Jeremy A. Mowery jmowery@tresys.com
Jason Tang jtang@tresys.com
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file terule_query.h.
#include <qpol/policy.h>
#include <qpol/cond_query.h>
Go to the source code of this file.
Defines | |
| #define | QPOL_RULE_TYPE_TRANS 16 |
| #define | QPOL_RULE_TYPE_CHANGE 64 |
| #define | QPOL_RULE_TYPE_MEMBER 32 |
Typedefs | |
| typedef qpol_terule | qpol_terule_t |
Functions | |
| int | qpol_policy_get_terule_iter (const qpol_policy_t *policy, uint32_t rule_type_mask, qpol_iterator_t **iter) |
| Get an iterator over all type rules in a policy of a rule type in rule_type_mask. | |
| int | qpol_terule_get_source_type (const qpol_policy_t *policy, const qpol_terule_t *rule, const qpol_type_t **source) |
| Get the source type from a type rule. | |
| int | qpol_terule_get_target_type (const qpol_policy_t *policy, const qpol_terule_t *rule, const qpol_type_t **target) |
| Get the target type from a type rule. | |
| int | qpol_terule_get_object_class (const qpol_policy_t *policy, const qpol_terule_t *rule, const qpol_class_t **obj_class) |
| Get the object class from a type rule. | |
| int | qpol_terule_get_default_type (const qpol_policy_t *policy, const qpol_terule_t *rule, const qpol_type_t **dflt) |
| Get the default type from a type rule. | |
| int | qpol_terule_get_rule_type (const qpol_policy_t *policy, const qpol_terule_t *rule, uint32_t *rule_type) |
| Get the rule type value for a type rule. | |
| int | qpol_terule_get_cond (const qpol_policy_t *policy, const qpol_terule_t *rule, const qpol_cond_t **cond) |
| Get the conditional from which a type rule comes. | |
| int | qpol_terule_get_is_enabled (const qpol_policy_t *policy, const qpol_terule_t *rule, uint32_t *is_enabled) |
| Determine if a rule is enabled. | |
| int | qpol_terule_get_which_list (const qpol_policy_t *policy, const qpol_terule_t *rule, uint32_t *which_list) |
| Get the list (true or false) in which a conditional rule is. | |
|
|
|
|
Definition at line 42 of file terule_query.h. Referenced by apol_rule_type_to_str(), apol_syn_terule_get_by_query(), apol_terule_get_by_query(), policy_view_stats_update(), print_stats(), qpol_policy_add_cond_rule_traceback(), terule_basic_syn(), and terule_get_items_member(). |
|
|
Definition at line 37 of file terule_query.h. Referenced by apol_policy_build_domain_trans_table(), apol_terule_list_to_syn_terules(), apol_types_relation_types(), find_domains_run(), find_file_types_run(), print_te_results(), rule_select(), terule_add_to_bst(), terule_deep_diff(), terule_get_items(), and terule_new_diff(). |
|
||||||||||||||||
|
Get an iterator over all type rules in a policy of a rule type in rule_type_mask. It is an error to call this function if rules are not loaded.
Definition at line 36 of file terule_query.c. References avtab_state_next(), avtab_state_t, avtab_state::cond_tab, ERR, avtab_state::node, qpol_policy::p, QPOL_CAP_RULES_LOADED, qpol_iterator_create(), qpol_iterator_t, qpol_policy_has_capability(), qpol_policy_t, avtab_state::rule_type_mask, and avtab_state::ucond_tab. Referenced by policy_view_stats_update(), print_stats(), qpol_policy_add_cond_rule_traceback(), rule_select(), and terule_get_items(). 00037 {
00038 policydb_t *db;
00039 avtab_state_t *state;
00040
00041 if (iter) {
00042 *iter = NULL;
00043 }
00044 if (policy == NULL || iter == NULL) {
00045 ERR(policy, "%s", strerror(EINVAL));
00046 errno = EINVAL;
00047 return STATUS_ERR;
00048 }
00049
00050 if (!qpol_policy_has_capability(policy, QPOL_CAP_RULES_LOADED)) {
00051 ERR(policy, "%s", "Cannot get terules: Rules not loaded");
00052 errno = ENOTSUP;
00053 return STATUS_ERR;
00054 }
00055
00056 db = &policy->p->p;
00057
00058 state = calloc(1, sizeof(avtab_state_t));
00059 if (state == NULL) {
00060 ERR(policy, "%s", strerror(ENOMEM));
00061 errno = ENOMEM;
00062 return STATUS_ERR;
00063 }
00064 state->ucond_tab = &db->te_avtab;
00065 state->cond_tab = &db->te_cond_avtab;
00066 state->rule_type_mask = rule_type_mask;
00067 state->node = db->te_avtab.htable[0];
00068
00069 if (qpol_iterator_create
00070 (policy, state, avtab_state_get_cur, avtab_state_next, avtab_state_end, avtab_state_size, free, iter)) {
00071 free(state);
00072 return STATUS_ERR;
00073 }
00074 if (state->node == NULL || !(state->node->key.specified & state->rule_type_mask)) {
00075 avtab_state_next(*iter);
00076 }
00077 return STATUS_SUCCESS;
00078 }
|
|
||||||||||||||||
|
Get the source type from a type rule.
