Jason Tang jtang@tresys.com
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file syn_rule_query.h.
#include <qpol/policy.h>
#include <qpol/cond_query.h>
#include <qpol/iterator.h>
#include <stdint.h>
Go to the source code of this file.
Typedefs | |
| typedef qpol_type_set | qpol_type_set_t |
| typedef qpol_syn_avrule | qpol_syn_avrule_t |
| typedef qpol_syn_terule | qpol_syn_terule_t |
Functions | |
| int | qpol_type_set_get_included_types_iter (const qpol_policy_t *policy, const qpol_type_set_t *ts, qpol_iterator_t **iter) |
| Get an iterator of the included types in a type set. | |
| int | qpol_type_set_get_subtracted_types_iter (const qpol_policy_t *policy, const qpol_type_set_t *ts, qpol_iterator_t **iter) |
| Get an iterator of the subtracted types in a type set. | |
| int | qpol_type_set_get_is_star (const qpol_policy_t *policy, const qpol_type_set_t *ts, uint32_t *is_star) |
| Determine if a type set includes '*'. | |
| int | qpol_type_set_get_is_comp (const qpol_policy_t *policy, const qpol_type_set_t *ts, uint32_t *is_comp) |
| Determine if a type set is complemented (contains '~'). | |
| int | qpol_syn_avrule_get_rule_type (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, uint32_t *rule_type) |
| Get the rule type of a syntactic avrule. | |
| int | qpol_syn_avrule_get_source_type_set (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, const qpol_type_set_t **source_set) |
| Get the set of types specified for a syntatic rule's source field. | |
| int | qpol_syn_avrule_get_target_type_set (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, const qpol_type_set_t **target_set) |
| Get the set of types specified for a syntactic rule's target field. | |
| int | qpol_syn_avrule_get_is_target_self (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, uint32_t *is_self) |
| Determine if a syntactic rule includes the self flag in the target set. | |
| int | qpol_syn_avrule_get_class_iter (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, qpol_iterator_t **classes) |
| Get an iterator over all classes specified in a syntactic rule. | |
| int | qpol_syn_avrule_get_perm_iter (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, qpol_iterator_t **perms) |
| Get an iterator over all permissions specified in a syntactic rule. | |
| int | qpol_syn_avrule_get_lineno (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, unsigned long *lineno) |
| Get the line number of a syntactic rule. | |
| int | qpol_syn_avrule_get_cond (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, const qpol_cond_t **cond) |
| If the syntactic rule is within a conditional, then get that conditional and assign it to cond. | |
| int | qpol_syn_avrule_get_is_enabled (const qpol_policy_t *policy, const qpol_syn_avrule_t *rule, uint32_t *is_enabled) |
| Determine if the syntactic rule is enabled. | |
| int | qpol_syn_terule_get_rule_type (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, uint32_t *rule_type) |
| Get the rule type of a syntactic terule. | |
| int | qpol_syn_terule_get_source_type_set (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, const qpol_type_set_t **source_set) |
| Bet the set of types specified for a syntactic rule's source field. | |
| int | qpol_syn_terule_get_target_type_set (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, const qpol_type_set_t **target_set) |
| Get the set of types specified for a syntactic rule's target field. | |
| int | qpol_syn_terule_get_class_iter (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, qpol_iterator_t **classes) |
| Get an iterator over all classes specified in a syntactic rule. | |
| int | qpol_syn_terule_get_default_type (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, const struct qpol_type **dflt) |
| Get the default type of a syntactic terule. | |
| int | qpol_syn_terule_get_lineno (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, unsigned long *lineno) |
| Get the line number of a syntactic rule. | |
| int | qpol_syn_terule_get_cond (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, const qpol_cond_t **cond) |
| If the syntactic rule is within a conditional, then get that conditional and assign it to cond. | |
| int | qpol_syn_terule_get_is_enabled (const qpol_policy_t *policy, const qpol_syn_terule_t *rule, uint32_t *is_enabled) |
| Determine if the syntactic rule is enabled. | |
|
|
|
|
Definition at line 41 of file syn_rule_query.h. Referenced by apol_syn_terule_comp(), apol_syn_terule_get_by_query(), apol_terule_list_to_syn_terules(), apol_terule_to_syn_terules(), print_syn_te_results(), terule_basic_syn(), and terule_enable_line_numbers(). |
|
||||||||||||||||
|
Get an iterator of the included types in a type set.
