sechk_module_t *sechk_module_new(void)
{
sechk_module_t *mod = NULL;
int error = 0;
mod = calloc(1, sizeof(sechk_module_t));
if (!mod)
return NULL;
/* create empty vectors */
if (!(mod->options = apol_vector_create(sechk_name_value_free)) ||
!(mod->requirements = apol_vector_create(sechk_name_value_free)) ||
!(mod->dependencies = apol_vector_create(sechk_name_value_free))
|| !(mod->functions = apol_vector_create(sechk_fn_free))) {
error = errno;
apol_vector_destroy(&mod->options);
apol_vector_destroy(&mod->requirements);
apol_vector_destroy(&mod->dependencies);
apol_vector_destroy(&mod->functions);
free(mod);
errno = error;
return NULL;
}
return mod;
}
void seaudit_log_destroy(seaudit_log_t ** log)
{
size_t i;
if (log == NULL || *log == NULL) {
return;
}
for (i = 0; i < apol_vector_get_size((*log)->models); i++) {
seaudit_model_t *m = apol_vector_get_element((*log)->models, i);
model_remove_log(m, *log);
}
apol_vector_destroy(&(*log)->messages);
apol_vector_destroy(&(*log)->malformed_msgs);
apol_vector_destroy(&(*log)->models);
apol_bst_destroy(&(*log)->types);
apol_bst_destroy(&(*log)->classes);
apol_bst_destroy(&(*log)->roles);
apol_bst_destroy(&(*log)->users);
apol_bst_destroy(&(*log)->perms);
apol_bst_destroy(&(*log)->hosts);
apol_bst_destroy(&(*log)->bools);
apol_bst_destroy(&(*log)->managers);
apol_bst_destroy(&(*log)->mls_lvl);
apol_bst_destroy(&(*log)->mls_clr);
free(*log);
*log = NULL;
}
void nomls_tests()
{
size_t first_diff = 0;
int test_result;
unchanged_users_v = apol_vector_create(free);
changed_users_v = apol_vector_create(free);
apol_vector_t *correct_unchanged_users_v = string_array_to_vector(nomls_unchanged_users);
apol_vector_t *correct_changed_users_v = string_array_to_vector(nomls_changed_users);
build_nomls_vecs();
apol_vector_sort(unchanged_users_v, compare_str, NULL);
apol_vector_sort(correct_unchanged_users_v, compare_str, NULL);
CU_ASSERT_FALSE(test_result =
apol_vector_compare(unchanged_users_v, correct_unchanged_users_v, compare_str, NULL, &first_diff));
if (test_result) {
print_test_failure(unchanged_users_v, correct_unchanged_users_v, first_diff, "Unchanged MLS Users");
}
apol_vector_sort(changed_users_v, compare_str, NULL);
apol_vector_sort(correct_changed_users_v, compare_str, NULL);
CU_ASSERT_FALSE(test_result =
apol_vector_compare(changed_users_v, correct_changed_users_v, compare_str, NULL, &first_diff));
if (test_result) {
print_test_failure(changed_users_v, correct_changed_users_v, first_diff, "Changed MLS Users");
}
apol_vector_destroy(&unchanged_users_v);
apol_vector_destroy(&changed_users_v);
apol_vector_destroy(&correct_unchanged_users_v);
apol_vector_destroy(&correct_changed_users_v);
}
static void filters_simple()
{
seaudit_filter_t *f = seaudit_filter_create("simple filter");
CU_ASSERT_PTR_NOT_NULL_FATAL(f);
int retval;
apol_vector_t *v = apol_str_split("system_u", ":");
CU_ASSERT_PTR_NOT_NULL_FATAL(v);
retval = seaudit_filter_set_source_user(f, v);
CU_ASSERT(retval == 0);
apol_vector_destroy(&v);
retval = seaudit_model_append_filter(m, f);
CU_ASSERT(retval == 0);
v = seaudit_model_get_messages(l, m);
CU_ASSERT_PTR_NOT_NULL_FATAL(v);
CU_ASSERT(apol_vector_get_size(v) == 5 + 5);
apol_vector_destroy(&v);
retval = seaudit_filter_set_strict(f, true);
CU_ASSERT(retval == 0);
