/** * Gets a textual representation of an attribute, and * all of that attribute's types. * * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy */ static PyObject* get_attr(const qpol_type_t * type_datum, const apol_policy_t * policydb) { PyObject *list = NULL; const qpol_type_t *attr_datum = NULL; qpol_iterator_t *iter = NULL; const char *attr_name = NULL, *type_name = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); unsigned char isattr; int error = 0; int rt = 0; PyObject *dict = PyDict_New(); if (!dict) goto err; if (qpol_type_get_name(q, type_datum, &attr_name)) goto err; if (py_insert_string(dict, "name", attr_name)) goto err; /* get an iterator over all types this attribute has */ if (qpol_type_get_isattr(q, type_datum, &isattr)) goto err; if (isattr) { /* sanity check */ if (qpol_type_get_type_iter(q, type_datum, &iter)) goto err; list = PyList_New(0); if (!list) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&attr_datum)) goto err; if (qpol_type_get_name(q, attr_datum, &type_name)) goto err; if (py_append_string(list, type_name)) goto err; } qpol_iterator_destroy(&iter); rt = PyDict_SetItemString(dict, "types", list); Py_DECREF(list); list = NULL; if (rt) goto err; } else /* this should never happen */ goto err; goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(dict); dict = NULL; py_decref(list); cleanup: qpol_iterator_destroy(&iter); errno = error; return dict; }
/** * Get a textual representation of a type, and * all of that type's attributes. * * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy */ static PyObject* get_type_attrs(const qpol_type_t * type_datum, const apol_policy_t * policydb) { qpol_iterator_t *iter = NULL; const char *attr_name = NULL; const qpol_type_t *attr_datum = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); int error = 0; PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_type_get_attr_iter(q, type_datum, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&attr_datum)) goto err; if (qpol_type_get_name(q, attr_datum, &attr_name)) goto err; if (py_append_string(list, attr_name)) goto err; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return list; }
int apol_userbounds_get_by_query(const apol_policy_t * p, apol_userbounds_query_t * q, apol_vector_t ** v) { qpol_iterator_t *iter; int retval = -1; *v = NULL; if (qpol_policy_get_userbounds_iter(p->p, &iter) < 0) { return -1; } if ((*v = apol_vector_create(NULL)) == NULL) { ERR(p, "%s", strerror(errno)); goto cleanup; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { const qpol_userbounds_t *userbounds; if (qpol_iterator_get_item(iter, (void **)&userbounds) < 0) { goto cleanup; } if (q != NULL) { if (apol_vector_append(*v, (void *)userbounds)) { ERR(p, "%s", strerror(ENOMEM)); goto cleanup; } } } retval = 0; cleanup: if (retval != 0) { apol_vector_destroy(v); } qpol_iterator_destroy(&iter); return retval; }
/** * Get statistics regarding a policy's roles. * If this function is given a name, it will attempt to * get statistics about a particular role; otherwise * the function get statistics about all of the policy's roles. * * @param name Reference to an role's name; if NULL, * all roles will be considered * @param policydb Reference to a policy * * @return 0 on success, < 0 on error. */ static PyObject* get_roles(const char *name, const apol_policy_t * policydb) { const qpol_role_t *role_datum = NULL; qpol_iterator_t *iter = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); int error = 0; int rt; PyObject *obj; PyObject *list = PyList_New(0); if (!list) goto err; if (name != NULL) { if (qpol_policy_get_role_by_name(q, name, &role_datum)) { errno = EINVAL; goto err; } obj = get_role(role_datum, policydb); rt = py_append_obj(list, obj); Py_DECREF(obj); if (rt) goto err; } else { if (qpol_policy_get_role_iter(q, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&role_datum)) goto err; obj = get_role(role_datum, policydb); rt = py_append_obj(list, obj); Py_DECREF(obj); if (rt) goto err; } qpol_iterator_destroy(&iter); } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return list; }
