope(pdb, decl_stack, types[j], SYM_TYPES)) {
2226 rc = cil_print_attr_list(indent, pdb, attr_list);
2238 static int type_to_cil(int indent, struct policydb *pdb, struct avrule_block *UNUSED(block), struct stack *decl_stack, char *key, void *datum, int scope)
2252 rc = roletype_role_in_ancestor_to_cil(pdb, decl_stack, key, indent);
2271 cil_println(indent, "(typebounds %s %s)", pdb->p_type_val_to_name[type->bounds - 1], key);
2293 ebitmap_to_cil(pdb, &type->types, SYM_TYPES);
2311 static int user_to_cil(int indent, struct policydb *pdb, struct avrule_block *block, struct stack *UNUSED(decl_stack), char *key, void *datum, int scope)
2329 cil_println(indent, "(userrole %s %s)", key, pdb->p_role_val_to_name[i]);
2340 if (pdb->mls) {
2341 semantic_level_to_cil(pdb, sens_offset, &level);
2349 if (pdb->mls) {
2350 semantic_level_to_cil(pdb, sens_offset, &range.level[0]);
2352 semantic_level_to_cil(pdb, sens_offset, &range.level[1]);
2362 static int boolean_to_cil(int indent, struct policydb *UNUSED(pdb), struct avrule_block *UNUSED(block), struct stack *UNUSED(decl_stack), char *key, void *datum, int scope)
2380 static int sens_to_cil(int indent, struct policydb *pdb, struct avrule_block *UNUSED(block), struct stack *UNUSED(decl_stack), char *key, void *datum, int scope)
2389 cil_println(indent, "(sensitivityaliasactual %s %s)", key, pdb->p_sens_val_to_name[level->level->sens - 1]);
2396 ebitmap_to_cil(pdb, &level->level->cat, SYM_CATS);
2403 static int sens_order_to_cil(int indent, struct policydb *pdb, struct ebitmap order)
2416 cil_printf("%s ", pdb->p_sens_val_to_name[i]);
2424 static int cat_to_cil(int indent, struct policydb *pdb, struct avrule_block *UNUSED(block), struct stack *UNUSED(decl_stack), char *key, void *datum, int scope)
2436 cil_println(indent, "(categoryaliasactual %s %s)", key, pdb->p_cat_val_to_name[cat->s.value - 1]);
2442 static int cat_order_to_cil(int indent, struct policydb *pdb, struct ebitmap order)
2457 cil_printf("%s ", pdb->p_cat_val_to_name[i]);
2467 static int polcaps_to_cil(struct policydb *pdb)
2475 map = &pdb->policycaps;
2493 static int level_to_cil(struct policydb *pdb, struct mls_level *level)
2497 cil_printf("(%s", pdb->p_sens_val_to_name[level->sens - 1]);
2501 ebitmap_to_cil(pdb, map, SYM_CATS);
2510 static int context_to_cil(struct policydb *pdb, struct context_struct *con)
2513 pdb->p_user_val_to_name[con->user - 1],
2514 pdb->p_role_val_to_name[con->role - 1],
2515 pdb->p_type_val_to_name[con->type - 1]);
2517 if (pdb->mls) {
2518 level_to_cil(pdb, &con->range.level[0]);
2520 level_to_cil(pdb, &con->range.level[1]);
2532 static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_string,
2560 context_to_cil(pdb, &isid->context[0]);
2601 static int ocontext_selinux_isid_to_cil(struct policydb *pdb, struct ocontext *isids)
2605 rc = ocontext_isid_to_cil(pdb, selinux_sid_to_str, SELINUX_SID_SZ, isids);
2616 static int ocontext_selinux_fs_to_cil(struct policydb *UNUSED(pdb), struct ocontext *fss)
2625 static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *portcons)
2655 context_to_cil(pdb, &portcon->context[0]);
2665 static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb,
2694 context_to_cil(pdb, &ibpkeycon->context[0]);
2703 static int ocontext_selinux_netif_to_cil(struct policydb *pdb, struct ocontext *netifs)
2709 context_to_cil(pdb, &netif->context[0]);
2712 context_to_cil(pdb, &netif->context[1]);