v = seaudit_model_get_messages(l, m);
CU_ASSERT_PTR_NOT_NULL_FATAL(v);
CU_ASSERT(apol_vector_get_size(v) == 5);
apol_vector_destroy(&v);
retval = seaudit_filter_set_strict(f, false);
CU_ASSERT(retval == 0);
v = seaudit_model_get_messages(l, m);
CU_ASSERT_PTR_NOT_NULL_FATAL(v);
CU_ASSERT(apol_vector_get_size(v) == 5 + 5);
apol_vector_destroy(&v);
}
int level_new_diff(poldiff_t * diff, poldiff_form_e form, const void *item)
{
const qpol_level_t *l = item;
const char *name = NULL;
poldiff_level_t *pl = NULL;
apol_policy_t *p;
qpol_policy_t *q;
apol_vector_t *v = NULL;
int error = 0, retval = -1;
if (form == POLDIFF_FORM_ADDED) {
p = diff->mod_pol;
q = diff->mod_qpol;
} else {
p = diff->orig_pol;
q = diff->orig_qpol;
}
if (qpol_level_get_name(q, l, &name) < 0 || (pl = make_diff(diff, form, name)) == NULL) {
error = errno;
goto cleanup;
}
if ((v = level_get_cats(diff, p, l)) == NULL) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
if (form == POLDIFF_FORM_ADDED) {
apol_vector_destroy(&pl->added_cats);
if ((pl->added_cats = apol_vector_create_from_vector(v, apol_str_strdup, NULL, free)) == NULL) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
} else if (form == POLDIFF_FORM_REMOVED) {
apol_vector_destroy(&pl->removed_cats);
if ((pl->removed_cats = apol_vector_create_from_vector(v, apol_str_strdup, NULL, free)) == NULL) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
}
if (apol_vector_append(diff->level_diffs->diffs, pl) < 0) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
if (form == POLDIFF_FORM_ADDED) {
diff->level_diffs->num_added++;
} else {
diff->level_diffs->num_removed++;
}
retval = 0;
cleanup:
apol_vector_destroy(&v);
if (retval < 0) {
level_free(pl);
errno = error;
}
return retval;
}
void level_free(void *elem)
{
poldiff_level_t *s = elem;
if (!elem)
return;
free(s->name);
apol_vector_destroy(&s->added_cats);
apol_vector_destroy(&s->removed_cats);
apol_vector_destroy(&s->unmodified_cats);
free(s);
}
apol_policy_path_t *apol_policy_path_create_from_string(const char *path_string)
{
apol_policy_path_t *p = NULL;
apol_vector_t *tokens = NULL;
apol_policy_path_type_e path_type;
char *s;
size_t i;
if (path_string == NULL) {
errno = EINVAL;
return NULL;
}
if ((tokens = apol_str_split(path_string, ":")) == NULL) {
return NULL;
}
/* first token identifies the path type */
if (apol_vector_get_size(tokens) < 2) {
apol_vector_destroy(&tokens);
return NULL;
}
s = apol_vector_get_element(tokens, 0);
if (strcmp(s, "monolithic") == 0) {
path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
} else if (strcmp(s, "modular") == 0) {
path_type = APOL_POLICY_PATH_TYPE_MODULAR;
} else {
apol_vector_destroy(&tokens);
errno = EINVAL;
return NULL;
}
/* second token identifies gives base path */
s = apol_vector_get_element(tokens, 1);
if ((p = apol_policy_path_create(path_type, s, NULL)) == NULL) {
apol_vector_destroy(&tokens);
return NULL;
}
if (path_type == APOL_POLICY_PATH_TYPE_MODULAR) {
/* remainder are module paths */
for (i = 2; i < apol_vector_get_size(tokens); i++) {
s = apol_vector_get_element(tokens, i);
if ((s = strdup(s)) == NULL || apol_vector_append(p->modules, s) < 0) {
free(s);
apol_vector_destroy(&tokens);
apol_policy_path_destroy(&p);
return NULL;
}
}
apol_vector_sort_uniquify(p->modules, apol_str_strcmp, NULL);