Definition at line 186 of file syn_rule_query.c. References ebitmap_state::bmap, ebitmap_state::cur, ebitmap_state_end(), ebitmap_state_get_cur_type(), ebitmap_state_next(), ebitmap_state_size(), ebitmap_state_t, ERR, qpol_iterator_create(), qpol_iterator_t, and qpol_policy_t. Referenced by apol_query_type_set_uses_types_directly(), apol_syn_avrule_render(), and apol_syn_terule_render(). 00187 {
00188 type_set_t *internal_ts = NULL;
00189 ebitmap_state_t *es = NULL;
00190 int error = 0;
00191
00192 if (iter)
00193 *iter = NULL;
00194
00195 if (!policy || !ts || !iter) {
00196 ERR(policy, "%s", strerror(EINVAL));
00197 error = EINVAL;
00198 return STATUS_ERR;
00199 }
00200
00201 internal_ts = (type_set_t *) ts;
00202
00203 es = calloc(1, sizeof(ebitmap_state_t));
00204 if (!es) {
00205 error = errno;
00206 ERR(policy, "%s", strerror(error));
00207 errno = error;
00208 return STATUS_ERR;
00209 }
00210
00211 es->bmap = &(internal_ts->types);
00212 es->cur = es->bmap->node ? es->bmap->node->startbit : 0;
00213
00214 if (qpol_iterator_create(policy, es, ebitmap_state_get_cur_type,
00215 ebitmap_state_next, ebitmap_state_end, ebitmap_state_size, free, iter)) {
00216 free(es);
00217 return STATUS_ERR;
00218 }
00219
00220 if (es->bmap->node && !ebitmap_get_bit(es->bmap, es->cur))
00221 ebitmap_state_next(*iter);
00222
00223 return STATUS_SUCCESS;
00224 }
|
|
||||||||||||||||
|
Get an iterator of the subtracted types in a type set.
Definition at line 226 of file syn_rule_query.c. References ebitmap_state::bmap, ebitmap_state::cur, ebitmap_state_end(), ebitmap_state_get_cur_type(), ebitmap_state_next(), ebitmap_state_size(), ebitmap_state_t, ERR, qpol_iterator_create(), qpol_iterator_t, and qpol_policy_t. Referenced by apol_query_type_set_uses_types_directly(), apol_syn_avrule_render(), and apol_syn_terule_render(). 00227 {
00228 type_set_t *internal_ts = NULL;
00229 ebitmap_state_t *es = NULL;
00230 int error = 0;
00231
00232 if (iter)
00233 *iter = NULL;
00234
00235 if (!policy || !ts || !iter) {
00236 ERR(policy, "%s", strerror(EINVAL));
00237 error = EINVAL;
00238 return STATUS_ERR;
00239 }
00240
00241 internal_ts = (type_set_t *) ts;
00242
00243 es = calloc(1, sizeof(ebitmap_state_t));
00244 if (!es) {
00245 error = errno;
00246 ERR(policy, "%s", strerror(error));
00247 errno = error;
00248 return STATUS_ERR;
00249 }
00250
00251 es->bmap = &(internal_ts->negset);
00252 es->cur = es->bmap->node ? es->bmap->node->startbit : 0;
00253
00254 if (qpol_iterator_create(policy, es, ebitmap_state_get_cur_type,
00255 ebitmap_state_next, ebitmap_state_end, ebitmap_state_size, free, iter)) {
00256 free(es);
00257 return STATUS_ERR;
00258 }
00259
00260 if (es->bmap->node && !ebitmap_get_bit(es->bmap, es->cur))
00261 ebitmap_state_next(*iter);
00262
00263 return STATUS_SUCCESS;
00264 }
|
|
||||||||||||||||
|
Determine if a type set includes '*'.
