rpms
/
setools
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
setools/setools-TresysTechnology-se...

18399 lines
605 KiB
Diff
Raw Blame History

diff --git a/ChangeLog b/ChangeLog
index 1bce21d..c13a4dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,40 @@
+2014-04-15 Richard Haines <richard_c_haines@btinternet.com>
+
+ * Updates to libqpol to support policy source file expansion
+ to version 29. Source policies with the filename transition
+ rule will have their entries expanded twice, this is a bug
+ in libsepol.
+ Fixed bug in default_range to now diplay range component.
+
+2014-04-14 Richard Haines <richard_c_haines@btinternet.com>
+
+ * Updates to apol and the libapol/libqpol libraries to support
+ new policy statements and rules to version 29 (Note the features
+ for loading source code (policy.conf etc.) have not been updated
+ to support the new statements and rules.
+ These are the enhancements and bug fixes:
+ * Add permissive type and typebound support to Types tab.
+ * Add new Constraints tab to search all constraint statements.
+ * Add new Bounds tab to search for userbound, rolebound and
+ typebound statements.
+ * Add new policy capabilities tab.
+ * Add filename type_transition support on TE Rules tab.
+ * Add new Default Object tab to support defaultuser, defaultrole,
+ defaulttype and defaultrange rules.
+ * Add new Namespaces tab to list CIL namespaces. This will also
+ show any users, roles, types, classes, booleans, sensitivities
+ and categories declared in each namespace.
+ * Update Query/Policy Summary page to show the number of new
+ rules added plus the policy handle_unknown flag.
+ * Fixed File Contexts tab to stop hang when building the fc
+ index when broken links/files found (libsefs).
+ * Fixed Booleans tab to display CIL namespace booleans.
+ * Updated apol_help.txt to reflect the changes made plus how to
+ load the running policy.
+
+2014-01-16 Chris PeBenito <cpebenito@tresys.com>
+ * Fix bug preventing sediffx from starting.
+
2013-01-08 Steve Lawrence <slawrence@tresys.com>
* SETools 3.3.8
diff --git a/README b/README
index 04b159b..fcd6378 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-SETools - Policy analysis tools for SELinux (C) 2001-2010
+SETools - Policy analysis tools for SELinux (C) 2001-2014
Tresys Technology
setools@tresys.com, http://oss.tresys.com/projects/setools
@@ -9,7 +9,7 @@ TABLE OF CONTENTS
1. Overview
2. Installation
2.1. compiling from official distribution
- 2.2. compiling from SVN checkout
+ 2.2. compiling from git clone
2.3. configure flags
2.4. using development version of SELinux
2.5. Logwatch support
@@ -119,11 +119,11 @@ Assuming that /usr/local/bin is in your $PATH and /usr/local/lib in
$LD_LIBRARY_PATH everything should now work.
-2.2. compiling from SVN checkout
+2.2. compiling from git clone
--------------------------------
If you prefer the bleeding edge of SETools development, you could
-instead obtain the development version of SETools from the Subversion
+instead obtain the development version of SETools from the git
repository (see Section 4).
$ cd setools
@@ -424,13 +424,13 @@ Open Source Software website, http://oss.tresys.com/projects/setools.
Tresys builds RPM packages of SETools. They may also be obtained from
the website listed above.
-SETools source code is maintained within a Subversion repository.
+SETools source code is maintained within a git repository.
From the command line do:
- $ svn co http://oss.tresys.com/repos/setools/trunk/ setools
+ $ git clone https://github.com/TresysTechnology/setools3.git
-You may also browse the SVN repository at
-http://oss.tresys.com/projects/setools/browser.
+You may also browse the git repository at
+https://github.com/TresysTechnology/setools3
Other binary releases SETools are available for your favorite Linux
packaging system from third-party sources. Gentoo users have an
diff --git a/apol/Makefile.am b/apol/Makefile.am
index 646d8b1..4fc5562 100644
--- a/apol/Makefile.am
+++ b/apol/Makefile.am
@@ -27,12 +27,15 @@ dist_setools_DATA = apol_help.txt domaintrans_help.txt file_relabel_help.txt \
EXTRA_DIST = \
analysis_tab.tcl \
+ bounds_tab.tcl \
classes_perms_tab.tcl \
common_widgets.tcl \
cond_bools_tab.tcl \
cond_rules_tab.tcl \
+ constraints_tab.tcl \
context_dialog.tcl \
context_selector.tcl \
+ default_objects_tab.tcl \
directflow_module.tcl \
domaintrans_module.tcl \
file_contexts_tab.tcl \
@@ -43,9 +46,11 @@ EXTRA_DIST = \
initial_sids_tab.tcl \
level_dialog.tcl \
mls_tab.tcl \
+ namespaces_tab.tcl \
netcontexts_tab.tcl \
open_policy_dialog.tcl \
perms_map.tcl \
+ polcap_tab.tcl \
policyconf.tcl \
progress_dialog.tcl \
range_dialog.tcl \
diff --git a/apol/apol_help.txt b/apol/apol_help.txt
index aad309b..1ed5a9e 100644
--- a/apol/apol_help.txt
+++ b/apol/apol_help.txt
@@ -29,7 +29,7 @@ not report line numbers when searching monolithic binary polices.
Apol provides compatibility with the current and previous policy
syntax. It supports analysis of monolithic policy versions 12 to the
-current version 21 and modular policy versions 5 and 6.
+current version 29 and modular policy versions to 17.
See setools/ChangeLog for a list of new features in this release. See
setools/KNOWN_BUGS for a list of current bugs.
@@ -40,7 +40,12 @@ Menus
Use 'Open' from the File menu to open a valid policy. The policy may
be monolithic or be composed of a base linked with multiple modules.
Only one policy can be open at a time; opening a second policy will
-result in the first being closed.
+result in the first being closed. Note: If the kernel supports reading
+the currently loaded policy, then select "monolithic" and set the
+"Policy filename" path to either:
+ /selinux/policy
+ or
+ /sys/fs/selinux/policy
The Query menu allows the user to save or load a query for a TE Rules
search or for an analysis module listed on the Analysis tab. Saving a
@@ -85,6 +90,8 @@ relate the core components of an SELinux policy.
to search for types and/or attributes using a POSIX-style regular
expression.
+ Permissive and bound types may also be searched.
+
Classes/Perms tab
-----------------
Use the Classes/Perms tab to view and search object classes, common
@@ -149,6 +156,23 @@ relate the core components of an SELinux policy.
Select the FS Contexts tab to search filesystem-based contexts
(fs_use_ and genfscon statements) defined in the policy.
+ Policy Capabilities tab
+ ---------------
+ Select the Policy Capabilities tab to display policy capabilities
+ defined in the policy.
+
+ Policy Namespaces tab
+ ---------------
+ Select the Policy Namespaces tab to display the namespaces defined
+ in the policy. For policies with a single namespace there will be
+ one namespace displayed: "GLOBAL-NS". For policies that can define
+ multiple namespaces (e.g CIL), all namespaces will be displayed
+ including "GLOBAL-NS".
+ If the namespace entry is double clicked then a list of Users, Roles,
+ Types, Attributes, Classes and Booleans applicable to that namespace
+ will be displayed (also if MLS enabled the Sensitivities and
+ Categories will also be shown).
+
Policy Rules tabs
-----------------
@@ -226,6 +250,10 @@ rules in a policy based on selected search criteria.
the checkbox is enabled, returned rules instead will contain
all of them.
+ 4. FILENAME SUBTAB: provides options to refine a search
+ using the file name type_transition rule filename. Only rules
+ that contain the selected file name will be returned.
+
In the Results Tab for a given search, all rules that meet the
search criteria are displayed. In addition, if the policy that is
opened is capable of showing line numbers, a hyperlink for each rule
@@ -260,6 +288,57 @@ rules in a policy based on selected search criteria.
[Enabled] - indicates the rule is enabled
[Disabled] - indicates the rule is disabled
+ Constraints tab
+ ---------------
+ Select the Constraints tab to search through the constrain and
+ validatetrans constraint rules. If the current policy supports MLS
+ then these variants are also enabled.
+
+ Four different types of search criteria exist for constraints:
+
+ 1. CONSTRAINT SELECTION: provides options to limit the scope of the
+ search as only those constraints selected will be included in the
+ search. At least one must be selected. NOTE: If no additional
+ search criteria is specified, apol will search for all of the
+ selected constraints.
+
+ 2. CLASSES/PERMISSIONS SUBTAB: provides options to refine a search
+ using object classes and/or permissions in the same way as the
+ TE Rules tab described above. Note that the validatetrans rules
+ do not use permissions.
+
+ 3. LEFT SIDE OF EXPRESSION SUBTAB: provides an option to refine a
+ search based on the left keyword of a constraint. When checked
+ the left hand side of each expression is read from the policy and
+ displayed in the drop down box. A single keyword may then be
+ selected.
+
+ 4. RIGHT SIDE OF EXPRESSION SUBTAB: provides options to refine a
+ search based on either the right keyword, user, role, type or type
+ attribute of a constraint. When one of the boxes is checked
+ the right keywords, users, roles, types or type attributes are
+ read from the policy and displayed in the drop down box. A single
+ item may then be selected.
+
+ Note: When displaying the constraint details from a binary policy, the
+ result will depend on the policy version:
+ a) For versions <= 28 it will always display types as the
+ compiler expanded any attributes before writing the binary
+ policy. Therefore searches should always be for types.
+ b) For versions >= 29 it will display whatever was defined in
+ the source policy, therefore searches may be on types or
+ attributes.
+
+ The Constraints Tab also supports multiple results windows. Each
+ active window remembers the search options used for it, and will set
+ all the options accordingly when selected. Use the "Update Search"
+ button to change the results displayed for the current window based
+ on the current search option. "New Search" creates a new results
+ window based on the current search options. Use the "Close Tab" bar
+ at the bottom to destroy a results window. Also, the Constraints tab
+ provides the means to save/load search criteria to a file (see Menus
+ section above).
+
RBAC Rules tab
--------------
Select the RBAC Rules tab to search role-based access control rules.
@@ -271,13 +350,18 @@ rules in a policy based on selected search criteria.
Range Transition Rules tab
--------------------------
- Select the Range Transition Rules tab to search to search
+ Select the Range Transition Rules tab to search for
range_transition rules by source and target types and by the MLS
range. There are three options when searching for ranges; find
exact matches to the entered range, find rules that have ranges
that contain the entered range, or find rules that have ranges
within the entered range.
+ Bounds Rules tab
+ --------------------------
+ Select the Bounds Rules tab to search for userbound, rolebound or
+ typebound rules by parent or child types.
+
File Contexts tab
-----------------
diff --git a/apol/bounds_tab.tcl b/apol/bounds_tab.tcl
new file mode 100644
index 0000000..906eade
--- /dev/null
+++ b/apol/bounds_tab.tcl
@@ -0,0 +1,433 @@
+# Copyright (C) 2001-2007 Tresys Technology, LLC
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+namespace eval Apol_Bounds {
+ variable vals
+ variable widgets
+}
+
+proc Apol_Bounds::create {tab_name nb} {
+ variable vals
+ variable widgets
+
+ _initializeVars
+
+ set frame [$nb insert end $tab_name -text "Bounds Rules"]
+ set topf [frame $frame.top]
+ set bottomf [frame $frame.bottom]
+ pack $topf -expand 0 -fill both -pady 2
+ pack $bottomf -expand 1 -fill both -pady 2
+
+ set rsbox [TitleFrame $topf.rs -ipad 30 -text "Rule Selection"]
+ set obox [TitleFrame $topf.opts -text "Search Options"]
+ set dbox [TitleFrame $bottomf.results -text "Bounds Rules Display"]
+ pack $rsbox -side left -expand 0 -fill both -padx 2
+ pack $obox -side left -expand 1 -fill both -padx 2
+ pack $dbox -expand 1 -fill both -padx 2
+
+ # Rule selection subframe
+ set rs [$rsbox getframe]
+ radiobutton $rs.user -text user -value user \
+ -variable Apol_Bounds::vals(rule_selection)
+ radiobutton $rs.role -text role -value role \
+ -variable Apol_Bounds::vals(rule_selection)
+ radiobutton $rs.type -text type -value type \
+ -variable Apol_Bounds::vals(rule_selection)
+ trace add variable Apol_Bounds::vals(rule_selection) write \
+ [list Apol_Bounds::_ruleChanged]
+ pack $rs.user $rs.role $rs.type -side top -anchor w
+
+ set widgets(options_pm) [PagesManager [$obox getframe].opts]
+
+ _userCreate [$widgets(options_pm) add user]
+ _roleCreate [$widgets(options_pm) add role]
+ _typeCreate [$widgets(options_pm) add type]
+
+ $widgets(options_pm) compute_size
+ pack $widgets(options_pm) -expand 1 -fill both -side left
+ $widgets(options_pm) raise type
+
+ set ok [button [$obox getframe].ok -text OK -width 6 -command Apol_Bounds::_searchBounds]
+ pack $ok -side right -padx 5 -pady 5 -anchor ne
+
+ set widgets(results) [Apol_Widget::makeSearchResults [$dbox getframe].results]
+ pack $widgets(results) -expand yes -fill both
+
+ return $frame
+}
+
+proc Apol_Bounds::open {ppath} {
+ variable vals
+ variable widgets
+ $widgets(user:user_parent) configure -values $Apol_Users::users_list
+ $widgets(user:user_child) configure -values $Apol_Users::users_list
+ $widgets(role:role_parent) configure -values $Apol_Roles::role_list
+ $widgets(role:role_child) configure -values $Apol_Roles::role_list
+ $widgets(type:type_parent) configure -values $Apol_Types::typelist
+ $widgets(type:type_child) configure -values $Apol_Types::typelist
+
+ set vals(rule_selection) type
+}
+
+proc Apol_Bounds::close {} {
+ variable widgets
+
+ _initializeVars
+ $widgets(user:user_parent) configure -values {}
+ $widgets(user:user_child) configure -values {}
+ $widgets(role:role_parent) configure -values {}
+ $widgets(role:role_child) configure -values {}
+ $widgets(type:type_parent) configure -values {}
+ $widgets(type:type_child) configure -values {}
+}
+
+proc Apol_Bounds::getTextWidget {} {
+ variable widgets
+}
+
+#### private functions below ####
+
+proc Apol_Bounds::_initializeVars {} {
+ variable vals
+ array set vals {
+ rule_selection type
+
+ user_parent:use 0
+ user_parent:sym {}
+ user_child:sym {}
+ user_child:use 0
+
+ role_parent:use 0
+ role_parent:sym {}
+ role_child:sym {}
+ role_child:use 0
+
+ type_parent:use 0
+ type_parent:sym {}
+ type_child:sym {}
+ type_child:use 0
+ }
+}
+
+proc Apol_Bounds::_userCreate {a_f} {
+ variable vals
+ variable widgets
+
+ set user_parent [frame $a_f.user_parent]
+ set user_parent_cb [checkbutton $user_parent.enable -text "Parent user" \
+ -variable Apol_Bounds::vals(user_parent:use)]
+ set widgets(user:user_parent) [ComboBox $user_parent.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_Bounds::vals(user_parent:sym) \
+ -helptext "Select the bounding user" -autopost 1]
+
+ trace add variable Apol_Bounds::vals(user_parent:use) write \
+ [list Apol_Bounds::_toggleCheckbutton $widgets(user:user_parent) {}]
+ pack $user_parent_cb -side top -anchor w
+ pack $widgets(user:user_parent) -side top -expand 0 -fill x -padx 4
+
+ pack $user_parent -side left -padx 4 -pady 2 -expand 0 -anchor nw
+
+ set user_child [frame $a_f.user_child]
+ set widgets(user:user_child_cb) [checkbutton $user_child.enable -text "Child user" \
+ -variable Apol_Bounds::vals(user_child:use)]
+ set widgets(user:user_child) [ComboBox $user_child.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_Bounds::vals(user_child:sym) \
+ -helptext "Select the bounded user" -autopost 1]
+ trace add variable Apol_Bounds::vals(user_child:use) write \
+ [list Apol_Bounds::_toggleCheckbutton $widgets(user:user_child) {}]
+ pack $widgets(user:user_child_cb) -side top -anchor w
+ pack $widgets(user:user_child) -side top -expand 0 -fill x -padx 4
+ pack $user_child -side left -padx 4 -pady 2 -expand 0 -fill y
+}
+
+proc Apol_Bounds::_roleCreate {t_f} {
+ variable vals
+ variable widgets
+
+ set role_parent [frame $t_f.role_parent]
+ set role_parent_cb [checkbutton $role_parent.enable -text "Parent role" \
+ -variable Apol_Bounds::vals(role_parent:use)]
+ set widgets(role:role_parent) [ComboBox $role_parent.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_Bounds::vals(role_parent:sym) \
+ -helptext "Select the bounding role" -autopost 1]
+
+ trace add variable Apol_Bounds::vals(role_parent:use) write \
+ [list Apol_Bounds::_toggleCheckbutton $widgets(role:role_parent) {}]
+ pack $role_parent_cb -side top -anchor w
+ pack $widgets(role:role_parent) -side top -expand 0 -fill x -padx 4
+
+ pack $role_parent -side left -padx 4 -pady 2 -expand 0 -anchor nw
+
+ set role_child [frame $t_f.role_child]
+ set widgets(role:role_child_cb) [checkbutton $role_child.enable -text "Child role" \
+ -variable Apol_Bounds::vals(role_child:use)]
+ set widgets(role:role_child) [ComboBox $role_child.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_Bounds::vals(role_child:sym) \
+ -helptext "Select the bounded role" -autopost 1]
+ trace add variable Apol_Bounds::vals(role_child:use) write \
+ [list Apol_Bounds::_toggleCheckbutton $widgets(role:role_child) {}]
+ pack $widgets(role:role_child_cb) -side top -anchor w
+ pack $widgets(role:role_child) -side top -expand 0 -fill x -padx 4
+ pack $role_child -side left -padx 4 -pady 2 -expand 0 -fill y
+}
+
+proc Apol_Bounds::_typeCreate {b_t} {
+ variable vals
+ variable widgets
+
+ set type_parent [frame $b_t.type_parent]
+ set type_parent_cb [checkbutton $type_parent.enable -text "Parent type" \
+ -variable Apol_Bounds::vals(type_parent:use)]
+ set widgets(type:type_parent) [ComboBox $type_parent.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_Bounds::vals(type_parent:sym) \
+ -helptext "Select the bounding type" -autopost 1]
+
+ trace add variable Apol_Bounds::vals(type_parent:use) write \
+ [list Apol_Bounds::_toggleCheckbutton $widgets(type:type_parent) {}]
+ pack $type_parent_cb -side top -anchor w
+ pack $widgets(type:type_parent) -side top -expand 0 -fill x -padx 4
+
+ pack $type_parent -side left -padx 4 -pady 2 -expand 0 -anchor nw
+
+ set type_child [frame $b_t.type_child]
+ set widgets(type:type_child_cb) [checkbutton $type_child.enable -text "Child type" \
+ -variable Apol_Bounds::vals(type_child:use)]
+ set widgets(type:type_child) [ComboBox $type_child.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_Bounds::vals(type_child:sym) \
+ -helptext "Select the bounded type" -autopost 1]
+ trace add variable Apol_Bounds::vals(type_child:use) write \
+ [list Apol_Bounds::_toggleCheckbutton $widgets(type:type_child) {}]
+ pack $widgets(type:type_child_cb) -side top -anchor w
+ pack $widgets(type:type_child) -side top -expand 0 -fill x -padx 4
+ pack $type_child -side left -padx 4 -pady 2 -expand 0 -fill y
+}
+
+proc Apol_Bounds::_toggleCheckbutton {cb w name1 name2 ops} {
+ variable vals
+
+ if {$vals($name2)} {
+ $cb configure -state normal -entrybg white
+ foreach x $w {
+ $x configure -state normal
+ }
+ } else {
+ $cb configure -state disabled -entrybg $ApolTop::default_bg_color
+ foreach x $w {
+ $x configure -state disabled
+ }
+ }
+}
+
+# callback invoked when the user changes which Bounds rule to search
+proc Apol_Bounds::_ruleChanged {name1 name2 ops} {
+ variable vals
+ variable widgets
+ Apol_Widget::clearSearchResults $widgets(results)
+ $widgets(options_pm) raise $vals(rule_selection)
+}
+
+proc Apol_Bounds::_searchBounds {} {
+ variable vals
+ variable widgets
+
+ Apol_Widget::clearSearchResults $widgets(results)
+ if {![ApolTop::is_policy_open]} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No current policy file is opened."
+ return
+ }
+
+ if {$vals(rule_selection) == "user"} {
+ Apol_Bounds::_searchUserBounds
+ return
+ }
+ if {$vals(rule_selection) == "role"} {
+ Apol_Bounds::_searchRoleBounds
+ return
+ }
+
+ if {$vals(rule_selection) == "type" } {
+ Apol_Bounds::_searchTypeBounds
+ return
+ }
+}
+
+proc Apol_Bounds::_searchUserBounds {} {
+ variable vals
+ variable widgets
+
+ set results {}
+ set bounds {}
+ set counter 0
+ set printit 0
+ set parent_regexp 0
+ set child_regexp 0
+
+ if {$vals(user_parent:use) && $vals(user_parent:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No parent user selected."
+ } elseif {$vals(user_parent:use)} {
+ set parent_regexp 1
+ }
+ if {$vals(user_child:use) && $vals(user_child:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No child user selected."
+ } elseif {$vals(user_child:use)} {
+ set child_regexp 1
+ }
+
+ set q [new_apol_userbounds_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_userbounds_from_void [$v get_element $i]]
+ set parent [$q get_parent_name $::ApolTop::qpolicy]
+ set child [$q get_child_name $::ApolTop::qpolicy]
+ if {$parent != ""} {
+ if {$parent_regexp == 1 && $parent == $vals(user_parent:sym)} {
+ set printit 1
+ }
+ if {$child_regexp == 1 && $child == $vals(user_child:sym)} {
+ set printit 1
+ }
+ if {$parent_regexp == 0 && $child_regexp == 0} {
+ set printit 1
+ }
+ if {$printit == 1} {
+ append bounds "userbounds $parent "
+ append bounds "$child;\n"
+ set counter [expr $counter + 1]
+ }
+ }
+ set printit 0
+ }
+ }
+ append results "$counter rules match search criteria.\n\n$bounds\n"
+ Apol_Widget::appendSearchResultText $widgets(results) $results
+}
+
+proc Apol_Bounds::_searchRoleBounds {} {
+ variable vals
+ variable widgets
+
+ set results {}
+ set bounds {}
+ set counter 0
+ set printit 0
+ set parent_regexp 0
+ set child_regexp 0
+
+ if {$vals(role_parent:use) && $vals(role_parent:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No parent role selected."
+ } elseif {$vals(role_parent:use)} {
+ set parent_regexp 1
+ }
+ if {$vals(role_child:use) && $vals(role_child:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No child role selected."
+ } elseif {$vals(role_child:use)} {
+ set child_regexp 1
+ }
+
+ set q [new_apol_rolebounds_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_rolebounds_from_void [$v get_element $i]]
+ set parent [$q get_parent_name $::ApolTop::qpolicy]
+ set child [$q get_child_name $::ApolTop::qpolicy]
+ if {$parent != ""} {
+ if {$parent_regexp == 1 && $parent == $vals(role_parent:sym)} {
+ set printit 1
+ }
+ if {$child_regexp == 1 && $child == $vals(role_child:sym)} {
+ set printit 1
+ }
+ if {$parent_regexp == 0 && $child_regexp == 0} {
+ set printit 1
+ }
+ if {$printit == 1} {
+ append bounds "rolebounds $parent "
+ append bounds "$child;\n"
+ set counter [expr $counter + 1]
+ }
+ }
+ set printit 0
+ }
+ }
+ append results "$counter rules match search criteria.\n\n$bounds\n"
+ Apol_Widget::appendSearchResultText $widgets(results) $results
+}
+
+proc Apol_Bounds::_searchTypeBounds {} {
+ variable vals
+ variable widgets
+
+ set results {}
+ set bounds {}
+ set counter 0
+ set printit 0
+ set parent_regexp 0
+ set child_regexp 0
+
+ if {$vals(type_parent:use) && $vals(type_parent:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No parent type selected."
+ } elseif {$vals(type_parent:use)} {
+ set parent_regexp 1
+ }
+ if {$vals(type_child:use) && $vals(type_child:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No child type selected."
+ } elseif {$vals(type_child:use)} {
+ set child_regexp 1
+ }
+
+ set q [new_apol_typebounds_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_typebounds_from_void [$v get_element $i]]
+ set parent [$q get_parent_name $::ApolTop::qpolicy]
+ set child [$q get_child_name $::ApolTop::qpolicy]
+ if {$parent != ""} {
+ if {$parent_regexp == 1 && $parent == $vals(type_parent:sym)} {
+ set printit 1
+ }
+ if {$child_regexp == 1 && $child == $vals(type_child:sym)} {
+ set printit 1
+ }
+ if {$parent_regexp == 0 && $child_regexp == 0} {
+ set printit 1
+ }
+ if {$printit == 1} {
+ append bounds "typebounds $parent "
+ append bounds "$child;\n"
+ set counter [expr $counter + 1]
+ }
+ }
+ set printit 0
+ }
+ }
+ append results "$counter rules match search criteria.\n\n$bounds\n"
+ Apol_Widget::appendSearchResultText $widgets(results) $results
+}
+
diff --git a/apol/cond_bools_tab.tcl b/apol/cond_bools_tab.tcl
index 76356f1..25c8dee 100644
--- a/apol/cond_bools_tab.tcl
+++ b/apol/cond_bools_tab.tcl
@@ -107,7 +107,9 @@ proc Apol_Cond_Bools::open {ppath} {
foreach bool $cond_bools_list {
set b [new_qpol_bool_t $::ApolTop::qpolicy $bool]
set cond_bools_defaults($bool) [$b get_state $::ApolTop::qpolicy]
- _insert_listbox_item $bool $cond_bools_defaults($bool)
+ # This is a workaround as frames do not like the "." in CIL booleans
+ set frame_bool [string map {. *} $bool]
+ _insert_listbox_item $bool $cond_bools_defaults($bool) $frame_bool
}
variable widgets
@@ -161,21 +163,21 @@ proc Apol_Cond_Bools::_initializeVars {} {
}
}
-proc Apol_Cond_Bools::_insert_listbox_item {bool initial_state} {
+proc Apol_Cond_Bools::_insert_listbox_item {bool initial_state frame_bool} {
variable widgets
variable cond_bools_values
set cond_bools_values($bool) $initial_state
set subf [$widgets(listbox) getframe]
- set rb_true [radiobutton $subf.t:$bool -bg white \
+ set rb_true [radiobutton $subf.t:$frame_bool -bg white \
-variable Apol_Cond_Bools::cond_bools_values($bool) \
-value 1 -highlightthickness 0 -text "True"]
- set rb_false [radiobutton $subf.f:$bool -bg white \
+ set rb_false [radiobutton $subf.f:$frame_bool -bg white \
-variable Apol_Cond_Bools::cond_bools_values($bool) \
-value 0 -highlightthickness 0 -text "False"]
trace add variable Apol_Cond_Bools::cond_bools_values($bool) write \
[list Apol_Cond_Bools::_set_bool_value]
- set rb_label [label $subf.l:$bool -bg white -text "- $bool"]
+ set rb_label [label $subf.l:$frame_bool -bg white -text "- $bool"]
grid $rb_true $rb_false $rb_label -padx 2 -pady 5 -sticky w
}
diff --git a/apol/constraints_tab.tcl b/apol/constraints_tab.tcl
new file mode 100644
index 0000000..965e584
--- /dev/null
+++ b/apol/constraints_tab.tcl
@@ -0,0 +1,1589 @@
+# This tab will allow searching of constrain and validatetrans constraint
+# rules within the policy. The mls versions are also searched if an
+# mls policy is loaded.
+#
+# This tab has been derived from the terules_tab.
+#
+# Author: Richard Haines richard_c_haines@btinternet.com
+#
+# Copyright (C) 2001-2007 Tresys Technology, LLC
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+namespace eval Apol_Constraint {
+ variable vals
+ variable widgets
+ variable tabs
+ variable enabled
+
+ variable opts
+ variable constraint_list {}
+ variable left_expr_list {}
+ variable right_expr_list {}
+ variable mls_enabled {0}
+ variable match_right_type_names 0
+ variable statement_count 0
+}
+
+proc Apol_Constraint::create {tab_name nb} {
+ variable vals
+ variable widgets
+
+ _initializeVars
+
+ set frame [$nb insert end $tab_name -text "Constraints"]
+ set pw [PanedWindow $frame.pw -side left -weights extra]
+ set topf [$pw add -weight 0]
+ set bottomf [$pw add -weight 1]
+ pack $pw -expand 1 -fill both
+
+ # Major SubFrames:
+ # rsbox - constrain selection
+ # rbox - holds display window widgets
+ # abox - action buttons
+ set top_leftf [frame $topf.tl]
+ set widgets(search_opts) [NoteBook $topf.nb]
+ set abox [frame $topf.abox]
+ pack $top_leftf -side left -expand 0 -fill y
+ pack $widgets(search_opts) -side left -expand 1 -fill both -padx 10
+ pack $abox -side right -fill y -padx 5
+ set rsbox [TitleFrame $top_leftf.rsbox -text "Constraint Selection"]
+ set rbox [TitleFrame $bottomf.rbox -text "Constraint Search Results"]
+ pack $rsbox -side top -fill both -expand 1
+ pack $rbox -expand yes -fill both -padx 2
+
+ # Constraint selection subframe
+ set fm_constraints [$rsbox getframe]
+ set constrain [checkbutton $fm_constraints.constrain -text "constrain" \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(rs:constrain_enabled)]
+ set mlsconstrain [checkbutton $fm_constraints.mlsconstrain -text "mlsconstrain" \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(rs:mlsconstrain_enabled)]
+ set validatetrans [checkbutton $fm_constraints.validatetrans -text "validatetrans" \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(rs:validatetrans_enabled)]
+ set mlsvalidatetrans [checkbutton $fm_constraints.mlsvalidatetrans -text "mlsvalidatetrans" \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(rs:mlsvalidatetrans_enabled)]
+ grid $constrain -sticky w -padx 10
+ grid $mlsconstrain -sticky w -padx 10
+ grid $validatetrans -sticky w -padx 10 -pady {30 0}
+ grid $mlsvalidatetrans -sticky w -padx 10
+
+ _createClassesPermsTab
+ _createLeftExpressionTab
+ _createRightExpressionTab
+
+ # Action buttons
+ set widgets(new) [button $abox.new -text "New Search" -width 12 \
+ -command [list Apol_Constraint::_search_constraints new]]
+ set widgets(update) [button $abox.update -text "Update Search" -width 12 -state disabled \
+ -command [list Apol_Constraint::_search_constraints update]]
+ set widgets(reset) [button $abox.reset -text "Reset Criteria" -width 12 \
+ -command Apol_Constraint::_reset]
+ pack $widgets(new) $widgets(update) $widgets(reset) \
+ -side top -pady 5 -padx 5 -anchor ne
+
+ $widgets(search_opts) compute_size
+
+ # Popup menu widget
+ set popupTab_Menu [menu .popup_constrain_rules -tearoff 0]
+ set tab_menu_callbacks \
+ [list {"Close Tab" Apol_Constraint::_delete_results} \
+ {"Rename Tab" Apol_Constraint::_display_rename_tab_dialog}]
+
+ # Notebook creation for results
+ set widgets(results) [NoteBook [$rbox getframe].results]
+ $widgets(results) bindtabs <Button-1> Apol_Constraint::_switch_to_tab
+ $widgets(results) bindtabs <Button-3> \
+ [list ApolTop::popup \
+ %W %x %y $popupTab_Menu $tab_menu_callbacks]
+ set close [button [$rbox getframe].close -text "Close Tab" \
+ -command Apol_Constraint::_delete_current_results]
+ pack $widgets(results) -expand 1 -fill both -padx 4
+ pack $close -expand 0 -fill x -padx 4 -pady 2
+
+ _initializeVars
+ return $frame
+}
+
+
+proc Apol_Constraint::open {ppath} {
+ variable mls_enabled
+
+ if {[ApolTop::is_capable "mls"]} {
+ set mls_enabled 1
+ } else {
+ set mls_enabled 0
+ }
+
+ _initializeVars
+ _initializeWidgets
+ _initializeTabs
+
+ variable vals
+ variable enabled
+ set vals(cp:classes) [Apol_Class_Perms::getClasses]
+ set enabled(cp:classes) 1
+ set enabled(cp:perms) 1
+}
+
+
+proc Apol_Constraint::close {} {
+ _initializeTabs
+ _initializeWidgets
+ _initializeVars
+ set enabled(cp:perms) 1
+
+ variable constraint_list {}
+ variable left_expr_list {}
+ variable right_expr_list {}
+}
+
+
+proc Apol_Constraint::getTextWidget {} {
+ variable widgets
+ variable tabs
+
+ if {[$widgets(results) pages] != {}} {
+ set raisedPage [$widgets(results) raise]
+ if {$raisedPage != {}} {
+ return $tabs($raisedPage).tb
+ }
+ }
+ return {}
+}
+
+
+proc Apol_Constraint::save_query_options {file_channel query_file} {
+ variable vals
+
+ foreach {key value} [array get vals] {
+ if {$key != "cp:classes" && $key != "cp:perms"} {
+ puts $file_channel "$key $value"
+ }
+ }
+}
+
+
+proc Apol_Constraint::load_query_options {file_channel} {
+ variable vals
+ variable widgets
+ variable enabled
+ _initializeVars
+
+ # load as many values as possible
+ set classes_selected {}
+ set perms_selected {}
+ while {[gets $file_channel line] >= 0} {
+ set line [string trim $line]
+ # Skip empty lines and comments
+ if {$line == {} || [string index $line 0] == "#"} {
+ continue
+ }
+ regexp -line -- {^(\S+)( (.+))?} $line -> key --> value
+ if {$key == "cp:classes_selected"} {
+ set classes_selected $value
+ } elseif {$key == "cp:perms_selected"} {
+ set perms_selected $value
+ } else {
+ set vals($key) $value
+ }
+ }
+
+ # update the display
+ _initializeWidgets
+ set vals(cp:classes) [Apol_Class_Perms::getClasses]
+ set enabled(cp:classes) 1
+ set enabled(cp:perms) 1
+ _toggle_perms_toshow -> -> reset
+
+ # then verify that selected object classes and permissions exist
+ # for this policy
+ set unknowns {}
+ set vals(cp:classes_selected) {}
+ foreach class $classes_selected {
+ if {[set i [lsearch $vals(cp:classes) $class]] >= 0} {
+ $widgets(cp:classes) selection set $i
+ lappend vals(cp:classes_selected) $class
+ } else {
+ lappend unknowns $class
+ }
+ }
+ if {[llength $unknowns] > 0} {
+ tk_messageBox -icon warning -type ok -title "Open Apol Query" \
+ -message "The following object classes do not exist in the currently loaded policy and were ignored:\n\n[join $unknowns ", "]" \
+ -parent .
