Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Class Members | File Members | Related Pages | Search for 
libapol / include / apol

policy.h File Reference

Detailed Description

Public interface for SELinux policies.

This function declares apol_policy, a structure that groups a qpol_policy with other structures needed by libapol. Almost all setools files will need to #include this header.

Author:
Jeremy A. Mowery jmowery@tresys.com

Jason Tang jtang@tresys.com

Copyright (C) 2006-2007 Tresys Technology, LLC

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

Definition in file policy.h.

#include "policy-path.h"
#include <stdarg.h>
#include <qpol/policy.h>

Go to the source code of this file.


Defines

#define APOL_POLICY_OPTION_NO_RULES   QPOL_POLICY_OPTION_NO_RULES
 When creating an apol_policy, load all components except rules (both AV and TE rules).
#define APOL_MSG_ERR   1
#define APOL_MSG_WARN   2
#define APOL_MSG_INFO   3
#define ERR(p, format,)   apol_handle_msg(p, APOL_MSG_ERR, format, __VA_ARGS__)
 Invoke a apol_policy_t's callback for an error, passing it a format string and arguments.
#define WARN(p, format,)   apol_handle_msg(p, APOL_MSG_WARN, format, __VA_ARGS__)
 Invoke a apol_policy_t's callback for a warning, passing it a format string and arguments.
#define INFO(p, format,)   apol_handle_msg(p, APOL_MSG_INFO, format, __VA_ARGS__)
 Invoke a apol_policy_t's callback for an informational messag, passing it a format string and arguments.

Typedefs

typedef apol_policy apol_policy_t
typedef void(* apol_callback_fn_t )(void *varg, const apol_policy_t *p, int level, const char *fmt, va_list argp)

Functions

apol_policy_tapol_policy_create_from_policy_path (const apol_policy_path_t *path, const int options, apol_callback_fn_t msg_callback, void *varg)
 Create a new apol_policy initialized from one or more policy files.
void apol_policy_destroy (apol_policy_t **policy)
 Deallocate all memory associated with a policy, including all auxillary data structures, and then set it to NULL.
int apol_policy_get_policy_type (const apol_policy_t *policy)
 Given a policy, return the policy type.
qpol_policy_tapol_policy_get_qpol (const apol_policy_t *policy)
 Given a policy, return a pointer to the underlying qpol_policy.
int apol_policy_is_mls (const apol_policy_t *p)
 Given a policy, return 1 if the policy within is MLS, 0 if not.
char * apol_policy_get_version_type_mls_str (const apol_policy_t *p)
 Given a policy, allocate and return a string that describes the policy (policy version, source/binary, mls/non-mls).
void apol_handle_msg (const apol_policy_t *p, int level, const char *fmt,...)
 Write a message to the callback stored within an apol error handler.
 __attribute__ ((format(printf, 3, 4))) extern void apol_handle_msg(const apol_policy_t *p

Variables

int level
int const char * fmt

Define Documentation

#define APOL_POLICY_OPTION_NO_RULES   QPOL_POLICY_OPTION_NO_RULES
 

When creating an apol_policy, load all components except rules (both AV and TE rules).

For modular policies, this affects both the base policy and subsequent modules.

Deprecated:
use QPOL_POLICY_OPTION_NO_RULES instead

Definition at line 51 of file policy.h.

#define APOL_MSG_ERR   1
 

Definition at line 124 of file policy.h.

Referenced by apol_handle_default_callback().

#define APOL_MSG_WARN   2
 

Definition at line 125 of file policy.h.

Referenced by apol_handle_default_callback().

#define APOL_MSG_INFO   3
 

Definition at line 126 of file policy.h.

Referenced by apol_handle_default_callback(), and apol_tcl_common_route().

#define ERR p,
format   )     apol_handle_msg(p, APOL_MSG_ERR, format, __VA_ARGS__)
 

Invoke a apol_policy_t's callback for an error, passing it a format string and arguments.

Definition at line 148 of file policy.h.