}
return p;
}
int level_deep_diff(poldiff_t * diff, const void *x, const void *y)
{
const qpol_level_t *l1 = x;
const qpol_level_t *l2 = y;
apol_vector_t *v1 = NULL, *v2 = NULL;
apol_vector_t *added = NULL, *removed = NULL, *unmodified = NULL;
const char *name;
poldiff_level_t *l = NULL;
int retval = -1, error = 0, compval;
if (qpol_level_get_name(diff->orig_qpol, l1, &name) < 0 ||
(v1 = level_get_cats(diff, diff->orig_pol, l1)) == NULL || (v2 = level_get_cats(diff, diff->mod_pol, l2)) == NULL) {
error = errno;
goto cleanup;
}
apol_vector_sort(v1, apol_str_strcmp, NULL);
apol_vector_sort(v2, apol_str_strcmp, NULL);
compval = level_deep_diff_cats(diff, v1, v2, &added, &removed, &unmodified);
if (compval < 0) {
error = errno;
goto cleanup;
} else if (compval > 0) {
if ((l = make_diff(diff, POLDIFF_FORM_MODIFIED, name)) == NULL) {
error = errno;
goto cleanup;
}
apol_vector_destroy(&l->added_cats);
apol_vector_destroy(&l->removed_cats);
apol_vector_destroy(&l->unmodified_cats);
if ((l->added_cats = apol_vector_create_from_vector(added, apol_str_strdup, NULL, free)) == NULL ||
(l->removed_cats = apol_vector_create_from_vector(removed, apol_str_strdup, NULL, free)) == NULL ||
(l->unmodified_cats = apol_vector_create_from_vector(unmodified, apol_str_strdup, NULL, free)) == NULL) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
apol_vector_sort(l->removed_cats, level_cat_comp, diff->orig_qpol);
apol_vector_sort(l->added_cats, level_cat_comp, diff->mod_qpol);
apol_vector_sort(l->unmodified_cats, level_cat_comp, diff->orig_qpol);
if (apol_vector_append(diff->level_diffs->diffs, l) < 0) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
diff->level_diffs->num_modified++;
}
retval = 0;
cleanup:
apol_vector_destroy(&v1);
apol_vector_destroy(&v2);
apol_vector_destroy(&added);
apol_vector_destroy(&removed);
apol_vector_destroy(&unmodified);
if (retval != 0) {
level_free(l);
}
errno = error;
return retval;
}
void sechk_lib_destroy(sechk_lib_t ** lib)
{
if (lib == NULL || *lib == NULL)
return;
apol_vector_destroy(&((*lib)->modules));
apol_policy_destroy(&((*lib)->policy));
apol_vector_destroy(&((*lib)->fc_entries));
free((*lib)->fc_path);
sefs_fclist_destroy(&((*lib)->fc_file));
free((*lib)->selinux_config_path);
apol_policy_path_destroy(&((*lib)->policy_path));
free(*lib);
*lib = NULL;
}
int apol_userbounds_get_by_query(const apol_policy_t * p, apol_userbounds_query_t * q, apol_vector_t ** v)
{
qpol_iterator_t *iter;
int retval = -1;
*v = NULL;
if (qpol_policy_get_userbounds_iter(p->p, &iter) < 0) {
return -1;
}
if ((*v = apol_vector_create(NULL)) == NULL) {
ERR(p, "%s", strerror(errno));
goto cleanup;
}
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
const qpol_userbounds_t *userbounds;
if (qpol_iterator_get_item(iter, (void **)&userbounds) < 0) {
goto cleanup;
}
if (q != NULL) {
if (apol_vector_append(*v, (void *)userbounds)) {
ERR(p, "%s", strerror(ENOMEM));
goto cleanup;
}
}
}
retval = 0;
cleanup:
if (retval != 0) {
apol_vector_destroy(v);
}
qpol_iterator_destroy(&iter);
return retval;
}
void bool_message_free(seaudit_bool_message_t * boolm)
{
if (boolm != NULL) {
apol_vector_destroy(&boolm->changes);
free(boolm);
}
}
/**
* Gets a textual representation of a MLS category and
* all of that category's sensitivies.