+ }
+
+ _toggle_perms_toshow {} {} {}
+ set unknowns {}
+ set vals(cp:perms_selected) {}
+ foreach perm $perms_selected {
+ if {[set i [lsearch $vals(cp:perms) $perm]] >= 0} {
+ $widgets(cp:perms) selection set $i
+ lappend vals(cp:perms_selected) $perm
+ } else {
+ lappend unknowns $perm
+ }
+ }
+ if {[llength $unknowns] > 0} {
+ tk_messageBox -icon warning -type ok -title "Open Apol Query" \
+ -message "The following permissions do not exist in the currently loaded policy and were ignored:\n\n[join $unknowns ", "]" \
+ -parent $parentDlg
+ }
+}
+
+
+#### private functions below ####
+
+proc Apol_Constraint::_initializeVars {} {
+ variable vals
+ variable mls_enabled
+
+ array set vals [list \
+ rs:constrain_enabled 1 \
+ rs:mlsconstrain_enabled $mls_enabled \
+ rs:validatetrans_enabled 1 \
+ rs:mlsvalidatetrans_enabled $mls_enabled \
+
+ kta:left_expr,left_keyword 1 \
+ kta:right_expr,right_keyword 0 \
+ kta:right_expr,types 0 \
+ kta:right_expr,users 0 \
+ kta:right_expr,roles 0 \
+ kta:right_expr,attribs 0 \
+ ]
+
+ array set vals {
+ kta:use_left_expr 0
+ kta:left_expr {}
+
+ kta:use_right_expr 0
+ kta:right_expr {}
+ kta:right_expr_replace_types 0
+
+ cp:classes {}
+ cp:classes_selected {}
+ cp:perms {}
+ cp:perms_selected {}
+ cp:perms_toshow all
+ cp:perms_matchall 0
+ }
+
+ variable enabled
+ array set enabled {
+ kta:use_left_expr 1
+ kta:use_right_expr 1
+
+ cp:classes 0
+ cp:perms 0
+ }
+}
+
+
+proc Apol_Constraint::_initializeTabs {} {
+ variable widgets
+ variable tabs
+
+ array set tabs {
+ next_result_id 1
+ }
+ foreach p [$widgets(results) pages 0 end] {
+ _delete_results $p
+ }
+}
+
+
+proc Apol_Constraint::_initializeWidgets {} {
+ variable widgets
+
+ $widgets(search_opts) raise left_expr_entry
+ $widgets(search_opts) raise right_expr_entry
+
+ $widgets(cp:classes) selection clear 0 end
+ $widgets(cp:perms) selection clear 0 end
+}
+
+
+proc Apol_Constraint::_createLeftExpressionTab {} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ set ta_tab [$widgets(search_opts) insert end left_expr_entry -text "Left Side of Expression"]
+ set fm_left_expr [frame $ta_tab.left_expr]
+ grid $fm_left_expr -padx 4 -sticky ewns
+ foreach i {0} {
+ grid columnconfigure $ta_tab $i -weight 1 -uniform 1
+ }
+ grid rowconfigure $ta_tab 0 -weight 1
+# prefix frame title left_side right_side
+ _create_expression_box left_expr $fm_left_expr "Keyword" 1 0
+
+ $widgets(search_opts) raise left_expr_entry
+}
+
+
+proc Apol_Constraint::_createRightExpressionTab {} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ set ta_tab [$widgets(search_opts) insert end right_expr_entry -text "Right Side of Expression"]
+ set fm_right_expr [frame $ta_tab.right_expr]
+ grid $fm_right_expr -padx 4 -sticky ewns
+ foreach i {0} {
+ grid columnconfigure $ta_tab $i -weight 1 -uniform 1
+ }
+ grid rowconfigure $ta_tab 0 -weight 1
+# prefix frame title left_side right_side
+ _create_expression_box right_expr $fm_right_expr "Select either a keyword, user, role, type or type attribute" 0 1
+
+ $widgets(search_opts) raise right_expr_entry
+}
+
+
+proc Apol_Constraint::_create_expression_box {prefix f title left_expr right_expr} {
+ variable vals
+ variable widgets
+
+ set widgets(kta:use_${prefix}) [checkbutton $f.use -text $title \
+ -variable Apol_Constraint::vals(kta:use_${prefix})]
+ pack $widgets(kta:use_${prefix}) -side top -anchor w
+ trace add variable Apol_Constraint::vals(kta:use_${prefix}) write \
+ [list Apol_Constraint::_toggle_expression_box $prefix]
+
+ set w {}
+
+ if {$right_expr} {
+ set helptext "Select a keyword, user, role, type or type attribute for the right hand side of the constraint expression e.g.: \
+\n (left right) \
+\n (t1 == mlstrustedobject) \
+\n (r1 dom r2) \
+\n (r1 != system_r)\n \
+\nIf a type or attribute is selected the \"Only direct matches\" box can be used to determine searching as follows:\n \
+\n - If selected the type or type attribute identifier will be used for the match.\n \
+\n - If unselected and a type is selected: \
+\n The type identifier will be used for matching, also any type attributes found within the constraints expression will \
+\n be expanded and its list of types searched for a match.\n \
+\n - If unselected and an attribute is selected: \
+\n The type attribute identifier will be used for matching, also any types found within the constraints expression will \
+\n have its associated type attributes searched for a match.\n"
+ } else {
+ set helptext "Select a keyword for the left hand side of the constraint expression e.g.: \
+\n (left right)\n (r1 == r2)"
+ }
+
+ set widgets(kta:${prefix}) [ComboBox $f.sym \
+ -state disabled -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_Constraint::vals(kta:${prefix}) \
+ -helptext $helptext -autopost 1]
+ pack $widgets(kta:${prefix}) -expand 0 -fill x -padx 8
+ lappend w $widgets(kta:${prefix})
+
+ if {$left_expr} {
+ set ta_frame [frame $f.ta]
+ pack $ta_frame -expand 0 -anchor center -pady 2
+ trace add variable Apol_Constraint::vals(kta:${prefix},left_keyword) write \
+ [list Apol_Constraint::_toggle_left_side $prefix]
+ pack $widgets(kta:${prefix}) -expand 0 -fill x -padx 8
+ lappend w $widgets(kta:${prefix})
+
+ }
+
+ if {$right_expr} {
+ set ta_frame [frame $f.ta]
+ pack $ta_frame -expand 0 -anchor w -pady 2
+ set right_keyword [checkbutton $ta_frame.right_keyword -text "Keyword" -state disabled \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(kta:${prefix},right_keyword)]
+
+ set users [checkbutton $ta_frame.users -text "Users" -state disabled \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(kta:${prefix},users)]
+
+ set roles [checkbutton $ta_frame.roles -text "Roles" -state disabled \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(kta:${prefix},roles)]
+
+ set types [checkbutton $ta_frame.types -text "Types" -state disabled \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(kta:${prefix},types)]
+ set attribs [checkbutton $ta_frame.attribs -text "Attributes" -state disabled \
+ -onvalue 1 -offvalue 0 \
+ -variable Apol_Constraint::vals(kta:${prefix},attribs)]
+
+ $right_keyword configure -command [list Apol_Constraint::_toggle_kta_pushed $prefix $right_keyword]
+ $users configure -command [list Apol_Constraint::_toggle_kta_pushed $prefix $users]
+ $roles configure -command [list Apol_Constraint::_toggle_kta_pushed $prefix $roles]
+ $types configure -command [list Apol_Constraint::_toggle_kta_pushed $prefix $types]
+ $attribs configure -command [list Apol_Constraint::_toggle_kta_pushed $prefix $attribs]
+
+ trace add variable Apol_Constraint::vals(kta:${prefix},right_keyword) write \
+ [list Apol_Constraint::_toggle_right_side $prefix]
+ trace add variable Apol_Constraint::vals(kta:${prefix},users) write \
+ [list Apol_Constraint::_toggle_right_side $prefix]
+ trace add variable Apol_Constraint::vals(kta:${prefix},roles) write \
+ [list Apol_Constraint::_toggle_right_side $prefix]
+ trace add variable Apol_Constraint::vals(kta:${prefix},types) write \
+ [list Apol_Constraint::_toggle_right_side $prefix]
+ trace add variable Apol_Constraint::vals(kta:${prefix},attribs) write \
+ [list Apol_Constraint::_toggle_right_side $prefix]
+
+ pack $right_keyword $users $roles $types $attribs -side left -anchor w -padx 2
+ lappend w $right_keyword $users $roles $types $attribs
+ }
+
+ set widgets(kta:${prefix}_widgets) $w
+ trace add variable Apol_Constraint::enabled(kta:use_${prefix}) write \
+ [list Apol_Constraint::_toggle_left_right_box $prefix]
+}
+
+
+# called when there is a change in state to the top checkbutton within
+# an expression box
+proc Apol_Constraint::_toggle_expression_box {col name1 name2 op} {
+ variable enabled
+
+ # force a refresh of this box's state; this invokes
+ # _toggle_left_right_box callback
+ set enabled(kta:use_${col}) $enabled(kta:use_${col})
+}
+
+
+# disallow keyword, types and attribs to be selected within a kta box
+proc Apol_Constraint::_toggle_kta_pushed {col cb} {
+ variable vals
+
+ if {($vals(kta:${col},right_keyword) && $vals(kta:${col},attribs)) || \
+ ($vals(kta:${col},right_keyword) && $vals(kta:${col},users)) || \
+ ($vals(kta:${col},right_keyword) && $vals(kta:${col},roles)) || \
+ ($vals(kta:${col},right_keyword) && $vals(kta:${col},types)) || \
+ ($vals(kta:${col},attribs) && $vals(kta:${col},users)) || \
+ ($vals(kta:${col},attribs) && $vals(kta:${col},roles)) || \
+ ($vals(kta:${col},attribs) && $vals(kta:${col},types)) || \
+ ($vals(kta:${col},users) && $vals(kta:${col},roles)) || \
+ ($vals(kta:${col},users) && $vals(kta:${col},types)) || \
+ ($vals(kta:${col},roles) && $vals(kta:${col},types)) } {
+ tk_messageBox -icon error -type ok -title "Constraint Search" -message "Select either a keyword, user, role, type or type attribute."
+ $cb deselect
+ return
+ }
+}
+
+
+# called whenever the left or right box is enabled or disabled
+proc Apol_Constraint::_toggle_left_right_box {col name1 name2 op} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ if {$enabled(kta:use_${col})} {
+ $widgets(kta:use_${col}) configure -state normal
+ } else {
+ $widgets(kta:use_${col}) configure -state disabled
+ }
+ if {$enabled(kta:use_${col}) && $vals(kta:use_${col})} {
+ foreach w $widgets(kta:${col}_widgets) {
+ $w configure -state normal
+ }
+ $widgets(kta:${col}) configure -entrybg white
+ } else {
+ foreach w $widgets(kta:${col}_widgets) {
+ $w configure -state disabled
+ }
+ $widgets(kta:${col}) configure -entrybg $ApolTop::default_bg_color
+ }
+
+ # update this tab's name if one of the columns is enabled and used
+ if {($enabled(kta:use_left_expr) && $vals(kta:use_left_expr))} {
+ $widgets(search_opts) itemconfigure left_expr_entry -text "Left Side of Expression *"
+ } else {
+ $widgets(search_opts) itemconfigure left_expr_entry -text "Left Side of Expression"
+ }
+
+ if {($enabled(kta:use_right_expr) && $vals(kta:use_right_expr))} {
+ $widgets(search_opts) itemconfigure right_expr_entry -text "Right Side of Expression *"
+ } else {
+ $widgets(search_opts) itemconfigure right_expr_entry -text "Right Side of Expression"
+ }
+}
+
+
+proc Apol_Constraint::_toggle_left_side {col name1 name2 op} {
+ variable vals
+ variable widgets
+
+ set items {}
+
+ if {$vals(kta:${col},left_keyword)} {
+ append items [Apol_Constraint::getLeftKeyword]
+ }
+ $widgets(kta:${col}) configure -values $items
+}
+
+
+proc Apol_Constraint::_toggle_right_side {col name1 name2 op} {
+ variable vals
+ variable widgets
+
+ set items {}
+
+ if {$vals(kta:${col},right_keyword)} {
+ append items [Apol_Constraint::getRightKeyword]
+ }
+ if {$vals(kta:${col},users)} {
+ append items [Apol_Users::getUsers]
+ }
+ if {$vals(kta:${col},roles)} {
+ append items [Apol_Roles::getRoles]
+ }
+ if {$vals(kta:${col},types)} {
+ append items [Apol_Types::getTypes]
+ }
+ if {$vals(kta:${col},attribs)} {
+ append items [Apol_Types::getAttributes]
+ }
+
+ $widgets(kta:${col}) configure -values $items
+}
+
+
+# Returns a list of left keywords
+proc Apol_Constraint::getLeftKeyword {} {
+ variable vals
+ variable left_expr_list
+ set left_expr_list {}
+
+ if {[ApolTop::is_policy_open]} {
+ if { $vals(rs:constrain_enabled) == 1 || $vals(rs:mlsconstrain_enabled) == 1 } {
+ append left_expr_list [Apol_Constraint::_getKeywords "l" new_apol_constraint_query_t]
+ }
+ if { $vals(rs:validatetrans_enabled) == 1 || $vals(rs:mlsvalidatetrans_enabled) == 1 } {
+ append left_expr_list [Apol_Constraint::_getKeywords "l" new_apol_validatetrans_query_t]
+ }
+ lsort -unique $left_expr_list
+ } else {
+ set left_expr_list ""
+ }
+}
+
+
+# Returns a list of right keywords
+proc Apol_Constraint::getRightKeyword {} {
+ variable vals
+ variable right_expr_list
+ set right_expr_list {}
+
+ if {[ApolTop::is_policy_open]} {
+ if { $vals(rs:constrain_enabled) == 1 || $vals(rs:mlsconstrain_enabled) == 1 } {
+ append right_expr_list [Apol_Constraint::_getKeywords "r" new_apol_constraint_query_t]
+ }
+ if { $vals(rs:validatetrans_enabled) == 1 || $vals(rs:mlsvalidatetrans_enabled) == 1 } {
+ append right_expr_list [Apol_Constraint::_getKeywords "r" new_apol_validatetrans_query_t]
+ }
+ lsort -unique $right_expr_list
+ } else {
+ set right_expr_list ""
+ }
+}
+
+
+
+# code to create and handle the classe/permissions subtab
+proc Apol_Constraint::_createClassesPermsTab {} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ set objects_tab [$widgets(search_opts) insert end classperms -text "Classes/Permissions"]
+ set fm_objs [TitleFrame $objects_tab.objs -text "Object Classes"]
+ set fm_perms [TitleFrame $objects_tab.perms -text "Permissions"]
+ pack $fm_objs -side left -expand 0 -fill both -padx 2 -pady 2
+ pack $fm_perms -side left -expand 1 -fill both -padx 2 -pady 2
+
+ # object classes subframe
+ set sw [ScrolledWindow [$fm_objs getframe].sw -auto both]
+ set widgets(cp:classes) [listbox [$sw getframe].lb -height 5 -width 24 \
+ -highlightthickness 0 -selectmode multiple \
+ -exportselection 0 -state disabled \
+ -bg $ApolTop::default_bg_color \
+ -listvar Apol_Constraint::vals(cp:classes)]
+ $sw setwidget $widgets(cp:classes)
+ update
+ grid propagate $sw 0
+ bind $widgets(cp:classes) <<ListboxSelect>> \
+ [list Apol_Constraint::_toggle_cp_select classes]
+ pack $sw -expand 1 -fill both
+ set clear [button [$fm_objs getframe].b -text "Clear" -width 6 -state disabled \
+ -command [list Apol_Constraint::_clear_cp_listbox $widgets(cp:classes) classes]]
+ pack $clear -expand 0 -pady 2
+ set widgets(cp:classes_widgets) [list $widgets(cp:classes) $clear]
+
+ # permissions subframe
+ set f [$fm_perms getframe]
+ set sw [ScrolledWindow $f.sw -auto both]
+ set widgets(cp:perms) [listbox [$sw getframe].lb -height 5 -width 24 \
+ -highlightthickness 0 -selectmode multiple \
+ -exportselection 0 -bg white \
+ -listvar Apol_Constraint::vals(cp:perms)]
+ $sw setwidget $widgets(cp:perms)
+ update
+ grid propagate $sw 0
+ bind $widgets(cp:perms) <<ListboxSelect>> \
+ [list Apol_Constraint::_toggle_cp_select perms]
+ set clear [button $f.clear -text "Clear" \
+ -command [list Apol_Constraint::_clear_cp_listbox $widgets(cp:perms) perms]]
+ set reverse [button $f.reverse -text "Reverse" \
+ -command [list Apol_Constraint::_reverse_cp_listbox $widgets(cp:perms)]]
+ set perm_opts_f [frame $f.perms]
+ set perm_rb_f [frame $perm_opts_f.rb]
+ set l [label $perm_rb_f.l -text "Permissions to show:" -state disabled]
+ set all [radiobutton $perm_rb_f.all -text "All" \
+ -variable Apol_Constraint::vals(cp:perms_toshow) -value all]
+ set union [radiobutton $perm_rb_f.union -text "All for selected classes" \
+ -variable Apol_Constraint::vals(cp:perms_toshow) -value union]
+ set intersect [radiobutton $perm_rb_f.inter -text "Common to selected classes" \
+ -variable Apol_Constraint::vals(cp:perms_toshow) -value intersect]
+ trace add variable Apol_Constraint::vals(cp:perms_toshow) write \
+ Apol_Constraint::_toggle_perms_toshow
+ pack $l $all $union $intersect -anchor w
+ set all_perms [checkbutton $perm_opts_f.all -text "Constraint must have all selected permissions" \
+ -variable Apol_Constraint::vals(cp:perms_matchall)]
+ pack $perm_rb_f $all_perms -anchor w -pady 4 -padx 4
+ grid $sw - $perm_opts_f -sticky nsw
+ grid $clear $reverse ^ -pady 2 -sticky ew
+ grid columnconfigure $f 0 -weight 0 -uniform 1 -pad 2
+ grid columnconfigure $f 1 -weight 0 -uniform 1 -pad 2
+ grid columnconfigure $f 2 -weight 1
+ grid rowconfigure $f 0 -weight 1
+ set widgets(cp:perms_widgets) \
+ [list $widgets(cp:perms) $clear $reverse $l $all $union $intersect $all_perms]
+
+ trace add variable Apol_Constraint::vals(cp:classes_selected) write \
+ [list Apol_Constraint::_update_cp_tabname]
+ trace add variable Apol_Constraint::vals(cp:perms_selected) write \
+ [list Apol_Constraint::_update_cp_tabname]
+ trace add variable Apol_Constraint::enabled(cp:classes) write \
+ [list Apol_Constraint::_toggle_enable_cp classes]
+ trace add variable Apol_Constraint::enabled(cp:perms) write \
+ [list Apol_Constraint::_toggle_enable_cp perms]
+}
+
+
+proc Apol_Constraint::_toggle_enable_cp {prefix name1 name2 op} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ if {$enabled(cp:${prefix})} {
+ foreach w $widgets(cp:${prefix}_widgets) {
+ $w configure -state normal
+ }
+ $widgets(cp:${prefix}) configure -bg white
+ } else {
+ foreach w $widgets(cp:${prefix}_widgets) {
+ $w configure -state disabled
+ }
+ $widgets(cp:${prefix}) configure -bg $ApolTop::default_bg_color
+ }
+ # force a refresh of this tab's name
+ set vals(cp:${prefix}_selected) $vals(cp:${prefix}_selected)
+}
+
+
+proc Apol_Constraint::_toggle_perms_toshow {name1 name2 op} {
+ variable vals
+ variable widgets
+
+ if {$vals(cp:perms_toshow) == "all"} {
+ # don't change the list of permissions if there was a new
+ # object class selection and the current radiobutton is all
+ if {$op != "update"} {
+ set vals(cp:perms) $Apol_Class_Perms::perms_list
+ set vals(cp:perms_selected) {}
+ }
+ } elseif {$vals(cp:perms_toshow) == "union"} {
+ set vals(cp:perms) {}
+ set vals(cp:perms_selected) {}
+ foreach class $vals(cp:classes_selected) {
+ set vals(cp:perms) [lsort -unique -dictionary [concat $vals(cp:perms) [Apol_Class_Perms::getPermsForClass $class]]]
+ }
+ } else { ;# intersection
+ set vals(cp:perms) {}
+ set vals(cp:perms_selected) {}
+ set classes {}
+ foreach i [$widgets(cp:classes) curselection] {
+ lappend classes [$widgets(cp:classes) get $i]
+ }
+ if {$classes == {}} {
+ return
+ }
+ set vals(cp:perms) [Apol_Class_Perms::getPermsForClass [lindex $classes 0]]
+ foreach class [lrange $classes 1 end] {
+ set this_perms [Apol_Class_Perms::getPermsForClass $class]
+ set new_perms {}
+ foreach p $vals(cp:perms) {
+ if {[lsearch -exact $this_perms $p] >= 0} {
+ lappend new_perms $p
+ }
+ }
+ set vals(cp:perms) $new_perms
+ }
+ }
+}
+
+
+# called whenever an item with a class/perm listbox is
+# selected/deselected
+proc Apol_Constraint::_toggle_cp_select {col} {
+ variable vals
+ variable widgets
+
+ set items {}
+ foreach i [$widgets(cp:${col}) curselection] {
+ lappend items [$widgets(cp:${col}) get $i]
+ }
+ set vals(cp:${col}_selected) $items
+ if {$col == "classes"} {
+ _toggle_perms_toshow {} {} update
+ }
+}
+
+
+proc Apol_Constraint::_clear_cp_listbox {lb prefix} {
+ variable vals
+
+ $lb selection clear 0 end
+ set vals(cp:${prefix}_selected) {}
+ if {$prefix == "classes"} {
+ _toggle_perms_toshow {} {} update
+ }
+}
+
+
+proc Apol_Constraint::_reverse_cp_listbox {lb} {
+ variable vals
+
+ set old_selection [$lb curselection]
+ set items {}
+ for {set i 0} {$i < [$lb index end]} {incr i} {
+ if {[lsearch $old_selection $i] >= 0} {
+ $lb selection clear $i
+ } else {
+ $lb selection set $i
+ lappend items [$lb get $i]
+ }
+ }
+ set vals(cp:perms_selected) $items
+}
+
+
+proc Apol_Constraint::_update_cp_tabname {name1 name2 op} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ if {($enabled(cp:classes) && $vals(cp:classes_selected) > 0) || \
+ ($enabled(cp:perms) && $vals(cp:perms_selected) > 0)} {
+ $widgets(search_opts) itemconfigure classperms -text "Classes/Permissions *"
+ } else {
+ $widgets(search_opts) itemconfigure classperms -text "Classes/Permissions"
+ }
+}
+
+
+proc Apol_Constraint::_delete_results {pageID} {
+ variable widgets
+ variable tabs
+
+ # Remove tab and its widgets
+ set curpos [$widgets(results) index $pageID]
+ $widgets(results) delete $pageID
+ array unset tabs $pageID:*
+ array unset tabs $pageID
+
+ # try to raise the next tab
+ if {[set next_id [$widgets(results) pages $curpos]] != {}} {
+ _switch_to_tab $next_id
+ } elseif {$curpos > 0} {
+ # raise the previous page instead
+ _switch_to_tab [$widgets(results) pages [expr {$curpos - 1}]]
+ } else {
+ # no tabs remaining
+ $widgets(update) configure -state disabled
+ }
+}
+
+
+proc Apol_Constraint::_display_rename_tab_dialog {pageID} {
+ variable widgets
+ variable tabs
+
+ set d [Dialog .apol_te_tab_rename -homogeneous 1 -spacing 2 -cancel 1 \
+ -default 0 -modal local -parent . -place center -separator 1 \
+ -side bottom -title "Rename Results Tab"]
+ $d add -text "OK" -command [list $d enddialog "ok"]
+ $d add -text "Cancel" -command [list $d enddialog "cancel"]
+ set f [$d getframe]
+ set l [label $f.l -text "Tab name:"]
+ set tabs(tab:new_name) [$widgets(results) itemcget $pageID -text]
+ set e [entry $f.e -textvariable Apol_Constraint::tabs(tab:new_name) -width 16 -bg white]
+ pack $l $e -side left -padx 2
+ set retval [$d draw]
+ destroy $d
+ if {$retval == "ok"} {
+ $widgets(results) itemconfigure $pageID -text $tabs(tab:new_name)
+ }
+}
+
+
+proc Apol_Constraint::_delete_current_results {} {
+ variable widgets
+
+ if {[set curid [$widgets(results) raise]] != {}} {
+ _delete_results $curid
+ }
+}
+
+
+proc Apol_Constraint::_create_new_results_tab {} {
+ variable vals
+ variable widgets
+ variable tabs
+
+ set i $tabs(next_result_id)
+ incr tabs(next_result_id)
+ set id "results$i"
+ set frame [$widgets(results) insert end "$id" -text "Results $i"]
+ $widgets(results) raise $id
+ set tabs($id) [Apol_Widget::makeSearchResults $frame.results]
+ pack $tabs($id) -expand 1 -fill both
+
+ set tabs($id:vals) [array get vals]
+ return $tabs($id)
+}
+
+
+proc Apol_Constraint::_switch_to_tab {pageID} {
+ variable vals
+ variable widgets
+ variable tabs
+
+ # check if switching to already visible tab
+ if {[$Apol_Constraint::widgets(results) raise] == $pageID} {
+ return
+ }
+ $widgets(results) raise $pageID
+ set cur_search_opts [$widgets(search_opts) raise]
+
+ # restore the tab's search criteria
+ array set tmp_vals $tabs($pageID:vals)
+ set classes_selected $tmp_vals(cp:classes_selected)
+ set perms_selected $tmp_vals(cp:perms_selected)
+ array set vals $tabs($pageID:vals)
+ _initializeWidgets
+ set vals(cp:classes_selected) $classes_selected
+ set vals(cp:perms_selected) $perms_selected
+ foreach c $classes_selected {
+ $widgets(cp:classes) selection set [lsearch $vals(cp:classes) $c]
+ }
+ foreach p $perms_selected {
+ $widgets(cp:perms) selection set [lsearch $vals(cp:perms) $p]
+ }
+ $widgets(search_opts) raise $cur_search_opts
+}
+
+
+proc Apol_Constraint::_reset {} {
+ variable enabled
+
+ set old_classes_enabled $enabled(cp:classes)
+ _initializeVars
+ _initializeWidgets
+ if {[set enabled(cp:classes) $old_classes_enabled]} {
+ variable vals
+ set vals(cp:classes) [Apol_Class_Perms::getClasses]
+ set enabled(cp:classes) 1
+ set enabled(cp:perms) 1
+ }
+}
+
+# This is the main constraint search option
+proc Apol_Constraint::_search_constraints {whichButton} {
+ variable vals
+ variable widgets
+ variable enabled
+ variable tabs
+ variable statement_count
+
+ if {![ApolTop::is_policy_open]} {
+ tk_messageBox -icon error -type ok -title "Constraint Search" \
+ -message "No current policy file is opened."
+ return
+ }
+
+ if { $vals(rs:constrain_enabled) == 0 && \
+ $vals(rs:mlsconstrain_enabled) == 0 && \
+ $vals(rs:validatetrans_enabled) == 0 && \
+ $vals(rs:mlsvalidatetrans_enabled) == 0 } {
+ tk_messageBox -icon error -type ok -title "Constraint Search" \
+ -message "At least one constraint must be selected."
+ return
+ }
+
+ if {$whichButton == "new"} {
+ set sr [_create_new_results_tab]
+ } else {
+ set id [$widgets(results) raise]
+ set tabs($id:vals) [array get vals]
+ set sr $tabs($id)
+ Apol_Widget::clearSearchResults $sr
+ }
+
+ if {$enabled(kta:use_left_expr) && $vals(kta:use_left_expr) && $vals(kta:left_expr) == {}} {
+ tk_messageBox -icon error -type ok -title "Constraint Search" -message "No left keyword has been selected."
+ return
+ }
+ if {$enabled(kta:use_right_expr) && $vals(kta:use_right_expr) && $vals(kta:right_expr) == {}} {
+ tk_messageBox -icon error -type ok -title "Constraint Search" -message "No right keyword, type or attribute has been selected."
+ return
+ }
+
+ set results {}
+ set header {}
+
+ # Check if the statements are enabled for mls/constrain and then get info
+ if { $vals(rs:constrain_enabled) == 1 } {
+ append results [Apol_Constraint::_searchForMatch "constrain" "constrain" new_apol_constraint_query_t]
+ append header "$statement_count constrain rules match the search criteria.\n"
+ }
+ if { $vals(rs:mlsconstrain_enabled) == 1 } {
+ append results [Apol_Constraint::_searchForMatch "mlsconstrain" "constrain" new_apol_constraint_query_t]
+ append header "$statement_count mlsconstrain rules match the search criteria.\n"
+ }
+
+ # Check if the statements are enabled for mls/validatetrans and then get info
+ if { $vals(rs:validatetrans_enabled) == 1 } {
+ append results [Apol_Constraint::_searchForMatch "validatetrans" "validatetrans" new_apol_validatetrans_query_t]
+ append header "$statement_count validatetrans rules match the search criteria.\n"
+ }
+ if { $vals(rs:mlsvalidatetrans_enabled) == 1 } {
+ append results [Apol_Constraint::_searchForMatch "mlsvalidatetrans" "validatetrans" new_apol_validatetrans_query_t]
+ append header "$statement_count mlsvalidatetrans match the search criteria.\n"
+ }
+
+ foreach x {new update reset} {
+ $widgets($x) configure -state disabled
+ }
+
+ Apol_Progress_Dialog::wait "Constraint Rules" "Searching rules" {
+ Apol_Widget::appendSearchResultText $sr "$header\n"
+ Apol_Widget::appendSearchResultText $sr $results
+ }
+
+ $widgets(new) configure -state normal
+ $widgets(reset) configure -state normal
+ if {[$widgets(results) pages] != {} || $retval == 0} {
+ $widgets(update) configure -state normal
+ }
+ return
+}
+
+
+# Start here to process constraints
+proc Apol_Constraint::_searchForMatch {statement family command} {
+ variable vals
+ variable widgets
+ variable enabled
+ variable match_right_type_names
+ variable statement_count
+
+ set statement_count 0
+ set entries {}
+
+ set q [$command]
+ # This reads in the constraint info
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+
+ # This loop will process each constraint in the policy
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set constrain_type {}
+ set perm_list {}
+ set class_list {}
+ set expr_type {}
+ set op {}
+ set sym_type {}
+
+ # These are used to check if the search criteria has been met when
+ # the left or right expression info has been set.
+ set match_left_keyword_names 0
+ set match_left_keyword_attr 0
+ set match_right_keyword_attr 0
+ set match_right_type_names 0
+
+ set q [qpol_constraint_from_void [$v get_element $i]]
+
+ # Find if this is an mls rule or not
+ set x [$q get_expr_iter $::ApolTop::qpolicy]
+ while {![$x end]} {
+ foreach t [iter_to_list $x] {
+ set t [qpol_constraint_expr_node_from_void $t]
+ # Get Symbol type and save it
+ set sym_type [$t get_sym_type $::ApolTop::qpolicy]
+ if { $sym_type >= $::QPOL_CEXPR_SYM_L1L2 } {
+ set constrain_type "mls"
+ break
+ }
+ }
+ }
+ append constrain_type $family
+ $x -acquire
+ $x -delete
+
+ # Check if the statement is the requested type
+ if { $statement != $constrain_type } {
+ continue
+ }
+
+ # This gets the class name
+ set match_class 0
+ append class_list "\{ "
+ set class_name [[$q get_class $::ApolTop::qpolicy] get_name $::ApolTop::qpolicy]
+ append class_list $class_name
+ append class_list " \}"
+
+ # Check if class selected
+ if {($enabled(cp:classes) && $vals(cp:classes_selected) > 0)} {
+ foreach c $vals(cp:classes_selected) {
+ if { $c == $class_name } {
+ set match_class 1
+ }
+ }
+ }
+ # Skip this constraint if it does not match criteria
+ if {($match_class == 0 && $vals(cp:classes_selected) > 0)} {
+ continue
+ }
+
+ # validatetrans does not use permissions
+ if { $family == "constrain" } {
+ # This gets perm list:
+ set x [$q get_perm_iter $::ApolTop::qpolicy]
+ set match_perm 0
+ append perm_list "\{ "
+ foreach perm [iter_to_str_list $x] {
+ append perm_list "$perm "
+ # Check if perm selected
+ if {($enabled(cp:perms) && $vals(cp:perms_selected) > 0)} {
+ foreach c $vals(cp:perms_selected) {
+ if { $c == $perm } {
+ set match_perm 1
+ }
+ }
+ }
+ }
+ # Skip this constraint as it does not match criteria
+ if {($match_perm == 0 && $vals(cp:perms_selected) > 0)} {
+ continue
+ }
+ append perm_list "\}"
+ $x -acquire
+ $x -delete
+ }
+
+ # This get expressions
+ set x [$q get_expr_iter $::ApolTop::qpolicy]
+
+ # This contains the number of constraint expr's processed.
+ set constraint_expr_counter 0
+ # This is the constraint_expr buffer that is indexed by the
+ # $constraint_expr_counter
+ set array constraint_expr_buf($constraint_expr_counter)
+ array unset constraint_expr_buf
+
+ # This loop will process each part of the expression consisting of:
+ # Operators: !, &&, ||. The ! applies only to an operand.