Definition at line 266 of file syn_rule_query.c. References ERR, and qpol_policy_t. Referenced by apol_syn_avrule_render(), and apol_syn_terule_render(). 00267 {
00268 type_set_t *internal_ts = NULL;
00269
00270 if (is_star)
00271 *is_star = 0;
00272
00273 if (!policy || !ts || !is_star) {
00274 ERR(policy, "%s", strerror(EINVAL));
00275 errno = EINVAL;
00276 return STATUS_ERR;
00277 }
00278
00279 internal_ts = (type_set_t *) ts;
00280
00281 if (internal_ts->flags == TYPE_STAR)
00282 *is_star = 1;
00283
00284 return STATUS_SUCCESS;
00285 }
|
|
||||||||||||||||
|
Determine if a type set is complemented (contains '~').
Definition at line 287 of file syn_rule_query.c. References ERR, and qpol_policy_t. Referenced by apol_query_type_set_uses_types_directly(), apol_syn_avrule_render(), and apol_syn_terule_render(). 00288 {
00289 type_set_t *internal_ts = NULL;
00290
00291 if (is_comp)
00292 *is_comp = 0;
00293
00294 if (!policy || !ts || !is_comp) {
00295 ERR(policy, "%s", strerror(EINVAL));
00296 errno = EINVAL;
00297 return STATUS_ERR;
00298 }
00299
00300 internal_ts = (type_set_t *) ts;
00301
00302 if (internal_ts->flags == TYPE_COMP)
00303 *is_comp = 1;
00304
00305 return STATUS_SUCCESS;
00306 }
|
|
||||||||||||||||
|
Get the rule type of a syntactic avrule.
Definition at line 310 of file syn_rule_query.c. References ERR, and qpol_policy_t. Referenced by apol_syn_avrule_render(), and avrule_basic_syn(). 00311 {
00312 avrule_t *internal_rule = NULL;
00313
00314 if (rule_type)
00315 *rule_type = 0;
00316
00317 if (!policy || !rule || !rule_type) {
00318 ERR(policy, "%s", strerror(EINVAL));
00319 errno = EINVAL;
00320 return STATUS_ERR;
00321 }
00322
00323 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00324
00325 if (internal_rule->specified == AVRULE_DONTAUDIT)
00326 *rule_type = QPOL_RULE_DONTAUDIT;
00327 else
00328 *rule_type = internal_rule->specified;
00329
00330 return STATUS_SUCCESS;
00331 }
|
|
||||||||||||||||
|
Get the set of types specified for a syntatic rule's source field.
Definition at line 333 of file syn_rule_query.c. References ERR, qpol_policy_t, and qpol_type_set_t. Referenced by apol_syn_avrule_get_by_query(), and apol_syn_avrule_render(). 00335 {
00336 avrule_t *internal_rule = NULL;
00337
00338 if (source_set)
00339 *source_set = NULL;
00340
00341 if (!policy || !rule || !source_set) {
00342 ERR(policy, "%s", strerror(EINVAL));
00343 errno = EINVAL;
00344 return STATUS_ERR;
00345 }
00346
00347 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00348
00349 *source_set = (qpol_type_set_t *) (&internal_rule->stypes);
00350
00351 return STATUS_SUCCESS;
00352 }
|
|
||||||||||||||||
|
Get the set of types specified for a syntactic rule's target field.
Definition at line 354 of file syn_rule_query.c. References ERR, qpol_policy_t, and qpol_type_set_t. Referenced by apol_syn_avrule_get_by_query(), and apol_syn_avrule_render(). 00356 {
00357 avrule_t *internal_rule = NULL;
00358
00359 if (target_set)
00360 *target_set = NULL;
00361
00362 if (!policy || !rule || !target_set) {
00363 ERR(policy, "%s", strerror(EINVAL));
00364 errno = EINVAL;
00365 return STATUS_ERR;
00366 }
00367
00368 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00369
00370 *target_set = (qpol_type_set_t *) (&internal_rule->ttypes);
00371
00372 return STATUS_SUCCESS;
00373 }
|
|
||||||||||||||||
|
Determine if a syntactic rule includes the self flag in the target set.