Referenced by apol_attr_get_by_query(), apol_avrule_get_by_query(), apol_avrule_list_to_syn_avrules(), apol_avrule_query_append_class(), apol_avrule_query_append_perm(), apol_avrule_query_set_source_component(), apol_avrule_query_set_target_component(), apol_avrule_render(), apol_avrule_to_syn_avrules(), apol_bool_get_by_query(), apol_cat_get_by_query(), apol_class_get_by_query(), apol_common_get_by_query(), apol_compare(), apol_cond_expr_render(), apol_cond_get_by_query(), apol_constraint_get_by_query(), apol_context_compare(), apol_context_convert(), apol_context_create_from_qpol_context(), apol_context_render(), apol_context_set_range(), apol_context_set_role(), apol_context_set_type(), apol_context_set_user(), apol_context_validate(), apol_context_validate_partial(), apol_domain_trans_analysis_append_access_type(), apol_domain_trans_analysis_append_class(), apol_domain_trans_analysis_append_perm(), apol_domain_trans_analysis_do(), apol_domain_trans_analysis_set_direction(), apol_domain_trans_analysis_set_result_regex(), apol_domain_trans_analysis_set_start_type(), apol_domain_trans_analysis_set_valid(), apol_domain_trans_table_new(), apol_fs_use_get_by_query(), apol_fs_use_query_set_behavior(), apol_fs_use_render(), apol_genfscon_get_by_query(), apol_genfscon_query_set_objclass(), apol_genfscon_render(), apol_infoflow_analysis_append_class_perm(), apol_infoflow_analysis_append_intermediate(), apol_infoflow_analysis_direct(), apol_infoflow_analysis_do(), apol_infoflow_analysis_do_more(), apol_infoflow_analysis_set_dir(), apol_infoflow_analysis_set_mode(), apol_infoflow_analysis_set_type(), apol_infoflow_analysis_trans(), apol_infoflow_analysis_trans_further(), apol_infoflow_analysis_trans_further_next(), apol_infoflow_analysis_trans_further_prepare(), apol_infoflow_analysis_trans_shortest_path(), apol_infoflow_direct_define(), apol_infoflow_direct_get_result(), apol_infoflow_graph_connect_nodes(), apol_infoflow_graph_create(), apol_infoflow_graph_create_edge(), apol_infoflow_graph_create_node(), apol_infoflow_graph_create_required_types(), apol_infoflow_graph_trans_further_init(), apol_infoflow_graph_trans_init(), apol_infoflow_results_check_both(), apol_infoflow_trans_define(), apol_infoflow_trans_find_edge(), apol_infoflow_trans_further_shuffle(), apol_infoflow_trans_path(), apol_ipv4_addr_render_new(), apol_ipv4_addr_render_old(), apol_ipv6_addr_render(), apol_isid_get_by_query(), apol_level_get_by_query(), apol_mls_level_append_cats(), apol_mls_level_convert(), apol_mls_level_create_from_qpol_level_datum(), apol_mls_level_create_from_qpol_mls_level(), apol_mls_level_create_from_string(), apol_mls_level_render(), apol_mls_level_set_sens(), apol_mls_level_validate(), apol_mls_range_compare(), apol_mls_range_contain_subrange(), apol_mls_range_convert(), apol_mls_range_create_from_qpol_mls_range(), apol_mls_range_create_from_string(), apol_mls_range_get_levels(), apol_mls_range_render(), apol_mls_range_set_high(), apol_mls_range_set_low(), apol_mls_range_validate(), apol_netifcon_get_by_query(), apol_netifcon_render(), apol_nodecon_get_by_query(), apol_nodecon_query_set_addr(), apol_nodecon_query_set_mask(), apol_nodecon_query_set_protocol(), apol_nodecon_render(), apol_perm_get_by_query(), apol_permmap_create_from_policy(), apol_policy_build_domain_trans_table(), apol_policy_create_from_policy_path(), apol_policy_get_permmap(), apol_policy_open_permmap(), apol_policy_save_permmap(), apol_policy_set_permmap(), apol_portcon_get_by_query(), apol_portcon_render(), apol_qpol_context_render(), apol_query_append_type(), apol_query_create_candidate_class_list(), apol_query_create_candidate_role_list(), apol_query_create_candidate_syn_type_list(), apol_query_create_candidate_type_list(), apol_query_expand_type(), apol_query_set(), apol_query_type_set_uses_types_directly(), apol_range_trans_get_by_query(), apol_range_trans_query_append_class(), apol_range_trans_render(), apol_relabel_analysis_append_class(), apol_relabel_analysis_append_subject(), apol_relabel_analysis_do(), apol_relabel_analysis_set_dir(), apol_relabel_analysis_set_type(), apol_role_allow_get_by_query(), apol_role_allow_render(), apol_role_get_by_query(), apol_role_trans_get_by_query(), apol_role_trans_render(), apol_syn_avrule_get_by_query(), apol_syn_avrule_render(), apol_syn_terule_get_by_query(), apol_syn_terule_render(), apol_terule_get_by_query(), apol_terule_list_to_syn_terules(), apol_terule_query_append_class(), apol_terule_query_set_source_component(), apol_terule_query_set_target_component(), apol_terule_render(), apol_terule_to_syn_terules(), apol_type_get_by_query(), apol_types_relation_access_append(), apol_types_relation_access_append_rule(), apol_types_relation_accesses(), apol_types_relation_allows(), apol_types_relation_analysis_do(), apol_types_relation_analysis_set_first_type(), apol_types_relation_analysis_set_other_type(), apol_types_relation_clone_domaintrans(), apol_types_relation_clone_infoflow(), apol_types_relation_common_attribs(), apol_types_relation_common_roles(), apol_types_relation_common_users(), apol_types_relation_create_access_pools(), apol_types_relation_directflow(), apol_types_relation_domain(), apol_types_relation_transflow(), apol_types_relation_types(), apol_user_get_by_query(), apol_validatetrans_get_by_query(), append_avrule_to_subject_vector(), append_avrules_to_object_vector(), attrib_deep_diff(), attrib_get_items(), attrib_get_types(), attrib_new_diff(), attrib_reset(), attribs_wo_rules_get_list(), attribs_wo_rules_init(), attribs_wo_rules_print(), attribs_wo_rules_register(), attribs_wo_rules_run(), attribs_wo_types_get_list(), attribs_wo_types_init(), attribs_wo_types_print(), attribs_wo_types_register(), attribs_wo_types_run(), avc_msg_insert_perms(), avc_msg_insert_string(), avc_msg_insert_syscall_info(), avc_msg_insert_tclass(), avc_msg_reformat_path(), avc_msg_remove_quotes_insert_string(), avrule_add_to_bst(), avrule_build_cond(), avrule_deep_diff(), avrule_enable_line_numbers(), avrule_get_items(), avrule_get_line_numbers_for_perm(), avrule_new_diff(), avrule_reset(), bool_change_append(), bool_deep_diff(), bool_get_items(), bool_new_diff(), bool_reset(), cat_get_items(), cat_new_diff(), cat_reset(), class_deep_diff(), class_get_items(), class_get_perms(), class_new_diff(), class_reset(), common_deep_diff(), common_get_items(), common_get_perms(), common_new_diff(), common_reset(), convert_map_char(), domain_and_file_init(), domain_and_file_print(), domain_and_file_register(), domain_and_file_run(), domains_wo_roles_init(), domains_wo_roles_print(), domains_wo_roles_register(), domains_wo_roles_run(), find_assoc_types_get_list(), find_assoc_types_init(), find_assoc_types_print(), find_assoc_types_register(), find_assoc_types_run(), find_domains_get_list(), find_domains_init(), find_domains_print(), find_domains_register(), find_domains_run(), find_file_types_get_list(), find_file_types_init(), find_file_types_print(), find_file_types_register(), find_file_types_run(), find_net_domains_get_list(), find_net_domains_init(), find_net_domains_print(), find_net_domains_register(), find_net_domains_run(), find_netif_types_get_list(), find_netif_types_init(), find_netif_types_print(), find_netif_types_register(), find_netif_types_run(), find_node_types_get_list(), find_node_types_init(), find_node_types_print(), find_node_types_register(), find_node_types_run(), find_port_types_get_list(), find_port_types_init(), find_port_types_print(), find_port_types_register(), find_port_types_run(), get_tokens(), imp_range_trans_init(), imp_range_trans_print(), imp_range_trans_register(), imp_range_trans_run(), inc_dom_trans_init(), inc_dom_trans_print(), inc_dom_trans_register(), inc_dom_trans_run(), inc_mount_init(), inc_mount_print(), inc_mount_register(), inc_mount_run(), inc_net_access_init(), inc_net_access_print(), inc_net_access_register(), inc_net_access_run(), infer_policy_version(), init_poldiff(), insert_hostname(), insert_manager(), insert_time(), is_mls_policy(), level_deep_diff(), level_deep_diff_apol_mls_levels(), level_deep_diff_cats(), level_get_cats(), level_get_items(), level_new_diff(), level_reset(), load_parse(), load_policy_msg_is_old_load_policy_string(), log_append_model(), main(), make_avdiff(), make_common_diff(), make_diff(), make_ra_diff(), make_range_trans_diff(), make_rt_diff(), make_tediff(), message_create(), model_refresh(), model_sort(), parse_context(), parse_default_contexts(), parse_permmap(), parse_permmap_class(), perform_av_query(), perform_ra_query(), perform_range_query(), perform_rt_query(), perform_te_query(), poldiff_attrib_get_stats(), poldiff_attrib_to_string(), poldiff_avrule_get_mod_line_numbers_for_perm(), poldiff_avrule_get_orig_line_numbers_for_perm(), poldiff_avrule_get_stats(), poldiff_avrule_to_string(), poldiff_bool_get_stats(), poldiff_bool_to_string(), poldiff_build_bsts(), poldiff_cat_get_stats(), poldiff_cat_to_string(), poldiff_class_get_stats(), poldiff_class_to_string(), poldiff_common_get_stats(), poldiff_common_to_string(), poldiff_create(), poldiff_do_item_diff(), poldiff_get_range_trans_vector(), poldiff_get_role_allow_vector(), poldiff_get_role_trans_vector(), poldiff_get_stats(), poldiff_is_run(), poldiff_level_get_stats(), poldiff_level_to_string(), poldiff_level_to_string_brief(), poldiff_range_to_string_brief(), poldiff_range_trans_get_stats(), poldiff_range_trans_to_string(), poldiff_role_allow_get_stats(), poldiff_role_allow_to_string(), poldiff_role_get_stats(), poldiff_role_to_string(), poldiff_role_