+ # Operands/expressions such as: (r1 == r2), (t1 != name)
+ while {![$x end]} {
+ foreach t [iter_to_list $x] {
+ set t [qpol_constraint_expr_node_from_void $t]
+
+ # Get Operator and save it
+ set op [$t get_op $::ApolTop::qpolicy]
+
+ # Get Symbol type and save it
+ set sym_type [$t get_sym_type $::ApolTop::qpolicy]
+
+ # Get expression and save it
+ set expr_type [$t get_expr_type $::ApolTop::qpolicy]
+
+ # Now check expression for entry type !, && or ||.
+ # These are the operators between constraint expressions
+ if { $expr_type == $::QPOL_CEXPR_TYPE_NOT } {
+ set constraint_expr_counter [expr $constraint_expr_counter + 1]
+ append constraint_expr_buf($constraint_expr_counter) "not"
+ }
+
+ if { $expr_type == $::QPOL_CEXPR_TYPE_AND } {
+ set constraint_expr_counter [expr $constraint_expr_counter + 1]
+ append constraint_expr_buf($constraint_expr_counter) "and"
+ }
+
+ if { $expr_type == $::QPOL_CEXPR_TYPE_OR } {
+ set constraint_expr_counter [expr $constraint_expr_counter + 1]
+ append constraint_expr_buf($constraint_expr_counter) "or"
+ }
+
+ # If the expression is TYPE_ATTR then it's form is (t1 == t2)
+ if { $expr_type == $::QPOL_CEXPR_TYPE_ATTR } {
+ set constraint_expr_counter [expr $constraint_expr_counter + 1]
+
+ # Get the symbol name, this will be used twice, once
+ # to retrieve the string name for source entry, then
+ # the string name for the target entry.
+ set sym_name [Apol_Constraint::_getSym $sym_type]
+ append constraint_expr_buf($constraint_expr_counter) "( $sym_name "
+
+ # Check if keyword selected
+ if {$vals(kta:use_left_expr) == 1 && $vals(kta:left_expr) == $sym_name} {
+ set match_left_keyword_attr 1
+ }
+
+ # Get the operator and change to "eq" if required
+ set op [$t get_op $::ApolTop::qpolicy]
+ set op_name [Apol_Constraint::_getOp $op]
+ if { $op_name == "==" && \
+ ([string compare -length 1 $sym_name "r"] == 0 || \
+ [string compare -length 1 $sym_name "l"] == 0 || \
+ [string compare -length 1 $sym_name "h"] == 0) } {
+ set op_name "eq"
+ }
+ append constraint_expr_buf($constraint_expr_counter) $op_name
+
+ # Then using the sym_name again, get the target entry.
+ set sym_type [expr $sym_type | $::QPOL_CEXPR_SYM_TARGET]
+ set sym_name [Apol_Constraint::_getSym $sym_type]
+ append constraint_expr_buf($constraint_expr_counter) " $sym_name )"
+
+ # Check if keyword selected
+ if {$vals(kta:use_right_expr) == 1 && \
+ $vals(kta:right_expr) == $sym_name && \
+ $vals(kta:right_expr,right_keyword) == 1} {
+ set match_right_keyword_attr 1
+ }
+ }
+
+ # If the expression is TYPE_NAMES then expand the source
+ # types or attributes using 'get_names_iter'
+ # Example entries: ( t1 == mlstrustedobject )
+ # ( t1 != { unconfined_t init_t } )
+ # Note that if an attribute has been selected it could be
+ # an empty_set.
+ if { $expr_type == $::QPOL_CEXPR_TYPE_NAMES } {
+ set constraint_expr_counter [expr $constraint_expr_counter + 1]
+
+ # Get the symbol name, this is only used once to
+ # to retrieve the string name for source entry.
+ set sym_name [Apol_Constraint::_getSym $sym_type]
+ append constraint_expr_buf($constraint_expr_counter) "( $sym_name "
+
+ # Check if keyword selected
+ if {$vals(kta:use_left_expr) == 1 && \
+ $vals(kta:left_expr) == $sym_name} {
+ set match_left_keyword_names 1
+ }
+
+ set op [$t get_op $::ApolTop::qpolicy]
+ set op_name [Apol_Constraint::_getOp $op]
+ append constraint_expr_buf($constraint_expr_counter) $op_name
+
+ # Need to get the number of entries. These can be
+ # type or attribute identifiers.
+ set tmp_list {}
+ set return_list {}
+ set n [$t get_names_iter $::ApolTop::qpolicy]
+ set n_size [[$t get_names_iter $::ApolTop::qpolicy] get_size]
+
+ # If > 0 then put entries in a tmp_list for later processing.
+ if { $n_size > 0 } {
+ foreach name [iter_to_str_list $n] {
+ append tmp_list "$name "
+ }
+ #
+ # Now check search parameters for the $name entries of
+ # the right side of the expression. The $tmp_list can
+ # contain user, role, type or type attribute names
+ # depending on the initial letter of $sym_name.
+ #
+ if { ([string compare -length 1 $sym_name "t"] == 0 && \
+ $vals(kta:use_right_expr) == 1) && \
+ ($vals(kta:right_expr,types) == 1 || \
+ $vals(kta:right_expr,attribs) == 1) } {
+ # This calls type and attribute processing:
+ set tmp_list [Apol_Constraint::_process_TA $vals(kta:right_expr) $tmp_list]
+ } elseif { ($vals(kta:use_right_expr) == 1 && \
+ $vals(kta:right_expr,roles) == 1 && \
+ [string compare -length 1 $sym_name "r"] == 0) || \
+ ($vals(kta:use_right_expr) == 1 && \
+ $vals(kta:right_expr,users) == 1 && \
+ [string compare -length 1 $sym_name "u"] == 0) } {
+ foreach c $tmp_list {
+ if { $c == $vals(kta:right_expr) } {
+ set match_right_type_names 1
+ set tmp_list $name
+ continue
+ }
+ }
+ }
+ # else if size == 0 then just say an empty set. Also
+ # check if the requested attribute is an empty set.
+ } elseif { $n_size == 0 } {
+ set tmp_list "<empty_set>"
+ if { [Apol_Constraint::_checkIfEmptyAttr $vals(kta:right_expr)] && \
+ [string compare -length 1 $sym_name "t"] == 0 } {
+ set match_right_type_names 1
+ }
+ }
+
+ # Copy tmp_list to the constraint buffer.
+ if { [llength $tmp_list] > 1 } {
+ append constraint_expr_buf($constraint_expr_counter) " \{ $tmp_list\} )"
+ } else {
+ append constraint_expr_buf($constraint_expr_counter) " $tmp_list )"
+ }
+ $n -acquire
+ $n -delete
+ }
+ }
+ }
+ $x -acquire
+ $x -delete
+ # Done with processing all the expressions, now check if they
+ # were enabled or not and valid search entries found.
+ if {($vals(kta:use_left_expr) == 1 && $vals(kta:use_right_expr) == 1) && \
+ [expr (($match_left_keyword_names | $match_left_keyword_attr) & \
+ ($match_right_keyword_attr | $match_right_type_names))] == 0} {
+ continue
+ }
+
+ if {($vals(kta:use_left_expr) == 1 && $vals(kta:use_right_expr) == 0) && \
+ [expr $match_left_keyword_names | $match_left_keyword_attr] == 0} {
+ continue
+ }
+
+ if {($vals(kta:use_left_expr) == 0 && $vals(kta:use_right_expr) == 1) && \
+ ($vals(kta:right_expr,users) == 1 || \
+ $vals(kta:right_expr,roles) == 1 || \
+ $vals(kta:right_expr,attribs) == 1 || \
+ $vals(kta:right_expr,types) == 1 || \
+ $vals(kta:right_expr,right_keyword) == 1) && \
+ [expr $match_right_type_names | $match_right_keyword_attr ] == 0} {
+ continue
+ }
+
+ #
+ # This takes each entry in the RPN formatted constraint_expr_buf and
+ # converts to infix format that resembles the constraint string in
+ # policy language format. It is a modified version from:
+ # http://rosettacode.org/wiki/Parsing/RPN_to_infix_conversion
+ #
+ set stack {}
+ foreach entry [lsort -integer [array names constraint_expr_buf]] {
+ set token $constraint_expr_buf($entry)
+ switch $token {
+ "not" - "and" - "or" {
+ lassign [Apol_Constraint::_pop stack] expr2rec expr2
+ # The ! is not treated the same as && || as it only
+ # applies to a single expression i.e. !(expression)
+ # So just pop the stack and add the !. Should there be
+ # another ! in the expression, then add brackets.
+ if { $token == "not" } {
+ set ans [string compare -length 1 $expr2 "not"]
+ if { $ans == 0 } {
+ lappend stack [list 1 "$token \($expr2\)"]
+ } else {
+ lappend stack [list 1 "$token$expr2"]
+ }
+ continue
+ } else {
+ lassign [Apol_Constraint::_pop stack] expr1rec expr1
+ lappend stack [list 1 "$expr1 $token $expr2"]
+ }
+ }
+ default {
+ lappend stack [list 2 $token]
+ }
+ }
+ }
+ if { [array size constraint_expr_buf] == 1 } {
+ set expression "[lindex $stack end 1];"
+ } else {
+ set expression "([lindex $stack end 1]);"
+ }
+ set statement_count [expr $statement_count + 1]
+ append entries "$constrain_type $class_list $perm_list\n $expression\n\n"
+ }
+ return $entries
+}
+
+######### End of search routine - Start supporting procs ################
+
+# The pop stack routine for RPN conversion
+proc Apol_Constraint::_pop {stk} {
+ upvar 1 $stk s
+ set val [lindex $s end]
+ set s [lreplace $s end end]
+ return $val
+}
+
+
+# Take an attribute name and expands it to a list of types.
+proc Apol_Constraint::_renderAttrib {attrib_name} {
+ set type_list {}
+ set qpol_type_datum [new_qpol_type_t $::ApolTop::qpolicy $attrib_name]
+ set i [$qpol_type_datum get_type_iter $::ApolTop::qpolicy]
+ foreach t [iter_to_list $i] {
+ set t [qpol_type_from_void $t]
+ lappend type_list [$t get_name $::ApolTop::qpolicy]
+ }
+ if { $type_list == "" } {
+ lappend type_list "<empty_set>"
+ }
+ $i -acquire
+ $i -delete
+ return $type_list
+}
+
+
+# This will return a list of attributes linked to the type_name
+proc Apol_Constraint::_renderType {type_name} {
+ set qpol_type_datum [new_qpol_type_t $::ApolTop::qpolicy $type_name]
+ set aliases {}
+ set attribs {}
+
+ set i [$qpol_type_datum get_alias_iter $::ApolTop::qpolicy]
+ set aliases [iter_to_str_list $i]
+ $i -acquire
+ $i -delete
+
+ set i [$qpol_type_datum get_attr_iter $::ApolTop::qpolicy]
+ foreach a [iter_to_list $i] {
+ set a [qpol_type_from_void $a]
+ lappend attribs [$a get_name $::ApolTop::qpolicy]
+ }
+ $i -acquire
+ $i -delete
+ return $attribs
+}
+
+
+# Check if the name is a type or attribute.
+proc Apol_Constraint::_checkTypeOrAttr {name} {
+ set type_list {}
+
+ set qpol_type_datum [new_qpol_type_t $::ApolTop::qpolicy $name]
+ set x [$qpol_type_datum get_isattr $::ApolTop::qpolicy ]
+ if { $x == 1 } {
+ return "attribute"
+ } else {
+ return "type"
+ }
+ $x -acquire
+ $x -delete
+}
+
+
+# Return Left or Right expr keywords
+proc Apol_Constraint::_getKeywords {side command} {
+ set list {}
+ set left_list {}
+ set right_list {}
+
+ set q [$command]
+ # This reads in the constraint info
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+
+ # This loop will process each constraint in the policy
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set expr_type {}
+ set sym_type {}
+ set q [qpol_constraint_from_void [$v get_element $i]]
+
+ # This get expressions
+ set x [$q get_expr_iter $::ApolTop::qpolicy]
+ while {![$x end]} {
+ foreach t [iter_to_list $x] {
+ set t [qpol_constraint_expr_node_from_void $t]
+ set sym_type [$t get_sym_type $::ApolTop::qpolicy]
+ set expr_type [$t get_expr_type $::ApolTop::qpolicy]
+
+ if { $expr_type == $::QPOL_CEXPR_TYPE_ATTR } {
+ set sym_name [Apol_Constraint::_getSym $sym_type]
+ append left_list "$sym_name "
+ # Then using the sym_name again, get the target entry.
+ set sym_type [expr $sym_type | $::QPOL_CEXPR_SYM_TARGET]
+ set sym_name [Apol_Constraint::_getSym $sym_type]
+ append right_list "$sym_name "
+ }
+
+ if { $expr_type == $::QPOL_CEXPR_TYPE_NAMES } {
+ set sym_name [Apol_Constraint::_getSym $sym_type]
+ append left_list "$sym_name "
+ }
+ }
+ }
+ $x -acquire
+ $x -delete
+
+ if {$side == "l"} {
+ append list $left_list
+ } else {
+ append list $right_list
+ }
+ }
+ $v -acquire
+ $v -delete
+ return $list
+}
+
+
+# Here because a type or type_attribute search has been actioned
+proc Apol_Constraint::_process_TA {name search_list} {
+ variable match_right_type_names
+ variable vals
+
+ foreach ta $search_list {
+ if { $ta == $name } {
+ set match_right_type_names 1
+ return $search_list
+ }
+ }
+ return $search_list
+}
+
+
+# Get symbol from expression
+proc Apol_Constraint::_getSym {sym_type} {
+ set symbol {}
+
+ # These are source for mls/constrain and old for mls/validatetrans
+ if { $sym_type == $::QPOL_CEXPR_SYM_USER } {
+ append symbol "u1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_ROLE } {
+ append symbol "r1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_TYPE } {
+ append symbol "t1"
+ }
+
+ # These are target for mls/constrain and new for mls/validatetrans
+ if { $sym_type == $::QPOL_CEXPR_SYM_USER+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "u2"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_ROLE+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "r2"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_TYPE+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "t2"
+ }
+ # These are source for mls/validatetrans
+ if { $sym_type == $::QPOL_CEXPR_SYM_USER+$::QPOL_CEXPR_SYM_XTARGET } {
+ append symbol "u3"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_ROLE+$::QPOL_CEXPR_SYM_XTARGET } {
+ append symbol "r3"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_TYPE+$::QPOL_CEXPR_SYM_XTARGET } {
+ append symbol "t3"
+ }
+
+ # Source levels for mlsconstrain and mlsvalidatetrans
+ if { $sym_type == $::QPOL_CEXPR_SYM_L1L2 } {
+ append symbol "l1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_L1H2 } {
+ append symbol "l1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_H1L2 } {
+ append symbol "h1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_H1H2 } {
+ append symbol "h1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_L1H1 } {
+ append symbol "l1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_L2H2 } {
+ append symbol "l2"
+ }
+
+ # Target levels for mlsconstrain and mlsvalidatetrans
+ if { $sym_type == $::QPOL_CEXPR_SYM_L1L2+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "l2"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_L1H2+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "h2"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_H1L2+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "l2"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_H1H2+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "h2"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_L1H1+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "h1"
+ }
+ if { $sym_type == $::QPOL_CEXPR_SYM_L2H2+$::QPOL_CEXPR_SYM_TARGET } {
+ append symbol "h2"
+ }
+ if { $symbol == "" } {
+ append symbol "err_sym_missing"
+ }
+ return $symbol
+}
+
+
+# Get Operator
+proc Apol_Constraint::_getOp {op} {
+ set entry {}
+
+ if { $op == $::QPOL_CEXPR_OP_EQ } {
+ append entry "=="
+ }
+ if { $op == $::QPOL_CEXPR_OP_NEQ } {
+ append entry "!="
+ }
+ if { $op == $::QPOL_CEXPR_OP_DOM } {
+ append entry "dom"
+ }
+ if { $op == $::QPOL_CEXPR_OP_DOMBY } {
+ append entry "domby"
+ }
+ if { $op == $::QPOL_CEXPR_OP_INCOMP } {
+ append entry "incomp"
+ }
+ if { $entry == "" } {
+ append entry "op_missing"
+ }
+ return $entry
+}
+
diff --git a/apol/default_objects_tab.tcl b/apol/default_objects_tab.tcl
new file mode 100644
index 0000000..6cf764b
--- /dev/null
+++ b/apol/default_objects_tab.tcl
@@ -0,0 +1,370 @@
+# Copyright (C) 2001-2007 Tresys Technology, LLC
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+namespace eval Apol_DefaultObjects {
+ variable vals
+ variable widgets
+ variable mls_enabled {0}
+ variable statement_count
+}
+
+proc Apol_DefaultObjects::create {tab_name nb} {
+ variable vals
+ variable widgets
+
+ _initializeVars
+
+ set frame [$nb insert end $tab_name -text "Default Object Rules"]
+ set topf [frame $frame.top]
+ set bottomf [frame $frame.bottom]
+ pack $topf -expand 0 -fill both -pady 2
+ pack $bottomf -expand 1 -fill both -pady 2
+
+ set rsbox [TitleFrame $topf.rs -ipad 30 -text "Rule Selection"]
+ set obox [TitleFrame $topf.opts -text "Search Options"]
+ set dbox [TitleFrame $bottomf.results -text "Default Object Rules Display"]
+ pack $rsbox -side left -expand 0 -fill both -padx 2
+ pack $obox -side left -expand 1 -fill both -padx 2
+ pack $dbox -expand 1 -fill both -padx 2
+
+ # Rule selection subframe
+ set rs [$rsbox getframe]
+ checkbutton $rs.default_user -text "default_user" -onvalue 1 -offvalue 0 \
+ -variable Apol_DefaultObjects::vals(default_user_enabled)
+ trace add variable Apol_DefaultObjects::vals(default_user_enabled) write \
+ [list Apol_DefaultObjects::_ruleChanged]
+ checkbutton $rs.default_role -text "default_role" -onvalue 1 -offvalue 0 \
+ -variable Apol_DefaultObjects::vals(default_role_enabled)
+ trace add variable Apol_DefaultObjects::vals(default_role_enabled) write \
+ [list Apol_DefaultObjects::_ruleChanged]
+ checkbutton $rs.default_type -text "default_type" -onvalue 1 -offvalue 0 \
+ -variable Apol_DefaultObjects::vals(default_type_enabled)
+ trace add variable Apol_DefaultObjects::vals(default_type_enabled) write \
+ [list Apol_DefaultObjects::_ruleChanged]
+ checkbutton $rs.default_range -text "default_range" -onvalue 1 -offvalue 0 \
+ -variable Apol_DefaultObjects::vals(default_range_enabled)
+ trace add variable Apol_DefaultObjects::vals(default_range_enabled) write \
+ [list Apol_DefaultObjects::_ruleChanged]
+ pack $rs.default_user $rs.default_role $rs.default_type $rs.default_range -side top -anchor w
+
+ set widgets(options_pm) [PagesManager [$obox getframe].opts]
+
+ _defaultObjectCreate [$widgets(options_pm) add default_object]
+
+ $widgets(options_pm) compute_size
+ pack $widgets(options_pm) -expand 1 -fill both -side left
+ $widgets(options_pm) raise default_object
+
+ set ok [button [$obox getframe].ok -text OK -width 6 -command Apol_DefaultObjects::_searchDefaultObjects]
+ pack $ok -side right -padx 5 -pady 5 -anchor ne
+
+ set widgets(results) [Apol_Widget::makeSearchResults [$dbox getframe].results]
+ pack $widgets(results) -expand yes -fill both
+
+ return $frame
+}
+
+proc Apol_DefaultObjects::open {ppath} {
+ variable vals
+ variable widgets
+ variable mls_enabled
+
+ if {[ApolTop::is_capable "mls"]} {
+ set mls_enabled 1
+ } else {
+ set mls_enabled 0
+ }
+
+ $widgets(default_object:class) configure -values [Apol_Class_Perms::getClasses]
+ $widgets(default_object:default) configure -values {"source" "target"}
+ $widgets(default_object:range) configure -values {"low" "high" "low_high"}
+
+ set vals(default_range_enabled) $mls_enabled
+ set vals(default_type_enabled) [ApolTop::is_capable "default_type"]
+}
+
+proc Apol_DefaultObjects::close {} {
+ variable widgets
+ variable mls_enabled
+
+ _initializeVars
+ $widgets(default_object:class) configure -values {}
+ $widgets(default_object:default) configure -values {}
+ $widgets(default_object:range) configure -values {}
+ set mls_enabled 0
+}
+
+proc Apol_DefaultObjects::getTextWidget {} {
+ variable widgets
+}
+
+proc Apol_DefaultObjects::_initializeVars {} {
+ variable vals
+
+ array set vals {
+ class:use 0
+ class:sym {}
+ default:sym {}
+ default:use 0
+ range:sym {}
+ range:use 0
+
+ default_user_enabled 1
+ default_role_enabled 1
+ default_type_enabled 1
+ default_range_enabled 0
+ }
+}
+
+proc Apol_DefaultObjects::_defaultObjectCreate {r_c} {
+ variable vals
+ variable widgets
+
+ set class [frame $r_c.class]
+ set class_cb [checkbutton $class.enable -text "Object class" \
+ -variable Apol_DefaultObjects::vals(class:use)]
+ set widgets(default_object:class) [ComboBox $class.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_DefaultObjects::vals(class:sym)]
+
+ trace add variable Apol_DefaultObjects::vals(class:use) write \
+ [list Apol_DefaultObjects::_toggleCheckbutton $widgets(default_object:class) {}]
+ pack $class_cb -side top -anchor w
+ pack $widgets(default_object:class) -side top -expand 0 -fill x -padx 4
+ pack $class -side left -padx 4 -pady 2 -expand 0 -anchor nw
+
+ set default [frame $r_c.default]
+ set widgets(default_object:default_cb) [checkbutton $default.enable -text "Default" \
+ -variable Apol_DefaultObjects::vals(default:use)]
+ set widgets(default_object:default) [ComboBox $default.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_DefaultObjects::vals(default:sym)]
+ trace add variable Apol_DefaultObjects::vals(default:use) write \
+ [list Apol_DefaultObjects::_toggleCheckbutton $widgets(default_object:default) {}]
+ pack $widgets(default_object:default_cb) -side top -anchor w
+ pack $widgets(default_object:default) -side top -expand 0 -fill x -padx 4
+ pack $default -side left -padx 4 -pady 2 -expand 0 -fill y
+
+ set range [frame $r_c.range]
+ set widgets(default_object:range_cb) [checkbutton $range.enable -text "Range" \
+ -variable Apol_DefaultObjects::vals(range:use)]
+ set widgets(default_object:range) [ComboBox $range.cb -width 20 -state disabled \
+ -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_DefaultObjects::vals(range:sym)]
+ trace add variable Apol_DefaultObjects::vals(range:use) write \
+ [list Apol_DefaultObjects::_toggleCheckbutton $widgets(default_object:range) {}]
+ pack $widgets(default_object:range_cb) -side top -anchor w
+ pack $widgets(default_object:range) -side top -expand 0 -fill x -padx 4
+ pack $range -side left -padx 4 -pady 2 -expand 0 -fill y
+}
+
+proc Apol_DefaultObjects::_toggleCheckbutton {cb w name1 name2 ops} {
+ variable vals
+ variable mls_enabled
+
+ if {$name2 == "range:use" && $mls_enabled == 0 || $vals(default_range_enabled) == 0} {
+ set vals(range:use) 0
+ $cb configure -state disabled
+ }
+
+ if {$vals($name2)} {
+ $cb configure -state normal -entrybg white
+ foreach x $w {
+ $x configure -state normal
+ }
+ } else {
+ $cb configure -state disabled -entrybg $ApolTop::default_bg_color
+ foreach x $w {
+ $x configure -state disabled
+ }
+ }
+}
+
+proc Apol_DefaultObjects::_ruleChanged {name1 name2 ops} {
+ variable vals
+ variable widgets
+ Apol_Widget::clearSearchResults $widgets(results)
+
+ if {$vals(default_user_enabled) == 0} {
+ set vals(user:use) 0
+ }
+ if {$vals(default_role_enabled) == 0} {
+ set vals(role:use) 0
+ }
+ if {$vals(default_type_enabled) == 0} {
+ set vals(type:use) 0
+ }
+ if {$vals(default_range_enabled) == 0} {
+ set vals(range:use) 0
+ }
+}
+
+proc Apol_DefaultObjects::_searchDefaultObjects {} {
+ variable vals
+ variable widgets
+ variable statement_count
+
+ Apol_Widget::clearSearchResults $widgets(results)
+ if {![ApolTop::is_policy_open]} {
+ tk_messageBox -icon error -type ok -title "Error" -message "No current policy file is opened."
+ }
+
+ if {$vals(class:use) == 1 && $vals(class:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Default object Rule Search" -message "No class selected."
+ return
+ }
+ if {$vals(default:use) == 1 && $vals(default:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Default object Rule Search" -message "No default selected."
+ return
+ }
+ if {$vals(range:use) == 1 && $vals(range:sym) == {}} {
+ tk_messageBox -icon error -type ok -title "Default object Rule Search" -message "No range selected."
+ return
+ }
+
+ set results {}
+ set header {}
+ set print_results {}
+
+ if {$vals(default_user_enabled) == 1} {
+ append results [Apol_DefaultObjects::searchForDefault "user" get_user_default]
+ append header "$statement_count default_user rules match the search criteria.\n"
+ }
+ if {$vals(default_role_enabled) == 1} {
+ append results [Apol_DefaultObjects::searchForDefault "role" get_role_default]
+ append header "$statement_count default_role rules match the search criteria.\n"
+ }
+ if {$vals(default_type_enabled) == 1} {
+ append results [Apol_DefaultObjects::searchForDefault "type" get_type_default]
+ append header "$statement_count default_type rules match the search criteria.\n"
+ }
+ if {$vals(default_range_enabled) == 1} {
+ append results [Apol_DefaultObjects::searchDefaultRange "range" get_range_default]
+ append header "$statement_count default_range rules match the search criteria.\n"
+ }
+ append print_results "$header\n$results"
+ Apol_Widget::appendSearchResultText $widgets(results) $print_results
+}
+
+proc Apol_DefaultObjects::searchForDefault {type type_cmd} {
+ variable vals
+ variable widgets
+ variable statement_count
+ set results {}
+ set printit 0
+ set class_regexp 0
+ set default_regexp 0
+ set statement_count 0
+
+ if {$vals(class:use)} {
+ set class_regexp 1
+ }
+ if {$vals(default:use)} {
+ set default_regexp 1
+ }
+
+ set q [new_apol_default_object_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_default_object_from_void [$v get_element $i]]
+ set class [$q get_class $::ApolTop::qpolicy]
+ set default [$q $type_cmd $::ApolTop::qpolicy]
+ if {$default != ""} {
+ if {$class_regexp == 1 && $class == $vals(class:sym) && $default_regexp == 1 && $default == $vals(default:sym)} {
+ set printit 1
+ } elseif {$class_regexp == 1 && $class == $vals(class:sym) && $default_regexp == 0} {
+ set printit 1
+ } elseif {$default_regexp == 1 && $default == $vals(default:sym) && $class_regexp == 0} {
+ set printit 1
+ } elseif {$class_regexp == 0 && $default_regexp == 0} {
+ set printit 1
+ }
+ if {$printit == 1} {
+ append results "default_$type $class $default;\n"
+ set statement_count [expr $statement_count + 1]
+ }
+ }
+ set printit 0
+ }
+ }
+ return "$results\n"
+}
+
+proc Apol_DefaultObjects::searchDefaultRange {type type_cmd} {
+ variable vals
+ variable widgets
+ variable statement_count
+ set results {}
+ set printit 0
+ set class_regexp 0
+ set default_regexp 0
+ set range_regexp 0
+ set statement_count 0
+
+ if {$vals(class:use)} {
+ set class_regexp 1
+ }
+ if {$vals(default:use)} {
+ set default_regexp 1
+ }
+ if {$vals(range:use)} {
+ set range_regexp 1
+ }
+
+ set q [new_apol_default_object_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_default_object_from_void [$v get_element $i]]
+ set class [$q get_class $::ApolTop::qpolicy]
+ set default [$q $type_cmd $::ApolTop::qpolicy]
+ if {$default != ""} {
+ # split into the two components
+ set entries [split $default " "]
+ lassign $entries src_tgt range
+
+ if {$class_regexp == 1 && $class == $vals(class:sym) && $default_regexp == 1 && \
+ $src_tgt== $vals(default:sym) && $range_regexp == 1 && $range == $vals(range:sym)} {
+ set printit 1
+ } elseif {$class_regexp == 1 && $class == $vals(class:sym) && $default_regexp == 0 && $range_regexp == 0} {
+ set printit 1
+ } elseif {$class_regexp == 0 && $default_regexp == 1 && $src_tgt == $vals(default:sym) && $range_regexp == 0} {
+ set printit 1
+ } elseif {$class_regexp == 0 && $default_regexp == 0 && $range_regexp == 1 && $range == $vals(range:sym)} {
+ set printit 1
+ } elseif {$class_regexp == 0 && $default_regexp == 1 && $src_tgt == $vals(default:sym) && \
+ $range_regexp == 1 && $range == $vals(range:sym)} {
+ set printit 1
+ } elseif {$class_regexp == 1 && $class == $vals(class:sym) && $default_regexp == 0 && \
+ $range_regexp == 1 && $range == $vals(range:sym)} {
+ set printit 1
+ } elseif {$class_regexp == 0 && $default_regexp == 0 && $range_regexp == 0} {
+ set printit 1
+ }
+ if {$printit == 1} {
+ append results "default_$type $class $default;\n"
+ set statement_count [expr $statement_count + 1]
+ }
+ }
+ set printit 0
+ }
+ }
+ return "$results\n"
+}
diff --git a/apol/initial_sids_tab.tcl b/apol/initial_sids_tab.tcl
index ff81a32..356a45a 100644
--- a/apol/initial_sids_tab.tcl
+++ b/apol/initial_sids_tab.tcl
@@ -110,7 +110,7 @@ proc Apol_Initial_SIDS::_search {} {
$q set_context $::ApolTop::policy $context $range_match
}
- set v [$q run $::ApolTop::policy] #line causing segfaulting
+ set v [$q run $::ApolTop::policy]
$q -acquire
$q -delete
diff --git a/apol/namespaces_tab.tcl b/apol/namespaces_tab.tcl
new file mode 100644
index 0000000..da8a1af
--- /dev/null
+++ b/apol/namespaces_tab.tcl
@@ -0,0 +1,206 @@
+# Copyright (C) 2001-2007 Tresys Technology, LLC
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+namespace eval Apol_Namespaces {
+ variable widgets
+ variable namespace_list {}
+}
+
+proc Apol_Namespaces::create {tab_name nb} {
+ variable widgets
+ variable namespace_list {}
+
+ set frame [$nb insert end $tab_name -text "Policy Namespaces"]
+ set pw [PanedWindow $frame.pw -side top]
+ set leftf [$pw add -weight 0]
+ set rightf [$pw add -weight 1]
+ pack $pw -fill both -expand yes
+
+ set namespaces_box [TitleFrame $leftf.namespaces_box -text "Policy Namespaces"]
+ pack $namespaces_box -fill both -expand yes
+
+ set nlistbox [Apol_Widget::makeScrolledListbox [$namespaces_box getframe].lb \
+ -width 60 -listvar Apol_Namespaces::namespace_list]
+ Apol_Widget::setListboxCallbacks $nlistbox \
+ {{"Show Namespace Users, Roles, Types, Attributes and Classes Info" {Apol_Namespaces::popupNsInfo nfi}}}
+ pack $nlistbox -expand 1 -fill both
+ pack $nlistbox -fill both -expand yes
+
+ return $frame
+}
+
+proc Apol_Namespaces::open {ppath} {
+ variable namespace_list {}
+
+ append list1 "$Apol_Users::users_list $Apol_Roles::role_list $Apol_Types::typelist $Apol_Types::attriblist $Apol_Class_Perms::class_list"
+ set names [split $list1 " "]
+ # Split on the ns separator, chop off the end entry then add "." back
+ set list1 {}
+ foreach n $names {
+ set ns [split $n "."]
+ set ns [lreplace $ns end end]
+ set l [string length $ns]
+ if {$l > 0} {
+ regsub -all " " $ns "." ns
+ lappend list1 "$ns"
+ }
+ }
+ set list2 {}
+ set namespace_list "GLOBAL-NS\n"
+ lappend list2 [lsort -dictionary -unique $list1]
+
+ foreach entry $list2 {
+ append namespace_list "$entry\n"
+ }
+}
+
+proc Apol_Namespaces::close {} {
+ variable namespace_list {}
+
+ set namespace_list {}
+}
+
+proc Apol_Namespaces::getTextWidget {} {
+ variable widgets
+}
+
+
+proc Apol_Namespaces::popupNsInfo {which ns} {
+
+ set w .ns_infobox
+ destroy $w
+
+ set w [Dialog .ns_infobox -cancel 0 -default 0 -modal none -parent . -separator 1 -title $ns]
+ $w add -text "Close" -command [list destroy $w]
+
+ set notebook [NoteBook [$w getframe].nb]
+ pack $notebook -expand 1 -fill both
+
+ set user_info_tab [$notebook insert end user_info_tab -text "Users"]
+ set role_info_tab [$notebook insert end role_info_tab -text "Roles"]
+ set type_info_tab [$notebook insert end type_info_tab -text "Types"]
+ set attrib_info_tab [$notebook insert end attrib_info_tab -text "Attributes"]
+ set class_info_tab [$notebook insert end class_info_tab -text "Classes"]
+ set boolean_info_tab [$notebook insert end boolean_info_tab -text "Booleans"]
+
+ if {[ApolTop::is_capable "mls"]} {
+ set sensitivity_info_tab [$notebook insert end sensitivity_info_tab -text "Sensitivities"]
+ set category_info_tab [$notebook insert end category_info_tab -text "Categories"]
+ }
+
+ # Display users
+ set sw [ScrolledWindow [$notebook getframe user_info_tab].sw -scrollbar both -auto both]
+ set user_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $user_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_Users::users_list $user_text $ns "users"
+
+ # Display roles
+ set sw [ScrolledWindow [$notebook getframe role_info_tab].sw -scrollbar both -auto both]
+ set role_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $role_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_Roles::role_list $role_text $ns "roles"
+
+ # Display types
+ set sw [ScrolledWindow [$notebook getframe type_info_tab].sw -scrollbar both -auto both]
+ set type_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $type_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_Types::typelist $type_text $ns "types"
+
+ # Display attributes
+ set sw [ScrolledWindow [$notebook getframe attrib_info_tab].sw -scrollbar both -auto both]
+ set attrib_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $attrib_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_Types::attriblist $attrib_text $ns "attributes"
+
+ # Display classes
+ set sw [ScrolledWindow [$notebook getframe class_info_tab].sw -scrollbar both -auto both]
+ set class_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $class_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_Class_Perms::class_list $class_text $ns "classes"
+
+ # Display booleans
+ set sw [ScrolledWindow [$notebook getframe boolean_info_tab].sw -scrollbar both -auto both]
+ set boolean_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $boolean_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_Cond_Bools::cond_bools_list $boolean_text $ns "booleans"
+
+ if {[ApolTop::is_capable "mls"]} {
+ # Display sensitivities
+ set sw [ScrolledWindow [$notebook getframe sensitivity_info_tab].sw -scrollbar both -auto both]
+ set sensitivity_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $sensitivity_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_MLS::vals(senslist) $sensitivity_text $ns "sensitivities"
+
+ # Display categories
+ set sw [ScrolledWindow [$notebook getframe category_info_tab].sw -scrollbar both -auto both]
+ set category_text [text [$sw getframe].text -wrap none -font {helvetica 10} -bg white]
+ $sw setwidget $category_text
+ pack $sw -expand 1 -fill both
+ Apol_Namespaces::DisplayMatches $Apol_MLS::vals(catslist) $category_text $ns "categories"
+ }
+
+ $notebook raise [$notebook page 0]
+ $w draw {} 0 600x400
+}
+
+proc Apol_Namespaces::DisplayMatches {item_list display_entry ns text} {
+ set counter 0
+ set print_list {}
+
+ if {$ns == "GLOBAL-NS"} {
+ set ns {}
+ set off_set 0
+ } else {
+ set off_set 1
+ }
+ # Get len of the ns selected
+ set l [string length $ns]
+ #For each entry check if in this ns
+ foreach t $item_list {
+ set i [string compare -length $l $t $ns]
+ # kludge to get round a problem.