Definition at line 375 of file syn_rule_query.c. References ERR, and qpol_policy_t. Referenced by apol_syn_avrule_get_by_query(), and apol_syn_avrule_render(). 00376 {
00377 avrule_t *internal_rule = NULL;
00378
00379 if (is_self)
00380 *is_self = 0;
00381
00382 if (!policy || !rule || !is_self) {
00383 ERR(policy, "%s", strerror(EINVAL));
00384 errno = EINVAL;
00385 return STATUS_ERR;
00386 }
00387
00388 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00389
00390 if (internal_rule->flags & RULE_SELF)
00391 *is_self = 1;
00392
00393 return STATUS_SUCCESS;
00394 }
|
|
||||||||||||||||
|
Get an iterator over all classes specified in a syntactic rule.
Definition at line 396 of file syn_rule_query.c. References syn_rule_class_state::cur, ERR, syn_rule_class_state::head, qpol_iterator_create(), qpol_iterator_t, qpol_policy_t, syn_rule_class_state_end(), syn_rule_class_state_get_cur(), syn_rule_class_state_next(), syn_rule_class_state_size(), and syn_rule_class_state_t. Referenced by apol_syn_avrule_render(). 00397 {
00398 syn_rule_class_state_t *srcs = NULL;
00399 avrule_t *internal_rule = NULL;
00400 int error = 0;
00401
00402 if (classes)
00403 *classes = NULL;
00404
00405 if (!policy || !rule || !classes) {
00406 ERR(policy, "%s", strerror(EINVAL));
00407 errno = EINVAL;
00408 return STATUS_ERR;
00409 }
00410
00411 if (!(srcs = calloc(1, sizeof(syn_rule_class_state_t)))) {
00412 error = errno;
00413 ERR(policy, "%s", strerror(error));
00414 errno = error;
00415 return STATUS_ERR;
00416 }
00417
00418 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00419 srcs->head = srcs->cur = internal_rule->perms;
00420
00421 if (qpol_iterator_create(policy, (void *)srcs,
00422 syn_rule_class_state_get_cur, syn_rule_class_state_next,
00423 syn_rule_class_state_end, syn_rule_class_state_size, free, classes)) {
00424 error = errno;
00425 ERR(policy, "%s", strerror(error));
00426 free(srcs);
00427 errno = error;
00428 return STATUS_ERR;
00429 }
00430
00431 return STATUS_SUCCESS;
00432 }
|
|
||||||||||||||||
|
Get an iterator over all permissions specified in a syntactic rule.
Definition at line 434 of file syn_rule_query.c. References syn_rule_perm_state::cur, ERR, qpol_policy::p, syn_rule_perm_state::perm_list, syn_rule_perm_state::perm_list_sz, qpol_iterator_create(), qpol_iterator_t, qpol_policy_t, syn_rule_perm_state_end(), syn_rule_perm_state_free(), syn_rule_perm_state_get_cur(), syn_rule_perm_state_next(), syn_rule_perm_state_size(), and syn_rule_perm_state_t. Referenced by apol_avrule_list_to_syn_avrules(), apol_avrule_to_syn_avrules(), apol_syn_avrule_render(), and avrule_get_line_numbers_for_perm(). 00435 {
00436 avrule_t *internal_rule = NULL;
00437 policydb_t *db = NULL;
00438 char **perm_list, *tmp = NULL, **tmp_copy = NULL;
00439 class_perm_node_t *node = NULL;
00440 size_t node_num = 0, i, cur, perm_list_sz = 0;
00441 int error = 0;
00442 syn_rule_perm_state_t *srps = NULL;
00443
00444 if (perms)
00445 *perms = NULL;
00446
00447 if (!policy || !rule || !perms) {
00448 ERR(policy, "%s", strerror(EINVAL));
00449 errno = EINVAL;
00450 return STATUS_ERR;
00451 }
00452
00453 db = &policy->p->p;
00454 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00455 for (node = internal_rule->perms; node; node = node->next)
00456 node_num++;
00457
00458 /* for now allocate space for maximum number of unique perms */
