Jeremy A. Mowery jmowery@tresys.com
Paul Rosenfeld prosenfeld@tresys.com
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file sesearch.c.
#include <config.h>
#include <apol/policy.h>
#include <apol/policy-query.h>
#include <apol/render.h>
#include <apol/util.h>
#include <apol/vector.h>
#include <qpol/policy.h>
#include <qpol/policy_extend.h>
#include <qpol/syn_rule_query.h>
#include <qpol/util.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <assert.h>
#include <getopt.h>
#include <string.h>
#include <stdbool.h>
Go to the source code of this file.
Classes | |
| struct | options |
Defines | |
| #define | COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" |
Typedefs | |
| typedef options | options_t |
Enumerations | |
| enum | opt_values { RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT, RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL, EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET } |
Functions | |
| void | usage (const char *program_name, int brief) |
| int | perform_av_query (const apol_policy_t *policy, const options_t *opt, apol_vector_t **v) |
| void | print_syn_av_results (const apol_policy_t *policy, const options_t *opt, const apol_vector_t *v) |
| void | print_av_results (const apol_policy_t *policy, const options_t *opt, const apol_vector_t *v) |
| int | perform_te_query (const apol_policy_t *policy, const options_t *opt, apol_vector_t **v) |
| void | print_syn_te_results (const apol_policy_t *policy, const options_t *opt, const apol_vector_t *v) |
| void | print_te_results (const apol_policy_t *policy, const options_t *opt, const apol_vector_t *v) |
| int | perform_ra_query (const apol_policy_t *policy, const options_t *opt, apol_vector_t **v) |
| void | print_ra_results (const apol_policy_t *policy, const options_t *opt __attribute__((unused)), const apol_vector_t *v) |
| int | perform_rt_query (const apol_policy_t *policy, const options_t *opt, apol_vector_t **v) |
| void | print_rt_results (const apol_policy_t *policy, const options_t *opt __attribute__((unused)), const apol_vector_t *v) |
| int | perform_range_query (const apol_policy_t *policy, const options_t *opt, apol_vector_t **v) |
| void | print_range_results (const apol_policy_t *policy, const options_t *opt __attribute__((unused)), const apol_vector_t *v) |
| int | main (int argc, char **argv) |
Variables | |
| char * | policy_file = NULL |
| option const | longopts [] |
|
|
Definition at line 50 of file sesearch.c. |
|
|
|
Definition at line 54 of file sesearch.c. 00055 {
00056 RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT,
00057 RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL,
00058 EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET
00059 };
|
|
||||||||||||
|
Definition at line 118 of file sesearch.c. 00119 {
00120 printf("Usage: %s [OPTIONS] RULE_TYPE [RULE_TYPE ...] [EXPESSION] [POLICY ...]\n\n", program_name);
00121 if (brief) {
00122 printf("\tTry %s --help for more help.\n\n", program_name);
00123 return;
00124 }
00125 printf("Search the rules in a SELinux policy.\n\n");
00126 printf("RULE_TYPES:\n");
00127 printf(" -A, --allow allow rules\n");
00128 printf(" --neverallow neverallow rules\n");
00129 printf(" --auditallow auditallow rules\n");
00130 printf(" --dontaudit dontaudit rules\n");
00131 printf(" -T, --type type_trans, type_member, and type_change\n");
00132 printf(" --role_allow role allow rules\n");
00133 printf(" --role_trans role_transition rules\n");
00134 printf(" --range_trans range_transition rules\n");
00135 printf(" --all all rules regardless of type, class, or perms\n");
00136 printf("EXPRESSIONS:\n");
00137 printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n");
00138 printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n");
00139 printf(" --role_source=NAME rules with role NAME as source\n");
00140 printf(" --role_target=NAME rules with role NAME as target\n");
00141 printf(" -c NAME, --class=NAME rules with class NAME as the object class\n");
00142 printf(" -p P1[,P2,...], --perm=P1[,P2...]\n");
00143 printf(" rules with the specified permission\n");
00144 printf(" -b NAME, --bool=NAME conditional rules with NAME in the expression\n");
00145 printf("OPTIONS:\n");
00146 printf(" -d, --direct do not search for type's attributes\n");
00147 printf(" -R, --regex use regular expression matching\n");
00148 printf(" -n, --linenum show line number for each rule if available\n");
00149 printf(" -S, --semantic search rules semantically instead of syntactically\n");
00150 printf(" -C, --show_cond show conditional expression for conditional rules\n");
00151 printf(" -h, --help print this help text and exit\n");
00152 printf(" -V, --version print version information and exit\n");
00153 printf("\n");
00154 printf("If no expression is specified, then all rules are shown.\n");
00155 printf("\n");
00156 printf("The default source policy, or if that is unavailable the default binary\n");
00157 printf("policy, will be opened if no policy is provided.\n\n");
00158 }
|
|
||||||||||||||||
|
