int terule_init()
{
apol_policy_path_t *ppath = apol_policy_path_create(APOL_POLICY_PATH_TYPE_MONOLITHIC, BIN_POLICY, NULL);
if (ppath == NULL) {
return 1;
}
if ((bp = apol_policy_create_from_policy_path(ppath, 0, NULL, NULL)) == NULL) {
apol_policy_path_destroy(&ppath);
return 1;
}
apol_policy_path_destroy(&ppath);
ppath = apol_policy_path_create(APOL_POLICY_PATH_TYPE_MONOLITHIC, SOURCE_POLICY, NULL);
if (ppath == NULL) {
return 1;
}
if ((sp = apol_policy_create_from_policy_path(ppath, 0, NULL, NULL)) == NULL) {
apol_policy_path_destroy(&ppath);
return 1;
}
apol_policy_path_destroy(&ppath);
if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(sp)) != 0) {
return 1;
}
return 0;
}
int poldiff_enable_line_numbers(poldiff_t * diff)
{
int retval;
if (diff == NULL) {
errno = EINVAL;
return -1;
}
if (!diff->line_numbers_enabled) {
if (qpol_policy_build_syn_rule_table(diff->orig_qpol))
return -1;
if (qpol_policy_build_syn_rule_table(diff->mod_qpol))
return -1;
if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_ALLOW)) < 0) {
return retval;
}
if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_AUDITALLOW)) < 0) {
return retval;
}
if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_DONTAUDIT)) < 0) {
return retval;
}
if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_NEVERALLOW)) < 0) {
return retval;
}
if ((retval = terule_enable_line_numbers(diff, TERULE_OFFSET_CHANGE)) < 0) {
return retval;
}
if ((retval = terule_enable_line_numbers(diff, TERULE_OFFSET_MEMBER)) < 0) {
return retval;
}
if ((retval = terule_enable_line_numbers(diff, TERULE_OFFSET_TRANS)) < 0) {
return retval;
}
diff->line_numbers_enabled = 1;
}
return 0;
}
/**
* Perform the rule query within a thread.
*/
static gpointer policy_view_find_terules_runner(gpointer data)
{
struct find_terules_datum *run = (struct find_terules_datum *)data;
run->results = NULL;
qpol_policy_t *q = apol_policy_get_qpol(run->policy);
if (!qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES)) {
progress_update(run->progress, "Searching AV rules");
run->retval = apol_avrule_get_by_query(run->policy, run->query, &run->results);
run->is_syn_rules = 0;
} else {
qpol_policy_build_syn_rule_table(q);
progress_update(run->progress, "Searching syntactic AV rules");
run->retval = apol_syn_avrule_get_by_query(run->policy, run->query, &run->results);
run->is_syn_rules = 1;
}
if (run->retval == 0) {
progress_done(run->progress);
} else {
progress_abort(run->progress, NULL);
}
return NULL;
}
PyObject* search(bool allow,
bool neverallow,
bool auditallow,
bool dontaudit,
bool transition,
bool role_allow,
const char *src_name,
const char *tgt_name,
const char *class_name,
const char *permlist
)
{
options_t cmd_opts;
PyObject *output = NULL;
apol_vector_t *v = NULL;
memset(&cmd_opts, 0, sizeof(cmd_opts));
cmd_opts.indirect = true;
cmd_opts.show_cond = true;
cmd_opts.allow = allow;
cmd_opts.nallow = neverallow;
cmd_opts.auditallow = auditallow;
cmd_opts.dontaudit = dontaudit;
cmd_opts.type = transition;
cmd_opts.role_allow = role_allow;
if (src_name)
cmd_opts.src_name = strdup(src_name);
if (tgt_name)
cmd_opts.tgt_name = strdup(tgt_name);
if (class_name)
cmd_opts.class_name = strdup(class_name);
if (permlist){
cmd_opts.perm_vector = apol_vector_create(free);
cmd_opts.permlist = strdup(permlist);
}
if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) {
PyErr_SetString(PyExc_RuntimeError,"Query failed");
goto cleanup;
}
}
/* if syntactic rules are not available always do semantic search */
if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
cmd_opts.semantic = 1;
}
/* supress line numbers if doing semantic search or not available */
if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) {
cmd_opts.lineno = 0;
}
if (perform_av_query(policy, &cmd_opts, &v)) {
goto cleanup;
}
output = PyList_New(0);
if (!output)
goto cleanup;
if (v) {
get_av_results(policy, v, output);
}
apol_vector_destroy(&v);
if (perform_te_query(policy, &cmd_opts, &v)) {
goto cleanup;
}
if (v) {
get_te_results(policy, v, output);
}
if (cmd_opts.all || cmd_opts.type) {
apol_vector_destroy(&v);
if (perform_ft_query(policy, &cmd_opts, &v)) {
goto cleanup;
}
if (v) {
get_ft_results(policy, v, output);
}
}
if (cmd_opts.all || cmd_opts.role_allow) {
apol_vector_destroy(&v);
if (perform_ra_query(policy, &cmd_opts, &v)) {
goto cleanup;
}
if (v) {
get_ra_results(policy, v, output);
}
}
apol_vector_destroy(&v);
cleanup:
free(cmd_opts.src_name);
free(cmd_opts.tgt_name);
free(cmd_opts.class_name);
free(cmd_opts.permlist);
free(cmd_opts.bool_name);
free(cmd_opts.src_role_name);
free(cmd_opts.tgt_role_name);
apol_vector_destroy(&cmd_opts.perm_vector);
apol_vector_destroy(&cmd_opts.class_vector);
if (output && PyList_GET_SIZE(output) == 0) {
py_decref(output);
return Py_None;
}
return output;
}
