char *apol_role_trans_render(const apol_policy_t * policy, const qpol_role_trans_t * rule) { char *tmp = NULL; const char *source_name = NULL, *target_name = NULL, *default_name = NULL; const qpol_role_t *role = NULL; const qpol_type_t *type = NULL; if (!policy || !rule) { ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return NULL; } /* source role */ if (qpol_role_trans_get_source_role(policy->p, rule, &role)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (qpol_role_get_name(policy->p, role, &source_name)) { ERR(policy, "%s", strerror(errno)); return NULL; } /* target type */ if (qpol_role_trans_get_target_type(policy->p, rule, &type)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (qpol_type_get_name(policy->p, type, &target_name)) { ERR(policy, "%s", strerror(errno)); return NULL; } /* default role */ if (qpol_role_trans_get_default_role(policy->p, rule, &role)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (qpol_role_get_name(policy->p, role, &default_name)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (asprintf(&tmp, "role_transition %s %s %s;", source_name, target_name, default_name) < 0) { ERR(policy, "%s", strerror(errno)); return NULL; } return tmp; }
char *apol_role_allow_render(const apol_policy_t * policy, const qpol_role_allow_t * rule) { char *tmp = NULL; const char *source_name = NULL, *target_name = NULL; const qpol_role_t *role = NULL; if (!policy || !rule) { ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return NULL; } /* source role */ if (qpol_role_allow_get_source_role(policy->p, rule, &role)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (qpol_role_get_name(policy->p, role, &source_name)) { ERR(policy, "%s", strerror(errno)); return NULL; } /* target role */ if (qpol_role_allow_get_target_role(policy->p, rule, &role)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (qpol_role_get_name(policy->p, role, &target_name)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (asprintf(&tmp, "allow %s %s;", source_name, target_name) < 0) { ERR(policy, "%s", strerror(errno)); return NULL; } return tmp; }
apol_context_t *apol_context_create_from_qpol_context(const apol_policy_t * p, const qpol_context_t * context) { apol_context_t *c = NULL; const qpol_user_t *user; const qpol_role_t *role; const qpol_type_t *type; const qpol_mls_range_t *range; const char *user_name, *role_name, *type_name; apol_mls_range_t *apol_range = NULL; if ((c = apol_context_create()) == NULL) { ERR(p, "%s", strerror(ENOMEM)); goto err; } if (qpol_context_get_user(p->p, context, &user) < 0 || qpol_context_get_role(p->p, context, &role) < 0 || qpol_context_get_type(p->p, context, &type) < 0 || qpol_context_get_range(p->p, context, &range) < 0) { goto err; } if (qpol_user_get_name(p->p, user, &user_name) < 0 || qpol_role_get_name(p->p, role, &role_name) < 0 || qpol_type_get_name(p->p, type, &type_name) < 0) { goto err; } if (qpol_policy_has_capability(p->p, QPOL_CAP_MLS)) { /* if the policy is MLS then convert the range, else * rely upon the default value of NULL */ if ((apol_range = apol_mls_range_create_from_qpol_mls_range(p, range)) == NULL) { goto err; } } if (apol_context_set_user(p, c, user_name) < 0 || apol_context_set_role(p, c, role_name) < 0 || apol_context_set_type(p, c, type_name) < 0 || apol_context_set_range(p, c, apol_range) < 0) { goto err; } return c; err: apol_mls_range_destroy(&apol_range); apol_context_destroy(&c); return NULL; }
static PyObject* get_ra_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) { size_t i, num_rules = 0; qpol_policy_t *q; const qpol_role_allow_t *rule = NULL; const char *tmp; PyObject *obj, *dict=NULL; const qpol_role_t *role = NULL; int error = 0; errno = EINVAL; int rt; if (!policy || !v) { errno = EINVAL; goto err; } if (!(num_rules = apol_vector_get_size(v))) return NULL; q = apol_policy_get_qpol(policy); for (i = 0; i < num_rules; i++) { dict = PyDict_New(); if (!dict) goto err; if (!(rule = apol_vector_get_element(v, i))) goto err; if (qpol_role_allow_get_source_role(q, rule, &role)) { goto err; } if (qpol_role_get_name(q, role, &tmp)) { goto err; } obj = PyUnicode_FromString(tmp); if (py_insert_obj(dict, "source", obj)) goto err; if (qpol_role_allow_get_target_role(q, rule, &role)) { goto err; } if (qpol_role_get_name(q, role, &tmp)) { goto err; } obj = PyUnicode_FromString(tmp); if (py_insert_obj(dict, "target", obj)) goto err; rt = py_append_obj(output, dict); if (rt) goto err; py_decref(dict); dict=NULL; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(error)); py_decref(dict); cleanup: errno = error; return output; }