Definition at line 160 of file sesearch.c. References options::all, options::allow, apol_avrule_get_by_query(), apol_avrule_query_append_class(), apol_avrule_query_append_perm(), apol_avrule_query_create(), apol_avrule_query_destroy(), apol_avrule_query_set_bool(), apol_avrule_query_set_regex(), apol_avrule_query_set_rules(), apol_avrule_query_set_source(), apol_avrule_query_set_target(), apol_avrule_query_t, apol_policy_get_qpol(), apol_policy_t, apol_syn_avrule_get_by_query(), apol_vector_append(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options::auditallow, options::bool_name, options::class_name, options::class_vector, options::dontaudit, ERR, options::indirect, options::nallow, options_t, options::perm_vector, options::permlist, QPOL_CAP_NEVERALLOW, QPOL_CAP_SYN_RULES, qpol_policy_has_capability(), options::semantic, options::src_name, options::tgt_name, and options::useregex. Referenced by main(). 00161 {
00162 apol_avrule_query_t *avq = NULL;
00163 unsigned int rules = 0;
00164 int error = 0;
00165 char *tmp = NULL, *tok = NULL, *s = NULL;
00166
00167 if (!policy || !opt || !v) {
00168 ERR(policy, "%s", strerror(EINVAL));
00169 errno = EINVAL;
00170 return -1;
00171 }
00172
00173 if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) {
00174 *v = NULL;
00175 return 0; /* no search to do */
00176 }
00177
00178 avq = apol_avrule_query_create();
00179 if (!avq) {
00180 ERR(policy, "%s", strerror(ENOMEM));
00181 errno = ENOMEM;
00182 return -1;
00183 }
00184
00185 if (opt->allow || opt->all)
00186 rules |= QPOL_RULE_ALLOW;
00187 if ((opt->nallow || opt->all) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_NEVERALLOW))
00188 rules |= QPOL_RULE_NEVERALLOW;
00189 if (opt->auditallow || opt->all)
00190 rules |= QPOL_RULE_AUDITALLOW;
00191 if (opt->dontaudit || opt->all)
00192 rules |= QPOL_RULE_DONTAUDIT;
00193 apol_avrule_query_set_rules(policy, avq, rules);
00194 apol_avrule_query_set_regex(policy, avq, opt->useregex);
00195 if (opt->src_name)
00196 apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect);
00197 if (opt->tgt_name)
00198 apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect);
00199 if (opt->bool_name)
00200 apol_avrule_query_set_bool(policy, avq, opt->bool_name);
00201 if (opt->class_name) {
00202 if (opt->class_vector == NULL) {
00203 if (apol_avrule_query_append_class(policy, avq, opt->class_name)) {
00204 error = errno;
00205 goto err;
00206 }
00207 } else {
00208 for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
00209 char *class_name;
00210 class_name = apol_vector_get_element(opt->class_vector, i);
00211 if (!class_name)
00212 continue;
00213 if (apol_avrule_query_append_class(policy, avq, class_name)) {
00214 error = errno;
00215 goto err;
00216 }
00217 }
00218 }
00219 }
00220
00221 if (opt->permlist) {
00222 tmp = strdup(opt->permlist);
00223 for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) {
00224 if (apol_avrule_query_append_perm(policy, avq, tok)) {
00225 error = errno;
00226 goto err;
00227 }
00228 if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) {
00229 error = errno;
00230 goto err;
00231 }
00232 s = NULL;
00233 }
00234 free(tmp);
00235 }
00236
00237 if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
00238 if (apol_syn_avrule_get_by_query(policy, avq, v)) {
00239 error = errno;
00240 goto err;
00241 }
00242 } else {
00243 if (apol_avrule_get_by_query(policy, avq, v)) {
00244 error = errno;
00245 goto err;
00246 }
00247 }
00248
00249 apol_avrule_query_destroy(&avq);
00250 return 0;
00251
00252 err:
00253 apol_vector_destroy(v);
00254 apol_avrule_query_destroy(&avq);
00255 free(tmp);
00256 free(s);
00257 ERR(policy, "%s", strerror(error));
00258 errno = error;
00259 return -1;
00260 }
|
|
||||||||||||||||
|
Definition at line 262 of file sesearch.c. References apol_cond_expr_render(), apol_policy_get_qpol(), apol_policy_t, apol_syn_avrule_render(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options::lineno, options_t, qpol_cond_eval(), qpol_cond_t, qpol_policy_t, qpol_syn_avrule_get_cond(), qpol_syn_avrule_get_is_enabled(), qpol_syn_avrule_get_lineno(), qpol_syn_avrule_t, and options::show_cond. Referenced by main(). 00263 {
00264 qpol_policy_t *q = apol_policy_get_qpol(policy);
00265 size_t i, num_rules = 0;
00266 const apol_vector_t *syn_list = NULL;
00267 const qpol_syn_avrule_t *rule = NULL;
00268 char *tmp = NULL, *rule_str = NULL, *expr = NULL;
00269 char enable_char = ' ', branch_char = ' ';
00270 const qpol_cond_t *cond = NULL;
00271 uint32_t enabled = 0, is_true = 0;
00272 unsigned long lineno = 0;
00273
00274 if (!policy || !v)
00275 return;
00276
00277 syn_list = v;
00278 if (!(num_rules = apol_vector_get_size(syn_list)))
00279 goto cleanup;
00280
00281 fprintf(stdout, "Found %zd syntactic av rules:\n", num_rules);
00282
00283 for (i = 0; i < num_rules; i++) {
00284 rule = apol_vector_get_element(syn_list, i);
00285 enable_char = branch_char = ' ';
00286 if (opt->show_cond) {
00287 if (qpol_syn_avrule_get_cond(q, rule, &cond))
00288 goto cleanup;
00289 if (cond) {
00290 if (qpol_syn_avrule_get_is_enabled(q, rule, &enabled) < 0 || qpol_cond_eval(q, cond, &is_true) < 0)
00291 goto cleanup;
00292 tmp = apol_cond_expr_render(policy, cond);
00293 enable_char = (enabled ? 'E' : 'D');
00294 branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
