Jason Tang jtang@tresys.com
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file context-query.c.
#include "policy-query-internal.h"
#include <assert.h>
#include <errno.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include <apol/render.h>
Go to the source code of this file.
Classes | |
| struct | apol_context |
Functions | |
| apol_context_t * | apol_context_create (void) |
| Allocate and return a new context structure. | |
| apol_context_t * | apol_context_create_from_qpol_context (const apol_policy_t *p, const qpol_context_t *context) |
| Allocate and return a new context structure, initialized from an existing qpol_context_t. | |
| apol_context_t * | apol_context_create_from_literal (const char *context_string) |
| Take a literal context string that may be missing components (e.g., user_u::type_t:s0:c0.c127), fill in a newly allocated apol_context_t, and return it. | |
| void | apol_context_destroy (apol_context_t **context) |
| Deallocate all memory associated with a context structure and then set it to NULL. | |
| int | apol_context_set_user (const apol_policy_t *p, apol_context_t *context, const char *user) |
| Set the user field of a context structure. | |
| int | apol_context_set_role (const apol_policy_t *p, apol_context_t *context, const char *role) |
| Set the role field of a context structure. | |
| int | apol_context_set_type (const apol_policy_t *p, apol_context_t *context, const char *type) |
| Set the type field of a context structure. | |
| int | apol_context_set_range (const apol_policy_t *p, apol_context_t *context, apol_mls_range_t *range) |
| Set the range field of a context structure. | |
| const char * | apol_context_get_user (const apol_context_t *context) |
| Get the user field of a context structure. | |
| const char * | apol_context_get_role (const apol_context_t *context) |
| Get the role field of a context structure. | |
| const char * | apol_context_get_type (const apol_context_t *context) |
| Get the type field of a context structure. | |
| const apol_mls_range_t * | apol_context_get_range (const apol_context_t *context) |
| Get the range field of a context structure. | |
| int | apol_context_compare (const apol_policy_t *p, const apol_context_t *target, const apol_context_t *search, unsigned int range_compare_type) |
| Compare two contexts, determining if one matches the other. | |
| int | apol_context_validate (const apol_policy_t *p, const apol_context_t *context) |
| Given a complete context (user, role, type, and range if policy is MLS), determine if it is legal according to the supplied policy. | |
| int | apol_context_validate_partial (const apol_policy_t *p, const apol_context_t *context) |
| Given a partial context, determine if it is legal according to the supplied policy. | |
| char * | apol_context_render (const apol_policy_t *p, const apol_context_t *context) |
| Given a context, allocate and return a string that represents the context. | |
| int | apol_context_convert (const apol_policy_t *p, apol_context_t *context) |
| Given a context, convert the range within it (as per apol_mls_range_convert()) to a complete range. | |
|
|
Allocate and return a new context structure. All fields are initialized to nothing. The caller must call apol_context_destroy() upon the return value afterwards.
Definition at line 41 of file context-query.c. References apol_context_t. Referenced by apol_context_create_from_literal(), apol_context_create_from_qpol_context(), and sefs_fclist::getContext(). 00042 {
00043 return calloc(1, sizeof(apol_context_t));
00044 }
|
|
||||||||||||
|
Allocate and return a new context structure, initialized from an existing qpol_context_t. The caller must call apol_context_destroy() upon the return value afterwards.
