static PyObject* get_av_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output)
{
PyObject *obj, *dict=NULL;
PyObject *permlist = NULL;
PyObject *boollist = NULL;
uint32_t rule_type = 0;
int rt;
int error = 0;
qpol_policy_t *q;
size_t i, num_rules = 0;
const qpol_avrule_t *rule = NULL;
char *tmp = NULL, *rule_str = NULL;
qpol_cond_expr_node_t *expr = NULL;
qpol_iterator_t *iter = NULL;
const qpol_cond_t *cond = NULL;
uint32_t enabled = 0;
const qpol_type_t *type;
const char *tmp_name;
const qpol_class_t *obj_class = NULL;
if (!policy || !v) {
errno = EINVAL;
goto err;
}
if (!(num_rules = apol_vector_get_size(v)))
return NULL;
q = apol_policy_get_qpol(policy);
for (i = 0; i < num_rules; i++) {
if (!(rule = apol_vector_get_element(v, i)))
goto err;
dict = PyDict_New();
if (!dict) goto err;
if (qpol_avrule_get_rule_type(q, rule, &rule_type))
goto err;
if (!(tmp_name = apol_rule_type_to_str(rule_type))) {
PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string");
errno = EINVAL;
goto err;
}
if (py_insert_string(dict, "type", tmp_name))
goto err;
if (qpol_avrule_get_source_type(q, rule, &type)) {
goto err;
}
if (qpol_type_get_name(q, type, &tmp_name)) {
goto err;
}
if (py_insert_string(dict, "source", tmp_name))
goto err;
if (qpol_avrule_get_target_type(q, rule, &type)) {
goto err;
}
if (qpol_type_get_name(q, type, &tmp_name)) {
goto err;
}
if (py_insert_string(dict, "target", tmp_name))
goto err;
if (qpol_avrule_get_object_class(q, rule, &obj_class)) {
goto err;
}
if (qpol_class_get_name(q, obj_class, &tmp_name)) {
goto err;
}
if (py_insert_string(dict, "class", tmp_name))
goto err;
if (qpol_avrule_get_perm_iter(q, rule, &iter)) {
goto err;
}
permlist = PyList_New(0);
if (! permlist) goto err;
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
const char *perm_name = NULL;
if (qpol_iterator_get_item(iter, (void **)&perm_name))
goto err;
if (py_append_string(permlist, perm_name))
goto err;
}
rt = PyDict_SetItemString(dict, "permlist", permlist);
py_decref(permlist); permlist=NULL;
if (rt) goto err;
if (qpol_avrule_get_cond(q, rule, &cond))
goto err;
if (qpol_avrule_get_is_enabled(q, rule, &enabled))
goto err;
obj = PyBool_FromLong(enabled);
rt = PyDict_SetItemString(dict, "enabled", obj);
py_decref(obj);
if (cond) {
obj = get_bool(q, cond, enabled);
if (!obj) goto err;
rt = PyDict_SetItemString(dict, "boolean", obj);
py_decref(obj);
}
rt = py_append_obj(output, dict);
py_decref(dict); dict=NULL;
if (rt) goto err;
free(rule_str); rule_str = NULL;
free(expr); expr = NULL;
}
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
py_decref(dict);
py_decref(permlist);
py_decref(boollist);
cleanup:
free(tmp);
free(rule_str);
free(expr);
errno = error;
return output;
}
static PyObject* get_ft_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *list)
{
PyObject *dict = NULL;
size_t i, num_filename_trans = 0;
const char *tmp_name;
int error = 0;
int rt;
const qpol_filename_trans_t *filename_trans = NULL;
const qpol_class_t *obj_class = NULL;
char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
qpol_policy_t *q;
const qpol_type_t *type = NULL;
if (!policy || !v) {
errno = EINVAL;
goto err;
}
if (!(num_filename_trans = apol_vector_get_size(v)))
return NULL;
q = apol_policy_get_qpol(policy);
for (i = 0; i < num_filename_trans; i++) {
if (!(filename_trans = apol_vector_get_element(v, i)))
goto err;
dict = PyDict_New();
if (!dict) goto err;
if (py_insert_string(dict, "type", "type_transition"))
goto err;
/* source type */
if (qpol_filename_trans_get_source_type(q, filename_trans, &type)) {
goto err;
}
if (qpol_type_get_name(q, type, &tmp_name)) {