*
* @param type_datum Reference to sepol type_datum
* @param policydb Reference to a policy
*/
static PyObject* get_cat_sens(const qpol_cat_t * cat_datum, const apol_policy_t * policydb)
{
const char *cat_name, *lvl_name;
apol_level_query_t *query = NULL;
apol_vector_t *v = NULL;
const qpol_level_t *lvl_datum = NULL;
qpol_policy_t *q = apol_policy_get_qpol(policydb);
size_t i, n_sens = 0;
int error = 0;
PyObject *list = NULL;
PyObject *dict = PyDict_New();
if (!dict) goto err;
if (!cat_datum || !policydb)
goto err;
/* get category name for apol query */
if (qpol_cat_get_name(q, cat_datum, &cat_name))
goto cleanup;
query = apol_level_query_create();
if (!query)
goto err;
if (apol_level_query_set_cat(policydb, query, cat_name))
goto err;
if (apol_level_get_by_query(policydb, query, &v))
goto err;
apol_vector_sort(v, &qpol_level_datum_compare, (void *)policydb);
dict = PyDict_New();
if (!dict) goto err;
if (py_insert_string(dict, "name", cat_name))
goto err;
n_sens = apol_vector_get_size(v);
list = PyList_New(0);
if (!list) goto err;
for (i = 0; i < n_sens; i++) {
lvl_datum = (qpol_level_t *) apol_vector_get_element(v, i);
if (!lvl_datum)
goto err;
if (qpol_level_get_name(q, lvl_datum, &lvl_name))
goto err;
if (py_append_string(list, lvl_name))
goto err;
}
if (py_insert_obj(dict, "level", list))
goto err;
Py_DECREF(list);
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
py_decref(list); list = NULL;
py_decref(dict); dict = NULL;
cleanup:
apol_level_query_destroy(&query);
apol_vector_destroy(&v);
errno = error;
return dict;
}
void level_destroy(poldiff_level_summary_t ** ls)
{
if (ls == NULL || *ls == NULL)
return;
apol_vector_destroy(&(*ls)->diffs);
free(*ls);
*ls = NULL;
}
static void terule_basic_syn(void)
{
apol_terule_query_t *tq = apol_terule_query_create();
CU_ASSERT_PTR_NOT_NULL_FATAL(tq);
int retval;
retval = apol_terule_query_set_rules(sp, tq, QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER);
CU_ASSERT_EQUAL_FATAL(retval, 0);
apol_vector_t *v = NULL;
retval = apol_syn_terule_get_by_query(sp, tq, &v);
CU_ASSERT_EQUAL_FATAL(retval, 0);
CU_ASSERT_PTR_NOT_NULL(v);
size_t num_trans = 0, num_changes = 0, num_members = 0;
qpol_policy_t *q = apol_policy_get_qpol(sp);
size_t i;
for (i = 0; i < apol_vector_get_size(v); i++) {
const qpol_syn_terule_t *syn = (const qpol_syn_terule_t *)apol_vector_get_element(v, i);
uint32_t rule_type;
retval = qpol_syn_terule_get_rule_type(q, syn, &rule_type);
CU_ASSERT_EQUAL_FATAL(retval, 0);
CU_ASSERT(rule_type == QPOL_RULE_TYPE_TRANS || rule_type == QPOL_RULE_TYPE_CHANGE ||
rule_type == QPOL_RULE_TYPE_MEMBER);
if (rule_type == QPOL_RULE_TYPE_TRANS) {
num_trans++;
} else if (rule_type == QPOL_RULE_TYPE_CHANGE) {
num_changes++;
} else if (rule_type == QPOL_RULE_TYPE_MEMBER) {
num_members++;
}
}
CU_ASSERT(num_trans == 6 && num_changes == 3 && num_members == 4);
apol_vector_destroy(&v);
retval = apol_terule_query_append_class(sp, tq, "cursor");
CU_ASSERT_EQUAL_FATAL(retval, 0);
retval = apol_syn_terule_get_by_query(sp, tq, &v);
CU_ASSERT_EQUAL_FATAL(retval, 0);
CU_ASSERT(v != NULL && apol_vector_get_size(v) == 0);
apol_vector_destroy(&v);
apol_terule_query_destroy(&tq);
}
static void report_window_browse(GtkEntry * entry, GtkWindow * parent, const char *title)
{
const char *current_path = gtk_entry_get_text(entry);
apol_vector_t *new_paths = util_open_file(parent, title, current_path, 0);
if (new_paths != NULL) {
gtk_entry_set_text(entry, apol_vector_get_element(new_paths, 0));
apol_vector_destroy(&new_paths);
}
}
void apol_policy_path_destroy(apol_policy_path_t ** path)
{
if (path != NULL && *path != NULL) {
free((*path)->base);
apol_vector_destroy(&(*path)->modules);
free(*path);
*path = NULL;
}
}