00295 asprintf(&expr, "[ %s ]", tmp);
00296 free(tmp);
00297 tmp = NULL;
00298 if (!expr)
00299 goto cleanup;
00300 }
00301 }
00302 if (!(rule_str = apol_syn_avrule_render(policy, rule)))
00303 goto cleanup;
00304 if (opt->lineno) {
00305 if (qpol_syn_avrule_get_lineno(q, rule, &lineno))
00306 goto cleanup;
00307 fprintf(stdout, "%c%c [%7lu] %s %s\n", enable_char, branch_char, lineno, rule_str, expr ? expr : "");
00308 } else {
00309 fprintf(stdout, "%c%c %s %s\n", enable_char, branch_char, rule_str, expr ? expr : "");
00310 }
00311 free(rule_str);
00312 rule_str = NULL;
00313 free(expr);
00314 expr = NULL;
00315 }
00316
00317 cleanup:
00318 free(tmp);
00319 free(rule_str);
00320 free(expr);
00321 }
|
|
||||||||||||||||
|
Definition at line 323 of file sesearch.c. References apol_avrule_render(), apol_cond_expr_render(), apol_policy_get_qpol(), apol_policy_t, apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options_t, qpol_avrule_get_cond(), qpol_avrule_get_is_enabled(), qpol_avrule_get_which_list(), qpol_avrule_t, qpol_cond_t, qpol_iterator_destroy(), qpol_iterator_t, qpol_policy_t, and options::show_cond. Referenced by main(). 00324 {
00325 qpol_policy_t *q = apol_policy_get_qpol(policy);
00326 size_t i, num_rules = 0;
00327 const qpol_avrule_t *rule = NULL;
00328 char *tmp = NULL, *rule_str = NULL, *expr = NULL;
00329 char enable_char = ' ', branch_char = ' ';
00330 qpol_iterator_t *iter = NULL;
00331 const qpol_cond_t *cond = NULL;
00332 uint32_t enabled = 0, list = 0;
00333
00334 if (!policy || !v)
00335 return;
00336
00337 if (!(num_rules = apol_vector_get_size(v)))
00338 return;
00339
00340 fprintf(stdout, "Found %zd semantic av rules:\n", num_rules);
00341
00342 for (i = 0; i < num_rules; i++) {
00343 enable_char = branch_char = ' ';
00344 if (!(rule = apol_vector_get_element(v, i)))
00345 goto cleanup;
00346 if (opt->show_cond) {
00347 if (qpol_avrule_get_cond(q, rule, &cond))
00348 goto cleanup;
00349 if (qpol_avrule_get_is_enabled(q, rule, &enabled))
00350 goto cleanup;
00351 if (cond) {
00352 if (qpol_avrule_get_which_list(q, rule, &list))
00353 goto cleanup;
00354 tmp = apol_cond_expr_render(policy, cond);
00355 qpol_iterator_destroy(&iter);
00356 enable_char = (enabled ? 'E' : 'D');
00357 branch_char = (list ? 'T' : 'F');
00358 asprintf(&expr, "[ %s ]", tmp);
00359 free(tmp);
00360 tmp = NULL;
00361 if (!expr)
00362 goto cleanup;
00363 }
00364 }
00365 if (!(rule_str = apol_avrule_render(policy, rule)))
00366 goto cleanup;
00367 fprintf(stdout, "%c%c %s %s\n", enable_char, branch_char, rule_str, expr ? expr : "");
00368 free(rule_str);
00369 rule_str = NULL;
00370 free(expr);
00371 expr = NULL;
00372 }
00373
00374 cleanup:
00375 free(tmp);
00376 free(rule_str);
00377 free(expr);
00378 }
|
|
||||||||||||||||
|
Definition at line 380 of file sesearch.c. References options::all, apol_policy_get_qpol(), apol_policy_t, apol_syn_terule_get_by_query(), apol_terule_get_by_query(), apol_terule_query_append_class(), apol_terule_query_create(), apol_terule_query_destroy(), apol_terule_query_set_bool(), apol_terule_query_set_regex(), apol_terule_query_set_rules(), apol_terule_query_set_source(), apol_terule_query_set_target(), apol_terule_query_t, apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options::bool_name, options::class_name, options::class_vector, ERR, options::indirect, options_t, QPOL_CAP_SYN_RULES, qpol_policy_has_capability(), QPOL_RULE_TYPE_CHANGE, QPOL_RULE_TYPE_TRANS, options::semantic, options::src_name, options::tgt_name, options::type, and options::useregex. Referenced by main(). 00381 {
00382 apol_terule_query_t *teq = NULL;
00383 unsigned int rules = 0;
00384 int error = 0;
00385
00386 if (!policy || !opt || !v) {
00387 ERR(policy, "%s", strerror(EINVAL));
00388 errno = EINVAL;
00389 return -1;
00390 }
00391
00392 if (opt->all || opt->type) {
00393 rules = (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER);
00394 } else {
00395 *v = NULL;
00396 return 0; /* no search to do */
00397 }
00398
00399 teq = apol_terule_query_create();
00400 if (!teq) {
00401 ERR(policy, "%s", strerror(ENOMEM));
00402 errno = ENOMEM;
00403 return -1;
00404 }
00405
00406 apol_terule_query_set_rules(policy, teq, rules);
00407 apol_terule_query_set_regex(policy, teq, opt->useregex);
00408 if (opt->src_name)
00409 apol_terule_query_set_source(policy, teq, opt->src_name, opt->indirect);
00410 if (opt->tgt_name)
00411 apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect);
00412 if (opt->bool_name)
00413 apol_terule_query_set_bool(policy, teq, opt->bool_name);
00414 if (opt->class_name) {
00415 if (opt->class_vector == NULL) {
00416 if (apol_terule_query_append_class(policy, teq, opt->class_name)) {
00417 error = errno;
00418 goto err;
00419 }
00420 } else {
00421 for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
00422 char *class_name;
00423 class_name = apol_vector_get_element(opt->class_vector, i);
00424 if (!class_name)
00425 continue;
00426 if (apol_terule_query_append_class(policy, teq, class_name)) {
00427 error = errno;
00428 goto err;
00429 }
00430 }
00431 }
00432 }
00433
00434 if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
00435 if (apol_syn_terule_get_by_query(policy, teq, v)) {