2719 static int ocontext_selinux_node_to_cil(struct policydb *pdb, struct ocontext *nodes)
2741 context_to_cil(pdb, &node->context[0]);
2751 static int ocontext_selinux_node6_to_cil(struct policydb *pdb, struct ocontext *nodes)
2773 context_to_cil(pdb, &node->context[0]);
2783 static int ocontext_selinux_ibendport_to_cil(struct policydb *pdb, struct ocontext *ibendports)
2789 context_to_cil(pdb, &ibendport->context[0]);
2797 static int ocontext_selinux_fsuse_to_cil(struct policydb *pdb, struct ocontext *fsuses)
2817 context_to_cil(pdb, &fsuse->context[0]);
2829 static int ocontext_xen_isid_to_cil(struct policydb *pdb, struct ocontext *isids)
2833 rc = ocontext_isid_to_cil(pdb, xen_sid_to_str, XEN_SID_SZ, isids);
2844 static int ocontext_xen_pirq_to_cil(struct policydb *pdb, struct ocontext *pirqs)
2850 context_to_cil(pdb, &pirq->context[0]);
2857 static int ocontext_xen_ioport_to_cil(struct policydb *pdb, struct ocontext *ioports)
2873 context_to_cil(pdb, &ioport->context[0]);
2881 static int ocontext_xen_iomem_to_cil(struct policydb *pdb, struct ocontext *iomems)
2897 context_to_cil(pdb, &iomem->context[0]);
2905 static int ocontext_xen_pcidevice_to_cil(struct policydb *pdb, struct ocontext *pcids)
2911 context_to_cil(pdb, &pcid->context[0]);
2918 static int ocontexts_to_cil(struct policydb *pdb)
2923 static int (**ocon_funcs)(struct policydb *pdb, struct ocontext *ocon);
2924 static int (*ocon_selinux_funcs[OCON_NUM])(struct policydb *pdb, struct ocontext *ocon) = {
2935 static int (*ocon_xen_funcs[OCON_NUM])(struct policydb *pdb, struct ocontext *ocon) = {
2945 switch (pdb->target_platform) {
2953 log_err("Unknown target platform: %i", pdb->target_platform);
2960 rc = ocon_funcs[ocon](pdb, pdb->ocontexts[ocon]);
2972 static int genfscon_to_cil(struct policydb *pdb)
2978 for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
2983 const char *class_name = pdb->p_class_val_to_name[sclass-1];
3005 context_to_cil(pdb, &ocon->context[0]);
3376 static int (*func_to_cil[SYM_NUM])(int indent, struct policydb *pdb, struct avrule_block *block, struct stack *decl_stack, char *key, void *datum, int scope) = {
3387 static int typealiases_to_cil(int indent, struct policydb *pdb, struct avrule_block *UNUSED(block), struct stack *decl_stack)
3408 alias_datum = hashtab_search(pdb->p_types.table, alias_name);
3414 type_name = pdb->p_type_val_to_name[alias_datum->primary - 1];
3416 type_name = pdb->p_type_val_to_name[alias_datum->s.value - 1];
3428 static int declared_scopes_to_cil(int indent, struct policydb *pdb, struct avrule_block *block, struct stack *decl_stack)
3447 key = pdb->sym_val_to_name[sym][i];
3448 datum = hashtab_search(pdb->symtab[sym].table, key);
3453 scope = hashtab_search(pdb->scope[sym].table, key);
3458 rc = func_to_cil[sym](indent, pdb, block, decl_stack, key, datum, scope->scope);
3465 rc = cat_order_to_cil(indent, pdb, map);
3472 rc = sens_order_to_cil(indent, pdb, map);
3479 rc = class_order_to_cil(indent, pdb, map);
3491 static int required_scopes_to_cil(int indent, struct policydb *pdb, struct avrule_block *block, struct stack *decl_stack)
3511 key = pdb->sym_val_to_name[sym][i];
3513 scope_datum = hashtab_search(pdb->scope[sym].table, key);
3534 datum = hashtab_search(pdb->symtab[sym].table, key);
3539 rc = func_to_cil[sym](indent, pdb, block, decl_stack, key, datum, SCOPE_REQ);
3557 rc = func_to_cil[args->sym_index](args->indent, args->pdb, args->block, args->decl_stack, key, data, SCOPE_REQ);