int apol_portcon_get_by_query(const apol_policy_t * p, const apol_portcon_query_t * po, apol_vector_t ** v)
{
qpol_iterator_t *iter;
int retval = -1, retval2;
*v = NULL;
if (qpol_policy_get_portcon_iter(p->p, &iter) < 0) {
return -1;
}
if ((*v = apol_vector_create(NULL)) == NULL) {
ERR(p, "%s", strerror(errno));
goto cleanup;
}
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
qpol_portcon_t *portcon;
if (qpol_iterator_get_item(iter, (void **)&portcon) < 0) {
goto cleanup;
}
if (po != NULL) {
uint16_t low, high;
uint8_t proto;
const qpol_context_t *context;
if (qpol_portcon_get_low_port(p->p,
portcon, &low) < 0 ||
qpol_portcon_get_high_port(p->p,
portcon, &high) < 0 ||
qpol_portcon_get_protocol(p->p,
portcon, &proto) < 0 || qpol_portcon_get_context(p->p, portcon, &context) < 0)
{
goto cleanup;
}
if ((po->low >= 0 && ((uint16_t) po->low) != low) ||
(po->high >= 0 && ((uint16_t) po->high) != high) || (po->proto >= 0 && ((uint8_t) po->proto) != proto))
{
continue;
}
retval2 = apol_compare_context(p, context, po->context, po->flags);
if (retval2 < 0) {
goto cleanup;
} else if (retval2 == 0) {
continue;
}
}
if (apol_vector_append(*v, portcon)) {
ERR(p, "%s", strerror(ENOMEM));
goto cleanup;
}
}
retval = 0;
cleanup:
if (retval != 0) {
apol_vector_destroy(v);
}
qpol_iterator_destroy(&iter);
return retval;
}
void sechk_result_destroy(sechk_result_t ** res)
{
if (!res || !(*res))
return;
free((*res)->test_name);
apol_vector_destroy(&((*res)->items));
free(*res);
*res = NULL;
}
/**
* Get a policy's MLS sensitivities.
* If this function is given a name, it will attempt to
* get statistics about a particular sensitivity; otherwise
* the function gets statistics about all of the policy's
* sensitivities.
*
* @param name Reference to a sensitivity's name; if NULL,
* all sensitivities will be considered
* @param policydb Reference to a policy
*
* @return 0 on success, < 0 on error.
*/
static PyObject* get_sens(const char *name, const apol_policy_t * policydb)
{
PyObject *dict = NULL;
int error = 0;
int rt = 0;
size_t i;
char *tmp = NULL;
const char *lvl_name = NULL;
apol_level_query_t *query = NULL;
apol_vector_t *v = NULL;
const qpol_level_t *level = NULL;
apol_mls_level_t *ap_mls_lvl = NULL;
qpol_policy_t *q = apol_policy_get_qpol(policydb);
query = apol_level_query_create();
if (!query)
goto cleanup;
if (apol_level_query_set_sens(policydb, query, name))
goto cleanup;
if (apol_level_get_by_query(policydb, query, &v))
goto cleanup;
dict = PyDict_New();
if (!dict) goto err;
for (i = 0; i < apol_vector_get_size(v); i++) {
level = apol_vector_get_element(v, i);
if (qpol_level_get_name(q, level, &lvl_name))
goto err;
ap_mls_lvl = (apol_mls_level_t *) apol_mls_level_create_from_qpol_level_datum(policydb, level);
tmp = apol_mls_level_render(policydb, ap_mls_lvl);
apol_mls_level_destroy(&ap_mls_lvl);
if (!tmp)
goto cleanup;
if (py_insert_string(dict, lvl_name, tmp))
goto err;
free(tmp); tmp = NULL;
if (rt) goto err;
}
if (name && !apol_vector_get_size(v)) {
goto cleanup;
}
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(error));
py_decref(dict); dict = NULL;
cleanup:
free(tmp);
apol_level_query_destroy(&query);
apol_vector_destroy(&v);
errno = error;
return dict;
}
void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** t)
{
if (t != NULL && *t != NULL) {
free((*t)->source);
free((*t)->target);
free((*t)->default_type);
free((*t)->name);
apol_vector_destroy(&(*t)->classes);
free(*t);
*t = NULL;
}
}
void sechk_item_free(void *item)
{
sechk_item_t *it = (sechk_item_t *) item;
if (!item)
return;
apol_vector_destroy(&it->proof);
if (it->item_free_fn)
it->item_free_fn(it->item);
free(item);
}
void sechk_module_free(void *module)
{
sechk_module_t *mod = (sechk_module_t *) module;