00459 perm_list = calloc(node_num * 32, sizeof(char *));
00460 if (!perm_list) {
00461 error = errno;
00462 ERR(policy, "%s", strerror(error));
00463 errno = error;
00464 return STATUS_ERR;
00465 }
00466
00467 for (node = internal_rule->perms; node; node = node->next) {
00468 for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
00469 if (!(node->data & (1 << i)))
00470 continue;
00471 tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
00472 if (tmp) {
00473 tmp++; /* remove prepended space */
00474 for (cur = 0; cur < perm_list_sz; cur++)
00475 if (!strcmp(tmp, perm_list[cur]))
00476 break;
00477 if (cur < perm_list_sz)
00478 continue;
00479 perm_list[perm_list_sz] = strdup(tmp);
00480 if (!(perm_list[perm_list_sz])) {
00481 error = errno;
00482 ERR(policy, "%s", strerror(error));
00483 goto err;
00484 }
00485 perm_list_sz++;
00486 } else {
00487 error = errno;
00488 ERR(policy, "%s", strerror(error));
00489 goto err;
00490 }
00491 }
00492 }
00493
00494 /* shrink to actual needed size */
00495 tmp_copy = realloc(perm_list, perm_list_sz * sizeof(char *));
00496 if (!tmp_copy) {
00497 error = errno;
00498 ERR(policy, "%s", strerror(error));
00499 goto err;
00500 }
00501 perm_list = tmp_copy;
00502
00503 srps = calloc(1, sizeof(syn_rule_perm_state_t));
00504 if (!srps) {
00505 error = errno;
00506 ERR(policy, "%s", strerror(error));
00507 goto err;
00508 }
00509 srps->perm_list = perm_list;
00510 srps->perm_list_sz = perm_list_sz;
00511 srps->cur = 0;
00512
00513 if (qpol_iterator_create(policy, (void *)srps,
00514 syn_rule_perm_state_get_cur, syn_rule_perm_state_next,
00515 syn_rule_perm_state_end, syn_rule_perm_state_size, syn_rule_perm_state_free, perms)) {
00516 error = errno;
00517 ERR(policy, "%s", strerror(error));
00518 goto err;
00519 }
00520
00521 return STATUS_SUCCESS;
00522
00523 err:
00524 for (i = 0; i < perm_list_sz; i++)
00525 free(perm_list[i]);
00526 free(perm_list);
00527 errno = error;
00528 return STATUS_ERR;
00529 }
|
|
||||||||||||||||
|
Get the line number of a syntactic rule.
Definition at line 531 of file syn_rule_query.c. References ERR, and qpol_policy_t. Referenced by apol_syn_avrule_comp(), avrule_enable_line_numbers(), avrule_get_line_numbers_for_perm(), policy_view_display_avrule_results(), and print_syn_av_results(). 00532 {
00533 avrule_t *internal_rule = NULL;
00534
00535 if (lineno)
00536 *lineno = 0;
00537
00538 if (!policy || !rule || !lineno) {
00539 ERR(policy, "%s", strerror(EINVAL));
00540 errno = EINVAL;
00541 return STATUS_ERR;
00542 }
00543
00544 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00545
00546 *lineno = internal_rule->line;
00547
00548 return STATUS_SUCCESS;
00549 }
|
|
||||||||||||||||
|
If the syntactic rule is within a conditional, then get that conditional and assign it to cond. Otherwise assign to cond NULL.
Definition at line 551 of file syn_rule_query.c. References ERR, qpol_cond_t, and qpol_policy_t. Referenced by print_syn_av_results(). 00552 {
00553 if (cond)
00554 *cond = NULL;
00555
00556 if (!policy || !rule || !cond) {
00557 ERR(policy, "%s", strerror(EINVAL));
00558 errno = EINVAL;
00559 return STATUS_ERR;
00560 }
00561
00562 *cond = (qpol_cond_t *) ((struct qpol_syn_rule *)rule)->cond;
00563 return STATUS_SUCCESS;
00564 }
|
|
||||||||||||||||
|
Determine if the syntactic rule is enabled. Unconditional rules are always enabled.
