char *apol_role_allow_render(const apol_policy_t * policy, const qpol_role_allow_t * rule) { char *tmp = NULL; const char *source_name = NULL, *target_name = NULL; const qpol_role_t *role = NULL; if (!policy || !rule) { ERR(policy, "%s", strerror(EINVAL)); errno = EINVAL; return NULL; } /* source role */ if (qpol_role_allow_get_source_role(policy->p, rule, &role)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (qpol_role_get_name(policy->p, role, &source_name)) { ERR(policy, "%s", strerror(errno)); return NULL; } /* target role */ if (qpol_role_allow_get_target_role(policy->p, rule, &role)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (qpol_role_get_name(policy->p, role, &target_name)) { ERR(policy, "%s", strerror(errno)); return NULL; } if (asprintf(&tmp, "allow %s %s;", source_name, target_name) < 0) { ERR(policy, "%s", strerror(errno)); return NULL; } return tmp; }
static PyObject* get_ra_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) { size_t i, num_rules = 0; qpol_policy_t *q; const qpol_role_allow_t *rule = NULL; const char *tmp; PyObject *obj, *dict=NULL; const qpol_role_t *role = NULL; int error = 0; errno = EINVAL; int rt; if (!policy || !v) { errno = EINVAL; goto err; } if (!(num_rules = apol_vector_get_size(v))) return NULL; q = apol_policy_get_qpol(policy); for (i = 0; i < num_rules; i++) { dict = PyDict_New(); if (!dict) goto err; if (!(rule = apol_vector_get_element(v, i))) goto err; if (qpol_role_allow_get_source_role(q, rule, &role)) { goto err; } if (qpol_role_get_name(q, role, &tmp)) { goto err; } obj = PyUnicode_FromString(tmp); if (py_insert_obj(dict, "source", obj)) goto err; if (qpol_role_allow_get_target_role(q, rule, &role)) { goto err; } if (qpol_role_get_name(q, role, &tmp)) { goto err; } obj = PyUnicode_FromString(tmp); if (py_insert_obj(dict, "target", obj)) goto err; rt = py_append_obj(output, dict); if (rt) goto err; py_decref(dict); dict=NULL; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(error)); py_decref(dict); cleanup: errno = error; return output; }
int apol_role_allow_get_by_query(const apol_policy_t * p, const apol_role_allow_query_t * r, apol_vector_t ** v) { qpol_iterator_t *iter = NULL; apol_vector_t *source_list = NULL, *target_list = NULL; int retval = -1, source_as_any = 0; *v = NULL; if (r != NULL) { if (r->source != NULL && (source_list = apol_query_create_candidate_role_list(p, r->source, r->flags & APOL_QUERY_REGEX)) == NULL) { goto cleanup; } if ((r->flags & APOL_QUERY_SOURCE_AS_ANY) && r->source != NULL) { target_list = source_list; source_as_any = 1; } else if (r->target != NULL && (target_list = apol_query_create_candidate_role_list(p, r->target, r->flags & APOL_QUERY_REGEX)) == NULL) { goto cleanup; } } if (qpol_policy_get_role_allow_iter(p->p, &iter) < 0) { goto cleanup; } if ((*v = apol_vector_create(NULL)) == NULL) { ERR(p, "%s", strerror(errno)); goto cleanup; } for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { qpol_role_allow_t *rule; int match_source = 0, match_target = 0; size_t i; if (qpol_iterator_get_item(iter, (void **)&rule) < 0) { goto cleanup; } if (source_list == NULL) { match_source = 1; } else { const qpol_role_t *source_role; if (qpol_role_allow_get_source_role(p->p, rule, &source_role) < 0) { goto cleanup; } if (apol_vector_get_index(source_list, source_role, NULL, NULL, &i) == 0) { match_source = 1; } } /* if source did not match, but treating source symbol * as any field, then delay rejecting this rule until * the target has been checked */ if (!source_as_any && !match_source) { continue; } if (target_list == NULL || (source_as_any && match_source)) { match_target = 1; } else { const qpol_role_t *target_role; if (qpol_role_allow_get_target_role(p->p, rule, &target_role) < 0) { goto cleanup; } if (apol_vector_get_index(target_list, target_role, NULL, NULL, &i) == 0) { match_target = 1; } } if (!match_target) { continue; } if (apol_vector_append(*v, rule)) { ERR(p, "%s", strerror(ENOMEM)); goto cleanup; } } retval = 0; cleanup: if (retval != 0) { apol_vector_destroy(v); } apol_vector_destroy(&source_list); if (!source_as_any) { apol_vector_destroy(&target_list); } qpol_iterator_destroy(&iter); return retval; }