if (!module)
return;
/* do not free describtin fields */
sechk_result_destroy(&mod->result);
apol_vector_destroy(&mod->options);
apol_vector_destroy(&mod->requirements);
apol_vector_destroy(&mod->dependencies);
/* do not free severity */
if (mod->data) {
assert(mod->data_free);
mod->data_free(mod->data);
}
free(mod->name);
mod->name = NULL;
apol_vector_destroy(&mod->functions);
free(mod);
}
int apol_filename_trans_query_append_class(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *obj_class)
{
char *s = NULL;
if (obj_class == NULL) {
apol_vector_destroy(&t->classes);
} else if ((s = strdup(obj_class)) == NULL || (t->classes == NULL && (t->classes = apol_vector_create(free)) == NULL)
|| apol_vector_append(t->classes, s) < 0) {
ERR(p, "%s", strerror(errno));
free(s);
return -1;
}
return 0;
}
void seaudit_log_clear(seaudit_log_t * log)
{
if (log == NULL) {
errno = EINVAL;
return;
}
apol_vector_destroy(&log->messages);
apol_vector_destroy(&log->malformed_msgs);
apol_bst_destroy(&log->types);
apol_bst_destroy(&log->classes);
apol_bst_destroy(&log->roles);
apol_bst_destroy(&log->users);
apol_bst_destroy(&log->perms);
apol_bst_destroy(&log->hosts);
apol_bst_destroy(&log->bools);
apol_bst_destroy(&log->managers);
apol_bst_destroy(&log->mls_lvl);
apol_bst_destroy(&log->mls_clr);
if ((log->messages = apol_vector_create(message_free)) == NULL ||
(log->malformed_msgs = apol_vector_create(free)) == NULL ||
(log->types = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(log->classes = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(log->roles = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(log->users = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(log->perms = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(log->mls_lvl = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(log->mls_clr = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(log->hosts = apol_bst_create(apol_str_strcmp, free)) == NULL
|| (log->bools = apol_bst_create(apol_str_strcmp, free)) == NULL
|| (log->managers = apol_bst_create(apol_str_strcmp, free)) == NULL) {
/* hopefully will never get here... */
return;
}
for (size_t i = 0; i < apol_vector_get_size(log->models); i++) {
seaudit_model_t *m = apol_vector_get_element(log->models, i);
model_notify_log_changed(m, log);
}
}
static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
{
apol_role_allow_query_t *raq = NULL;
int error = 0;
if (!policy || !opt || !v) {
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return -1;
}
if (!opt->role_allow && !opt->all) {
*v = NULL;
return 0; /* no search to do */
}
raq = apol_role_allow_query_create();
if (!raq) {
ERR(policy, "%s", strerror(ENOMEM));
errno = ENOMEM;
return -1;
}
apol_role_allow_query_set_regex(policy, raq, opt->useregex);
if (opt->src_role_name) {
if (apol_role_allow_query_set_source(policy, raq, opt->src_role_name)) {
error = errno;
goto err;
}
}
if (opt->tgt_role_name)
if (apol_role_allow_query_set_target(policy, raq, opt->tgt_role_name)) {
error = errno;
goto err;
}
if (apol_role_allow_get_by_query(policy, raq, v)) {
error = errno;
goto err;
}
apol_role_allow_query_destroy(&raq);
return 0;
err:
apol_vector_destroy(v);
apol_role_allow_query_destroy(&raq);
ERR(policy, "%s", strerror(error));
errno = error;
return -1;
}
/**
* Prints statistics regarding a policy's MLS categories.
* If this function is given a name, it will attempt to
* get statistics about a particular category; otherwise
* the function gets statistics about all of the policy's
* categories.
*
* @param name Reference to a MLS category's name; if NULL,
* all categories will be considered
* @param policydb Reference to a policy
*
* @return 0 on success, < 0 on error.