Definition at line 80 of file terule_query.c. References ERR, qpol_policy::p, qpol_policy_t, and qpol_type_t. Referenced by apol_terule_render(), qpol_terule_get_syn_terule_iter(), rule_select(), table_add_terule(), and terule_expand(). 00081 {
00082 policydb_t *db = NULL;
00083 avtab_ptr_t terule = NULL;
00084
00085 if (source) {
00086 *source = NULL;
00087 }
00088
00089 if (!policy || !rule || !source) {
00090 ERR(policy, "%s", strerror(EINVAL));
00091 errno = EINVAL;
00092 return STATUS_ERR;
00093 }
00094
00095 db = &policy->p->p;
00096 terule = (avtab_ptr_t) rule;
00097
00098 *source = (qpol_type_t *) db->type_val_to_struct[terule->key.source_type - 1];
00099
00100 return STATUS_SUCCESS;
00101 }
|
|
||||||||||||||||
|
Get the target type from a type rule.
Definition at line 103 of file terule_query.c. References ERR, qpol_policy::p, qpol_policy_t, and qpol_type_t. Referenced by apol_terule_render(), apol_types_relation_types(), qpol_terule_get_syn_terule_iter(), rule_select(), table_add_terule(), and terule_expand(). 00104 {
00105 policydb_t *db = NULL;
00106 avtab_ptr_t terule = NULL;
00107
00108 if (target) {
00109 *target = NULL;
00110 }
00111
00112 if (!policy || !rule || !target) {
00113 ERR(policy, "%s", strerror(EINVAL));
00114 errno = EINVAL;
00115 return STATUS_ERR;
00116 }
00117
00118 db = &policy->p->p;
00119 terule = (avtab_ptr_t) rule;
00120
00121 *target = (qpol_type_t *) db->type_val_to_struct[terule->key.target_type - 1];
00122
00123 return STATUS_SUCCESS;
00124 }
|
|
||||||||||||||||
|
Get the object class from a type rule.
Definition at line 126 of file terule_query.c. References ERR, qpol_policy::p, qpol_class_t, and qpol_policy_t. Referenced by apol_terule_render(), find_file_types_run(), qpol_terule_get_syn_terule_iter(), rule_select(), and terule_add_to_bst(). 00127 {
00128 policydb_t *db = NULL;
00129 avtab_ptr_t terule = NULL;
00130
00131 if (obj_class) {
00132 *obj_class = NULL;
00133 }
00134
00135 if (!policy || !rule || !obj_class) {
00136 ERR(policy, "%s", strerror(EINVAL));
00137 errno = EINVAL;
00138 return STATUS_ERR;
00139 }
00140
00141 db = &policy->p->p;
00142 terule = (avtab_ptr_t) rule;
00143
00144 *obj_class = (qpol_class_t *) db->class_val_to_struct[terule->key.target_class - 1];
00145
00146 return STATUS_SUCCESS;
00147 }
|
|
||||||||||||||||
|
Get the default type from a type rule.
