/** * Perform the rule query within a thread. */ static gpointer policy_view_find_terules_runner(gpointer data) { struct find_terules_datum *run = (struct find_terules_datum *)data; run->results = NULL; qpol_policy_t *q = apol_policy_get_qpol(run->policy); if (!qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES)) { progress_update(run->progress, "Searching AV rules"); run->retval = apol_avrule_get_by_query(run->policy, run->query, &run->results); run->is_syn_rules = 0; } else { qpol_policy_build_syn_rule_table(q); progress_update(run->progress, "Searching syntactic AV rules"); run->retval = apol_syn_avrule_get_by_query(run->policy, run->query, &run->results); run->is_syn_rules = 1; } if (run->retval == 0) { progress_done(run->progress); } else { progress_abort(run->progress, NULL); } return NULL; }
static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) { apol_avrule_query_t *avq = NULL; unsigned int rules = 0; int error = 0; char *tmp = NULL, *tok = NULL, *s = NULL; if (!policy || !opt || !v) { PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); errno = EINVAL; return -1; } if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) { *v = NULL; return 0; /* no search to do */ } avq = apol_avrule_query_create(); if (!avq) { PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); errno = ENOMEM; return -1; } if (opt->allow || opt->all) rules |= QPOL_RULE_ALLOW; if (opt->nallow || opt->all) // Add this regardless of policy capabilities rules |= QPOL_RULE_NEVERALLOW; if (opt->auditallow || opt->all) rules |= QPOL_RULE_AUDITALLOW; if (opt->dontaudit || opt->all) rules |= QPOL_RULE_DONTAUDIT; if (rules != 0) // Setting rules = 0 means you want all the rules apol_avrule_query_set_rules(policy, avq, rules); apol_avrule_query_set_regex(policy, avq, opt->useregex); if (opt->src_name) apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect); if (opt->tgt_name) apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect); if (opt->bool_name) apol_avrule_query_set_bool(policy, avq, opt->bool_name); if (opt->class_name) { if (opt->class_vector == NULL) { if (apol_avrule_query_append_class(policy, avq, opt->class_name)) { goto err; } } else { size_t i; for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { char *class_name; class_name = apol_vector_get_element(opt->class_vector, i); if (!class_name) continue; if (apol_avrule_query_append_class(policy, avq, class_name)) { goto err; } } } } if (opt->permlist) { tmp = strdup(opt->permlist); for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) { if (apol_avrule_query_append_perm(policy, avq, tok)) { goto err; } if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) { goto err; } s = NULL; } free(tmp); tmp = NULL; } if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { if (apol_syn_avrule_get_by_query(policy, avq, v)) { goto err; } } else { if (apol_avrule_get_by_query(policy, avq, v)) { goto err; } } apol_avrule_query_destroy(&avq); return 0; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(error)); apol_vector_destroy(v); apol_avrule_query_destroy(&avq); free(tmp); free(s); errno = error; return -1; }