int terule_init() { apol_policy_path_t *ppath = apol_policy_path_create(APOL_POLICY_PATH_TYPE_MONOLITHIC, BIN_POLICY, NULL); if (ppath == NULL) { return 1; } if ((bp = apol_policy_create_from_policy_path(ppath, 0, NULL, NULL)) == NULL) { apol_policy_path_destroy(&ppath); return 1; } apol_policy_path_destroy(&ppath); ppath = apol_policy_path_create(APOL_POLICY_PATH_TYPE_MONOLITHIC, SOURCE_POLICY, NULL); if (ppath == NULL) { return 1; } if ((sp = apol_policy_create_from_policy_path(ppath, 0, NULL, NULL)) == NULL) { apol_policy_path_destroy(&ppath); return 1; } apol_policy_path_destroy(&ppath); if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(sp)) != 0) { return 1; } return 0; }
int poldiff_enable_line_numbers(poldiff_t * diff) { int retval; if (diff == NULL) { errno = EINVAL; return -1; } if (!diff->line_numbers_enabled) { if (qpol_policy_build_syn_rule_table(diff->orig_qpol)) return -1; if (qpol_policy_build_syn_rule_table(diff->mod_qpol)) return -1; if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_ALLOW)) < 0) { return retval; } if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_AUDITALLOW)) < 0) { return retval; } if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_DONTAUDIT)) < 0) { return retval; } if ((retval = avrule_enable_line_numbers(diff, AVRULE_OFFSET_NEVERALLOW)) < 0) { return retval; } if ((retval = terule_enable_line_numbers(diff, TERULE_OFFSET_CHANGE)) < 0) { return retval; } if ((retval = terule_enable_line_numbers(diff, TERULE_OFFSET_MEMBER)) < 0) { return retval; } if ((retval = terule_enable_line_numbers(diff, TERULE_OFFSET_TRANS)) < 0) { return retval; } diff->line_numbers_enabled = 1; } return 0; }
/** * Perform the rule query within a thread. */ static gpointer policy_view_find_terules_runner(gpointer data) { struct find_terules_datum *run = (struct find_terules_datum *)data; run->results = NULL; qpol_policy_t *q = apol_policy_get_qpol(run->policy); if (!qpol_policy_has_capability(q, QPOL_CAP_SYN_RULES)) { progress_update(run->progress, "Searching AV rules"); run->retval = apol_avrule_get_by_query(run->policy, run->query, &run->results); run->is_syn_rules = 0; } else { qpol_policy_build_syn_rule_table(q); progress_update(run->progress, "Searching syntactic AV rules"); run->retval = apol_syn_avrule_get_by_query(run->policy, run->query, &run->results); run->is_syn_rules = 1; } if (run->retval == 0) { progress_done(run->progress); } else { progress_abort(run->progress, NULL); } return NULL; }
PyObject* search(bool allow, bool neverallow, bool auditallow, bool dontaudit, bool transition, bool role_allow, const char *src_name, const char *tgt_name, const char *class_name, const char *permlist ) { options_t cmd_opts; PyObject *output = NULL; apol_vector_t *v = NULL; memset(&cmd_opts, 0, sizeof(cmd_opts)); cmd_opts.indirect = true; cmd_opts.show_cond = true; cmd_opts.allow = allow; cmd_opts.nallow = neverallow; cmd_opts.auditallow = auditallow; cmd_opts.dontaudit = dontaudit; cmd_opts.type = transition; cmd_opts.role_allow = role_allow; if (src_name) cmd_opts.src_name = strdup(src_name); if (tgt_name) cmd_opts.tgt_name = strdup(tgt_name); if (class_name) cmd_opts.class_name = strdup(class_name); if (permlist){ cmd_opts.perm_vector = apol_vector_create(free); cmd_opts.permlist = strdup(permlist); } if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) { PyErr_SetString(PyExc_RuntimeError,"Query failed"); goto cleanup; } } /* if syntactic rules are not available always do semantic search */ if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { cmd_opts.semantic = 1; } /* supress line numbers if doing semantic search or not available */ if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) { cmd_opts.lineno = 0; } if (perform_av_query(policy, &cmd_opts, &v)) { goto cleanup; } output = PyList_New(0); if (!output) goto cleanup; if (v) { get_av_results(policy, v, output); } apol_vector_destroy(&v); if (perform_te_query(policy, &cmd_opts, &v)) { goto cleanup; } if (v) { get_te_results(policy, v, output); } if (cmd_opts.all || cmd_opts.type) { apol_vector_destroy(&v); if (perform_ft_query(policy, &cmd_opts, &v)) { goto cleanup; } if (v) { get_ft_results(policy, v, output); } } if (cmd_opts.all || cmd_opts.role_allow) { apol_vector_destroy(&v); if (perform_ra_query(policy, &cmd_opts, &v)) { goto cleanup; } if (v) { get_ra_results(policy, v, output); } } apol_vector_destroy(&v); cleanup: free(cmd_opts.src_name); free(cmd_opts.tgt_name); free(cmd_opts.class_name); free(cmd_opts.permlist); free(cmd_opts.bool_name); free(cmd_opts.src_role_name); free(cmd_opts.tgt_role_name); apol_vector_destroy(&cmd_opts.perm_vector); apol_vector_destroy(&cmd_opts.class_vector); if (output && PyList_GET_SIZE(output) == 0) { py_decref(output); return Py_None; } return output; }