+ # If $z is same as $ns, but no . in $t then ignore as $t just
+ # happens to begin with a match to $ns. So reset $i
+ set z [string range $t 0 $l-1]
+ if {![regexp -nocase {[.]} $t] && $z == $ns && $ns != ""} {
+ set i 1
+ }
+
+ if {$i == 0} {
+ set x [string range $t $l+$off_set end]
+ if {![regexp -nocase {[.]} $x]} {
+ append print_list " $x\n"
+ set counter [expr $counter + 1]
+ }
+ }
+ }
+ if {$counter == 0} {
+ $display_entry insert end "No entries\n"
+ } else {
+ if {$ns == ""} {
+ set ns "global"
+ }
+ $display_entry insert end "$ns namespace ($counter $text)\n$print_list"
+ }
+ $display_entry configure -state disabled
+
+}
diff --git a/apol/polcap_tab.tcl b/apol/polcap_tab.tcl
new file mode 100644
index 0000000..dfeade4
--- /dev/null
+++ b/apol/polcap_tab.tcl
@@ -0,0 +1,73 @@
+# Copyright (C) 2001-2007 Tresys Technology, LLC
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+namespace eval Apol_Polcaps {
+ variable widgets
+ variable polcap_list {}
+}
+
+proc Apol_Polcaps::create {tab_name nb} {
+ variable widgets
+
+ set frame [$nb insert end $tab_name -text "Policy Capabilities"]
+ set pw [PanedWindow $frame.pw -side top]
+ set leftf [$pw add -weight 0]
+ set rightf [$pw add -weight 1]
+ pack $pw -fill both -expand yes
+
+ set polcap_box [TitleFrame $leftf.polcap_box -text "Policy Capabilities"]
+ pack $polcap_box -fill both -expand yes
+
+ set rlistbox [Apol_Widget::makeScrolledListbox [$polcap_box getframe].lb \
+ -width 60 -listvar Apol_Polcaps::polcap_list]
+ pack $rlistbox -fill both -expand yes
+
+ return $frame
+}
+
+proc Apol_Polcaps::open {ppath} {
+ variable polcap_list
+
+ set polcapnames {}
+ set q [new_apol_polcap_query_t]
+ # This reads in the polcap info
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ # This loop will process polcap name in the policy
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_polcap_from_void [$v get_element $i]]
+ append polcapnames [$q get_name $::ApolTop::qpolicy]
+ append polcapnames "\n"
+ }
+ }
+
+ set polcap_list $polcapnames
+}
+
+proc Apol_Polcaps::close {} {
+ variable widgets
+ variable polcap_list {}
+}
+
+proc Apol_Polcaps::getTextWidget {} {
+ variable widgets
+}
+
+#### private functions below ####
+
+
+
diff --git a/apol/policyconf.tcl b/apol/policyconf.tcl
index 8f7e9c1..161f959 100644
--- a/apol/policyconf.tcl
+++ b/apol/policyconf.tcl
@@ -63,7 +63,9 @@ proc Apol_PolicyConf::open {ppath} {
$textbox fakedelete 0.0 end
if {![ApolTop::is_capable "source"]} {
$textbox fakeinsert end "The currently loaded policy is not a source policy."
+ ApolTop::_toplevel_enable_tabs tag_source disabled
} else {
+ ApolTop::_toplevel_enable_tabs tag_source normal
set primary_file [$ppath get_primary]
if {[catch {::open $primary_file r} f]} {
$textbox fakeinsert end "$primary_file does not exist or could not be read by the user."
diff --git a/apol/terules_tab.tcl b/apol/terules_tab.tcl
index c5a490f..266d670 100644
--- a/apol/terules_tab.tcl
+++ b/apol/terules_tab.tcl
@@ -93,6 +93,7 @@ proc Apol_TE::create {tab_name nb} {
_createTypesAttribsTab
_createClassesPermsTab
+ _createFilenameTab
# Action buttons
set widgets(new) [button $abox.new -text "New Search" -width 12 \
@@ -138,6 +139,7 @@ proc Apol_TE::open {ppath} {
set vals(cp:classes) [Apol_Class_Perms::getClasses]
set enabled(cp:classes) 1
set enabled(cp:perms) 1
+ set vals(ta:use_filename) 0
}
proc Apol_TE::close {} {
@@ -252,6 +254,7 @@ proc Apol_TE::_initializeVars {} {
ta:source_sym,types $::APOL_QUERY_SYMBOL_IS_TYPE \
ta:target_sym,types $::APOL_QUERY_SYMBOL_IS_TYPE \
ta:default_sym,types $::APOL_QUERY_SYMBOL_IS_TYPE \
+ ta:filename,files 1 \
]
array set vals {
@@ -273,6 +276,10 @@ proc Apol_TE::_initializeVars {} {
ta:default_sym,attribs 0
ta:default_sym {}
+ ta:use_filename 0
+ ta:filename {}
+ ta:filename,files 0
+
cp:classes {}
cp:classes_selected {}
cp:perms {}
@@ -286,6 +293,7 @@ proc Apol_TE::_initializeVars {} {
ta:use_source 1
ta:use_target 1
ta:use_default 1
+ ta:use_filename 1
cp:classes 0
cp:perms 0
@@ -535,6 +543,156 @@ proc Apol_TE::_toggle_ta_pushed {col cb} {
}
}
+proc Apol_TE::_createFilenameTab {} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ set fn_tab [$widgets(search_opts) insert end filename -text "Filename"]
+ set fm_filename [frame $fn_tab.filename]
+ grid $fm_filename -padx 4 -sticky ewns
+ foreach i {0 1 2} {
+ grid columnconfigure $fn_tab $i -weight 1 -uniform 1
+ }
+ grid rowconfigure $fn_tab 0 -weight 1
+
+ set widgets(ta:use_filename) [checkbutton $fm_filename.use -text "type_transition filename" \
+ -onvalue 1 -offvalue 0 -variable Apol_TE::vals(ta:use_filename)]
+ pack $widgets(ta:use_filename) -side top -anchor w
+
+ trace add variable Apol_TE::vals(ta:use_filename) write \
+ [list Apol_TE::_toggle_fn_box filename]
+
+ set w {}
+
+ set helptext "Select a filename - Note: no search using regular expr"
+
+ set widgets(ta:filename_sym) [ComboBox $fm_filename.sym \
+ -state normal -entrybg $ApolTop::default_bg_color \
+ -textvariable Apol_TE::vals(ta:filename_sym) \
+ -helptext $helptext -autopost 1]
+ pack $widgets(ta:filename_sym) -expand 0 -fill x -padx 8
+ lappend w $widgets(ta:filename_sym)
+
+ set widgets(ta:filename_widgets) $w
+ trace add variable Apol_TE::enabled(ta:use_filename) write \
+ [list Apol_TE::_maybe_enable_filename filename]
+
+ trace add variable Apol_TE::vals(ta:filename,files) write \
+ [list Apol_TE::_toggle_FileNames filename]
+}
+
+
+proc Apol_TE::_toggle_fn_box {col name1 name2 op} {
+ variable vals
+ variable enabled
+ variable widgets
+
+ if {$enabled(ta:use_${col})} {
+ $widgets(ta:use_${col}) configure -state normal
+ } else {
+ $widgets(ta:use_${col}) configure -state disabled
+ }
+ if {$enabled(ta:use_${col}) && $vals(ta:use_${col})} {
+ foreach w $widgets(ta:${col}_widgets) {
+ $w configure -state normal
+ }
+ $widgets(ta:${col}_sym) configure -entrybg white
+ } else {
+ foreach w $widgets(ta:${col}_widgets) {
+ $w configure -state disabled
+ }
+ $widgets(ta:${col}_sym) configure -entrybg $ApolTop::default_bg_color
+ }
+
+ # update this tab's name if one of the columns is enabled and used
+ if {($enabled(ta:use_${col}) && $vals(ta:use_${col}))} { \
+ $widgets(search_opts) itemconfigure filename -text "Filename *"
+ } else {
+ $widgets(search_opts) itemconfigure filename -text "Filename"
+ }
+}
+
+proc Apol_TE::_maybe_enable_filename {col name1 name2 op} {
+ variable vals
+ variable enabled
+ variable widgets
+
+ set typerule_set 0
+
+ foreach x {type_transition} {
+ if {$vals(rs:$x)} {
+ set typerule_set 1
+ break
+ }
+ }
+
+ if {$typerule_set && [ApolTop::is_capable "filename_trans"]} {
+ set enabled(ta:use_filename) 1
+ } else {
+ set enabled(ta:use_filename) 0
+ }
+
+ set enabled(ta:use_${col}) $enabled(ta:use_${col})
+}
+
+
+proc Apol_TE::_toggle_FileNames {col name1 name2 op} {
+ variable vals
+ variable widgets
+ variable enabled
+
+ if {![ApolTop::is_policy_open]} {
+ return
+ }
+
+ set items [lsort -unique -dictionary [Apol_TE::Get_FileNames]]
+ $widgets(ta:${col}_sym) configure -values $items
+}
+
+proc Apol_TE::Get_FileNames {} {
+ set filenames {}
+ set q [new_apol_filename_trans_query_t]
+ # This reads in the filename_trans info
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ # This loop will process each filename_trans in the policy
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_filename_trans_from_void [$v get_element $i]]
+ lappend filenames [$q get_filename $::ApolTop::qpolicy]
+ }
+ }
+ return $filenames
+}
+
+
+proc Apol_TE::appendFilenameSearchResultRules {path indent rule_list cast filename} {
+ set curstate [$path.tb cget -state]
+ $path.tb configure -state normal
+
+ variable enabled
+ variable vals
+ set num_rules 0
+
+ if { $vals(ta:use_filename) == 0} {
+ set filename ""
+ }
+
+ for {set i 0} {$i < [$rule_list get_size]} {incr i} {
+ set rule [$cast [$rule_list get_element $i]]
+ if {$filename == "" || [$rule get_filename $::ApolTop::qpolicy] == $filename} {
+ $path.tb insert end [string repeat " " $indent]
+ $path.tb insert end [apol_filename_trans_render $::ApolTop::policy $rule]
+ incr num_rules
+ $path.tb insert end "\n"
+ }
+ }
+ $path.tb configure -state $curstate
+ list $num_rules $num_rules 0
+}
+
# code to create and handle the classe/permissions subtab
proc Apol_TE::_createClassesPermsTab {} {
@@ -875,10 +1033,13 @@ proc Apol_TE::_search_terules {whichButton} {
return
}
if {$enabled(ta:use_default) && $vals(ta:use_default) && $vals(ta:default_sym) == {}} {
-
tk_messageBox -icon error -type ok -title "TE Rule Search" -message "No default type selected."
return
}
+ if {$enabled(ta:use_filename) && $vals(ta:use_filename) && $vals(ta:filename_sym) == {}} {
+ tk_messageBox -icon error -type ok -title "TE Rule Search" -message "No filename selected."
+ return
+ }
set avrule_selection 0
foreach {key value} [array get vals rs:avrule_*] {
@@ -896,6 +1057,7 @@ proc Apol_TE::_search_terules {whichButton} {
# start building queries
set avq [new_apol_avrule_query_t]
set teq [new_apol_terule_query_t]
+ set fnteq [new_apol_filename_trans_query_t]
if {$enabled(ta:use_source) && $vals(ta:use_source)} {
if {$vals(ta:source_which) == "either"} {
@@ -905,21 +1067,28 @@ proc Apol_TE::_search_terules {whichButton} {
$avq set_source_component $::ApolTop::policy [expr {$vals(ta:source_sym,types) | $vals(ta:source_sym,attribs)}]
$teq set_source $::ApolTop::policy $vals(ta:source_sym) $vals(ta:source_indirect)
$teq set_source_component $::ApolTop::policy [expr {$vals(ta:source_sym,types) | $vals(ta:source_sym,attribs)}]
+ $fnteq set_source $::ApolTop::policy $vals(ta:source_sym) $vals(ta:source_indirect)
}
if {$enabled(ta:use_target) && $vals(ta:use_target)} {
$avq set_target $::ApolTop::policy $vals(ta:target_sym) $vals(ta:target_indirect)
$avq set_target_component $::ApolTop::policy [expr {$vals(ta:target_sym,types) | $vals(ta:target_sym,attribs)}]
$teq set_target $::ApolTop::policy $vals(ta:target_sym) $vals(ta:target_indirect)
$teq set_target_component $::ApolTop::policy [expr {$vals(ta:target_sym,types) | $vals(ta:target_sym,attribs)}]
+ $fnteq set_target $::ApolTop::policy $vals(ta:target_sym) $vals(ta:target_indirect)
}
if {$enabled(ta:use_default) && $vals(ta:use_default)} {
$teq set_default $::ApolTop::policy $vals(ta:default_sym)
+ $fnteq set_default $::ApolTop::policy $vals(ta:default_sym)
+ }
+ if {$enabled(ta:use_filename) && $vals(ta:use_filename)} {
+ $fnteq set_filename $::ApolTop::policy $vals(ta:filename_sym)
}
if {$enabled(cp:classes)} {
foreach c $vals(cp:classes_selected) {
$avq append_class $::ApolTop::policy $c
$teq append_class $::ApolTop::policy $c
+ $fnteq append_class $::ApolTop::policy $c
}
}
if {$enabled(cp:perms)} {
@@ -935,6 +1104,7 @@ proc Apol_TE::_search_terules {whichButton} {
$teq set_enabled $::ApolTop::policy $vals(oo:enabled)
$avq set_regex $::ApolTop::policy $vals(oo:regexp)
$teq set_regex $::ApolTop::policy $vals(oo:regexp)
+ $fnteq set_regex $::ApolTop::policy $vals(oo:regexp)
foreach x {new update reset} {
$widgets($x) configure -state disabled
@@ -952,16 +1122,20 @@ proc Apol_TE::_search_terules {whichButton} {
{
set numTEs {0 0 0}
set numAVs {0 0 0}
+ set numFNTEs {0 0 0}
set avresults NULL
set teresults NULL
+ set fnteresults NULL
set num_avresults 0
set num_teresults 0
+ set num_fnteresults 0
if {![ApolTop::is_capable "syntactic rules"]} {
if {$avrule_selection != 0} {
set avresults [$avq run $::ApolTop::policy]
}
if {$terule_selection != 0} {
set teresults [$teq run $::ApolTop::policy]
+ set fnteresults [$fnteq run $::ApolTop::policy]
}
} else {
$::ApolTop::qpolicy build_syn_rule_table
@@ -972,11 +1146,16 @@ proc Apol_TE::_search_terules {whichButton} {
set teresults [$teq run_syn $::ApolTop::policy]
}
}
+ if {$terule_selection != 0} {
+ set fnteresults [$fnteq run $::ApolTop::policy]
+ }
$avq -acquire
$avq -delete
$teq -acquire
$teq -delete
+ $fnteq -acquire
+ $fnteq -delete
if {$avresults != "NULL"} {
set num_avresults [$avresults get_size]
}
@@ -984,6 +1163,10 @@ proc Apol_TE::_search_terules {whichButton} {
set num_teresults [$teresults get_size]
}
+ if {$fnteresults != "NULL"} {
+ set num_fnteresults [$fnteresults get_size]
+ }
+
if {$whichButton == "new"} {
set sr [_create_new_results_tab]
} else {
@@ -1014,7 +1197,21 @@ proc Apol_TE::_search_terules {whichButton} {
set numTEs [Apol_Widget::appendSearchResultSynRules $sr 0 $teresults qpol_syn_terule_from_void]
}
}
- set num_rules [expr {[lindex $numAVs 0] + [lindex $numTEs 0]}]
+
+ if { $vals(ta:use_filename) == 1 && $vals(ta:use_source) == 0 && $vals(ta:use_target) == 0 && $vals(ta:use_default) == 0} {
+ Apol_Widget::clearSearchResults $sr
+ set numTEs {0 0 0}
+ set numAVs {0 0 0}
+ }
+
+ if {$vals(rs:type_transition) != 0} {
+ apol_tcl_set_info_string $::ApolTop::policy "Rendering $num_fnteresults Filename TE rule results"
+ if {$num_fnteresults > 0} {
+ set numFNTEs [Apol_TE::appendFilenameSearchResultRules $sr 0 $fnteresults qpol_filename_trans_from_void $vals(ta:filename_sym)]
+ }
+ }
+
+ set num_rules [expr {[lindex $numAVs 0] + [lindex $numTEs 0] + [lindex $numFNTEs 0]}]
set num_enabled [expr {[lindex $numAVs 1] + [lindex $numTEs 1]}]
set num_disabled [expr {[lindex $numAVs 2] + [lindex $numTEs 2]}]
set header "$num_rules rule"
diff --git a/apol/top.tcl b/apol/top.tcl
index f930318..a267dde 100644
--- a/apol/top.tcl
+++ b/apol/top.tcl
@@ -18,8 +18,9 @@ set COPYRIGHT_INFO "Copyright (C) 2001-2008 Tresys Technology, LLC"
namespace eval ApolTop {
variable policy {} ;# handle to an apol_policy, or {} if none opened
variable qpolicy {} ;# handle to policy's qpol_policy_t, or {} if none opened
- # these three are shown on the status line of the toplevel window
+ # these four are shown on the status line of the toplevel window
variable policy_version_string {}
+ variable policy_handle_unknown_string {}
variable policy_source_linenum {}
variable policy_stats_summary {}
variable policy_stats ;# array of statistics for the current policy
@@ -68,10 +69,15 @@ namespace eval ApolTop {
{Apol_Initial_SIDS components {}}
{Apol_NetContexts components {}}
{Apol_FSContexts components {}}
+ {Apol_Polcaps components {tag_polcap}}
+ {Apol_Namespaces components {}}
{Apol_TE rules {tag_query_saveable}}
{Apol_Cond_Rules rules {tag_conditionals}}
+ {Apol_Constraint rules {tag_query_saveable}}
{Apol_RBAC rules {}}
{Apol_Range rules {tag_mls}}
+ {Apol_Bounds rules {tag_bounds}}
+ {Apol_DefaultObjects rules {tag_default_objects}}
{Apol_File_Contexts {} {}}
{Apol_Analysis {} {tag_query_saveable}}
{Apol_PolicyConf {} {tag_source}}
@@ -108,6 +114,12 @@ proc ApolTop::is_capable {capability} {
"neverallow" { set cap $::QPOL_CAP_NEVERALLOW }
"source" { set cap $::QPOL_CAP_SOURCE }
"syntactic rules" { set cap $::QPOL_CAP_SYN_RULES }
+ "polcap" { set cap $::QPOL_CAP_POLCAPS }
+ "bounds" { set cap $::QPOL_CAP_BOUNDS }
+ "default_objects" { set cap $::QPOL_CAP_DEFAULT_OBJECTS }
+ "default_type" { set cap $::QPOL_CAP_DEFAULT_TYPE }
+ "permissive" { set cap $::QPOL_CAP_PERMISSIVE }
+ "filename_trans" { set cap $::QPOL_CAP_FILENAME_TRANS }
default { return 0 }
}
variable qpolicy
@@ -368,6 +380,15 @@ proc ApolTop::_toplevel_policy_open {ppath} {
if {![is_capable "source"]} {
_toplevel_enable_tabs tag_source disabled
}
+ if {![is_capable "polcap"]} {
+ _toplevel_enable_tabs tag_polcap disabled
+ }
+ if {![is_capable "bounds"]} {
+ _toplevel_enable_tabs tag_bounds disabled
+ }
+ if {![is_capable "default_objects"]} {
+ _toplevel_enable_tabs tag_default_objects disabled
+ }
_toplevel_tab_switched
variable mainframe
@@ -376,6 +397,23 @@ proc ApolTop::_toplevel_policy_open {ppath} {
_toplevel_update_stats
variable policy_version_string [$::ApolTop::policy get_version_type_mls_str]
+# Set how to handle unknown class/perms.
+#define SEPOL_DENY_UNKNOWN 0
+#define SEPOL_REJECT_UNKNOWN 2
+#define SEPOL_ALLOW_UNKNOWN 4
+ variable policy_handle_unknown_string
+ set policy_handle_unknown -1
+ set policy_handle_unknown [$::ApolTop::policy get_policy_handle_unknown]
+
+ if {$policy_handle_unknown == 0} {
+ set policy_handle_unknown_string "deny"
+ } elseif {$policy_handle_unknown == 2} {
+ set policy_handle_unknown_string "reject"
+ } elseif {$policy_handle_unknown == 4} {
+ set policy_handle_unknown_string "allow"
+ } else {
+ set policy_handle_unknown_string "unknown"
+ }
set primary_file [$ppath get_primary]
wm title . "SELinux Policy Analysis - $primary_file"
@@ -457,6 +495,9 @@ proc ApolTop::_toplevel_update_stats {} {
"sens" get_level_iter
"cats" get_cat_iter
"range_trans" get_range_trans_iter
+ "constraints" get_constraint_iter
+ "validatetrans" get_validatetrans_iter
+ "filename_trans" get_filename_trans_iter
"sids" get_isid_iter
"portcons" get_portcon_iter
@@ -464,6 +505,8 @@ proc ApolTop::_toplevel_update_stats {} {
"nodecons" get_nodecon_iter
"genfscons" get_genfscon_iter
"fs_uses" get_fs_use_iter
+ "permissive" get_permissive_iter
+ "polcap" get_polcap_iter
}
foreach {key func} $iter_funcs {
set i [$::ApolTop::qpolicy $func]
@@ -518,6 +561,109 @@ proc ApolTop::_toplevel_update_stats {} {
$i -delete
}
+ # Determine number of mlsconstrain and mlsvalidatetrans rules and
+ # recalculate the numbers accordingly.
+ if {[ApolTop::is_capable "mls"]} {
+ set mlsconstrain_count [ApolTop::_get_mls_count new_apol_constraint_query_t]
+ set policy_stats(constraints) [expr $policy_stats(constraints) - $mlsconstrain_count]
+ set policy_stats(mlsconstraints) $mlsconstrain_count
+
+ set mlsvalidatetrans_count [ApolTop::_get_mls_count new_apol_validatetrans_query_t]
+ set policy_stats(validatetrans) [expr $policy_stats(validatetrans) - $mlsvalidatetrans_count]
+ set policy_stats(mlsvalidatetrans) $mlsvalidatetrans_count
+ } else {
+ set policy_stats(mlsconstraints) 0
+ set policy_stats(mlsvalidatetrans) 0
+ }
+
+ # Determine number of bounds statements
+ set policy_stats(userbounds) 0
+ set policy_stats(rolebounds) 0
+ set policy_stats(typebounds) 0
+
+ if {[is_capable "bounds"]} {
+ # Determine number of userbounds statements
+ set q [new_apol_userbounds_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_userbounds_from_void [$v get_element $i]]
+ set parent [$q get_parent_name $::ApolTop::qpolicy]
+ if {$parent != ""} {
+ set policy_stats(userbounds) [expr $policy_stats(userbounds) + 1]
+ }
+ }
+ }
+
+ # Determine number of rolebounds statements
+ set q [new_apol_rolebounds_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_rolebounds_from_void [$v get_element $i]]
+ set parent [$q get_parent_name $::ApolTop::qpolicy]
+ if {$parent != ""} {
+ set policy_stats(rolebounds) [expr $policy_stats(rolebounds) + 1]
+ }
+ }
+ }
+
+ # Determine number of typebounds statements
+ set q [new_apol_typebounds_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_typebounds_from_void [$v get_element $i]]
+ set parent [$q get_parent_name $::ApolTop::qpolicy]
+ if {$parent != ""} {
+ set policy_stats(typebounds) [expr $policy_stats(typebounds) + 1]
+ }
+ }
+ }
+ }
+
+ # Determine number of default_object statements
+ set policy_stats(default_user) 0
+ set policy_stats(default_role) 0
+ set policy_stats(default_type) 0
+ set policy_stats(default_range) 0
+
+ if {[is_capable "default_objects"]} {
+ set q [new_apol_default_object_query_t]
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_default_object_from_void [$v get_element $i]]
+ set default [$q get_user_default $::ApolTop::qpolicy]
+ if {$default != ""} {
+ set policy_stats(default_user) [expr $policy_stats(default_user) + 1]
+ }
+ set default [$q get_role_default $::ApolTop::qpolicy]
+ if {$default != ""} {
+ set policy_stats(default_role) [expr $policy_stats(default_role) + 1]
+ }
+ if {[is_capable "default_type"]} {
+ set default [$q get_type_default $::ApolTop::qpolicy]
+ if {$default != ""} {
+ set policy_stats(default_type) [expr $policy_stats(default_type) + 1]
+ }
+ }
+ set default [$q get_range_default $::ApolTop::qpolicy]
+ if {$default != ""} {
+ set policy_stats(default_range) [expr $policy_stats(default_range) + 1]
+ }
+ }
+ }
+ }
+
set policy_stats_summary ""
append policy_stats_summary "Classes: $policy_stats(classes) "
append policy_stats_summary "Perms: $policy_stats(perms) "
@@ -551,6 +697,7 @@ proc ApolTop::_user_close_policy {} {
proc ApolTop::_close_policy {} {
variable policy_version_string {}
+ variable policy_handle_unknown {}
variable policy_stats_summary {}
wm title . "SELinux Policy Analysis"
@@ -579,7 +726,9 @@ proc ApolTop::_close_policy {} {
_toplevel_enable_tabs tag_conditionals normal
_toplevel_enable_tabs tag_mls normal
- _toplevel_enable_tabs tag_source normal
+ _toplevel_enable_tabs tag_polcap normal
+ _toplevel_enable_tabs tag_bounds normal
+ _toplevel_enable_tabs tag_default_objects normal
}
proc ApolTop::_exit {} {
@@ -678,6 +827,7 @@ proc ApolTop::_save_query_file {} {
proc ApolTop::_show_policy_summary {} {
variable policy_version_string
+ variable policy_handle_unknown_string
variable policy_stats
if {![regexp -- {^([^\(]+) \(([^,]+), ([^\)]+)} $ApolTop::policy_version_string -> policy_version policy_type policy_mls_type]} {
@@ -696,8 +846,8 @@ proc ApolTop::_show_policy_summary {} {
label $w.title -text "Policy Summary Statistics"
set f [frame $w.summary]
- label $f.l -justify left -text " Policy Version:\n Policy Type:\n MLS Status:"
- label $f.r -justify left -text "$policy_version\n$policy_type\n$policy_mls_type"
+ label $f.l -justify left -text " Policy Version:\n Policy Type:\n MLS Status:\n Handle unknown Class/Perms:"
+ label $f.r -justify left -text "$policy_version\n$policy_type\n$policy_mls_type\n$policy_handle_unknown_string"
grid $f.l $f.r -sticky w
grid configure $f.r -padx 30
grid $w.title - -sticky w -padx 8
@@ -714,6 +864,8 @@ proc ApolTop::_show_policy_summary {} {
}
"Number of Types and Attributes" {
"Types" types
+ " that includes permissive types" permissive
+ " that includes bounded types" typebounds
"Attributes" attribs
}
"Number of Type Enforcement Rules" {
@@ -722,16 +874,24 @@ proc ApolTop::_show_policy_summary {} {
"dontaudits" avrule_dontaudit
"neverallows" avrule_neverallow
"type_transitions" type_trans
+ "type_transitions - filename" filename_trans
"type_members" type_member
"type_changes" type_change
}
"Number of Roles" {
"Roles" roles
+ " that includes bounded roles" rolebounds
}
"Number of RBAC Rules" {
"allows" role_allow
"role_transitions" role_trans
}
+ "Number of Default Object Rules" {
+ "default_user" default_user
+ "default_role" default_role
+ "default_type" default_type
+ "default_range" default_range
+ }
} {
set ltext "$title:"
set rtext {}
@@ -754,16 +914,23 @@ proc ApolTop::_show_policy_summary {} {
foreach {title block} {
"Number of Users" {
"Users" users
+ " that includes bounded users" userbounds
}
"Number of Booleans" {
"Booleans" bools
}
+ "Number of Constraints" {
+ "constrain" constraints
+ "validatetrans" validatetrans
+ }
"Number of MLS Components" {
"Sensitivities" sens
"Categories" cats
}
"Number of MLS Rules" {
"range_transitions" range_trans
+ "mlsconstrain" mlsconstraints
+ "mlsvalidatetrans" mlsvalidatetrans
}
"Number of Initial SIDs" {
"SIDs" sids
@@ -775,6 +942,9 @@ proc ApolTop::_show_policy_summary {} {
"GenFSCons" genfscons
"fs_use statements" fs_uses
}
+ "Number of Policy Capabilities" {
+ "polcap" polcap
+ }
} {
set ltext "$title:"
set rtext {}
@@ -1067,6 +1237,41 @@ proc ApolTop::_write_configuration_file {} {
close $f
}
+# This will work out how many mlsconstrain and mlsvalidatetrans rules
+# there are as the get_iter numbers are overall count.
