1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32
33 #include <sepol/policydb/policydb.h>
34 #include <sepol/policydb/symtab.h>
35
36 #include "cil_internal.h"
37 #include "cil_flavor.h"
38 #include "cil_log.h"
39 #include "cil_mem.h"
40 #include "cil_tree.h"
41 #include "cil_list.h"
42 #include "cil_symtab.h"
43 #include "cil_build_ast.h"
44
45 #include "cil_parser.h"
46 #include "cil_build_ast.h"
47 #include "cil_resolve_ast.h"
48 #include "cil_fqn.h"
49 #include "cil_post.h"
50 #include "cil_binary.h"
51 #include "cil_policy.h"
52 #include "cil_strpool.h"
53 #include "cil_write_ast.h"
54
55 const int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
56 {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
57 {8, 8, 8, 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
58 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
59 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
60 {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
61 };
62
63 char *CIL_KEY_CONS_T1;
64 char *CIL_KEY_CONS_T2;
65 char *CIL_KEY_CONS_T3;
66 char *CIL_KEY_CONS_R1;
67 char *CIL_KEY_CONS_R2;
68 char *CIL_KEY_CONS_R3;
69 char *CIL_KEY_CONS_U1;
70 char *CIL_KEY_CONS_U2;
71 char *CIL_KEY_CONS_U3;
72 char *CIL_KEY_CONS_L1;
73 char *CIL_KEY_CONS_L2;
74 char *CIL_KEY_CONS_H1;
75 char *CIL_KEY_CONS_H2;
76 char *CIL_KEY_AND;
77 char *CIL_KEY_OR;
78 char *CIL_KEY_NOT;
79 char *CIL_KEY_EQ;
80 char *CIL_KEY_NEQ;
81 char *CIL_KEY_CONS_DOM;
82 char *CIL_KEY_CONS_DOMBY;
83 char *CIL_KEY_CONS_INCOMP;
84 char *CIL_KEY_CONDTRUE;
85 char *CIL_KEY_CONDFALSE;
86 char *CIL_KEY_SELF;
87 char *CIL_KEY_NOTSELF;
88 char *CIL_KEY_OTHER;
89 char *CIL_KEY_OBJECT_R;
90 char *CIL_KEY_STAR;
91 char *CIL_KEY_TCP;
92 char *CIL_KEY_UDP;
93 char *CIL_KEY_DCCP;
94 char *CIL_KEY_SCTP;
95 char *CIL_KEY_AUDITALLOW;
96 char *CIL_KEY_TUNABLEIF;
97 char *CIL_KEY_ALLOW;
98 char *CIL_KEY_DONTAUDIT;
99 char *CIL_KEY_TYPETRANSITION;
100 char *CIL_KEY_TYPECHANGE;
101 char *CIL_KEY_CALL;
102 char *CIL_KEY_TUNABLE;
103 char *CIL_KEY_XOR;
104 char *CIL_KEY_ALL;
105 char *CIL_KEY_RANGE;
106 char *CIL_KEY_GLOB;
107 char *CIL_KEY_FILE;
108 char *CIL_KEY_DIR;
109 char *CIL_KEY_CHAR;
110 char *CIL_KEY_BLOCK;
111 char *CIL_KEY_SOCKET;
112 char *CIL_KEY_PIPE;
113 char *CIL_KEY_SYMLINK;
114 char *CIL_KEY_ANY;
115 char *CIL_KEY_XATTR;
116 char *CIL_KEY_TASK;
117 char *CIL_KEY_TRANS;
118 char *CIL_KEY_TYPE;
119 char *CIL_KEY_ROLE;
120 char *CIL_KEY_USER;
121 char *CIL_KEY_USERATTRIBUTE;
122 char *CIL_KEY_USERATTRIBUTESET;
123 char *CIL_KEY_SENSITIVITY;
124 char *CIL_KEY_CATEGORY;
125 char *CIL_KEY_CATSET;
126 char *CIL_KEY_LEVEL;
127 char *CIL_KEY_LEVELRANGE;
128 char *CIL_KEY_CLASS;
129 char *CIL_KEY_IPADDR;
130 char *CIL_KEY_MAP_CLASS;
131 char *CIL_KEY_CLASSPERMISSION;
132 char *CIL_KEY_BOOL;
133 char *CIL_KEY_STRING;
134 char *CIL_KEY_NAME;
135 char *CIL_KEY_SOURCE;
136 char *CIL_KEY_TARGET;
137 char *CIL_KEY_LOW;
138 char *CIL_KEY_HIGH;
139 char *CIL_KEY_LOW_HIGH;
140 char *CIL_KEY_GLBLUB;
141 char *CIL_KEY_HANDLEUNKNOWN;
142 char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
143 char *CIL_KEY_HANDLEUNKNOWN_DENY;
144 char *CIL_KEY_HANDLEUNKNOWN_REJECT;
145 char *CIL_KEY_MACRO;
146 char *CIL_KEY_IN;
147 char *CIL_KEY_IN_BEFORE;
148 char *CIL_KEY_IN_AFTER;
149 char *CIL_KEY_MLS;
150 char *CIL_KEY_DEFAULTRANGE;
151 char *CIL_KEY_BLOCKINHERIT;
152 char *CIL_KEY_BLOCKABSTRACT;
153 char *CIL_KEY_CLASSORDER;
154 char *CIL_KEY_CLASSMAPPING;
155 char *CIL_KEY_CLASSPERMISSIONSET;
156 char *CIL_KEY_COMMON;
157 char *CIL_KEY_CLASSCOMMON;
158 char *CIL_KEY_SID;
159 char *CIL_KEY_SIDCONTEXT;
160 char *CIL_KEY_SIDORDER;
161 char *CIL_KEY_USERLEVEL;
162 char *CIL_KEY_USERRANGE;
163 char *CIL_KEY_USERBOUNDS;
164 char *CIL_KEY_USERPREFIX;
165 char *CIL_KEY_SELINUXUSER;
166 char *CIL_KEY_SELINUXUSERDEFAULT;
167 char *CIL_KEY_TYPEATTRIBUTE;
168 char *CIL_KEY_TYPEATTRIBUTESET;
169 char *CIL_KEY_EXPANDTYPEATTRIBUTE;
170 char *CIL_KEY_TYPEALIAS;
171 char *CIL_KEY_TYPEALIASACTUAL;
172 char *CIL_KEY_TYPEBOUNDS;
173 char *CIL_KEY_TYPEPERMISSIVE;
174 char *CIL_KEY_RANGETRANSITION;
175 char *CIL_KEY_USERROLE;
176 char *CIL_KEY_ROLETYPE;
177 char *CIL_KEY_ROLETRANSITION;
178 char *CIL_KEY_ROLEALLOW;
179 char *CIL_KEY_ROLEATTRIBUTE;
180 char *CIL_KEY_ROLEATTRIBUTESET;
181 char *CIL_KEY_ROLEBOUNDS;
182 char *CIL_KEY_BOOLEANIF;
183 char *CIL_KEY_NEVERALLOW;
184 char *CIL_KEY_TYPEMEMBER;
185 char *CIL_KEY_SENSALIAS;
186 char *CIL_KEY_SENSALIASACTUAL;
187 char *CIL_KEY_CATALIAS;
188 char *CIL_KEY_CATALIASACTUAL;
189 char *CIL_KEY_CATORDER;
190 char *CIL_KEY_SENSITIVITYORDER;
191 char *CIL_KEY_SENSCAT;
192 char *CIL_KEY_CONSTRAIN;
193 char *CIL_KEY_MLSCONSTRAIN;
194 char *CIL_KEY_VALIDATETRANS;
195 char *CIL_KEY_MLSVALIDATETRANS;
196 char *CIL_KEY_CONTEXT;
197 char *CIL_KEY_FILECON;
198 char *CIL_KEY_IBPKEYCON;
199 char *CIL_KEY_IBENDPORTCON;
200 char *CIL_KEY_PORTCON;
201 char *CIL_KEY_NODECON;
202 char *CIL_KEY_GENFSCON;
203 char *CIL_KEY_NETIFCON;
204 char *CIL_KEY_PIRQCON;
205 char *CIL_KEY_IOMEMCON;
206 char *CIL_KEY_IOPORTCON;
207 char *CIL_KEY_PCIDEVICECON;
208 char *CIL_KEY_DEVICETREECON;
209 char *CIL_KEY_FSUSE;
210 char *CIL_KEY_POLICYCAP;
211 char *CIL_KEY_OPTIONAL;
212 char *CIL_KEY_DEFAULTUSER;
213 char *CIL_KEY_DEFAULTROLE;
214 char *CIL_KEY_DEFAULTTYPE;
215 char *CIL_KEY_ROOT;
216 char *CIL_KEY_NODE;
217 char *CIL_KEY_PERM;
218 char *CIL_KEY_ALLOWX;
219 char *CIL_KEY_AUDITALLOWX;
220 char *CIL_KEY_DONTAUDITX;
221 char *CIL_KEY_NEVERALLOWX;
222 char *CIL_KEY_PERMISSIONX;
223 char *CIL_KEY_IOCTL;
224 char *CIL_KEY_NLMSG;
225 char *CIL_KEY_UNORDERED;
226 char *CIL_KEY_SRC_INFO;
227 char *CIL_KEY_SRC_CIL;
228 char *CIL_KEY_SRC_HLL_LMS;
229 char *CIL_KEY_SRC_HLL_LMX;
230 char *CIL_KEY_SRC_HLL_LME;
231 char *CIL_KEY_DENY_RULE;
232
cil_init_keys(void)233 static void cil_init_keys(void)
234 {
235 /* Initialize CIL Keys into strpool */
236 CIL_KEY_CONS_T1 = cil_strpool_add("t1");
237 CIL_KEY_CONS_T2 = cil_strpool_add("t2");
238 CIL_KEY_CONS_T3 = cil_strpool_add("t3");
239 CIL_KEY_CONS_R1 = cil_strpool_add("r1");
240 CIL_KEY_CONS_R2 = cil_strpool_add("r2");
241 CIL_KEY_CONS_R3 = cil_strpool_add("r3");
242 CIL_KEY_CONS_U1 = cil_strpool_add("u1");
243 CIL_KEY_CONS_U2 = cil_strpool_add("u2");
244 CIL_KEY_CONS_U3 = cil_strpool_add("u3");
245 CIL_KEY_CONS_L1 = cil_strpool_add("l1");
246 CIL_KEY_CONS_L2 = cil_strpool_add("l2");
247 CIL_KEY_CONS_H1 = cil_strpool_add("h1");
248 CIL_KEY_CONS_H2 = cil_strpool_add("h2");
249 CIL_KEY_AND = cil_strpool_add("and");
250 CIL_KEY_OR = cil_strpool_add("or");
251 CIL_KEY_NOT = cil_strpool_add("not");
252 CIL_KEY_EQ = cil_strpool_add("eq");
253 CIL_KEY_NEQ = cil_strpool_add("neq");
254 CIL_KEY_CONS_DOM = cil_strpool_add("dom");
255 CIL_KEY_CONS_DOMBY = cil_strpool_add("domby");
256 CIL_KEY_CONS_INCOMP = cil_strpool_add("incomp");
257 CIL_KEY_CONDTRUE = cil_strpool_add("true");
258 CIL_KEY_CONDFALSE = cil_strpool_add("false");
259 CIL_KEY_SELF = cil_strpool_add("self");
260 CIL_KEY_NOTSELF = cil_strpool_add("notself");
261 CIL_KEY_OTHER = cil_strpool_add("other");
262 CIL_KEY_OBJECT_R = cil_strpool_add("object_r");
263 CIL_KEY_STAR = cil_strpool_add("*");
264 CIL_KEY_UDP = cil_strpool_add("udp");
265 CIL_KEY_TCP = cil_strpool_add("tcp");
266 CIL_KEY_DCCP = cil_strpool_add("dccp");
267 CIL_KEY_SCTP = cil_strpool_add("sctp");
268 CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
269 CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
270 CIL_KEY_ALLOW = cil_strpool_add("allow");
271 CIL_KEY_DONTAUDIT = cil_strpool_add("dontaudit");
272 CIL_KEY_TYPETRANSITION = cil_strpool_add("typetransition");
273 CIL_KEY_TYPECHANGE = cil_strpool_add("typechange");
274 CIL_KEY_CALL = cil_strpool_add("call");
275 CIL_KEY_TUNABLE = cil_strpool_add("tunable");
276 CIL_KEY_XOR = cil_strpool_add("xor");
277 CIL_KEY_ALL = cil_strpool_add("all");
278 CIL_KEY_RANGE = cil_strpool_add("range");
279 CIL_KEY_TYPE = cil_strpool_add("type");
280 CIL_KEY_ROLE = cil_strpool_add("role");
281 CIL_KEY_USER = cil_strpool_add("user");
282 CIL_KEY_USERATTRIBUTE = cil_strpool_add("userattribute");
283 CIL_KEY_USERATTRIBUTESET = cil_strpool_add("userattributeset");
284 CIL_KEY_SENSITIVITY = cil_strpool_add("sensitivity");
285 CIL_KEY_CATEGORY = cil_strpool_add("category");
286 CIL_KEY_CATSET = cil_strpool_add("categoryset");
287 CIL_KEY_LEVEL = cil_strpool_add("level");
288 CIL_KEY_LEVELRANGE = cil_strpool_add("levelrange");
289 CIL_KEY_CLASS = cil_strpool_add("class");
290 CIL_KEY_IPADDR = cil_strpool_add("ipaddr");
291 CIL_KEY_MAP_CLASS = cil_strpool_add("classmap");
292 CIL_KEY_CLASSPERMISSION = cil_strpool_add("classpermission");
293 CIL_KEY_BOOL = cil_strpool_add("boolean");
294 CIL_KEY_STRING = cil_strpool_add("string");
295 CIL_KEY_NAME = cil_strpool_add("name");
296 CIL_KEY_HANDLEUNKNOWN = cil_strpool_add("handleunknown");
297 CIL_KEY_HANDLEUNKNOWN_ALLOW = cil_strpool_add("allow");
298 CIL_KEY_HANDLEUNKNOWN_DENY = cil_strpool_add("deny");
299 CIL_KEY_HANDLEUNKNOWN_REJECT = cil_strpool_add("reject");
300 CIL_KEY_BLOCKINHERIT = cil_strpool_add("blockinherit");
301 CIL_KEY_BLOCKABSTRACT = cil_strpool_add("blockabstract");
302 CIL_KEY_CLASSORDER = cil_strpool_add("classorder");
303 CIL_KEY_CLASSMAPPING = cil_strpool_add("classmapping");
304 CIL_KEY_CLASSPERMISSIONSET = cil_strpool_add("classpermissionset");
305 CIL_KEY_COMMON = cil_strpool_add("common");
306 CIL_KEY_CLASSCOMMON = cil_strpool_add("classcommon");
307 CIL_KEY_SID = cil_strpool_add("sid");
308 CIL_KEY_SIDCONTEXT = cil_strpool_add("sidcontext");
309 CIL_KEY_SIDORDER = cil_strpool_add("sidorder");
310 CIL_KEY_USERLEVEL = cil_strpool_add("userlevel");
311 CIL_KEY_USERRANGE = cil_strpool_add("userrange");
312 CIL_KEY_USERBOUNDS = cil_strpool_add("userbounds");
313 CIL_KEY_USERPREFIX = cil_strpool_add("userprefix");
314 CIL_KEY_SELINUXUSER = cil_strpool_add("selinuxuser");
315 CIL_KEY_SELINUXUSERDEFAULT = cil_strpool_add("selinuxuserdefault");
316 CIL_KEY_TYPEATTRIBUTE = cil_strpool_add("typeattribute");
317 CIL_KEY_TYPEATTRIBUTESET = cil_strpool_add("typeattributeset");
318 CIL_KEY_EXPANDTYPEATTRIBUTE = cil_strpool_add("expandtypeattribute");
319 CIL_KEY_TYPEALIAS = cil_strpool_add("typealias");
320 CIL_KEY_TYPEALIASACTUAL = cil_strpool_add("typealiasactual");
321 CIL_KEY_TYPEBOUNDS = cil_strpool_add("typebounds");
322 CIL_KEY_TYPEPERMISSIVE = cil_strpool_add("typepermissive");
323 CIL_KEY_RANGETRANSITION = cil_strpool_add("rangetransition");
324 CIL_KEY_USERROLE = cil_strpool_add("userrole");
325 CIL_KEY_ROLETYPE = cil_strpool_add("roletype");
326 CIL_KEY_ROLETRANSITION = cil_strpool_add("roletransition");
327 CIL_KEY_ROLEALLOW = cil_strpool_add("roleallow");
328 CIL_KEY_ROLEATTRIBUTE = cil_strpool_add("roleattribute");
329 CIL_KEY_ROLEATTRIBUTESET = cil_strpool_add("roleattributeset");
330 CIL_KEY_ROLEBOUNDS = cil_strpool_add("rolebounds");
331 CIL_KEY_BOOLEANIF = cil_strpool_add("booleanif");
332 CIL_KEY_NEVERALLOW = cil_strpool_add("neverallow");
333 CIL_KEY_TYPEMEMBER = cil_strpool_add("typemember");