trans_get_stats(), poldiff_role_trans_to_string(), poldiff_run(), poldiff_terule_get_stats(), poldiff_terule_to_string(), poldiff_type_get_stats(), poldiff_type_remap_create(), poldiff_type_remap_entry_get_modified_types(), poldiff_type_remap_entry_get_original_types(), poldiff_type_remap_entry_remove(), poldiff_type_remap_flush(), poldiff_type_remap_get_entries(), poldiff_type_to_string(), poldiff_user_get_stats(), poldiff_user_to_string(), policy_extend(), print_attribs(), print_cat_sens(), print_cats(), print_fsuse(), print_genfscon(), print_isids(), print_nodecon(), print_portcon(), print_sens(), qpol_avrule_get_cond(), qpol_avrule_get_is_enabled(), qpol_avrule_get_object_class(), qpol_avrule_get_perm_iter(), qpol_avrule_get_rule_type(), qpol_avrule_get_source_type(), qpol_avrule_get_syn_avrule_iter(), qpol_avrule_get_target_type(), qpol_avrule_get_which_list(), qpol_bool_get_name(), qpol_bool_get_state(), qpol_bool_get_value(), qpol_bool_set_state(), qpol_bool_set_state_no_eval(), qpol_cat_get_alias_iter(), qpol_cat_get_isalias(), qpol_cat_get_name(), qpol_cat_get_value(), qpol_class_get_common(), qpol_class_get_constraint_iter(), qpol_class_get_name(), qpol_class_get_perm_iter(), qpol_class_get_validatetrans_iter(), qpol_class_get_value(), qpol_common_get_name(), qpol_common_get_perm_iter(), qpol_common_get_value(), qpol_cond_eval(), qpol_cond_expr_node_get_bool(), qpol_cond_expr_node_get_expr_type(), qpol_cond_get_av_false_iter(), qpol_cond_get_av_true_iter(), qpol_cond_get_expr_node_iter(), qpol_cond_get_te_false_iter(), qpol_cond_get_te_true_iter(), qpol_constraint_expr_node_get_expr_type(), qpol_constraint_expr_node_get_names_iter(), qpol_constraint_expr_node_get_op(), qpol_constraint_expr_node_get_sym_type(), qpol_constraint_get_class(), qpol_constraint_get_expr_iter(), qpol_constraint_get_perm_iter(), qpol_context_get_range(), qpol_context_get_role(), qpol_context_get_type(), qpol_context_get_user(), qpol_expand_module(), qpol_fs_use_get_behavior(), qpol_fs_use_get_context(), qpol_fs_use_get_name(), qpol_genfscon_get_class(), qpol_genfscon_get_context(), qpol_genfscon_get_name(), qpol_genfscon_get_path(), qpol_isid_get_context(), qpol_isid_get_name(), qpol_iterator_create(), qpol_level_get_alias_iter(), qpol_level_get_cat_iter(), qpol_level_get_isalias(), qpol_level_get_name(), qpol_level_get_value(), qpol_mls_level_get_cat_iter(), qpol_mls_level_get_sens_name(), qpol_mls_range_get_high_level(), qpol_mls_range_get_low_level(), qpol_netifcon_get_if_con(), qpol_netifcon_get_msg_con(), qpol_netifcon_get_name(), qpol_nodecon_get_addr(), qpol_nodecon_get_context(), qpol_nodecon_get_mask(), qpol_nodecon_get_protocol(), qpol_perm_get_class_iter(), qpol_perm_get_common_iter(), qpol_policy_add_cond_rule_traceback(), qpol_policy_add_isid_names(), qpol_policy_add_object_r(), qpol_policy_append_module(), qpol_policy_build_attrs_from_map(), qpol_policy_build_syn_rule_table(), qpol_policy_fill_attr_holes(), qpol_policy_get_avrule_iter(), qpol_policy_get_bool_by_name(), qpol_policy_get_bool_iter(), qpol_policy_get_cat_by_name(), qpol_policy_get_cat_iter(), qpol_policy_get_class_by_name(), qpol_policy_get_class_iter(), qpol_policy_get_common_by_name(), qpol_policy_get_common_iter(), qpol_policy_get_cond_iter(), qpol_policy_get_constraint_iter(), qpol_policy_get_fs_use_by_name(), qpol_policy_get_fs_use_iter(), qpol_policy_get_genfscon_by_name(), qpol_policy_get_genfscon_iter(), qpol_policy_get_isid_by_name(), qpol_policy_get_isid_iter(), qpol_policy_get_level_by_name(), qpol_policy_get_level_iter(), qpol_policy_get_module_iter(), qpol_policy_get_netifcon_by_name(), qpol_policy_get_netifcon_iter(), qpol_policy_get_nodecon_by_node(), qpol_policy_get_nodecon_iter(), qpol_policy_get_policy_version(), qpol_policy_get_portcon_by_port(), qpol_policy_get_portcon_iter(), qpol_policy_get_range_trans_iter(), qpol_policy_get_role_allow_iter(), qpol_policy_get_role_by_name(), qpol_policy_get_role_iter(), qpol_policy_get_role_trans_iter(), qpol_policy_get_terule_iter(), qpol_policy_get_type(), qpol_policy_get_type_by_name(), qpol_policy_get_type_iter(), qpol_policy_get_user_by_name(), qpol_policy_get_user_iter(), qpol_policy_get_validatetrans_iter(), qpol_policy_has_capability(), qpol_policy_match_system(), qpol_policy_open_from_file_opt(), qpol_policy_open_from_memory_opt(), qpol_policy_rebuild_old(), qpol_policy_rebuild_opt(), qpol_policy_reevaluate_conds(), qpol_policy_remove_bogus_aliases(), qpol_portcon_get_context(), qpol_portcon_get_high_port(), qpol_portcon_get_low_port(), qpol_portcon_get_protocol(), qpol_range_trans_get_range(), qpol_range_trans_get_source_type(), qpol_range_trans_get_target_class(), qpol_range_trans_get_target_type(), qpol_role_allow_get_source_role(), qpol_role_allow_get_target_role(), qpol_role_get_dominate_iter(), qpol_role_get_name(), qpol_role_get_type_iter(), qpol_role_get_value(), qpol_role_trans_get_default_role(), qpol_role_trans_get_source_role(), qpol_role_trans_get_target_type(), qpol_syn_avrule_get_class_iter(), qpol_syn_avrule_get_cond(), qpol_syn_avrule_get_is_enabled(), qpol_syn_avrule_get_is_target_self(), qpol_syn_avrule_get_lineno(), qpol_syn_avrule_get_perm_iter(), qpol_syn_avrule_get_rule_type(), qpol_syn_avrule_get_source_type_set(), qpol_syn_avrule_get_target_type_set(), qpol_syn_rule_table_insert_entry(), qpol_syn_rule_table_insert_sepol_avrule(), qpol_syn_terule_get_class_iter(), qpol_syn_terule_get_cond(), qpol_syn_terule_get_default_type(), qpol_syn_terule_get_is_enabled(), qpol_syn_terule_get_lineno(), qpol_syn_terule_get_rule_type(), qpol_syn_terule_get_source_type_set(), qpol_syn_terule_get_target_type_set(), qpol_terule_get_cond(), qpol_terule_get_default_type(), qpol_terule_get_is_enabled(), qpol_terule_get_object_class(), qpol_terule_get_rule_type(), qpol_terule_get_source_type(), qpol_terule_get_syn_terule_iter(), qpol_terule_get_target_type(), qpol_terule_get_which_list(), qpol_type_get_alias_iter(), qpol_type_get_attr_iter(), qpol_type_get_isalias(), qpol_type_get_isattr(), qpol_type_get_name(), qpol_type_get_type_iter(), qpol_type_get_value(), qpol_type_set_get_included_types_iter(), qpol_type_set_get_is_comp(), qpol_type_set_get_is_star(), qpol_type_set_get_subtracted_types_iter(), qpol_user_get_dfltlevel(), qpol_user_get_name(), qpol_user_get_range(), qpol_user_get_role_iter(), qpol_user_get_value(), qpol_validatetrans_get_class(), qpol_validatetrans_get_expr_iter(), range_create(), range_trans_deep_diff(), range_trans_get_items(), range_trans_new_diff(), range_trans_reset(), read_source_policy(), relabel_analysis_get_type_vector(), relabel_analysis_object(), relabel_analysis_subject(), relabel_result_get_node(), report_enforce_toggle_filter_create(), report_import_html_stylesheet(), report_parse_custom_attribs(), report_parse_seaudit_report(), report_parse_standard_attribs(), report_print_avc_listing(), report_print_custom_section(), report_print_enforce_toggles(), report_print_loaded_view(), report_print_policy_booleans(), report_print_policy_loads(), report_print_standard_section(), report_process_xmlNode(), report_set_default_configuration(), report_set_default_stylesheet(), role_allow_deep_diff(), role_allow_get_items(), role_allow_new_diff(), role_allow_reset(), role_deep_diff(), role_get_items(), role_get_types(), role_new_diff(), role_reset(), role_trans_deep_diff(), role_trans_get_items(), role_trans_new_diff(), role_trans_reset(), roles_wo_allow_get_list(), roles_wo_allow_init(), roles_wo_allow_print(), roles_wo_allow_register(), roles_wo_allow_run(), roles_wo_types_init(), roles_wo_types_print(), roles_wo_types_register(), roles_wo_types_run(), roles_wo_users_get_list(), roles_wo_users_init(), roles_wo_users_print(), roles_wo_users_register(), roles_wo_users_run(), rule_select(), seaudit_log_parse(), seaudit_log_parse_buffer(), seaudit_log_parse_line(), seaudit_model_append_log(), seaudit_model_create(), seaudit_model_get_malformed_messages(), seaudit_model_get_messages(), seaudit_model_get_num_allows(), seaudit_model_get_num_bools(), seaudit_model_get_num_denies(), seaudit_model_get_num_loads(), seaudit_parse_command_line(), seaudit_report_set_configuration(), seaudit_report_set_format(), seaudit_report_set_malformed(), seaudit_report_set_stylesheet(), seaudit_report_write(), sechk_lib_check_module_dependencies(), sechk_lib_check_module_requirements(), sechk_lib_check_requirement(), sechk_lib_module_clear_option(), sechk_lib_print_modules_report(), sechk_lib_run_modules(), sechk_lib_set_minsev(), sediffx_parse_command_line(), spurious_audit_init(), spurious_audit_print(), spurious_audit_register(), spurious_audit_run(), terule_add_to_bst(), terule_build_cond(), terule_deep_diff(), terule_enable_line_numbers(), terule_get_items(), terule_new_diff(), terule_reset(), toplevel_message(), type_deep_diff(), type_get_attrib_names(), type_get_items(), type_get_name(), type_map_build(), type_map_infer(), type_map_prim_aliases_comp(), type_new_diff(), type_reset(), types_wo_allow_get_list(), types_wo_allow_init(), types_wo_allow_print(), types_wo_allow_register(), types_wo_allow_run(), unreachable_doms_init(), unreachable_doms_print(), unreachable_doms_register(), unreachable_doms_run(), user_deep_diff(), user_deep_diff_default_levels(), user_deep_diff_ranges(), user_deep_diff_roles(), user_get_items(), user_get_roles(), user_new_diff(), user_reset(), user_to_modified_string(), users_wo_roles_init(), users_wo_roles_print(), users_wo_roles_register(), users_wo_roles_run(), xx_init(), xx_print(), xx_register(), and xx_run().

