/* As type bounds are in types use these, however will need to calc number of bounds manually in top.tcl*/ int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter) { policydb_t *db; int error = 0; hash_state_t *hs = NULL; if (policy == NULL || iter == NULL) { if (iter != NULL) *iter = NULL; ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } db = &policy->p->p; /* struct type_datum *type; size_t i; int count = 0; for (i = 0; i < db->p_types.nprim - 1; i++) { type = db->type_val_to_struct[i]; if (type->flavor == TYPE_TYPE && type->bounds != 0) { printf("PARENT DOMAIN: %s\n", db->p_type_val_to_name[type->bounds - 1]); printf("CHILD NAME: %s\n", db->p_type_val_to_name[type->s.value - 1]); count++; } } printf("Type Bounds count: %d\n", count); */ hs = calloc(1, sizeof(hash_state_t)); if (hs == NULL) { error = errno; ERR(policy, "%s", strerror(ENOMEM)); errno = error; return STATUS_ERR; } hs->table = &db->p_types.table; hs->node = (*(hs->table))->htable[0]; if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur, hash_state_next, hash_state_end, hash_state_size, free, iter)) { free(hs); return STATUS_ERR; } if (hs->node == NULL) hash_state_next(*iter); return STATUS_SUCCESS; }
int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type_mask, qpol_iterator_t ** iter) { policydb_t *db; avtab_state_t *state; if (iter) { *iter = NULL; } if (policy == NULL || iter == NULL) { ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } if (!qpol_policy_has_capability(policy, QPOL_CAP_RULES_LOADED)) { ERR(policy, "%s", "Cannot get avrules: Rules not loaded"); errno = ENOTSUP; return STATUS_ERR; } if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); errno = ENOTSUP; return STATUS_ERR; } db = &policy->p->p; state = calloc(1, sizeof(avtab_state_t)); if (state == NULL) { ERR(policy, "%s", strerror(ENOMEM)); errno = ENOMEM; return STATUS_ERR; } state->ucond_tab = &db->te_avtab; state->cond_tab = &db->te_cond_avtab; state->rule_type_mask = rule_type_mask; state->node = db->te_avtab.htable[0]; if (qpol_iterator_create (policy, state, avtab_state_get_cur, avtab_state_next, avtab_state_end, avtab_state_size, free, iter)) { free(state); return STATUS_ERR; } if (state->node == NULL || !(state->node->key.specified & state->rule_type_mask)) { avtab_state_next(*iter); } return STATUS_SUCCESS; }
int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter) { policydb_t *db; int error = 0; hash_state_t *hs = NULL; if (policy == NULL || iter == NULL) { if (iter != NULL) *iter = NULL; ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } db = &policy->p->p; hs = calloc(1, sizeof(hash_state_t)); if (hs == NULL) { error = errno; ERR(policy, "%s", strerror(ENOMEM)); errno = error; return STATUS_ERR; } hs->table = &db->p_types.table; hs->node = (*(hs->table))->htable[0]; if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur, hash_state_next_typebounds, hash_state_end, hash_state_size, free, iter)) { free(hs); return STATUS_ERR; } if (hs->node == NULL) hash_state_next_typebounds(*iter); /* since we are iterating over all types, ensure our first item is actually bounded. */ if (!qpol_iterator_end(*iter)) { void *datum = NULL; type_datum_t *internal_datum = NULL; qpol_iterator_get_item(*iter, &datum); internal_datum = (type_datum_t *) datum; if (internal_datum -> flavor != TYPE_TYPE || internal_datum->bounds == 0) hash_state_next_typebounds(*iter); } return STATUS_SUCCESS; }