00436 error = errno;
00437 goto err;
00438 }
00439 } else {
00440 if (apol_terule_get_by_query(policy, teq, v)) {
00441 error = errno;
00442 goto err;
00443 }
00444 }
00445
00446 apol_terule_query_destroy(&teq);
00447 return 0;
00448
00449 err:
00450 apol_vector_destroy(v);
00451 apol_terule_query_destroy(&teq);
00452 ERR(policy, "%s", strerror(error));
00453 errno = error;
00454 return -1;
00455 }
|
|
||||||||||||||||
|
Definition at line 457 of file sesearch.c. References apol_cond_expr_render(), apol_policy_get_qpol(), apol_policy_t, apol_syn_terule_render(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options::lineno, options_t, qpol_cond_eval(), qpol_cond_t, qpol_policy_t, qpol_syn_terule_get_cond(), qpol_syn_terule_get_is_enabled(), qpol_syn_terule_get_lineno(), qpol_syn_terule_t, and options::show_cond. Referenced by main(). 00458 {
00459 qpol_policy_t *q = apol_policy_get_qpol(policy);
00460 size_t i, num_rules = 0;
00461 const apol_vector_t *syn_list = NULL;
00462 const qpol_syn_terule_t *rule = NULL;
00463 char *tmp = NULL, *rule_str = NULL, *expr = NULL;
00464 char enable_char = ' ', branch_char = ' ';
00465 const qpol_cond_t *cond = NULL;
00466 uint32_t enabled = 0, is_true = 0;
00467 unsigned long lineno = 0;
00468
00469 if (!policy || !v)
00470 return;
00471
00472 syn_list = v;
00473 if (!(num_rules = apol_vector_get_size(syn_list)))
00474 goto cleanup;
00475
00476 fprintf(stdout, "Found %zd syntactic te rules:\n", num_rules);
00477
00478 for (i = 0; i < num_rules; i++) {
00479 rule = apol_vector_get_element(syn_list, i);
00480 enable_char = branch_char = ' ';
00481 if (opt->show_cond) {
00482 if (qpol_syn_terule_get_cond(q, rule, &cond))
00483 goto cleanup;
00484 if (cond) {
00485 if (qpol_syn_terule_get_is_enabled(q, rule, &enabled) < 0 || qpol_cond_eval(q, cond, &is_true) < 0)
00486 goto cleanup;
00487 tmp = apol_cond_expr_render(policy, cond);
00488 enable_char = (enabled ? 'E' : 'D');
00489 branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
00490 asprintf(&expr, "[ %s ]", tmp);
00491 free(tmp);
00492 tmp = NULL;
00493 if (!expr)
00494 break;
00495 }
00496 }
00497 if (!(rule_str = apol_syn_terule_render(policy, rule)))
00498 goto cleanup;
00499 if (opt->lineno) {
00500 if (qpol_syn_terule_get_lineno(q, rule, &lineno))
00501 goto cleanup;
00502 fprintf(stdout, "%c%c [%7lu] %s %s\n", enable_char, branch_char, lineno, rule_str, expr ? expr : "");
00503 } else {
00504 fprintf(stdout, "%c%c %s %s\n", enable_char, branch_char, rule_str, expr ? expr : "");
00505 }
00506 free(rule_str);
00507 rule_str = NULL;
00508 free(expr);
00509 expr = NULL;
00510 }
00511
00512 cleanup:
00513 free(tmp);
00514 free(rule_str);
00515 free(expr);
00516 }
|
|
||||||||||||||||
|
Definition at line 518 of file sesearch.c. References apol_cond_expr_render(), apol_policy_get_qpol(), apol_policy_t, apol_terule_render(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options_t, qpol_cond_get_expr_node_iter(), qpol_cond_t, qpol_iterator_destroy(), qpol_iterator_t, qpol_policy_t, qpol_terule_get_cond(), qpol_terule_get_is_enabled(), qpol_terule_get_which_list(), qpol_terule_t, and options::show_cond. Referenced by main(). 00519 {
00520 qpol_policy_t *q = apol_policy_get_qpol(policy);
00521 size_t i, num_rules = 0;
00522 const qpol_terule_t *rule = NULL;
00523 char *tmp = NULL, *rule_str = NULL, *expr = NULL;
00524 char enable_char = ' ', branch_char = ' ';
00525 qpol_iterator_t *iter = NULL;
00526 const qpol_cond_t *cond = NULL;
00527 uint32_t enabled = 0, list = 0;
00528
00529 if (!policy || !v)
00530 goto cleanup;
00531
00532 if (!(num_rules = apol_vector_get_size(v)))
00533 goto cleanup;
00534
00535 fprintf(stdout, "Found %zd semantic te rules:\n", num_rules);
00536
00537 for (i = 0; i < num_rules; i++) {
00538 enable_char = branch_char = ' ';
00539 if (!(rule = apol_vector_get_element(v, i)))
00540 goto cleanup;
00541 if (opt->show_cond) {
00542 if (qpol_terule_get_cond(q, rule, &cond))
00543 goto cleanup;
00544 if (qpol_terule_get_is_enabled(q, rule, &enabled))
00545 goto cleanup;
00546 if (cond) {
00547 if (qpol_terule_get_which_list(q, rule, &list))
00548 goto cleanup;
00549 if (qpol_cond_get_expr_node_iter(q, cond, &iter))
00550 goto cleanup;
00551 tmp = apol_cond_expr_render(policy, cond);
00552 qpol_iterator_destroy(&iter);
00553 enable_char = (enabled ? 'E' : 'D');
00554 branch_char = (list ? 'T' : 'F');
00555 asprintf(&expr, "[ %s ]", tmp);
00556 free(tmp);
00557 tmp = NULL;
00558 if (!expr)
00559 goto cleanup;
00560 }
00561 }
00562 if (!(rule_str = apol_terule_render(policy, rule)))
00563 goto cleanup;
00564 fprintf(stdout, "%c%c %s %s\n", enable_char, branch_char, rule_str, expr ? expr : "");
00565 free(rule_str);
00566 rule_str = NULL;
00567 free(expr);
00568 expr = NULL;
00569 }
00570
00571 cleanup:
00572 free(tmp);
00573 free(rule_str);
00574 free(expr);
00575 }
|
|
||||||||||||||||
|
Definition at line 577 of file sesearch.c. References options::all, apol_policy_t, apol_role_allow_get_by_query(), apol_role_allow_query_create(), apol_role_allow_query_destroy(), apol_role_allow_query_set_regex(), apol_role_allow_query_set_source(), apol_role_allow_query_set_target(), apol_role_allow_query_t, apol_vector_destroy(), apol_vector_t, ERR, options_t, options::role_allow, options::src_role_name, options::tgt_role_name, and options::useregex. Referenced by main(). 00578 {