334 CIL_KEY_SENSALIAS = cil_strpool_add("sensitivityalias");
335 CIL_KEY_SENSALIASACTUAL = cil_strpool_add("sensitivityaliasactual");
336 CIL_KEY_CATALIAS = cil_strpool_add("categoryalias");
337 CIL_KEY_CATALIASACTUAL = cil_strpool_add("categoryaliasactual");
338 CIL_KEY_CATORDER = cil_strpool_add("categoryorder");
339 CIL_KEY_SENSITIVITYORDER = cil_strpool_add("sensitivityorder");
340 CIL_KEY_SENSCAT = cil_strpool_add("sensitivitycategory");
341 CIL_KEY_CONSTRAIN = cil_strpool_add("constrain");
342 CIL_KEY_MLSCONSTRAIN = cil_strpool_add("mlsconstrain");
343 CIL_KEY_VALIDATETRANS = cil_strpool_add("validatetrans");
344 CIL_KEY_MLSVALIDATETRANS = cil_strpool_add("mlsvalidatetrans");
345 CIL_KEY_CONTEXT = cil_strpool_add("context");
346 CIL_KEY_FILECON = cil_strpool_add("filecon");
347 CIL_KEY_IBPKEYCON = cil_strpool_add("ibpkeycon");
348 CIL_KEY_IBENDPORTCON = cil_strpool_add("ibendportcon");
349 CIL_KEY_PORTCON = cil_strpool_add("portcon");
350 CIL_KEY_NODECON = cil_strpool_add("nodecon");
351 CIL_KEY_GENFSCON = cil_strpool_add("genfscon");
352 CIL_KEY_NETIFCON = cil_strpool_add("netifcon");
353 CIL_KEY_PIRQCON = cil_strpool_add("pirqcon");
354 CIL_KEY_IOMEMCON = cil_strpool_add("iomemcon");
355 CIL_KEY_IOPORTCON = cil_strpool_add("ioportcon");
356 CIL_KEY_PCIDEVICECON = cil_strpool_add("pcidevicecon");
357 CIL_KEY_DEVICETREECON = cil_strpool_add("devicetreecon");
358 CIL_KEY_FSUSE = cil_strpool_add("fsuse");
359 CIL_KEY_POLICYCAP = cil_strpool_add("policycap");
360 CIL_KEY_OPTIONAL = cil_strpool_add("optional");
361 CIL_KEY_DEFAULTUSER = cil_strpool_add("defaultuser");
362 CIL_KEY_DEFAULTROLE = cil_strpool_add("defaultrole");
363 CIL_KEY_DEFAULTTYPE = cil_strpool_add("defaulttype");
364 CIL_KEY_MACRO = cil_strpool_add("macro");
365 CIL_KEY_IN = cil_strpool_add("in");
366 CIL_KEY_IN_BEFORE = cil_strpool_add("before");
367 CIL_KEY_IN_AFTER = cil_strpool_add("after");
368 CIL_KEY_MLS = cil_strpool_add("mls");
369 CIL_KEY_DEFAULTRANGE = cil_strpool_add("defaultrange");
370 CIL_KEY_GLOB = cil_strpool_add("*");
371 CIL_KEY_FILE = cil_strpool_add("file");
372 CIL_KEY_DIR = cil_strpool_add("dir");
373 CIL_KEY_CHAR = cil_strpool_add("char");
374 CIL_KEY_BLOCK = cil_strpool_add("block");
375 CIL_KEY_SOCKET = cil_strpool_add("socket");
376 CIL_KEY_PIPE = cil_strpool_add("pipe");
377 CIL_KEY_SYMLINK = cil_strpool_add("symlink");
378 CIL_KEY_ANY = cil_strpool_add("any");
379 CIL_KEY_XATTR = cil_strpool_add("xattr");
380 CIL_KEY_TASK = cil_strpool_add("task");
381 CIL_KEY_TRANS = cil_strpool_add("trans");
382 CIL_KEY_SOURCE = cil_strpool_add("source");
383 CIL_KEY_TARGET = cil_strpool_add("target");
384 CIL_KEY_LOW = cil_strpool_add("low");
385 CIL_KEY_HIGH = cil_strpool_add("high");
386 CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
387 CIL_KEY_GLBLUB = cil_strpool_add("glblub");
388 CIL_KEY_ROOT = cil_strpool_add("<root>");
389 CIL_KEY_NODE = cil_strpool_add("<node>");
390 CIL_KEY_PERM = cil_strpool_add("perm");
391 CIL_KEY_ALLOWX = cil_strpool_add("allowx");
392 CIL_KEY_AUDITALLOWX = cil_strpool_add("auditallowx");
393 CIL_KEY_DONTAUDITX = cil_strpool_add("dontauditx");
394 CIL_KEY_NEVERALLOWX = cil_strpool_add("neverallowx");
395 CIL_KEY_PERMISSIONX = cil_strpool_add("permissionx");
396 CIL_KEY_IOCTL = cil_strpool_add("ioctl");
397 CIL_KEY_NLMSG = cil_strpool_add("nlmsg");
398 CIL_KEY_UNORDERED = cil_strpool_add("unordered");
399 CIL_KEY_SRC_INFO = cil_strpool_add("<src_info>");
400 CIL_KEY_SRC_CIL = cil_strpool_add("cil");
401 CIL_KEY_SRC_HLL_LMS = cil_strpool_add("lms");
402 CIL_KEY_SRC_HLL_LMX = cil_strpool_add("lmx");
403 CIL_KEY_SRC_HLL_LME = cil_strpool_add("lme");
404 CIL_KEY_DENY_RULE = cil_strpool_add("deny");
405 }
406
cil_db_init(struct cil_db ** db)407 void cil_db_init(struct cil_db **db)
408 {
409 *db = cil_malloc(sizeof(**db));
410
411 cil_strpool_init();
412 cil_init_keys();
413
414 cil_tree_init(&(*db)->parse);
415 cil_tree_init(&(*db)->ast);
416 cil_root_init((struct cil_root **)&(*db)->ast->root->data);
417 (*db)->sidorder = NULL;
418 (*db)->classorder = NULL;
419 (*db)->catorder = NULL;
420 (*db)->sensitivityorder = NULL;
421 cil_sort_init(&(*db)->netifcon);
422 cil_sort_init(&(*db)->genfscon);
423 cil_sort_init(&(*db)->filecon);
424 cil_sort_init(&(*db)->nodecon);
425 cil_sort_init(&(*db)->ibpkeycon);
426 cil_sort_init(&(*db)->ibendportcon);
427 cil_sort_init(&(*db)->portcon);
428 cil_sort_init(&(*db)->pirqcon);
429 cil_sort_init(&(*db)->iomemcon);
430 cil_sort_init(&(*db)->ioportcon);
431 cil_sort_init(&(*db)->pcidevicecon);
432 cil_sort_init(&(*db)->devicetreecon);
433 cil_sort_init(&(*db)->fsuse);
434 cil_list_init(&(*db)->userprefixes, CIL_LIST_ITEM);
435 cil_list_init(&(*db)->selinuxusers, CIL_LIST_ITEM);
436 cil_list_init(&(*db)->declared_strings, CIL_LIST_ITEM);
437
438 cil_type_init(&(*db)->selftype);
439 (*db)->selftype->datum.name = CIL_KEY_SELF;
440 (*db)->selftype->datum.fqn = CIL_KEY_SELF;
441 cil_type_init(&(*db)->notselftype);
442 (*db)->notselftype->datum.name = CIL_KEY_NOTSELF;
443 (*db)->notselftype->datum.fqn = CIL_KEY_NOTSELF;
444 cil_type_init(&(*db)->othertype);
445 (*db)->othertype->datum.name = CIL_KEY_OTHER;
446 (*db)->othertype->datum.fqn = CIL_KEY_OTHER;
447 (*db)->num_types_and_attrs = 0;
448 (*db)->num_classes = 0;
449 (*db)->num_types = 0;
450 (*db)->num_roles = 0;
451 (*db)->num_users = 0;
452 (*db)->num_cats = 0;
453 (*db)->val_to_type = NULL;
454 (*db)->val_to_role = NULL;
455 (*db)->val_to_user = NULL;
456
457 (*db)->disable_dontaudit = CIL_FALSE;
458 (*db)->disable_neverallow = CIL_FALSE;
459 (*db)->attrs_expand_generated = CIL_FALSE;
460 (*db)->attrs_expand_size = 1;
461 (*db)->preserve_tunables = CIL_FALSE;
462 (*db)->handle_unknown = -1;
463 (*db)->mls = -1;
464 (*db)->multiple_decls = CIL_FALSE;
465 (*db)->qualified_names = CIL_FALSE;
466 (*db)->target_platform = SEPOL_TARGET_SELINUX;
467 (*db)->policy_version = POLICYDB_VERSION_MAX;
468 }
469
cil_declared_strings_list_destroy(struct cil_list ** strings)470 static void cil_declared_strings_list_destroy(struct cil_list **strings)
471 {
472 struct cil_list_item *i;
473
474 cil_list_for_each(i, *strings) {
475 struct cil_symtab_datum *d = i->data;
476 cil_symtab_datum_destroy(d);
477 free(d);
478 }
479 cil_list_destroy(strings, CIL_FALSE);
480 }
481
cil_db_destroy(struct cil_db ** db)482 void cil_db_destroy(struct cil_db **db)
483 {
484 if (db == NULL || *db == NULL) {
485 return;
486 }
487
488 cil_tree_destroy(&(*db)->parse);
489 cil_tree_destroy(&(*db)->ast);
490 cil_list_destroy(&(*db)->sidorder, CIL_FALSE);
491 cil_list_destroy(&(*db)->classorder, CIL_FALSE);
492 cil_list_destroy(&(*db)->catorder, CIL_FALSE);
493 cil_list_destroy(&(*db)->sensitivityorder, CIL_FALSE);
494 cil_sort_destroy(&(*db)->netifcon);
495 cil_sort_destroy(&(*db)->genfscon);
496 cil_sort_destroy(&(*db)->filecon);
497 cil_sort_destroy(&(*db)->nodecon);
498 cil_sort_destroy(&(*db)->ibpkeycon);
499 cil_sort_destroy(&(*db)->ibendportcon);
500 cil_sort_destroy(&(*db)->portcon);
501 cil_sort_destroy(&(*db)->pirqcon);
502 cil_sort_destroy(&(*db)->iomemcon);
503 cil_sort_destroy(&(*db)->ioportcon);
504 cil_sort_destroy(&(*db)->pcidevicecon);
505 cil_sort_destroy(&(*db)->devicetreecon);
506 cil_sort_destroy(&(*db)->fsuse);
507 cil_list_destroy(&(*db)->userprefixes, CIL_FALSE);
508 cil_list_destroy(&(*db)->selinuxusers, CIL_FALSE);
509
510 cil_declared_strings_list_destroy(&(*db)->declared_strings);
511
512 cil_destroy_type((*db)->selftype);
513 cil_destroy_type((*db)->notselftype);
514 cil_destroy_type((*db)->othertype);
515
516 cil_strpool_destroy();
517 free((*db)->val_to_type);
518 free((*db)->val_to_role);
519 free((*db)->val_to_user);
520
521 free(*db);
522 *db = NULL;
523 }
524
cil_root_init(struct cil_root ** root)525 void cil_root_init(struct cil_root **root)
526 {
527 struct cil_root *r = cil_malloc(sizeof(*r));
528 cil_symtab_array_init(r->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
529
530 *root = r;
531 }
532
cil_root_destroy(struct cil_root * root)533 void cil_root_destroy(struct cil_root *root)
534 {
535 if (root == NULL) {
536 return;
537 }
538 cil_symtab_array_destroy(root->symtab);
539 free(root);
540 }
541
cil_add_file(cil_db_t * db,const char * name,const char * data,size_t size)542 int cil_add_file(cil_db_t *db, const char *name, const char *data, size_t size)
543 {
544 char *buffer = NULL;
545 int rc;
546
547 cil_log(CIL_INFO, "Parsing %s\n", name);
548
549 buffer = cil_malloc(size + 2);
550 memcpy(buffer, data, size);
551 memset(buffer + size, 0, 2);
552
553 rc = cil_parser(name, buffer, size + 2, &db->parse);
554 if (rc != SEPOL_OK) {
555 cil_log(CIL_INFO, "Failed to parse %s\n", name);
556 goto exit;
557 }
558
559 free(buffer);
560 buffer = NULL;
561
562 rc = SEPOL_OK;
563
564 exit:
565 free(buffer);
566
567 return rc;
568 }
569
cil_compile(struct cil_db * db)570 int cil_compile(struct cil_db *db)
571 {
572 int rc = SEPOL_ERR;
573
574 if (db == NULL) {
575 goto exit;
576 }
577
578 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
579 rc = cil_build_ast(db, db->parse->root, db->ast->root);
580 if (rc != SEPOL_OK) {
581 cil_log(CIL_ERR, "Failed to build AST\n");
582 goto exit;
583 }
584
585 cil_log(CIL_INFO, "Destroying Parse Tree\n");
586 cil_tree_destroy(&db->parse);
587
588 cil_log(CIL_INFO, "Resolving AST\n");
589 rc = cil_resolve_ast(db, db->ast->root);
590 if (rc != SEPOL_OK) {
591 cil_log(CIL_ERR, "Failed to resolve AST\n");
592 goto exit;
593 }
594
595 cil_log(CIL_INFO, "Qualifying Names\n");
596 rc = cil_fqn_qualify(db->ast->root);
597 if (rc != SEPOL_OK) {
598 cil_log(CIL_ERR, "Failed to qualify names\n");
599 goto exit;
600 }
601
602 cil_log(CIL_INFO, "Compile post process\n");
603 rc = cil_post_process(db);
604 if (rc != SEPOL_OK ) {
605 cil_log(CIL_ERR, "Post process failed\n");
606 goto exit;
607 }
608
609 exit:
610
611 return rc;
612 }
613
cil_write_parse_ast(FILE * out,cil_db_t * db)614 int cil_write_parse_ast(FILE *out, cil_db_t *db)
615 {
616 int rc = SEPOL_ERR;
617
618 if (db == NULL) {
619 goto exit;
620 }
621
622 cil_log(CIL_INFO, "Writing Parse AST\n");
623 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_PARSE, db->parse->root);
624 if (rc != SEPOL_OK) {
625 cil_log(CIL_ERR, "Failed to write parse ast\n");
626 goto exit;
627 }
628
629 exit:
630 return rc;
631 }
632
cil_write_build_ast(FILE * out,cil_db_t * db)633 int cil_write_build_ast(FILE *out, cil_db_t *db)
634 {
635 int rc = SEPOL_ERR;
636
637 if (db == NULL) {
638 goto exit;
639 }
640
641 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
642 rc = cil_build_ast(db, db->parse->root, db->ast->root);
643 if (rc != SEPOL_OK) {
644 cil_log(CIL_ERR, "Failed to build ast\n");
645 goto exit;
646 }
647
648 cil_log(CIL_INFO, "Destroying Parse Tree\n");
649 cil_tree_destroy(&db->parse);
650
651 cil_log(CIL_INFO, "Writing Build AST\n");
652 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_BUILD, db->ast->root);
653 if (rc != SEPOL_OK) {
654 cil_log(CIL_ERR, "Failed to write build ast\n");
655 goto exit;