int apol_portcon_get_by_query(const apol_policy_t * p, const apol_portcon_query_t * po, apol_vector_t ** v) { qpol_iterator_t *iter; int retval = -1, retval2; *v = NULL; if (qpol_policy_get_portcon_iter(p->p, &iter) < 0) { return -1; } if ((*v = apol_vector_create(NULL)) == NULL) { ERR(p, "%s", strerror(errno)); goto cleanup; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { qpol_portcon_t *portcon; if (qpol_iterator_get_item(iter, (void **)&portcon) < 0) { goto cleanup; } if (po != NULL) { uint16_t low, high; uint8_t proto; const qpol_context_t *context; if (qpol_portcon_get_low_port(p->p, portcon, &low) < 0 || qpol_portcon_get_high_port(p->p, portcon, &high) < 0 || qpol_portcon_get_protocol(p->p, portcon, &proto) < 0 || qpol_portcon_get_context(p->p, portcon, &context) < 0) { goto cleanup; } if ((po->low >= 0 && ((uint16_t) po->low) != low) || (po->high >= 0 && ((uint16_t) po->high) != high) || (po->proto >= 0 && ((uint8_t) po->proto) != proto)) { continue; } retval2 = apol_compare_context(p, context, po->context, po->flags); if (retval2 < 0) { goto cleanup; } else if (retval2 == 0) { continue; } } if (apol_vector_append(*v, portcon)) { ERR(p, "%s", strerror(ENOMEM)); goto cleanup; } } retval = 0; cleanup: if (retval != 0) { apol_vector_destroy(v); } qpol_iterator_destroy(&iter); return retval; }
apol_vector_t *level_get_items(poldiff_t * diff, const apol_policy_t * policy) { qpol_iterator_t *iter = NULL; apol_vector_t *v = NULL; qpol_policy_t *q = apol_policy_get_qpol(policy); int error = 0; if (qpol_policy_get_level_iter(q, &iter) < 0) { return NULL; } v = apol_vector_create_from_iter(iter, NULL); if (v == NULL) { error = errno; ERR(diff, "%s", strerror(error)); qpol_iterator_destroy(&iter); errno = error; return NULL; } qpol_iterator_destroy(&iter); apol_vector_sort(v, level_name_comp, (void *)policy); return v; }
static size_t hash_perm_state_size_common(const qpol_iterator_t * iter) { perm_hash_state_t *hs = NULL; uint32_t tmp_bucket = 0; size_t count = 0; hashtab_node_t *tmp_node; sepol_policydb_t sp; qpol_policy_t qp; qpol_iterator_t *internal_perms; common_datum_t *internal_common; char *tmp = NULL; if (iter == NULL || qpol_iterator_state(iter) == NULL) { errno = EINVAL; return STATUS_ERR; } hs = (perm_hash_state_t *) qpol_iterator_state(iter); if (hs == NULL) { errno = EINVAL; return STATUS_ERR; } /* shallow copy ok here as only internal values are used */ sp.p = *qpol_iterator_policy(iter); if (&sp.p == NULL) { errno = EINVAL; return STATUS_ERR; } qp.p = &sp; qp.fn = NULL; for (tmp_bucket = 0; tmp_bucket < (*(hs->table))->size; tmp_bucket++) { for (tmp_node = (*(hs->table))->htable[tmp_bucket]; tmp_node; tmp_node = tmp_node->next) { internal_common = tmp_node ? ((common_datum_t *) tmp_node->datum) : NULL; qpol_common_get_perm_iter(&qp, (qpol_common_t *) internal_common, &internal_perms); for (; !qpol_iterator_end(internal_perms); qpol_iterator_next(internal_perms)) { qpol_iterator_get_item(internal_perms, (void **)&tmp); if (!strcmp(tmp, hs->perm_name)) { count++; break; } } qpol_iterator_destroy(&internal_perms); } } return count; }
static int hash_state_next_class_w_perm(qpol_iterator_t * iter) { class_datum_t *internal_class = NULL; qpol_iterator_t *internal_perms = NULL; unsigned char has_perm = 0; perm_hash_state_t *hs = NULL; sepol_policydb_t sp; qpol_policy_t qp; char *tmp = NULL; hs = (perm_hash_state_t *) qpol_iterator_state(iter); if (hs == NULL) { errno = EINVAL; return STATUS_ERR; } if (hs->bucket >= (*(hs->table))->size) { errno = ERANGE; return STATUS_ERR; } /* shallow copy ok here as only internal values are used */ sp.p = *qpol_iterator_policy(iter); qp.p = &sp; qp.fn = NULL; do { hash_state_next(iter); if (hash_state_end(iter)) break; internal_class = hs->node ? (class_datum_t *) hs->node->datum : NULL; qpol_class_get_perm_iter(&qp, (qpol_class_t *) internal_class, &internal_perms); for (; !qpol_iterator_end(internal_perms); qpol_iterator_next(internal_perms)) { qpol_iterator_get_item(internal_perms, (void **)&tmp); if (!strcmp(tmp, hs->perm_name)) { has_perm = 1; break; } } qpol_iterator_destroy(&internal_perms); } while (!has_perm && !hash_state_end(iter)); return STATUS_SUCCESS; }