00579 apol_role_allow_query_t *raq = NULL;
00580 int error = 0;
00581
00582 if (!policy || !opt || !v) {
00583 ERR(policy, "%s", strerror(EINVAL));
00584 errno = EINVAL;
00585 return -1;
00586 }
00587
00588 if (!opt->role_allow && !opt->all) {
00589 *v = NULL;
00590 return 0; /* no search to do */
00591 }
00592
00593 raq = apol_role_allow_query_create();
00594 if (!raq) {
00595 ERR(policy, "%s", strerror(ENOMEM));
00596 errno = ENOMEM;
00597 return -1;
00598 }
00599
00600 apol_role_allow_query_set_regex(policy, raq, opt->useregex);
00601 if (opt->src_role_name) {
00602 if (apol_role_allow_query_set_source(policy, raq, opt->src_role_name)) {
00603 error = errno;
00604 goto err;
00605 }
00606 }
00607 if (opt->tgt_role_name)
00608 if (apol_role_allow_query_set_target(policy, raq, opt->tgt_role_name)) {
00609 error = errno;
00610 goto err;
00611 }
00612
00613 if (apol_role_allow_get_by_query(policy, raq, v)) {
00614 error = errno;
00615 goto err;
00616 }
00617
00618 apol_role_allow_query_destroy(&raq);
00619 return 0;
00620
00621 err:
00622 apol_vector_destroy(v);
00623 apol_role_allow_query_destroy(&raq);
00624 ERR(policy, "%s", strerror(error));
00625 errno = error;
00626 return -1;
00627 }
|
|
||||||||||||||||
|
Definition at line 629 of file sesearch.c. References apol_policy_t, apol_role_allow_render(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options_t, and qpol_role_allow_t. Referenced by main(). 00630 {
00631 size_t i, num_rules = 0;
00632 const qpol_role_allow_t *rule = NULL;
00633 char *tmp = NULL;
00634
00635 if (!policy || !v)
00636 return;
00637
00638 if (!(num_rules = apol_vector_get_size(v)))
00639 return;
00640
00641 fprintf(stdout, "Found %zd role allow rules:\n", num_rules);
00642
00643 for (i = 0; i < num_rules; i++) {
00644 if (!(rule = apol_vector_get_element(v, i)))
00645 break;
00646 if (!(tmp = apol_role_allow_render(policy, rule)))
00647 break;
00648 fprintf(stdout, " %s\n", tmp);
00649 free(tmp);
00650 tmp = NULL;
00651 }
00652 }
|
|
||||||||||||||||
|
Definition at line 654 of file sesearch.c. References options::all, apol_policy_t, apol_role_trans_get_by_query(), apol_role_trans_query_create(), apol_role_trans_query_destroy(), apol_role_trans_query_set_regex(), apol_role_trans_query_set_source(), apol_role_trans_query_set_target(), apol_role_trans_query_t, apol_vector_destroy(), apol_vector_t, ERR, options::indirect, options_t, options::role_trans, options::src_role_name, options::tgt_name, and options::useregex. Referenced by main(). 00655 {
00656 apol_role_trans_query_t *rtq = NULL;
00657 int error = 0;
00658
00659 if (!policy || !opt || !v) {
00660 ERR(policy, "%s", strerror(EINVAL));
00661 errno = EINVAL;
00662 return -1;
00663 }
00664
00665 if (!opt->role_trans && !opt->all) {
00666 *v = NULL;
00667 return 0; /* no search to do */
00668 }
00669
00670 rtq = apol_role_trans_query_create();
00671 if (!rtq) {
00672 ERR(policy, "%s", strerror(ENOMEM));
00673 errno = ENOMEM;
00674 return -1;
00675 }
00676
00677 apol_role_trans_query_set_regex(policy, rtq, opt->useregex);
00678 if (opt->src_role_name) {
00679 if (apol_role_trans_query_set_source(policy, rtq, opt->src_role_name)) {
00680 error = errno;
00681 goto err;
00682 }
00683 }
00684 if (opt->tgt_name) {
00685 if (apol_role_trans_query_set_target(policy, rtq, opt->tgt_name, opt->indirect)) {
00686 error = errno;
00687 goto err;
00688 }
00689 }
00690
00691 if (apol_role_trans_get_by_query(policy, rtq, v)) {
00692 error = errno;
00693 goto err;
00694 }
00695
00696 apol_role_trans_query_destroy(&rtq);
00697 return 0;
00698
00699 err:
00700 apol_vector_destroy(v);
00701 apol_role_trans_query_destroy(&rtq);
00702 ERR(policy, "%s", strerror(error));
00703 errno = error;
00704 return -1;
00705 }
|
|
||||||||||||||||
|
Definition at line 707 of file sesearch.c. References apol_policy_t, apol_role_trans_render(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options_t, and qpol_role_trans_t. Referenced by main(). 00708 {
00709 size_t i, num_rules = 0;
00710 const qpol_role_trans_t *rule = NULL;
00711 char *tmp = NULL;
00712
00713 if (!policy || !v)
00714 return;
00715
00716 if (!(num_rules = apol_vector_get_size(v)))
00717 return;
00718
00719 fprintf(stdout, "Found %zd role_transition rules:\n", num_rules);
00720
00721 for (i = 0; i < num_rules; i++) {
00722 if (!(rule = apol_vector_get_element(v, i)))
00723 break;
00724 if (!(tmp = apol_role_trans_render(policy, rule)))
00725 break;
00726 fprintf(stdout, " %s\n", tmp);
00727 free(tmp);
00728 tmp = NULL;
00729 }
00730 }
|
|
||||||||||||||||
|
Definition at line 732 of file sesearch.c. References options::all, apol_policy_t, apol_range_trans_get_by_query(), apol_range_trans_query_append_class(), apol_range_trans_query_create(), apol_range_trans_query_destroy(), apol_range_trans_query_set_regex(), apol_range_trans_query_set_source(), apol_range_trans_query_set_target(), apol_range_trans_query_t, apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options::class_name, options::class_vector, ERR, options::indirect, options_t, options::rtrans, options::src_name, options::tgt_name, and options::useregex. Referenced by main(). 00733 {