+proc ApolTop::_get_mls_count {command} {
+
+ set q [$command]
+ # This reads in the constraint info
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+
+ set mls_count 0
+
+ # This loop will process each constraint in the policy
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_constraint_from_void [$v get_element $i]]
+
+ # Find if this is an mls rule or not
+ set x [$q get_expr_iter $::ApolTop::qpolicy]
+ while {![$x end]} {
+ foreach t [iter_to_list $x] {
+ set t [qpol_constraint_expr_node_from_void $t]
+ # Get Symbol type
+ set sym_type [$t get_sym_type $::ApolTop::qpolicy]
+ if { $sym_type >= $::QPOL_CEXPR_SYM_L1L2 } {
+ set mls_count [expr $mls_count + 1]
+ break
+ }
+ }
+ }
+ $x -acquire
+ $x -delete
+ }
+ return $mls_count
+}
+
#######################################################
# Start script here
diff --git a/apol/types_tab.tcl b/apol/types_tab.tcl
index 26def34..fed82fa 100644
--- a/apol/types_tab.tcl
+++ b/apol/types_tab.tcl
@@ -60,7 +60,8 @@ proc Apol_Types::create {tab_name nb} {
set ofm [$obox getframe]
set fm_types_select [frame $ofm.to]
set fm_attribs_select [frame $ofm.ao]
- pack $fm_types_select $fm_attribs_select -side left -padx 4 -pady 2 -anchor nw
+ set fm_permissive_bounds [frame $ofm.po]
+ pack $fm_types_select $fm_attribs_select $fm_permissive_bounds -side left -padx 4 -pady 2 -anchor nw
set types_select [checkbutton $fm_types_select.type -text "Show types" -variable Apol_Types::opts(types)]
set typeattribs [checkbutton $fm_types_select.typeattribs -text "Include attributes" \
@@ -81,6 +82,18 @@ proc Apol_Types::create {tab_name nb} {
trace add variable Apol_Types::opts(attribs) write \
[list Apol_Types::_toggleCheckbuttons [list $a_typeattribs $a_types]]
+ set permissive_select [checkbutton $fm_permissive_bounds.type -text "Show permissive types" \
+ -variable Apol_Types::opts(permissive)]
+ pack $permissive_select -anchor w
+ trace add variable Apol_Types::opts(permissive:show_names) write \
+ [list Apol_Types::_toggleCheckbuttons $permissive_select]
+
+ set typebounds_select [checkbutton $fm_permissive_bounds.bounds -text "Show typebounds rules" \
+ -variable Apol_Types::opts(typebounds)]
+ pack $typebounds_select -anchor w
+ trace add variable Apol_Types::opts(typebounds:show_names) write \
+ [list Apol_Types::_toggleCheckbuttons $typebounds_select]
+
set widgets(regexp) [Apol_Widget::makeRegexpEntry $ofm.regexpf]
Apol_Widget::setRegexpEntryState $widgets(regexp) 1
@@ -96,6 +109,11 @@ proc Apol_Types::create {tab_name nb} {
}
proc Apol_Types::open {ppath} {
+ variable opts
+
+ set opts(permissive:show_names) [ApolTop::is_capable "permissive"]
+ set opts(typebounds:show_names) [ApolTop::is_capable "bounds"]
+
set q [new_apol_type_query_t]
set v [$q run $::ApolTop::policy]
$q -acquire
@@ -180,12 +198,15 @@ proc Apol_Types::_initializeVars {} {
array set opts {
types 1 types:show_attribs 1 types:show_aliases 1
attribs 0 attribs:show_types 1 attribs:show_attribs 1
+ permissive 1 permissive:show_names 0
+ typebounds 1 typebounds:show_names 0
}
}
proc Apol_Types::_toggleCheckbuttons {w name1 name2 op} {
variable opts
variable widgets
+
if {$opts($name2)} {
foreach x $w {
$x configure -state normal
@@ -195,7 +216,7 @@ proc Apol_Types::_toggleCheckbuttons {w name1 name2 op} {
$x configure -state disabled
}
}
- if {!$opts(types) && !$opts(attribs)} {
+ if {!$opts(types) && !$opts(attribs) && !$opts(typebounds)} {
Apol_Widget::setRegexpEntryState $widgets(regexp) 0
} else {
Apol_Widget::setRegexpEntryState $widgets(regexp) 1
@@ -210,7 +231,6 @@ proc Apol_Types::_popupTypeInfo {which ta} {
set entry_vector {}
set index_file_loaded 0
}
-
if {$which == "type"} {
set info_ta [_renderType $ta 1 1]
} else {
@@ -283,7 +303,7 @@ proc Apol_Types::_searchTypes {} {
tk_messageBox -icon error -type ok -title "Error" -message "No current policy file is opened."
return
}
- if {$opts(types) == 0 && $opts(attribs) == 0} {
+ if {$opts(types) == 0 && $opts(attribs) == 0 && $opts(permissive) == 0 && $opts(typebounds) == 0} {
tk_messageBox -icon error -type ok -title "Error" -message "No search options provided."
return
}
@@ -332,6 +352,52 @@ proc Apol_Types::_searchTypes {} {
append results "[_renderAttrib $a $opts(attribs:show_types) $opts(attribs:show_attribs)]\n"
}
}
+ if {$opts(permissive) && [ApolTop::is_capable "permissive"]} {
+ set q [new_apol_permissive_query_t]
+ $q set_name $::ApolTop::policy $regexp
+ $q set_regex $::ApolTop::policy $use_regexp
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ set permissive_data [type_vector_to_list $v]
+ $v -acquire
+ $v -delete
+ if {$opts(types) || $opts(attribs)} {
+ append results "\n\n"
+ }
+ append results "PERMISSIVE TYPES ([llength $permissive_data]):\n\n"
+ foreach p [lsort $permissive_data] {
+ append results "[_renderType $p 0 0]\n"
+ }
+ }
+ if {$opts(typebounds) && [ApolTop::is_capable "bounds"]} {
+ set bounds {}
+ set counter 0
+
+ set q [new_apol_typebounds_query_t]
+ $q set_name $::ApolTop::policy $regexp
+ $q set_regex $::ApolTop::policy $use_regexp
+
+ set v [$q run $::ApolTop::policy]
+ $q -acquire
+ $q -delete
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ for {set i 0} {$v != "NULL" && $i < [$v get_size]} {incr i} {
+ set q [qpol_typebounds_from_void [$v get_element $i]]
+ set parent [$q get_parent_name $::ApolTop::qpolicy]
+ if {$parent != ""} {
+ append bounds "typebounds $parent "
+ append bounds "[$q get_child_name $::ApolTop::qpolicy];\n"
+ set counter [expr $counter + 1]
+ }
+ }
+ }
+ if {$opts(types) || $opts(attribs) || $opts(permissive)} {
+ append results "\n\n"
+ }
+ append results "BOUNDED TYPES ($counter):\n\n"
+ append results "$bounds\n"
+ }
Apol_Widget::appendSearchResultText $widgets(results) $results
}
@@ -369,6 +435,9 @@ proc Apol_Types::_renderType {type_name show_attribs show_aliases} {
}
proc Apol_Types::_renderAttrib {attrib_name show_types show_attribs} {
+
+ set permissive {}
+
set qpol_type_datum [new_qpol_type_t $::ApolTop::qpolicy $attrib_name]
set text "$attrib_name"
diff --git a/configure.ac b/configure.ac
index 577ce48..ae20da7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,9 +25,9 @@ libseaudit_version=4.5
setoolsdir='${prefix}/share/setools-3.3'
javadir='${prefix}/share/java'
-version_min_sepol_major=1
-version_min_sepol_minor=12
-version_min_sepol_patch=27
+version_min_sepol_major=2
+version_min_sepol_minor=4
+version_min_sepol_patch=0
dnl *** end of tunable values ***
@@ -548,6 +548,36 @@ int main () {
fi
fi
+dnl check for constraint names, added in libsepol version ??
+AC_CHECK_DECL([POLICYDB_VERSION_CONSTRAINT_NAMES],
+ sepol_new_constraint_names="yes",
+ sepol_new_constraint_names="no",
+ [#include <sepol/policydb/policydb.h>])
+
+dnl check for default object type, added in libsepol version ??
+AC_CHECK_DECL([POLICYDB_VERSION_DEFAULT_TYPE],
+ sepol_new_default_type="yes",
+ sepol_new_default_type="no",
+ [#include <sepol/policydb/policydb.h>])
+
+dnl check for default object user/role/range added in libsepol version ??
+AC_CHECK_DECL([POLICYDB_VERSION_NEW_OBJECT_DEFAULTS],
+ sepol_new_object_defaults="yes",
+ sepol_new_object_defaults="no",
+ [#include <sepol/policydb/policydb.h>])
+
+dnl check for filename trans rule, added in libsepol version ??
+AC_CHECK_DECL([POLICYDB_VERSION_FILENAME_TRANS],
+ sepol_new_filename_trans="yes",
+ sepol_new_filename_trans="no",
+ [#include <sepol/policydb/policydb.h>])
+
+dnl check for user/role/type bounds, added in libsepol version ??
+AC_CHECK_DECL([POLICYDB_VERSION_BOUNDARY],
+ sepol_new_bounds="yes",
+ sepol_new_bounds="no",
+ [#include <sepol/policydb/policydb.h>])
+
dnl check for permissive types, added in libsepol version 2.0.26
AC_CHECK_DECL([TYPE_FLAGS_PERMISSIVE],
sepol_new_permissive_types="yes",
@@ -855,6 +885,21 @@ fi
if test ${sepol_new_permissive_types} == "yes"; then
AC_DEFINE(HAVE_SEPOL_PERMISSIVE_TYPES, 1, [if types can be marked as permissive])
fi
+if test ${sepol_new_constraint_names} == "yes"; then
+ AC_DEFINE(HAVE_SEPOL_CONSTRAINT_NAMES, 1, [if source policy types/attributes are present])
+fi
+if test ${sepol_new_default_type} == "yes"; then
+ AC_DEFINE(HAVE_SEPOL_DEFAULT_TYPE, 1, [if default_user rule present])
+fi
+if test ${sepol_new_object_defaults} == "yes"; then
+ AC_DEFINE(HAVE_SEPOL_NEW_OBJECT_DEFAULTS, 1, [if default_user/role/range rules are present])
+fi
+if test ${sepol_new_filename_trans} == "yes"; then
+ AC_DEFINE(HAVE_SEPOL_FILENAME_TRANS, 1, [if the filename transition rule present])
+fi
+if test ${sepol_new_bounds} == "yes"; then
+ AC_DEFINE(HAVE_SEPOL_BOUNDARY, 1, [if bounds rules are present])
+fi
if test ${sepol_new_user_role_mapping} == "yes"; then
AC_DEFINE(HAVE_SEPOL_USER_ROLE_MAPPING, 1, [if users and roles are mapped during policy expansion])
fi
diff --git a/libapol/include/apol/Makefile.am b/libapol/include/apol/Makefile.am
index e398ff2..dd94452 100644
--- a/libapol/include/apol/Makefile.am
+++ b/libapol/include/apol/Makefile.am
@@ -3,11 +3,13 @@ apoldir = $(includedir)/apol
apol_HEADERS = \
avrule-query.h \
bool-query.h \
+ bounds-query.h \
bst.h \
class-perm-query.h \
condrule-query.h \
constraint-query.h \
context-query.h \
+ default-object-query.h \
domain-trans-analysis.h \
fscon-query.h \
infoflow-analysis.h \
diff --git a/libapol/include/apol/bounds-query.h b/libapol/include/apol/bounds-query.h
new file mode 100644
index 0000000..5559ab4
--- /dev/null
+++ b/libapol/include/apol/bounds-query.h
@@ -0,0 +1,177 @@
+/**
+ * @file
+ *
+ * Routines to query policy capabilities in policy.
+ *
+ * @author Richard Haines richard_c_haines@btinternet.com
+ *
+ * Copyright (C) 2006-2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef APOL_BOUNDS_QUERY_H
+#define APOL_BOUNDS_QUERY_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "policy.h"
+#include "vector.h"
+#include <qpol/policy.h>
+
+ /************ TYPEBOUNDS *************/
+ typedef struct apol_typebounds_query apol_typebounds_query_t;
+/**
+ * Execute a query against all policy capabilities within the policy.
+ *
+ * @param p Policy within which to look up policy capabilities.
+ * @param t Structure containing parameters for query. If this is
+ * NULL then return all policy capabilities.
+ * @param v Reference to a vector of qpol_typebounds_t. The vector will be
+ * allocated by this function. The caller must call
+ * apol_vector_destroy() afterwards. This will be set to NULL upon no
+ * results or upon error.
+ *
+ * @return 0 on success (including none found), negative on error.
+ */
+ extern int apol_typebounds_get_by_query(const apol_policy_t * p, apol_typebounds_query_t * t, apol_vector_t ** v);
+
+/**
+ * Allocate and return a new typebounds query structure. All fields are
+ * initialized, such that running this blank query results in
+ * returning all policy capabilities within the policy. The caller must call
+ * apol_typebounds_query_destroy() upon the return value afterwards.
+ *
+ * @return An initialized typebounds query structure, or NULL upon error.
+ */
+ extern apol_typebounds_query_t *apol_typebounds_query_create(void);
+
+/**
+ * Deallocate all memory associated with the referenced typebounds query,
+ * and then set it to NULL. This function does nothing if the query
+ * is already NULL.
+ *
+ * @param t Reference to a typebounds query structure to destroy.
+ */
+ extern void apol_typebounds_query_destroy(apol_typebounds_query_t ** t);
+
+/**
+ * Set a typebounds query to return only policy capabilities that match this name. This function
+ * duplicates the incoming name.
+ *
+ * @param p Policy handler, to report errors.
+ * @param t typebounds query to set.
+ * @param name Limit query to only policy capabilities with this name, or
+ * NULL to unset this field.
+ *
+ * @return 0 on success, negative on error.
+ */
+ extern int apol_typebounds_query_set_name(const apol_policy_t * p, apol_typebounds_query_t * t, const char *name);
+
+/**
+ * Set a typebounds query to use regular expression searching for all of its
+ * fields. Strings will be treated as regexes instead of literals.
+ * Matching will occur against the policy capability name.
+ *
+ * @param p Policy handler, to report errors.
+ * @param t typebounds query to set.
+ * @param is_regex Non-zero to enable regex searching, 0 to disable.
+ *
+ * @return Always 0.
+ */
+ extern int apol_typebounds_query_set_regex(const apol_policy_t * p, apol_typebounds_query_t * t, int is_regex);
+
+
+ /************ ROLEBOUNDS *************/
+ typedef struct apol_rolebounds_query apol_rolebounds_query_t;
+/**
+ * Execute a query against all policy capabilities within the policy.
+ *
+ * @param p Policy within which to look up policy capabilities.
+ * @param t Structure containing parameters for query. If this is
+ * NULL then return all policy capabilities.
+ * @param v Reference to a vector of qpol_rolebounds_t. The vector will be
+ * allocated by this function. The caller must call
+ * apol_vector_destroy() afterwards. This will be set to NULL upon no
+ * results or upon error.
+ *
+ * @return 0 on success (including none found), negative on error.
+ */
+ extern int apol_rolebounds_get_by_query(const apol_policy_t * p, apol_rolebounds_query_t * t, apol_vector_t ** v);
+
+/**
+ * Allocate and return a new rolebounds query structure. All fields are
+ * initialized, such that running this blank query results in
+ * returning all policy capabilities within the policy. The caller must call
+ * apol_rolebounds_query_destroy() upon the return value afterwards.
+ *
+ * @return An initialized rolebounds query structure, or NULL upon error.
+ */
+ extern apol_rolebounds_query_t *apol_rolebounds_query_create(void);
+
+/**
+ * Deallocate all memory associated with the referenced rolebounds query,
+ * and then set it to NULL. This function does nothing if the query
+ * is already NULL.
+ *
+ * @param t Reference to a rolebounds query structure to destroy.
+ */
+ extern void apol_rolebounds_query_destroy(apol_rolebounds_query_t ** t);
+
+ /************ USERBOUNDS *************/
+ typedef struct apol_userbounds_query apol_userbounds_query_t;
+/**
+ * Execute a query against all policy capabilities within the policy.
+ *
+ * @param p Policy within which to look up policy capabilities.
+ * @param t Structure containing parameters for query. If this is
+ * NULL then return all policy capabilities.
+ * @param v Reference to a vector of qpol_userbounds_t. The vector will be
+ * allocated by this function. The caller must call
+ * apol_vector_destroy() afterwards. This will be set to NULL upon no
+ * results or upon error.
+ *
+ * @return 0 on success (including none found), negative on error.
+ */
+ extern int apol_userbounds_get_by_query(const apol_policy_t * p, apol_userbounds_query_t * t, apol_vector_t ** v);
+
+/**
+ * Allocate and return a new userbounds query structure. All fields are
+ * initialized, such that running this blank query results in
+ * returning all policy capabilities within the policy. The caller must call
+ * apol_userbounds_query_destroy() upon the return value afterwards.
+ *
+ * @return An initialized userbounds query structure, or NULL upon error.
+ */
+ extern apol_userbounds_query_t *apol_userbounds_query_create(void);
+
+/**
+ * Deallocate all memory associated with the referenced userbounds query,
+ * and then set it to NULL. This function does nothing if the query
+ * is already NULL.
+ *
+ * @param t Reference to a userbounds query structure to destroy.
+ */
+ extern void apol_userbounds_query_destroy(apol_userbounds_query_t ** t);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libapol/include/apol/default-object-query.h b/libapol/include/apol/default-object-query.h
new file mode 100644
index 0000000..d30e002
--- /dev/null
+++ b/libapol/include/apol/default-object-query.h
@@ -0,0 +1,78 @@
+/**
+ * @file
+ *
+ * Routines to query default objects in policy.
+ *
+ * @author Richard Haines richard_c_haines@btinternet.com
+ *
+ * Copyright (C) 2006-2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef APOL_DEFAULT_OBJECT_QUERY_H
+#define APOL_DEFAULT_OBJECT_QUERY_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "policy.h"
+#include "vector.h"
+#include <qpol/policy.h>
+
+ typedef struct apol_default_object_query apol_default_object_query_t;
+/**
+ * Execute a query against all policy capabilities within the policy.
+ *
+ * @param p Policy within which to look up policy capabilities.
+ * @param t Structure containing parameters for query. If this is
+ * NULL then return all policy capabilities.
+ * @param v Reference to a vector of qpol_default_object_t. The vector will be
+ * allocated by this function. The caller must call
+ * apol_vector_destroy() afterwards. This will be set to NULL upon no
+ * results or upon error.
+ *
+ * @return 0 on success (including none found), negative on error.
+ */
+ extern int apol_default_object_get_by_query(const apol_policy_t * p, apol_default_object_query_t * t, apol_vector_t ** v);
+
+/**
+ * Allocate and return a new default_object query structure. All fields are
+ * initialized, such that running this blank query results in
+ * returning all policy capabilities within the policy. The caller must call
+ * apol_default_object_query_destroy() upon the return value afterwards.
+ *
+ * @return An initialized default_object query structure, or NULL upon error.
+ */
+ extern apol_default_object_query_t *apol_default_object_query_create(void);
+
+/**
+ * Deallocate all memory associated with the referenced default_object query,
+ * and then set it to NULL. This function does nothing if the query
+ * is already NULL.
+ *
+ * @param t Reference to a default_object query structure to destroy.
+ */
+ extern void apol_default_object_query_destroy(apol_default_object_query_t ** t);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libapol/include/apol/ftrule-query.h b/libapol/include/apol/ftrule-query.h
index aee3ad0..276aab9 100644
--- a/libapol/include/apol/ftrule-query.h
+++ b/libapol/include/apol/ftrule-query.h
@@ -130,7 +130,19 @@ extern "C"
*
* @return 0 on success, negative on error.
*/
- extern int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *filename);
+ extern int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *type);
+
+/**
+ * Set a filename trans query to the filename.
+ *
+ * @param p Policy handler, to report errors.
+ * @param r FT rule query to set.
+ * @param is_any Non-zero to use source symbol for source or default
+ * field, 0 to keep source as only source.
+ *
+ * @return Always 0.
+ */
+ extern int apol_filename_trans_query_set_name(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename);
/**
* Set at filename_trans query to return rules with this object (non-common)
diff --git a/libapol/include/apol/policy-query.h b/libapol/include/apol/policy-query.h
index 665e4cb..f1a5c29 100644
--- a/libapol/include/apol/policy-query.h
+++ b/libapol/include/apol/policy-query.h
@@ -66,6 +66,8 @@ extern "C"
#include "context-query.h"
#include "permissive-query.h"
#include "polcap-query.h"
+#include "bounds-query.h"
+#include "default-object-query.h"
#include "avrule-query.h"
#include "terule-query.h"
diff --git a/libapol/include/apol/policy.h b/libapol/include/apol/policy.h
index 7b26af8..143153d 100644
--- a/libapol/include/apol/policy.h
+++ b/libapol/include/apol/policy.h
@@ -91,6 +91,15 @@ extern "C"
extern int apol_policy_get_policy_type(const apol_policy_t * policy);
/**
+ * Given a policy, return the handle_unknown flag.
+ *
+ * @param policy Policy to check.
+ *
+ * @return The policy handle_unknown flag, or < 0 upon error.
+ */
+ extern int apol_policy_get_policy_handle_unknown(const apol_policy_t * policy);
+
+/**
* Given a policy, return a pointer to the underlying qpol_policy.
* This is needed, for example, to access details of particulary qpol
* components.
diff --git a/libapol/src/Makefile.am b/libapol/src/Makefile.am
index baaa4f6..22c80cf 100644
--- a/libapol/src/Makefile.am
+++ b/libapol/src/Makefile.am
@@ -14,11 +14,13 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@
libapol_a_SOURCES = \
avrule-query.c \
bool-query.c \
+ bounds-query.c \
bst.c \
class-perm-query.c \
condrule-query.c \
constraint-query.c \
context-query.c \
+ default-object-query.c \
domain-trans-analysis.c domain-trans-analysis-internal.h \
fscon-query.c \
infoflow-analysis.c infoflow-analysis-internal.h \
diff --git a/libapol/src/bounds-query.c b/libapol/src/bounds-query.c
new file mode 100644
index 0000000..06662f4
--- /dev/null
+++ b/libapol/src/bounds-query.c
@@ -0,0 +1,216 @@
+/**
+ * @file
+ *
+ * Provides a way for setools to make queries about policy capabilities
+ * within a policy. The caller obtains a query object,
+ * fills in its parameters, and then runs the query; it obtains a
+ * vector of results. Searches are conjunctive -- all fields of the
+ * search query must match for a datum to be added to the results
+ * query.
+ *
+ * @author Richard Haines richard_c_haines@btinternet.com
+ *
+ * Copyright (C) 2006-2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "policy-query-internal.h"
+
+#include <errno.h>
+
+ /************ TYPEBOUNDS *************/
+struct apol_typebounds_query
+{
+ char *name;
+ unsigned int flags;
+ regex_t *regex;
+};
+
+int apol_typebounds_get_by_query(const apol_policy_t * p, apol_typebounds_query_t * q, apol_vector_t ** v)
+{
+ qpol_iterator_t *iter;
+ int retval = -1;
+
+ *v = NULL;
+ if (qpol_policy_get_typebounds_iter(p->p, &iter) < 0) {
+ return -1;
+ }
+ if ((*v = apol_vector_create(NULL)) == NULL) {
+ ERR(p, "%s", strerror(errno));
+ goto cleanup;
+ }
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ const qpol_typebounds_t *typebounds;
+ if (qpol_iterator_get_item(iter, (void **)&typebounds) < 0) {
+ goto cleanup;
+ }
+ if (q != NULL) {
+ if (apol_compare_typebounds(p, typebounds, q->name,
+ q->flags, &(q->regex)) == 1) {
+ if (apol_vector_append(*v, (void *)typebounds)) {
+ ERR(p, "%s", strerror(ENOMEM));
+ goto cleanup;
+ }
+ }
+ }
+ }
+
+ retval = 0;
+cleanup:
+ if (retval != 0) {
+ apol_vector_destroy(v);
+ }
+ qpol_iterator_destroy(&iter);
+ return retval;
+}
+
+apol_typebounds_query_t *apol_typebounds_query_create(void)
+{
+ return calloc(1, sizeof(apol_typebounds_query_t));
+}
+
+void apol_typebounds_query_destroy(apol_typebounds_query_t ** q)
+{
+ if (*q != NULL) {
+ free((*q)->name);
+ apol_regex_destroy(&(*q)->regex);
+ free(*q);
+ *q = NULL;
+ }
+}
+
+int apol_typebounds_query_set_name(const apol_policy_t * p, apol_typebounds_query_t * q, const char *name)
+{
+ return apol_query_set(p, &q->name, &q->regex, name);
+}
+
+int apol_typebounds_query_set_regex(const apol_policy_t * p, apol_typebounds_query_t * q, int is_regex)
+{
+ return apol_query_set_regex(p, &q->flags, is_regex);
+}
+
+
+ /************ ROLEBOUNDS *************/
+struct apol_rolebounds_query
+{
+ char *name;
+};
+
+int apol_rolebounds_get_by_query(const apol_policy_t * p, apol_rolebounds_query_t * q, apol_vector_t ** v)
+{
+ qpol_iterator_t *iter;
+ int retval = -1;
+
+ *v = NULL;
+ if (qpol_policy_get_rolebounds_iter(p->p, &iter) < 0) {
+ return -1;
+ }
+ if ((*v = apol_vector_create(NULL)) == NULL) {
+ ERR(p, "%s", strerror(errno));
+ goto cleanup;
+ }
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ const qpol_rolebounds_t *rolebounds;
+ if (qpol_iterator_get_item(iter, (void **)&rolebounds) < 0) {
+ goto cleanup;
+ }
+ if (q != NULL) {
+ if (apol_vector_append(*v, (void *)rolebounds)) {
+ ERR(p, "%s", strerror(ENOMEM));
+ goto cleanup;
+ }
+ }
+ }
+
+ retval = 0;
+cleanup:
+ if (retval != 0) {
+ apol_vector_destroy(v);
+ }
+ qpol_iterator_destroy(&iter);
+ return retval;
+}
+
+apol_rolebounds_query_t *apol_rolebounds_query_create(void)
+{
+ return calloc(1, sizeof(apol_rolebounds_query_t));
+}
+
+void apol_rolebounds_query_destroy(apol_rolebounds_query_t ** q)
+{
+ if (*q != NULL) {
+ free((*q)->name);
+ free(*q);
+ *q = NULL;
+ }
+}
+
+
+ /************ USERBOUNDS *************/
+struct apol_userbounds_query
+{
+ char *name;
+};
+
+int apol_userbounds_get_by_query(const apol_policy_t * p, apol_userbounds_query_t * q, apol_vector_t ** v)
+{
+ qpol_iterator_t *iter;
+ int retval = -1;
+
+ *v = NULL;
+ if (qpol_policy_get_userbounds_iter(p->p, &iter) < 0) {
+ return -1;
+ }
+ if ((*v = apol_vector_create(NULL)) == NULL) {
+ ERR(p, "%s", strerror(errno));
+ goto cleanup;
+ }
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ const qpol_userbounds_t *userbounds;
+ if (qpol_iterator_get_item(iter, (void **)&userbounds) < 0) {
+ goto cleanup;
+ }
+ if (q != NULL) {
+ if (apol_vector_append(*v, (void *)userbounds)) {
+ ERR(p, "%s", strerror(ENOMEM));
+ goto cleanup;
+ }
+ }
+ }
+
+ retval = 0;
+cleanup:
+ if (retval != 0) {
+ apol_vector_destroy(v);
+ }
+ qpol_iterator_destroy(&iter);
+ return retval;
+}
+
+apol_userbounds_query_t *apol_userbounds_query_create(void)
+{
+ return calloc(1, sizeof(apol_userbounds_query_t));
+}
+
+void apol_userbounds_query_destroy(apol_userbounds_query_t ** q)
+{
+ if (*q != NULL) {
+ free((*q)->name);
+ free(*q);
+ *q = NULL;
+ }
+}
+
diff --git a/libapol/src/default-object-query.c b/libapol/src/default-object-query.c
new file mode 100644
index 0000000..3724e69
--- /dev/null
+++ b/libapol/src/default-object-query.c
@@ -0,0 +1,87 @@
+/**
+ * @file
+ *
+ * Provides a way for setools to make queries about policy capabilities
+ * within a policy. The caller obtains a query object,
+ * fills in its parameters, and then runs the query; it obtains a
+ * vector of results. Searches are conjunctive -- all fields of the
+ * search query must match for a datum to be added to the results
+ * query.
+ *
+ * @author Richard Haines richard_c_haines@btinternet.com
+ *
+ * Copyright (C) 2006-2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "policy-query-internal.h"
+
+#include <errno.h>
+
+struct apol_default_object_query
+{
+ char *name;
+};
+
+int apol_default_object_get_by_query(const apol_policy_t * p, apol_default_object_query_t * q, apol_vector_t ** v)
+{
+ qpol_iterator_t *iter;
+ int retval = -1;
+
+ *v = NULL;
+ if (qpol_policy_get_default_object_iter(p->p, &iter) < 0) {
+ return -1;
+ }
+ if ((*v = apol_vector_create(NULL)) == NULL) {
+ ERR(p, "%s", strerror(errno));
+ goto cleanup;
+ }
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ const qpol_default_object_t *default_object;
+ if (qpol_iterator_get_item(iter, (void **)&default_object) < 0) {
+ goto cleanup;
+ }
+ if (q != NULL) {
+ if (apol_vector_append(*v, (void *)default_object)) {
+ ERR(p, "%s", strerror(ENOMEM));
+ goto cleanup;
+ }
+ }
+ }
+
+ retval = 0;
+cleanup:
+ if (retval != 0) {
+ apol_vector_destroy(v);
+ }
+ qpol_iterator_destroy(&iter);
+ return retval;
+}
+
+apol_default_object_query_t *apol_default_object_query_create(void)
+{
+ return calloc(1, sizeof(apol_default_object_query_t));
+}
+
+void apol_default_object_query_destroy(apol_default_object_query_t ** q)
+{
+ if (*q != NULL) {
+ free((*q)->name);
+ free(*q);
+ *q = NULL;
+ }
+}
+
diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
index 50c6c7a..aeebc25 100644
--- a/libapol/src/ftrule-query.c
+++ b/libapol/src/ftrule-query.c
@@ -215,10 +215,10 @@ void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** t)
}
}
-int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename, int is_indirect)
+int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *type, int is_indirect)
{
apol_query_set_flag(p, &t->flags, is_indirect, APOL_QUERY_SOURCE_INDIRECT);
- return apol_query_set(p, &t->source, NULL, filename);
+ return apol_query_set(p, &t->source, NULL, type);
}
//TODO is the equivilent terule_query_set_{source,target}_compoenent needed?
diff --git a/libapol/src/libapol.map b/libapol/src/libapol.map
index 7657a2d..8741bf4 100644
--- a/libapol/src/libapol.map
+++ b/libapol/src/libapol.map
@@ -83,5 +83,9 @@ VERS_4.1{
VERS_4.2{
global:
apol_permissive_*;
+ apol_typebounds_*;
+ apol_rolebounds_*;
+ apol_userbounds_*;
apol_polcap_*;
+ apol_default_object_*;
} VERS_4.1;
diff --git a/libapol/src/policy-query-internal.h b/libapol/src/policy-query-internal.h
index 657c815..d7e57e0 100644
--- a/libapol/src/policy-query-internal.h
+++ b/libapol/src/policy-query-internal.h
@@ -228,6 +228,25 @@ extern "C"
regex_t ** type_regex);
/**
+ * Determines if a (partial) typebounds query matches a qpol_typebounds_t,
+ * by name.
+ *
+ * @param p Policy within which to look up types.
+ * @param type typebounds datum to compare against.
+ * @param name Source target from which to compare.
+ * @param flags If APOL_QUERY_REGEX bit is set, treat name as a
+ * regular expression.
+ * @param regex If using regexp comparison, the compiled regular
+ * expression to use; the pointer will be allocated space if regexp is
+ * legal. If NULL, then compile the regexp pattern given by name and
+ * cache it here.
+ *
+ * @return 1 If comparison succeeds, 0 if not; < 0 on error.
+ */
+ int apol_compare_typebounds(const apol_policy_t * p, const qpol_typebounds_t * typebounds, const char *name, unsigned int flags,
+ regex_t ** type_regex);
+
+/**
* Determines if a boolean is used within a particual conditional.
*
* @param p Policy within which to look up types.
