static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) { apol_avrule_query_t *avq = NULL; unsigned int rules = 0; int error = 0; char *tmp = NULL, *tok = NULL, *s = NULL; if (!policy || !opt || !v) { PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); errno = EINVAL; return -1; } if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) { *v = NULL; return 0; /* no search to do */ } avq = apol_avrule_query_create(); if (!avq) { PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); errno = ENOMEM; return -1; } if (opt->allow || opt->all) rules |= QPOL_RULE_ALLOW; if (opt->nallow || opt->all) // Add this regardless of policy capabilities rules |= QPOL_RULE_NEVERALLOW; if (opt->auditallow || opt->all) rules |= QPOL_RULE_AUDITALLOW; if (opt->dontaudit || opt->all) rules |= QPOL_RULE_DONTAUDIT; if (rules != 0) // Setting rules = 0 means you want all the rules apol_avrule_query_set_rules(policy, avq, rules); apol_avrule_query_set_regex(policy, avq, opt->useregex); if (opt->src_name) apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect); if (opt->tgt_name) apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect); if (opt->bool_name) apol_avrule_query_set_bool(policy, avq, opt->bool_name); if (opt->class_name) { if (opt->class_vector == NULL) { if (apol_avrule_query_append_class(policy, avq, opt->class_name)) { goto err; } } else { size_t i; for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { char *class_name; class_name = apol_vector_get_element(opt->class_vector, i); if (!class_name) continue; if (apol_avrule_query_append_class(policy, avq, class_name)) { goto err; } } } } if (opt->permlist) { tmp = strdup(opt->permlist); for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) { if (apol_avrule_query_append_perm(policy, avq, tok)) { goto err; } if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) { goto err; } s = NULL; } free(tmp); tmp = NULL; } if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { if (apol_syn_avrule_get_by_query(policy, avq, v)) { goto err; } } else { if (apol_avrule_get_by_query(policy, avq, v)) { goto err; } } apol_avrule_query_destroy(&avq); return 0; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(error)); apol_vector_destroy(v); apol_avrule_query_destroy(&avq); free(tmp); free(s); errno = error; return -1; }
progress_done(run->progress); } else { progress_abort(run->progress, NULL); } return NULL; } /** * Collect the rule search criteria into an avrule_query_t object. * Actually execute the query in a progress thread. */ static void policy_view_on_find_terules_click(GtkButton * button __attribute__ ((unused)), gpointer user_data) { policy_view_t *pv = (policy_view_t *) user_data; apol_policy_t *policy = toplevel_get_policy(pv->top); apol_avrule_query_t *query = apol_avrule_query_create(); apol_avrule_query_set_regex(policy, query, 1); struct find_terules_datum run; const char *s; gboolean only_direct; apol_avrule_query_set_rules(policy, query, QPOL_RULE_ALLOW); if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(pv->stype_check))) { s = util_combo_box_get_active_text(GTK_COMBO_BOX(pv->stype_combo)); only_direct = gtk_toggle_button_get_active(pv->stype_direct); if (strcmp(s, "") == 0) { toplevel_ERR(pv->top, "No source type was selected."); return; } apol_avrule_query_set_source(policy, query, s, only_direct == FALSE); apol_avrule_query_set_source_component(policy, query, APOL_QUERY_SYMBOL_IS_TYPE); }