Definition at line 566 of file syn_rule_query.c. References ERR, qpol_policy::p, and qpol_policy_t. Referenced by print_syn_av_results(). 00567 {
00568 int truth;
00569 if (is_enabled)
00570 *is_enabled = 0;
00571
00572 if (!policy || !rule || !is_enabled) {
00573 ERR(policy, "%s", strerror(EINVAL));
00574 errno = EINVAL;
00575 return STATUS_ERR;
00576 }
00577
00578 if (!((struct qpol_syn_rule *)rule)->cond)
00579 *is_enabled = 1;
00580 else {
00581 truth = cond_evaluate_expr(&policy->p->p, ((struct qpol_syn_rule *)rule)->cond->expr);
00582 if (truth < 0) {
00583 ERR(policy, "%s", strerror(ERANGE));
00584 errno = ERANGE;
00585 return STATUS_ERR;
00586 }
00587 if (!((struct qpol_syn_rule *)rule)->cond_branch)
00588 *is_enabled = truth;
00589 else
00590 *is_enabled = truth ? 0 : 1;
00591 }
00592 return STATUS_SUCCESS;
00593 }
|
|
||||||||||||||||
|
Get the rule type of a syntactic terule.
Definition at line 597 of file syn_rule_query.c. References ERR, and qpol_policy_t. Referenced by apol_syn_terule_render(), and terule_basic_syn(). 00598 {
00599 avrule_t *internal_rule = NULL;
00600
00601 if (rule_type)
00602 *rule_type = 0;
00603
00604 if (!policy || !rule || !rule_type) {
00605 ERR(policy, "%s", strerror(EINVAL));
00606 errno = EINVAL;
00607 return STATUS_ERR;
00608 }
00609
00610 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00611
00612 *rule_type = internal_rule->specified;
00613
00614 return STATUS_SUCCESS;
00615 }
|
|
||||||||||||||||
|
Bet the set of types specified for a syntactic rule's source field.
Definition at line 617 of file syn_rule_query.c. References ERR, qpol_policy_t, and qpol_type_set_t. Referenced by apol_syn_terule_get_by_query(), and apol_syn_terule_render(). 00619 {
00620 avrule_t *internal_rule = NULL;
00621
00622 if (source_set)
00623 *source_set = NULL;
00624
00625 if (!policy || !rule || !source_set) {
00626 ERR(policy, "%s", strerror(EINVAL));
00627 errno = EINVAL;
00628 return STATUS_ERR;
00629 }
00630
00631 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00632
00633 *source_set = (qpol_type_set_t *) (&internal_rule->stypes);
00634
00635 return STATUS_SUCCESS;
00636 }
|
|
||||||||||||||||
|
Get the set of types specified for a syntactic rule's target field.
Definition at line 638 of file syn_rule_query.c. References ERR, qpol_policy_t, and qpol_type_set_t. Referenced by apol_syn_terule_get_by_query(), and apol_syn_terule_render(). 00640 {
00641 avrule_t *internal_rule = NULL;
00642
00643 if (target_set)
00644 *target_set = NULL;
00645
00646 if (!policy || !rule || !target_set) {
00647 ERR(policy, "%s", strerror(EINVAL));
00648 errno = EINVAL;
00649 return STATUS_ERR;
00650 }
00651
00652 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00653
00654 *target_set = (qpol_type_set_t *) (&internal_rule->ttypes);
00655
00656 return STATUS_SUCCESS;
00657 }
|
|
||||||||||||||||
|
Get an iterator over all classes specified in a syntactic rule.