diff --git a/libapol/src/policy-query.c b/libapol/src/policy-query.c
index 18152fb..5ce52a2 100644
--- a/libapol/src/policy-query.c
+++ b/libapol/src/policy-query.c
@@ -188,6 +188,29 @@ int apol_compare_polcap(const apol_policy_t * p, const qpol_polcap_t * polcap, c
return compval;
}
+int apol_compare_typebounds(const apol_policy_t * p, const qpol_typebounds_t * typebounds, const char *name, unsigned int flags,
+ regex_t ** typebounds_regex)
+{
+ const char *typebounds_parent_name = NULL;
+ const char *typebounds_child_name = NULL;
+
+ int compval = 0;
+
+ qpol_typebounds_get_parent_name(p->p, typebounds, &typebounds_parent_name);
+ qpol_typebounds_get_child_name(p->p, typebounds, &typebounds_child_name);
+
+ if (typebounds_parent_name != NULL) {
+ compval = apol_compare(p, typebounds_parent_name, name, flags, typebounds_regex);
+ }
+ if (typebounds_child_name != NULL && compval == 0) {
+ compval = apol_compare(p, typebounds_child_name, name, flags, typebounds_regex);
+ return compval;
+ } else {
+ return compval;
+ }
+ return 0;
+}
+
int apol_compare_cond_expr(const apol_policy_t * p, const qpol_cond_t * cond, const char *name, unsigned int flags,
regex_t ** bool_regex)
{
diff --git a/libapol/src/policy.c b/libapol/src/policy.c
index 95ab7cd..f253db9 100644
--- a/libapol/src/policy.c
+++ b/libapol/src/policy.c
@@ -155,6 +155,15 @@ int apol_policy_get_policy_type(const apol_policy_t * policy)
return policy->policy_type;
}
+int apol_policy_get_policy_handle_unknown(const apol_policy_t * p)
+{
+ unsigned int handle_unknown;
+ if (qpol_policy_get_policy_handle_unknown(p->p, &handle_unknown) < 0) {
+ return -1;
+ }
+ return handle_unknown;
+}
+
qpol_policy_t *apol_policy_get_qpol(const apol_policy_t * policy)
{
if (policy == NULL) {
diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i
index ae1262d..8a4a195 100644
--- a/libapol/swig/apol.i
+++ b/libapol/swig/apol.i
@@ -256,7 +256,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
}
%}
%extend apol_ip_t {
- apol_ip_t(const char *str) {
+ apol_ip(const char *str) {
apol_ip_t *ip = NULL;
BEGIN_EXCEPTION
ip = calloc(1, sizeof(*ip));
@@ -274,7 +274,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
fail:
return ip;
};
- ~apol_ip_t() {
+ ~apol_ip() {
free(self);
};
int get_protocol() {
@@ -303,31 +303,35 @@ char *apol_file_find_path(const char *file_name);
%}
typedef struct apol_vector {} apol_vector_t;
%extend apol_vector_t {
- apol_vector_t() {
+ apol_vector() {
return apol_vector_create(NULL);
};
- apol_vector_t(qpol_iterator_t *iter) {
+ apol_vector(qpol_iterator_t *iter) {
return apol_vector_create_from_iter(iter, NULL);
};
- apol_vector_t(apol_vector_t *v) {
+ apol_vector(apol_vector_t *v) {
return apol_vector_create_from_vector(v, NULL, NULL, NULL);
};
- apol_vector_t(apol_vector_t *a, apol_vector_t *b) {
+ apol_vector(apol_vector_t *a, apol_vector_t *b) {
return apol_vector_create_from_intersection(a, b, NULL, NULL);
};
- size_t get_size() {
+ %rename(get_size) wrap_get_size;
+ size_t wrap_get_size() {
return apol_vector_get_size(self);
};
- size_t get_capacity() {
+ %rename(get_capacity) wrap_get_capacity;
+ size_t wrap_get_capacity() {
return apol_vector_get_capacity(self);
};
- void *get_element(size_t i) {
+ %rename(get_element) wrap_get_element;
+ void *wrap_get_element(size_t i) {
return apol_vector_get_element(self, i);
};
- ~apol_vector_t() {
+ ~apol_vector() {
apol_vector_destroy(&self);
};
- void append(void *x) {
+ %rename(append) wrap_append;
+ void wrap_append(void *x) {
BEGIN_EXCEPTION
if (apol_vector_append(self, x)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -336,7 +340,8 @@ typedef struct apol_vector {} apol_vector_t;
fail:
return;
};
- void append_unique(void *x) {
+ %rename(append_unique) wrap_append_unique;
+ void wrap_append_unique(void *x) {
BEGIN_EXCEPTION
if (apol_vector_append_unique(self, x, NULL, NULL)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -345,7 +350,8 @@ typedef struct apol_vector {} apol_vector_t;
fail:
return;
};
- void cat(apol_vector_t *src) {
+ %rename(cat) wrap_cat;
+ void wrap_cat(apol_vector_t *src) {
BEGIN_EXCEPTION
if (apol_vector_cat(self, src)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -354,7 +360,8 @@ typedef struct apol_vector {} apol_vector_t;
fail:
return;
};
- void remove(size_t idx) {
+ %rename(remove) wrap_remove;
+ void wrap_remove(size_t idx) {
BEGIN_EXCEPTION
if (apol_vector_remove(self, idx)) {
SWIG_exception(SWIG_RuntimeError, "Error removing vector element");
@@ -363,10 +370,12 @@ typedef struct apol_vector {} apol_vector_t;
fail:
return;
};
- void sort() {
+ %rename(sort) wrap_sort;
+ void wrap_sort() {
apol_vector_sort(self, NULL, NULL);
};
- void sort_uniquify() {
+ %rename(sort_uniquify) wrap_sort_uniquify;
+ void wrap_sort_uniquify() {
apol_vector_sort_uniquify(self, NULL, NULL);
};
};
@@ -379,13 +388,13 @@ typedef struct apol_vector {} apol_vector_t;
%}
typedef struct apol_string_vector {} apol_string_vector_t;
%extend apol_string_vector_t {
- apol_string_vector_t() {
+ apol_string_vector() {
return (apol_string_vector_t*)apol_vector_create(free);
};
- apol_string_vector_t(apol_string_vector_t *v) {
+ apol_string_vector(apol_string_vector_t *v) {
return (apol_string_vector_t*)apol_vector_create_from_vector((apol_vector_t*)v, apol_str_strdup, NULL, free);
};
- apol_string_vector_t(apol_string_vector_t *a, apol_string_vector_t *b) {
+ apol_string_vector(apol_string_vector_t *a, apol_string_vector_t *b) {
return (apol_string_vector_t*)apol_vector_create_from_intersection((apol_vector_t*)a, (apol_vector_t*)b, apol_str_strcmp, NULL);
};
size_t get_size() {
@@ -397,7 +406,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
char *get_element(size_t i) {
return (char*)apol_vector_get_element((apol_vector_t*)self, i);
};
- ~apol_string_vector_t() {
+ ~apol_string_vector() {
apol_vector_destroy((apol_vector_t**)&self);
};
size_t get_index(char *str) {
@@ -462,7 +471,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
} apol_policy_path_type_e;
typedef struct apol_policy_path {} apol_policy_path_t;
%extend apol_policy_path_t {
- apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
+ apol_policy_path(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create(type, primary, (apol_vector_t*)modules)) == NULL) {
@@ -472,7 +481,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(char *path) {
+ apol_policy_path(char *path) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_file(path)) == NULL) {
@@ -482,7 +491,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(char *str, int unused) {
+ apol_policy_path(char *str, int unused) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_string(str)) == NULL) {
@@ -492,7 +501,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(apol_policy_path_t *in) {
+ apol_policy_path(apol_policy_path_t *in) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_policy_path(in)) == NULL) {
@@ -502,20 +511,24 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- ~apol_policy_path_t() {
+ ~apol_policy_path() {
apol_policy_path_destroy(&self);
};
- apol_policy_path_type_e get_type() {
+ %rename(get_type) wrap_get_type;
+ apol_policy_path_type_e wrap_get_type() {
return apol_policy_path_get_type(self);
};
- const char *get_primary() {
+ %rename(get_primary) wrap_get_primary;
+ const char *wrap_get_primary() {
return apol_policy_path_get_primary(self);
};
- const apol_string_vector_t *get_modules() {
+ %rename(get_modules) wrap_get_modules;
+ const apol_string_vector_t *wrap_get_modules() {
return (apol_string_vector_t*)apol_policy_path_get_modules(self);
};
%newobject to_string();
- char *to_string() {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string() {
char *str;
BEGIN_EXCEPTION
str = apol_policy_path_to_string(self);
@@ -526,7 +539,8 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return str;
};
- void to_file(char *path) {
+ %rename(to_file) wrap_to_file;
+ void wrap_to_file(char *path) {
BEGIN_EXCEPTION
if (apol_policy_path_to_file(self, path)) {
SWIG_exception(SWIG_RuntimeError, "Input/outpet error");
@@ -549,7 +563,7 @@ typedef struct apol_policy {} apol_policy_t;
#define APOL_PERMMAP_BOTH (APOL_PERMMAP_READ | APOL_PERMMAP_WRITE)
#define APOL_PERMMAP_NONE 0x10
%extend apol_policy_t {
- apol_policy_t(apol_policy_path_t *path, int options = 0) {
+ apol_policy(apol_policy_path_t *path, int options = 0) {
apol_policy_t *p;
BEGIN_EXCEPTION
p = apol_policy_create_from_policy_path(path, options, apol_swig_message_callback, apol_swig_message_callback_arg);
@@ -564,20 +578,30 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return p;
};
- ~apol_policy_t() {
+ ~apol_policy() {
apol_policy_destroy(&self);
};
- int get_policy_type() {
+ %rename(get_policy_type) wrap_get_policy_type;
+ int wrap_get_policy_type() {
return apol_policy_get_policy_type(self);
};
- qpol_policy_t *get_qpol() {
+
+ %rename(get_policy_handle_unknown) wrap_get_policy_handle_unknown;
+ int wrap_get_policy_handle_unknown() {
+ return apol_policy_get_policy_handle_unknown(self);
+ };
+
+ %rename(get_qpol) wrap_get_qpol;
+ qpol_policy_t *wrap_get_qpol() {
return apol_policy_get_qpol(self);
};
- int is_mls() {
+ %rename(is_mls) wrap_is_mls;
+ int wrap_is_mls() {
return apol_policy_is_mls(self);
};
%newobject get_version_type_mls_str();
- char *get_version_type_mls_str() {
+ %rename(get_version_type_mls_str) wrap_get_version_type_mls_str;
+ char *wrap_get_version_type_mls_str() {
char *str;
BEGIN_EXCEPTION
str = apol_policy_get_version_type_mls_str(self);
@@ -588,7 +612,8 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return str;
};
- void open_permmap(const char *path) {
+ %rename(open_permmap) wrap_open_permmap;
+ void wrap_open_permmap(const char *path) {
BEGIN_EXCEPTION
if (apol_policy_open_permmap(self, path) < 0) {
SWIG_exception(SWIG_RuntimeError, "Error loading permission map");
@@ -597,7 +622,8 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return;
};
- void save_permmap(const char *path) {
+ %rename(save_permmap) wrap_save_permmap;
+ void wrap_save_permmap(const char *path) {
BEGIN_EXCEPTION
if (apol_policy_save_permmap(self, path)) {
SWIG_exception(SWIG_RuntimeError, "Could not save permission map");
@@ -626,7 +652,8 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return dir;
};
- void set_permmap(const char *class_name, const char *perm_name, int direction, int weight) {
+ %rename(set_permmap) wrap_set_permmap;
+ void wrap_set_permmap(const char *class_name, const char *perm_name, int direction, int weight) {
BEGIN_EXCEPTION
if (apol_policy_set_permmap(self, class_name, perm_name, direction, weight)) {
SWIG_exception(SWIG_RuntimeError, "Could not set permission mapping");
@@ -635,7 +662,8 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return;
};
- void build_domain_trans_table() {
+ %rename(build_domain_trans_table) wrap_build_domain_trans_table;
+ void wrap_build_domain_trans_table() {
BEGIN_EXCEPTION
if (apol_policy_build_domain_trans_table(self)) {
SWIG_exception(SWIG_RuntimeError, "Could not build domain transition table");
@@ -644,7 +672,8 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return;
};
- void reset_domain_trans_table() {
+ %rename(reset_domain_trans_table) wrap_reset_domain_trans_table;
+ void wrap_reset_domain_trans_table() {
apol_policy_reset_domain_trans_table(self);
}
};
@@ -652,7 +681,7 @@ typedef struct apol_policy {} apol_policy_t;
/* apol type query */
typedef struct apol_type_query {} apol_type_query_t;
%extend apol_type_query_t {
- apol_type_query_t() {
+ apol_type_query() {
apol_type_query_t *tq;
BEGIN_EXCEPTION
tq = apol_type_query_create();
@@ -663,7 +692,7 @@ typedef struct apol_type_query {} apol_type_query_t;
fail:
return tq;
};
- ~apol_type_query_t() {
+ ~apol_type_query() {
apol_type_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -677,7 +706,8 @@ typedef struct apol_type_query {} apol_type_query_t;
fail:
return v;
};
- void set_type(apol_policy_t *p, char *name) {
+ %rename(set_type) wrap_set_type;
+ void wrap_set_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_type_query_set_type(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -686,7 +716,8 @@ typedef struct apol_type_query {} apol_type_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_type_query_set_regex(p, self, regex);
};
};
@@ -694,7 +725,7 @@ typedef struct apol_type_query {} apol_type_query_t;
/* apol attribute query */
typedef struct apol_attr_query {} apol_attr_query_t;
%extend apol_attr_query_t {
- apol_attr_query_t() {
+ apol_attr_query() {
apol_attr_query_t *aq;
BEGIN_EXCEPTION
aq = apol_attr_query_create();
@@ -705,7 +736,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
fail:
return aq;
};
- ~apol_attr_query_t() {
+ ~apol_attr_query() {
apol_attr_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -719,7 +750,8 @@ typedef struct apol_attr_query {} apol_attr_query_t;
fail:
return v;
};
- void set_attr(apol_policy_t *p, char *name) {
+ %rename(set_attr) wrap_set_attr;
+ void wrap_set_attr(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_attr_query_set_attr(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -728,7 +760,8 @@ typedef struct apol_attr_query {} apol_attr_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_attr_query_set_regex(p, self, regex);
};
};
@@ -736,7 +769,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
/* apol role query */
typedef struct apol_role_query {} apol_role_query_t;
%extend apol_role_query_t {
- apol_role_query_t() {
+ apol_role_query() {
apol_role_query_t *rq;
BEGIN_EXCEPTION
rq = apol_role_query_create();
@@ -747,7 +780,7 @@ typedef struct apol_role_query {} apol_role_query_t;
fail:
return rq;
};
- ~apol_role_query_t() {
+ ~apol_role_query() {
apol_role_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -761,7 +794,8 @@ typedef struct apol_role_query {} apol_role_query_t;
fail:
return v;
};
- void set_role(apol_policy_t *p, char *name) {
+ %rename(set_role) wrap_set_role;
+ void wrap_set_role(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_role_query_set_role(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -770,7 +804,8 @@ typedef struct apol_role_query {} apol_role_query_t;
fail:
return;
};
- void set_type(apol_policy_t *p, char *name) {
+ %rename(set_type) wrap_set_type;
+ void wrap_set_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_role_query_set_type(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -779,7 +814,8 @@ typedef struct apol_role_query {} apol_role_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_role_query_set_regex(p, self, regex);
};
};
@@ -788,7 +824,7 @@ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t);
/* apol class query */
typedef struct apol_class_query {} apol_class_query_t;
%extend apol_class_query_t {
- apol_class_query_t() {
+ apol_class_query() {
apol_class_query_t *cq;
BEGIN_EXCEPTION
cq = apol_class_query_create();
@@ -799,7 +835,7 @@ typedef struct apol_class_query {} apol_class_query_t;
fail:
return cq;
};
- ~apol_class_query_t() {
+ ~apol_class_query() {
apol_class_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -813,7 +849,8 @@ typedef struct apol_class_query {} apol_class_query_t;
fail:
return v;
};
- void set_class(apol_policy_t *p, char *name) {
+ %rename(set_class) wrap_set_class;
+ void wrap_set_class(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_class_query_set_class(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -822,7 +859,8 @@ typedef struct apol_class_query {} apol_class_query_t;
fail:
return;
};
- void set_common(apol_policy_t *p, char *name) {
+ %rename(set_common) wrap_set_common;
+ void wrap_set_common(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_class_query_set_common(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -831,7 +869,8 @@ typedef struct apol_class_query {} apol_class_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_class_query_set_regex(p, self, regex);
};
};
@@ -839,7 +878,7 @@ typedef struct apol_class_query {} apol_class_query_t;
/* apol common query */
typedef struct apol_common_query {} apol_common_query_t;
%extend apol_common_query_t {
- apol_common_query_t() {
+ apol_common_query() {
apol_common_query_t *cq;
BEGIN_EXCEPTION
cq = apol_common_query_create();
@@ -850,7 +889,7 @@ typedef struct apol_common_query {} apol_common_query_t;
fail:
return cq;
};
- ~apol_common_query_t() {
+ ~apol_common_query() {
apol_common_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -864,7 +903,8 @@ typedef struct apol_common_query {} apol_common_query_t;
fail:
return v;
};
- void set_common(apol_policy_t *p, char *name) {
+ %rename(set_common) wrap_set_common;
+ void wrap_set_common(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_common_query_set_common(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -873,7 +913,8 @@ typedef struct apol_common_query {} apol_common_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_common_query_set_regex(p, self, regex);
};
};
@@ -881,7 +922,7 @@ typedef struct apol_common_query {} apol_common_query_t;
/* apol perm query */
typedef struct apol_perm_query {} apol_perm_query_t;
%extend apol_perm_query_t {
- apol_perm_query_t() {
+ apol_perm_query() {
apol_perm_query_t *pq;
BEGIN_EXCEPTION
pq = apol_perm_query_create();
@@ -892,7 +933,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
fail:
return pq;
};
- ~apol_perm_query_t() {
+ ~apol_perm_query() {
apol_perm_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -906,7 +947,8 @@ typedef struct apol_perm_query {} apol_perm_query_t;
fail:
return (apol_string_vector_t*)v;
};
- void set_perm(apol_policy_t *p, char *name) {
+ %rename(set_perm) wrap_set_perm;
+ void wrap_set_perm(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_perm_query_set_perm(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -915,7 +957,8 @@ typedef struct apol_perm_query {} apol_perm_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_perm_query_set_regex(p, self, regex);
};
};
@@ -923,7 +966,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
/* apol bool query */
typedef struct apol_bool_query {} apol_bool_query_t;
%extend apol_bool_query_t {
- apol_bool_query_t() {
+ apol_bool_query() {
apol_bool_query_t *bq;
BEGIN_EXCEPTION
bq = apol_bool_query_create();
@@ -934,7 +977,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
fail:
return bq;
};
- ~apol_bool_query_t() {
+ ~apol_bool_query() {
apol_bool_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -948,7 +991,8 @@ typedef struct apol_bool_query {} apol_bool_query_t;
fail:
return v;
};
- void set_bool(apol_policy_t *p, char *name) {
+ %rename(set_bool) wrap_set_bool;
+ void wrap_set_bool(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_bool_query_set_bool(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -957,7 +1001,8 @@ typedef struct apol_bool_query {} apol_bool_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_bool_query_set_regex(p, self, regex);
};
};
@@ -965,7 +1010,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
/* apol mls level */
typedef struct apol_mls_level {} apol_mls_level_t;
%extend apol_mls_level_t {
- apol_mls_level_t() {
+ apol_mls_level() {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create();
@@ -976,7 +1021,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_mls_level_t *in) {
+ apol_mls_level(apol_mls_level_t *in) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_mls_level(in);
@@ -987,7 +1032,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, const char *str) {
+ apol_mls_level(apol_policy_t *p, const char *str) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_string(p, str);
@@ -998,7 +1043,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(const char *str) {
+ apol_mls_level(const char *str) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_literal(str);
@@ -1009,7 +1054,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, qpol_mls_level_t *qml) {
+ apol_mls_level(apol_policy_t *p, qpol_mls_level_t *qml) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_qpol_mls_level(p, qml);
@@ -1020,7 +1065,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, qpol_level_t *ql) {
+ apol_mls_level(apol_policy_t *p, qpol_level_t *ql) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_qpol_level_datum(p, ql);
@@ -1031,10 +1076,11 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- ~apol_mls_level_t() {
+ ~apol_mls_level() {
apol_mls_level_destroy(&self);
};
- void set_sens(apol_policy_t *p, char *sens) {
+ %rename(set_sens) wrap_set_sens;
+ void wrap_set_sens(apol_policy_t *p, char *sens) {
BEGIN_EXCEPTION
if (apol_mls_level_set_sens(p, self, sens)) {
SWIG_exception(SWIG_RuntimeError, "Could not set level sensitivity");
@@ -1043,10 +1089,12 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return;
};
- const char *get_sens() {
+ %rename(get_sens) wrap_get_sens;
+ const char *wrap_get_sens() {
return apol_mls_level_get_sens(self);
};
- void append_cats(apol_policy_t *p, char *cats) {
+ %rename(append_cats) wrap_append_cats;
+ void wrap_append_cats(apol_policy_t *p, char *cats) {
BEGIN_EXCEPTION
if (apol_mls_level_append_cats(p, self, cats)) {
SWIG_exception(SWIG_RuntimeError, "Could not append level category");
@@ -1055,10 +1103,12 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return;
};
- const apol_string_vector_t *get_cats() {
+ %rename(get_cats) wrap_get_cats;
+ const apol_string_vector_t *wrap_get_cats() {
return (apol_string_vector_t *) apol_mls_level_get_cats(self);
};
- int validate(apol_policy_t *p) {
+ %rename(validate) wrap_validate;
+ int wrap_validate(apol_policy_t *p) {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_mls_level_validate(p, self);
@@ -1070,7 +1120,8 @@ typedef struct apol_mls_level {} apol_mls_level_t;
return ret;
}
%newobject render(apol_policy_t*);
- char *render(apol_policy_t *p) {
+ %rename(render) wrap_render;
+ char *wrap_render(apol_policy_t *p) {
char *str;
BEGIN_EXCEPTION
str = apol_mls_level_render(p, self);
@@ -1081,7 +1132,8 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return str;
};
- int convert(apol_policy_t *p) {
+ %rename(convert) wrap_convert;
+ int wrap_convert(apol_policy_t *p) {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_mls_level_convert(p, self);
@@ -1092,7 +1144,8 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return ret;
}
- int is_literal() {
+ %rename(is_literal) wrap_is_literal;
+ int wrap_is_literal() {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_mls_level_is_literal(self);
@@ -1128,7 +1181,7 @@ int apol_mls_cats_compare(apol_policy_t * p, const char *cat1, const char *cat2)
#endif
typedef struct apol_mls_range {} apol_mls_range_t;
%extend apol_mls_range_t {
- apol_mls_range_t() {
+ apol_mls_range() {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create();
@@ -1139,7 +1192,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_mls_range_t *in) {
+ apol_mls_range(apol_mls_range_t *in) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_mls_range(in);
@@ -1150,7 +1203,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_policy_t *p, const char *s) {
+ apol_mls_range(apol_policy_t *p, const char *s) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_string(p, s);
@@ -1161,7 +1214,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(const char *s) {
+ apol_mls_range(const char *s) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_literal(s);
@@ -1172,7 +1225,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_policy_t *p, qpol_mls_range_t *in) {
+ apol_mls_range(apol_policy_t *p, qpol_mls_range_t *in) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_qpol_mls_range(p, in);
@@ -1183,10 +1236,11 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- ~apol_mls_range_t() {
+ ~apol_mls_range() {
apol_mls_range_destroy(&self);
};
- void set_low(apol_policy_t *p, apol_mls_level_t *lvl) {
+ %rename(set_low) wrap_set_low;
+ void wrap_set_low(apol_policy_t *p, apol_mls_level_t *lvl) {
BEGIN_EXCEPTION
if (apol_mls_range_set_low(p, self, lvl)) {
SWIG_exception(SWIG_RuntimeError, "Could not set low level");
@@ -1195,7 +1249,8 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return;
};
- void set_high(apol_policy_t *p, apol_mls_level_t *lvl) {
+ %rename(set_high) wrap_set_high;
+ void wrap_set_high(apol_policy_t *p, apol_mls_level_t *lvl) {
BEGIN_EXCEPTION
if (apol_mls_range_set_high(p, self, lvl)) {
SWIG_exception(SWIG_RuntimeError, "Could not set high level");
@@ -1204,14 +1259,17 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return;
};
- const apol_mls_level_t *get_low() {
+ %rename(get_low) wrap_get_low;
+ const apol_mls_level_t *wrap_get_low() {
return apol_mls_range_get_low(self);
}
- const apol_mls_level_t *get_high() {
+ %rename(get_high) wrap_get_high;
+ const apol_mls_level_t *wrap_get_high() {
return apol_mls_range_get_high(self);
}
%newobject render(apol_policy_t*);
- char *render(apol_policy_t *p) {
+ %rename(render) wrap_render;
+ char *wrap_render(apol_policy_t *p) {
char *str;
BEGIN_EXCEPTION
str = apol_mls_range_render(p, self);
@@ -1223,7 +1281,8 @@ typedef struct apol_mls_range {} apol_mls_range_t;
return str;
};
%newobject get_levels(apol_policy_t*);
- apol_vector_t *get_levels(apol_policy_t *p) {
+ %rename(get_levels) wrap_get_levels;
+ apol_vector_t *wrap_get_levels(apol_policy_t *p) {
apol_vector_t *v;
BEGIN_EXCEPTION
v = apol_mls_range_get_levels(p, self);
@@ -1234,7 +1293,8 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return v;
};
- int validate(apol_policy_t *p) {
+ %rename(validate) wrap_validate;
+ int wrap_validate(apol_policy_t *p) {
int ret = apol_mls_range_validate(p, self);
BEGIN_EXCEPTION
if (ret < 0) {
@@ -1244,7 +1304,8 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return ret;
}
- int is_literal() {
+ %rename(is_literal) wrap_is_literal;
+ int wrap_is_literal() {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_mls_range_is_literal(self);
@@ -1255,7 +1316,8 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return ret;
}
- int convert(apol_policy_t *p) {
+ %rename(convert) wrap_convert;
+ int wrap_convert(apol_policy_t *p) {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_mls_range_convert(p, self);
@@ -1278,7 +1340,7 @@ int apol_mls_range_contain_subrange(apol_policy_t * p, const apol_mls_range_t *
/* apol level query */
typedef struct apol_level_query {} apol_level_query_t;
%extend apol_level_query_t {
- apol_level_query_t() {
+ apol_level_query() {
apol_level_query_t * alq;
BEGIN_EXCEPTION
alq = apol_level_query_create();
@@ -1289,7 +1351,7 @@ typedef struct apol_level_query {} apol_level_query_t;
fail:
return alq;
};
- ~apol_level_query_t() {
+ ~apol_level_query() {
apol_level_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1303,7 +1365,8 @@ typedef struct apol_level_query {} apol_level_query_t;
fail:
return v;
};
- void set_sens(apol_policy_t *p, char *name) {
+ %rename(set_sens) wrap_set_sens;
+ void wrap_set_sens(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_level_query_set_sens(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1312,7 +1375,8 @@ typedef struct apol_level_query {} apol_level_query_t;
fail:
return;
};
- void set_cat(apol_policy_t *p, char *name) {
+ %rename(set_cat) wrap_set_cat;
+ void wrap_set_cat(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_level_query_set_cat(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1321,7 +1385,8 @@ typedef struct apol_level_query {} apol_level_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_level_query_set_regex(p, self, regex);
};
};
@@ -1329,7 +1394,7 @@ typedef struct apol_level_query {} apol_level_query_t;
/* apol cat query */
typedef struct apol_cat_query {} apol_cat_query_t;
%extend apol_cat_query_t {
- apol_cat_query_t() {
+ apol_cat_query() {
apol_cat_query_t * acq;
BEGIN_EXCEPTION
acq = apol_cat_query_create();
@@ -1340,7 +1405,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
fail:
return acq;
};
- ~apol_cat_query_t() {
+ ~apol_cat_query() {
apol_cat_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -1354,7 +1419,8 @@ typedef struct apol_cat_query {} apol_cat_query_t;
fail:
return v;
};
- void set_cat(apol_policy_t *p, char *name) {
+ %rename(set_cat) wrap_set_cat;
+ void wrap_set_cat(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_cat_query_set_cat(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1363,7 +1429,8 @@ typedef struct apol_cat_query {} apol_cat_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_cat_query_set_regex(p, self, regex);
};
};
@@ -1379,7 +1446,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
#endif
typedef struct apol_user_query {} apol_user_query_t;
%extend apol_user_query_t {
- apol_user_query_t() {
+ apol_user_query() {
apol_user_query_t *auq;
BEGIN_EXCEPTION
auq = apol_user_query_create();
@@ -1390,7 +1457,7 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return auq;
};
- ~apol_user_query_t() {
+ ~apol_user_query() {
apol_user_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1404,7 +1471,8 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return v;
};
- void set_user(apol_policy_t *p, char *name) {
+ %rename(set_user) wrap_set_user;
+ void wrap_set_user(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_user_query_set_user(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1413,7 +1481,8 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return;
};
- void set_role(apol_policy_t *p, char *name) {
+ %rename(set_role) wrap_set_role;
+ void wrap_set_role(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_user_query_set_role(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1422,7 +1491,8 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return;
};
- void set_default_level(apol_policy_t *p, apol_mls_level_t *lvl) {
+ %rename(set_default_level) wrap_set_default_level;
+ void wrap_set_default_level(apol_policy_t *p, apol_mls_level_t *lvl) {
BEGIN_EXCEPTION
if (apol_user_query_set_default_level(p, self, lvl)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1431,7 +1501,8 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return;
};
- void set_range(apol_policy_t *p, apol_mls_range_t *rng, int range_match) {
+ %rename(set_range) wrap_set_range;
+ void wrap_set_range(apol_policy_t *p, apol_mls_range_t *rng, int range_match) {
BEGIN_EXCEPTION
if (apol_user_query_set_range(p, self, rng, range_match)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1440,7 +1511,8 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_user_query_set_regex(p, self, regex);
};
};
@@ -1448,7 +1520,7 @@ typedef struct apol_user_query {} apol_user_query_t;
/* apol context */
typedef struct apol_context {} apol_context_t;
%extend apol_context_t {
- apol_context_t() {
+ apol_context() {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create();
@@ -1459,7 +1531,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- apol_context_t(apol_policy_t *p, qpol_context_t *in) {
+ apol_context(apol_policy_t *p, qpol_context_t *in) {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create_from_qpol_context(p, in);
@@ -1470,7 +1542,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- apol_context_t(const char *str) {
+ apol_context(const char *str) {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create_from_literal(str);
@@ -1481,10 +1553,11 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- ~apol_context_t() {
+ ~apol_context() {
apol_context_destroy(&self);
};
- void set_user(apol_policy_t *p, char *name) {
+ %rename(set_user) wrap_set_user;
+ void wrap_set_user(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_context_set_user(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1493,10 +1566,12 @@ typedef struct apol_context {} apol_context_t;
fail:
return;
};
- const char *get_user() {
+ %rename(get_user) wrap_get_user;
+ const char *wrap_get_user() {
return apol_context_get_user(self);
};
- void set_role(apol_policy_t *p, char *name) {
+ %rename(set_role) wrap_set_role;
+ void wrap_set_role(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_context_set_role(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1505,10 +1580,12 @@ typedef struct apol_context {} apol_context_t;
fail:
return;
};
- const char *get_role() {
+ %rename(get_role) wrap_get_role;
+ const char *wrap_get_role() {
return apol_context_get_role(self);
};
- void set_type(apol_policy_t *p, char *name) {
+ %rename(set_type) wrap_set_type;
+ void wrap_set_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_context_set_type(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1517,10 +1594,12 @@ typedef struct apol_context {} apol_context_t;
fail:
return;
};
- const char *get_type() {
+ %rename(get_type) wrap_get_type;
+ const char *wrap_get_type() {
return apol_context_get_type(self);
};
- void set_range(apol_policy_t *p, apol_mls_range_t *rng) {
+ %rename(set_range) wrap_set_range;
+ void wrap_set_range(apol_policy_t *p, apol_mls_range_t *rng) {
BEGIN_EXCEPTION
if (apol_context_set_range(p, self, rng)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1529,10 +1608,12 @@ typedef struct apol_context {} apol_context_t;
fail:
return;
};
- const apol_mls_range_t *get_range() {
+ %rename(get_range) wrap_get_range;
+ const apol_mls_range_t *wrap_get_range() {
return apol_context_get_range(self);
};
- int validate(apol_policy_t *p) {
+ %rename(validate) wrap_validate;
+ int wrap_validate(apol_policy_t *p) {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_context_validate(p, self);
@@ -1543,7 +1624,8 @@ typedef struct apol_context {} apol_context_t;
fail:
return ret;
}
- int validate_partial(apol_policy_t *p) {
+ %rename(validate_partial) wrap_validate_partial;
+ int wrap_validate_partial(apol_policy_t *p) {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_context_validate_partial(p, self);
@@ -1555,7 +1637,8 @@ typedef struct apol_context {} apol_context_t;
return ret;
}
%newobject render(apol_policy_t*);
- char *render(apol_policy_t *p) {
+ %rename(render) wrap_render;
+ char *wrap_render(apol_policy_t *p) {
char *str;
BEGIN_EXCEPTION
str = apol_context_render(p, self);
@@ -1566,7 +1649,8 @@ typedef struct apol_context {} apol_context_t;
fail:
return str;
};
- int convert(apol_policy_t *p) {
+ %rename(convert) wrap_convert;
+ int wrap_convert(apol_policy_t *p) {
int ret = -1;
BEGIN_EXCEPTION
ret = apol_context_convert(p, self);
@@ -1583,7 +1667,7 @@ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_contex
/* apol constraint query */
typedef struct apol_constraint_query {} apol_constraint_query_t;
%extend apol_constraint_query_t {
- apol_constraint_query_t() {
+ apol_constraint_query() {
apol_constraint_query_t *acq;
BEGIN_EXCEPTION
acq = apol_constraint_query_create();
@@ -1594,7 +1678,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
fail:
return acq;
};
- ~apol_constraint_query_t() {
+ ~apol_constraint_query() {
apol_constraint_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1608,7 +1692,8 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
fail:
return v;
};
- void set_class(apol_policy_t *p, char *name) {
+ %rename(set_class) wrap_set_class;
+ void wrap_set_class(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_constraint_query_set_class(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1617,7 +1702,8 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
fail:
return;
}
- void set_perm(apol_policy_t *p, char *name) {
+ %rename(set_perm) wrap_set_perm;
+ void wrap_set_perm(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_constraint_query_set_perm(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1626,7 +1712,8 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
fail:
return;
}
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_constraint_query_set_regex(p, self, regex);
};
};
@@ -1634,7 +1721,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
/* apol validatetrans query */
typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
%extend apol_validatetrans_query_t {
- apol_validatetrans_query_t() {
+ apol_validatetrans_query() {
apol_validatetrans_query_t *avq;
BEGIN_EXCEPTION
avq = apol_validatetrans_query_create();
@@ -1645,7 +1732,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
fail:
return avq;
};
- ~apol_validatetrans_query_t() {
+ ~apol_validatetrans_query() {
apol_validatetrans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1659,7 +1746,8 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
fail:
return v;
};
- void set_class(apol_policy_t *p, char *name) {
+ %rename(set_class) wrap_set_class;
+ void wrap_set_class(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_validatetrans_query_set_class(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1668,7 +1756,8 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
fail:
return;
}
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_validatetrans_query_set_regex(p, self, regex);
};
};
@@ -1684,7 +1773,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
#endif
