/** * Get statistics regarding a policy's roles. * If this function is given a name, it will attempt to * get statistics about a particular role; otherwise * the function get statistics about all of the policy's roles. * * @param name Reference to an role's name; if NULL, * all roles will be considered * @param policydb Reference to a policy * * @return 0 on success, < 0 on error. */ static PyObject* get_roles(const char *name, const apol_policy_t * policydb) { const qpol_role_t *role_datum = NULL; qpol_iterator_t *iter = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); int error = 0; int rt; PyObject *obj; PyObject *list = PyList_New(0); if (!list) goto err; if (name != NULL) { if (qpol_policy_get_role_by_name(q, name, &role_datum)) { errno = EINVAL; goto err; } obj = get_role(role_datum, policydb); rt = py_append_obj(list, obj); Py_DECREF(obj); if (rt) goto err; } else { if (qpol_policy_get_role_iter(q, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&role_datum)) goto err; obj = get_role(role_datum, policydb); rt = py_append_obj(list, obj); Py_DECREF(obj); if (rt) goto err; } qpol_iterator_destroy(&iter); } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return list; }
/** * Prints statistics regarding a policy's MLS categories. * If this function is given a name, it will attempt to * get statistics about a particular category; otherwise * the function gets statistics about all of the policy's * categories. * * @param name Reference to a MLS category's name; if NULL, * all categories will be considered * @param policydb Reference to a policy * * @return 0 on success, < 0 on error. */ static PyObject* get_cats(const char *name, const apol_policy_t * policydb) { PyObject *obj = NULL; apol_cat_query_t *query = NULL; apol_vector_t *v = NULL; const qpol_cat_t *cat_datum = NULL; size_t i, n_cats; int error = 0; int rt; PyObject *list = PyList_New(0); if (!list) goto err; query = apol_cat_query_create(); if (!query) goto err; if (apol_cat_query_set_cat(policydb, query, name)) goto err; if (apol_cat_get_by_query(policydb, query, &v)) goto err; n_cats = apol_vector_get_size(v); apol_vector_sort(v, &qpol_cat_datum_compare, (void *)policydb); for (i = 0; i < n_cats; i++) { cat_datum = apol_vector_get_element(v, i); if (!cat_datum) goto err; obj = get_cat_sens(cat_datum, policydb); if (!obj) goto err; rt = py_append_obj(list, obj); Py_DECREF(obj); if (rt) goto err; } if (name && !n_cats) { goto err; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; cleanup: apol_cat_query_destroy(&query); apol_vector_destroy(&v); errno = error; return list; }
static PyObject* get_av_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) { PyObject *obj, *dict=NULL; PyObject *permlist = NULL; PyObject *boollist = NULL; uint32_t rule_type = 0; int rt; int error = 0; qpol_policy_t *q; size_t i, num_rules = 0; const qpol_avrule_t *rule = NULL; char *tmp = NULL, *rule_str = NULL; qpol_cond_expr_node_t *expr = NULL; qpol_iterator_t *iter = NULL; const qpol_cond_t *cond = NULL; uint32_t enabled = 0; const qpol_type_t *type; const char *tmp_name; const qpol_class_t *obj_class = NULL; if (!policy || !v) { errno = EINVAL; goto err; } if (!(num_rules = apol_vector_get_size(v))) return NULL; q = apol_policy_get_qpol(policy); for (i = 0; i < num_rules; i++) { if (!(rule = apol_vector_get_element(v, i))) goto err; dict = PyDict_New(); if (!dict) goto err; if (qpol_avrule_get_rule_type(q, rule, &rule_type)) goto err; if (!