656 }
657
658 exit:
659 return rc;
660 }
661
cil_write_resolve_ast(FILE * out,cil_db_t * db)662 int cil_write_resolve_ast(FILE *out, cil_db_t *db)
663 {
664 int rc = SEPOL_ERR;
665
666 if (db == NULL) {
667 goto exit;
668 }
669
670 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
671 rc = cil_build_ast(db, db->parse->root, db->ast->root);
672 if (rc != SEPOL_OK) {
673 cil_log(CIL_ERR, "Failed to build ast\n");
674 goto exit;
675 }
676
677 cil_log(CIL_INFO, "Destroying Parse Tree\n");
678 cil_tree_destroy(&db->parse);
679
680 cil_log(CIL_INFO, "Resolving AST\n");
681 rc = cil_resolve_ast(db, db->ast->root);
682 if (rc != SEPOL_OK) {
683 cil_log(CIL_ERR, "Failed to resolve ast\n");
684 goto exit;
685 }
686
687 cil_log(CIL_INFO, "Qualifying Names\n");
688 rc = cil_fqn_qualify(db->ast->root);
689 if (rc != SEPOL_OK) {
690 cil_log(CIL_ERR, "Failed to qualify names\n");
691 goto exit;
692 }
693
694 cil_log(CIL_INFO, "Writing Resolve AST\n");
695 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_RESOLVE, db->ast->root);
696 if (rc != SEPOL_OK) {
697 cil_log(CIL_ERR, "Failed to write resolve ast\n");
698 goto exit;
699 }
700
701 exit:
702 return rc;
703 }
704
cil_write_post_ast(FILE * out,cil_db_t * db)705 int cil_write_post_ast(FILE *out, cil_db_t *db)
706 {
707 int rc = SEPOL_ERR;
708
709 if (db == NULL) {
710 goto exit;
711 }
712
713 cil_log(CIL_INFO, "Building AST from Parse Tree\n");
714 rc = cil_build_ast(db, db->parse->root, db->ast->root);
715 if (rc != SEPOL_OK) {
716 cil_log(CIL_ERR, "Failed to build ast\n");
717 goto exit;
718 }
719
720 cil_log(CIL_INFO, "Destroying Parse Tree\n");
721 cil_tree_destroy(&db->parse);
722
723 cil_log(CIL_INFO, "Resolving AST\n");
724 rc = cil_resolve_ast(db, db->ast->root);
725 if (rc != SEPOL_OK) {
726 cil_log(CIL_ERR, "Failed to resolve ast\n");
727 goto exit;
728 }
729
730 cil_log(CIL_INFO, "Qualifying Names\n");
731 rc = cil_fqn_qualify(db->ast->root);
732 if (rc != SEPOL_OK) {
733 cil_log(CIL_ERR, "Failed to qualify names\n");
734 goto exit;
735 }
736
737 cil_log(CIL_INFO, "Compile post process\n");
738 rc = cil_post_process(db);
739 if (rc != SEPOL_OK ) {
740 cil_log(CIL_ERR, "Post process failed\n");
741 goto exit;
742 }
743
744 cil_log(CIL_INFO, "Writing Post AST\n");
745 rc = cil_write_ast(out, CIL_WRITE_AST_PHASE_POST, db->ast->root);
746 if (rc != SEPOL_OK) {
747 cil_log(CIL_ERR, "Failed to write post ast\n");
748 goto exit;
749 }
750
751 exit:
752 return rc;
753 }
754
cil_build_policydb(cil_db_t * db,sepol_policydb_t ** sepol_db)755 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
756 {
757 int rc;
758
759 cil_log(CIL_INFO, "Building policy binary\n");
760 rc = cil_binary_create(db, sepol_db);
761 if (rc != SEPOL_OK) {
762 cil_log(CIL_ERR, "Failed to generate binary\n");
763 goto exit;
764 }
765
766 exit:
767 return rc;
768 }
769
cil_write_policy_conf(FILE * out,struct cil_db * db)770 void cil_write_policy_conf(FILE *out, struct cil_db *db)
771 {
772 cil_log(CIL_INFO, "Writing policy.conf file\n");
773 cil_gen_policy(out, db);
774 }
775
cil_destroy_data(void ** data,enum cil_flavor flavor)776 void cil_destroy_data(void **data, enum cil_flavor flavor)
777 {
778 if (*data == NULL) {
779 return;
780 }
781
782 switch(flavor) {
783 case CIL_NONE:
784 break;
785 case CIL_ROOT:
786 cil_root_destroy(*data);
787 break;
788 case CIL_NODE:
789 break;
790 case CIL_STRING:
791 break;
792 case CIL_DATUM:
793 break;
794 case CIL_LIST:
795 cil_list_destroy(*data, CIL_FALSE);
796 break;
797 case CIL_LIST_ITEM:
798 break;
799 case CIL_PARAM:
800 cil_destroy_param(*data);
801 break;
802 case CIL_ARGS:
803 cil_destroy_args(*data);
804 break;
805 case CIL_BLOCK:
806 cil_destroy_block(*data);
807 break;
808 case CIL_BLOCKINHERIT:
809 cil_destroy_blockinherit(*data);
810 break;
811 case CIL_BLOCKABSTRACT:
812 cil_destroy_blockabstract(*data);
813 break;
814 case CIL_IN:
815 cil_destroy_in(*data);
816 break;
817 case CIL_MACRO:
818 cil_destroy_macro(*data);
819 break;
820 case CIL_CALL:
821 cil_destroy_call(*data);
822 break;
823 case CIL_OPTIONAL:
824 cil_destroy_optional(*data);
825 break;
826 case CIL_BOOL:
827 cil_destroy_bool(*data);
828 break;
829 case CIL_BOOLEANIF:
830 cil_destroy_boolif(*data);
831 break;
832 case CIL_TUNABLE:
833 cil_destroy_tunable(*data);
834 break;
835 case CIL_TUNABLEIF:
836 cil_destroy_tunif(*data);
837 break;
838 case CIL_CONDBLOCK:
839 cil_destroy_condblock(*data);
840 break;
841 case CIL_CONDTRUE:
842 break;
843 case CIL_CONDFALSE:
844 break;
845 case CIL_PERM:
846 case CIL_MAP_PERM:
847 cil_destroy_perm(*data);
848 break;
849 case CIL_COMMON:
850 case CIL_CLASS:
851 case CIL_MAP_CLASS:
852 cil_destroy_class(*data);
853 break;
854 case CIL_CLASSORDER:
855 cil_destroy_ordered(*data);
856 break;
857 case CIL_CLASSPERMISSION:
858 cil_destroy_classpermission(*data);
859 break;
860 case CIL_CLASSCOMMON:
861 cil_destroy_classcommon(*data);
862 break;
863 case CIL_CLASSMAPPING:
864 cil_destroy_classmapping(*data);
865 break;
866 case CIL_CLASSPERMS:
867 cil_destroy_classperms(*data);
868 break;
869 case CIL_CLASSPERMS_SET:
870 cil_destroy_classperms_set(*data);
871 break;
872 case CIL_CLASSPERMISSIONSET:
873 cil_destroy_classpermissionset(*data);
874 break;
875 case CIL_USER:
876 cil_destroy_user(*data);
877 break;
878 case CIL_USERATTRIBUTE:
879 cil_destroy_userattribute(*data);
880 break;
881 case CIL_USERATTRIBUTESET:
882 cil_destroy_userattributeset(*data);
883 break;
884 case CIL_USERPREFIX:
885 cil_destroy_userprefix(*data);
886 break;
887 case CIL_USERROLE:
888 cil_destroy_userrole(*data);
889 break;
890 case CIL_USERLEVEL:
891 cil_destroy_userlevel(*data);
892 break;
893 case CIL_USERRANGE:
894 cil_destroy_userrange(*data);
895 break;
896 case CIL_USERBOUNDS:
897 cil_destroy_bounds(*data);
898 break;
899 case CIL_SELINUXUSER:
900 case CIL_SELINUXUSERDEFAULT:
901 cil_destroy_selinuxuser(*data);
902 break;
903 case CIL_ROLE:
904 cil_destroy_role(*data);
905 break;
906 case CIL_ROLEATTRIBUTE:
907 cil_destroy_roleattribute(*data);
908 break;
909 case CIL_ROLEATTRIBUTESET:
910 cil_destroy_roleattributeset(*data);
911 break;
912 case CIL_ROLETYPE:
913 cil_destroy_roletype(*data);
914 break;
915 case CIL_ROLEBOUNDS:
916 cil_destroy_bounds(*data);
917 break;
918 case CIL_TYPE:
919 cil_destroy_type(*data);
920 break;
921 case CIL_TYPEATTRIBUTE:
922 cil_destroy_typeattribute(*data);
923 break;
924 case CIL_TYPEALIAS:
925 cil_destroy_alias(*data);
926 break;
927 case CIL_TYPEATTRIBUTESET:
928 cil_destroy_typeattributeset(*data);
929 break;
930 case CIL_EXPANDTYPEATTRIBUTE:
931 cil_destroy_expandtypeattribute(*data);
932 break;
933 case CIL_TYPEALIASACTUAL:
934 cil_destroy_aliasactual(*data);
935 break;
936 case CIL_TYPEBOUNDS:
937 cil_destroy_bounds(*data);
938 break;
939 case CIL_TYPEPERMISSIVE:
940 cil_destroy_typepermissive(*data);
941 break;
942 case CIL_SENS:
943 cil_destroy_sensitivity(*data);
944 break;
945 case CIL_SENSALIAS:
946 cil_destroy_alias(*data);
947 break;
948 case CIL_SENSALIASACTUAL:
949 cil_destroy_aliasactual(*data);
950 break;
951 case CIL_SENSITIVITYORDER:
952 cil_destroy_ordered(*data);
953 break;
954 case CIL_SENSCAT:
955 cil_destroy_senscat(*data);
956 break;
957 case CIL_CAT:
958 cil_destroy_category(*data);
959 break;
960 case CIL_CATSET:
961 cil_destroy_catset(*data);
962 break;
963 case CIL_CATALIAS:
964 cil_destroy_alias(*data);
965 break;
966 case CIL_CATALIASACTUAL:
967 cil_destroy_aliasactual(*data);
968 break;
969 case CIL_CATORDER:
970 cil_destroy_ordered(*data);
971 break;
972 case CIL_LEVEL:
973 cil_destroy_level(*data);
974 break;
975 case CIL_LEVELRANGE:
976 cil_destroy_levelrange(*data);
977 break;
978 case CIL_SID:
979 cil_destroy_sid(*data);
980 break;
981 case CIL_SIDORDER:
982 cil_destroy_ordered(*data);
983 break;
984 case CIL_ROLEALLOW:
985 cil_destroy_roleallow(*data);
986 break;
987 case CIL_AVRULE:
988 case CIL_AVRULEX:
989 cil_destroy_avrule(*data);
990 break;
991 case CIL_PERMISSIONX:
992 cil_destroy_permissionx(*data);
993 break;
994 case CIL_DENY_RULE:
995 cil_destroy_deny_rule(*data);
996 break;
997 case CIL_ROLETRANSITION:
998 cil_destroy_roletransition(*data);
999 break;
1000 case CIL_TYPE_RULE:
1001 cil_destroy_type_rule(*data);
1002 break;
1003 case CIL_NAMETYPETRANSITION:
1004 cil_destroy_typetransition(*data);
1005 break;
1006 case CIL_RANGETRANSITION:
1007 cil_destroy_rangetransition(*data);
1008 break;
1009 case CIL_CONSTRAIN:
1010 cil_destroy_constrain(*data);
1011 break;
1012 case CIL_MLSCONSTRAIN:
1013 cil_destroy_constrain(*data);
1014 break;
1015 case CIL_VALIDATETRANS:
1016 case CIL_MLSVALIDATETRANS:
1017 cil_destroy_validatetrans(*data);
1018 break;
1019 case CIL_CONTEXT:
1020 cil_destroy_context(*data);
1021 break;
1022 case CIL_IPADDR:
1023 cil_destroy_ipaddr(*data);
1024 break;
1025 case CIL_DECLARED_STRING:
1026 break;
1027 case CIL_SIDCONTEXT:
1028 cil_destroy_sidcontext(*data);
1029 break;
1030 case CIL_FSUSE:
1031 cil_destroy_fsuse(*data);
1032 break;
1033 case CIL_FILECON:
1034 cil_destroy_filecon(*data);
1035 break;
1036 case CIL_IBPKEYCON:
1037 cil_destroy_ibpkeycon(*data);
1038 break;
1039 case CIL_PORTCON:
1040 cil_destroy_portcon(*data);
1041 break;
1042 case CIL_IBENDPORTCON:
1043 cil_destroy_ibendportcon(*data);
1044 break;
1045 case CIL_NODECON:
1046 cil_destroy_nodecon(*data);
1047 break;
1048 case CIL_GENFSCON:
1049 cil_destroy_genfscon(*data);
1050 break;
1051 case CIL_NETIFCON:
1052 cil_destroy_netifcon(*data);
1053 break;
1054 case CIL_PIRQCON:
1055 cil_destroy_pirqcon(*data);
1056 break;
1057 case CIL_IOMEMCON:
1058 cil_destroy_iomemcon(*data);
1059 break;
1060 case CIL_IOPORTCON:
1061 cil_destroy_ioportcon(*data);
1062 break;
1063 case CIL_PCIDEVICECON:
1064 cil_destroy_pcidevicecon(*data);
1065 break;
1066 case CIL_DEVICETREECON:
1067 cil_destroy_devicetreecon(*data);
1068 break;
1069 case CIL_POLICYCAP:
1070 cil_destroy_policycap(*data);
1071 break;
1072 case CIL_DEFAULTUSER:
1073 case CIL_DEFAULTROLE:
1074 case CIL_DEFAULTTYPE:
1075 cil_destroy_default(*data);
1076 break;
1077 case CIL_DEFAULTRANGE:
1078 cil_destroy_defaultrange(*data);
1079 break;
1080 case CIL_HANDLEUNKNOWN:
1081 cil_destroy_handleunknown(*data);
1082 break;
1083 case CIL_MLS:
1084 cil_destroy_mls(*data);
1085 break;
1086 case CIL_SRC_INFO:
1087 cil_destroy_src_info(*data);
1088 break;
1089 case CIL_OP:
1090 case CIL_CONS_OPERAND:
1091 break;
1092 default:
1093 cil_log(CIL_INFO, "Unknown data flavor: %d\n", flavor);
1094 break;
1095 }
1096
1097 *data = NULL;
1098 }
1099
cil_flavor_to_symtab_index(enum cil_flavor flavor,enum cil_sym_index * sym_index)1100 int cil_flavor_to_symtab_index(enum cil_flavor flavor, enum cil_sym_index *sym_index)
1101 {
1102 if (flavor < CIL_MIN_DECLARATIVE) {
1103 return SEPOL_ERR;
1104 }
1105
1106 switch(flavor) {
1107 case CIL_BLOCK:
1108 *sym_index = CIL_SYM_BLOCKS;
1109 break;
1110 case CIL_MACRO:
1111 *sym_index = CIL_SYM_BLOCKS;
1112 break;
1113 case CIL_OPTIONAL:
1114 *sym_index = CIL_SYM_BLOCKS;
1115 break;
1116 case CIL_BOOL:
1117 *sym_index = CIL_SYM_BOOLS;
1118 break;
1119 case CIL_TUNABLE:
1120 *sym_index = CIL_SYM_TUNABLES;
1121 break;
1122 case CIL_PERM:
1123 case CIL_MAP_PERM:
1124 *sym_index = CIL_SYM_PERMS;
1125 break;
1126 case CIL_COMMON:
1127 *sym_index = CIL_SYM_COMMONS;
1128 break;
1129 case CIL_CLASS:
1130 case CIL_MAP_CLASS:
1131 *sym_index = CIL_SYM_CLASSES;
1132 break;
1133 case CIL_CLASSPERMISSION:
1134 case CIL_CLASSPERMISSIONSET:
1135 *sym_index = CIL_SYM_CLASSPERMSETS;
1136 break;
1137 case CIL_USER:
1138 case CIL_USERATTRIBUTE:
1139 *sym_index = CIL_SYM_USERS;
1140 break;
1141 case CIL_ROLE:
1142 case CIL_ROLEATTRIBUTE:
1143 *sym_index = CIL_SYM_ROLES;
1144 break;
1145 case CIL_TYPE:
1146 case CIL_TYPEALIAS:
1147 case CIL_TYPEATTRIBUTE:
1148 *sym_index = CIL_SYM_TYPES;
1149 break;
1150 case CIL_SENS:
1151 case CIL_SENSALIAS:
1152 *sym_index = CIL_SYM_SENS;
1153 break;
1154 case CIL_CAT:
1155 case CIL_CATSET:
1156 case CIL_CATALIAS:
1157 *sym_index = CIL_SYM_CATS;
1158 break;
1159 case CIL_LEVEL:
1160 *sym_index = CIL_SYM_LEVELS;
1161 break;
1162 case CIL_LEVELRANGE:
1163 *sym_index = CIL_SYM_LEVELRANGES;
1164 break;
1165 case CIL_SID:
1166 *sym_index = CIL_SYM_SIDS;
1167 break;
1168 case CIL_DECLARED_STRING:
1169 *sym_index = CIL_SYM_STRINGS;
1170 break;
1171 case CIL_CONTEXT:
1172 *sym_index = CIL_SYM_CONTEXTS;
1173 break;
1174 case CIL_IPADDR:
1175 *sym_index = CIL_SYM_IPADDRS;
1176 break;
1177 case CIL_POLICYCAP:
1178 *sym_index = CIL_SYM_POLICYCAPS;
1179 break;
1180 case CIL_PERMISSIONX:
1181 *sym_index = CIL_SYM_PERMX;
1182 break;
1183 default:
1184 *sym_index = CIL_SYM_UNKNOWN;
1185 cil_log(CIL_INFO, "Failed to find flavor: %d\n", flavor);
1186 return SEPOL_ERR;
1187 }
1188
1189 return SEPOL_OK;
1190 }
1191
cil_node_to_string(struct cil_tree_node * node)1192 const char * cil_node_to_string(struct cil_tree_node *node)
1193 {
1194 switch (node->flavor) {
1195 case CIL_NONE:
1196 return "<none>";
1197 case CIL_ROOT:
1198 return CIL_KEY_ROOT;
1199 case CIL_NODE:
1200 return CIL_KEY_NODE;
1201 case CIL_STRING:
1202 return CIL_KEY_STRING;
1203 case CIL_DATUM:
1204 return "<datum>";
1205 case CIL_LIST:
1206 return "<list>";
1207 case CIL_LIST_ITEM:
1208 return "<list_item>";
1209 case CIL_PARAM:
1210 return "<param>";
1211 case CIL_ARGS:
1212 return "<args>";
1213 case CIL_BLOCK:
1214 return CIL_KEY_BLOCK;
1215 case CIL_BLOCKINHERIT:
1216 return CIL_KEY_BLOCKINHERIT;
1217 case CIL_BLOCKABSTRACT:
1218 return CIL_KEY_BLOCKABSTRACT;
1219 case CIL_IN:
1220 return CIL_KEY_IN;
1221 case CIL_MACRO:
1222 return CIL_KEY_MACRO;
1223 case CIL_CALL:
1224 return CIL_KEY_CALL;
1225 case CIL_OPTIONAL:
1226 return CIL_KEY_OPTIONAL;
1227 case CIL_BOOL:
1228 return CIL_KEY_BOOL;
1229 case CIL_BOOLEANIF:
1230 return CIL_KEY_BOOLEANIF;
1231 case CIL_TUNABLE:
1232 return CIL_KEY_TUNABLE;
1233 case CIL_TUNABLEIF:
1234 return CIL_KEY_TUNABLEIF;
1235 case CIL_CONDBLOCK:
1236 switch (((struct cil_condblock*)node->data)->flavor) {
1237 case CIL_CONDTRUE:
1238 return CIL_KEY_CONDTRUE;
1239 case CIL_CONDFALSE:
1240 return CIL_KEY_CONDFALSE;
1241 default:
1242 break;
1243 }
1244 break;
1245 case CIL_CONDTRUE:
1246 return CIL_KEY_CONDTRUE;
1247 case CIL_CONDFALSE:
1248 return CIL_KEY_CONDFALSE;
1249 case CIL_PERM:
1250 return CIL_KEY_PERM;
1251 case CIL_COMMON:
1252 return CIL_KEY_COMMON;
1253 case CIL_CLASS:
1254 return CIL_KEY_CLASS;
1255 case CIL_CLASSORDER:
1256 return CIL_KEY_CLASSORDER;
1257 case CIL_MAP_CLASS:
1258 return CIL_KEY_MAP_CLASS;
1259 case CIL_CLASSPERMISSION:
1260 return CIL_KEY_CLASSPERMISSION;
1261 case CIL_CLASSCOMMON:
1262 return CIL_KEY_CLASSCOMMON;
1263 case CIL_CLASSMAPPING:
1264 return CIL_KEY_CLASSMAPPING;
1265 case CIL_CLASSPERMISSIONSET:
1266 return CIL_KEY_CLASSPERMISSIONSET;
1267 case CIL_USER:
1268 return CIL_KEY_USER;
1269 case CIL_USERATTRIBUTE:
1270 return CIL_KEY_USERATTRIBUTE;
1271 case CIL_USERATTRIBUTESET:
1272 return CIL_KEY_USERATTRIBUTESET;
1273 case CIL_USERPREFIX:
1274 return CIL_KEY_USERPREFIX;
1275 case CIL_USERROLE:
1276 return CIL_KEY_USERROLE;
1277 case CIL_USERLEVEL:
1278 return CIL_KEY_USERLEVEL;
1279 case CIL_USERRANGE:
1280 return CIL_KEY_USERRANGE;
1281 case CIL_USERBOUNDS:
1282 return CIL_KEY_USERBOUNDS;
1283 case CIL_SELINUXUSER:
1284 return CIL_KEY_SELINUXUSER;
1285 case CIL_SELINUXUSERDEFAULT:
1286 return CIL_KEY_SELINUXUSERDEFAULT;
1287 case CIL_ROLE:
1288 return CIL_KEY_ROLE;
1289 case CIL_ROLEATTRIBUTE:
1290 return CIL_KEY_ROLEATTRIBUTE;
1291 case CIL_ROLEATTRIBUTESET:
1292 return CIL_KEY_ROLEATTRIBUTESET;
1293 case CIL_ROLETYPE:
1294 return CIL_KEY_ROLETYPE;
1295 case CIL_ROLEBOUNDS:
1296 return CIL_KEY_ROLEBOUNDS;
1297 case CIL_TYPE:
1298 return CIL_KEY_TYPE;
1299 case CIL_TYPEATTRIBUTE:
1300 return CIL_KEY_TYPEATTRIBUTE;
1301 case CIL_TYPEALIAS:
1302 return CIL_KEY_TYPEALIAS;
1303 case CIL_TYPEATTRIBUTESET:
1304 return CIL_KEY_TYPEATTRIBUTESET;
1305 case CIL_EXPANDTYPEATTRIBUTE:
1306 return CIL_KEY_EXPANDTYPEATTRIBUTE;
1307 case CIL_TYPEALIASACTUAL:
1308 return CIL_KEY_TYPEALIASACTUAL;
1309 case CIL_TYPEBOUNDS:
1310 return CIL_KEY_TYPEBOUNDS;
1311 case CIL_TYPEPERMISSIVE:
1312 return CIL_KEY_TYPEPERMISSIVE;
1313 case CIL_SENS:
1314 return CIL_KEY_SENSITIVITY;
1315 case CIL_SENSALIAS:
1316 return CIL_KEY_SENSALIAS;
1317 case CIL_SENSALIASACTUAL:
1318 return CIL_KEY_SENSALIASACTUAL;
1319 case CIL_SENSITIVITYORDER:
1320 return CIL_KEY_SENSITIVITYORDER;
1321 case CIL_SENSCAT:
1322 return CIL_KEY_SENSCAT;
1323 case CIL_CAT:
1324 return CIL_KEY_CATEGORY;
1325 case CIL_CATSET:
1326 return CIL_KEY_CATSET;
1327 case CIL_CATALIAS:
1328 return CIL_KEY_CATALIAS;
1329 case CIL_CATALIASACTUAL:
1330 return CIL_KEY_CATALIASACTUAL;
1331 case CIL_CATORDER:
1332 return CIL_KEY_CATORDER;
1333 case CIL_LEVEL:
1334 return CIL_KEY_LEVEL;
1335 case CIL_LEVELRANGE:
1336 return CIL_KEY_LEVELRANGE;
1337 case CIL_SID:
1338 return CIL_KEY_SID;
1339 case CIL_SIDORDER:
1340 return CIL_KEY_SIDORDER;
1341 case CIL_ROLEALLOW:
1342 return CIL_KEY_ROLEALLOW;
1343 case CIL_AVRULE:
1344 switch (((struct cil_avrule *)node->data)->rule_kind) {
1345 case CIL_AVRULE_ALLOWED:
1346 return CIL_KEY_ALLOW;
1347 case CIL_AVRULE_AUDITALLOW:
1348 return CIL_KEY_AUDITALLOW;
1349 case CIL_AVRULE_DONTAUDIT:
1350 return CIL_KEY_DONTAUDIT;
1351 case CIL_AVRULE_NEVERALLOW:
1352 return CIL_KEY_NEVERALLOW;
1353 default:
1354 break;
1355 }
1356 break;
1357 case CIL_AVRULEX:
1358 switch (((struct cil_avrule *)node->data)->rule_kind) {
1359 case CIL_AVRULE_ALLOWED:
1360 return CIL_KEY_ALLOWX;
1361 case CIL_AVRULE_AUDITALLOW:
1362 return CIL_KEY_AUDITALLOWX;
1363 case CIL_AVRULE_DONTAUDIT:
1364 return CIL_KEY_DONTAUDITX;
1365 case CIL_AVRULE_NEVERALLOW:
1366 return CIL_KEY_NEVERALLOWX;
1367 default:
1368 break;
1369 }
1370 break;
1371 case CIL_PERMISSIONX:
1372 return CIL_KEY_PERMISSIONX;
1373 case CIL_DENY_RULE:
1374 return CIL_KEY_DENY_RULE;
1375 case CIL_ROLETRANSITION:
1376 return CIL_KEY_ROLETRANSITION;
1377 case CIL_TYPE_RULE:
1378 switch (((struct cil_type_rule *)node->data)->rule_kind) {
1379 case CIL_TYPE_TRANSITION:
1380 return CIL_KEY_TYPETRANSITION;
1381 case CIL_TYPE_MEMBER:
1382 return CIL_KEY_TYPEMEMBER;
1383 case CIL_TYPE_CHANGE:
1384 return CIL_KEY_TYPECHANGE;
1385 default:
1386 break;
1387 }
1388 break;
1389 case CIL_NAMETYPETRANSITION:
1390 return CIL_KEY_TYPETRANSITION;
1391 case CIL_RANGETRANSITION:
1392 return CIL_KEY_RANGETRANSITION;
1393 case CIL_CONSTRAIN:
1394 return CIL_KEY_CONSTRAIN;
1395 case CIL_MLSCONSTRAIN:
1396 return CIL_KEY_MLSCONSTRAIN;
1397 case CIL_VALIDATETRANS:
1398 return CIL_KEY_VALIDATETRANS;
1399 case CIL_MLSVALIDATETRANS:
1400 return CIL_KEY_MLSVALIDATETRANS;
1401 case CIL_CONTEXT:
1402 return CIL_KEY_CONTEXT;
1403 case CIL_IPADDR:
1404 return CIL_KEY_IPADDR;
1405 case CIL_SIDCONTEXT:
1406 return CIL_KEY_SIDCONTEXT;
1407 case CIL_FSUSE:
1408 return CIL_KEY_FSUSE;
1409 case CIL_FILECON:
1410 return CIL_KEY_FILECON;
1411 case CIL_IBPKEYCON:
1412 return CIL_KEY_IBPKEYCON;
1413 case CIL_IBENDPORTCON:
1414 return CIL_KEY_IBENDPORTCON;
1415 case CIL_PORTCON:
1416 return CIL_KEY_PORTCON;
1417 case CIL_NODECON:
1418 return CIL_KEY_NODECON;
1419 case CIL_GENFSCON:
1420 return CIL_KEY_GENFSCON;
1421 case CIL_NETIFCON:
1422 return CIL_KEY_NETIFCON;
1423 case CIL_PIRQCON:
1424 return CIL_KEY_PIRQCON;
1425 case CIL_IOMEMCON:
1426 return CIL_KEY_IOMEMCON;
1427 case CIL_IOPORTCON:
1428 return CIL_KEY_IOPORTCON;
1429 case CIL_PCIDEVICECON:
1430 return CIL_KEY_PCIDEVICECON;
1431 case CIL_DEVICETREECON:
1432 return CIL_KEY_DEVICETREECON;
1433 case CIL_POLICYCAP:
1434 return CIL_KEY_POLICYCAP;
1435 case CIL_DEFAULTUSER:
1436 return CIL_KEY_DEFAULTUSER;
1437 case CIL_DEFAULTROLE:
1438 return CIL_KEY_DEFAULTROLE;
1439 case CIL_DEFAULTTYPE:
1440 return CIL_KEY_DEFAULTTYPE;
1441 case CIL_DEFAULTRANGE:
1442 return CIL_KEY_DEFAULTRANGE;
1443 case CIL_HANDLEUNKNOWN:
1444 return CIL_KEY_HANDLEUNKNOWN;
1445 case CIL_MLS:
1446 return CIL_KEY_MLS;
1447 case CIL_SRC_INFO:
1448 return CIL_KEY_SRC_INFO;
1449 case CIL_ALL:
1450 return CIL_KEY_ALL;
1451 case CIL_RANGE:
1452 return CIL_KEY_RANGE;
1453 case CIL_AND:
1454 return CIL_KEY_AND;
1455 case CIL_OR:
1456 return CIL_KEY_OR;
1457 case CIL_XOR:
1458 return CIL_KEY_XOR;
1459 case CIL_NOT:
1460 return CIL_KEY_NOT;
1461 case CIL_EQ:
1462 return CIL_KEY_EQ;
1463 case CIL_NEQ:
1464 return CIL_KEY_NEQ;
1465 case CIL_CONS_DOM:
1466 return CIL_KEY_CONS_DOM;
1467 case CIL_CONS_DOMBY:
1468 return CIL_KEY_CONS_DOMBY;
1469 case CIL_CONS_INCOMP:
1470 return CIL_KEY_CONS_INCOMP;
1471 case CIL_CONS_U1:
1472 return CIL_KEY_CONS_U1;
1473 case CIL_CONS_U2:
1474 return CIL_KEY_CONS_U2;
1475 case CIL_CONS_U3:
1476 return CIL_KEY_CONS_U3;
1477 case CIL_CONS_T1:
1478 return CIL_KEY_CONS_T1;
1479 case CIL_CONS_T2:
1480 return CIL_KEY_CONS_T2;
1481 case CIL_CONS_T3:
1482 return CIL_KEY_CONS_T3;
1483 case CIL_CONS_R1:
1484 return CIL_KEY_CONS_R1;
1485 case CIL_CONS_R2:
1486 return CIL_KEY_CONS_R2;
1487 case CIL_CONS_R3:
1488 return CIL_KEY_CONS_R3;
1489 case CIL_CONS_L1:
1490 return CIL_KEY_CONS_L1;
1491 case CIL_CONS_L2:
1492 return CIL_KEY_CONS_L2;
1493 case CIL_CONS_H1:
1494 return CIL_KEY_CONS_H1;
1495 case CIL_CONS_H2:
1496 return CIL_KEY_CONS_H2;
1497
1498 default:
1499 break;
1500 }
1501
1502 return "<unknown>";
1503 }
1504
cil_userprefixes_to_string(struct cil_db * db,char ** out,size_t * size)1505 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
1506 {
1507 int rc = SEPOL_ERR;
1508 size_t str_len = 0;
1509 int buf_pos = 0;
1510 char *str_tmp = NULL;
1511 struct cil_list_item *curr;
1512 struct cil_userprefix *userprefix = NULL;
1513 struct cil_user *user = NULL;
1514
1515 *out = NULL;
1516
1517 if (db->userprefixes->head == NULL) {
1518 rc = SEPOL_OK;
1519 *size = 0;
1520 goto exit;
1521 }
1522
1523 cil_list_for_each(curr, db->userprefixes) {
1524 userprefix = curr->data;
1525 user = userprefix->user;
1526 str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
1527 }
1528
1529 *size = str_len * sizeof(char);
1530 str_len++;
1531 str_tmp = cil_malloc(str_len * sizeof(char));