typedef struct apol_genfscon_query {} apol_genfscon_query_t;
%extend apol_genfscon_query_t {
- apol_genfscon_query_t() {
+ apol_genfscon_query() {
apol_genfscon_query_t *agq;
BEGIN_EXCEPTION
agq = apol_genfscon_query_create();
@@ -1695,7 +1784,7 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
fail:
return agq;
};
- ~apol_genfscon_query_t() {
+ ~apol_genfscon_query() {
apol_genfscon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1709,7 +1798,8 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
fail:
return v;
};
- void set_filesystem(apol_policy_t *p, char *fs) {
+ %rename(set_filesystem) wrap_set_filesystem;
+ void wrap_set_filesystem(apol_policy_t *p, char *fs) {
BEGIN_EXCEPTION
if (apol_genfscon_query_set_filesystem(p, self, fs)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1718,7 +1808,8 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
fail:
return;
};
- void set_path(apol_policy_t *p, char *path) {
+ %rename(set_path) wrap_set_path;
+ void wrap_set_path(apol_policy_t *p, char *path) {
BEGIN_EXCEPTION
if (apol_genfscon_query_set_path(p, self, path)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1727,7 +1818,8 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
fail:
return;
};
- void set_objclass(apol_policy_t *p, int objclass) {
+ %rename(set_objclass) wrap_set_objclass;
+ void wrap_set_objclass(apol_policy_t *p, int objclass) {
BEGIN_EXCEPTION
if (apol_genfscon_query_set_objclass(p, self, objclass)) {
SWIG_exception(SWIG_RuntimeError, "Could not set object class for genfscon query");
@@ -1736,7 +1828,8 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
fail:
return;
};
- void set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
+ %rename(set_context) wrap_set_context;
+ void wrap_set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
apol_genfscon_query_set_context(p, self, ctx, range_match);
};
};
@@ -1746,7 +1839,7 @@ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon);
/* apol fs_use query */
typedef struct apol_fs_use_query {} apol_fs_use_query_t;
%extend apol_fs_use_query_t {
- apol_fs_use_query_t() {
+ apol_fs_use_query() {
apol_fs_use_query_t *afq;
BEGIN_EXCEPTION
afq = apol_fs_use_query_create();
@@ -1757,7 +1850,7 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t;
fail:
return afq;
};
- ~apol_fs_use_query_t() {
+ ~apol_fs_use_query() {
apol_fs_use_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1771,7 +1864,8 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t;
fail:
return v;
};
- void set_filesystem(apol_policy_t *p, char *fs) {
+ %rename(set_filesystem) wrap_set_filesystem;
+ void wrap_set_filesystem(apol_policy_t *p, char *fs) {
BEGIN_EXCEPTION
if (apol_fs_use_query_set_filesystem(p, self, fs)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1780,7 +1874,8 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t;
fail:
return;
};
- void set_behavior(apol_policy_t *p, int behavior) {
+ %rename(set_behavior) wrap_set_behavior;
+ void wrap_set_behavior(apol_policy_t *p, int behavior) {
BEGIN_EXCEPTION
if (apol_fs_use_query_set_behavior(p, self, behavior)) {
SWIG_exception(SWIG_RuntimeError, "Could not set behavior for fs_use query");
@@ -1789,7 +1884,8 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t;
fail:
return;
};
- void set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
+ %rename(set_context) wrap_set_context;
+ void wrap_set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
apol_fs_use_query_set_context(p, self, ctx, range_match);
};
};
@@ -1799,7 +1895,7 @@ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse);
/* apol initial sid query */
typedef struct apol_isid_query {} apol_isid_query_t;
%extend apol_isid_query_t {
- apol_isid_query_t() {
+ apol_isid_query() {
apol_isid_query_t *aiq;
BEGIN_EXCEPTION
aiq = apol_isid_query_create();
@@ -1810,7 +1906,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
fail:
return aiq;
};
- ~apol_isid_query_t() {
+ ~apol_isid_query() {
apol_isid_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1824,7 +1920,8 @@ typedef struct apol_isid_query {} apol_isid_query_t;
fail:
return v;
};
- void set_name(apol_policy_t *p, char *name) {
+ %rename(set_name) wrap_set_name;
+ void wrap_set_name(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_isid_query_set_name(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1833,7 +1930,8 @@ typedef struct apol_isid_query {} apol_isid_query_t;
fail:
return;
};
- void set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
+ %rename(set_context) wrap_set_context;
+ void wrap_set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
apol_isid_query_set_context(p, self, ctx, range_match);
};
};
@@ -1841,7 +1939,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
/* apol portcon query */
typedef struct apol_portcon_query {} apol_portcon_query_t;
%extend apol_portcon_query_t {
- apol_portcon_query_t() {
+ apol_portcon_query() {
apol_portcon_query_t *apq;
BEGIN_EXCEPTION
apq = apol_portcon_query_create();
@@ -1852,7 +1950,7 @@ typedef struct apol_portcon_query {} apol_portcon_query_t;
fail:
return apq;
};
- ~apol_portcon_query_t() {
+ ~apol_portcon_query() {
apol_portcon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1866,16 +1964,20 @@ typedef struct apol_portcon_query {} apol_portcon_query_t;
fail:
return v;
};
- void set_protocol(apol_policy_t *p, int protocol) {
+ %rename(set_protocol) wrap_set_protocol;
+ void wrap_set_protocol(apol_policy_t *p, int protocol) {
apol_portcon_query_set_protocol(p, self, protocol);
};
- void set_low(apol_policy_t *p, int port) {
+ %rename(set_low) wrap_set_low;
+ void wrap_set_low(apol_policy_t *p, int port) {
apol_portcon_query_set_low(p, self, port);
};
- void set_high(apol_policy_t *p, int port) {
+ %rename(set_high) wrap_set_high;
+ void wrap_set_high(apol_policy_t *p, int port) {
apol_portcon_query_set_high(p, self, port);
};
- void set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
+ %rename(set_context) wrap_set_context;
+ void wrap_set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
apol_portcon_query_set_context(p, self, ctx, range_match);
};
};
@@ -1884,8 +1986,9 @@ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon);
/* apol netifcon query */
typedef struct apol_netifcon_query {} apol_netifcon_query_t;
+%rename(apol_netifcon_query_set_msg_context) apol_netifcon_query_set_msg_context;
%extend apol_netifcon_query_t {
- apol_netifcon_query_t() {
+ apol_netifcon_query() {
apol_netifcon_query_t *anq;
BEGIN_EXCEPTION
anq = apol_netifcon_query_create();
@@ -1896,7 +1999,7 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t;
fail:
return anq;
};
- ~apol_netifcon_query_t() {
+ ~apol_netifcon_query() {
apol_netifcon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1910,7 +2013,8 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t;
fail:
return v;
};
- void set_device(apol_policy_t *p, char *name) {
+ %rename(set_device) wrap_set_device;
+ void wrap_set_device(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_netifcon_query_set_device(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -1919,10 +2023,12 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t;
fail:
return;
};
- void set_if_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
+ %rename(set_if_context) wrap_set_if_context;
+ void wrap_set_if_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
apol_netifcon_query_set_if_context(p, self, ctx, range_match);
};
- void set_msg_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
+ %rename(set_msg_context) wrap_set_msg_context;
+ void wrap_set_msg_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
apol_netifcon_query_set_msg_context(p, self, ctx, range_match);
};
};
@@ -1932,7 +2038,7 @@ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon);
/* apol nodecon query */
typedef struct apol_nodecon_query {} apol_nodecon_query_t;
%extend apol_nodecon_query_t {
- apol_nodecon_query_t() {
+ apol_nodecon_query() {
apol_nodecon_query_t *anq;
BEGIN_EXCEPTION
anq = apol_nodecon_query_create();
@@ -1943,7 +2049,7 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t;
fail:
return anq;
};
- ~apol_nodecon_query_t() {
+ ~apol_nodecon_query() {
apol_nodecon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1957,7 +2063,8 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t;
fail:
return v;
};
- void set_protocol(apol_policy_t *p, int protocol) {
+ %rename(set_protocol) wrap_set_protocol;
+ void wrap_set_protocol(apol_policy_t *p, int protocol) {
BEGIN_EXCEPTION
if (apol_nodecon_query_set_protocol(p, self, protocol)) {
SWIG_exception(SWIG_RuntimeError, "Could not set protocol for nodecon query");
@@ -2002,7 +2109,8 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t;
fail:
return;
};
- void set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
+ %rename(set_context) wrap_set_context;
+ void wrap_set_context(apol_policy_t *p, apol_context_t *ctx, int range_match) {
apol_nodecon_query_set_context(p, self, ctx, range_match);
};
};
@@ -2012,7 +2120,7 @@ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon);
/* apol avrule query */
typedef struct apol_avrule_query {} apol_avrule_query_t;
%extend apol_avrule_query_t {
- apol_avrule_query_t() {
+ apol_avrule_query() {
apol_avrule_query_t *avq;
BEGIN_EXCEPTION
avq = apol_avrule_query_create();
@@ -2023,7 +2131,7 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return avq;
};
- ~apol_avrule_query_t() {
+ ~apol_avrule_query() {
apol_avrule_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2048,10 +2156,12 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return v;
};
- void set_rules(apol_policy_t *p, int rules) {
+ %rename(set_rules) wrap_set_rules;
+ void wrap_set_rules(apol_policy_t *p, int rules) {
apol_avrule_query_set_rules(p, self, rules);
};
- void set_source(apol_policy_t *p, char *name, int indirect) {
+ %rename(set_source) wrap_set_source;
+ void wrap_set_source(apol_policy_t *p, char *name, int indirect) {
BEGIN_EXCEPTION
if (apol_avrule_query_set_source(p, self, name, indirect)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source for avrule query");
@@ -2060,7 +2170,8 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return;
};
- void set_source_component(apol_policy_t *p, int component) {
+ %rename(set_source_component) wrap_set_source_component;
+ void wrap_set_source_component(apol_policy_t *p, int component) {
BEGIN_EXCEPTION
if (apol_avrule_query_set_source_component(p, self, component)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source component for avrule query");
@@ -2069,7 +2180,8 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return;
};
- void set_target(apol_policy_t *p, char *name, int indirect) {
+ %rename(set_target) wrap_set_target;
+ void wrap_set_target(apol_policy_t *p, char *name, int indirect) {
BEGIN_EXCEPTION
if (apol_avrule_query_set_target(p, self, name, indirect)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target for avrule query");
@@ -2078,7 +2190,8 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return;
};
- void set_target_component(apol_policy_t *p, int component) {
+ %rename(set_target_component) wrap_set_target_component;
+ void wrap_set_target_component(apol_policy_t *p, int component) {
BEGIN_EXCEPTION
if (apol_avrule_query_set_target_component(p, self, component)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target component for avrule query");
@@ -2087,7 +2200,8 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return;
};
- void append_class(apol_policy_t *p, char *name) {
+ %rename(append_class) wrap_append_class;
+ void wrap_append_class(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_avrule_query_append_class(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append class to avrule query");
@@ -2096,7 +2210,8 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return;
};
- void append_perm(apol_policy_t *p, char *name) {
+ %rename(append_perm) wrap_append_perm;
+ void wrap_append_perm(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_avrule_query_append_perm(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append permission to avrule query");
@@ -2105,7 +2220,8 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return;
};
- void set_bool(apol_policy_t *p, char *name) {
+ %rename(set_bool) wrap_set_bool;
+ void wrap_set_bool(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_avrule_query_set_bool(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set boolean for avrule query");
@@ -2114,16 +2230,20 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return;
};
- void set_enabled(apol_policy_t *p, int enabled) {
+ %rename(set_enabled) wrap_set_enabled;
+ void wrap_set_enabled(apol_policy_t *p, int enabled) {
apol_avrule_query_set_enabled(p, self, enabled);
};
- void set_all_perms(apol_policy_t *p, int all_perms) {
+ %rename(set_all_perms) wrap_set_all_perms;
+ void wrap_set_all_perms(apol_policy_t *p, int all_perms) {
apol_avrule_query_set_all_perms(p, self, all_perms);
};
- void set_source_any(apol_policy_t *p, int is_any) {
+ %rename(set_source_any) wrap_set_source_any;
+ void wrap_set_source_any(apol_policy_t *p, int is_any) {
apol_avrule_query_set_source_any(p, self, is_any);
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_avrule_query_set_regex(p, self, regex);
};
};
@@ -2163,7 +2283,7 @@ char *apol_syn_avrule_render(apol_policy_t * policy, qpol_syn_avrule_t * rule);
/* apol terule query */
typedef struct apol_terule_query {} apol_terule_query_t;
%extend apol_terule_query_t {
- apol_terule_query_t() {
+ apol_terule_query() {
apol_terule_query_t *atq;
BEGIN_EXCEPTION
atq = apol_terule_query_create();
@@ -2174,7 +2294,7 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return atq;
};
- ~apol_terule_query_t() {
+ ~apol_terule_query() {
apol_terule_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2199,10 +2319,12 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return v;
};
- void set_rules(apol_policy_t *p, int rules) {
+ %rename(set_rules) wrap_set_rules;
+ void wrap_set_rules(apol_policy_t *p, int rules) {
apol_terule_query_set_rules(p, self, rules);
};
- void set_source(apol_policy_t *p, char *name, int indirect) {
+ %rename(set_source) wrap_set_source;
+ void wrap_set_source(apol_policy_t *p, char *name, int indirect) {
BEGIN_EXCEPTION
if (apol_terule_query_set_source(p, self, name, indirect)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source for terule query");
@@ -2211,7 +2333,8 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return;
};
- void set_source_component(apol_policy_t *p, int component) {
+ %rename(set_source_component) wrap_set_source_component;
+ void wrap_set_source_component(apol_policy_t *p, int component) {
BEGIN_EXCEPTION
if (apol_terule_query_set_source_component(p, self, component)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source component for terule query");
@@ -2220,7 +2343,8 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return;
};
- void set_target(apol_policy_t *p, char *name, int indirect) {
+ %rename(set_target) wrap_set_target;
+ void wrap_set_target(apol_policy_t *p, char *name, int indirect) {
BEGIN_EXCEPTION
if (apol_terule_query_set_target(p, self, name, indirect)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target for terule query");
@@ -2229,7 +2353,8 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return;
};
- void set_target_component(apol_policy_t *p, int component) {
+ %rename(set_target_component) wrap_set_target_component;
+ void wrap_set_target_component(apol_policy_t *p, int component) {
BEGIN_EXCEPTION
if (apol_terule_query_set_target_component(p, self, component)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target component for terule query");
@@ -2238,7 +2363,8 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return;
};
- void append_class(apol_policy_t *p, char *name) {
+ %rename(append_class) wrap_append_class;
+ void wrap_append_class(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_terule_query_append_class(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append class to terule query");
@@ -2247,7 +2373,8 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return;
};
- void set_default(apol_policy_t *p, char *name) {
+ %rename(set_default) wrap_set_default;
+ void wrap_set_default(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_terule_query_set_default(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set default for terule query");
@@ -2256,7 +2383,8 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return;
};
- void set_bool(apol_policy_t *p, char *name) {
+ %rename(set_bool) wrap_set_bool;
+ void wrap_set_bool(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_terule_query_set_bool(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set boolean for terule query");
@@ -2265,13 +2393,16 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return;
};
- void set_enabled(apol_policy_t *p, int enabled) {
+ %rename(set_enabled) wrap_set_enabled;
+ void wrap_set_enabled(apol_policy_t *p, int enabled) {
apol_terule_query_set_enabled(p, self, enabled);
};
- void set_source_any(apol_policy_t *p, int is_any) {
+ %rename(set_source_any) wrap_set_source_any;
+ void wrap_set_source_any(apol_policy_t *p, int is_any) {
apol_terule_query_set_source_any(p, self, is_any);
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_terule_query_set_regex(p, self, regex);
};
};
@@ -2287,7 +2418,7 @@ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t
/* apol cond rule query */
typedef struct apol_cond_query {} apol_cond_query_t;
%extend apol_cond_query_t {
- apol_cond_query_t() {
+ apol_cond_query() {
apol_cond_query_t *acq;
BEGIN_EXCEPTION
acq = apol_cond_query_create();
@@ -2298,7 +2429,7 @@ typedef struct apol_cond_query {} apol_cond_query_t;
fail:
return acq;
};
- ~apol_cond_query_t() {
+ ~apol_cond_query() {
apol_cond_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2312,7 +2443,8 @@ typedef struct apol_cond_query {} apol_cond_query_t;
fail:
return v;
};
- void set_bool(apol_policy_t *p, char *name) {
+ %rename(set_bool) wrap_set_bool;
+ void wrap_set_bool(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_cond_query_set_bool(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set boolean for condiional query");
@@ -2321,7 +2453,8 @@ typedef struct apol_cond_query {} apol_cond_query_t;
fail:
return;
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_cond_query_set_regex(p, self, regex);
};
};
@@ -2331,7 +2464,7 @@ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond);
/* apol role allow query */
typedef struct apol_role_allow_query {} apol_role_allow_query_t;
%extend apol_role_allow_query_t {
- apol_role_allow_query_t() {
+ apol_role_allow_query() {
apol_role_allow_query_t *arq;
BEGIN_EXCEPTION
arq = apol_role_allow_query_create();
@@ -2342,7 +2475,7 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t;
fail:
return arq;
};
- ~apol_role_allow_query_t() {
+ ~apol_role_allow_query() {
apol_role_allow_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2356,7 +2489,8 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t;
fail:
return v;
};
- void set_source(apol_policy_t *p, char *name) {
+ %rename(set_source) wrap_set_source;
+ void wrap_set_source(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_role_allow_query_set_source(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2365,7 +2499,8 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t;
fail:
return;
};
- void set_target(apol_policy_t *p, char *name) {
+ %rename(set_target) wrap_set_target;
+ void wrap_set_target(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_role_allow_query_set_target(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2374,10 +2509,12 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t;
fail:
return;
};
- void set_source_any(apol_policy_t *p, int is_any) {
+ %rename(set_source_any) wrap_set_source_any;
+ void wrap_set_source_any(apol_policy_t *p, int is_any) {
apol_role_allow_query_set_source_any(p, self, is_any);
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_role_allow_query_set_regex(p, self, regex);
};
};
@@ -2387,7 +2524,7 @@ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule);
/* apol role transition rule query */
typedef struct apol_role_trans_query {} apol_role_trans_query_t;
%extend apol_role_trans_query_t {
- apol_role_trans_query_t() {
+ apol_role_trans_query() {
apol_role_trans_query_t *arq;
BEGIN_EXCEPTION
arq = apol_role_trans_query_create();
@@ -2398,7 +2535,7 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
fail:
return arq;
};
- ~apol_role_trans_query_t() {
+ ~apol_role_trans_query() {
apol_role_trans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2412,7 +2549,8 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
fail:
return v;
};
- void set_source(apol_policy_t *p, char *name) {
+ %rename(set_source) wrap_set_source;
+ void wrap_set_source(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_role_trans_query_set_source(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2421,7 +2559,8 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
fail:
return;
};
- void set_target(apol_policy_t *p, char *name, int indirect) {
+ %rename(set_target) wrap_set_target;
+ void wrap_set_target(apol_policy_t *p, char *name, int indirect) {
BEGIN_EXCEPTION
if (apol_role_trans_query_set_target(p, self, name, indirect)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2430,7 +2569,8 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
fail:
return;
};
- void set_default(apol_policy_t *p, char *name) {
+ %rename(set_default) wrap_set_default;
+ void wrap_set_default(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_role_trans_query_set_default(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2439,10 +2579,12 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
fail:
return;
};
- void set_source_any(apol_policy_t *p, int is_any) {
+ %rename(set_source_any) wrap_set_source_any;
+ void wrap_set_source_any(apol_policy_t *p, int is_any) {
apol_role_trans_query_set_source_any(p, self, is_any);
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_role_trans_query_set_regex(p, self, regex);
};
};
@@ -2452,7 +2594,7 @@ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule);
/* apol range transition rule query */
typedef struct apol_range_trans_query {} apol_range_trans_query_t;
%extend apol_range_trans_query_t {
- apol_range_trans_query_t() {
+ apol_range_trans_query() {
apol_range_trans_query_t *arq;
BEGIN_EXCEPTION
arq = apol_range_trans_query_create();
@@ -2463,7 +2605,7 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return arq;
};
- ~apol_range_trans_query_t() {
+ ~apol_range_trans_query() {
apol_range_trans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2477,7 +2619,8 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return v;
};
- void set_source(apol_policy_t *p, char *name, int indirect) {
+ %rename(set_source) wrap_set_source;
+ void wrap_set_source(apol_policy_t *p, char *name, int indirect) {
BEGIN_EXCEPTION
if (apol_range_trans_query_set_source(p, self, name, indirect)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2486,7 +2629,8 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return;
};
- void set_target(apol_policy_t *p, char *name, int indirect) {
+ %rename(set_target) wrap_set_target;
+ void wrap_set_target(apol_policy_t *p, char *name, int indirect) {
BEGIN_EXCEPTION
if (apol_range_trans_query_set_target(p, self, name, indirect)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2495,7 +2639,8 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return;
};
- void append_class(apol_policy_t *p, char *name) {
+ %rename(append_class) wrap_append_class;
+ void wrap_append_class(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_range_trans_query_append_class(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append class to range transition query");
@@ -2504,7 +2649,8 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return;
};
- void set_range(apol_policy_t *p, apol_mls_range_t *rng, int range_match) {
+ %rename(set_range) wrap_set_range;
+ void wrap_set_range(apol_policy_t *p, apol_mls_range_t *rng, int range_match) {
BEGIN_EXCEPTION
if (apol_range_trans_query_set_range(p, self, rng, range_match)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2513,16 +2659,336 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return;
};
- void set_source_any(apol_policy_t *p, int is_any) {
+ %rename(set_source_any) wrap_set_source_any;
+ void wrap_set_source_any(apol_policy_t *p, int is_any) {
apol_range_trans_query_set_source_any(p, self, is_any);
};
- void set_regex(apol_policy_t *p, int regex) {
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
apol_range_trans_query_set_regex(p, self, regex);
};
};
%newobject apol_range_trans_render(apol_policy_t*, qpol_range_trans_t*);
char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule);
+/* apol filename transition rule query */
+typedef struct apol_filename_trans_query {} apol_filename_trans_query_t;
+%extend apol_filename_trans_query_t {
+ apol_filename_trans_query() {
+ apol_filename_trans_query_t *arq;
+ BEGIN_EXCEPTION
+ arq = apol_filename_trans_query_create();
+ if (!arq) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return arq;
+ };
+ ~apol_filename_trans_query() {
+ apol_filename_trans_query_destroy(&self);
+ };
+ %newobject run(apol_policy_t*);
+ apol_vector_t *run(apol_policy_t *p) {
+ apol_vector_t *v;
+ BEGIN_EXCEPTION
+ if (apol_filename_trans_get_by_query(p, self, &v)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not run filename transition query");
+ }
+ END_EXCEPTION
+ fail:
+ return v;
+ };
+ %rename(set_source) wrap_set_source;
+ void wrap_set_source(apol_policy_t *p, char *name, int indirect) {
+ BEGIN_EXCEPTION
+ if (apol_filename_trans_query_set_source(p, self, name, indirect)) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+ %rename(set_target) wrap_set_target;
+ void wrap_set_target(apol_policy_t *p, char *name, int indirect) {
+ BEGIN_EXCEPTION
+ if (apol_filename_trans_query_set_target(p, self, name, indirect)) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+ %rename(append_class) wrap_append_class;
+ void wrap_append_class(apol_policy_t *p, char *name) {
+ BEGIN_EXCEPTION
+ if (apol_filename_trans_query_append_class(p, self, name)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not append class to filename transition query");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+
+ %rename(set_default) wrap_set_default;
+ void wrap_set_default(apol_policy_t *p, char *name) {
+ BEGIN_EXCEPTION
+ if (apol_filename_trans_query_set_default(p, self, name)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not set default for filename transition query");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+
+ void set_filename(apol_policy_t *p, char *filename) {
+ BEGIN_EXCEPTION
+ if (apol_filename_trans_query_set_name(p, self, filename)) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+
+ %rename(set_source_any) wrap_set_source_any;
+ void wrap_set_source_any(apol_policy_t *p, int is_any) {
+ apol_filename_trans_query_set_source_any(p, self, is_any);
+ };
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
+ apol_filename_trans_query_set_regex(p, self, regex);
+ };
+};
+%newobject apol_filename_trans_render(apol_policy_t*, qpol_filename_trans_t*);
+char *apol_filename_trans_render(apol_policy_t * policy, qpol_filename_trans_t * rule);
+
+/* apol permissive query */
+typedef struct apol_permissive_query {} apol_permissive_query_t;
+%extend apol_permissive_query_t {
+ apol_permissive_query() {
+ apol_permissive_query_t *arq;
+ BEGIN_EXCEPTION
+ arq = apol_permissive_query_create();
+ if (!arq) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return arq;
+ };
+ ~apol_permissive_query() {
+ apol_permissive_query_destroy(&self);
+ };
+ %newobject run(apol_policy_t*);
+ apol_vector_t *run(apol_policy_t *p) {
+ apol_vector_t *v;
+ BEGIN_EXCEPTION
+ if (apol_permissive_get_by_query(p, self, &v)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not run permissive query");
+ }
+ END_EXCEPTION
+ fail:
+ return v;
+ };
+
+ %rename(set_name) wrap_set_name;
+ void wrap_set_name(apol_policy_t *p, char *name) {
+ BEGIN_EXCEPTION
+ if (apol_permissive_query_set_name(p, self, name)) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
+ apol_permissive_query_set_regex(p, self, regex);
+ };
+};
+
+/* apol polcap query */
+typedef struct apol_polcap_query {} apol_polcap_query_t;
+%extend apol_polcap_query_t {
+ apol_polcap_query() {
+ apol_polcap_query_t *arq;
+ BEGIN_EXCEPTION
+ arq = apol_polcap_query_create();
+ if (!arq) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return arq;
+ };
+ ~apol_polcap_query() {
+ apol_polcap_query_destroy(&self);
+ };
+ %newobject run(apol_policy_t*);
+ apol_vector_t *run(apol_policy_t *p) {
+ apol_vector_t *v;
+ BEGIN_EXCEPTION
+ if (apol_polcap_get_by_query(p, self, &v)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not run polcap query");
+ }
+ END_EXCEPTION
+ fail:
+ return v;
+ };
+
+ %rename(set_name) wrap_set_name;
+ void wrap_set_name(apol_policy_t *p, char *name) {
+ BEGIN_EXCEPTION
+ if (apol_polcap_query_set_name(p, self, name)) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
+ apol_polcap_query_set_regex(p, self, regex);
+ };
+};
+
+/* apol typebounds query */
+typedef struct apol_typebounds_query {} apol_typebounds_query_t;
+%extend apol_typebounds_query_t {
+ apol_typebounds_query() {
+ apol_typebounds_query_t *arq;
+ BEGIN_EXCEPTION
+ arq = apol_typebounds_query_create();
+ if (!arq) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return arq;
+ };
+ ~apol_typebounds_query() {
+ apol_typebounds_query_destroy(&self);
+ };
+ %newobject run(apol_policy_t*);
+ apol_vector_t *run(apol_policy_t *p) {
+ apol_vector_t *v;
+ BEGIN_EXCEPTION
+ if (apol_typebounds_get_by_query(p, self, &v)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not run typebounds query");
+ }
+ END_EXCEPTION
+ fail:
+ return v;
+ };
+ %rename(set_name) wrap_set_name;
+ void wrap_set_name(apol_policy_t *p, char *name) {
+ BEGIN_EXCEPTION
+ if (apol_typebounds_query_set_name(p, self, name)) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return;
+ };
+ %rename(set_regex) wrap_set_regex;
+ void wrap_set_regex(apol_policy_t *p, int regex) {
+ apol_typebounds_query_set_regex(p, self, regex);
+ };
+};
+
+/* apol rolebounds query */
+typedef struct apol_rolebounds_query {} apol_rolebounds_query_t;
+%extend apol_rolebounds_query_t {
+ apol_rolebounds_query() {
+ apol_rolebounds_query_t *arq;
+ BEGIN_EXCEPTION
+ arq = apol_rolebounds_query_create();
+ if (!arq) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return arq;
+ };
+ ~apol_rolebounds_query() {
+ apol_rolebounds_query_destroy(&self);
+ };
+ %newobject run(apol_policy_t*);
+ apol_vector_t *run(apol_policy_t *p) {
+ apol_vector_t *v;
+ BEGIN_EXCEPTION
+ if (apol_rolebounds_get_by_query(p, self, &v)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not run rolebounds query");
+ }
+ END_EXCEPTION
+ fail:
+ return v;
+ };
+};
+
+/* apol userbounds query */
+typedef struct apol_userbounds_query {} apol_userbounds_query_t;
+%extend apol_userbounds_query_t {
+ apol_userbounds_query() {
+ apol_userbounds_query_t *arq;
+ BEGIN_EXCEPTION
+ arq = apol_userbounds_query_create();
+ if (!arq) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return arq;
+ };
+ ~apol_userbounds_query() {
+ apol_userbounds_query_destroy(&self);
+ };
+ %newobject run(apol_policy_t*);
+ apol_vector_t *run(apol_policy_t *p) {
+ apol_vector_t *v;
+ BEGIN_EXCEPTION
+ if (apol_userbounds_get_by_query(p, self, &v)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not run userbounds query");
+ }
+ END_EXCEPTION
+ fail:
+ return v;
+ };
+};
+
+/* apol default_object query */
+typedef struct apol_default_object_query {} apol_default_object_query_t;
+%extend apol_default_object_query_t {
+ apol_default_object_query() {
+ apol_default_object_query_t *arq;
+ BEGIN_EXCEPTION
+ arq = apol_default_object_query_create();
+ if (!arq) {
+ SWIG_exception(SWIG_MemoryError, "Out of memory");
+ }
+ END_EXCEPTION
+ fail:
+ return arq;
+ };
+ ~apol_default_object_query() {
+ apol_default_object_query_destroy(&self);
+ };
+ %newobject run(apol_policy_t*);
+ apol_vector_t *run(apol_policy_t *p) {
+ apol_vector_t *v;
+ BEGIN_EXCEPTION
+ if (apol_default_object_get_by_query(p, self, &v)) {
+ SWIG_exception(SWIG_RuntimeError, "Could not run default object query");
+ }
+ END_EXCEPTION
+ fail:
+ return v;
+ };
+};
+
/* domain transition analysis */
#define APOL_DOMAIN_TRANS_DIRECTION_FORWARD 0x01
#define APOL_DOMAIN_TRANS_DIRECTION_REVERSE 0x02
@@ -2531,7 +2997,7 @@ char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule)
#define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID)
typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
%extend apol_domain_trans_analysis_t {
- apol_domain_trans_analysis_t() {
+ apol_domain_trans_analysis() {
apol_domain_trans_analysis_t *dta;
BEGIN_EXCEPTION
dta = apol_domain_trans_analysis_create();
@@ -2542,10 +3008,11 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return dta;
};
- ~apol_domain_trans_analysis_t() {
+ ~apol_domain_trans_analysis() {
apol_domain_trans_analysis_destroy(&self);
};
- void set_direction(apol_policy_t *p, int direction) {
+ %rename(set_direction) wrap_set_direction;
+ void wrap_set_direction(apol_policy_t *p, int direction) {
BEGIN_EXCEPTION
if (apol_domain_trans_analysis_set_direction(p, self, (unsigned char)direction)) {
SWIG_exception(SWIG_RuntimeError, "Could not set direction for domain transition analysis");
@@ -2554,7 +3021,8 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return;
};
- void set_valid(apol_policy_t *p, int valid) {
+ %rename(set_valid) wrap_set_valid;
+ void wrap_set_valid(apol_policy_t *p, int valid) {
BEGIN_EXCEPTION
if (apol_domain_trans_analysis_set_valid(p, self, (unsigned char)valid)) {
SWIG_exception(SWIG_RuntimeError, "Could not set valid flag for domain transition analysis");
@@ -2563,7 +3031,8 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return;
};
- void set_start_type(apol_policy_t *p, char *name) {
+ %rename(set_start_type) wrap_set_start_type;
+ void wrap_set_start_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_domain_trans_analysis_set_start_type(p, self, name)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2572,7 +3041,8 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return;
};
- void set_result_regex(apol_policy_t *p, char *regex) {
+ %rename(set_result_regex) wrap_set_result_regex;
+ void wrap_set_result_regex(apol_policy_t *p, char *regex) {
BEGIN_EXCEPTION
if (apol_domain_trans_analysis_set_result_regex(p, self, regex)) {
SWIG_exception(SWIG_MemoryError, "Out of memory");
@@ -2581,7 +3051,8 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return;
};
- void append_access_type(apol_policy_t *p, char *name) {
+ %rename(append_access_type) wrap_append_access_type;
+ void wrap_append_access_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_domain_trans_analysis_append_access_type(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append access type for domain transition analysis");
@@ -2590,7 +3061,8 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return;
};
- void append_class(apol_policy_t *p, char *class_name) {
+ %rename(append_class) wrap_append_class;
+ void wrap_append_class(apol_policy_t *p, char *class_name) {
BEGIN_EXCEPTION
if (apol_domain_trans_analysis_append_class(p, self, class_name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append access class for domain transition analysis");
@@ -2599,7 +3071,8 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return;
};
- void append_perm(apol_policy_t *p, char *perm_name) {
+ %rename(append_perm) wrap_append_perm;
+ void wrap_append_perm(apol_policy_t *p, char *perm_name) {
BEGIN_EXCEPTION
if (apol_domain_trans_analysis_append_perm(p, self, perm_name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append access permission for domain transition analysis");
@@ -2622,7 +3095,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
};
typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
%extend apol_domain_trans_result_t {
- apol_domain_trans_result_t(apol_domain_trans_result_t *in) {
+ apol_domain_trans_result(apol_domain_trans_result_t *in) {
apol_domain_trans_result_t *dtr;
BEGIN_EXCEPTION
dtr = apol_domain_trans_result_create_from_domain_trans_result(in);
@@ -2633,37 +3106,46 @@ typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
fail:
return dtr;
};
- ~apol_domain_trans_result_t() {
+ ~apol_domain_trans_result() {
apol_domain_trans_result_destroy(&self);
};
- const qpol_type_t *get_start_type() {
+ %rename(get_start_type) wrap_get_start_type;
+ const qpol_type_t *wrap_get_start_type() {