#define WARN p,
format   )     apol_handle_msg(p, APOL_MSG_WARN, format, __VA_ARGS__)
 

Invoke a apol_policy_t's callback for a warning, passing it a format string and arguments.

Definition at line 154 of file policy.h.

Referenced by apol_infoflow_graph_create_avrule(), are_all_classes_mapped(), are_all_perms_mapped(), avc_msg_insert_access_type(), avc_msg_insert_perms(), avc_msg_insert_scon(), avc_msg_insert_syscall_info(), avc_msg_insert_tcon(), avc_parse(), bool_parse(), boolean_msg_insert_bool(), insert_hostname(), insert_time(), load_parse(), main(), parse_context(), parse_permmap(), parse_permmap_class(), pseudo_role_trans_comp(), qpol_policy_match_system(), qpol_policy_remove_bogus_aliases(), report_import_html_stylesheet(), seaudit_log_parse(), seaudit_log_parse_buffer(), seaudit_log_parse_line(), sechk_lib_load_fc(), sechk_lib_module_clear_option(), and terule_bst_comp().

#define INFO p,
format   )     apol_handle_msg(p, APOL_MSG_INFO, format, __VA_ARGS__)
 

Invoke a apol_policy_t's callback for an informational messag, passing it a format string and arguments.

Definition at line 160 of file policy.h.

Referenced by apol_infoflow_analysis_do(), apol_infoflow_graph_create(), apol_policy_create_from_policy_path(), apol_tcl_set_info_string(), avrule_get_items(), poldiff_do_item_diff(), poldiff_run(), qpol_expand_module(), qpol_policy_add_cond_rule_traceback(), qpol_policy_build_attrs_from_map(), qpol_policy_build_syn_rule_table(), qpol_policy_open_from_file_opt(), qpol_policy_open_from_memory_opt(), qpol_policy_rebuild_opt(), read_source_policy(), terule_get_items(), and type_map_infer().

Typedef Documentation

typedef struct apol_policy apol_policy_t
 

Definition at line 41 of file policy.h.