(tmp_name = apol_rule_type_to_str(rule_type))) { PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string"); errno = EINVAL; goto err; } if (py_insert_string(dict, "type", tmp_name)) goto err; if (qpol_avrule_get_source_type(q, rule, &type)) { goto err; } if (qpol_type_get_name(q, type, &tmp_name)) { goto err; } if (py_insert_string(dict, "source", tmp_name)) goto err; if (qpol_avrule_get_target_type(q, rule, &type)) { goto err; } if (qpol_type_get_name(q, type, &tmp_name)) { goto err; } if (py_insert_string(dict, "target", tmp_name)) goto err; if (qpol_avrule_get_object_class(q, rule, &obj_class)) { goto err; } if (qpol_class_get_name(q, obj_class, &tmp_name)) { goto err; } if (py_insert_string(dict, "class", tmp_name)) goto err; if (qpol_avrule_get_perm_iter(q, rule, &iter)) { goto err; } permlist = PyList_New(0); if (! permlist) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { const char *perm_name = NULL; if (qpol_iterator_get_item(iter, (void **)&perm_name)) goto err; if (py_append_string(permlist, perm_name)) goto err; } rt = PyDict_SetItemString(dict, "permlist", permlist); py_decref(permlist); permlist=NULL; if (rt) goto err; if (qpol_avrule_get_cond(q, rule, &cond)) goto err; if (qpol_avrule_get_is_enabled(q, rule, &enabled)) goto err; obj = PyBool_FromLong(enabled); rt = PyDict_SetItemString(dict, "enabled", obj); py_decref(obj); if (cond) { obj = get_bool(q, cond, enabled); if (!obj) goto err; rt = PyDict_SetItemString(dict, "boolean", obj); py_decref(obj); } rt = py_append_obj(output, dict); py_decref(dict); dict=NULL; if (rt) goto err; free(rule_str); rule_str = NULL; free(expr); expr = NULL; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(dict); py_decref(permlist); py_decref(boollist); cleanup: free(tmp); free(rule_str); free(expr); errno = error; return output; }
static PyObject* get_ft_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *list) { PyObject *dict = NULL; size_t i, num_filename_trans = 0; const char *tmp_name; int error = 0; int rt; const qpol_filename_trans_t *filename_trans = NULL; const qpol_class_t *obj_class = NULL; char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; qpol_policy_t *q; const qpol_type_t *type = NULL; if (!policy || !v) { errno = EINVAL; goto err; } if (!(num_filename_trans = apol_vector_get_size(v))) return NULL; q = apol_policy_get_qpol(policy); for (i = 0; i < num_filename_trans; i++) { if (!(filename_trans = apol_vector_get_element(v, i))) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "type", "type_transition")) goto err; /* source type */ if (qpol_filename_trans_get_source_type(q, filename_trans, &type)) { goto err; } if (qpol_type_get_name(q, type, &tmp_name)) { goto err; } if (py_insert_string(dict, "source", tmp_name)) goto err; if (qpol_filename_trans_get_target_type(q, filename_trans, &type)) goto err; if (qpol_type_get_name(q, type, &tmp_name)) goto err; if (py_insert_string(dict, "target", tmp_name)) goto err; if (qpol_filename_trans_get_object_class(q, filename_trans, &obj_class)) goto err; if (qpol_class_get_name(q, obj_class, &tmp_name)) goto err; if (py_insert_string(dict, "class", tmp_name)) goto err; if (qpol_filename_trans_get_default_type(q, filename_trans, &type)) goto err; if (qpol_type_get_name(q, type, &tmp_name)) goto err; if (py_insert_string(dict, "transtype", tmp_name)) goto err; if (! qpol_filename_trans_get_filename(q, filename_trans, &tmp_name)) { if (py_insert_string(dict, "filename", tmp_name)) goto err; } rt = py_append_obj(list, dict); dict = NULL; if (rt) goto err; free(filename_trans_str); filename_trans_str = NULL; free(expr); expr = NULL; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(dict); cleanup: free(tmp); free(filename_trans_str); free(expr); errno = error; return list; }