3568 static int additive_scopes_to_cil(int indent, struct policydb *pdb, struct avrule_block *block, struct stack *decl_stack)
3573 args.pdb = pdb;
3641 static int block_to_cil(struct policydb *pdb, struct avrule_block *block, struct stack *stack, int indent)
3659 rc = typealiases_to_cil(indent, pdb, block, stack);
3664 rc = declared_scopes_to_cil(indent, pdb, block, stack);
3669 rc = required_scopes_to_cil(indent, pdb, block, stack);
3674 rc = additive_scopes_to_cil(indent, pdb, block, stack);
3679 rc = avrule_list_to_cil(indent, pdb, decl->avrules, type_attr_list);
3684 rc = role_trans_to_cil(indent, pdb, decl->role_tr_rules, role_attr_list, type_attr_list);
3689 rc = role_allows_to_cil(indent, pdb, decl->role_allow_rules, role_attr_list);
3694 rc = range_trans_to_cil(indent, pdb, decl->range_tr_rules, type_attr_list);
3699 rc = filename_trans_to_cil(indent, pdb, decl->filename_trans_rules, type_attr_list);
3704 rc = cond_list_to_cil(indent, pdb, decl->cond_list, type_attr_list);
3709 rc = cil_print_attr_list(indent, pdb, type_attr_list);
3713 rc = cil_print_attr_list(indent, pdb, role_attr_list);
3725 static int module_block_to_cil(struct policydb *pdb, struct avrule_block *block, struct stack *stack, int *indent)
3752 cil_println(*indent, "(optional %s_optional_%i", pdb->name, decl->decl_id);
3758 rc = block_to_cil(pdb, block, stack, *indent);
3767 static int global_block_to_cil(struct policydb *pdb, struct avrule_block *block, struct stack *stack)
3786 rc = hashtab_map(pdb->p_commons.table, common_to_cil, NULL);
3791 rc = block_to_cil(pdb, block, stack, 0);
3800 static int blocks_to_cil(struct policydb *pdb)
3812 block = pdb->global;
3813 rc = global_block_to_cil(pdb, block, stack);
3819 rc = module_block_to_cil(pdb, block, stack, &indent);
3836 static int linked_block_to_cil(struct policydb *pdb, struct avrule_block *block, struct stack *stack)
3856 rc = block_to_cil(pdb, block, stack, 0);
3867 static int linked_blocks_to_cil(struct policydb *pdb)
3880 block = pdb->global;
3881 rc = global_block_to_cil(pdb, block, stack);
3887 rc = linked_block_to_cil(pdb, block, stack);
3899 static int handle_unknown_to_cil(struct policydb *pdb)
3904 switch (pdb->handle_unknown) {
3915 log_err("Unknown value for handle-unknown: %i", pdb->handle_unknown);
3928 static int generate_mls(struct policydb *pdb)
3930 const char *mls_str = pdb->mls ? "true" : "false";
3971 static int fix_module_name(struct policydb *pdb)
3981 if (pdb->policy_type == POLICY_BASE) {
3982 pdb->name = strdup("base");
3983 if (pdb->name == NULL) {
3992 for (letter = pdb->name; *letter != '\0'; letter++) {
4005 int sepol_module_policydb_to_cil(FILE *fp, struct policydb *pdb, int linked)
4011 if (pdb == NULL) {
4016 if (pdb->policy_type != SEPOL_POLICY_BASE &&
4017 pdb->policy_type != SEPOL_POLICY_MOD) {
4023 rc = fix_module_name(pdb);
4028 if (pdb->policy_type == SEPOL_POLICY_BASE && !pdb->mls) {
4039 if (pdb->policy_type == SEPOL_POLICY_BASE) {
4059 rc = handle_unknown_to_cil(pdb);
4065 rc = generate_mls(pdb);
4071 rc = role_list_create(pdb->p_roles.table);
4076 rc = typealias_list_create(pdb);
4081 rc = polcaps_to_cil(pdb);
4086 rc = ocontexts_to_cil(pdb);
4091 rc = genfscon_to_cil(pdb);
4098 rc = linked_blocks_to_cil(pdb);
4100 rc = blocks_to_cil(pdb);
4118 struct sepol_policydb *pdb;
4122 pdb = sepol_module_package_get_policy(mod_pkg);
4123 if (pdb == NULL) {
4129 rc = sepol_module_policydb_to_cil(fp, &pdb->p, 0);