Referenced by apol_attr_get_by_query(), apol_attr_query_set_attr(), apol_attr_query_set_regex(), apol_avrule_get_by_query(), apol_avrule_list_to_syn_avrules(), apol_avrule_query_append_class(), apol_avrule_query_append_perm(), apol_avrule_query_set_all_perms(), apol_avrule_query_set_bool(), apol_avrule_query_set_enabled(), apol_avrule_query_set_regex(), apol_avrule_query_set_rules(), apol_avrule_query_set_source(), apol_avrule_query_set_source_any(), apol_avrule_query_set_source_component(), apol_avrule_query_set_target(), apol_avrule_query_set_target_component(), apol_avrule_render(), apol_avrule_to_syn_avrules(), apol_bool_get_by_query(), apol_bool_query_set_bool(), apol_bool_query_set_regex(), apol_cat_get_by_query(), apol_cat_query_set_cat(), apol_cat_query_set_regex(), apol_class_get_by_query(), apol_class_query_set_class(), apol_class_query_set_common(), apol_class_query_set_regex(), apol_common_get_by_query(), apol_common_query_set_common(), apol_common_query_set_regex(), apol_compare(), apol_compare_cat(), apol_compare_cond_expr(), apol_compare_context(), apol_compare_iter(), apol_compare_level(), apol_compare_type(), apol_cond_expr_render(), apol_cond_get_by_query(), apol_cond_query_set_bool(), apol_cond_query_set_regex(), apol_constraint_get_by_query(), apol_constraint_query_set_class(), apol_constraint_query_set_perm(), apol_constraint_query_set_regex(), apol_context_compare(), apol_context_convert(), apol_context_create_from_qpol_context(), apol_context_render(), apol_context_set_range(), apol_context_set_role(), apol_context_set_type(), apol_context_set_user(), apol_context_validate(), apol_context_validate_partial(), apol_domain_trans_analysis_append_access_type(), apol_domain_trans_analysis_append_class(), apol_domain_trans_analysis_append_class_perm(), apol_domain_trans_analysis_append_perm(), apol_domain_trans_analysis_do(), apol_domain_trans_analysis_set_direction(), apol_domain_trans_analysis_set_result_regex(), apol_domain_trans_analysis_set_start_type(), apol_domain_trans_analysis_set_valid(), apol_domain_trans_table_new(), apol_domain_trans_table_reset(), apol_domain_trans_table_verify_trans(), apol_fs_use_get_by_query(), apol_fs_use_query_set_behavior(), apol_fs_use_query_set_context(), apol_fs_use_query_set_filesystem(), apol_fs_use_render(), apol_genfscon_get_by_query(), apol_genfscon_query_set_context(), apol_genfscon_query_set_filesystem(), apol_genfscon_query_set_objclass(), apol_genfscon_query_set_path(), apol_genfscon_render(), apol_handle_default_callback(), apol_handle_msg(), apol_infoflow_analysis_append_class_perm(), apol_infoflow_analysis_append_intermediate(), apol_infoflow_analysis_direct(), apol_infoflow_analysis_direct_expand(), apol_infoflow_analysis_do(), apol_infoflow_analysis_do_more(), apol_infoflow_analysis_set_dir(), apol_infoflow_analysis_set_min_weight(), apol_infoflow_analysis_set_mode(), apol_infoflow_analysis_set_result_regex(), apol_infoflow_analysis_set_type(), apol_infoflow_analysis_trans(), apol_infoflow_analysis_trans_expand(), apol_infoflow_analysis_trans_further(), apol_infoflow_analysis_trans_further_next(), apol_infoflow_analysis_trans_further_prepare(), apol_infoflow_analysis_trans_shortest_path(), apol_infoflow_direct_define(), apol_infoflow_direct_get_result(), apol_infoflow_graph_check_class_perms(), apol_infoflow_graph_check_types(), apol_infoflow_graph_compare(), apol_infoflow_graph_connect_nodes(), apol_infoflow_graph_create(), apol_infoflow_graph_create_avrule(), apol_infoflow_graph_create_edge(), apol_infoflow_graph_create_node(), apol_infoflow_graph_create_nodes(), apol_infoflow_graph_create_required_types(), apol_infoflow_graph_get_nodes_for_type(), apol_infoflow_graph_trans_further_init(), apol_infoflow_graph_trans_init(), apol_infoflow_results_check_both(), apol_infoflow_trans_append(), apol_infoflow_trans_define(), apol_infoflow_trans_find_edge(), apol_infoflow_trans_further_shuffle(), apol_infoflow_trans_path(), apol_ipv4_addr_render(), apol_ipv4_addr_render_new(), apol_ipv4_addr_render_old(), apol_ipv6_addr_render(), apol_isid_get_by_query(), apol_isid_query_set_context(), apol_isid_query_set_name(), apol_level_get_by_query(), apol_level_query_set_cat(), apol_level_query_set_regex(), apol_level_query_set_sens(), apol_mls_cat_name_compare(), apol_mls_cat_vector_compare(), apol_mls_cats_compare(), apol_mls_level_append_cats(), apol_mls_level_compare(), apol_mls_level_convert(), apol_mls_level_create_from_qpol_level_datum(), apol_mls_level_create_from_qpol_mls_level(), apol_mls_level_create_from_string(), apol_mls_level_render(), apol_mls_level_set_sens(), apol_mls_level_validate(), apol_mls_range_compare(), apol_mls_range_contain_subrange(), apol_mls_range_convert(), apol_mls_range_create_from_qpol_mls_range(), apol_mls_range_create_from_string(), apol_mls_range_does_include_level(), apol_mls_range_get_levels(), apol_mls_range_render(), apol_mls_range_set_high(), apol_mls_range_set_low(), apol_mls_range_validate(), apol_mls_sens_compare(), apol_netifcon_get_by_query(), apol_netifcon_query_set_device(), apol_netifcon_query_set_if_context(), apol_netifcon_query_set_msg_context(), apol_netifcon_render(), apol_nodecon_get_by_query(), apol_nodecon_query_set_addr(), apol_nodecon_query_set_context(), apol_nodecon_query_set_mask(), apol_nodecon_query_set_proto(), apol_nodecon_query_set_protocol(), apol_nodecon_render(), apol_obj_perm_compare_class(), apol_perm_get_by_query(), apol_perm_query_set_perm(), apol_perm_query_set_regex(), apol_permmap_create_from_policy(), apol_permmap_get(), apol_permmap_load(), apol_permmap_save(), apol_permmap_set(), apol_policy_build_domain_trans_table(), apol_policy_create_from_policy_path(), apol_policy_destroy(), apol_policy_domain_trans_table_build(), apol_policy_get_permmap(), apol_policy_get_policy_type(), apol_policy_get_qpol(), apol_policy_get_version_type_mls_str(), apol_policy_is_mls(), apol_policy_open_permmap(), apol_policy_reset_domain_trans_table(), apol_policy_save_permmap(), apol_policy_set_permmap(), apol_portcon_get_by_query(), apol_portcon_query_set_context(), apol_portcon_query_set_high(), apol_portcon_query_set_low(), apol_portcon_query_set_proto(), apol_portcon_query_set_protocol(), apol_portcon_render(), apol_qpol_context_render(), apol_query_append_type(), apol_query_create_candidate_class_list(), apol_query_create_candidate_role_list(), apol_query_create_candidate_syn_type_list(), apol_query_create_candidate_type_list(), apol_query_expand_type(), apol_query_get_type(), apol_query_set(), apol_query_set_flag(), apol_query_set_regex(), apol_query_type_set_uses_types_directly(), apol_range_trans_get_by_query(), apol_range_trans_query_append_class(), apol_range_trans_query_set_range(), apol_range_trans_query_set_regex(), apol_range_trans_query_set_source(), apol_range_trans_query_set_source_any(), apol_range_trans_query_set_target(), apol_range_trans_render(), apol_relabel_analysis_append_class(), apol_relabel_analysis_append_subject(), apol_relabel_analysis_do(), apol_relabel_analysis_set_dir(), apol_relabel_analysis_set_result_regex(), apol_relabel_analysis_set_type(), apol_role_allow_get_by_query(), apol_role_allow_query_set_regex(), apol_role_allow_query_set_source(), apol_role_allow_query_set_source_any(), apol_role_allow_query_set_target(), apol_role_allow_render(), apol_role_get_by_query(), apol_role_has_type(), apol_role_query_set_regex(), apol_role_query_set_role(), apol_role_query_set_type(), apol_role_trans_get_by_query(), apol_role_trans_query_set_default(), apol_role_trans_query_set_regex(), apol_role_trans_query_set_source(), apol_role_trans_query_set_source_any(), apol_role_trans_query_set_target(), apol_role_trans_render(), apol_syn_avrule_comp(), apol_syn_avrule_get_by_query(), apol_syn_avrule_render(), apol_syn_terule_comp(), apol_syn_terule_get_by_query(), apol_syn_terule_render(), apol_tcl_route_apol_to_string(), apol_tcl_set_info_string(), apol_terule_get_by_query(), apol_terule_list_to_syn_terules(), apol_terule_query_append_class(), apol_terule_query_set_bool(), apol_terule_query_set_default(), apol_terule_query_set_enabled(), apol_terule_query_set_regex(), apol_terule_query_set_rules(), apol_terule_query_set_source(), apol_terule_query_set_source_any(), apol_terule_query_set_source_component(), apol_terule_query_set_target(), apol_terule_query_set_target_component(), apol_terule_render(), apol_terule_to_syn_terules(), apol_type_get_by_query(), apol_type_query_set_regex(), apol_type_query_set_type(), apol_types_relation_access_append(), apol_types_relation_access_append_rule(), apol_types_relation_accesses(), apol_types_relation_allows(), apol_types_relation_analysis_do(), apol_types_relation_analysis_set_analyses(), apol_types_relation_analysis_set_first_type(), apol_types_relation_analysis_set_other_type(), apol_types_relation_clone_domaintrans(), apol_types_relation_clone_infoflow(), apol_types_relation_common_attribs(), apol_types_relation_common_roles(), apol_types_relation_common_users(), apol_types_relation_create_access_pools(), apol_types_relation_directflow(), apol_types_relation_domain(), apol_types_relation_transflow(), apol_types_relation_types(), apol_user_get_by_query(), apol_user_query_set_default_level(), apol_user_query_set_range(), apol_user_query_set_regex(), apol_user_query_set_role(), apol_user_query_set_user(), apol_validatetrans_get_by_query(), apol_validatetrans_query_set_class(), apol_validatetrans_query_set_regex(), append_avrule_to_subject_vector(), append_avrules_to_object_vector(), are_all_classes_mapped(), are_all_perms_mapped(), sefs_fclist::associatePolicy(), attrib_get_items(), attrib_name_comp(), attribs_wo_rules_get_list(), attribs_wo_rules_init(), attribs_wo_rules_print(), attribs_wo_rules_run(), attribs_wo_types_get_list(), attribs_wo_types_init(), attribs_wo_types_print(), attribs_wo_types_run(), avrule_add_to_bst(), avrule_build_cond(), avrule_expand(), avrule_get_items(), avrule_get_items_allow(), avrule_get_items_auditallow(), avrule_get_items_dontaudit(), avrule_get_items_neverallow(), avrule_new_diff(), bool_get_items(), bool_name_comp(), cat_get_items(), cat_name_comp(), class_get_items(), class_get_perms(), class_name_comp(), common_get_items(), common_get_perms(), common_name_comp(), convert_map_char(), domain_and_file_init(), domain_and_file_print(), domain_and_file_run(), domain_trans_table_find_orphan_type_transitions(), domain_trans_table_get_all_forward_trans(), domain_trans_table_get_all_reverse_trans(), domains_wo_roles_init(), domains_wo_roles_print(), domains_wo_roles_run(), exists_common_user(), fclist_sefs_node_convert(), filter_view_get_policy_classes(), filter_view_get_policy_roles(), filter_view_get_policy_types(), filter_view_get_policy_users(), find_assoc_types_get_list(), find_assoc_types_init(), find_assoc_types_print(), find_assoc_types_run(), find_domains_get_list(), find_domains_init(), find_domains_print(), find_domains_run(), find_file_types_get_list(), find_file_types_init(), find_file_types_print(), find_file_types_run(), find_net_domains_get_list(), find_net_domains_init(), find_net_domains_print(), find_net_domains_run(), find_netif_types_get_list(), find_netif_types_init(), find_netif_types_print(), find_netif_types_run(), find_node_types_get_list(), find_node_types_init(), find_node_types_print(), find_node_types_run(), find_permmap_class(), find_permmap_perm(), find_port_types_get_list(), find_port_types_init(), find_port_types_print(), find_port_types_run(), imp_range_trans_init(), imp_range_trans_print(), imp_range_trans_run(), in_isid_ctx(), inc_dom_trans_init(), inc_dom_trans_print(), inc_dom_trans_run(), inc_mount_init(), inc_mount_print(), inc_mount_run(), inc_net_access_init(), inc_net_access_print(), inc_net_access_run(), level_get_cats(), level_get_items(), level_name_comp(), level_new_diff(), main(), parse_default_contexts(), parse_permmap(), parse_permmap_class(), perform_av_query(), perform_ra_query(), perform_range_query(), perform_rt_query(), perform_te_query(), poldiff_avrule_get_cond(), poldiff_avrule_to_string(), poldiff_build_bsts(), poldiff_create(), poldiff_terule_get_cond(), poldiff_terule_to_string(), policy_view_display_avrule_results(), policy_view_load_policy_source(), policy_view_on_find_terules_click(), policy_view_populate_combo_boxes(), policy_view_source_update(), policy_view_stats_update(), policy_view_update(), print_attr_types(), print_attribs(), print_av_results(), print_bool_state(), print_booleans(), print_cat_sens(), print_cats(), print_class_perms(), print_classes(), print_fsuse(), print_genfscon(), print_isids(), print_netifcon(), print_nodecon(), print_portcon(), print_ra_results(), print_range_results(), print_role_types(), print_roles(), print_rt_results(), print_sens(), print_stats(), print_syn_av_results(), print_syn_te_results(), print_te_results(), print_type_attrs(), print_types(), print_user_roles(), print_users(), progress_apol_handle_func(), qpol_cat_datum_compare(), qpol_handle_route_to_callback(), qpol_level_datum_compare(), query_append_type(), query_create_candidate_type(), query_get_type(), range_create(), range_trans_get_items(), relabel_analysis_compare_type_to_vector(), relabel_analysis_get_direction(), relabel_analysis_get_type_vector(), relabel_analysis_matchup(), relabel_analysis_object(), relabel_analysis_subject(), relabel_result_get_node(), remap_types_update(), requires_setexec_or_type_trans(), result_item_attribute_policy_changed(), result_item_avrule_comp(), result_item_avrule_policy_changed(), result_item_boolean_policy_changed(), result_item_level_policy_changed(), result_item_multi_policy_changed(), result_item_policy_changed(), result_item_terule_comp(), result_item_type_policy_changed(), results_open_policies(), role_allow_get_items(), role_get_items(), role_name_comp(), role_trans_get_items(), roles_wo_allow_get_list(), roles_wo_allow_init(), roles_wo_allow_print(), roles_wo_allow_run(), roles_wo_types_init(), roles_wo_types_print(), roles_wo_types_run(), roles_wo_users_get_list(), roles_wo_users_init(), roles_wo_users_print(), roles_wo_users_run(), rule_select(), seaudit_get_policy(), seaudit_set_policy(), sediffx_set_policy(), sefs_fclist_associate_policy(), spurious_audit_init(), spurious_audit_print(), spurious_audit_run(), table_add_avrule(), table_add_terule(), terule_add_to_bst(), terule_build_cond(), terule_expand(), terule_get_items(), terule_get_items_change(), terule_get_items_member(), terule_get_items_trans(), terule_new_diff(), toplevel_get_policy(), toplevel_update_status_bar(), type_get_attrib_names(), type_get_items(), types_wo_allow_get_list(), types_wo_allow_init(), types_wo_allow_print(), types_wo_allow_run(), unreachable_doms_init(), unreachable_doms_print(), unreachable_doms_run(), user_get_items(), user_get_roles(), user_name_comp(), users_wo_roles_init(), users_wo_roles_print(), users_wo_roles_run(), xx_init(), xx_print(), and xx_run().

