static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule,
unsigned int stype, unsigned int ttype,
const class_perm_node_t *curperm, uint32_t perms)
{
if (avrule->source_filename) {
ERR(handle, "neverallow on line %lu of %s (or line %lu of policy.conf) violated by allow %s %s:%s {%s };",
avrule->source_line, avrule->source_filename, avrule->line,
p->p_type_val_to_name[stype],
p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->tclass - 1],
sepol_av_to_string(p, curperm->tclass, perms));
} else if (avrule->line) {
ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };",
avrule->line, p->p_type_val_to_name[stype],
p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->tclass - 1],
sepol_av_to_string(p, curperm->tclass, perms));
} else {
ERR(handle, "neverallow violated by allow %s %s:%s {%s };",
p->p_type_val_to_name[stype],
p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->tclass - 1],
sepol_av_to_string(p, curperm->tclass, perms));
}
}
int render_access_mask(uint32_t mask, avtab_key_t * key, policydb_t * p,
FILE * fp)
{
char *perm;
fprintf(fp, "{");
perm = sepol_av_to_string(p, key->target_class, mask);
if (perm)
fprintf(fp, "%s ", perm);
fprintf(fp, "}");
return 0;
}
static void display_allow(policydb_t *policydb, avtab_key_t *key, int idx,
uint32_t perms)
{
printf(" allow %s %s:%s { %s };\n",
policydb->p_type_val_to_name[key->source_type
? key->source_type - 1 : idx],
key->target_type == key->source_type ? "self" :
policydb->p_type_val_to_name[key->target_type
? key->target_type - 1 : idx],
policydb->p_class_val_to_name[key->target_class - 1],
sepol_av_to_string
(policydb, key->target_class, perms));
}