static PyObject* get_te_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) { int error = 0; int rt = 0; PyObject *obj, *dict=NULL, *tuple = NULL; qpol_policy_t *q; uint32_t rule_type = 0; const qpol_type_t *type; size_t i, num_rules = 0; const qpol_terule_t *rule = NULL; char *tmp = NULL, *rule_str = NULL, *expr = NULL; const qpol_cond_t *cond = NULL; uint32_t enabled = 0; const char *tmp_name; const qpol_class_t *obj_class = NULL; if (!policy || !v) { errno = EINVAL; goto err; } if (!(num_rules = apol_vector_get_size(v))) return NULL; q = apol_policy_get_qpol(policy); for (i = 0; i < num_rules; i++) { dict = PyDict_New(); if (!dict) goto err; if (!(rule = apol_vector_get_element(v, i))) goto err; if (qpol_terule_get_cond(q, rule, &cond)) goto err; if (qpol_terule_get_is_enabled(q, rule, &enabled)) goto err; if (cond) { obj = get_bool(q, cond, enabled); if (!obj) goto err; rt = PyDict_SetItemString(dict, "boolean", obj); py_decref(obj); } if (qpol_terule_get_rule_type(q, rule, &rule_type)) goto err; if (!(rule_type &= (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER))) { PyErr_SetString(PyExc_RuntimeError,"Invalid TE rule type"); errno = EINVAL; goto err; } if (!(tmp_name = apol_rule_type_to_str(rule_type))) { PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string"); errno = EINVAL; goto err; } if (py_insert_string(dict, "type", tmp_name)) goto err; if (qpol_terule_get_source_type(q, rule, &type)) goto err; if (qpol_type_get_name(q, type, &tmp_name)) goto err; if (py_insert_string(dict, "source", tmp_name)) goto err; if (qpol_terule_get_target_type(q, rule, &type)) goto err; if (qpol_type_get_name(q, type, &tmp_name)) goto err; if (py_insert_string(dict, "target", tmp_name)) goto err; if (qpol_terule_get_object_class(q, rule, &obj_class)) goto err; if (qpol_class_get_name(q, obj_class, &tmp_name)) goto err; if (py_insert_string(dict, "class", tmp_name)) goto err; if (qpol_terule_get_default_type(q, rule, &type)) goto err; if (qpol_type_get_name(q, type, &tmp_name)) goto err; if (py_insert_string(dict, "transtype", tmp_name)) goto err; rt = py_append_obj(output, dict); dict = NULL; if(rt) goto err; free(rule_str); rule_str = NULL; free(expr); expr = NULL; } goto cleanup; err: error = errno; py_decref(dict); py_decref(tuple); PyErr_SetString(PyExc_RuntimeError,strerror(error)); cleanup: free(tmp); free(rule_str); free(expr); errno = error; return output; }
static PyObject* get_bool(const qpol_policy_t *q, const qpol_cond_t * cond, int enabled) { qpol_iterator_t *iter = NULL; qpol_cond_expr_node_t *expr = NULL; char *tmp = NULL; const char *bool_name = NULL; int error = 0; uint32_t expr_type = 0; qpol_bool_t *cond_bool = NULL; PyObject *obj, *tuple = NULL; PyObject *boollist = NULL; if (!q || !cond) { errno = EINVAL; return NULL; } if (qpol_cond_get_expr_node_iter(q, cond, &iter) < 0) { goto err; } boollist = PyList_New(0); if (! boollist) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&expr)) { goto err; } if (qpol_cond_expr_node_get_expr_type(q, expr, &expr_type)) { goto err; } if (expr_type != QPOL_COND_EXPR_BOOL) { obj = PyUnicode_FromString(apol_cond_expr_type_to_str(expr_type)); if (!obj) goto err; if (py_append_obj(boollist, obj)) goto err; } else { tuple = PyTuple_New(2); if (!tuple) goto err; if (qpol_cond_expr_node_get_bool(q, expr, &cond_bool)) { goto err; } if (qpol_bool_get_name(q, cond_bool, &bool_name)) { goto err; } obj = PyUnicode_FromString(bool_name); if (py_tuple_insert_obj(tuple, 0, obj)) goto err; obj = PyBool_FromLong(enabled); if (py_tuple_insert_obj(tuple, 1, obj)) goto err; if (py_append_obj(boollist, tuple)) goto err; tuple=NULL; } } qpol_iterator_destroy(&iter); return boollist; err: error = errno; qpol_iterator_destroy(&iter); py_decref(tuple); py_decref(boollist); free(tmp); errno = error; return NULL; }
