/**
* Perform the rule query within a thread.
*/
static gpointer policy_view_find_terules_runner(gpointer data)
{
struct find_terules_datum *run = (struct find_terules_datum *)data;
run->results = NULL;
qpol_policy_t *q = apol_policy_get_qpol(run->policy);
if (!qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES)) {
progress_update(run->progress, "Searching AV rules");
run->retval = apol_avrule_get_by_query(run->policy, run->query, &run->results);
run->is_syn_rules = 0;
} else {
qpol_policy_build_syn_rule_table(q);
progress_update(run->progress, "Searching syntactic AV rules");
run->retval = apol_syn_avrule_get_by_query(run->policy, run->query, &run->results);
run->is_syn_rules = 1;
}
if (run->retval == 0) {
progress_done(run->progress);
} else {
progress_abort(run->progress, NULL);
}
return NULL;
}
static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
{
apol_avrule_query_t *avq = NULL;
unsigned int rules = 0;
int error = 0;
char *tmp = NULL, *tok = NULL, *s = NULL;
if (!policy || !opt || !v) {
PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL));
errno = EINVAL;
return -1;
}
if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) {
*v = NULL;
return 0; /* no search to do */
}
avq = apol_avrule_query_create();
if (!avq) {
PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
errno = ENOMEM;
return -1;
}
if (opt->allow || opt->all)
rules |= QPOL_RULE_ALLOW;
if (opt->nallow || opt->all) // Add this regardless of policy capabilities
rules |= QPOL_RULE_NEVERALLOW;
if (opt->auditallow || opt->all)
rules |= QPOL_RULE_AUDITALLOW;
if (opt->dontaudit || opt->all)
rules |= QPOL_RULE_DONTAUDIT;
if (rules != 0) // Setting rules = 0 means you want all the rules
apol_avrule_query_set_rules(policy, avq, rules);
apol_avrule_query_set_regex(policy, avq, opt->useregex);
if (opt->src_name)
apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect);
if (opt->tgt_name)
apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect);
if (opt->bool_name)
apol_avrule_query_set_bool(policy, avq, opt->bool_name);
if (opt->class_name) {
if (opt->class_vector == NULL) {
if (apol_avrule_query_append_class(policy, avq, opt->class_name)) {
goto err;
}
} else {
size_t i;
for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
char *class_name;
class_name = apol_vector_get_element(opt->class_vector, i);
if (!class_name)
continue;
if (apol_avrule_query_append_class(policy, avq, class_name)) {
goto err;
}
}
}
}
if (opt->permlist) {
tmp = strdup(opt->permlist);
for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) {
if (apol_avrule_query_append_perm(policy, avq, tok)) {
goto err;
}
if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) {
goto err;
}
s = NULL;
}
free(tmp);
tmp = NULL;
}
if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
if (apol_syn_avrule_get_by_query(policy, avq, v)) {
goto err;
}
} else {
if (apol_avrule_get_by_query(policy, avq, v)) {
goto err;
}
}
apol_avrule_query_destroy(&avq);
return 0;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(error));
apol_vector_destroy(v);
apol_avrule_query_destroy(&avq);
free(tmp);
free(s);
errno = error;
return -1;
}
