int add_perm_to_class(uint32_t perm_value, uint32_t class_value)
{
avrule_decl_t *decl = stack_top->decl;
scope_index_t *scope;
assert(perm_value >= 1);
assert(class_value >= 1);
scope = &decl->required;
if (class_value > scope->class_perms_len) {
int i;
ebitmap_t *new_map = realloc(scope->class_perms_map,
class_value * sizeof(*new_map));
if (new_map == NULL) {
return -1;
}
scope->class_perms_map = new_map;
for (i = scope->class_perms_len; i < class_value; i++) {
ebitmap_init(scope->class_perms_map + i);
}
scope->class_perms_len = class_value;
}
if (ebitmap_set_bit(scope->class_perms_map + class_value - 1, perm_value - 1, 1)) {
return -1;
}
return 0;
}
static bool is_type_of_attribute_set(policydb_t *policydb, const char *type_name,
ebitmap_t *attr_set)
{
struct type_datum *type = hashtab_search(policydb->p_types.table, (char *)type_name);
if (!type) {
fprintf(stderr, "Error: \"%s\" is not defined in this policy.\n", type_name);
return false;
}
if (type->flavor != TYPE_TYPE) {
fprintf(stderr, "Error: \"%s\" is not a type in this policy.\n", type_name);
return false;
}
ebitmap_t dst;
ebitmap_init(&dst);
/* Take the intersection, if the set is empty, then its a failure */
int rc = ebitmap_and(&dst, attr_set, &policydb->type_attr_map[type->s.value - 1]);
if (rc) {
fprintf(stderr, "Error: Could not perform ebitmap_and: %d\n", rc);
exit(1);
}
bool res = (bool)ebitmap_length(&dst);
ebitmap_destroy(&dst);
return res;
}
avrule_decl_t *avrule_decl_create(uint32_t decl_id)
{
avrule_decl_t *decl;
int i;
if ((decl = calloc(1, sizeof(*decl))) == NULL) {
return NULL;
}
decl->decl_id = decl_id;
for (i = 0; i < SYM_NUM; i++) {
if (symtab_init(&decl->symtab[i], symtab_sizes[i])) {
avrule_decl_destroy(decl);
free(decl);
return NULL;
}
}
for (i = 0; i < SYM_NUM; i++) {
ebitmap_init(&decl->required.scope[i]);
ebitmap_init(&decl->declared.scope[i]);
}
return decl;
}
/*
* Convert the MLS fields in the security context
* structure `c' from the values specified in the
* policy `oldp' to the values specified in the policy `newp'.
*/
int mls_convert_context(struct policydb *oldp,
struct policydb *newp,
struct context *c)
{
struct level_datum *levdatum;
struct cat_datum *catdatum;
struct ebitmap bitmap;
int l, i;
for (l = 0; l < 2; l++) {
levdatum = hashtab_search(newp->p_levels.table,
oldp->p_sens_val_to_name[c->range.level[l].sens - 1]);
if (!levdatum)
return -EINVAL;
c->range.level[l].sens = levdatum->level->sens;
ebitmap_init(&bitmap);
for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) {
if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) {
int rc;
catdatum = hashtab_search(newp->p_cats.table,
oldp->p_cat_val_to_name[i - 1]);
if (!catdatum)
return -EINVAL;
rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
if (rc)
return rc;
}
}
ebitmap_destroy(&c->range.level[l].cat);
c->range.level[l].cat = bitmap;
}
return 0;
}