Definition at line 46 of file context-query.c. References apol_context_create(), apol_context_destroy(), apol_context_set_range(), apol_context_set_role(), apol_context_set_type(), apol_context_set_user(), apol_context_t, apol_mls_range_create_from_qpol_mls_range(), apol_mls_range_destroy(), apol_mls_range_t, apol_policy_t, ERR, apol_policy::p, QPOL_CAP_MLS, qpol_context_get_range(), qpol_context_get_role(), qpol_context_get_type(), qpol_context_get_user(), qpol_mls_range_t, qpol_policy_has_capability(), qpol_role_get_name(), qpol_role_t, qpol_type_get_name(), qpol_type_t, qpol_user_get_name(), and qpol_user_t. Referenced by apol_compare_context(), apol_qpol_context_render(), find_netif_types_run(), find_node_types_run(), and find_port_types_run(). 00047 {
00048 apol_context_t *c = NULL;
00049 const qpol_user_t *user;
00050 const qpol_role_t *role;
00051 const qpol_type_t *type;
00052 const qpol_mls_range_t *range;
00053 const char *user_name, *role_name, *type_name;
00054 apol_mls_range_t *apol_range = NULL;
00055 if ((c = apol_context_create()) == NULL) {
00056 ERR(p, "%s", strerror(ENOMEM));
00057 goto err;
00058 }
00059 if (qpol_context_get_user(p->p, context, &user) < 0 ||
00060 qpol_context_get_role(p->p, context, &role) < 0 ||
00061 qpol_context_get_type(p->p, context, &type) < 0 || qpol_context_get_range(p->p, context, &range) < 0) {
00062 goto err;
00063 }
00064 if (qpol_user_get_name(p->p, user, &user_name) < 0 ||
00065 qpol_role_get_name(p->p, role, &role_name) < 0 || qpol_type_get_name(p->p, type, &type_name) < 0) {
00066 goto err;
00067 }
00068 if (qpol_policy_has_capability(p->p, QPOL_CAP_MLS)) {
00069 /* if the policy is MLS then convert the range, else
00070 * rely upon the default value of NULL */
00071 if ((apol_range = apol_mls_range_create_from_qpol_mls_range(p, range)) == NULL) {
00072 goto err;
00073 }
00074 }
00075 if (apol_context_set_user(p, c, user_name) < 0 ||
00076 apol_context_set_role(p, c, role_name) < 0 ||
00077 apol_context_set_type(p, c, type_name) < 0 || apol_context_set_range(p, c, apol_range) < 0) {
00078 goto err;
00079 }
00080 return c;
00081 err:
00082 apol_mls_range_destroy(&apol_range);
00083 apol_context_destroy(&c);
00084 return NULL;
00085 }
|
|
|
Take a literal context string that may be missing components (e.g., user_u::type_t:s0:c0.c127), fill in a newly allocated apol_context_t, and return it. If there is a MLS range component to the context, it will not expanded. The caller must call apol_context_destroy() upon the return value afterwards. Because this function creates a context without the benefit of a policy, its range is incomplete. Call apol_context_convert() to complete it.
Definition at line 87 of file context-query.c. References apol_context_create(), apol_context_destroy(), apol_context_t, apol_mls_range_create_from_literal(), apol_context::range, apol_context::role, apol_context::type, and apol_context::user. Referenced by main(). 00088 {
00089 apol_context_t *c = NULL;
00090 bool is_context_compiled = false;
00091 regex_t context_regex;
00092 const size_t nmatch = 5;
00093 regmatch_t pmatch[nmatch];
00094
00095 if ((c = apol_context_create()) == NULL) {
00096 goto err;
00097 }
00098
00099 if (regcomp(&context_regex, "^([^:]*):([^:]*):([^:]*):?(.*)$", REG_EXTENDED) != 0) {
00100 goto err;
00101 }
00102 is_context_compiled = true;
00103
00104 if (regexec(&context_regex, context_string, nmatch, pmatch, 0) != 0) {
00105 errno = EIO;
00106 goto err;
00107 }
00108
00109 const char *s;
00110 size_t len;
00111
00112 assert(pmatch[1].rm_so == 0);
00113 s = context_string + pmatch[1].rm_so;
00114 len = pmatch[1].rm_eo - pmatch[1].rm_so; // no +1 to avoid copying colon
00115 if (len != 0 && *s != '*' && (c->user = strndup(s, len)) == NULL) {
00116 goto err;
00117 }
00118
00119 assert(pmatch[2].rm_so != -1);
00120 s = context_string + pmatch[2].rm_so;
00121 len = pmatch[2].rm_eo - pmatch[2].rm_so; // no +1 to avoid copying colon
00122 if (len != 0 && *s != '*' && (c->role = strndup(s, len)) == NULL) {
00123 goto err;
00124 }
00125
00126 assert(pmatch[3].rm_so != -1);
00127 s = context_string + pmatch[3].rm_so;
00128 len = pmatch[3].rm_eo - pmatch[3].rm_so; // no +1 to avoid copying colon
00129 if (len != 0 && *s != '*' && (c->type = strndup(s, len)) == NULL) {
00130 goto err;
00131 }
00132
00133 if (pmatch[4].rm_so != -1) {
00134 s = context_string + pmatch[4].rm_so;
00135 len = pmatch[4].rm_eo - pmatch[4].rm_so;
00136 if (len != 0 && *s != '*' && (c->range = apol_mls_range_create_from_literal(s)) == NULL) {
00137 goto err;
00138 }
00139 }
00140
00141 regfree(&context_regex);
00142 return c;
00143
00144 err:
00145 apol_context_destroy(&c);
00146 if (is_context_compiled) {
00147 regfree(&context_regex);
00148 }
00149 return NULL;
00150 }
|
|
|
||||||||||||||||
|
Set the user field of a context structure. This function duplicates the incoming string.
