/* As type bounds are in types use these, however will need to calc number of bounds manually in top.tcl*/
int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
{
policydb_t *db;
int error = 0;
hash_state_t *hs = NULL;
if (policy == NULL || iter == NULL) {
if (iter != NULL)
*iter = NULL;
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
db = &policy->p->p;
/*
struct type_datum *type;
size_t i;
int count = 0;
for (i = 0; i < db->p_types.nprim - 1; i++) {
type = db->type_val_to_struct[i];
if (type->flavor == TYPE_TYPE && type->bounds != 0) {
printf("PARENT DOMAIN: %s\n", db->p_type_val_to_name[type->bounds - 1]);
printf("CHILD NAME: %s\n", db->p_type_val_to_name[type->s.value - 1]);
count++;
}
}
printf("Type Bounds count: %d\n", count);
*/
hs = calloc(1, sizeof(hash_state_t));
if (hs == NULL) {
error = errno;
ERR(policy, "%s", strerror(ENOMEM));
errno = error;
return STATUS_ERR;
}
hs->table = &db->p_types.table;
hs->node = (*(hs->table))->htable[0];
if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
hash_state_next, hash_state_end, hash_state_size, free, iter)) {
free(hs);
return STATUS_ERR;
}
if (hs->node == NULL)
hash_state_next(*iter);
return STATUS_SUCCESS;
}
int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type_mask, qpol_iterator_t ** iter)
{
policydb_t *db;
avtab_state_t *state;
if (iter) {
*iter = NULL;
}
if (policy == NULL || iter == NULL) {
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
if (!qpol_policy_has_capability(policy, QPOL_CAP_RULES_LOADED)) {
ERR(policy, "%s", "Cannot get avrules: Rules not loaded");
errno = ENOTSUP;
return STATUS_ERR;
}
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
errno = ENOTSUP;
return STATUS_ERR;
}
db = &policy->p->p;
state = calloc(1, sizeof(avtab_state_t));
if (state == NULL) {
ERR(policy, "%s", strerror(ENOMEM));
errno = ENOMEM;
return STATUS_ERR;
}
state->ucond_tab = &db->te_avtab;
state->cond_tab = &db->te_cond_avtab;
state->rule_type_mask = rule_type_mask;
state->node = db->te_avtab.htable[0];
if (qpol_iterator_create
(policy, state, avtab_state_get_cur, avtab_state_next, avtab_state_end, avtab_state_size, free, iter)) {
free(state);
return STATUS_ERR;
}
if (state->node == NULL || !(state->node->key.specified & state->rule_type_mask)) {
avtab_state_next(*iter);
}
return STATUS_SUCCESS;
}
int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
{
policydb_t *db;
int error = 0;
hash_state_t *hs = NULL;
if (policy == NULL || iter == NULL) {
if (iter != NULL)
*iter = NULL;
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
db = &policy->p->p;
hs = calloc(1, sizeof(hash_state_t));
if (hs == NULL) {
error = errno;
ERR(policy, "%s", strerror(ENOMEM));
errno = error;
return STATUS_ERR;
}
hs->table = &db->p_types.table;
hs->node = (*(hs->table))->htable[0];
if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
hash_state_next_typebounds, hash_state_end, hash_state_size, free, iter)) {
free(hs);
return STATUS_ERR;
}
if (hs->node == NULL)
hash_state_next_typebounds(*iter);
/* since we are iterating over all types, ensure our first item is actually bounded. */
if (!qpol_iterator_end(*iter)) {
void *datum = NULL;
type_datum_t *internal_datum = NULL;
qpol_iterator_get_item(*iter, &datum);
internal_datum = (type_datum_t *) datum;
if (internal_datum -> flavor != TYPE_TYPE || internal_datum->bounds == 0)
hash_state_next_typebounds(*iter);
}
return STATUS_SUCCESS;
}
int qpol_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_avrule_t * rule, qpol_iterator_t ** perms)
{
policydb_t *db = NULL;
avtab_ptr_t avrule = NULL;
perm_state_t *ps = NULL;
if (perms) {
*perms = NULL;
}
if (!policy || !rule || !perms) {
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
db = &policy->p->p;
avrule = (avtab_ptr_t) rule;
