char *apol_context_render(const apol_policy_t * p, const apol_context_t * context) { char *buf = NULL, *range_str = NULL; size_t buf_sz = 0; if (context == NULL) { ERR(p, "%s", strerror(EINVAL)); errno = EINVAL; return NULL; } if (p == NULL && !apol_mls_range_is_literal(context->range)) { ERR(p, "%s", strerror(EINVAL)); errno = EINVAL; return NULL; } if (apol_str_appendf(&buf, &buf_sz, "%s:", (context->user != NULL ? context->user : "******")) != 0) { ERR(p, "%s", strerror(errno)); goto err_return; } if (apol_str_appendf(&buf, &buf_sz, "%s:", (context->role != NULL ? context->role : "*")) != 0) { ERR(p, "%s", strerror(errno)); goto err_return; } if (apol_str_append(&buf, &buf_sz, (context->type != NULL ? context->type : "*")) != 0) { ERR(p, "%s", strerror(errno)); goto err_return; } if ((p != NULL && apol_policy_is_mls(p)) || (p == NULL)) { if (context->range == NULL) { range_str = strdup("*"); } else { range_str = apol_mls_range_render(p, context->range); } if (range_str == NULL) { goto err_return; } if (apol_str_appendf(&buf, &buf_sz, ":%s", range_str) != 0) { ERR(p, "%s", strerror(errno)); goto err_return; } free(range_str); } return buf; err_return: free(buf); free(range_str); return NULL; }
/** * Get statistics regarding a policy's ports. * If this function is given a name, it will attempt to * get statistics about a particular port; otherwise * the function get statistics about all of the policy's ports. * * @param name Reference to an port's name; if NULL, * all ports will be considered * @param policydb Reference to a policy * * @return 0 on success, < 0 on error. */ static PyObject* get_ports(const char *num, const apol_policy_t * policydb) { const qpol_portcon_t *portcon = NULL; qpol_iterator_t *iter = NULL; uint16_t low_port, high_port; uint8_t ocon_proto; qpol_policy_t *q = apol_policy_get_qpol(policydb); const qpol_context_t *ctxt = NULL; const char *proto_str = NULL; const char *type = NULL; const apol_mls_range_t *range = NULL; char *range_str = NULL; apol_context_t *c = NULL; int error = 0; int rt = 0; PyObject *dict = NULL; PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_policy_get_portcon_iter(q, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&portcon)) goto err; if (qpol_portcon_get_low_port(q, portcon, &low_port)) goto err; if (qpol_portcon_get_high_port(q, portcon, &high_port)) goto err; if (qpol_portcon_get_protocol(q, portcon, &ocon_proto)) goto err; if (num) { if (atoi(num) < low_port || atoi(num) > high_port) continue; } if ((ocon_proto != IPPROTO_TCP) && (ocon_proto != IPPROTO_UDP)) goto err; if (qpol_portcon_get_context(q, portcon, &ctxt)) { PyErr_SetString(PyExc_RuntimeError, "Could not get for port context."); goto err; } if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) { PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port"); goto err; } if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) { goto err; } if((type = apol_context_get_type(c)) == NULL) { apol_context_destroy(&c); goto err; } dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "type", type)) goto err; if((range = apol_context_get_range(c)) != NULL) { range_str = apol_mls_range_render(policydb, range); if (range_str == NULL) { goto err; } if (py_insert_string(dict, "range", range_str)) goto err; } if (py_insert_string(dict, "protocol", proto_str)) goto err; if (py_insert_long(dict, "high", high_port)) goto err; if (py_insert_long(dict, "low", low_port)) goto err; rt = py_append_obj(list, dict); Py_DECREF(dict); dict = NULL; if (rt) goto err; } goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list = NULL; py_decref(dict); dict = NULL; cleanup: free(range_str); apol_context_destroy(&c); qpol_iterator_destroy(&iter); errno = error; return list; }
/** * Gets a textual representation of a user, and * all of that user's roles. * * @param type_datum Reference to sepol type_datum * @param policydb Reference to a policy * roles */ static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb) { int error = 0; int rt; const qpol_role_t *role_datum = NULL; qpol_iterator_t *iter = NULL; const qpol_mls_range_t *range = NULL; const qpol_mls_level_t *dflt_level = NULL; apol_mls_level_t *ap_lvl = NULL; apol_mls_range_t *ap_range = NULL; qpol_policy_t *q = apol_policy_get_qpol(policydb); char *tmp = NULL; const char *user_name, *role_name; PyObject *dict = NULL; PyObject *list = PyList_New(0); if (!list) goto err; if (qpol_user_get_name(q, user_datum, &user_name)) goto err; dict = PyDict_New(); if (!dict) goto err; if (py_insert_string(dict, "name", user_name)) goto err; if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) { if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level)) goto err; ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level); tmp = apol_mls_level_render(policydb, ap_lvl); if (!tmp) goto err; if (py_insert_string(dict, "level", tmp)) goto err; free(tmp); tmp = NULL; if (qpol_user_get_range(q, user_datum, &range)) goto err; ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range); tmp = apol_mls_range_render(policydb, ap_range); if (!tmp) goto err; if (py_insert_string(dict, "range", tmp)) goto err; free(tmp); tmp=NULL; } if (qpol_user_get_role_iter(q, user_datum, &iter)) goto err; for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { if (qpol_iterator_get_item(iter, (void **)&role_datum)) goto err; if (qpol_role_get_name(q, role_datum, &role_name)) goto err; if (py_append_string(list, role_name)) goto err; } rt = py_insert_obj(dict, "roles", list); Py_DECREF(list); list=NULL; if (rt) goto err; goto cleanup; err: error = errno; PyErr_SetString(PyExc_RuntimeError,strerror(errno)); py_decref(list); list=NULL; py_decref(dict); dict=NULL; cleanup: free(tmp); qpol_iterator_destroy(&iter); apol_mls_level_destroy(&ap_lvl); apol_mls_range_destroy(&ap_range); errno = error; return dict; }