Definition at line 164 of file context-query.c. References apol_context_t, apol_policy_t, ERR, and apol_context::user. Referenced by apol_context_create_from_qpol_context(), and sefs_fclist::getContext(). 00165 {
00166 if (context == NULL) {
00167 ERR(p, "%s", strerror(EINVAL));
00168 errno = EINVAL;
00169 return -1;
00170 }
00171 if (user != context->user) {
00172 free(context->user);
00173 context->user = NULL;
00174 if (user != NULL && (context->user = strdup(user)) == NULL) {
00175 ERR(p, "%s", strerror(errno));
00176 return -1;
00177 }
00178 }
00179 return 0;
00180 }
|
|
||||||||||||||||
|
Set the role field of a context structure. This function duplicates the incoming string.
Definition at line 182 of file context-query.c. References apol_context_t, apol_policy_t, ERR, and apol_context::role. Referenced by apol_context_create_from_qpol_context(), and sefs_fclist::getContext(). 00183 {
00184 if (context == NULL) {
00185 ERR(p, "%s", strerror(EINVAL));
00186 errno = EINVAL;
00187 return -1;
00188 }
00189 if (role != context->role) {
00190 free(context->role);
00191 context->role = NULL;
00192 if (role != NULL && (context->role = strdup(role)) == NULL) {
00193 ERR(p, "%s", strerror(errno));
00194 return -1;
00195 }
00196 }
00197 return 0;
00198 }
|
|
||||||||||||||||
|
Set the type field of a context structure. This function duplicates the incoming string.
Definition at line 200 of file context-query.c. References apol_context_t, apol_policy_t, ERR, and apol_context::type. Referenced by apol_context_create_from_qpol_context(), and sefs_fclist::getContext(). 00201 {
00202 if (context == NULL) {
00203 ERR(p, "%s", strerror(EINVAL));
00204 errno = EINVAL;
00205 return -1;
00206 }
00207 if (type != context->type) {
00208 free(context->type);
00209 context->type = NULL;
00210 if (type != NULL && (context->type = strdup(type)) == NULL) {
00211 ERR(p, "%s", strerror(errno));
00212 return -1;
00213 }
00214 }
00215 return 0;
00216 }
|
|
||||||||||||||||
|
Set the range field of a context structure. This function takes ownership of the range, such that the caller must not modify nor destroy it afterwards.
Definition at line 218 of file context-query.c. References apol_context_t, apol_mls_range_destroy(), apol_mls_range_t, apol_policy_t, ERR, and apol_context::range. Referenced by apol_context_create_from_qpol_context(), and sefs_fclist::getContext(). 00219 {
00220 if (context == NULL) {
00221 ERR(p, "%s", strerror(EINVAL));
00222 errno = EINVAL;
00223 return -1;
00224 }
00225 if (range != context->range) {
00226 apol_mls_range_destroy(&(context->range));
00227 context->range = range;
00228 }
00229 return 0;
00230 }
|
|
|
Get the user field of a context structure.
Definition at line 232 of file context-query.c. References apol_context_t, and apol_context::user. Referenced by fcfile_query(), fcfile_query_map_user_lee(), main(), and replace_entry(). 00233 {
00234 if (context == NULL) {
00235 errno = EINVAL;
00236 return NULL;
00237 }
00238 return context->user;
00239 }
|
|
|
Get the role field of a context structure.
Definition at line 241 of file context-query.c. References apol_context_t, and apol_context::role. Referenced by fcfile_query(), main(), and replace_entry(). 00242 {
00243 if (context == NULL) {
00244 errno = EINVAL;
00245 return NULL;
00246 }
00247 return context->role;
00248 }
|
|
|
Get the type field of a context structure.