typedef void(* apol_callback_fn_t)(void *varg, const apol_policy_t *p, int level, const char *fmt, va_list argp)
 

Definition at line 43 of file policy.h.

Function Documentation

apol_policy_t* apol_policy_create_from_policy_path const apol_policy_path_t path,
const int  options,
apol_callback_fn_t  msg_callback,
void *  varg
 

Create a new apol_policy initialized from one or more policy files.

Parameters:
path Policy path object specifying which policy file or files to load.
options Bitfield specifying options for the returned policy. Valid options are QPOL_POLICY_OPTION_* from <qpol/policy.h>.
msg_callback Callback to invoke as errors/warnings are generated. If NULL, then write messages to standard error.
varg Value to be passed as the first parameter to the callback function.
Returns:
A newly allocated policy that may be used for analysis, or NULL upon error. The caller is responsible for calling apol_policy_destroy() upon the returned value afterwards.

Definition at line 75 of file policy.c.

References apol_policy_destroy(), apol_policy_path_get_modules(), apol_policy_path_get_primary(), apol_policy_path_get_type(), apol_policy_path_t, apol_policy_t, apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, ERR, INFO, apol_policy::msg_callback, apol_policy::msg_callback_arg, apol_policy::p, apol_policy::policy_type, QPOL_CAP_MODULES, qpol_handle_route_to_callback(), qpol_module_create_from_file(), qpol_module_destroy(), qpol_module_t, qpol_policy_append_module(), qpol_policy_has_capability(), qpol_policy_open_from_file(), and qpol_policy_rebuild().

Referenced by avrule_init(), dta_init(), infoflow_init(), init_poldiff(), main(), policy_21_init(), role_init(), sechk_lib_load_policy(), terule_init(), toplevel_open_policy_runner(), and user_init().