00734 apol_range_trans_query_t *rtq = NULL;
00735 int error = 0;
00736
00737 if (!policy || !opt || !v) {
00738 ERR(policy, "%s", strerror(EINVAL));
00739 errno = EINVAL;
00740 return -1;
00741 }
00742
00743 if (!opt->rtrans && !opt->all) {
00744 *v = NULL;
00745 return 0; /* no search to do */
00746 }
00747
00748 rtq = apol_range_trans_query_create();
00749 if (!rtq) {
00750 ERR(policy, "%s", strerror(ENOMEM));
00751 errno = ENOMEM;
00752 return -1;
00753 }
00754
00755 apol_range_trans_query_set_regex(policy, rtq, opt->useregex);
00756 if (opt->src_name) {
00757 if (apol_range_trans_query_set_source(policy, rtq, opt->src_name, opt->indirect)) {
00758 error = errno;
00759 goto err;
00760 }
00761 }
00762 if (opt->tgt_name) {
00763 if (apol_range_trans_query_set_target(policy, rtq, opt->tgt_name, opt->indirect)) {
00764 error = errno;
00765 goto err;
00766 }
00767 }
00768 if (opt->class_name) {
00769 if (opt->class_vector == NULL) {
00770 if (apol_range_trans_query_append_class(policy, rtq, opt->class_name)) {
00771 error = errno;
00772 goto err;
00773 }
00774 } else {
00775 for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
00776 char *class_name;
00777 class_name = apol_vector_get_element(opt->class_vector, i);
00778 if (!class_name)
00779 continue;
00780 if (apol_range_trans_query_append_class(policy, rtq, class_name)) {
00781 error = errno;
00782 goto err;
00783 }
00784 }
00785 }
00786 }
00787
00788 if (apol_range_trans_get_by_query(policy, rtq, v)) {
00789 error = errno;
00790 goto err;
00791 }
00792
00793 apol_range_trans_query_destroy(&rtq);
00794 return 0;
00795
00796 err:
00797 apol_vector_destroy(v);
00798 apol_range_trans_query_destroy(&rtq);
00799 ERR(policy, "%s", strerror(error));
00800 errno = error;
00801 return -1;
00802 }
|
|
||||||||||||||||
|
Definition at line 804 of file sesearch.c. References apol_policy_t, apol_range_trans_render(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, options_t, and qpol_range_trans_t. Referenced by main(). 00806 {
00807 size_t i, num_rules = 0;
00808 const qpol_range_trans_t *rule = NULL;
00809 char *tmp = NULL;
00810
00811 if (!policy || !v)
00812 return;
00813
00814 if (!(num_rules = apol_vector_get_size(v)))
00815 return;
00816
00817 fprintf(stdout, "Found %zd range_transition rules:\n", num_rules);
00818
00819 for (i = 0; i < num_rules; i++) {
00820 if (!(rule = apol_vector_get_element(v, i)))
00821 break;
00822 if (!(tmp = apol_range_trans_render(policy, rule)))
00823 break;
00824 fprintf(stdout, " %s\n", tmp);
00825 free(tmp);
00826 tmp = NULL;
00827 }
00828 }
|
|
||||||||||||
|
Definition at line 830 of file sesearch.c. References apol_class_get_by_query(), apol_class_query_create(), apol_class_query_destroy(), apol_class_query_set_class(), apol_class_query_set_regex(), apol_class_query_t, apol_file_is_policy_path_list(), apol_policy_create_from_policy_path(), apol_policy_destroy(), apol_policy_get_qpol(), apol_policy_path_create(), apol_policy_path_create_from_file(), apol_policy_path_destroy(), apol_policy_path_t, apol_policy_path_type_e, apol_policy_t, apol_vector_append(), apol_vector_create(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, apol_class_query::class_name, COPYRIGHT_INFO, ERR, EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET, longopts, options_t, perform_av_query(), perform_ra_query(), perform_range_query(), perform_rt_query(), perform_te_query(), policy_file, print_av_results(), print_ra_results(), print_range_results(), print_rt_results(), print_syn_av_results(), print_syn_te_results(), print_te_results(), QPOL_CAP_LINE_NUMBERS, QPOL_CAP_SYN_RULES, qpol_class_get_name(), qpol_class_t, qpol_default_policy_find(), qpol_policy_build_syn_rule_table(), qpol_policy_has_capability(), RULE_ALL, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT, RULE_NEVERALLOW, RULE_RANGE_TRANS, RULE_ROLE_ALLOW, RULE_ROLE_TRANS, and usage(). 00831 {
00832 options_t cmd_opts;
00833 int optc, rt = -1;
00834
00835 apol_policy_t *policy = NULL;
00836 apol_vector_t *v = NULL;
00837 apol_policy_path_t *pol_path = NULL;
00838 apol_vector_t *mod_paths = NULL;
00839 apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
00840
00841 memset(&cmd_opts, 0, sizeof(cmd_opts));
00842 cmd_opts.indirect = true;
00843 while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
00844 switch (optc) {
00845 case 0:
00846 break;
00847 case 's': /* source */
00848 if (optarg == 0) {
00849 usage(argv[0], 1);
00850 printf("Missing source type/attribute for -s (--source)\n");
00851 exit(1);
00852 }
00853 cmd_opts.src_name = strdup(optarg);
00854 if (!cmd_opts.src_name) {
00855 fprintf(stderr, "%s\n", strerror(errno));
00856 exit(1);
00857 }
00858 break;
00859 case 't': /* target */
00860 if (optarg == 0) {
00861 usage(argv[0], 1);
00862 printf("Missing target type/attribute for -t (--target)\n");
00863 exit(1);
00864 }
00865 cmd_opts.tgt_name = strdup(optarg);
00866 if (!cmd_opts.tgt_name) {
00867 fprintf(stderr, "%s\n", strerror(errno));
00868 exit(1);
00869 }
00870 break;