goto err;
}
if (py_insert_string(dict, "source", tmp_name))
goto err;
if (qpol_filename_trans_get_target_type(q, filename_trans, &type))
goto err;
if (qpol_type_get_name(q, type, &tmp_name))
goto err;
if (py_insert_string(dict, "target", tmp_name))
goto err;
if (qpol_filename_trans_get_object_class(q, filename_trans, &obj_class))
goto err;
if (qpol_class_get_name(q, obj_class, &tmp_name))
goto err;
if (py_insert_string(dict, "class", tmp_name))
goto err;
if (qpol_filename_trans_get_default_type(q, filename_trans, &type))
goto err;
if (qpol_type_get_name(q, type, &tmp_name))
goto err;
if (py_insert_string(dict, "transtype", tmp_name))
goto err;
if (! qpol_filename_trans_get_filename(q, filename_trans, &tmp_name)) {
if (py_insert_string(dict, "filename", tmp_name))
goto err;
}
rt = py_append_obj(list, dict);
dict = NULL;
if (rt) goto err;
free(filename_trans_str); filename_trans_str = NULL;
free(expr); expr = NULL;
}
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
py_decref(dict);
cleanup:
free(tmp);
free(filename_trans_str);
free(expr);
errno = error;
return list;
}
static PyObject* get_te_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output)
{
int error = 0;
int rt = 0;
PyObject *obj, *dict=NULL, *tuple = NULL;
qpol_policy_t *q;
uint32_t rule_type = 0;
const qpol_type_t *type;
size_t i, num_rules = 0;
const qpol_terule_t *rule = NULL;
char *tmp = NULL, *rule_str = NULL, *expr = NULL;
const qpol_cond_t *cond = NULL;
uint32_t enabled = 0;
const char *tmp_name;
const qpol_class_t *obj_class = NULL;
if (!policy || !v) {
errno = EINVAL;
goto err;
}
if (!(num_rules = apol_vector_get_size(v)))
return NULL;
q = apol_policy_get_qpol(policy);
for (i = 0; i < num_rules; i++) {
dict = PyDict_New();
if (!dict) goto err;
if (!(rule = apol_vector_get_element(v, i)))
goto err;
if (qpol_terule_get_cond(q, rule, &cond))
goto err;
if (qpol_terule_get_is_enabled(q, rule, &enabled))
goto err;
if (cond) {
obj = get_bool(q, cond, enabled);
if (!obj) goto err;
rt = PyDict_SetItemString(dict, "boolean", obj);
py_decref(obj);
}
if (qpol_terule_get_rule_type(q, rule, &rule_type))
goto err;
if (!(rule_type &= (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER))) {
PyErr_SetString(PyExc_RuntimeError,"Invalid TE rule type");
errno = EINVAL;
goto err;
}
if (!(tmp_name = apol_rule_type_to_str(rule_type))) {
PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string");
errno = EINVAL;
goto err;
}
if (py_insert_string(dict, "type", tmp_name))
goto err;
if (qpol_terule_get_source_type(q, rule, &type))
goto err;
if (qpol_type_get_name(q, type, &tmp_name))
goto err;
if (py_insert_string(dict, "source", tmp_name))
goto err;
if (qpol_terule_get_target_type(q, rule, &type))
goto err;
if (qpol_type_get_name(q, type, &tmp_name))
goto err;
if (py_insert_string(dict, "target", tmp_name))
goto err;
if (qpol_terule_get_object_class(q, rule, &obj_class))
goto err;
if (qpol_class_get_name(q, obj_class, &tmp_name))
goto err;
if (py_insert_string(dict, "class", tmp_name))
goto err;
if (qpol_terule_get_default_type(q, rule, &type))
goto err;
if (qpol_type_get_name(q, type, &tmp_name))
goto err;
if (py_insert_string(dict, "transtype", tmp_name))
goto err;
rt = py_append_obj(output, dict);
dict = NULL;
if(rt) goto err;
free(rule_str); rule_str = NULL;
free(expr); expr = NULL;
}
goto cleanup;
err:
error = errno;
py_decref(dict);
py_decref(tuple);
PyErr_SetString(PyExc_RuntimeError,strerror(error));
cleanup:
free(tmp);
free(rule_str);
free(expr);
errno = error;
return output;
}
/**
* Prints a textual representation of an object class and possibly
* all of that object class' permissions.