/** * Get the alias of a type. * * @param fp Reference to a file to which to get type information * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy * attributes */ static PyObject* get_type_aliases(const qpol_type_t * type_datum, const apol_policy_t * policydb) { qpol_iterator_t *iter = NULL; size_t alias_size; unsigned char isattr, isalias; const char *type_name = NULL; const char *alias_name; int error = 0; qpol_policy_t *q = apol_policy_get_qpol(policydb); PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_type_get_name(q, type_datum, &type_name)) goto cleanup; if (qpol_type_get_isattr(q, type_datum, &isattr)) goto cleanup; if (qpol_type_get_isalias(q, type_datum, &isalias)) goto cleanup; if (qpol_type_get_alias_iter(q, type_datum, &iter)) goto cleanup; if (qpol_iterator_get_size(iter, &alias_size)) goto cleanup; if (alias_size > 0) { for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&alias_name)) goto err; if (py_append_string(list, alias_name)) goto err; } } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return list; }
int apol_permissive_get_by_query(const apol_policy_t * p, apol_permissive_query_t * q, apol_vector_t ** v) { qpol_iterator_t *iter; int retval = -1; *v = NULL; if (qpol_policy_get_permissive_iter(p->p, &iter) < 0) { return -1; } if ((*v = apol_vector_create(NULL)) == NULL) { ERR(p, "%s", strerror(errno)); goto cleanup; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { const qpol_permissive_t *permissive; if (qpol_iterator_get_item(iter, (void **)&permissive) < 0) { goto cleanup; } if (q != NULL) { int compval = apol_compare_permissive(p, permissive, q->permissive_name, q->flags, &(q->regex)); if (compval < 0) { goto cleanup; } else if (compval == 0) { continue; } } if (apol_vector_append(*v, (void *)permissive)) { ERR(p, "%s", strerror(ENOMEM)); goto cleanup; } } retval = 0; cleanup: if (retval != 0) { apol_vector_destroy(v); } qpol_iterator_destroy(&iter); return retval; }
/** * Given a level, return a vector of its allowed categories (in the * form of strings). These will be sorted in policy order. * * @param diff Policy diff error handler. * @param p Policy from which the level came. * @param level Level whose categories to get. * * @return Vector of category strings for the level. The caller is * responsible for calling apol_vector_destroy(). On error, return * NULL. */ static apol_vector_t *level_get_cats(const poldiff_t * diff, const apol_policy_t * p, const qpol_level_t * level) { qpol_iterator_t *iter = NULL; const qpol_cat_t *cat; const char *cat_name; apol_vector_t *v = NULL; qpol_policy_t *q = apol_policy_get_qpol(p); int retval = -1, error = 0; if ((v = apol_vector_create(NULL)) == NULL) { ERR(diff, "%s", strerror(errno)); goto cleanup; } if (qpol_level_get_cat_iter(q, level, &iter) < 0) { goto cleanup; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&cat) < 0 || qpol_cat_get_name(q, cat, &cat_name)) { error = errno; goto cleanup; } if (apol_vector_append(v, (void *)cat_name) < 0) { error = errno; ERR(diff, "%s", strerror(error)); goto cleanup; } } retval = 0; cleanup: qpol_iterator_destroy(&iter); if (retval < 0) { apol_vector_destroy(&v); errno = error; return NULL; } return v; }