00871 case EXPR_ROLE_SOURCE:
00872 if (optarg == 0) {
00873 usage(argv[0], 1);
00874 printf("Missing source role for --role_source\n");
00875 exit(1);
00876 }
00877 cmd_opts.src_role_name = strdup(optarg);
00878 if (!cmd_opts.src_role_name) {
00879 fprintf(stderr, "%s\n", strerror(errno));
00880 exit(1);
00881 }
00882 break;
00883 case EXPR_ROLE_TARGET:
00884 if (optarg == 0) {
00885 usage(argv[0], 1);
00886 printf("Missing target role for --role_target\n");
00887 exit(1);
00888 }
00889 cmd_opts.tgt_role_name = strdup(optarg);
00890 if (!cmd_opts.tgt_role_name) {
00891 fprintf(stderr, "%s\n", strerror(errno));
00892 exit(1);
00893 }
00894 break;
00895 case 'c': /* class */
00896 if (optarg == 0) {
00897 usage(argv[0], 1);
00898 printf("Missing object class for -c (--class)\n");
00899 exit(1);
00900 }
00901 cmd_opts.class_name = strdup(optarg);
00902 if (!cmd_opts.class_name) {
00903 fprintf(stderr, "%s\n", strerror(errno));
00904 exit(1);
00905 }
00906 break;
00907 case 'p': /* permission */
00908 if (optarg == 0) {
00909 usage(argv[0], 1);
00910 printf("Missing permissions for -p (--perm)\n");
00911 exit(1);
00912 }
00913 if ((cmd_opts.permlist = strdup(optarg)) == NULL
00914 || (cmd_opts.perm_vector = apol_vector_create(free)) == NULL) {
00915 fprintf(stderr, "%s\n", strerror(errno));
00916 exit(1);
00917 }
00918 break;
00919 case 'b':
00920 if (optarg == 0) {
00921 usage(argv[0], 1);
00922 printf("Missing boolean for -b (--bool)\n");
00923 exit(1);
00924 }
00925 cmd_opts.bool_name = strdup(optarg);
00926 if (!cmd_opts.bool_name) {
00927 fprintf(stderr, "%s\n", strerror(errno));
00928 exit(1);
00929 }
00930 break;
00931 case 'd': /* direct search */
00932 cmd_opts.indirect = false;
00933 break;
00934 case 'R': /* use regex */
00935 cmd_opts.useregex = true;
00936 break;
00937 case 'A': /* allow */
00938 cmd_opts.allow = true;
00939 break;
00940 case RULE_NEVERALLOW: /* neverallow */
00941 cmd_opts.nallow = true;
00942 break;
00943 case RULE_AUDIT: /* audit */
00944 cmd_opts.auditallow = true;
00945 cmd_opts.dontaudit = true;
00946 fprintf(stderr, "Use of --audit is depercated; use --auditallow and --dontaudit instead.\n");
00947 break;
00948 case RULE_AUDITALLOW:
00949 cmd_opts.auditallow = true;
00950 break;
00951 case RULE_DONTAUDIT:
00952 cmd_opts.dontaudit = true;
00953 break;
00954 case 'T': /* type */
00955 cmd_opts.type = true;
00956 break;
00957 case RULE_ROLE_ALLOW:
00958 cmd_opts.role_allow = true;
00959 break;
00960 case RULE_ROLE_TRANS:
00961 cmd_opts.role_trans = true;
00962 break;
00963 case RULE_RANGE_TRANS: /* range transition */
00964 cmd_opts.rtrans = true;
00965 break;
00966 case RULE_ALL: /* all */
00967 cmd_opts.all = true;
00968 break;
00969 case 'n': /* lineno */
00970 cmd_opts.lineno = true;
00971 break;
00972 case 'S': /* semantic */
00973 cmd_opts.semantic = true;
00974 break;
00975 case 'C':
00976 cmd_opts.show_cond = true;
00977 break;
00978 case 'h': /* help */
00979 usage(argv[0], 0);
00980 exit(0);
00981 case 'V': /* version */
00982 printf("sesearch %s\n%s\n", VERSION, COPYRIGHT_INFO);
00983 exit(0);
00984 default:
00985 usage(argv[0], 1);
00986 exit(1);
00987 }
00988 }
00989
00990 if (!(cmd_opts.allow || cmd_opts.nallow || cmd_opts.auditallow || cmd_opts.dontaudit || cmd_opts.role_allow ||
00991 cmd_opts.type || cmd_opts.rtrans || cmd_opts.role_trans || cmd_opts.all)) {
00992 usage(argv[0], 1);
00993 fprintf(stderr, "One of --all, --allow, --neverallow, --auditallow, --dontaudit,\n"
00994 "--range_trans, --type, --role_allow, or --role_trans must be specified.\n");
00995 exit(1);
00996 }
00997
00998 int pol_opt = 0;
00999 if (!(cmd_opts.nallow || cmd_opts.all))
01000 pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
01001
01002 if (argc - optind < 1) {
01003 rt = qpol_default_policy_find(&policy_file);
01004 if (rt < 0) {
01005 fprintf(stderr, "Default policy search failed: %s\n", strerror(errno));
01006 exit(1);
01007 } else if (rt != 0) {
01008 fprintf(stderr, "No default policy found.\n");
01009 exit(1);
01010 }
01011 pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
01012 } else {
01013 if ((policy_file = strdup(argv[optind])) == NULL) {
01014 fprintf(stderr, "%s\n", strerror(errno));
01015 exit(1);
01016 }
01017 optind++;
01018 }
01019
01020 if (argc - optind > 0) {
01021 path_type = APOL_POLICY_PATH_TYPE_MODULAR;
01022 if (!(mod_paths = apol_vector_create(NULL))) {
01023 ERR(policy, "%s", strerror(ENOMEM));
01024 exit(1);
01025 }
01026 for (; argc - optind; optind++) {
01027 if (apol_vector_append(mod_paths, (void *)argv[optind])) {
01028 ERR(policy, "Error loading module %s", argv[optind]);
01029 apol_vector_destroy(&mod_paths);
01030 free(policy_file);
01031 exit(1);
01032 }
01033 }
01034 } else if (apol_file_is_policy_path_list(policy_file) > 0) {
01035 pol_path = apol_policy_path_create_from_file(policy_file);
01036 if (!pol_path) {
01037 ERR(policy, "%s", "invalid policy list");
01038 free(policy_file);
01039 exit(1);
01040 }
01041 }
01042
01043 if (!pol_path)
01044 pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
01045 if (!pol_path) {
01046 ERR(policy, "%s", strerror(ENOMEM));
01047 free(policy_file);
01048 apol_vector_destroy(&mod_paths);