1532 *out = str_tmp;
1533
1534 cil_list_for_each(curr, db->userprefixes) {
1535 userprefix = curr->data;
1536 user = userprefix->user;
1537
1538 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
1539 userprefix->prefix_str);
1540 if (buf_pos < 0) {
1541 free(str_tmp);
1542 *size = 0;
1543 *out = NULL;
1544 goto exit;
1545 }
1546 str_len -= buf_pos;
1547 str_tmp += buf_pos;
1548 }
1549
1550 rc = SEPOL_OK;
1551 exit:
1552 return rc;
1553
1554 }
1555
cil_cats_to_ebitmap(struct cil_cats * cats,struct ebitmap * cats_ebitmap)1556 static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap)
1557 {
1558 int rc = SEPOL_ERR;
1559 struct cil_list_item *i;
1560 struct cil_list_item *j;
1561 struct cil_cat* cat;
1562 struct cil_catset *cs;
1563 struct cil_tree_node *node;
1564
1565 if (cats == NULL) {
1566 rc = SEPOL_OK;
1567 goto exit;
1568 }
1569
1570 cil_list_for_each(i, cats->datum_expr) {
1571 node = NODE(i->data);
1572 if (node->flavor == CIL_CATSET) {
1573 cs = (struct cil_catset*)i->data;
1574 cil_list_for_each(j, cs->cats->datum_expr) {
1575 cat = (struct cil_cat*)j->data;
1576 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1577 if (rc != SEPOL_OK) {
1578 goto exit;
1579 }
1580 }
1581 } else {
1582 cat = (struct cil_cat*)i->data;
1583 rc = ebitmap_set_bit(cats_ebitmap, cat->value, 1);
1584 if (rc != SEPOL_OK) {
1585 goto exit;
1586 }
1587 }
1588 }
1589
1590 return SEPOL_OK;
1591
1592 exit:
1593 return rc;
1594 }
1595
cil_level_equals(struct cil_level * low,struct cil_level * high)1596 static int cil_level_equals(struct cil_level *low, struct cil_level *high)
1597 {
1598 int rc;
1599 struct ebitmap elow;
1600 struct ebitmap ehigh;
1601
1602 if (strcmp(low->sens->datum.fqn, high->sens->datum.fqn)) {
1603 rc = 0;
1604 goto exit;
1605 }
1606
1607 ebitmap_init(&elow);
1608 ebitmap_init(&ehigh);
1609
1610 rc = cil_cats_to_ebitmap(low->cats, &elow);
1611 if (rc != SEPOL_OK) {
1612 goto exit;
1613 }
1614
1615 rc = cil_cats_to_ebitmap(high->cats, &ehigh);
1616 if (rc != SEPOL_OK) {
1617 goto exit;
1618 }
1619
1620 rc = ebitmap_cmp(&elow, &ehigh);
1621 ebitmap_destroy(&elow);
1622 ebitmap_destroy(&ehigh);
1623
1624 exit:
1625 return rc;
1626 }
1627
__cil_level_strlen(struct cil_level * lvl)1628 static int __cil_level_strlen(struct cil_level *lvl)
1629 {
1630 struct cil_list_item *item;
1631 struct cil_cats *cats = lvl->cats;
1632 int str_len = 0;
1633 char *str1 = NULL;
1634 char *str2 = NULL;
1635 int first = -1;
1636 int last = -1;
1637
1638 str_len += strlen(lvl->sens->datum.fqn);
1639
1640 if (cats && cats->datum_expr != NULL) {
1641 str_len++; /* initial ":" */
1642 cil_list_for_each(item, cats->datum_expr) {
1643 struct cil_cat *cat = item->data;
1644 if (first == -1) {
1645 str1 = cat->datum.fqn;
1646 first = cat->value;
1647 last = first;
1648 } else if (cat->value == last + 1) {
1649 last++;
1650 str2 = cat->datum.fqn;
1651 } else {
1652 if (first == last) {
1653 str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
1654 } else if (last == first + 1) {
1655 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1656 } else {
1657 str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
1658 }
1659 first = -1;
1660 last = -1;
1661 if (item->next != NULL) {
1662 str_len++; /* space for "," after */
1663 }
1664 }
1665 }
1666 if (first != -1) {
1667 if (first == last) {
1668 str_len += strlen(str1);
1669 } else if (last == first + 1) {
1670 str_len += strlen(str1) + strlen(str2) + 1;
1671 } else {
1672 str_len += strlen(str1) + strlen(str2) + 1;
1673 }
1674 }
1675 }
1676
1677 return str_len;
1678 }
1679
__cil_level_to_string(struct cil_level * lvl,char * out)1680 static int __cil_level_to_string(struct cil_level *lvl, char *out)
1681 {
1682 struct cil_list_item *item;
1683 struct cil_cats *cats = lvl->cats;
1684 int buf_pos = 0;
1685 char *str_tmp = out;
1686 char *str1 = NULL;
1687 char *str2 = NULL;
1688 int first = -1;
1689 int last = -1;
1690
1691 buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
1692 str_tmp += buf_pos;
1693
1694 if (cats && cats->datum_expr != NULL) {
1695 buf_pos = sprintf(str_tmp, ":");
1696 str_tmp += buf_pos;
1697
1698 cil_list_for_each(item, cats->datum_expr) {
1699 struct cil_cat *cat = item->data;
1700 if (first == -1) {
1701 str1 = cat->datum.fqn;
1702 first = cat->value;
1703 last = first;
1704 } else if (cat->value == last + 1) {
1705 last++;
1706 str2 = cat->datum.fqn;
1707 } else {
1708 if (first == last) {
1709 buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
1710 str_tmp += buf_pos;
1711 } else if (last == first + 1) {
1712 buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
1713 str_tmp += buf_pos;
1714 } else {
1715 buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
1716 str_tmp += buf_pos;
1717 }
1718 first = -1;
1719 last = -1;
1720 if (item->next != NULL) {
1721 buf_pos = sprintf(str_tmp, ",");
1722 str_tmp += buf_pos;
1723 }
1724 }
1725 }
1726 if (first != -1) {
1727 if (first == last) {
1728 buf_pos = sprintf(str_tmp, "%s", str1);
1729 str_tmp += buf_pos;
1730 } else if (last == first + 1) {
1731 buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
1732 str_tmp += buf_pos;
1733 } else {
1734 buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
1735 str_tmp += buf_pos;
1736 }
1737 }
1738 }
1739
1740 return str_tmp - out;
1741 }
1742
cil_selinuxusers_to_string(struct cil_db * db,char ** out,size_t * size)1743 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
1744 {
1745 size_t str_len = 0;
1746 int buf_pos = 0;
1747 char *str_tmp = NULL;
1748 struct cil_list_item *curr;
1749
1750 if (db->selinuxusers->head == NULL) {
1751 *size = 0;
1752 *out = NULL;
1753 return SEPOL_OK;
1754 }
1755
1756 cil_list_for_each(curr, db->selinuxusers) {
1757 struct cil_selinuxuser *selinuxuser = curr->data;
1758 struct cil_user *user = selinuxuser->user;
1759
1760 str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
1761
1762 if (db->mls == CIL_TRUE) {
1763 struct cil_levelrange *range = selinuxuser->range;
1764 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1765 }
1766
1767 str_len++;
1768 }
1769
1770 *size = str_len * sizeof(char);
1771 str_tmp = cil_malloc(*size+1);
1772 *out = str_tmp;
1773
1774 for(curr = db->selinuxusers->head; curr != NULL; curr = curr->next) {
1775 struct cil_selinuxuser *selinuxuser = curr->data;
1776 struct cil_user *user = selinuxuser->user;
1777
1778 buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
1779 str_tmp += buf_pos;
1780
1781 if (db->mls == CIL_TRUE) {
1782 struct cil_levelrange *range = selinuxuser->range;
1783 buf_pos = sprintf(str_tmp, ":");
1784 str_tmp += buf_pos;
1785 buf_pos = __cil_level_to_string(range->low, str_tmp);
1786 str_tmp += buf_pos;
1787 buf_pos = sprintf(str_tmp, "-");
1788 str_tmp += buf_pos;
1789 buf_pos = __cil_level_to_string(range->high, str_tmp);
1790 str_tmp += buf_pos;
1791 }
1792
1793 buf_pos = sprintf(str_tmp, "\n");
1794 str_tmp += buf_pos;
1795 }
1796
1797 return SEPOL_OK;
1798 }
1799
cil_filecons_to_string(struct cil_db * db,char ** out,size_t * size)1800 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
1801 {
1802 uint32_t i = 0;
1803 int buf_pos = 0;
1804 size_t str_len = 0;
1805 char *str_tmp = NULL;
1806 struct cil_sort *filecons = db->filecon;
1807
1808 for (i = 0; i < filecons->count; i++) {
1809 struct cil_filecon *filecon = filecons->array[i];
1810 struct cil_context *ctx = filecon->context;
1811 char *path_str = filecon->path ? DATUM(filecon->path)->fqn : filecon->path_str;
1812 str_len += strlen(path_str);
1813
1814 if (filecon->type != CIL_FILECON_ANY) {
1815 /* If a type is specified,
1816 +2 for type string, +1 for tab */
1817 str_len += 3;
1818 }
1819
1820 if (ctx != NULL) {
1821 struct cil_user *user = ctx->user;
1822 struct cil_role *role = ctx->role;
1823 struct cil_type *type = ctx->type;
1824
1825 str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
1826
1827 if (db->mls == CIL_TRUE) {
1828 struct cil_levelrange *range = ctx->range;
1829 if (cil_level_equals(range->low, range->high)) {
1830 str_len += __cil_level_strlen(range->low) + 1;
1831 } else {
1832 str_len += __cil_level_strlen(range->low) + __cil_level_strlen(range->high) + 2;
1833 }
1834 }
1835 } else {
1836 str_len += strlen("\t<<none>>");
1837 }
1838
1839 str_len++;
1840 }
1841
1842 *size = str_len * sizeof(char);
1843 str_tmp = cil_malloc(*size+1);
1844 *out = str_tmp;
1845
1846 for (i = 0; i < filecons->count; i++) {
1847 struct cil_filecon *filecon = filecons->array[i];
1848 struct cil_context *ctx = filecon->context;
1849 const char *str_type = NULL;
1850 char *path_str = filecon->path ? DATUM(filecon->path)->fqn : filecon->path_str;
1851 buf_pos = sprintf(str_tmp, "%s", path_str);
1852 str_tmp += buf_pos;
1853
1854 switch(filecon->type) {
1855 case CIL_FILECON_ANY:
1856 str_type = "";
1857 break;
1858 case CIL_FILECON_FILE:
1859 str_type = "\t--";
1860 break;
1861 case CIL_FILECON_DIR:
1862 str_type = "\t-d";
1863 break;
1864 case CIL_FILECON_CHAR:
1865 str_type = "\t-c";
1866 break;
1867 case CIL_FILECON_BLOCK:
1868 str_type = "\t-b";
1869 break;
1870 case CIL_FILECON_SOCKET:
1871 str_type = "\t-s";
1872 break;
1873 case CIL_FILECON_PIPE:
1874 str_type = "\t-p";
1875 break;
1876 case CIL_FILECON_SYMLINK:
1877 str_type = "\t-l";
1878 break;
1879 default:
1880 str_type = "";
1881 break;
1882 }
1883 buf_pos = sprintf(str_tmp, "%s", str_type);
1884 str_tmp += buf_pos;
1885
1886 if (ctx != NULL) {
1887 struct cil_user *user = ctx->user;
1888 struct cil_role *role = ctx->role;
1889 struct cil_type *type = ctx->type;
1890
1891 buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
1892 type->datum.fqn);
1893 str_tmp += buf_pos;
1894
1895 if (db->mls == CIL_TRUE) {
1896 struct cil_levelrange *range = ctx->range;
1897 buf_pos = sprintf(str_tmp, ":");
1898 str_tmp += buf_pos;
1899 buf_pos = __cil_level_to_string(range->low, str_tmp);
1900 str_tmp += buf_pos;
1901
1902 if (!cil_level_equals(range->low, range->high)) {
1903 buf_pos = sprintf(str_tmp, "-");
1904 str_tmp += buf_pos;
1905 buf_pos = __cil_level_to_string(range->high, str_tmp);
1906 str_tmp += buf_pos;
1907 }
1908 }
1909 } else {
1910 buf_pos = sprintf(str_tmp, "\t<<none>>");
1911 str_tmp += buf_pos;
1912 }
1913
1914 buf_pos = sprintf(str_tmp, "\n");
1915 str_tmp += buf_pos;
1916 }
1917
1918 return SEPOL_OK;
1919 }
1920
cil_set_disable_dontaudit(struct cil_db * db,int disable_dontaudit)1921 void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit)
1922 {
1923 db->disable_dontaudit = disable_dontaudit;
1924 }
1925
cil_set_disable_neverallow(struct cil_db * db,int disable_neverallow)1926 void cil_set_disable_neverallow(struct cil_db *db, int disable_neverallow)
1927 {
1928 db->disable_neverallow = disable_neverallow;
1929 }
1930
cil_set_attrs_expand_generated(struct cil_db * db,int attrs_expand_generated)1931 void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated)
1932 {
1933 db->attrs_expand_generated = attrs_expand_generated;
1934 }
1935
