apol_context_t *apol_context_create_from_qpol_context(const apol_policy_t * p, const qpol_context_t * context)
{
apol_context_t *c = NULL;
const qpol_user_t *user;
const qpol_role_t *role;
const qpol_type_t *type;
const qpol_mls_range_t *range;
const char *user_name, *role_name, *type_name;
apol_mls_range_t *apol_range = NULL;
if ((c = apol_context_create()) == NULL) {
ERR(p, "%s", strerror(ENOMEM));
goto err;
}
if (qpol_context_get_user(p->p, context, &user) < 0 ||
qpol_context_get_role(p->p, context, &role) < 0 ||
qpol_context_get_type(p->p, context, &type) < 0 || qpol_context_get_range(p->p, context, &range) < 0) {
goto err;
}
if (qpol_user_get_name(p->p, user, &user_name) < 0 ||
qpol_role_get_name(p->p, role, &role_name) < 0 || qpol_type_get_name(p->p, type, &type_name) < 0) {
goto err;
}
if (qpol_policy_has_capability(p->p, QPOL_CAP_MLS)) {
/* if the policy is MLS then convert the range, else
* rely upon the default value of NULL */
if ((apol_range = apol_mls_range_create_from_qpol_mls_range(p, range)) == NULL) {
goto err;
}
}
if (apol_context_set_user(p, c, user_name) < 0 ||
apol_context_set_role(p, c, role_name) < 0 ||
apol_context_set_type(p, c, type_name) < 0 || apol_context_set_range(p, c, apol_range) < 0) {
goto err;
}
return c;
err:
apol_mls_range_destroy(&apol_range);
apol_context_destroy(&c);
return NULL;
}
/**
* Gets a textual representation of a user, and
* all of that user's roles.
*
* @param type_datum Reference to sepol type_datum
* @param policydb Reference to a policy
* roles
*/
static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb)
{
int error = 0;
int rt;
const qpol_role_t *role_datum = NULL;
qpol_iterator_t *iter = NULL;
const qpol_mls_range_t *range = NULL;
const qpol_mls_level_t *dflt_level = NULL;
apol_mls_level_t *ap_lvl = NULL;
apol_mls_range_t *ap_range = NULL;
qpol_policy_t *q = apol_policy_get_qpol(policydb);
char *tmp = NULL;
const char *user_name, *role_name;
PyObject *dict = NULL;
PyObject *list = PyList_New(0);
if (!list) goto err;
if (qpol_user_get_name(q, user_datum, &user_name))
goto err;
dict = PyDict_New();
if (!dict) goto err;
if (py_insert_string(dict, "name", user_name))
goto err;
if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) {
if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level))
goto err;
ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level);
tmp = apol_mls_level_render(policydb, ap_lvl);
if (!tmp) goto err;
if (py_insert_string(dict, "level", tmp))
goto err;
free(tmp); tmp = NULL;
if (qpol_user_get_range(q, user_datum, &range))
goto err;
ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range);
tmp = apol_mls_range_render(policydb, ap_range);
if (!tmp) goto err;
if (py_insert_string(dict, "range", tmp))
goto err;
free(tmp); tmp=NULL;
}
if (qpol_user_get_role_iter(q, user_datum, &iter))
goto err;
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
if (qpol_iterator_get_item(iter, (void **)&role_datum))
goto err;
if (qpol_role_get_name(q, role_datum, &role_name))
goto err;
if (py_append_string(list, role_name))
goto err;
}
rt = py_insert_obj(dict, "roles", list);
Py_DECREF(list); list=NULL;
if (rt) goto err;
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
py_decref(list); list=NULL;
py_decref(dict); dict=NULL;
cleanup:
free(tmp);
qpol_iterator_destroy(&iter);
apol_mls_level_destroy(&ap_lvl);
apol_mls_range_destroy(&ap_range);
errno = error;
return dict;
}