01049 exit(1);
01050 }
01051 free(policy_file);
01052 apol_vector_destroy(&mod_paths);
01053
01054 policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
01055 if (!policy) {
01056 ERR(policy, "%s", strerror(errno));
01057 apol_policy_path_destroy(&pol_path);
01058 exit(1);
01059 }
01060 /* handle regex for class name */
01061 if (cmd_opts.useregex && cmd_opts.class_name != NULL) {
01062 cmd_opts.class_vector = apol_vector_create(NULL);
01063 apol_vector_t *qpol_matching_classes = NULL;
01064 apol_class_query_t *regex_match_query = apol_class_query_create();
01065 apol_class_query_set_regex(policy, regex_match_query, 1);
01066 apol_class_query_set_class(policy, regex_match_query, cmd_opts.class_name);
01067 if (apol_class_get_by_query(policy, regex_match_query, &qpol_matching_classes)) {
01068 apol_class_query_destroy(®ex_match_query);
01069 goto cleanup;
01070 }
01071 const qpol_class_t *class = NULL;
01072 for (size_t i = 0; i < apol_vector_get_size(qpol_matching_classes); ++i) {
01073 const char *class_name;
01074 class = apol_vector_get_element(qpol_matching_classes, i);
01075 if (!class)
01076 break;
01077 qpol_class_get_name(apol_policy_get_qpol(policy), class, &class_name);
01078 apol_vector_append(cmd_opts.class_vector, (void *)class_name);
01079 }
01080 if (!apol_vector_get_size(qpol_matching_classes)) {
01081 apol_vector_destroy(&qpol_matching_classes);
01082 apol_class_query_destroy(®ex_match_query);
01083 ERR(policy, "No classes match expression %s", cmd_opts.class_name);
01084 goto cleanup;
01085 }
01086 apol_vector_destroy(&qpol_matching_classes);
01087 apol_class_query_destroy(®ex_match_query);
01088 }
01089
01090 if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
01091 if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) {
01092 apol_policy_destroy(&policy);
01093 exit(1);
01094 }
01095 }
01096
01097 /* if syntactic rules are not available always do semantic search */
01098 if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
01099 cmd_opts.semantic = 1;
01100 }
01101
01102 /* supress line numbers if doing semantic search or not available */
01103 if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) {
01104 cmd_opts.lineno = 0;
01105 }
01106
01107 if (perform_av_query(policy, &cmd_opts, &v)) {
01108 rt = 1;
01109 goto cleanup;
01110 }
01111 if (v) {
01112 if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES))
01113 print_syn_av_results(policy, &cmd_opts, v);
01114 else
01115 print_av_results(policy, &cmd_opts, v);
01116 fprintf(stdout, "\n");
01117 }
01118 apol_vector_destroy(&v);
01119 if (perform_te_query(policy, &cmd_opts, &v)) {
01120 rt = 1;
01121 goto cleanup;
01122 }
01123 if (v) {
01124 if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES))
01125 print_syn_te_results(policy, &cmd_opts, v);
01126 else
01127 print_te_results(policy, &cmd_opts, v);
01128 fprintf(stdout, "\n");
01129 }
01130 apol_vector_destroy(&v);
01131 if (perform_ra_query(policy, &cmd_opts, &v)) {
01132 rt = 1;
01133 goto cleanup;
01134 }
01135 if (v) {
01136 print_ra_results(policy, &cmd_opts, v);
01137 fprintf(stdout, "\n");
01138 }
01139 apol_vector_destroy(&v);
01140 if (perform_rt_query(policy, &cmd_opts, &v)) {
01141 rt = 1;
01142 goto cleanup;
01143 }
01144 if (v) {
01145 print_rt_results(policy, &cmd_opts, v);
01146 fprintf(stdout, "\n");
01147 }
01148 apol_vector_destroy(&v);
01149 if (perform_range_query(policy, &cmd_opts, &v)) {
01150 rt = 1;
01151 goto cleanup;
01152 }
01153 if (v) {
01154 print_range_results(policy, &cmd_opts, v);
01155 fprintf(stdout, "\n");
01156 }
01157 apol_vector_destroy(&v);
01158 rt = 0;
01159 cleanup:
01160 apol_policy_destroy(&policy);
01161 apol_policy_path_destroy(&pol_path);
01162 free(cmd_opts.src_name);
01163 free(cmd_opts.tgt_name);
01164 free(cmd_opts.class_name);
01165 free(cmd_opts.permlist);
01166 free(cmd_opts.bool_name);
01167 free(cmd_opts.src_role_name);
01168 free(cmd_opts.tgt_role_name);
01169 apol_vector_destroy(&cmd_opts.perm_vector);
01170 apol_vector_destroy(&cmd_opts.class_vector);
01171 exit(rt);
01172 }
|
|
|
Definition at line 52 of file sesearch.c. Referenced by main(). |
|
|
Initial value: {
{"allow", no_argument, NULL, 'A'},
{"neverallow", no_argument, NULL, RULE_NEVERALLOW},
{"audit", no_argument, NULL, RULE_AUDIT},
{"auditallow", no_argument, NULL, RULE_AUDITALLOW},
{"dontaudit", no_argument, NULL, RULE_DONTAUDIT},
{"type", no_argument, NULL, 'T'},
{"role_allow", no_argument, NULL, RULE_ROLE_ALLOW},
{"role_trans", no_argument, NULL, RULE_ROLE_TRANS},
{"range_trans", no_argument, NULL, RULE_RANGE_TRANS},
{"all", no_argument, NULL, RULE_ALL},
{"source", required_argument, NULL, 's'},
{"target", required_argument, NULL, 't'},
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
{"class", required_argument, NULL, 'c'},
{"perm", required_argument, NULL, 'p'},
{"bool", required_argument, NULL, 'b'},
{"direct", no_argument, NULL, 'd'},
{"regex", no_argument, NULL, 'R'},
{"linenum", no_argument, NULL, 'n'},
{"semantic", no_argument, NULL, 'S'},
{"show_cond", no_argument, NULL, 'C'},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{NULL, 0, NULL, 0}
}
Definition at line 61 of file sesearch.c. Referenced by main(). |