*
* @param fp Reference to a file to which to print object class information
* @param type_datum Reference to sepol type_datum
* @param policydb Reference to a policy
* @param expand Flag indicating whether to print each object class'
* permissions
*/
static PyObject* get_class(const qpol_class_t * class_datum, const apol_policy_t * policydb)
{
const char *class_name = NULL, *perm_name = NULL;
qpol_iterator_t *iter = NULL;
const qpol_common_t *common_datum = NULL;
qpol_policy_t *q = apol_policy_get_qpol(policydb);
int error = 0;
int rt;
PyObject *list = NULL;
PyObject *dict = PyDict_New();
if (!dict) goto err;
if (!class_datum)
goto err;
if (qpol_class_get_name(q, class_datum, &class_name))
goto err;
if (py_insert_string(dict, "name", class_name))
goto err;
/* get commons for this class */
if (qpol_class_get_common(q, class_datum, &common_datum))
goto err;
list = PyList_New(0);
if (!list) goto err;
if (common_datum) {
if (qpol_common_get_perm_iter(q, common_datum, &iter))
goto err;
/* print perms for the common */
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
if (qpol_iterator_get_item(iter, (void **)&perm_name))
goto err;
if (py_append_string(list, perm_name))
goto err;
}
}
/* print unique perms for this class */
if (qpol_class_get_perm_iter(q, class_datum, &iter))
goto err;
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
if (qpol_iterator_get_item(iter, (void **)&perm_name))
goto err;
if (py_append_string(list, perm_name))
goto err;
}
rt = py_insert_obj(dict, "permlist", list);
Py_DECREF(list); list = NULL;
if (rt) goto err;
qpol_iterator_destroy(&iter);
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
py_decref(list); list=NULL;
py_decref(dict); dict=NULL;
cleanup:
errno = error;
qpol_iterator_destroy(&iter);
return dict;
}
int poldiff_build_bsts(poldiff_t * diff)
{
apol_vector_t *classes[2] = { NULL, NULL };
apol_vector_t *perms[2] = { NULL, NULL };
apol_vector_t *bools[2] = { NULL, NULL };
size_t i, j;
const qpol_class_t *cls;
qpol_bool_t *qbool;
const char *name;
char *new_name;
int retval = -1, error = 0;
if (diff->class_bst != NULL) {
return 0;
}
if ((diff->class_bst = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(diff->perm_bst = apol_bst_create(apol_str_strcmp, free)) == NULL ||
(diff->bool_bst = apol_bst_create(apol_str_strcmp, free)) == NULL) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
for (i = 0; i < 2; i++) {
apol_policy_t *p = (i == 0 ? diff->orig_pol : diff->mod_pol);
qpol_policy_t *q = apol_policy_get_qpol(p);
if (apol_class_get_by_query(p, NULL, &classes[i]) < 0 ||
apol_perm_get_by_query(p, NULL, &perms[i]) < 0 || apol_bool_get_by_query(p, NULL, &bools[i]) < 0) {
error = errno;
goto cleanup;
}
for (j = 0; j < apol_vector_get_size(classes[i]); j++) {
cls = apol_vector_get_element(classes[i], j);
if (qpol_class_get_name(q, cls, &name) < 0) {
error = errno;
goto cleanup;
}
if ((new_name = strdup(name)) == NULL ||