static PyObject* get_ra_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) { size_t i, num_rules = 0; qpol_policy_t *q; const qpol_role_allow_t *rule = NULL; const char *tmp; PyObject *obj, *dict=NULL; const qpol_role_t *role = NULL; int error = 0; errno = EINVAL; int rt; if (!policy || !v) { errno = EINVAL; goto err; } if (!(num_rules = apol_vector_get_size(v))) return NULL; q = apol_policy_get_qpol(policy); for (i = 0; i < num_rules; i++) { dict = PyDict_New(); if (!dict) goto err; if (!(rule = apol_vector_get_element(v, i))) goto err; if (qpol_role_allow_get_source_role(q, rule, &role)) { goto err; } if (qpol_role_get_name(q, role, &tmp)) { goto err; } obj = PyUnicode_FromString(tmp); if (py_insert_obj(dict, "source", obj)) goto err; if (qpol_role_allow_get_target_role(q, rule, &role)) { goto err; } if (qpol_role_get_name(q, role, &tmp)) { goto err; } obj = PyUnicode_FromString(tmp); if (py_insert_obj(dict, "target", obj)) goto err; rt = py_append_obj(output, dict); if (rt) goto err; py_decref(dict); dict=NULL; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(error)); py_decref(dict); cleanup: errno = error; return output; }
/** * Get statistics regarding a policy's ports. * If this function is given a name, it will attempt to * get statistics about a particular port; otherwise * the function get statistics about all of the policy's ports. * * @param name Reference to an port's name; if NULL, * all ports will be considered * @param policydb Reference to a policy * * @return 0 on success, < 0 on error. */ static PyObject* get_ports(const char *num, const apol_policy_t * policydb) { const qpol_portcon_t *portcon = NULL; qpol_iterator_t *iter = NULL; uint16_t low_port, high_port; uint8_t ocon_proto; qpol_policy_t *q = apol_policy_get_qpol(policydb); const qpol_context_t *ctxt = NULL; const char *proto_str = NULL; const char *type = NULL; const apol_mls_range_t *range = NULL; char *range_str = NULL; apol_context_t *c = NULL; int error = 0; int rt = 0; PyObject *dict = NULL; PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_policy_get_portcon_iter(q, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&portcon)) goto err; if (qpol_portcon_get_low_port(q, portcon, &low_port)) goto err; if (qpol_portcon_get_high_port(q, portcon, &high_port)) goto err; if (qpol_portcon_get_protocol(q, portcon, &ocon_proto)) goto err; if (num) { if (atoi(num) < low_port || atoi(num) > high_port) continue; } if ((ocon_proto != IPPROTO_TCP) && (ocon_proto != IPPROTO_UDP)) goto err; if (qpol_portcon_get_context(q, portcon, &ctxt)) { PyErr_SetString(PyExc_RuntimeError, "Could not get for port context."); goto err; } if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) { PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port"); goto err; } if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) { goto err; } if((type = apol_context_get_type(c)) == NULL) { apol_context_destroy(&c); goto err; } dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "type", type)) goto err; if((range = apol_context_get_range(c)) != NULL) { range_str = apol_mls_range_render(policydb, range); if (range_str == NULL) { goto err; } if (py_insert_string(dict, "range", range_str)) goto err; } if (py_insert_string(dict, "protocol", proto_str)) goto err; if (py_insert_long(dict, "high", high_port)) goto err; if (py_insert_long(dict, "low", low_port)) goto err; rt = py_append_obj(list, dict); Py_DECREF(dict); dict = NULL; if (rt) goto err; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; py_decref(dict); dict = NULL; cleanup: free(range_str); apol_context_destroy(&c); qpol_iterator_destroy(&iter); errno = error; return list; }