int qpol_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_avrule_t * rule, qpol_iterator_t ** perms) { policydb_t *db = NULL; avtab_ptr_t avrule = NULL; perm_state_t *ps = NULL; if (perms) { *perms = NULL; } if (!policy || !rule || !perms) { ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } db = &policy->p->p; avrule = (avtab_ptr_t) rule; ps = calloc(1, sizeof(perm_state_t)); if (!ps) { return STATUS_ERR; } if (avrule->key.specified & QPOL_RULE_DONTAUDIT) { ps->perm_set = ~(avrule->datum.data); /* stored as auditdeny flip the bits */ } else { ps->perm_set = avrule->datum.data; } ps->obj_class_val = avrule->key.target_class; if (qpol_iterator_create(policy, (void *)ps, perm_state_get_cur, perm_state_next, perm_state_end, perm_state_size, free, perms)) { return STATUS_ERR; } if (!(ps->perm_set & 1)) /* defaults to bit 0, if off: advance */ perm_state_next(*perms); return STATUS_SUCCESS; }
int qpol_user_get_role_iter(const qpol_policy_t * policy, const qpol_user_t * datum, qpol_iterator_t ** roles) { user_datum_t *internal_datum = NULL; int error = 0; ebitmap_state_t *es = NULL; if (policy == NULL || datum == NULL || roles == NULL) { if (roles != NULL) *roles = NULL; ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } internal_datum = (user_datum_t *) datum; es = calloc(1, sizeof(ebitmap_state_t)); if (es == NULL) { error = errno; ERR(policy, "%s", strerror(ENOMEM)); errno = error; return STATUS_ERR; } es->bmap = &(internal_datum->roles.roles); es->cur = es->bmap->node ? es->bmap->node->startbit : 0; if (qpol_iterator_create(policy, es, ebitmap_state_get_cur_role, ebitmap_state_next, ebitmap_state_end, ebitmap_state_size, free, roles)) { free(es); return STATUS_ERR; } if (es->bmap->node && !ebitmap_get_bit(es->bmap, es->cur)) ebitmap_state_next(*roles); return STATUS_SUCCESS; }
/* As userbounds are in users use these, however will need to calc number of bounds manually in top.tcl*/ int qpol_policy_get_userbounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter) { policydb_t *db; int error = 0; hash_state_t *hs = NULL; if (policy == NULL || iter == NULL) { if (iter != NULL) *iter = NULL; ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } db = &policy->p->p; hs = calloc(1, sizeof(hash_state_t)); if (hs == NULL) { error = errno; ERR(policy, "%s", strerror(ENOMEM)); errno = error; return STATUS_ERR; } hs->table = &db->p_users.table; hs->node = (*(hs->table))->htable[0]; if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur, hash_state_next, hash_state_end, hash_state_size, free, iter)) { free(hs); return STATUS_ERR; } if (hs->node == NULL) hash_state_next(*iter); return STATUS_SUCCESS; }
int qpol_policy_get_genfscon_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter) { policydb_t *db = NULL; genfs_state_t *gs = NULL; int error = 0; if (iter != NULL) *iter = NULL; if (policy == NULL || iter == NULL) { ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } db = &policy->p->p; gs = calloc(1, sizeof(genfs_state_t)); if (gs == NULL) { error = errno; ERR(policy, "%s", strerror(ENOMEM)); errno = error; return STATUS_ERR; } gs->head = gs->cur = db->genfs; if (gs->head) gs->cur_path = gs->head->head; if (qpol_iterator_create(policy, (void *)gs, genfs_state_get_cur, genfs_state_next, genfs_state_end, genfs_state_size, free, iter)) { free(gs); return STATUS_ERR; } return STATUS_SUCCESS; }
int qpol_policy_get_range_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter) { policydb_t *db = NULL; range_trans_state_t *rs = NULL; int error = 0; if (iter) *iter = NULL; if (!policy || !iter) { ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return STATUS_ERR; } db = &policy->p->p; rs = calloc(1, sizeof(range_trans_state_t)); if (!rs) { error = errno; ERR(policy, "%s", strerror(error)); errno = error; return STATUS_ERR; } if (qpol_iterator_create(policy, (void *)rs, range_trans_state_get_cur, range_trans_state_next, range_trans_state_end, range_trans_state_size, free, iter)) { error = errno; free(rs); errno = error; return STATUS_ERR; } rs->head = rs->cur = db->range_tr; return STATUS_SUCCESS; }