Definition at line 659 of file syn_rule_query.c. References syn_rule_class_state::cur, ERR, syn_rule_class_state::head, qpol_iterator_create(), qpol_iterator_t, qpol_policy_t, syn_rule_class_state_end(), syn_rule_class_state_get_cur(), syn_rule_class_state_next(), syn_rule_class_state_size(), and syn_rule_class_state_t. Referenced by apol_syn_terule_render(). 00660 {
00661 syn_rule_class_state_t *srcs = NULL;
00662 avrule_t *internal_rule = NULL;
00663 int error = 0;
00664
00665 if (classes)
00666 *classes = NULL;
00667
00668 if (!policy || !rule || !classes) {
00669 ERR(policy, "%s", strerror(EINVAL));
00670 errno = EINVAL;
00671 return STATUS_ERR;
00672 }
00673
00674 if (!(srcs = calloc(1, sizeof(syn_rule_class_state_t)))) {
00675 error = errno;
00676 ERR(policy, "%s", strerror(error));
00677 errno = error;
00678 return STATUS_ERR;
00679 }
00680
00681 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00682 srcs->head = srcs->cur = internal_rule->perms;
00683
00684 if (qpol_iterator_create(policy, (void *)srcs,
00685 syn_rule_class_state_get_cur, syn_rule_class_state_next,
00686 syn_rule_class_state_end, syn_rule_class_state_size, free, classes)) {
00687 error = errno;
00688 ERR(policy, "%s", strerror(error));
00689 free(srcs);
00690 errno = error;
00691 return STATUS_ERR;
00692 }
00693
00694 return STATUS_SUCCESS;
00695 }
|
|
||||||||||||||||
|
Get the default type of a syntactic terule.
|
|
||||||||||||||||
|
Get the line number of a syntactic rule.
Definition at line 720 of file syn_rule_query.c. References ERR, and qpol_policy_t. Referenced by apol_syn_terule_comp(), print_syn_te_results(), and terule_enable_line_numbers(). 00721 {
00722 avrule_t *internal_rule = NULL;
00723
00724 if (lineno)
00725 *lineno = 0;
00726
00727 if (!policy || !rule || !lineno) {
00728 ERR(policy, "%s", strerror(EINVAL));
00729 errno = EINVAL;
00730 return STATUS_ERR;
00731 }
00732
00733 internal_rule = ((struct qpol_syn_rule *)rule)->rule;
00734
00735 *lineno = internal_rule->line;
00736
00737 return STATUS_SUCCESS;
00738 }
|
|
||||||||||||||||
|
If the syntactic rule is within a conditional, then get that conditional and assign it to cond. Otherwise assign to cond NULL.
Definition at line 740 of file syn_rule_query.c. References ERR, qpol_cond_t, and qpol_policy_t. Referenced by print_syn_te_results(). 00741 {
00742 if (cond)
00743 *cond = NULL;
00744
00745 if (!policy || !rule || !cond) {
00746 ERR(policy, "%s", strerror(EINVAL));
00747 errno = EINVAL;
00748 return STATUS_ERR;
00749 }
00750
00751 *cond = (qpol_cond_t *) ((struct qpol_syn_rule *)rule)->cond;
00752 return STATUS_SUCCESS;
00753 }
|
|
||||||||||||||||
|
Determine if the syntactic rule is enabled. Unconditional rules are always enabled.
Definition at line 755 of file syn_rule_query.c. References ERR, qpol_policy::p, and qpol_policy_t. Referenced by print_syn_te_results(). 00756 {
00757 int truth;
00758 if (is_enabled)
00759 *is_enabled = 0;
00760
00761 if (!policy || !rule || !is_enabled) {
00762 ERR(policy, "%s", strerror(EINVAL));
00763 errno = EINVAL;
00764 return STATUS_ERR;
00765 }
00766
00767 if (!((struct qpol_syn_rule *)rule)->cond)
00768 *is_enabled = 1;
00769 else {
00770 truth = cond_evaluate_expr(&policy->p->p, ((struct qpol_syn_rule *)rule)->cond->expr);
00771 if (truth < 0) {
00772 ERR(policy, "%s", strerror(ERANGE));
00773 errno = ERANGE;
00774 return STATUS_ERR;
00775 }
00776 if (!((struct qpol_syn_rule *)rule)->cond_branch)
00777 *is_enabled = truth;
00778 else
00779 *is_enabled = truth ? 0 : 1;
00780 }
00781 return STATUS_SUCCESS;
00782 }
|