/** * Gets statistics regarding a policy's booleans. * If this function is given a name, it will attempt to * get statistics about a particular boolean; otherwise * the function gets statistics about all of the policy's booleans. * * @param fp Reference to a file to which to print statistics * @param name Reference to a boolean's name; if NULL, * all booleans will be considered * @param expand Flag indicating whether to print each * boolean's default state * @param policydb Reference to a policy * * @return new reference, or NULL (setting an exception) */ static PyObject* get_booleans(const char *name, const apol_policy_t * policydb) { PyObject *dict = NULL; int error = 0; int rt = 0; const char *bool_name = NULL; int state; qpol_bool_t *bool_datum = NULL; qpol_iterator_t *iter = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); size_t n_bools = 0; PyObject *list = PyList_New(0); if (!list) goto err; if (name != NULL) { if (qpol_policy_get_bool_by_name(q, name, &bool_datum)) goto err; if (qpol_bool_get_state(q, bool_datum, &state)) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "name", name)) goto err; if (py_insert_bool(dict, "name", state)) goto err; rt = py_append_obj(list, dict); Py_DECREF(dict); dict = NULL; if (rt) goto err; } else { if (qpol_policy_get_bool_iter(q, &iter)) goto err; if (qpol_iterator_get_size(iter, &n_bools)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&bool_datum)) goto err; if (qpol_bool_get_name(q, bool_datum, &bool_name)) goto err; if (qpol_bool_get_state(q, bool_datum, &state)) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "name", bool_name)) goto err; if (py_insert_bool(dict, "state", state)) goto err; rt = py_append_obj(list, dict); Py_DECREF(dict); dict = NULL; if (rt) goto err; } qpol_iterator_destroy(&iter); } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(error)); py_decref(list); list = NULL; py_decref(dict); dict = NULL; cleanup: qpol_iterator_destroy(&iter); errno = error; return list; }
/** * Gets statistics regarding a policy's attributes. * If this function is given a name, it will attempt to * get statistics about a particular attribute; otherwise * the function gets statistics about all of the policy's * attributes. * * @param name Reference to an attribute's name; if NULL, * all object classes will be considered * @param policydb Reference to a policy * * @return 0 on success, < 0 on error. */ static PyObject* get_attribs(const char *name, const apol_policy_t * policydb) { PyObject *obj; apol_attr_query_t *attr_query = NULL; apol_vector_t *v = NULL; const qpol_type_t *type_datum = NULL; size_t n_attrs, i; int error = 0; int rt = 0; PyObject *list = PyList_New(0); if (!list) goto err; /* we are only getting information about 1 attribute */ if (name != NULL) { attr_query = apol_attr_query_create(); if (!attr_query) goto err; if (apol_attr_query_set_attr(policydb, attr_query, name)) goto err; if (apol_attr_get_by_query(policydb, attr_query, &v)) goto err; apol_attr_query_destroy(&attr_query); if (apol_vector_get_size(v) == 0) { apol_vector_destroy(&v); errno = EINVAL; goto err; } type_datum = apol_vector_get_element(v, (size_t) 0); obj = get_attr(type_datum, policydb); rt = py_append_obj(list, obj); Py_DECREF(obj); if (rt) goto err; } else { attr_query = apol_attr_query_create(); if (!attr_query) goto err; if (apol_attr_get_by_query(policydb, attr_query, &v)) goto err; apol_attr_query_destroy(&attr_query); n_attrs = apol_vector_get_size(v); for (i = 0; i < n_attrs; i++) { /* get qpol_type_t* item from vector */ type_datum = (qpol_type_t *) apol_vector_get_element(v, (size_t) i); if (!type_datum) goto err; obj = get_attr(type_datum, policydb); rt = py_append_obj(list, obj); Py_DECREF(obj); if (rt) goto err; } } apol_vector_destroy(&v); goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; cleanup: apol_attr_query_destroy(&attr_query); apol_vector_destroy(&v); errno = error; return list; }