apol_bst_insert_and_get(diff->class_bst, (void **)&new_name, NULL) < 0) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
}
for (j = 0; j < apol_vector_get_size(perms[i]); j++) {
name = (char *)apol_vector_get_element(perms[i], j);
if ((new_name = strdup(name)) == NULL ||
apol_bst_insert_and_get(diff->perm_bst, (void **)&new_name, NULL) < 0) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
}
for (j = 0; j < apol_vector_get_size(bools[i]); j++) {
qbool = (qpol_bool_t *) apol_vector_get_element(bools[i], j);
if (qpol_bool_get_name(q, qbool, &name) < 0) {
error = errno;
goto cleanup;
}
if ((new_name = strdup(name)) == NULL ||
apol_bst_insert_and_get(diff->bool_bst, (void **)&new_name, NULL) < 0) {
error = errno;
ERR(diff, "%s", strerror(error));
goto cleanup;
}
}
}
retval = 0;
cleanup:
apol_vector_destroy(&classes[0]);
apol_vector_destroy(&classes[1]);
apol_vector_destroy(&perms[0]);
apol_vector_destroy(&perms[1]);
apol_vector_destroy(&bools[0]);
apol_vector_destroy(&bools[1]);
errno = error;
return retval;
}
char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filename_trans_t * filename_trans)
{
char *tmp = NULL;
const char *tmp_name = NULL;
int error = 0;
size_t tmp_sz = 0;
const qpol_type_t *type = NULL;
const qpol_class_t *obj_class = NULL;
if (!policy || !filename_trans) {
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return NULL;
}
/* source type */
if (qpol_filename_trans_get_source_type(policy->p, filename_trans, &type)) {
error = errno;
goto err;
}
if (qpol_type_get_name(policy->p, type, &tmp_name)) {
error = errno;
goto err;
}
if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) {
error = errno;
ERR(policy, "%s", strerror(error));
goto err;
}
/* target type */
if (qpol_filename_trans_get_target_type(policy->p, filename_trans, &type)) {
error = errno;
goto err;
}
if (qpol_type_get_name(policy->p, type, &tmp_name)) {
error = errno;
goto err;
}
if (apol_str_appendf(&tmp, &tmp_sz, "%s : ", tmp_name)) {
error = errno;
ERR(policy, "%s", strerror(error));
goto err;
}
/* object class */
if (qpol_filename_trans_get_object_class(policy->p, filename_trans, &obj_class)) {
error = errno;
goto err;
}
if (qpol_class_get_name(policy->p, obj_class, &tmp_name)) {
error = errno;
goto err;
}
if (apol_str_appendf(&tmp, &tmp_sz, "%s ", tmp_name)) {
error = errno;
ERR(policy, "%s", strerror(error));
goto err;
}
/* default type */
if (qpol_filename_trans_get_default_type(policy->p, filename_trans, &type)) {
error = errno;
goto err;
}
if (qpol_type_get_name(policy->p, type, &tmp_name)) {
error = errno;
goto err;
}
if (apol_str_appendf(&tmp, &tmp_sz, "%s", tmp_name)) {
error = errno;
ERR(policy, "%s", strerror(error));
goto err;
}
/* filename */
if (qpol_filename_trans_get_filename(policy->p, filename_trans, &tmp_name)) {
error = errno;
goto err;
}
if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\";", tmp_name)) {
error = errno;
ERR(policy, "%s", strerror(error));
goto err;
}
return tmp;
err:
free(tmp);
errno = error;
return NULL;
}