static PyObject* get_bool(const qpol_policy_t *q, const qpol_cond_t * cond, int enabled) { qpol_iterator_t *iter = NULL; qpol_cond_expr_node_t *expr = NULL; char *tmp = NULL; const char *bool_name = NULL; int error = 0; uint32_t expr_type = 0; qpol_bool_t *cond_bool = NULL; PyObject *obj, *tuple = NULL; PyObject *boollist = NULL; if (!q || !cond) { errno = EINVAL; return NULL; } if (qpol_cond_get_expr_node_iter(q, cond, &iter) < 0) { goto err; } boollist = PyList_New(0); if (! boollist) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&expr)) { goto err; } if (qpol_cond_expr_node_get_expr_type(q, expr, &expr_type)) { goto err; } if (expr_type != QPOL_COND_EXPR_BOOL) { obj = PyUnicode_FromString(apol_cond_expr_type_to_str(expr_type)); if (!obj) goto err; if (py_append_obj(boollist, obj)) goto err; } else { tuple = PyTuple_New(2); if (!tuple) goto err; if (qpol_cond_expr_node_get_bool(q, expr, &cond_bool)) { goto err; } if (qpol_bool_get_name(q, cond_bool, &bool_name)) { goto err; } obj = PyUnicode_FromString(bool_name); if (py_tuple_insert_obj(tuple, 0, obj)) goto err; obj = PyBool_FromLong(enabled); if (py_tuple_insert_obj(tuple, 1, obj)) goto err; if (py_append_obj(boollist, tuple)) goto err; tuple=NULL; } } qpol_iterator_destroy(&iter); return boollist; err: error = errno; qpol_iterator_destroy(&iter); py_decref(tuple); py_decref(boollist); free(tmp); errno = error; return NULL; }
int apol_role_allow_get_by_query(const apol_policy_t * p, const apol_role_allow_query_t * r, apol_vector_t ** v) { qpol_iterator_t *iter = NULL; apol_vector_t *source_list = NULL, *target_list = NULL; int retval = -1, source_as_any = 0; *v = NULL; if (r != NULL) { if (r->source != NULL && (source_list = apol_query_create_candidate_role_list(p, r->source, r->flags & APOL_QUERY_REGEX)) == NULL) { goto cleanup; } if ((r->flags & APOL_QUERY_SOURCE_AS_ANY) && r->source != NULL) { target_list = source_list; source_as_any = 1; } else if (r->target != NULL && (target_list = apol_query_create_candidate_role_list(p, r->target, r->flags & APOL_QUERY_REGEX)) == NULL) { goto cleanup; } } if (qpol_policy_get_role_allow_iter(p->p, &iter) < 0) { goto cleanup; } if ((*v = apol_vector_create(NULL)) == NULL) { ERR(p, "%s", strerror(errno)); goto cleanup; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { qpol_role_allow_t *rule; int match_source = 0, match_target = 0; size_t i; if (qpol_iterator_get_item(iter, (void **)&rule) < 0) { goto cleanup; } if (source_list == NULL) { match_source = 1; } else { const qpol_role_t *source_role; if (qpol_role_allow_get_source_role(p->p, rule, &source_role) < 0) { goto cleanup; } if (apol_vector_get_index(source_list, source_role, NULL, NULL, &i) == 0) { match_source = 1; } } /* if source did not match, but treating source symbol * as any field, then delay rejecting this rule until * the target has been checked */ if (!source_as_any && !match_source) { continue; } if (target_list == NULL || (source_as_any && match_source)) { match_target = 1; } else { const qpol_role_t *target_role; if (qpol_role_allow_get_target_role(p->p, rule, &target_role) < 0) { goto cleanup; } if (apol_vector_get_index(target_list, target_role, NULL, NULL, &i) == 0) { match_target = 1; } } if (!match_target) { continue; } if (apol_vector_append(*v, rule)) { ERR(p, "%s", strerror(ENOMEM)); goto cleanup; } } retval = 0; cleanup: if (retval != 0) { apol_vector_destroy(v); } apol_vector_destroy(&source_list); if (!source_as_any) { apol_vector_destroy(&target_list); } qpol_iterator_destroy(&iter); return retval; }
int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v) { apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL; int retval = -1, source_as_any = 0, is_regex = 0; *v = NULL; qpol_iterator_t *iter = NULL; if (t != NULL) { is_regex = t->flags & APOL_QUERY_REGEX; if (t->source != NULL && (source_list = apol_query_create_candidate_type_list(p, t->source, is_regex, t->flags & APOL_QUERY_SOURCE_INDIRECT, ((t->flags & (APOL_QUERY_SOURCE_TYPE | APOL_QUERY_SOURCE_ATTRIBUTE)) / APOL_QUERY_SOURCE_TYPE))) == NULL) { goto cleanup; } if ((t->flags & APOL_QUERY_SOURCE_AS_ANY) && t->source != NULL) { default_list = target_list = source_list; source_as_any = 1; } else { if (t->target != NULL && (target_list = apol_query_create_candidate_type_list(p, t->target, is_regex, t->flags & APOL_QUERY_TARGET_INDIRECT, ((t-> flags & (APOL_QUERY_TARGET_TYPE | APOL_QUERY_TARGET_ATTRIBUTE)) / APOL_QUERY_TARGET_TYPE))) == NULL) { goto cleanup; } if (t->default_type != NULL && (default_list = apol_query_create_candidate_type_list(p, t->default_type, is_regex, 0, APOL_QUERY_SYMBOL_IS_TYPE)) == NULL) { goto cleanup; } } if (t->classes != NULL && apol_vector_get_size(t->classes) > 0 && (class_list = apol_query_create_candidate_class_list(p, t->classes)) == NULL) { goto cleanup; } } if (qpol_policy_get_filename_trans_iter(p->p, &iter) < 0) { goto cleanup; } if ((*v = apol_vector_create(NULL)) == NULL) { ERR(p, "%s", strerror(errno)); goto cleanup; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { int match_source = 0, match_target = 0, match_default = 0; size_t i; qpol_filename_trans_t *filename_trans; if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) { goto cleanup; } if (source_list == NULL) { match_source = 1; } else { const qpol_type_t *source_type; if (qpol_filename_trans_get_source_type(p->p, filename_trans, &source_type) < 0) { goto cleanup; } if (apol_vector_get_index(source_list, source_type, NULL, NULL, &i) == 0) { match_source = 1; } } /* if source did not match, but treating source symbol * as any field, then delay rejecting this filename_trans until * the target and default have been checked */ if (!source_as_any && !match_source) { continue; } if (target_list == NULL || (source_as_any && match_source)) { match_target = 1; } else { const qpol_type_t *target_type; if (qpol_filename_trans_get_target_type(p->p, filename_trans, &target_type) < 0) { goto cleanup; } if (apol_vector_get_index(target_list, target_type, NULL, NULL, &i) == 0) { match_target = 1; } } if (!source_as_any && !match_target) { continue; } if (default_list == NULL || (source_as_any && match_source) || (source_as_any && match_target)) { match_default = 1; } else { const qpol_type_t *default_type; if (qpol_filename_trans_get_default_type(p->p, filename_trans, &default_type) < 0) { goto cleanup; } if (apol_vector_get_index(default_list, default_type, NULL, NULL, &i) == 0) { match_default = 1; } } if (!source_as_any && !match_default) { continue; } /* at least one thing must match if source_as_any was given */ if (source_as_any && (!match_source && !match_target && !match_default)) { continue; } if (class_list != NULL) { const qpol_class_t *obj_class; if (qpol_filename_trans_get_object_class(p->p, filename_trans, &obj_class) < 0) { goto cleanup; } if (apol_vector_get_index(class_list, obj_class, NULL, NULL, &i) < 0) { continue; } } if (apol_vector_append(*v, filename_trans)) { ERR(p, "%s", strerror(ENOMEM)); goto cleanup; } } retval = 0; cleanup: if (retval != 0) { apol_vector_destroy(v); } apol_vector_destroy(&source_list); if (!source_as_any) { apol_vector_destroy(&target_list); apol_vector_destroy(&default_list); } apol_vector_destroy(&class_list); qpol_iterator_destroy(&iter); return retval; }
/** * Get statistics regarding a policy's ports. * If this function is given a name, it will attempt to * get statistics about a particular port; otherwise * the function get statistics about all of the policy's ports. * * @param name Reference to an port's name; if NULL, * all ports will be considered * @param policydb Reference to a policy * * @return 0 on success, < 0 on error. */ static PyObject* get_ports(const char *num, const apol_policy_t * policydb) { const qpol_portcon_t *portcon = NULL; qpol_iterator_t *iter = NULL; uint16_t low_port, high_port; uint8_t ocon_proto; qpol_policy_t *q = apol_policy_get_qpol(policydb); const qpol_context_t *ctxt = NULL; const char *proto_str = NULL; const char *type = NULL; const apol_mls_range_t *range = NULL; char *range_str = NULL; apol_context_t *c = NULL; int error = 0; int rt = 0; PyObject *dict = NULL; PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_policy_get_portcon_iter(q, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&portcon)) goto err; if (qpol_portcon_get_low_port(q, portcon, &low_port)) goto err; if (qpol_portcon_get_high_port(q, portcon, &high_port)) goto err; if (qpol_portcon_get_protocol(q, portcon, &ocon_proto)) goto err; if (num) { if (atoi(num) < low_port || atoi(num) > high_port) continue; } if ((ocon_proto != IPPROTO_TCP) && (ocon_proto != IPPROTO_UDP)) goto err; if (qpol_portcon_get_context(q, portcon, &ctxt)) { PyErr_SetString(PyExc_RuntimeError, "Could not get for port context."); goto err; } if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) { PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port"); goto err; } if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) { goto err; } if((type = apol_context_get_type(c)) == NULL) { apol_context_destroy(&c); goto err; } dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "type", type)) goto err; if((range = apol_context_get_range(c)) != NULL) { range_str = apol_mls_range_render(policydb, range); if (range_str == NULL) { goto err; } if (py_insert_string(dict, "range", range_str)) goto err; } if (py_insert_string(dict, "protocol", proto_str)) goto err; if (py_insert_long(dict, "high", high_port)) goto err; if (py_insert_long(dict, "low", low_port)) goto err; rt = py_append_obj(list, dict); Py_DECREF(dict); dict = NULL; if (rt) goto err; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; py_decref(dict); dict = NULL; cleanup: free(range_str); apol_context_destroy(&c); qpol_iterator_destroy(&iter); errno = error; return list; }
/** * get a textual representation of a role, and * all of that role's types. * * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy * types */ static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb) { const char *role_name = NULL, *type_name = NULL; const qpol_role_t *dom_datum = NULL; const qpol_type_t *type_datum = NULL; qpol_iterator_t *iter = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); size_t n_dom = 0, n_types = 0; int error = 0; int rt; PyObject *list = NULL; PyObject *dict = PyDict_New(); if (!dict) goto err; if (qpol_role_get_name(q, role_datum, &role_name)) goto err; if (py_insert_string(dict, "name", role_name)) goto err; if (qpol_role_get_dominate_iter(q, role_datum, &iter)) goto err; if (qpol_iterator_get_size(iter, &n_dom)) goto err; if ((int)n_dom > 0) { list = PyList_New(0); if (!list) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&dom_datum)) goto err; if (qpol_role_get_name(q, dom_datum, &role_name)) goto err; if (py_append_string(list, role_name)) goto err; } rt = py_insert_obj(dict, "roles", list); Py_DECREF(list); list = NULL; if (rt) goto err; } qpol_iterator_destroy(&iter); if (qpol_role_get_type_iter(q, role_datum, &iter)) goto err; if (qpol_iterator_get_size(iter, &n_types)) goto err; if ((int)n_types > 0) { list = PyList_New(0); if (!list) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&type_datum)) goto err; if (qpol_type_get_name(q, type_datum, &type_name)) goto err; if (py_append_string(list, type_name)) goto err; } rt = py_insert_obj(dict, "types", list); Py_DECREF(list); list = NULL; if (rt) goto err; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; py_decref(dict); dict = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return dict; }