cil_set_attrs_expand_size(struct cil_db * db,unsigned attrs_expand_size)1936 void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size)
1937 {
1938 db->attrs_expand_size = attrs_expand_size;
1939 }
1940
cil_set_preserve_tunables(struct cil_db * db,int preserve_tunables)1941 void cil_set_preserve_tunables(struct cil_db *db, int preserve_tunables)
1942 {
1943 db->preserve_tunables = preserve_tunables;
1944 }
1945
cil_set_handle_unknown(struct cil_db * db,int handle_unknown)1946 int cil_set_handle_unknown(struct cil_db *db, int handle_unknown)
1947 {
1948 int rc = 0;
1949
1950 switch (handle_unknown) {
1951 case SEPOL_DENY_UNKNOWN:
1952 case SEPOL_REJECT_UNKNOWN:
1953 case SEPOL_ALLOW_UNKNOWN:
1954 db->handle_unknown = handle_unknown;
1955 break;
1956 default:
1957 cil_log(CIL_ERR, "Unknown value for handle-unknown: %i\n", handle_unknown);
1958 rc = -1;
1959 }
1960
1961 return rc;
1962 }
1963
cil_set_mls(struct cil_db * db,int mls)1964 void cil_set_mls(struct cil_db *db, int mls)
1965 {
1966 db->mls = mls;
1967 }
1968
cil_set_multiple_decls(struct cil_db * db,int multiple_decls)1969 void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
1970 {
1971 db->multiple_decls = multiple_decls;
1972 }
1973
cil_set_qualified_names(struct cil_db * db,int qualified_names)1974 void cil_set_qualified_names(struct cil_db *db, int qualified_names)
1975 {
1976 db->qualified_names = qualified_names;
1977 }
1978
cil_set_target_platform(struct cil_db * db,int target_platform)1979 void cil_set_target_platform(struct cil_db *db, int target_platform)
1980 {
1981 db->target_platform = target_platform;
1982 }
1983
cil_set_policy_version(struct cil_db * db,int policy_version)1984 void cil_set_policy_version(struct cil_db *db, int policy_version)
1985 {
1986 db->policy_version = policy_version;
1987 }
1988
cil_symtab_array_init(symtab_t symtab[],const int symtab_sizes[CIL_SYM_NUM])1989 void cil_symtab_array_init(symtab_t symtab[], const int symtab_sizes[CIL_SYM_NUM])
1990 {
1991 uint32_t i = 0;
1992 for (i = 0; i < CIL_SYM_NUM; i++) {
1993 cil_symtab_init(&symtab[i], symtab_sizes[i]);
1994 }
1995 }
1996
cil_symtab_array_destroy(symtab_t symtab[])1997 void cil_symtab_array_destroy(symtab_t symtab[])
1998 {
1999 int i = 0;
2000 for (i = 0; i < CIL_SYM_NUM; i++) {
2001 cil_symtab_destroy(&symtab[i]);
2002 }
2003 }
2004
cil_destroy_ast_symtabs(struct cil_tree_node * current)2005 void cil_destroy_ast_symtabs(struct cil_tree_node *current)
2006 {
2007 while (current) {
2008 switch (current->flavor) {
2009 case CIL_BLOCK:
2010 cil_symtab_array_destroy(((struct cil_block*)current->data)->symtab);
2011 break;
2012 case CIL_IN:
2013 cil_symtab_array_destroy(((struct cil_in*)current->data)->symtab);
2014 break;
2015 case CIL_CLASS:
2016 case CIL_COMMON:
2017 case CIL_MAP_CLASS:
2018 cil_symtab_destroy(&((struct cil_class*)current->data)->perms);
2019 break;
2020 case CIL_MACRO:
2021 cil_symtab_array_destroy(((struct cil_macro*)current->data)->symtab);
2022 break;
2023 case CIL_CONDBLOCK:
2024 cil_symtab_array_destroy(((struct cil_condblock*)current->data)->symtab);
2025 break;
2026 default:
2027 break;
2028 }
2029
2030 if (current->cl_head) {
2031 cil_destroy_ast_symtabs(current->cl_head);
2032 }
2033
2034 current = current->next;
2035 }
2036 }
2037
cil_get_symtab(struct cil_tree_node * ast_node,symtab_t ** symtab,enum cil_sym_index sym_index)2038 int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index)
2039 {
2040 struct cil_tree_node *node = ast_node;
2041 *symtab = NULL;
2042
2043 if (sym_index == CIL_SYM_PERMS) {
2044 /* Class statements are not blocks, so the passed node should be the class */
2045 if (node->flavor == CIL_CLASS || node->flavor == CIL_MAP_CLASS ||
2046 node->flavor == CIL_COMMON) {
2047 *symtab = &((struct cil_class*)node->data)->perms;
2048 return SEPOL_OK;
2049 }
2050 goto exit;
2051 }
2052
2053 if (sym_index < CIL_SYM_BLOCKS || sym_index >= CIL_SYM_NUM) {
2054 cil_log(CIL_ERR, "Invalid symtab type\n");
2055 goto exit;
2056 }
2057
2058 while (node != NULL && *symtab == NULL) {
2059 switch (node->flavor) {
2060 case CIL_ROOT:
2061 *symtab = &((struct cil_root *)node->data)->symtab[sym_index];
2062 break;
2063 case CIL_BLOCK:
2064 *symtab = &((struct cil_block*)node->data)->symtab[sym_index];
2065 break;
2066 case CIL_MACRO:
2067 *symtab = &((struct cil_macro*)node->data)->symtab[sym_index];
2068 break;
2069 case CIL_IN:
2070 /* In blocks only exist before resolving the AST */
2071 *symtab = &((struct cil_in*)node->data)->symtab[sym_index];
2072 break;
2073 case CIL_CONDBLOCK: {
2074 if (node->parent->flavor == CIL_TUNABLEIF) {
2075 /* Cond blocks only exist before resolving the AST */
2076 *symtab = &((struct cil_condblock*)node->data)->symtab[sym_index];
2077 } else if (node->parent->flavor == CIL_BOOLEANIF) {
2078 node = node->parent->parent;
2079 }
2080 break;
2081 }
2082 default:
2083 node = node->parent;
2084 }
2085 }
2086
2087 if (*symtab == NULL) {
2088 goto exit;
2089 }
2090
2091 return SEPOL_OK;
2092
2093 exit:
2094 cil_tree_log(ast_node, CIL_ERR, "Failed to get symtab from node");
2095 return SEPOL_ERR;
2096 }
2097
cil_string_to_uint32(const char * string,uint32_t * value,int base)2098 int cil_string_to_uint32(const char *string, uint32_t *value, int base)
2099 {
2100 unsigned long val;
2101 char *end = NULL;
2102 int rc = SEPOL_ERR;
2103
2104 if (string == NULL || value == NULL) {
2105 goto exit;
2106 }
2107
2108 errno = 0;
2109 val = strtoul(string, &end, base);
2110 if (errno != 0 || end == string || *end != '\0') {
2111 rc = SEPOL_ERR;
2112 goto exit;
2113 }
2114
2115 /* Ensure that the value fits a 32-bit integer without triggering -Wtype-limits */
2116 #if ULONG_MAX > UINT32_MAX
2117 if (val > UINT32_MAX) {
2118 rc = SEPOL_ERR;
2119 goto exit;
2120 }
2121 #endif
2122
2123 *value = val;
2124
2125 return SEPOL_OK;
2126
2127 exit:
2128 cil_log(CIL_ERR, "Failed to create uint32_t from string\n");
2129 return rc;
2130 }
2131
cil_string_to_uint64(const char * string,uint64_t * value,int base)2132 int cil_string_to_uint64(const char *string, uint64_t *value, int base)
2133 {
2134 char *end = NULL;
2135 int rc = SEPOL_ERR;
2136
2137 if (string == NULL || value == NULL) {
2138 goto exit;
2139 }
2140
2141 errno = 0;
2142 *value = strtoull(string, &end, base);
2143 if (errno != 0 || end == string || *end != '\0') {
2144 rc = SEPOL_ERR;
2145 goto exit;
2146 }
2147
2148 return SEPOL_OK;
2149
2150 exit:
2151 cil_log(CIL_ERR, "Failed to create uint64_t from string\n");
2152 return rc;
2153 }
2154
cil_sort_init(struct cil_sort ** sort)2155 void cil_sort_init(struct cil_sort **sort)
2156 {
2157 *sort = cil_malloc(sizeof(**sort));
2158
2159 (*sort)->flavor = CIL_NONE;
2160 (*sort)->count = 0;
2161 (*sort)->index = 0;
2162 (*sort)->array = NULL;
2163 }
2164
cil_sort_destroy(struct cil_sort ** sort)2165 void cil_sort_destroy(struct cil_sort **sort)
2166 {
2167 (*sort)->flavor = CIL_NONE;
2168 (*sort)->count = 0;
2169 (*sort)->index = 0;
2170 if ((*sort)->array != NULL) {
2171 free((*sort)->array);
2172 }
2173 (*sort)->array = NULL;
2174
2175 free(*sort);
2176 *sort = NULL;
2177 }
2178
cil_ordered_init(struct cil_ordered ** ordered)2179 void cil_ordered_init(struct cil_ordered **ordered)
2180 {
2181 *ordered = cil_malloc(sizeof(**ordered));
2182 (*ordered)->merged = CIL_FALSE;
2183 (*ordered)->strs = NULL;
2184 (*ordered)->datums = NULL;
2185 }
2186
cil_netifcon_init(struct cil_netifcon ** netifcon)2187 void cil_netifcon_init(struct cil_netifcon **netifcon)
2188 {
2189 *netifcon = cil_malloc(sizeof(**netifcon));
2190
2191 (*netifcon)->interface_str = NULL;
2192 (*netifcon)->if_context_str = NULL;
2193 (*netifcon)->if_context = NULL;
2194 (*netifcon)->packet_context_str = NULL;
2195 (*netifcon)->packet_context = NULL;
2196 (*netifcon)->context_str = NULL;
2197 }
2198
cil_ibendportcon_init(struct cil_ibendportcon ** ibendportcon)2199 void cil_ibendportcon_init(struct cil_ibendportcon **ibendportcon)
2200 {
2201 *ibendportcon = cil_malloc(sizeof(**ibendportcon));
2202
2203 (*ibendportcon)->dev_name_str = NULL;
2204 (*ibendportcon)->port = 0;
2205 (*ibendportcon)->context_str = NULL;
2206 (*ibendportcon)->context = NULL;
2207 }
2208
cil_context_init(struct cil_context ** context)2209 void cil_context_init(struct cil_context **context)
2210 {
2211 *context = cil_malloc(sizeof(**context));
2212
2213 cil_symtab_datum_init(&(*context)->datum);
2214 (*context)->user_str = NULL;
2215 (*context)->user = NULL;
2216 (*context)->role_str = NULL;
2217 (*context)->role = NULL;
2218 (*context)->type_str = NULL;
2219 (*context)->type = NULL;
2220 (*context)->range_str = NULL;
2221 (*context)->range = NULL;
2222 }
2223
cil_level_init(struct cil_level ** level)2224 void cil_level_init(struct cil_level **level)
2225 {
2226 *level = cil_malloc(sizeof(**level));
2227
2228 cil_symtab_datum_init(&(*level)->datum);
2229 (*level)->sens_str = NULL;
2230 (*level)->sens = NULL;
2231 (*level)->cats = NULL;
2232 }
2233
cil_levelrange_init(struct cil_levelrange ** range)2234 void cil_levelrange_init(struct cil_levelrange **range)
2235 {
2236 *range = cil_malloc(sizeof(**range));
2237
2238 cil_symtab_datum_init(&(*range)->datum);
2239 (*range)->low_str = NULL;
2240 (*range)->low = NULL;
2241 (*range)->high_str = NULL;
2242 (*range)->high = NULL;
2243 }
2244
cil_sens_init(struct cil_sens ** sens)2245 void cil_sens_init(struct cil_sens **sens)
2246 {
2247 *sens = cil_malloc(sizeof(**sens));
2248
2249 cil_symtab_datum_init(&(*sens)->datum);
2250
2251 (*sens)->cats_list = NULL;
2252
2253 (*sens)->ordered = CIL_FALSE;
2254 }
2255
cil_block_init(struct cil_block ** block)2256 void cil_block_init(struct cil_block **block)
2257 {
2258 *block = cil_malloc(sizeof(**block));
2259
2260 cil_symtab_datum_init(&(*block)->datum);
2261
2262 cil_symtab_array_init((*block)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
2263
2264 (*block)->is_abstract = CIL_FALSE;
2265
2266 (*block)->bi_nodes = NULL;
2267 }
2268
cil_blockinherit_init(struct cil_blockinherit ** inherit)2269 void cil_blockinherit_init(struct cil_blockinherit **inherit)
2270 {
2271 *inherit = cil_malloc(sizeof(**inherit));
2272 (*inherit)->block_str = NULL;
2273 (*inherit)->block = NULL;
2274 }
2275
cil_blockabstract_init(struct cil_blockabstract ** abstract)2276 void cil_blockabstract_init(struct cil_blockabstract **abstract)
2277 {
2278 *abstract = cil_malloc(sizeof(**abstract));
2279 (*abstract)->block_str = NULL;
2280 (*abstract)->block = NULL;
2281 }
2282
cil_in_init(struct cil_in ** in)2283 void cil_in_init(struct cil_in **in)
2284 {
2285 *in = cil_malloc(sizeof(**in));
2286
2287 cil_symtab_array_init((*in)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_IN]);
2288 (*in)->is_after = CIL_FALSE;
2289 (*in)->block_str = NULL;
2290 (*in)->block = NULL;
2291 }
2292
cil_class_init(struct cil_class ** class)2293 void cil_class_init(struct cil_class **class)
2294 {
2295 *class = cil_malloc(sizeof(**class));
2296
2297 cil_symtab_datum_init(&(*class)->datum);
2298
2299 cil_symtab_init(&(*class)->perms, CIL_CLASS_SYM_SIZE);