Definition at line 250 of file context-query.c. References apol_context_t, and apol_context::type. Referenced by fcfile_query(), find_file_types_run(), main(), and replace_entry(). 00251 {
00252 if (context == NULL) {
00253 errno = EINVAL;
00254 return NULL;
00255 }
00256 return context->type;
00257 }
|
|
|
Get the range field of a context structure.
Definition at line 259 of file context-query.c. References apol_context_t, apol_mls_range_t, and apol_context::range. Referenced by main(), replace_entry(), and sefs_fcfile::runQueryMap(). 00260 {
00261 if (context == NULL) {
00262 errno = EINVAL;
00263 return NULL;
00264 }
00265 return context->range;
00266 }
|
|
||||||||||||||||||||
|
Compare two contexts, determining if one matches the other. The search context may have empty elements that indicate not to compare that field. Types will be matched if the two or any of their aliases are the same. The last parameter gives how to match ranges (assuming that search has a range); it must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, APOL_QUERY_EXACT or APOL_QUERY_INTERSECT as per apol_mls_range_compare(). If a context is not valid according to the policy then this function returns -1. If search is NULL then comparison always succeeds.
Definition at line 268 of file context-query.c. References apol_context_t, apol_mls_range_compare(), apol_policy_t, ERR, apol_policy::p, qpol_policy_get_role_by_name(), qpol_policy_get_type_by_name(), qpol_policy_get_user_by_name(), qpol_role_get_value(), qpol_role_t, qpol_type_get_value(), qpol_type_t, qpol_user_get_value(), qpol_user_t, apol_context::range, apol_context::role, apol_context::type, and apol_context::user. Referenced by apol_compare_context(). 00270 {
00271 uint32_t value0, value1;
00272 if (p == NULL || target == NULL || search == NULL) {
00273 ERR(p, "%s", strerror(EINVAL));
00274 errno = EINVAL;
00275 return -1;
00276 }
00277 if (target->user != NULL && search->user != NULL) {
00278 const qpol_user_t *user0, *user1;
00279 if (qpol_policy_get_user_by_name(p->p,
00280 target->user, &user0) < 0 ||
00281 qpol_policy_get_user_by_name(p->p,
00282 search->user, &user1) < 0 ||
00283 qpol_user_get_value(p->p, user0, &value0) < 0 || qpol_user_get_value(p->p, user1, &value1) < 0) {
00284 return -1;
00285 }
00286 if (value0 != value1) {
00287 return 0;
00288 }
00289 }
00290 if (target->role != NULL && search->role != NULL) {
00291 const qpol_role_t *role0, *role1;
00292 if (qpol_policy_get_role_by_name(p->p,
00293 target->role, &role0) < 0 ||
00294 qpol_policy_get_role_by_name(p->p,
00295 search->role, &role1) < 0 ||
00296 qpol_role_get_value(p->p, role0, &value0) < 0 || qpol_role_get_value(p->p, role1, &value1) < 0) {
00297 return -1;
00298 }
00299 if (value0 != value1) {
00300 return 0;
00301 }
00302 }
00303 if (target->type != NULL && search->type != NULL) {
00304 const qpol_type_t *type0, *type1;
00305 if (qpol_policy_get_type_by_name(p->p,
00306 target->type, &type0) < 0 ||
00307 qpol_policy_get_type_by_name(p->p,
00308 search->type, &type1) < 0 ||
00309 qpol_type_get_value(p->p, type0, &value0) < 0 || qpol_type_get_value(p->p, type1, &value1) < 0) {
00310 return -1;
00311 }
00312 if (value0 != value1) {
00313 return 0;
00314 }
00315 }
00316 if (target->range != NULL && search->range != NULL) {
00317 return apol_mls_range_compare(p, target->range, search->range, range_compare_type);
00318 }
00319 return 1;
00320 }
|
|
||||||||||||
|
Given a complete context (user, role, type, and range if policy is MLS), determine if it is legal according to the supplied policy. (Check that the user has that role, the role has that type, etc.) This function will convert from aliases to canonical forms as necessary.