/** * Prints a textual representation of an object class and possibly * all of that object class' permissions. * * @param fp Reference to a file to which to print object class information * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy * @param expand Flag indicating whether to print each object class' * permissions */ static PyObject* get_class(const qpol_class_t * class_datum, const apol_policy_t * policydb) { const char *class_name = NULL, *perm_name = NULL; qpol_iterator_t *iter = NULL; const qpol_common_t *common_datum = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); int error = 0; int rt; PyObject *list = NULL; PyObject *dict = PyDict_New(); if (!dict) goto err; if (!class_datum) goto err; if (qpol_class_get_name(q, class_datum, &class_name)) goto err; if (py_insert_string(dict, "name", class_name)) goto err; /* get commons for this class */ if (qpol_class_get_common(q, class_datum, &common_datum)) goto err; list = PyList_New(0); if (!list) goto err; if (common_datum) { if (qpol_common_get_perm_iter(q, common_datum, &iter)) goto err; /* print perms for the common */ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&perm_name)) goto err; if (py_append_string(list, perm_name)) goto err; } } /* print unique perms for this class */ if (qpol_class_get_perm_iter(q, class_datum, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&perm_name)) goto err; if (py_append_string(list, perm_name)) goto err; } rt = py_insert_obj(dict, "permlist", list); Py_DECREF(list); list = NULL; if (rt) goto err; qpol_iterator_destroy(&iter); goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list=NULL; py_decref(dict); dict=NULL; cleanup: errno = error; qpol_iterator_destroy(&iter); return dict; }
/** * Gets a textual representation of a user, and * all of that user's roles. * * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy * roles */ static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb) { int error = 0; int rt; const qpol_role_t *role_datum = NULL; qpol_iterator_t *iter = NULL; const qpol_mls_range_t *range = NULL; const qpol_mls_level_t *dflt_level = NULL; apol_mls_level_t *ap_lvl = NULL; apol_mls_range_t *ap_range = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); char *tmp = NULL; const char *user_name, *role_name; PyObject *dict = NULL; PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_user_get_name(q, user_datum, &user_name)) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "name", user_name)) goto err; if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) { if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level)) goto err; ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level); tmp = apol_mls_level_render(policydb, ap_lvl); if (!tmp) goto err; if (py_insert_string(dict, "level", tmp)) goto err; free(tmp); tmp = NULL; if (qpol_user_get_range(q, user_datum, &range)) goto err; ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range); tmp = apol_mls_range_render(policydb, ap_range); if (!tmp) goto err; if (py_insert_string(dict, "range", tmp)) goto err; free(tmp); tmp=NULL; } if (qpol_user_get_role_iter(q, user_datum, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&role_datum)) goto err; if (qpol_role_get_name(q, role_datum, &role_name)) goto err; if (py_append_string(list, role_name)) goto err; } rt = py_insert_obj(dict, "roles", list); Py_DECREF(list); list=NULL; if (rt) goto err; goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list=NULL; py_decref(dict); dict=NULL; cleanup: free(tmp); qpol_iterator_destroy(&iter); apol_mls_level_destroy(&ap_lvl); apol_mls_range_destroy(&ap_range); errno = error; return dict; }
/** * Gets statistics regarding a policy's booleans. * If this function is given a name, it will attempt to * get statistics about a particular boolean; otherwise * the function gets statistics about all of the policy's booleans. * * @param fp Reference to a file to which to print statistics * @param name Reference to a boolean's name; if NULL, * all booleans will be considered * @param expand Flag indicating whether to print each * boolean's default state * @param policydb Reference to a policy * * @return new reference, or NULL (setting an exception) */ static PyObject* get_booleans(const char *name, const apol_policy_t * policydb) { PyObject *dict = NULL; int error = 0; int rt = 0; const char *bool_name = NULL; int state; qpol_bool_t *bool_datum = NULL; qpol_iterator_t *iter = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); size_t