2300
2301 (*class)->num_perms = 0;
2302 (*class)->common = NULL;
2303 (*class)->ordered = CIL_FALSE;
2304 }
2305
cil_classcommon_init(struct cil_classcommon ** classcommon)2306 void cil_classcommon_init(struct cil_classcommon **classcommon)
2307 {
2308 *classcommon = cil_malloc(sizeof(**classcommon));
2309
2310 (*classcommon)->class_str = NULL;
2311 (*classcommon)->class = NULL;
2312 (*classcommon)->common_str = NULL;
2313 (*classcommon)->common = NULL;
2314 }
2315
cil_sid_init(struct cil_sid ** sid)2316 void cil_sid_init(struct cil_sid **sid)
2317 {
2318 *sid = cil_malloc(sizeof(**sid));
2319
2320 cil_symtab_datum_init(&(*sid)->datum);
2321
2322 (*sid)->ordered = CIL_FALSE;
2323 (*sid)->context = NULL;
2324 }
2325
cil_sidcontext_init(struct cil_sidcontext ** sidcontext)2326 void cil_sidcontext_init(struct cil_sidcontext **sidcontext)
2327 {
2328 *sidcontext = cil_malloc(sizeof(**sidcontext));
2329
2330 (*sidcontext)->sid_str = NULL;
2331 (*sidcontext)->sid = NULL;
2332 (*sidcontext)->context_str = NULL;
2333 (*sidcontext)->context = NULL;
2334 }
2335
cil_userrole_init(struct cil_userrole ** userrole)2336 void cil_userrole_init(struct cil_userrole **userrole)
2337 {
2338 *userrole = cil_malloc(sizeof(**userrole));
2339
2340 (*userrole)->user_str = NULL;
2341 (*userrole)->user = NULL;
2342 (*userrole)->role_str = NULL;
2343 (*userrole)->role = NULL;
2344 }
2345
cil_userprefix_init(struct cil_userprefix ** userprefix)2346 void cil_userprefix_init(struct cil_userprefix **userprefix)
2347 {
2348 *userprefix = cil_malloc(sizeof(**userprefix));
2349
2350 (*userprefix)->user_str = NULL;
2351 (*userprefix)->user = NULL;
2352 (*userprefix)->prefix_str = NULL;
2353 }
2354
cil_selinuxuser_init(struct cil_selinuxuser ** selinuxuser)2355 void cil_selinuxuser_init(struct cil_selinuxuser **selinuxuser)
2356 {
2357 *selinuxuser = cil_malloc(sizeof(**selinuxuser));
2358
2359 (*selinuxuser)->name_str = NULL;
2360 (*selinuxuser)->user_str = NULL;
2361 (*selinuxuser)->user = NULL;
2362 (*selinuxuser)->range_str = NULL;
2363 (*selinuxuser)->range = NULL;
2364 }
2365
cil_roletype_init(struct cil_roletype ** roletype)2366 void cil_roletype_init(struct cil_roletype **roletype)
2367 {
2368 *roletype = cil_malloc(sizeof(**roletype));
2369
2370 (*roletype)->role_str = NULL;
2371 (*roletype)->role = NULL;
2372 (*roletype)->type_str = NULL;
2373 (*roletype)->type = NULL;
2374 }
2375
cil_roleattribute_init(struct cil_roleattribute ** attr)2376 void cil_roleattribute_init(struct cil_roleattribute **attr)
2377 {
2378 *attr = cil_malloc(sizeof(**attr));
2379
2380 cil_symtab_datum_init(&(*attr)->datum);
2381
2382 (*attr)->expr_list = NULL;
2383 (*attr)->roles = NULL;
2384 }
2385
cil_roleattributeset_init(struct cil_roleattributeset ** attrset)2386 void cil_roleattributeset_init(struct cil_roleattributeset **attrset)
2387 {
2388 *attrset = cil_malloc(sizeof(**attrset));
2389
2390 (*attrset)->attr_str = NULL;
2391 (*attrset)->attr = NULL;
2392 (*attrset)->str_expr = NULL;
2393 (*attrset)->datum_expr = NULL;
2394 }
2395
cil_typeattribute_init(struct cil_typeattribute ** attr)2396 void cil_typeattribute_init(struct cil_typeattribute **attr)
2397 {
2398 *attr = cil_malloc(sizeof(**attr));
2399
2400 cil_symtab_datum_init(&(*attr)->datum);
2401
2402 (*attr)->expr_list = NULL;
2403 (*attr)->types = NULL;
2404 (*attr)->used = CIL_FALSE;
2405 (*attr)->keep = CIL_FALSE;
2406 }
2407
cil_typeattributeset_init(struct cil_typeattributeset ** attrset)2408 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
2409 {
2410 *attrset = cil_malloc(sizeof(**attrset));
2411
2412 (*attrset)->attr_str = NULL;
2413 (*attrset)->attr = NULL;
2414 (*attrset)->str_expr = NULL;
2415 (*attrset)->datum_expr = NULL;
2416 }
2417
cil_expandtypeattribute_init(struct cil_expandtypeattribute ** expandattr)2418 void cil_expandtypeattribute_init(struct cil_expandtypeattribute **expandattr)
2419 {
2420 *expandattr = cil_malloc(sizeof(**expandattr));
2421
2422 (*expandattr)->attr_strs = NULL;
2423 (*expandattr)->attr_datums = NULL;
2424 (*expandattr)->expand = 0;
2425 }
2426
cil_alias_init(struct cil_alias ** alias)2427 void cil_alias_init(struct cil_alias **alias)
2428 {
2429 *alias = cil_malloc(sizeof(**alias));
2430
2431 (*alias)->actual = NULL;
2432
2433 cil_symtab_datum_init(&(*alias)->datum);
2434 }
2435
cil_aliasactual_init(struct cil_aliasactual ** aliasactual)2436 void cil_aliasactual_init(struct cil_aliasactual **aliasactual)
2437 {
2438 *aliasactual = cil_malloc(sizeof(**aliasactual));
2439
2440 (*aliasactual)->alias_str = NULL;
2441 (*aliasactual)->alias = NULL;
2442 (*aliasactual)->actual_str = NULL;
2443 (*aliasactual)->actual = NULL;
2444 }
2445
cil_typepermissive_init(struct cil_typepermissive ** typeperm)2446 void cil_typepermissive_init(struct cil_typepermissive **typeperm)
2447 {
2448 *typeperm = cil_malloc(sizeof(**typeperm));
2449
2450 (*typeperm)->type_str = NULL;
2451 (*typeperm)->type = NULL;
2452 }
2453
cil_nametypetransition_init(struct cil_nametypetransition ** nametypetrans)2454 void cil_nametypetransition_init(struct cil_nametypetransition **nametypetrans)
2455 {
2456 *nametypetrans = cil_malloc(sizeof(**nametypetrans));
2457
2458 (*nametypetrans)->src_str = NULL;
2459 (*nametypetrans)->src = NULL;
2460 (*nametypetrans)->tgt_str = NULL;
2461 (*nametypetrans)->tgt = NULL;
2462 (*nametypetrans)->obj_str = NULL;
2463 (*nametypetrans)->obj = NULL;
2464 (*nametypetrans)->name_str = NULL;
2465 (*nametypetrans)->name = NULL;
2466 (*nametypetrans)->result_str = NULL;
2467 (*nametypetrans)->result = NULL;
2468 }
2469
cil_rangetransition_init(struct cil_rangetransition ** rangetrans)2470 void cil_rangetransition_init(struct cil_rangetransition **rangetrans)
2471 {
2472 *rangetrans = cil_malloc(sizeof(**rangetrans));
2473
2474 (*rangetrans)->src_str = NULL;
2475 (*rangetrans)->src = NULL;
2476 (*rangetrans)->exec_str = NULL;
2477 (*rangetrans)->exec = NULL;
2478 (*rangetrans)->obj_str = NULL;
2479 (*rangetrans)->obj = NULL;
2480 (*rangetrans)->range_str = NULL;
2481 (*rangetrans)->range = NULL;
2482 }
2483
cil_bool_init(struct cil_bool ** cilbool)2484 void cil_bool_init(struct cil_bool **cilbool)
2485 {
2486 *cilbool = cil_malloc(sizeof(**cilbool));
2487
2488 cil_symtab_datum_init(&(*cilbool)->datum);
2489 (*cilbool)->value = 0;
2490 }
2491
cil_tunable_init(struct cil_tunable ** ciltun)2492 void cil_tunable_init(struct cil_tunable **ciltun)
2493 {
2494 *ciltun = cil_malloc(sizeof(**ciltun));
2495
2496 cil_symtab_datum_init(&(*ciltun)->datum);
2497 (*ciltun)->value = 0;
2498 }
2499
cil_condblock_init(struct cil_condblock ** cb)2500 void cil_condblock_init(struct cil_condblock **cb)
2501 {
2502 *cb = cil_malloc(sizeof(**cb));
2503
2504 (*cb)->flavor = CIL_NONE;
2505 cil_symtab_array_init((*cb)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_CONDBLOCK]);
2506 }
2507
cil_boolif_init(struct cil_booleanif ** bif)2508 void cil_boolif_init(struct cil_booleanif **bif)
2509 {
2510 *bif = cil_malloc(sizeof(**bif));
2511
2512 (*bif)->str_expr = NULL;
2513 (*bif)->datum_expr = NULL;
2514 }
2515
cil_tunif_init(struct cil_tunableif ** tif)2516 void cil_tunif_init(struct cil_tunableif **tif)
2517 {
2518 *tif = cil_malloc(sizeof(**tif));
2519
2520 (*tif)->str_expr = NULL;
2521 (*tif)->datum_expr = NULL;
2522 }
2523
cil_avrule_init(struct cil_avrule ** avrule)2524 void cil_avrule_init(struct cil_avrule **avrule)
2525 {
2526 *avrule = cil_malloc(sizeof(**avrule));
2527
2528 (*avrule)->is_extended = 0;
2529 (*avrule)->rule_kind = CIL_NONE;
2530 (*avrule)->src_str = NULL;
2531 (*avrule)->src = NULL;
2532 (*avrule)->tgt_str = NULL;
2533 (*avrule)->tgt = NULL;
2534 memset(&((*avrule)->perms), 0, sizeof((*avrule)->perms));
2535 }
2536
cil_permissionx_init(struct cil_permissionx ** permx)2537 void cil_permissionx_init(struct cil_permissionx **permx)
2538 {
2539 *permx = cil_malloc(sizeof(**permx));
2540
2541 cil_symtab_datum_init(&(*permx)->datum);
2542 (*permx)->kind = CIL_NONE;
2543 (*permx)->obj_str = NULL;
2544 (*permx)->obj = NULL;
2545 (*permx)->expr_str = NULL;
2546 (*permx)->perms = NULL;
2547 }
2548
cil_deny_rule_init(struct cil_deny_rule ** rule)2549 void cil_deny_rule_init(struct cil_deny_rule **rule)
2550 {
2551 *rule = cil_malloc(sizeof(**rule));
2552
2553 (*rule)->src_str = NULL;
2554 (*rule)->src = NULL;
2555 (*rule)->tgt_str = NULL;
2556 (*rule)->tgt = NULL;
2557 (*rule)->classperms = NULL;
2558 }
2559
cil_type_rule_init(struct cil_type_rule ** type_rule)2560 void cil_type_rule_init(struct cil_type_rule **type_rule)
2561 {
2562 *type_rule = cil_malloc(sizeof(**type_rule));
2563
2564 (*type_rule)->rule_kind = CIL_NONE;
2565 (*type_rule)->src_str = NULL;
2566 (*type_rule)->src = NULL;
2567 (*type_rule)->tgt_str = NULL;
2568 (*type_rule)->tgt = NULL;
2569 (*type_rule)->obj_str = NULL;
2570 (*type_rule)->obj = NULL;
2571 (*type_rule)->result_str = NULL;
2572 (*type_rule)->result = NULL;
2573 }
2574
cil_roletransition_init(struct cil_roletransition ** role_trans)2575 void cil_roletransition_init(struct cil_roletransition **role_trans)
2576 {
2577 *role_trans = cil_malloc(sizeof(**role_trans));
2578
2579 (*role_trans)->src_str = NULL;
2580 (*role_trans)->src = NULL;
2581 (*role_trans)->tgt_str = NULL;
2582 (*role_trans)->tgt = NULL;
2583 (*role_trans)->obj_str = NULL;
2584 (*role_trans)->obj = NULL;
2585 (*role_trans)->result_str = NULL;
2586 (*role_trans)->result = NULL;
2587 }
2588
cil_roleallow_init(struct cil_roleallow ** roleallow)2589 void cil_roleallow_init(struct cil_roleallow **roleallow)
2590 {
2591 *roleallow = cil_malloc(sizeof(**roleallow));
2592
2593 (*roleallow)->src_str = NULL;
2594 (*roleallow)->src = NULL;
2595 (*roleallow)->tgt_str = NULL;
2596 (*roleallow)->tgt = NULL;
2597 }
2598
cil_catset_init(struct cil_catset ** catset)2599 void cil_catset_init(struct cil_catset **catset)
2600 {
2601 *catset = cil_malloc(sizeof(**catset));
2602
2603 cil_symtab_datum_init(&(*catset)->datum);
2604 (*catset)->cats = NULL;
2605 }
2606
cil_senscat_init(struct cil_senscat ** senscat)2607 void cil_senscat_init(struct cil_senscat **senscat)
2608 {
2609 *senscat = cil_malloc(sizeof(**senscat));
2610
2611 (*senscat)->sens_str = NULL;
2612 (*senscat)->sens = NULL;
2613 (*senscat)->cats = NULL;
2614 }
2615
cil_cats_init(struct cil_cats ** cats)2616 void cil_cats_init(struct cil_cats **cats)
2617 {
2618 *cats = cil_malloc(sizeof(**cats));
2619
2620 (*cats)->evaluated = CIL_FALSE;
2621 (*cats)->str_expr = NULL;
2622 (*cats)->datum_expr = NULL;
2623 }
2624
cil_filecon_init(struct cil_filecon ** filecon)2625 void cil_filecon_init(struct cil_filecon **filecon)
2626 {
2627 *filecon = cil_malloc(sizeof(**filecon));
2628
2629 (*filecon)->path_str = NULL;
2630 (*filecon)->type = CIL_FILECON_ANY;
2631 (*filecon)->context_str = NULL;
2632 (*filecon)->context = NULL;
2633 }
2634
cil_ibpkeycon_init(struct cil_ibpkeycon ** ibpkeycon)2635 void cil_ibpkeycon_init(struct cil_ibpkeycon **ibpkeycon)
2636 {
2637 *ibpkeycon = cil_malloc(sizeof(**ibpkeycon));
2638