Definition at line 322 of file context-query.c. References apol_context_t, apol_context_validate_partial(), apol_policy_is_mls(), apol_policy_t, ERR, apol_context::range, apol_context::role, apol_context::type, and apol_context::user. 00323 {
00324 if (context == NULL ||
00325 context->user == NULL ||
00326 context->role == NULL || context->type == NULL || (apol_policy_is_mls(p) && context->range == NULL)) {
00327 ERR(p, "%s", strerror(EINVAL));
00328 errno = EINVAL;
00329 return -1;
00330 }
00331 return apol_context_validate_partial(p, context);
00332 }
|
|
||||||||||||
|
Given a partial context, determine if it is legal according to the supplied policy. For fields that are not specified, assume that they would be legal. For example, if a user is given but not a role, then return truth if the user is in the policy. If the context is NULL then this function returns 1. This function will convert from aliases to canonical forms as necessary.
Definition at line 334 of file context-query.c. References apol_context_t, apol_mls_range_compare(), apol_mls_range_create_from_qpol_mls_range(), apol_mls_range_destroy(), apol_mls_range_t, apol_mls_range_validate(), apol_policy_is_mls(), apol_policy_t, APOL_QUERY_SUB, apol_role_get_by_query(), apol_role_query_create(), apol_role_query_destroy(), apol_role_query_set_role(), apol_role_query_set_type(), apol_role_query_t, apol_user_get_by_query(), apol_user_query_create(), apol_user_query_destroy(), apol_user_query_set_role(), apol_user_query_set_user(), apol_user_query_t, apol_vector_destroy(), apol_vector_get_size(), apol_vector_t, ERR, apol_policy::p, qpol_mls_range_t, qpol_policy_get_type_by_name(), qpol_policy_get_user_by_name(), qpol_type_t, qpol_user_get_range(), qpol_user_t, apol_context::range, apol_context::role, apol_context::type, and apol_context::user. Referenced by apol_context_validate(). 00335 {
00336 apol_user_query_t *user_query = NULL;
00337 apol_role_query_t *role_query = NULL;
00338 apol_vector_t *user_v = NULL, *role_v = NULL;
00339 const qpol_user_t *user;
00340 const qpol_type_t *type;
00341 const qpol_mls_range_t *user_range;
00342 apol_mls_range_t *user_apol_range = NULL;
00343 int retval = -1, retval2;
00344
00345 if (context == NULL) {
00346 return 1;
00347 }
00348 if (context->user != NULL) {
00349 if ((user_query = apol_user_query_create()) == NULL) {
00350 ERR(p, "%s", strerror(ENOMEM));
00351 }
00352 if (apol_user_query_set_user(p, user_query, context->user) < 0 ||
00353 (context->role != NULL && apol_user_query_set_role(p, user_query, context->role) < 0) ||
00354 apol_user_get_by_query(p, user_query, &user_v) < 0) {
00355 goto cleanup;
00356 }
00357 if (apol_vector_get_size(user_v) == 0) {
00358 retval = 0;
00359 goto cleanup;
00360 }
00361 }
00362 if (context->role != NULL) {
00363 if ((role_query = apol_role_query_create()) == NULL) {
00364 ERR(p, "%s", strerror(ENOMEM));
00365 }
00366 if (apol_role_query_set_role(p, role_query, context->role) < 0 ||
00367 (context->type != NULL && apol_role_query_set_type(p, role_query, context->type) < 0) ||
00368 apol_role_get_by_query(p, role_query, &role_v) < 0) {
00369 goto cleanup;
00370 }
00371 if (apol_vector_get_size(role_v) == 0) {
00372 retval = 0;
00373 goto cleanup;
00374 }
00375 }
00376 if (context->type != NULL) {
00377 if (qpol_policy_get_type_by_name(p->p, context->type, &type) < 0) {
00378 retval = 0;
00379 goto cleanup;
00380 }
00381 }
00382 if (apol_policy_is_mls(p) && context->range != NULL) {
00383 retval2 = apol_mls_range_validate(p, context->range);
00384 if (retval2 != 1) {
00385 retval = retval2;
00386 goto cleanup;
00387 }
00388 /* next check that the user has access to this context */