n_bools = 0; PyObject *list = PyList_New(0); if (!list) goto err; if (name != NULL) { if (qpol_policy_get_bool_by_name(q, name, &bool_datum)) goto err; if (qpol_bool_get_state(q, bool_datum, &state)) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "name", name)) goto err; if (py_insert_bool(dict, "name", state)) goto err; rt = py_append_obj(list, dict); Py_DECREF(dict); dict = NULL; if (rt) goto err; } else { if (qpol_policy_get_bool_iter(q, &iter)) goto err; if (qpol_iterator_get_size(iter, &n_bools)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&bool_datum)) goto err; if (qpol_bool_get_name(q, bool_datum, &bool_name)) goto err; if (qpol_bool_get_state(q, bool_datum, &state)) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "name", bool_name)) goto err; if (py_insert_bool(dict, "state", state)) goto err; rt = py_append_obj(list, dict); Py_DECREF(dict); dict = NULL; if (rt) goto err; } qpol_iterator_destroy(&iter); } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(error)); py_decref(list); list = NULL; py_decref(dict); dict = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return list; }
apol_vector_t *apol_mls_range_get_levels(const apol_policy_t * p, const apol_mls_range_t * range) { qpol_policy_t *q = apol_policy_get_qpol(p); apol_vector_t *v = NULL, *catv = NULL; const qpol_level_t *l; uint32_t low_value, high_value, value; int error = 0; qpol_iterator_t *iter = NULL, *catiter = NULL; if (p == NULL || range == NULL || range->low == NULL) { error = EINVAL; ERR(p, "%s", strerror(error)); goto err; } apol_mls_level_t *low_level, *high_level; low_level = range->low; if (range->high == NULL) { high_level = low_level; } else { high_level = range->high; } if (qpol_policy_get_level_by_name(q, apol_mls_level_get_sens(low_level), &l) < 0 || qpol_level_get_value(q, l, &low_value) < 0) { error = errno; goto err; } if (qpol_policy_get_level_by_name(q, apol_mls_level_get_sens(high_level), &l) < 0 || qpol_level_get_value(q, l, &high_value) < 0) { error = errno; goto err; } assert(low_value <= high_value); if ((v = apol_vector_create(mls_level_free)) == NULL) { error = errno; ERR(p, "%s", strerror(error)); goto err; } if (qpol_policy_get_level_iter(q, &iter) < 0) { error = errno; goto err; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { const char *name; apol_mls_level_t *ml; if (qpol_iterator_get_item(iter, (void **)&l) < 0 || qpol_level_get_value(q, l, &value) < 0 || qpol_level_get_name(q, l, &name) < 0) { error = errno; goto err; } if (value < low_value || value > high_value) { continue; } if ((ml = apol_mls_level_create()) == NULL || (apol_mls_level_set_sens(p, ml, name) < 0)) { error = errno; apol_mls_level_destroy(&ml); ERR(p, "%s", strerror(error)); goto err; } if (qpol_level_get_cat_iter(q, l, &catiter) < 0 || (catv = apol_vector_create_from_iter(catiter, NULL)) == NULL) { error = errno; goto err; } const apol_vector_t *high_cats = apol_mls_level_get_cats(high_level); for (size_t i = 0; i < apol_vector_get_size(high_cats); i++) { char *cat_name = apol_vector_get_element(high_cats, i); size_t j; /* do not add categories that are not members of the level */ if (apol_vector_get_index(catv, cat_name, mls_level_name_to_cat_comp, q, &j) < 0) { /* this category is not legal under the given policy */ continue; } if (apol_mls_level_append_cats(p, ml, cat_name) < 0) { error = errno; apol_mls_level_destroy(&ml); ERR(p, "%s", strerror(error)); goto err; } } qpol_iterator_destroy(&catiter); apol_vector_destroy(&catv); if (apol_vector_append(v, ml) < 0) { error = errno; apol_mls_level_destroy(&ml); ERR(p, "%s", strerror(error)); goto err; } } apol_vector_sort(v, mls_range_comp, q); qpol_iterator_destroy(&iter); qpol_iterator_destroy(&catiter); apol_vector_destroy(&catv); return v; err: qpol_iterator_destroy(&iter); qpol_iterator_destroy(&catiter); apol_vector_destroy(&v); apol_vector_destroy(&catv); errno = error; return NULL; }