ps = calloc(1, sizeof(perm_state_t));
if (!ps) {
return STATUS_ERR;
}
if (avrule->key.specified & QPOL_RULE_DONTAUDIT) {
ps->perm_set = ~(avrule->datum.data); /* stored as auditdeny flip the bits */
} else {
ps->perm_set = avrule->datum.data;
}
ps->obj_class_val = avrule->key.target_class;
if (qpol_iterator_create(policy, (void *)ps, perm_state_get_cur,
perm_state_next, perm_state_end, perm_state_size, free, perms)) {
return STATUS_ERR;
}
if (!(ps->perm_set & 1)) /* defaults to bit 0, if off: advance */
perm_state_next(*perms);
return STATUS_SUCCESS;
}
int qpol_user_get_role_iter(const qpol_policy_t * policy, const qpol_user_t * datum, qpol_iterator_t ** roles)
{
user_datum_t *internal_datum = NULL;
int error = 0;
ebitmap_state_t *es = NULL;
if (policy == NULL || datum == NULL || roles == NULL) {
if (roles != NULL)
*roles = NULL;
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
internal_datum = (user_datum_t *) datum;
es = calloc(1, sizeof(ebitmap_state_t));
if (es == NULL) {
error = errno;
ERR(policy, "%s", strerror(ENOMEM));
errno = error;
return STATUS_ERR;
}
es->bmap = &(internal_datum->roles.roles);
es->cur = es->bmap->node ? es->bmap->node->startbit : 0;
if (qpol_iterator_create(policy, es, ebitmap_state_get_cur_role,
ebitmap_state_next, ebitmap_state_end, ebitmap_state_size, free, roles)) {
free(es);
return STATUS_ERR;
}
if (es->bmap->node && !ebitmap_get_bit(es->bmap, es->cur))
ebitmap_state_next(*roles);
return STATUS_SUCCESS;
}
/* As userbounds are in users use these, however will need to calc number of bounds manually in top.tcl*/
int qpol_policy_get_userbounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
{
policydb_t *db;
int error = 0;
hash_state_t *hs = NULL;
if (policy == NULL || iter == NULL) {
if (iter != NULL)
*iter = NULL;
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
db = &policy->p->p;
hs = calloc(1, sizeof(hash_state_t));
if (hs == NULL) {
error = errno;
ERR(policy, "%s", strerror(ENOMEM));
errno = error;
return STATUS_ERR;
}
hs->table = &db->p_users.table;
hs->node = (*(hs->table))->htable[0];
if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
hash_state_next, hash_state_end, hash_state_size, free, iter)) {
free(hs);
return STATUS_ERR;
}
if (hs->node == NULL)
hash_state_next(*iter);
return STATUS_SUCCESS;
}
int qpol_policy_get_genfscon_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter)
{
policydb_t *db = NULL;
genfs_state_t *gs = NULL;
int error = 0;
if (iter != NULL)
*iter = NULL;
if (policy == NULL || iter == NULL) {
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
db = &policy->p->p;
gs = calloc(1, sizeof(genfs_state_t));
if (gs == NULL) {
error = errno;
ERR(policy, "%s", strerror(ENOMEM));
errno = error;
return STATUS_ERR;
}
gs->head = gs->cur = db->genfs;
if (gs->head)
gs->cur_path = gs->head->head;
if (qpol_iterator_create(policy, (void *)gs, genfs_state_get_cur,
genfs_state_next, genfs_state_end, genfs_state_size, free, iter)) {
free(gs);
return STATUS_ERR;
}
return STATUS_SUCCESS;
}
int qpol_policy_get_range_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter)
{
policydb_t *db = NULL;
range_trans_state_t *rs = NULL;
int error = 0;
if (iter)
*iter = NULL;
if (!policy || !iter) {
ERR(policy, "%s", strerror(EINVAL));
errno = EINVAL;
return STATUS_ERR;
}
db = &policy->p->p;
rs = calloc(1, sizeof(range_trans_state_t));
if (!rs) {
error = errno;
ERR(policy, "%s", strerror(error));
errno = error;
return STATUS_ERR;
}
if (qpol_iterator_create(policy, (void *)rs, range_trans_state_get_cur,
range_trans_state_next, range_trans_state_end, range_trans_state_size, free, iter)) {
error = errno;
free(rs);
errno = error;
return STATUS_ERR;
}
rs->head = rs->cur = db->range_tr;
return STATUS_SUCCESS;
}