2639 (*ibpkeycon)->subnet_prefix_str = NULL;
2640 (*ibpkeycon)->pkey_low = 0;
2641 (*ibpkeycon)->pkey_high = 0;
2642 (*ibpkeycon)->context_str = NULL;
2643 (*ibpkeycon)->context = NULL;
2644 }
2645
cil_portcon_init(struct cil_portcon ** portcon)2646 void cil_portcon_init(struct cil_portcon **portcon)
2647 {
2648 *portcon = cil_malloc(sizeof(**portcon));
2649 (*portcon)->proto = 0;
2650 (*portcon)->port_low = 0;
2651 (*portcon)->port_high = 0;
2652 (*portcon)->context_str = NULL;
2653 (*portcon)->context = NULL;
2654 }
2655
cil_nodecon_init(struct cil_nodecon ** nodecon)2656 void cil_nodecon_init(struct cil_nodecon **nodecon)
2657 {
2658 *nodecon = cil_malloc(sizeof(**nodecon));
2659
2660 (*nodecon)->addr_str = NULL;
2661 (*nodecon)->addr = NULL;
2662 (*nodecon)->mask_str = NULL;
2663 (*nodecon)->mask = NULL;
2664 (*nodecon)->context_str = NULL;
2665 (*nodecon)->context = NULL;
2666 }
2667
cil_genfscon_init(struct cil_genfscon ** genfscon)2668 void cil_genfscon_init(struct cil_genfscon **genfscon)
2669 {
2670 *genfscon = cil_malloc(sizeof(**genfscon));
2671
2672 (*genfscon)->fs_str = NULL;
2673 (*genfscon)->path_str = NULL;
2674 (*genfscon)->file_type = CIL_FILECON_ANY;
2675 (*genfscon)->context_str = NULL;
2676 (*genfscon)->context = NULL;
2677 }
2678
cil_pirqcon_init(struct cil_pirqcon ** pirqcon)2679 void cil_pirqcon_init(struct cil_pirqcon **pirqcon)
2680 {
2681 *pirqcon = cil_malloc(sizeof(**pirqcon));
2682
2683 (*pirqcon)->pirq = 0;
2684 (*pirqcon)->context_str = NULL;
2685 (*pirqcon)->context = NULL;
2686 }
2687
cil_iomemcon_init(struct cil_iomemcon ** iomemcon)2688 void cil_iomemcon_init(struct cil_iomemcon **iomemcon)
2689 {
2690 *iomemcon = cil_malloc(sizeof(**iomemcon));
2691
2692 (*iomemcon)->iomem_low = 0;
2693 (*iomemcon)->iomem_high = 0;
2694 (*iomemcon)->context_str = NULL;
2695 (*iomemcon)->context = NULL;
2696 }
2697
cil_ioportcon_init(struct cil_ioportcon ** ioportcon)2698 void cil_ioportcon_init(struct cil_ioportcon **ioportcon)
2699 {
2700 *ioportcon = cil_malloc(sizeof(**ioportcon));
2701
2702 (*ioportcon)->context_str = NULL;
2703 (*ioportcon)->context = NULL;
2704 }
2705
cil_pcidevicecon_init(struct cil_pcidevicecon ** pcidevicecon)2706 void cil_pcidevicecon_init(struct cil_pcidevicecon **pcidevicecon)
2707 {
2708 *pcidevicecon = cil_malloc(sizeof(**pcidevicecon));
2709
2710 (*pcidevicecon)->dev = 0;
2711 (*pcidevicecon)->context_str = NULL;
2712 (*pcidevicecon)->context = NULL;
2713 }
2714
cil_devicetreecon_init(struct cil_devicetreecon ** dtcon)2715 void cil_devicetreecon_init(struct cil_devicetreecon **dtcon)
2716 {
2717 *dtcon = cil_malloc(sizeof(**dtcon));
2718
2719 (*dtcon)->path = NULL;
2720 (*dtcon)->context_str = NULL;
2721 (*dtcon)->context = NULL;
2722 }
2723
cil_fsuse_init(struct cil_fsuse ** fsuse)2724 void cil_fsuse_init(struct cil_fsuse **fsuse)
2725 {
2726 *fsuse = cil_malloc(sizeof(**fsuse));
2727
2728 (*fsuse)->type = 0;
2729 (*fsuse)->fs_str = NULL;
2730 (*fsuse)->context_str = NULL;
2731 (*fsuse)->context = NULL;
2732 }
2733
cil_constrain_init(struct cil_constrain ** constrain)2734 void cil_constrain_init(struct cil_constrain **constrain)
2735 {
2736 *constrain = cil_malloc(sizeof(**constrain));
2737
2738 (*constrain)->classperms = NULL;
2739 (*constrain)->str_expr = NULL;
2740 (*constrain)->datum_expr = NULL;
2741 }
2742
cil_validatetrans_init(struct cil_validatetrans ** validtrans)2743 void cil_validatetrans_init(struct cil_validatetrans **validtrans)
2744 {
2745 *validtrans = cil_malloc(sizeof(**validtrans));
2746
2747 (*validtrans)->class_str = NULL;
2748 (*validtrans)->class = NULL;
2749 (*validtrans)->str_expr = NULL;
2750 (*validtrans)->datum_expr = NULL;
2751 }
2752
cil_ipaddr_init(struct cil_ipaddr ** ipaddr)2753 void cil_ipaddr_init(struct cil_ipaddr **ipaddr)
2754 {
2755 *ipaddr = cil_malloc(sizeof(**ipaddr));
2756
2757 cil_symtab_datum_init(&(*ipaddr)->datum);
2758 memset(&(*ipaddr)->ip, 0, sizeof((*ipaddr)->ip));
2759 }
2760
cil_perm_init(struct cil_perm ** perm)2761 void cil_perm_init(struct cil_perm **perm)
2762 {
2763 *perm = cil_malloc(sizeof(**perm));
2764
2765 cil_symtab_datum_init(&(*perm)->datum);
2766 (*perm)->value = 0;
2767 (*perm)->classperms = NULL;
2768 }
2769
cil_classpermission_init(struct cil_classpermission ** cp)2770 void cil_classpermission_init(struct cil_classpermission **cp)
2771 {
2772 *cp = cil_malloc(sizeof(**cp));
2773
2774 cil_symtab_datum_init(&(*cp)->datum);
2775 (*cp)->classperms = NULL;
2776 }
2777
cil_classpermissionset_init(struct cil_classpermissionset ** cps)2778 void cil_classpermissionset_init(struct cil_classpermissionset **cps)
2779 {
2780 *cps = cil_malloc(sizeof(**cps));
2781
2782 (*cps)->set_str = NULL;
2783 (*cps)->set = NULL;
2784 (*cps)->classperms = NULL;
2785 }
2786
cil_classperms_set_init(struct cil_classperms_set ** cp_set)2787 void cil_classperms_set_init(struct cil_classperms_set **cp_set)
2788 {
2789 *cp_set = cil_malloc(sizeof(**cp_set));
2790 (*cp_set)->set_str = NULL;
2791 (*cp_set)->set = NULL;
2792 }
2793
cil_classperms_init(struct cil_classperms ** cp)2794 void cil_classperms_init(struct cil_classperms **cp)
2795 {
2796 *cp = cil_malloc(sizeof(**cp));
2797 (*cp)->class_str = NULL;
2798 (*cp)->class = NULL;
2799 (*cp)->perm_strs = NULL;
2800 (*cp)->perms = NULL;
2801 }
2802
cil_classmapping_init(struct cil_classmapping ** mapping)2803 void cil_classmapping_init(struct cil_classmapping **mapping)
2804 {
2805 *mapping = cil_malloc(sizeof(**mapping));
2806
2807 (*mapping)->map_class_str = NULL;
2808 (*mapping)->map_class = NULL;
2809 (*mapping)->map_perm_str = NULL;
2810 (*mapping)->map_perm = NULL;
2811 (*mapping)->classperms = NULL;
2812 }
2813
cil_user_init(struct cil_user ** user)2814 void cil_user_init(struct cil_user **user)
2815 {
2816 *user = cil_malloc(sizeof(**user));
2817
2818 cil_symtab_datum_init(&(*user)->datum);
2819 (*user)->bounds = NULL;
2820 (*user)->roles = NULL;
2821 (*user)->dftlevel = NULL;
2822 (*user)->range = NULL;
2823 (*user)->value = 0;
2824 }
2825
cil_userattribute_init(struct cil_userattribute ** attr)2826 void cil_userattribute_init(struct cil_userattribute **attr)
2827 {
2828 *attr = cil_malloc(sizeof(**attr));
2829
2830 cil_symtab_datum_init(&(*attr)->datum);
2831
2832 (*attr)->expr_list = NULL;
2833 (*attr)->users = NULL;
2834 }
2835
cil_userattributeset_init(struct cil_userattributeset ** attrset)2836 void cil_userattributeset_init(struct cil_userattributeset **attrset)
2837 {
2838 *attrset = cil_malloc(sizeof(**attrset));
2839
2840 (*attrset)->attr_str = NULL;
2841 (*attrset)->attr = NULL;
2842 (*attrset)->str_expr = NULL;
2843 (*attrset)->datum_expr = NULL;
2844 }
2845
cil_userlevel_init(struct cil_userlevel ** usrlvl)2846 void cil_userlevel_init(struct cil_userlevel **usrlvl)
2847 {
2848 *usrlvl = cil_malloc(sizeof(**usrlvl));
2849
2850 (*usrlvl)->user_str = NULL;
2851 (*usrlvl)->user = NULL;
2852 (*usrlvl)->level_str = NULL;
2853 (*usrlvl)->level = NULL;
2854 }
2855
cil_userrange_init(struct cil_userrange ** userrange)2856 void cil_userrange_init(struct cil_userrange **userrange)
2857 {
2858 *userrange = cil_malloc(sizeof(**userrange));
2859
2860 (*userrange)->user_str = NULL;
2861 (*userrange)->user = NULL;
2862 (*userrange)->range_str = NULL;
2863 (*userrange)->range = NULL;
2864 }
2865
cil_role_init(struct cil_role ** role)2866 void cil_role_init(struct cil_role **role)
2867 {
2868 *role = cil_malloc(sizeof(**role));
2869
2870 cil_symtab_datum_init(&(*role)->datum);
2871 (*role)->bounds = NULL;
2872 (*role)->types = NULL;
2873 (*role)->value = 0;
2874 }
2875
cil_type_init(struct cil_type ** type)2876 void cil_type_init(struct cil_type **type)
2877 {
2878 *type = cil_malloc(sizeof(**type));
2879
2880 cil_symtab_datum_init(&(*type)->datum);
2881 (*type)->bounds = NULL;
2882 (*type)->value = 0;
2883 }
2884
cil_cat_init(struct cil_cat ** cat)2885 void cil_cat_init(struct cil_cat **cat)
2886 {
2887 *cat = cil_malloc(sizeof(**cat));
2888
2889 cil_symtab_datum_init(&(*cat)->datum);
2890 (*cat)->ordered = CIL_FALSE;
2891 (*cat)->value = 0;
2892 }
2893
cil_args_init(struct cil_args ** args)2894 void cil_args_init(struct cil_args **args)
2895 {
2896 *args = cil_malloc(sizeof(**args));
2897 (*args)->arg_str = NULL;
2898 (*args)->arg = NULL;
2899 (*args)->param_str = NULL;
2900 (*args)->flavor = CIL_NONE;
2901 }
2902
cil_call_init(struct cil_call ** call)2903 void cil_call_init(struct cil_call **call)
2904 {
2905 *call = cil_malloc(sizeof(**call));
2906
2907 (*call)->macro_str = NULL;
2908 (*call)->macro = NULL;
2909 (*call)->args_tree = NULL;
2910 (*call)->args = NULL;
2911 (*call)->copied = 0;
2912 }
2913
cil_optional_init(struct cil_optional ** optional)2914 void cil_optional_init(struct cil_optional **optional)
2915 {
2916 *optional = cil_malloc(sizeof(**optional));
2917 cil_symtab_datum_init(&(*optional)->datum);
2918 }
2919
cil_param_init(struct cil_param ** param)2920 void cil_param_init(struct cil_param **param)
2921 {
2922 *param = cil_malloc(sizeof(**param));
2923
2924 (*param)->str = NULL;
2925 (*param)->flavor = CIL_NONE;
2926 }
2927
cil_macro_init(struct cil_macro ** macro)2928 void cil_macro_init(struct cil_macro **macro)
2929 {
2930 *macro = cil_malloc(sizeof(**macro));
2931
2932 cil_symtab_datum_init(&(*macro)->datum);
2933 cil_symtab_array_init((*macro)->symtab, cil_sym_sizes[CIL_SYM_ARRAY_MACRO]);
2934 (*macro)->params = NULL;
2935 }
2936
cil_policycap_init(struct cil_policycap ** policycap)2937 void cil_policycap_init(struct cil_policycap **policycap)
2938 {
2939 *policycap = cil_malloc(sizeof(**policycap));
2940
2941 cil_symtab_datum_init(&(*policycap)->datum);
2942 }
2943
cil_bounds_init(struct cil_bounds ** bounds)2944 void cil_bounds_init(struct cil_bounds **bounds)
2945 {
2946 *bounds = cil_malloc(sizeof(**bounds));
2947
2948 (*bounds)->parent_str = NULL;
2949 (*bounds)->parent = NULL;
2950 (*bounds)->child_str = NULL;
2951 (*bounds)->child = NULL;
2952 }
2953
cil_default_init(struct cil_default ** def)2954 void cil_default_init(struct cil_default **def)
2955 {
2956 *def = cil_malloc(sizeof(**def));
2957
2958 (*def)->flavor = CIL_NONE;
2959 (*def)->class_strs = NULL;
2960 (*def)->class_datums = NULL;
2961 }
2962
cil_defaultrange_init(struct cil_defaultrange ** def)2963 void cil_defaultrange_init(struct cil_defaultrange **def)
2964 {
2965 *def = cil_malloc(sizeof(**def));
2966
2967 (*def)->class_strs = NULL;
2968 (*def)->class_datums = NULL;
2969 }
2970
cil_handleunknown_init(struct cil_handleunknown ** unk)2971 void cil_handleunknown_init(struct cil_handleunknown **unk)
2972 {
2973 *unk = cil_malloc(sizeof(**unk));
2974 }
2975
cil_mls_init(struct cil_mls ** mls)2976 void cil_mls_init(struct cil_mls **mls)
2977 {
2978 *mls = cil_malloc(sizeof(**mls));
2979 (*mls)->value = 0;
2980 }
2981
cil_src_info_init(struct cil_src_info ** info)2982 void cil_src_info_init(struct cil_src_info **info)
2983 {
2984 *info = cil_malloc(sizeof(**info));
2985 (*info)->kind = NULL;
2986 (*info)->hll_line = 0;
2987 (*info)->path = NULL;
2988 }
2989