/** * get a textual representation of a role, and * all of that role's types. * * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy * types */ static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb) { const char *role_name = NULL, *type_name = NULL; const qpol_role_t *dom_datum = NULL; const qpol_type_t *type_datum = NULL; qpol_iterator_t *iter = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); size_t n_dom = 0, n_types = 0; int error = 0; int rt; PyObject *list = NULL; PyObject *dict = PyDict_New(); if (!dict) goto err; if (qpol_role_get_name(q, role_datum, &role_name)) goto err; if (py_insert_string(dict, "name", role_name)) goto err; if (qpol_role_get_dominate_iter(q, role_datum, &iter)) goto err; if (qpol_iterator_get_size(iter, &n_dom)) goto err; if ((int)n_dom > 0) { list = PyList_New(0); if (!list) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&dom_datum)) goto err; if (qpol_role_get_name(q, dom_datum, &role_name)) goto err; if (py_append_string(list, role_name)) goto err; } rt = py_insert_obj(dict, "roles", list); Py_DECREF(list); list = NULL; if (rt) goto err; } qpol_iterator_destroy(&iter); if (qpol_role_get_type_iter(q, role_datum, &iter)) goto err; if (qpol_iterator_get_size(iter, &n_types)) goto err; if ((int)n_types > 0) { list = PyList_New(0); if (!list) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&type_datum)) goto err; if (qpol_type_get_name(q, type_datum, &type_name)) goto err; if (py_append_string(list, type_name)) goto err; } rt = py_insert_obj(dict, "types", list); Py_DECREF(list); list = NULL; if (rt) goto err; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; py_decref(dict); dict = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return dict; }
/** * Gets a textual representation of a user, and * all of that user's roles. * * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy * roles */ static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb) { int error = 0; int rt; const qpol_role_t *role_datum = NULL; qpol_iterator_t *iter = NULL; const qpol_mls_range_t *range = NULL; const qpol_mls_level_t *dflt_level = NULL; apol_mls_level_t *ap_lvl = NULL; apol_mls_range_t *ap_range = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); char *tmp = NULL; const char *user_name, *role_name; PyObject *dict = NULL; PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_user_get_name(q, user_datum, &user_name)) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "name", user_name)) goto err; if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) { if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level)) goto err; ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level); tmp = apol_mls_level_render(policydb, ap_lvl); if (!tmp) goto err; if (py_insert_string(dict, "level", tmp)) goto err; free(tmp); tmp = NULL; if (qpol_user_get_range(q, user_datum, &range)) goto err; ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range); tmp = apol_mls_range_render(policydb, ap_range); if (!tmp) goto err; if (py_insert_string(dict, "range", tmp)) goto err; free(tmp); tmp=NULL; } if (qpol_user_get_role_iter(q, user_datum, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&role_datum)) goto err; if (qpol_role_get_name(q, role_datum, &role_name)) goto err; if (py_append_string(list, role_name)) goto err; } rt = py_insert_obj(dict, "roles", list); Py_DECREF(list); list=NULL; if (rt) goto err; goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list=NULL; py_decref(dict); dict=NULL; cleanup: free(tmp); qpol_iterator_destroy(&iter); apol_mls_level_destroy(&ap_lvl); apol_mls_range_destroy(&ap_range); errno = error; return dict; }