static int ibpkey_to_record(sepol_handle_t *handle, const policydb_t *policydb, ocontext_t *ibpkey, sepol_ibpkey_t **record) { context_struct_t *con = &ibpkey->context[0]; sepol_context_t *tmp_con = NULL; sepol_ibpkey_t *tmp_record = NULL; if (sepol_ibpkey_create(handle, &tmp_record) < 0) goto err; sepol_ibpkey_set_subnet_prefix_bytes(tmp_record, ibpkey->u.ibpkey.subnet_prefix); sepol_ibpkey_set_range(tmp_record, ibpkey->u.ibpkey.low_pkey, ibpkey->u.ibpkey.high_pkey); if (context_to_record(handle, policydb, con, &tmp_con) < 0) goto err; if (sepol_ibpkey_set_con(handle, tmp_record, tmp_con) < 0) goto err; sepol_context_free(tmp_con); *record = tmp_record; return STATUS_SUCCESS; err: ERR(handle, "could not convert ibpkey to record"); sepol_context_free(tmp_con); sepol_ibpkey_free(tmp_record); return STATUS_ERR; }
static int node_to_record(sepol_handle_t * handle, const policydb_t * policydb, ocontext_t * node, int proto, sepol_node_t ** record) { context_struct_t *con = &node->context[0]; sepol_context_t *tmp_con = NULL; sepol_node_t *tmp_record = NULL; if (sepol_node_create(handle, &tmp_record) < 0) goto err; sepol_node_set_proto(tmp_record, proto); switch (proto) { case SEPOL_PROTO_IP4: if (sepol_node_set_addr_bytes(handle, tmp_record, (const char *)&node->u.node.addr, 4) < 0) goto err; if (sepol_node_set_mask_bytes(handle, tmp_record, (const char *)&node->u.node.mask, 4) < 0) goto err; break; case SEPOL_PROTO_IP6: if (sepol_node_set_addr_bytes(handle, tmp_record, (const char *)&node->u.node6.addr, 16) < 0) goto err; if (sepol_node_set_mask_bytes(handle, tmp_record, (const char *)&node->u.node6.mask, 16) < 0) goto err; break; default: ERR(handle, "unsupported protocol %u", proto); goto err; } if (context_to_record(handle, policydb, con, &tmp_con) < 0) goto err; if (sepol_node_set_con(handle, tmp_record, tmp_con) < 0) goto err; sepol_context_free(tmp_con); *record = tmp_record; return STATUS_SUCCESS; err: ERR(handle, "could not convert node to record"); sepol_context_free(tmp_con); sepol_node_free(tmp_record); return STATUS_ERR; }