00389 if (context->user != NULL) {
00390 if (qpol_policy_get_user_by_name(p->p, context->user, &user) < 0 ||
00391 qpol_user_get_range(p->p, user, &user_range) < 0) {
00392 goto cleanup;
00393 }
00394 user_apol_range = apol_mls_range_create_from_qpol_mls_range(p, user_range);
00395 if (user_apol_range == NULL) {
00396 ERR(p, "%s", strerror(ENOMEM));
00397 goto cleanup;
00398 }
00399 retval2 = apol_mls_range_compare(p, user_apol_range, context->range, APOL_QUERY_SUB);
00400 if (retval2 != 1) {
00401 retval = retval2;
00402 goto cleanup;
00403 }
00404 }
00405 }
00406 retval = 1;
00407 cleanup:
00408 apol_user_query_destroy(&user_query);
00409 apol_role_query_destroy(&role_query);
00410 apol_vector_destroy(&user_v);
00411 apol_vector_destroy(&role_v);
00412 apol_mls_range_destroy(&user_apol_range);
00413 return retval;
00414 }
|
|
||||||||||||
|
Given a context, allocate and return a string that represents the context. This function does not check if the context is valid or not. An asterisk ("*") represents fields that have not been set. For example, if a context has the role object_r but has no user nor type set, it will be rendered as "<sample>*:object_r:*</sample>" (assuming the given policy is not MLS).
Definition at line 416 of file context-query.c. References apol_context_t, apol_mls_range_is_literal(), apol_mls_range_render(), apol_policy_is_mls(), apol_policy_t, apol_str_append(), apol_str_appendf(), ERR, apol_context::range, apol_context::role, apol_context::type, and apol_context::user. Referenced by apol_qpol_context_render(), find_netif_types_run(), find_node_types_run(), find_port_types_run(), and replace_entry(). 00417 {
00418 char *buf = NULL, *range_str = NULL;
00419 size_t buf_sz = 0;
00420
00421 if (context == NULL) {
00422 ERR(p, "%s", strerror(EINVAL));
00423 errno = EINVAL;
00424 return NULL;
00425 }
00426 if (p == NULL && !apol_mls_range_is_literal(context->range)) {
00427 ERR(p, "%s", strerror(EINVAL));
00428 errno = EINVAL;
00429 return NULL;
00430 }
00431 if (apol_str_appendf(&buf, &buf_sz, "%s:", (context->user != NULL ? context->user : "*")) != 0) {
00432 ERR(p, "%s", strerror(errno));
00433 goto err_return;
00434 }
00435 if (apol_str_appendf(&buf, &buf_sz, "%s:", (context->role != NULL ? context->role : "*")) != 0) {
00436 ERR(p, "%s", strerror(errno));
00437 goto err_return;
00438 }
00439 if (apol_str_append(&buf, &buf_sz, (context->type != NULL ? context->type : "*")) != 0) {
00440 ERR(p, "%s", strerror(errno));
00441 goto err_return;
00442 }
00443 if ((p != NULL && apol_policy_is_mls(p)) || (p == NULL)) {
00444 if (context->range == NULL) {
00445 range_str = strdup("*");
00446 } else {
00447 range_str = apol_mls_range_render(p, context->range);
00448 }
00449 if (range_str == NULL) {
00450 goto err_return;
00451 }
00452 if (apol_str_appendf(&buf, &buf_sz, ":%s", range_str) != 0) {
00453 ERR(p, "%s", strerror(errno));
00454 goto err_return;
00455 }
00456 free(range_str);
00457 }
00458 return buf;
00459
00460 err_return:
00461 free(buf);
00462 free(range_str);
00463 return NULL;
00464 }
|
|
||||||||||||
|
Given a context, convert the range within it (as per apol_mls_range_convert()) to a complete range. If the context has no range or has no literal range then do nothing.
Definition at line 466 of file context-query.c. References apol_context_t, apol_mls_range_convert(), apol_policy_t, ERR, and apol_context::range. Referenced by fclist_sefs_node_convert(). 00467 {
00468 if (p == NULL || context == NULL) {
00469 ERR(p, "%s", strerror(EINVAL));
00470 errno = EINVAL;
00471 return -1;
00472 }
00473 if (context->range != NULL) {
00474 return apol_mls_range_convert(p, context->range);
00475 }
00476 return 0;
00477 }
|