Definition at line 149 of file terule_query.c. References ERR, qpol_policy::p, qpol_policy_t, and qpol_type_t. Referenced by apol_terule_render(), apol_types_relation_types(), rule_select(), table_add_terule(), and terule_add_to_bst(). 00150 {
00151 policydb_t *db = NULL;
00152 avtab_ptr_t terule = NULL;
00153
00154 if (dflt) {
00155 *dflt = NULL;
00156 }
00157
00158 if (!policy || !rule || !dflt) {
00159 ERR(policy, "%s", strerror(EINVAL));
00160 errno = EINVAL;
00161 return STATUS_ERR;
00162 }
00163
00164 db = &policy->p->p;
00165 terule = (avtab_ptr_t) rule;
00166
00167 *dflt = (qpol_type_t *) db->type_val_to_struct[terule->datum.data - 1];
00168
00169 return STATUS_SUCCESS;
00170 }
|
|
||||||||||||||||
|
Get the rule type value for a type rule.
Definition at line 172 of file terule_query.c. References ERR, qpol_policy::p, qpol_policy_t, QPOL_RULE_TYPE_CHANGE, and QPOL_RULE_TYPE_TRANS. Referenced by apol_terule_render(), qpol_terule_get_syn_terule_iter(), and terule_add_to_bst(). 00173 {
00174 policydb_t *db = NULL;
00175 avtab_ptr_t terule = NULL;
00176
00177 if (rule_type) {
00178 *rule_type = 0;
00179 }
00180
00181 if (!policy || !rule || !rule_type) {
00182 ERR(policy, "%s", strerror(EINVAL));
00183 errno = EINVAL;
00184 return STATUS_ERR;
00185 }
00186
00187 db = &policy->p->p;
00188 terule = (avtab_ptr_t) rule;
00189
00190 *rule_type = (terule->key.specified & (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER));
00191
00192 return STATUS_SUCCESS;
00193 }
|
|
||||||||||||||||
|
Get the conditional from which a type rule comes. If the rule is not a conditional rule *cond is set to NULL.
Definition at line 195 of file terule_query.c. References ERR, qpol_cond_t, and qpol_policy_t. Referenced by print_te_results(), qpol_terule_get_syn_terule_iter(), rule_select(), and terule_add_to_bst(). 00196 {
00197 avtab_ptr_t terule = NULL;
00198
00199 if (cond) {
00200 *cond = NULL;
00201 }
00202
00203 if (!policy || !rule || !cond) {
00204 ERR(policy, "%s", strerror(EINVAL));
00205 errno = EINVAL;
00206 return STATUS_ERR;
00207 }
00208
00209 terule = (avtab_ptr_t) rule;
00210
00211 *cond = (qpol_cond_t *) terule->parse_context;
00212
00213 return STATUS_SUCCESS;
00214 }
|
|
||||||||||||||||
|
Determine if a rule is enabled. Unconditional rules are always enabled.
Definition at line 216 of file terule_query.c. References ERR, and qpol_policy_t. Referenced by print_te_results(), and rule_select(). 00217 {
00218 avtab_ptr_t terule = NULL;
00219
00220 if (is_enabled) {
00221 *is_enabled = 0;
00222 }
00223
00224 if (!policy || !rule || !is_enabled) {
00225 ERR(policy, "%s", strerror(EINVAL));
00226 errno = EINVAL;
00227 return STATUS_ERR;
00228 }
00229
00230 terule = (avtab_ptr_t) rule;
00231
00232 *is_enabled = ((terule->merged & QPOL_COND_RULE_ENABLED) ? 1 : 0);
00233
00234 return STATUS_SUCCESS;
00235 }
|
|
||||||||||||||||
|
Get the list (true or false) in which a conditional rule is. It is an error to call this function for an unconditional rule.
Definition at line 237 of file terule_query.c. References ERR, and qpol_policy_t. Referenced by print_te_results(), and terule_add_to_bst(). 00238 {
00239 avtab_ptr_t terule = NULL;
00240
00241 if (which_list) {
00242 *which_list = 0;
00243 }
00244
00245 if (!policy || !rule || !which_list) {
00246 ERR(policy, "%s", strerror(EINVAL));
00247 errno = EINVAL;
00248 return STATUS_ERR;
00249 }
00250
00251 terule = (avtab_ptr_t) rule;
00252
00253 if (!terule->parse_context) {
00254 ERR(policy, "%s", strerror(EINVAL));
00255 errno = EINVAL;
00256 return STATUS_ERR;
00257 }
00258
00259 *which_list = ((terule->merged & QPOL_COND_RULE_LIST) ? 1 : 0);
00260
00261 return STATUS_SUCCESS;
00262 }
|