00077 {
00078         apol_policy_t *policy;
00079         const char *primary_path;
00080         int policy_type;
00081         if (!path) {
00082                 errno = EINVAL;
00083                 return NULL;
00084         }
00085 
00086         if (!(policy = calloc(1, sizeof(apol_policy_t)))) {
00087                 ERR(NULL, "%s", strerror(ENOMEM));
00088                 return NULL;           /* errno set by calloc */
00089         }
00090         if (msg_callback != NULL) {
00091                 policy->msg_callback = msg_callback;
00092         } else {
00093                 policy->msg_callback = apol_handle_default_callback;
00094         }
00095         policy->msg_callback_arg = varg;
00096         primary_path = apol_policy_path_get_primary(path);
00097         INFO(policy, "Loading policy %s.", primary_path);
00098         policy_type = qpol_policy_open_from_file(primary_path, &policy->p, qpol_handle_route_to_callback, policy, options);
00099         if (policy_type < 0) {
00100                 ERR(policy, "Unable to open policy %s.", primary_path);
00101                 apol_policy_destroy(&policy);
00102                 return NULL;           /* qpol sets errno */
00103         }
00104         policy->policy_type = policy_type;
00105 
00106         if (apol_policy_path_get_type(path) == APOL_POLICY_PATH_TYPE_MODULAR) {
00107                 if (!qpol_policy_has_capability(policy->p, QPOL_CAP_MODULES)) {
00108                         ERR(policy, "%s is not a base policy.", primary_path);
00109                         apol_policy_destroy(&policy);
00110                         return NULL;
00111                 }
00112                 const apol_vector_t *modules = apol_policy_path_get_modules(path);
00113                 size_t i;
00114                 for (i = 0; i < apol_vector_get_size(modules); i++) {
00115                         const char *module_path = apol_vector_get_element(modules, i);
00116                         qpol_module_t *mod = NULL;
00117                         INFO(policy, "Loading module %s.", module_path);
00118                         if (qpol_module_create_from_file(module_path, &mod)) {
00119                                 ERR(policy, "Error loading module %s.", module_path);
00120                                 apol_policy_destroy(&policy);
00121                                 return NULL;
00122                         }
00123                         if (qpol_policy_append_module(policy->p, mod)) {
00124                                 ERR(policy, "Error loading module %s.", module_path);
00125                                 apol_policy_destroy(&policy);
00126                                 qpol_module_destroy(&mod);
00127                                 return NULL;
00128                         }
00129                 }
00130                 INFO(policy, "%s", "Linking modules into base policy.");
00131                 if (qpol_policy_rebuild(policy->p, options)) {
00132                         apol_policy_destroy(&policy);
00133                         return NULL;
00134                 }
00135         }
00136         return policy;
00137 }

void apol_policy_destroy apol_policy_t **  policy  ) 
 

Deallocate all memory associated with a policy, including all auxillary data structures, and then set it to NULL.

Does nothing if the pointer is already NULL.

Parameters:
policy Policy to destroy, if not already NULL.

Definition at line 139 of file policy.c.

References apol_policy_t, domain_trans_table_destroy(), permmap_destroy(), and qpol_policy_destroy().

Referenced by apol_policy_create_from_policy_path(), avrule_cleanup(), dta_cleanup(), infoflow_cleanup(), init_poldiff(), main(), poldiff_destroy(), policy_21_cleanup(), role_cleanup(), seaudit_destroy(), seaudit_set_policy(), sechk_lib_destroy(), sechk_lib_load_policy(), sediffx_destroy(), sediffx_set_policy(), terule_cleanup(), and user_cleanup().

00140 {
00141         if (policy != NULL && *policy != NULL) {
00142                 qpol_policy_destroy(&((*policy)->p));
00143                 permmap_destroy(&(*policy)->pmap);
00144                 domain_trans_table_destroy(&(*policy)->domain_trans_table);
00145                 free(*policy);
00146                 *policy = NULL;
00147         }
00148 }

int apol_policy_get_policy_type const apol_policy_t policy  ) 
 

Given a policy, return the policy type.

This will be one of QPOL_POLICY_KERNEL_SOURCE, QPOL_POLICY_KERNEL_BINARY, or QPOL_POLICY_MODULE_BINARY. (You will need to #include <qpol/policy.h> to get these definitions.)

Parameters:
policy Policy to which check.
Returns:
The policy type, or < 0 upon error.

Definition at line 150 of file policy.c.

References apol_policy_t, and apol_policy::policy_type.

00151 {
00152         if (policy == NULL) {
00153                 errno = EINVAL;
00154                 return -1;
00155         }
00156         return policy->policy_type;
00157 }

qpol_policy_t* apol_policy_get_qpol const apol_policy_t policy  ) 
 

Given a policy, return a pointer to the underlying qpol_policy.

This is needed, for example, to access details of particulary qpol components.

Parameters:
policy Policy containing qpol policy.
Returns:
Pointer to underlying qpol policy, or NULL on error. Do not free() or otherwise destroy this pointer.

Definition at line 159 of file policy.c.

References apol_policy_t, apol_policy::p, and qpol_policy_t.

Referenced by apol_avrule_get_by_query(), apol_domain_trans_analysis_do(), apol_domain_trans_table_verify_trans(), apol_mls_range_get_levels(), apol_query_create_candidate_syn_type_list(), apol_syn_avrule_get_by_query(), apol_syn_terule_get_by_query(), attrib_get_items(), attrib_name_comp(), attribs_wo_rules_print(), attribs_wo_rules_run(), attribs_wo_types_print(), attribs_wo_types_run(), avrule_add_to_bst(), avrule_basic_syn(), avrule_build_cond(), avrule_deep_diff(), avrule_default(), avrule_expand(), avrule_get_items(), avrule_init(), avrule_new_diff(), bool_get_items(), bool_name_comp(), cat_get_items(), cat_name_comp(), class_get_items(), class_get_perms(), class_name_comp(), common_get_items(), common_get_perms(), common_name_comp(), components_types_tests(), domain_and_file_print(), domain_and_file_run(), domain_trans_table_find_orphan_type_transitions(), domains_wo_roles_print(), domains_wo_roles_run(), dta_forward(), dta_forward_access(), dta_forward_multi_end(), dta_invalid(), dta_reflexive(), dta_reverse(), dta_reverse_regexp(), exists_common_user(), filter_view_get_policy_classes(), filter_view_get_policy_roles(), filter_view_get_policy_types(), filter_view_get_policy_users(), find_assoc_types_print(), find_assoc_types_run(), find_domains_init(), find_domains_print(), find_domains_run(), find_file_types_init(), find_file_types_print(), find_file_types_run(), find_net_domains_print(), find_net_domains_run(), find_netif_types_print(), find_netif_types_run(), find_node_types_print(), find_node_types_run(), find_port_types_print(), find_port_types_run(), imp_range_trans_run(), in_isid_ctx(), inc_dom_trans_print(), inc_dom_trans_run(), inc_mount_print(), inc_mount_run(), inc_net_access_print(), inc_net_access_run(), level_get_cats(), level_get_items(), level_name_comp(), main(), perform_av_query(), perform_te_query(), poldiff_build_bsts(), poldiff_create(), policy_21_range_trans_either(), policy_21_range_trans_lnk_file(), policy_21_range_trans_process(), policy_view_display_avrule_results(), policy_view_find_terules_runner(), policy_view_load_policy_source(), policy_view_populate_combo_boxes(), policy_view_source_update(), policy_view_stats_update(), print_attr_types(), print_av_results(), print_bool_state(), print_booleans(), print_cat_sens(), print_class_perms(), print_classes(), print_isids(), print_netifcon(), print_portcon(), print_role_types(), print_roles(), print_sens(), print_stats(), print_syn_av_results(), print_syn_te_results(), print_te_results(), print_type_attrs(), print_types(), print_user_roles(), print_users(), qpol_cat_datum_compare(), qpol_level_datum_compare(), query_append_type(), query_create_candidate_type(), query_get_type(), range_trans_get_items(), remap_types_update(), requires_setexec_or_type_trans(), result_item_attribute_policy_changed(), result_item_avrule_policy_changed(), result_item_boolean_policy_changed(), result_item_level_policy_changed(), result_item_multi_policy_changed(), result_item_type_policy_changed(), role_allow_get_items(), role_get_items(), role_init(), role_name_comp(), role_trans_get_items(), roles_wo_allow_print(), roles_wo_allow_run(), roles_wo_types_print(), roles_wo_types_run(), roles_wo_users_print(), roles_wo_users_run(), sechk_lib_check_requirement(), spurious_audit_print(), spurious_audit_run(), table_add_avrule(), table_add_terule(), terule_add_to_bst(), terule_basic_syn(), terule_build_cond(), terule_deep_diff(), terule_expand(), terule_get_items(), terule_init(), terule_new_diff(), type_deep_diff(), type_get_attrib_names(), type_get_items(), types_wo_allow_print(), types_wo_allow_run(), unreachable_doms_print(), unreachable_doms_run(), user_get_items(), user_get_roles(), user_init(), user_name_comp(), users_wo_roles_print(), and users_wo_roles_run().

