int apol_context_compare(const apol_policy_t * p, const apol_context_t * target, const apol_context_t * search,
unsigned int range_compare_type)
{
uint32_t value0, value1;
if (p == NULL || target == NULL || search == NULL) {
ERR(p, "%s", strerror(EINVAL));
errno = EINVAL;
return -1;
}
if (target->user != NULL && search->user != NULL) {
const qpol_user_t *user0, *user1;
if (qpol_policy_get_user_by_name(p->p,
target->user, &user0) < 0 ||
qpol_policy_get_user_by_name(p->p,
search->user, &user1) < 0 ||
qpol_user_get_value(p->p, user0, &value0) < 0 || qpol_user_get_value(p->p, user1, &value1) < 0) {
return -1;
}
if (value0 != value1) {
return 0;
}
}
if (target->role != NULL && search->role != NULL) {
const qpol_role_t *role0, *role1;
if (qpol_policy_get_role_by_name(p->p,
target->role, &role0) < 0 ||
qpol_policy_get_role_by_name(p->p,
search->role, &role1) < 0 ||
qpol_role_get_value(p->p, role0, &value0) < 0 || qpol_role_get_value(p->p, role1, &value1) < 0) {
return -1;
}
if (value0 != value1) {
return 0;
}
}
if (target->type != NULL && search->type != NULL) {
const qpol_type_t *type0, *type1;
if (qpol_policy_get_type_by_name(p->p,
target->type, &type0) < 0 ||
qpol_policy_get_type_by_name(p->p,
search->type, &type1) < 0 ||
qpol_type_get_value(p->p, type0, &value0) < 0 || qpol_type_get_value(p->p, type1, &value1) < 0) {
return -1;
}
if (value0 != value1) {
return 0;
}
}
if (target->range != NULL && search->range != NULL) {
return apol_mls_range_compare(p, target->range, search->range, range_compare_type);
}
return 1;
}
/**
* Get statistics regarding a policy's roles.
* If this function is given a name, it will attempt to
* get statistics about a particular role; otherwise
* the function get statistics about all of the policy's roles.
*
* @param name Reference to an role's name; if NULL,
* all roles will be considered
* @param policydb Reference to a policy
*
* @return 0 on success, < 0 on error.
*/
static PyObject* get_roles(const char *name, const apol_policy_t * policydb)
{
const qpol_role_t *role_datum = NULL;
qpol_iterator_t *iter = NULL;
qpol_policy_t *q = apol_policy_get_qpol(policydb);
int error = 0;
int rt;
PyObject *obj;
PyObject *list = PyList_New(0);
if (!list) goto err;
if (name != NULL) {
if (qpol_policy_get_role_by_name(q, name, &role_datum)) {
errno = EINVAL;
goto err;
}
obj = get_role(role_datum, policydb);
rt = py_append_obj(list, obj);
Py_DECREF(obj);
if (rt) goto err;
} else {
if (qpol_policy_get_role_iter(q, &iter))
goto err;
for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
if (qpol_iterator_get_item(iter, (void **)&role_datum))
goto err;
obj = get_role(role_datum, policydb);
rt = py_append_obj(list, obj);
Py_DECREF(obj);
if (rt) goto err;
}
qpol_iterator_destroy(&iter);
}
goto cleanup;
err:
error = errno;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
py_decref(list); list = NULL;
cleanup:
qpol_iterator_destroy(&iter);
errno = error;
return list;
}