*/
static PyObject* get_cats(const char *name, const apol_policy_t * policydb)
{
PyObject *obj = NULL;
apol_cat_query_t *query = NULL;
apol_vector_t *v = NULL;
const qpol_cat_t *cat_datum = NULL;
size_t i, n_cats;
int error = 0;
int rt;
PyObject *list = PyList_New(0);
if (!list) goto err;
query = apol_cat_query_create();
if (!query)
goto err;
if (apol_cat_query_set_cat(policydb, query, name))
goto err;
if (apol_cat_get_by_query(policydb, query, &v))
goto err;
n_cats = apol_vector_get_size(v);
apol_vector_sort(v, &qpol_cat_datum_compare, (void *)policydb);
for (i = 0; i < n_cats; i++) {
cat_datum = apol_vector_get_element(v, i);
if (!cat_datum)
goto err;
obj = get_cat_sens(cat_datum, policydb);
if (!obj)
goto err;
rt = py_append_obj(list, obj);
Py_DECREF(obj);
if (rt) goto err;
}
if (name && !n_cats) {
goto err;
}
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
py_decref(list); list = NULL;
cleanup:
apol_cat_query_destroy(&query);
apol_vector_destroy(&v);
errno = error;
return list;
}
/**
* Helper function to set a criterion's vector, by duping the vector
* and its strings. Dupe the vector before destroying the existing
* one, in case v is the same as tgt.
*/
static int filter_set_vector(seaudit_filter_t * filter, apol_vector_t ** tgt, const apol_vector_t * v)
{
apol_vector_t *new_v = NULL;
if (v != NULL) {
if ((new_v = apol_vector_create_from_vector(v, apol_str_strdup, NULL, free)) == NULL) {
return -1;
}
}
apol_vector_destroy(tgt);
*tgt = new_v;
if (filter->model != NULL) {
model_notify_filter_changed(filter->model, filter);
}
return 0;
}
apol_vector_t *seaudit_filter_create_from_file(const char *filename)
{
struct filter_parse_state state;
int retval, error;
memset(&state, 0, sizeof(state));
if ((state.filters = apol_vector_create(filter_free)) == NULL) {
return NULL;
}
retval = filter_parse_xml(&state, filename);
error = errno;
free(state.view_name);
if (retval < 0) {
apol_vector_destroy(&state.filters);
errno = error;
return NULL;
}
return state.filters;
}
int apol_permissive_get_by_query(const apol_policy_t * p, apol_permissive_query_t * q, apol_vector_t ** v)
{
qpol_iterator_t *iter;
int retval = -1;
*v = NULL;
if (qpol_policy_get_permissive_iter(p->p, &iter) < 0) {
return -1;
}
if ((*v = apol_vector_create(NULL)) == NULL) {
ERR(p, "%s", strerror(errno));
goto cleanup;
}
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
const qpol_permissive_t *permissive;
if (qpol_iterator_get_item(iter, (void **)&permissive) < 0) {
goto cleanup;
}
if (q != NULL) {
int compval = apol_compare_permissive(p,
permissive, q->permissive_name,
q->flags, &(q->regex));
if (compval < 0) {
goto cleanup;
} else if (compval == 0) {
continue;
}
}
if (apol_vector_append(*v, (void *)permissive)) {
ERR(p, "%s", strerror(ENOMEM));
goto cleanup;
}
}
retval = 0;
cleanup:
if (retval != 0) {
apol_vector_destroy(v);
}
qpol_iterator_destroy(&iter);
return retval;
}
/**
* Given a level, return a vector of its allowed categories (in the
* form of strings). These will be sorted in policy order.
*
* @param diff Policy diff error handler.
* @param p Policy from which the level came.
* @param level Level whose categories to get.
*
* @return Vector of category strings for the level. The caller is
* responsible for calling apol_vector_destroy(). On error, return
* NULL.
*/
static apol_vector_t *level_get_cats(const poldiff_t * diff, const apol_policy_t * p, const qpol_level_t * level)
{
qpol_iterator_t *iter = NULL;
const qpol_cat_t *cat;
const char *cat_name;
apol_vector_t *v = NULL;
qpol_policy_t *q = apol_policy_get_qpol(p);
int retval = -1, error = 0;
if ((v = apol_vector_create(NULL)) == NULL) {
ERR(diff, "%s", strerror(errno));
goto cleanup;
}
if (qpol_level_get_cat_iter(q, level, &iter) < 0) {
goto cleanup;
}
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
if (qpol_iterator_get_item(iter, (void **)&cat) < 0 || qpol_cat_get_name(q, cat, &cat_name)) {
error = errno;
goto cleanup;
}
if (apol_vector_append(v, (void *)cat_name) < 0) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
}
retval = 0;
cleanup:
qpol_iterator_destroy(&iter);
if (retval < 0) {
apol_vector_destroy(&v);
errno = error;
return NULL;
}
return v;
}