00160 {
00161         if (policy == NULL) {
00162                 errno = EINVAL;
00163                 return NULL;
00164         }
00165         return policy->p;
00166 }

int apol_policy_is_mls const apol_policy_t p  ) 
 

Given a policy, return 1 if the policy within is MLS, 0 if not.

If it cannot be determined or upon error, return < 0.

Parameters:
p Policy to which check.
Returns:
1 if policy is MLS, 0 if not, < 0 upon error.

Definition at line 168 of file policy.c.

References apol_policy_t, apol_policy::p, QPOL_CAP_MLS, and qpol_policy_has_capability().

Referenced by apol_context_render(), apol_context_validate(), apol_context_validate_partial(), and apol_user_get_by_query().

00169 {
00170         if (p == NULL) {
00171                 return -1;
00172         }
00173         return qpol_policy_has_capability(p->p, QPOL_CAP_MLS);
00174 }

char* apol_policy_get_version_type_mls_str const apol_policy_t p  ) 
 

Given a policy, allocate and return a string that describes the policy (policy version, source/binary, mls/non-mls).

Parameters:
p Policy to check.
Returns:
String that describes policy, or NULL upon error. The caller must free() this afterwards.

Definition at line 176 of file policy.c.

References apol_policy_t, apol_policy::p, apol_policy::policy_type, QPOL_CAP_MLS, qpol_policy_get_policy_version(), qpol_policy_has_capability(), QPOL_POLICY_KERNEL_BINARY, QPOL_POLICY_KERNEL_SOURCE, and QPOL_POLICY_MODULE_BINARY.

Referenced by policy_view_stats_update(), print_stats(), and toplevel_update_status_bar().

00177 {
00178         unsigned int version;
00179         char *policy_type, *mls, buf[64];
00180         if (qpol_policy_get_policy_version(p->p, &version) < 0) {
00181                 return NULL;
00182         }
00183         switch (p->policy_type) {
00184         case QPOL_POLICY_KERNEL_SOURCE:
00185                 policy_type = "source";
00186                 break;
00187         case QPOL_POLICY_KERNEL_BINARY:
00188                 policy_type = "binary";
00189                 break;
00190         case QPOL_POLICY_MODULE_BINARY:
00191                 policy_type = "modular";
00192                 break;
00193         default:
00194                 policy_type = "unknown";
00195                 break;
00196         }
00197         if (qpol_policy_has_capability(p->p, QPOL_CAP_MLS)) {
00198                 mls = "mls";
00199         } else {
00200                 mls = "non-mls";
00201         }
00202         if (snprintf(buf, sizeof(buf), "v.%u (%s, %s)", version, policy_type, mls) == -1) {
00203                 return NULL;
00204         }
00205         return strdup(buf);
00206 }

void apol_handle_msg const apol_policy_t p,
int  level,
const char *  fmt,
  ...
 

Write a message to the callback stored within an apol error handler.

If the msg_callback field is empty, then the default message callback will be used.

Parameters:
p Error reporting handler. If NULL then write message to stderr.
level Severity of message, one of APOL_MSG_ERR, APOL_MSG_WARN, or APOL_MSG_INFO.
fmt Format string to print, using syntax of printf(3).

Definition at line 208 of file policy.c.

References apol_handle_default_callback(), apol_policy_t, fmt, level, apol_policy::msg_callback, and apol_policy::msg_callback_arg.

00209 {
00210         va_list ap;
00211         va_start(ap, fmt);
00212         if (p == NULL) {
00213                 apol_handle_default_callback(NULL, NULL, level, fmt, ap);
00214         } else if (p->msg_callback != NULL) {
00215                 p->msg_callback(p->msg_callback_arg, p, level, fmt, ap);
00216         }
00217         va_end(ap);
00218 }

__attribute__ (format(printf, 3, 4))   )  const
 

Variable Documentation

int level
 

Definition at line 141 of file policy.h.

Referenced by apol_compare_level(), apol_handle_msg(), apol_level_get_by_query(), apol_mls_level_append_cats(), apol_mls_level_convert(), apol_mls_level_create_from_mls_level(), apol_mls_level_destroy(), apol_mls_level_get_cats(), apol_mls_level_get_sens(), apol_mls_level_is_literal(), apol_mls_level_render(), apol_mls_level_set_sens(), apol_mls_level_validate(), apol_mls_range_does_include_level(), apol_tcl_common_route(), apol_tcl_route_apol_to_string(), apol_tcl_route_sefs_to_string(), clone_level(), define_sens(), sefs_fclist::handleMsg(), level_create_from_apol_mls_level(), level_get_cats(), level_to_string(), mls_level_free(), modified_mls_range_to_string(), poldiff_handle_msg(), poldiff_level_get_added_cats(), poldiff_level_get_form(), poldiff_level_get_name(), poldiff_level_get_removed_cats(), poldiff_level_get_unmodified_cats(), poldiff_level_to_string(), poldiff_level_to_string_brief(), poldiff_range_to_string_brief(), policy_features_alias_count(), print_sens(), qpol_handle_msg(), qpol_handle_route_to_callback(), qpol_mls_level_get_cat_iter(), qpol_mls_level_get_sens_name(), qpol_mls_range_get_high_level(), qpol_mls_range_get_low_level(), qpol_user_get_dfltlevel(), require_sens(), seaudit_handle_msg(), and sefs_fclist_handleMsg().

int const char* fmt
 

Definition at line 141 of file policy.h.

Referenced by apol_handle_default_callback(), apol_handle_msg(), apol_str_appendf(), apol_tcl_common_route(), apol_tcl_route_apol_to_string(), apol_tcl_route_sefs_to_string(), sefs_fclist::handleMsg(), poldiff_handle_default_callback(), poldiff_handle_msg(), policy_features_alias_count(), progress_apol_handle_func(), progress_poldiff_handle_func(), progress_seaudit_handle_func(), progress_update(), progress_update_label(), qpol_handle_default_callback(), qpol_handle_msg(), qpol_handle_route_to_callback(), roleallow_to_string(), seaudit_handle_default_callback(), seaudit_handle_msg(), sefs_fclist_handleMsg(), sefs_handle_default_callback(), sepol_handle_route_to_callback(), toplevel_message(), and yyerror2().