return apol_domain_trans_result_get_start_type(self);
};
- const qpol_type_t *get_entrypoint_type() {
+ %rename(get_entrypoint_type) wrap_get_entrypoint_type;
+ const qpol_type_t *wrap_get_entrypoint_type() {
return apol_domain_trans_result_get_entrypoint_type(self);
};
- const qpol_type_t *get_end_type() {
+ %rename(get_end_type) wrap_get_end_type;
+ const qpol_type_t *wrap_get_end_type() {
return apol_domain_trans_result_get_end_type(self);
};
int get_is_valid() {
return apol_domain_trans_result_is_trans_valid(self);
};
- const apol_vector_t *get_proc_trans_rules() {
+ %rename(get_proc_trans_rules) wrap_get_proc_trans_rules;
+ const apol_vector_t *wrap_get_proc_trans_rules() {
return apol_domain_trans_result_get_proc_trans_rules(self);
};
- const apol_vector_t *get_entrypoint_rules() {
+ %rename(get_entrypoint_rules) wrap_get_entrypoint_rules;
+ const apol_vector_t *wrap_get_entrypoint_rules() {
return apol_domain_trans_result_get_entrypoint_rules(self);
};
- const apol_vector_t *get_exec_rules() {
+ %rename(get_exec_rules) wrap_get_exec_rules;
+ const apol_vector_t *wrap_get_exec_rules() {
return apol_domain_trans_result_get_exec_rules(self);
};
- const apol_vector_t *get_setexec_rules() {
+ %rename(get_setexec_rules) wrap_get_setexec_rules;
+ const apol_vector_t *wrap_get_setexec_rules() {
return apol_domain_trans_result_get_setexec_rules(self);
};
- const apol_vector_t *get_type_trans_rules() {
+ %rename(get_type_trans_rules) wrap_get_type_trans_rules;
+ const apol_vector_t *wrap_get_type_trans_rules() {
return apol_domain_trans_result_get_type_trans_rules(self);
};
- const apol_vector_t *get_access_rules() {
+ %rename(get_access_rules) wrap_get_access_rules;
+ const apol_vector_t *wrap_get_access_rules() {
return apol_domain_trans_result_get_access_rules(self);
};
};
@@ -2705,14 +3187,14 @@ int apol_domain_trans_table_verify_trans(apol_policy_t * policy, qpol_type_t * s
%}
typedef struct apol_infoflow {} apol_infoflow_t;
%extend apol_infoflow_t {
- apol_infoflow_t() {
+ apol_infoflow() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_t() {
+ ~apol_infoflow() {
apol_infoflow_destroy(&self);
};
%newobject extract_graph();
@@ -2730,7 +3212,7 @@ typedef struct apol_infoflow {} apol_infoflow_t;
};
typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
%extend apol_infoflow_analysis_t {
- apol_infoflow_analysis_t() {
+ apol_infoflow_analysis() {
apol_infoflow_analysis_t *aia;
BEGIN_EXCEPTION
aia = apol_infoflow_analysis_create();
@@ -2741,7 +3223,7 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return aia;
};
- ~apol_infoflow_analysis_t() {
+ ~apol_infoflow_analysis() {
apol_infoflow_analysis_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2763,7 +3245,8 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
apol_infoflow_destroy(&ai);
return NULL;
};
- void set_mode(apol_policy_t *p, int mode) {
+ %rename(set_mode) wrap_set_mode;
+ void wrap_set_mode(apol_policy_t *p, int mode) {
BEGIN_EXCEPTION
if (apol_infoflow_analysis_set_mode(p, self, (unsigned int)mode)) {
SWIG_exception(SWIG_RuntimeError, "Could not set mode for information flow analysis");
@@ -2772,7 +3255,8 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return;
};
- void set_dir(apol_policy_t *p, int direction) {
+ %rename(set_dir) wrap_set_dir;
+ void wrap_set_dir(apol_policy_t *p, int direction) {
BEGIN_EXCEPTION
if (apol_infoflow_analysis_set_dir(p, self, (unsigned int)direction)) {
SWIG_exception(SWIG_RuntimeError, "Could not set direction for information flow analysis");
@@ -2781,7 +3265,8 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return;
};
- void set_type(apol_policy_t *p, char *name) {
+ %rename(set_type) wrap_set_type;
+ void wrap_set_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_infoflow_analysis_set_type(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set type for information flow analysis");
@@ -2790,7 +3275,8 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return;
};
- void append_intermediate(apol_policy_t *p, char *name) {
+ %rename(append_intermediate) wrap_append_intermediate;
+ void wrap_append_intermediate(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_infoflow_analysis_append_intermediate(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append intermediate type for information flow analysis");
@@ -2799,7 +3285,8 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return;
};
- void append_class_perm(apol_policy_t *p, char *class_name, char *perm_name) {
+ %rename(append_class_perm) wrap_append_class_perm;
+ void wrap_append_class_perm(apol_policy_t *p, char *class_name, char *perm_name) {
BEGIN_EXCEPTION
if (apol_infoflow_analysis_append_class_perm(p, self, class_name, perm_name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append class and permission for information flow analysis");
@@ -2808,10 +3295,12 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return;
};
- void set_min_weight(apol_policy_t *p, int weight) {
+ %rename(set_min_weight) wrap_set_min_weight;
+ void wrap_set_min_weight(apol_policy_t *p, int weight) {
apol_infoflow_analysis_set_min_weight(p, self, weight);
};
- void set_result_regex(apol_policy_t *p, char *regex) {
+ %rename(set_result_regex) wrap_set_result_regex;
+ void wrap_set_result_regex(apol_policy_t *p, char *regex) {
BEGIN_EXCEPTION
if (apol_infoflow_analysis_set_result_regex(p, self, regex)) {
SWIG_exception(SWIG_RuntimeError, "Could not set result regular expression for information flow analysis");
@@ -2823,14 +3312,14 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
};
typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
%extend apol_infoflow_graph_t {
- apol_infoflow_graph_t() {
+ apol_infoflow_graph() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_graph_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_graph_t() {
+ ~apol_infoflow_graph() {
apol_infoflow_graph_destroy(&self);
};
%newobject do_more(apol_policy_t*, char*);
@@ -2867,30 +3356,35 @@ typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
};
typedef struct apol_infoflow_result {} apol_infoflow_result_t;
%extend apol_infoflow_result_t {
- apol_infoflow_result_t() {
+ apol_infoflow_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_result_t() {
+ ~apol_infoflow_result() {
/* no op - vector will destroy */
return;
};
- int get_dir() {
+ %rename(get_dir) wrap_get_dir;
+ int wrap_get_dir() {
return (int)apol_infoflow_result_get_dir(self);
};
- const qpol_type_t *get_start_type() {
+ %rename(get_start_type) wrap_get_start_type;
+ const qpol_type_t *wrap_get_start_type() {
return apol_infoflow_result_get_start_type(self);
};
- const qpol_type_t *get_end_type() {
+ %rename(get_end_type) wrap_get_end_type;
+ const qpol_type_t *wrap_get_end_type() {
return apol_infoflow_result_get_end_type(self);
};
- int get_length() {
+ %rename(get_length) wrap_get_length;
+ int wrap_get_length() {
return (int) apol_infoflow_result_get_length(self);
}
- const apol_vector_t *get_steps() {
+ %rename(get_steps) wrap_get_steps;
+ const apol_vector_t *wrap_get_steps() {
return apol_infoflow_result_get_steps(self);
};
};
@@ -2901,27 +3395,31 @@ typedef struct apol_infoflow_result {} apol_infoflow_result_t;
%}
typedef struct apol_infoflow_step {} apol_infoflow_step_t;
%extend apol_infoflow_step_t {
- apol_infoflow_step_t() {
+ apol_infoflow_step() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_step_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_step_t() {
+ ~apol_infoflow_step() {
/* no op */
return;
};
- const qpol_type_t *get_start_type() {
+ %rename(get_start_type) wrap_get_start_type;
+ const qpol_type_t *wrap_get_start_type() {
return apol_infoflow_step_get_start_type(self);
};
- const qpol_type_t *get_end_type() {
+ %rename(get_end_type) wrap_get_end_type;
+ const qpol_type_t *wrap_get_end_type() {
return apol_infoflow_step_get_end_type(self);
};
- int get_weight() {
+ %rename(get_weight) wrap_get_weight;
+ int wrap_get_weight() {
return apol_infoflow_step_get_weight(self);
};
- const apol_vector_t *get_rules() {
+ %rename(get_rules) wrap_get_rules;
+ const apol_vector_t *wrap_get_rules() {
return apol_infoflow_step_get_rules(self);
};
};
@@ -2938,7 +3436,7 @@ typedef struct apol_infoflow_step {} apol_infoflow_step_t;
#define APOL_RELABEL_DIR_SUBJECT 0x04
typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
%extend apol_relabel_analysis_t {
- apol_relabel_analysis_t() {
+ apol_relabel_analysis() {
apol_relabel_analysis_t *ara;
BEGIN_EXCEPTION
ara = apol_relabel_analysis_create();
@@ -2949,7 +3447,7 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return ara;
};
- ~apol_relabel_analysis_t() {
+ ~apol_relabel_analysis() {
apol_relabel_analysis_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2963,7 +3461,8 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return v;
};
- void set_dir(apol_policy_t *p, int direction) {
+ %rename(set_dir) wrap_set_dir;
+ void wrap_set_dir(apol_policy_t *p, int direction) {
BEGIN_EXCEPTION
if (apol_relabel_analysis_set_dir(p, self, (unsigned int)direction)) {
SWIG_exception(SWIG_RuntimeError, "Could not set direction for relabel analysis");
@@ -2972,7 +3471,8 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return;
};
- void set_type(apol_policy_t *p, char *name) {
+ %rename(set_type) wrap_set_type;
+ void wrap_set_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_relabel_analysis_set_type(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set type for relabel analysis");
@@ -2981,7 +3481,8 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return;
};
- void append_class(apol_policy_t *p, char *name) {
+ %rename(append_class) wrap_append_class;
+ void wrap_append_class(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_relabel_analysis_append_class(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append class to relabel analysis");
@@ -2990,7 +3491,8 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return;
};
- void append_subject(apol_policy_t *p, char *name) {
+ %rename(append_subject) wrap_append_subject;
+ void wrap_append_subject(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_relabel_analysis_append_subject(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not append subject to relabel analysis");
@@ -2999,7 +3501,8 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return;
};
- void set_result_regex(apol_policy_t *p, char *regex) {
+ %rename(set_result_regex) wrap_set_result_regex;
+ void wrap_set_result_regex(apol_policy_t *p, char *regex) {
BEGIN_EXCEPTION
if (apol_relabel_analysis_set_result_regex(p, self, regex)) {
SWIG_exception(SWIG_RuntimeError, "Could not set result regular expression for relabel analysis");
@@ -3011,27 +3514,31 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
};
typedef struct apol_relabel_result {} apol_relabel_result_t;
%extend apol_relabel_result_t {
- apol_relabel_result_t() {
+ apol_relabel_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_relabel_result_t() {
+ ~apol_relabel_result() {
/* no op - vector will destroy */
return;
};
- const apol_vector_t *get_to() {
+ %rename(get_to) wrap_get_to;
+ const apol_vector_t *wrap_get_to() {
return apol_relabel_result_get_to(self);
};
- const apol_vector_t *get_from() {
+ %rename(get_from) wrap_get_from;
+ const apol_vector_t *wrap_get_from() {
return apol_relabel_result_get_from(self);
};
- const apol_vector_t *get_both() {
+ %rename(get_both) wrap_get_both;
+ const apol_vector_t *wrap_get_both() {
return apol_relabel_result_get_both(self);
};
- const qpol_type_t *get_result_type() {
+ %rename(get_result_type) wrap_get_result_type;
+ const qpol_type_t *wrap_get_result_type() {
return apol_relabel_result_get_result_type(self);
};
};
@@ -3042,24 +3549,27 @@ typedef struct apol_relabel_result {} apol_relabel_result_t;
%}
typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
%extend apol_relabel_result_pair_t {
- apol_relabel_result_pair_t() {
+ apol_relabel_result_pair() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_pair_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_relabel_result_pair_t() {
+ ~apol_relabel_result_pair() {
/* no op - owned and free()'d by apol_relabel_result_t */
return;
};
- const qpol_avrule_t *get_ruleA() {
+ %rename(get_ruleA) wrap_get_ruleA;
+ const qpol_avrule_t *wrap_get_ruleA() {
return apol_relabel_result_pair_get_ruleA(self);
};
- const qpol_avrule_t *get_ruleB() {
+ %rename(get_ruleB) wrap_get_ruleB;
+ const qpol_avrule_t *wrap_get_ruleB() {
return apol_relabel_result_pair_get_ruleB(self);
};
- const qpol_type_t *get_intermediate_type() {
+ %rename(get_intermediate_type) wrap_get_intermediate_type;
+ const qpol_type_t *wrap_get_intermediate_type() {
return apol_relabel_result_pair_get_intermediate_type(self);
};
};
@@ -3084,7 +3594,7 @@ typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
#define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000
typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
%extend apol_types_relation_analysis_t {
- apol_types_relation_analysis_t() {
+ apol_types_relation_analysis() {
apol_types_relation_analysis_t *atr;
BEGIN_EXCEPTION
atr = apol_types_relation_analysis_create();
@@ -3095,7 +3605,7 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
fail:
return atr;
};
- ~apol_types_relation_analysis_t() {
+ ~apol_types_relation_analysis() {
apol_types_relation_analysis_destroy(&self);
}
%newobject run(apol_policy_t*);
@@ -3109,7 +3619,8 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
fail:
return res;
};
- void set_first_type(apol_policy_t *p, char *name) {
+ %rename(set_first_type) wrap_set_first_type;
+ void wrap_set_first_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_types_relation_analysis_set_first_type(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set first type for types relation analysis");
@@ -3118,7 +3629,8 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
fail:
return;
};
- void set_other_type(apol_policy_t *p, char *name) {
+ %rename(set_other_type) wrap_set_other_type;
+ void wrap_set_other_type(apol_policy_t *p, char *name) {
BEGIN_EXCEPTION
if (apol_types_relation_analysis_set_other_type(p, self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set other type for types relation analysis");
@@ -3127,7 +3639,8 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
fail:
return;
};
- void set_analyses(apol_policy_t *p, int analyses) {
+ %rename(set_analyses) wrap_set_analyses;
+ void wrap_set_analyses(apol_policy_t *p, int analyses) {
BEGIN_EXCEPTION
if (apol_types_relation_analysis_set_analyses(p, self, (unsigned int)analyses)) {
SWIG_exception(SWIG_RuntimeError, "Could not set analyses to run for types relation analysis");
@@ -3139,76 +3652,92 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
};
typedef struct apol_types_relation_result {} apol_types_relation_result_t;
%extend apol_types_relation_result_t {
- apol_types_relation_result_t() {
+ apol_types_relation_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_types_relation_result_t() {
+ ~apol_types_relation_result() {
apol_types_relation_result_destroy(&self);
};
- const apol_vector_t *get_attributes() {
+ %rename(get_attributes) wrap_get_attributes;
+ const apol_vector_t *wrap_get_attributes() {
return apol_types_relation_result_get_attributes(self);
};
- const apol_vector_t *get_roles() {
+ %rename(get_roles) wrap_get_roles;
+ const apol_vector_t *wrap_get_roles() {
return apol_types_relation_result_get_roles(self);
};
- const apol_vector_t *get_users() {
+ %rename(get_users) wrap_get_users;
+ const apol_vector_t *wrap_get_users() {
return apol_types_relation_result_get_users(self);
};
- const apol_vector_t *get_similar_first() {
+ %rename(get_similar_first) wrap_get_similar_first;
+ const apol_vector_t *wrap_get_similar_first() {
return apol_types_relation_result_get_similar_first(self);
};
- const apol_vector_t *get_similar_other() {
+ %rename(get_similar_other) wrap_get_similar_other;
+ const apol_vector_t *wrap_get_similar_other() {
return apol_types_relation_result_get_similar_other(self);
};
- const apol_vector_t *get_dissimilar_first() {
+ %rename(get_dissimilar_first) wrap_get_dissimilar_first;
+ const apol_vector_t *wrap_get_dissimilar_first() {
return apol_types_relation_result_get_dissimilar_first(self);
};
- const apol_vector_t *get_dissimilar_other() {
+ %rename(get_dissimilar_other) wrap_get_dissimilar_other;
+ const apol_vector_t *wrap_get_dissimilar_other() {
return apol_types_relation_result_get_dissimilar_other(self);
};
- const apol_vector_t *get_allowrules() {
+ %rename(get_allowrules) wrap_get_allowrules;
+ const apol_vector_t *wrap_get_allowrules() {
return apol_types_relation_result_get_allowrules(self);
};
- const apol_vector_t *get_typerules() {
+ %rename(get_typerules) wrap_get_typerules;
+ const apol_vector_t *wrap_get_typerules() {
return apol_types_relation_result_get_typerules(self);
};
- const apol_vector_t *get_directflows() {
+ %rename(get_directflows) wrap_get_directflows;
+ const apol_vector_t *wrap_get_directflows() {
return apol_types_relation_result_get_directflows(self);
};
- const apol_vector_t *get_transflowsAB() {
+ %rename(get_transflowsAB) wrap_get_transflowsAB;
+ const apol_vector_t *wrap_get_transflowsAB() {
return apol_types_relation_result_get_transflowsAB(self);
};
- const apol_vector_t *get_transflowsBA() {
+ %rename(get_transflowsBA) wrap_get_transflowsBA;
+ const apol_vector_t *wrap_get_transflowsBA() {
return apol_types_relation_result_get_transflowsBA(self);
};
- const apol_vector_t*get_domainsAB() {
+ %rename(get_domainsAB) wrap_get_domainsAB;
+ const apol_vector_t*wrap_get_domainsAB() {
return apol_types_relation_result_get_domainsAB(self);
};
- const apol_vector_t*get_domainsBA() {
+ %rename(get_domainsBA) wrap_get_domainsBA;
+ const apol_vector_t*wrap_get_domainsBA() {
return apol_types_relation_result_get_domainsBA(self);
};
};
typedef struct apol_types_relation_access {} apol_types_relation_access_t;
%extend apol_types_relation_access_t {
- apol_types_relation_access_t() {
+ apol_types_relation_access() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_access_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_types_relation_access_t() {
+ ~apol_types_relation_access() {
/* no op - vector will destroy */
return;
};
- const qpol_type_t *get_type() {
+ %rename(get_type) wrap_get_type;
+ const qpol_type_t *wrap_get_type() {
return apol_types_relation_access_get_type(self);
};
- const apol_vector_t *get_rules() {
+ %rename(get_rules) wrap_get_rules;
+ const apol_vector_t *wrap_get_rules() {
return apol_types_relation_access_get_rules(self);
};
};
diff --git a/libpoldiff/swig/poldiff.i b/libpoldiff/swig/poldiff.i
index 29767a8..addbb21 100644
--- a/libpoldiff/swig/poldiff.i
+++ b/libpoldiff/swig/poldiff.i
@@ -273,7 +273,7 @@ typedef enum poldiff_form
%}
typedef struct poldiff_stats {} poldiff_stats_t;
%extend poldiff_stats_t {
- poldiff_stats_t() {
+ poldiff_stats() {
poldiff_stats_t *s;
BEGIN_EXCEPTION
s = poldiff_stats_create();
@@ -284,7 +284,7 @@ typedef struct poldiff_stats {} poldiff_stats_t;
fail:
return s;
};
- ~poldiff_stats_t() {
+ ~poldiff_stats() {
poldiff_stats_destroy(&self);
};
size_t get_stat(poldiff_form_e form) {
@@ -348,7 +348,7 @@ unsigned long to_ulong(void *x);
#endif
typedef struct poldiff {} poldiff_t;
%extend poldiff_t {
- poldiff_t(apol_policy_t *op, apol_policy_t *mp) {
+ poldiff(apol_policy_t *op, apol_policy_t *mp) {
poldiff_t *p;
BEGIN_EXCEPTION
p = poldiff_create(op, mp, poldiff_swig_message_callback, poldiff_swig_message_callback_arg);
@@ -360,10 +360,11 @@ typedef struct poldiff {} poldiff_t;
fail:
return NULL;
};
- ~poldiff_t() {
+ ~poldiff() {
poldiff_destroy(&self);
};
- void run(uint32_t flags) {
+ %rename(run) wrap_run;
+ void wrap_run(uint32_t flags) {
BEGIN_EXCEPTION
if (poldiff_run(self, flags)) {
SWIG_exception(SWIG_RuntimeError, "Could not run diff");
@@ -372,11 +373,13 @@ typedef struct poldiff {} poldiff_t;
fail:
return;
};
- int is_run(uint32_t flags) {
+ %rename(is_run) wrap_is_run;
+ int wrap_is_run(uint32_t flags) {
return poldiff_is_run(self, flags);
};
%newobject get_stats(uint32_t);
- poldiff_stats_t *get_stats(uint32_t flags) {
+ %rename(get_stats) wrap_get_stats;
+ poldiff_stats_t *wrap_get_stats(uint32_t flags) {
poldiff_stats_t *s = NULL;
BEGIN_EXCEPTION
s = poldiff_stats_create();
@@ -392,7 +395,8 @@ typedef struct poldiff {} poldiff_t;
poldiff_stats_destroy(&s);
return NULL;
};
- void enable_line_numbers() {
+ %rename(enable_line_numbers) wrap_enable_line_numbers;
+ void wrap_enable_line_numbers() {
BEGIN_EXCEPTION
if (poldiff_enable_line_numbers(self)) {
SWIG_exception(SWIG_RuntimeError, "Could not enable line numbers");
@@ -401,67 +405,88 @@ typedef struct poldiff {} poldiff_t;
fail:
return;
};
- const apol_vector_t *get_attrib_vector() {
+ %rename(get_attrib_vector) wrap_get_attrib_vector;
+ const apol_vector_t *wrap_get_attrib_vector() {
return poldiff_get_attrib_vector(self);
};
- const apol_vector_t *get_avrule_vector_allow() {
+ %rename(get_avrule_vector_allow) wrap_get_avrule_vector_allow;
+ const apol_vector_t *wrap_get_avrule_vector_allow() {
return poldiff_get_avrule_vector_allow(self);
};
- const apol_vector_t *get_avrule_vector_auditallow() {
+ %rename(get_avrule_vector_auditallow) wrap_get_avrule_vector_auditallow;
+ const apol_vector_t *wrap_get_avrule_vector_auditallow() {
return poldiff_get_avrule_vector_auditallow(self);
};
- const apol_vector_t *get_avrule_vector_dontaudit() {
+ %rename(get_avrule_vector_dontaudit) wrap_get_avrule_vector_dontaudit;
+ const apol_vector_t *wrap_get_avrule_vector_dontaudit() {
return poldiff_get_avrule_vector_dontaudit(self);
};
- const apol_vector_t *get_avrule_vector_neverallow() {
+ %rename(get_avrule_vector_neverallow) wrap_get_avrule_vector_neverallow;
+ const apol_vector_t *wrap_get_avrule_vector_neverallow() {
return poldiff_get_avrule_vector_neverallow(self);
};
- const apol_vector_t *get_bool_vector() {
+ %rename(get_bool_vector) wrap_get_bool_vector;
+ const apol_vector_t *wrap_get_bool_vector() {
return poldiff_get_bool_vector(self);
};
- const apol_vector_t *get_cat_vector() {
+ %rename(get_cat_vector) wrap_get_cat_vector;
+ const apol_vector_t *wrap_get_cat_vector() {
return poldiff_get_cat_vector(self);
};
- const apol_vector_t *get_class_vector() {
+ %rename(get_class_vector) wrap_get_class_vector;
+ const apol_vector_t *wrap_get_class_vector() {
return poldiff_get_class_vector(self);
};
- const apol_vector_t *get_common_vector() {
+ %rename(get_common_vector) wrap_get_common_vector;
+ const apol_vector_t *wrap_get_common_vector() {
return poldiff_get_common_vector(self);
};
- const apol_vector_t *get_level_vector() {
+ %rename(get_level_vector) wrap_get_level_vector;
+ const apol_vector_t *wrap_get_level_vector() {
return poldiff_get_level_vector(self);
};
- const apol_vector_t *get_range_trans_vector() {
+ %rename(get_range_trans_vector) wrap_get_range_trans_vector;
+ const apol_vector_t *wrap_get_range_trans_vector() {
return poldiff_get_range_trans_vector(self);
};
- const apol_vector_t *get_role_allow_vector() {
+ %rename(get_role_allow_vector) wrap_get_role_allow_vector;
+ const apol_vector_t *wrap_get_role_allow_vector() {
return poldiff_get_role_allow_vector(self);
};
- const apol_vector_t *get_role_trans_vector() {
+ %rename(get_role_trans_vector) wrap_get_role_trans_vector;
+ const apol_vector_t *wrap_get_role_trans_vector() {
return poldiff_get_role_trans_vector(self);
};
- const apol_vector_t *get_role_vector() {
+ %rename(get_role_vector) wrap_get_role_vector;
+ const apol_vector_t *wrap_get_role_vector() {
return poldiff_get_role_vector(self);
};
- const apol_vector_t *get_terule_vector_change() {
+ %rename(get_terule_vector_change) wrap_get_terule_vector_change;
+ const apol_vector_t *wrap_get_terule_vector_change() {
return poldiff_get_terule_vector_change(self);
};
- const apol_vector_t *get_terule_vector_member() {
+ %rename(get_terule_vector_member) wrap_get_terule_vector_member;
+ const apol_vector_t *wrap_get_terule_vector_member() {
return poldiff_get_terule_vector_member(self);
};
- const apol_vector_t *get_terule_vector_trans() {
+ %rename(get_terule_vector_trans) wrap_get_terule_vector_trans;
+ const apol_vector_t *wrap_get_terule_vector_trans() {
return poldiff_get_terule_vector_trans(self);
};
- const apol_vector_t *get_type_vector() {
+ %rename(get_type_vector) wrap_get_type_vector;
+ const apol_vector_t *wrap_get_type_vector() {
return poldiff_get_type_vector(self);
};
- const apol_vector_t *get_user_vector() {
+ %rename(get_user_vector) wrap_get_user_vector;
+ const apol_vector_t *wrap_get_user_vector() {
return poldiff_get_user_vector(self);
};
- const apol_vector_t *get_type_remap_entries() {
+ %rename(get_type_remap_entries) wrap_get_type_remap_entries;
+ const apol_vector_t *wrap_get_type_remap_entries() {
return poldiff_type_remap_get_entries(self);
};
- void type_remap_create(apol_string_vector_t *orig_types, apol_string_vector_t *mod_types) {
+ %rename(type_remap_create) wrap_type_remap_create;
+ void wrap_type_remap_create(apol_string_vector_t *orig_types, apol_string_vector_t *mod_types) {
BEGIN_EXCEPTION
if (poldiff_type_remap_create(self, (apol_vector_t*)orig_types, (apol_vector_t*)mod_types)) {
SWIG_exception(SWIG_RuntimeError, "Could not remap types");
@@ -478,19 +503,20 @@ typedef struct poldiff {} poldiff_t;
/* attribute diff */
typedef struct poldiff_attrib {} poldiff_attrib_t;
%extend poldiff_attrib_t {
- poldiff_attrib_t () {
+ poldiff_attrib () {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_attrib_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_attrib_t() {
+ ~poldiff_attrib() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_attrib_to_string(p, self);
@@ -501,16 +527,20 @@ typedef struct poldiff_attrib {} poldiff_attrib_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_attrib_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_attrib_get_form(self);
};
- const apol_string_vector_t *get_added_types() {
+ %rename(get_added_types) wrap_get_added_types;
+ const apol_string_vector_t *wrap_get_added_types() {
return (apol_string_vector_t*)poldiff_attrib_get_added_types(self);
};
- const apol_string_vector_t *get_removed_types() {
+ %rename(get_removed_types) wrap_get_removed_types;
+ const apol_string_vector_t *wrap_get_removed_types() {
return (apol_string_vector_t*)poldiff_attrib_get_removed_types(self);
};
};
@@ -523,19 +553,20 @@ typedef struct poldiff_attrib {} poldiff_attrib_t;
/* av rule diff */
typedef struct poldiff_avrule {} poldiff_avrule_t;
%extend poldiff_avrule_t {
- poldiff_avrule_t() {
+ poldiff_avrule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_avrule_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_avrule_t() {
+ ~poldiff_avrule() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_avrule_to_string(p, self);
@@ -546,22 +577,28 @@ typedef struct poldiff_avrule {} poldiff_avrule_t;
fail:
return str;
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_avrule_get_form(self);
};
- uint32_t get_rule_type() {
+ %rename(get_rule_type) wrap_get_rule_type;
+ uint32_t wrap_get_rule_type() {
return poldiff_avrule_get_rule_type(self);
};
- const char *get_source_type() {
+ %rename(get_source_type) wrap_get_source_type;
+ const char *wrap_get_source_type() {
return poldiff_avrule_get_source_type(self);
};
- const char *get_target_type() {
+ %rename(get_target_type) wrap_get_target_type;
+ const char *wrap_get_target_type() {
return poldiff_avrule_get_target_type(self);
};
- const char *get_object_class() {
+ %rename(get_object_class) wrap_get_object_class;
+ const char *wrap_get_object_class() {
return poldiff_avrule_get_object_class(self);
};
- const qpol_cond_t *get_cond(poldiff_t *p) {
+ %rename(get_cond) wrap_get_cond;
+ const qpol_cond_t *wrap_get_cond(poldiff_t *p) {
const qpol_cond_t *cond;
uint32_t which_list;
const apol_policy_t *which_pol;
@@ -582,20 +619,25 @@ typedef struct poldiff_avrule {} poldiff_avrule_t;
poldiff_avrule_get_cond(p, self, &cond, &which_list, &which_pol);
return which_pol;
};
- const apol_string_vector_t *get_unmodified_perms() {
+ %rename(get_unmodified_perms) wrap_get_unmodified_perms;
+ const apol_string_vector_t *wrap_get_unmodified_perms() {
return (apol_string_vector_t*)poldiff_avrule_get_unmodified_perms(self);
};
- const apol_string_vector_t *get_added_perms() {
+ %rename(get_added_perms) wrap_get_added_perms;
+ const apol_string_vector_t *wrap_get_added_perms() {
return (apol_string_vector_t*)poldiff_avrule_get_added_perms(self);
};
- const apol_string_vector_t *get_removed_perms() {
+ %rename(get_removed_perms) wrap_get_removed_perms;
+ const apol_string_vector_t *wrap_get_removed_perms() {
return (apol_string_vector_t*)poldiff_avrule_get_removed_perms(self);
};
- const apol_vector_t *get_orig_line_numbers() {
+ %rename(get_orig_line_numbers) wrap_get_orig_line_numbers;
+ const apol_vector_t *wrap_get_orig_line_numbers() {
return poldiff_avrule_get_orig_line_numbers(self);
};
%newobject get_orig_line_numbers_for_perm(poldiff_t*, char*);
- apol_vector_t *get_orig_line_numbers_for_perm(poldiff_t *p, char *perm) {
+ %rename(get_orig_line_numbers_for_perm) wrap_get_orig_line_numbers_for_perm;
+ apol_vector_t *wrap_get_orig_line_numbers_for_perm(poldiff_t *p, char *perm) {
apol_vector_t *v;
BEGIN_EXCEPTION
v = poldiff_avrule_get_orig_line_numbers_for_perm(p, self, perm);
@@ -606,11 +648,13 @@ typedef struct poldiff_avrule {} poldiff_avrule_t;
fail:
return v;
};
- const apol_vector_t *get_mod_line_numbers() {
+ %rename(get_mod_line_numbers) wrap_get_mod_line_numbers;
+ const apol_vector_t *wrap_get_mod_line_numbers() {
return poldiff_avrule_get_mod_line_numbers(self);
};
%newobject get_mod_line_numbers_for_perm(poldiff_t*, char*);
- apol_vector_t *get_mod_line_numbers_for_perm(poldiff_t *p, char *perm) {
+ %rename(get_mod_line_numbers_for_perm) wrap_get_mod_line_numbers_for_perm;
+ apol_vector_t *wrap_get_mod_line_numbers_for_perm(poldiff_t *p, char *perm) {
apol_vector_t *v;
BEGIN_EXCEPTION
v = poldiff_avrule_get_mod_line_numbers_for_perm(p, self, perm);
@@ -631,19 +675,20 @@ typedef struct poldiff_avrule {} poldiff_avrule_t;
/* boolean diff */
typedef struct poldiff_bool {} poldiff_bool_t;
%extend poldiff_bool_t {
- poldiff_bool_t() {
+ poldiff_bool() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_bool_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_bool_t() {
+ ~poldiff_bool() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_bool_to_string(p, self);
@@ -654,10 +699,12 @@ typedef struct poldiff_bool {} poldiff_bool_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_bool_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_bool_get_form(self);
};
};
@@ -670,19 +717,20 @@ typedef struct poldiff_bool {} poldiff_bool_t;
/* category diff */
typedef struct poldiff_cat {} poldiff_cat_t;
%extend poldiff_cat_t {
- poldiff_cat_t() {
+ poldiff_cat() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_cat_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_cat_t() {
+ ~poldiff_cat() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_cat_to_string(p, self);
@@ -693,10 +741,12 @@ typedef struct poldiff_cat {} poldiff_cat_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_cat_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_cat_get_form(self);
};
};
@@ -709,19 +759,20 @@ typedef struct poldiff_cat {} poldiff_cat_t;
/* class diff */
typedef struct poldiff_class {} poldiff_class_t;
%extend poldiff_class_t {
- poldiff_class_t() {
+ poldiff_class() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_class_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_class_t() {
+ ~poldiff_class() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_class_to_string(p, self);
@@ -732,16 +783,20 @@ typedef struct poldiff_class {} poldiff_class_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_class_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_class_get_form(self);
};
- const apol_string_vector_t *get_added_perms() {
+ %rename(get_added_perms) wrap_get_added_perms;
+ const apol_string_vector_t *wrap_get_added_perms() {
return (apol_string_vector_t*)poldiff_class_get_added_perms(self);
};
- const apol_string_vector_t *get_removed_perms() {
+ %rename(get_removed_perms) wrap_get_removed_perms;
+ const apol_string_vector_t *wrap_get_removed_perms() {
return (apol_string_vector_t*)poldiff_class_get_removed_perms(self);
};
};
@@ -754,19 +809,20 @@ typedef struct poldiff_class {} poldiff_class_t;
/* common diff */
typedef struct poldiff_common {} poldiff_common_t;
%extend poldiff_common_t {
- poldiff_common_t() {
+ poldiff_common() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_common_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_common_t() {
+ ~poldiff_common() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_common_to_string(p, self);
@@ -777,16 +833,20 @@ typedef struct poldiff_common {} poldiff_common_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_common_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_common_get_form(self);
};
- const apol_string_vector_t *get_added_perms() {
+ %rename(get_added_perms) wrap_get_added_perms;
+ const apol_string_vector_t *wrap_get_added_perms() {
return (apol_string_vector_t*)poldiff_common_get_added_perms(self);
};
- const apol_string_vector_t *get_removed_perms() {
+ %rename(get_removed_perms) wrap_get_removed_perms;
+ const apol_string_vector_t *wrap_get_removed_perms() {
return (apol_string_vector_t*)poldiff_common_get_removed_perms(self);
};
};
@@ -799,19 +859,20 @@ typedef struct poldiff_common {} poldiff_common_t;
/* level diff */
typedef struct poldiff_level {} poldiff_level_t;
%extend poldiff_level_t {
- poldiff_level_t() {
+ poldiff_level() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_level_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_level_t() {
+ ~poldiff_level() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_level_to_string(p, self);
@@ -823,7 +884,8 @@ typedef struct poldiff_level {} poldiff_level_t;
return str;
};
%newobject to_string_brief(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string_brief) wrap_to_string_brief;
+ char *wrap_to_string_brief(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_level_to_string_brief(p, self);
@@ -834,19 +896,24 @@ typedef struct poldiff_level {} poldiff_level_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_level_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_level_get_form(self);
};
- const apol_string_vector_t *get_unmodified_cats() {
+ %rename(get_unmodified_cats) wrap_get_unmodified_cats;
+ const apol_string_vector_t *wrap_get_unmodified_cats() {
return (apol_string_vector_t*)poldiff_level_get_unmodified_cats(self);
};
- const apol_string_vector_t *get_added_cats() {
+ %rename(get_added_cats) wrap_get_added_cats;
+ const apol_string_vector_t *wrap_get_added_cats() {
return (apol_string_vector_t*)poldiff_level_get_added_cats(self);
};
- const apol_string_vector_t *get_removed_cats() {
+ %rename(get_removed_cats) wrap_get_removed_cats;
+ const apol_string_vector_t *wrap_get_removed_cats() {
return (apol_string_vector_t*)poldiff_level_get_removed_cats(self);
};
};
@@ -859,14 +926,14 @@ typedef struct poldiff_level {} poldiff_level_t;
/* range diff */
typedef struct poldiff_range {} poldiff_range_t;
%extend poldiff_range_t {
- poldiff_range_t() {
+ poldiff_range() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_range_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_range_t() {
+ ~poldiff_range() {
/* no op */
return;
};
@@ -882,22 +949,28 @@ typedef struct poldiff_range {} poldiff_range_t;
fail:
return str;
};
- const apol_vector_t *get_levels() {
+ %rename(get_levels) wrap_get_levels;
+ const apol_vector_t *wrap_get_levels() {
return poldiff_range_get_levels(self);
};
- const apol_mls_range_t *get_original_range() {
+ %rename(get_original_range) wrap_get_original_range;
+ const apol_mls_range_t *wrap_get_original_range() {
return poldiff_range_get_original_range(self);
};
- const apol_mls_range_t *get_modified_range() {
+ %rename(get_modified_range) wrap_get_modified_range;
+ const apol_mls_range_t *wrap_get_modified_range() {
return poldiff_range_get_modified_range(self);
};
- const apol_string_vector_t *get_min_added_cats() {
+ %rename(get_min_added_cats) wrap_get_min_added_cats;
+ const apol_string_vector_t *wrap_get_min_added_cats() {
return (apol_string_vector_t*)poldiff_range_get_min_added_cats(self);
};
- const apol_string_vector_t *get_min_removed_cats() {
+ %rename(get_min_removed_cats) wrap_get_min_removed_cats;
+ const apol_string_vector_t *wrap_get_min_removed_cats() {
return (apol_string_vector_t*)poldiff_range_get_min_removed_cats(self);
};
- const apol_string_vector_t *get_min_unmodified_cats() {
+ %rename(get_min_unmodified_cats) wrap_get_min_unmodified_cats;
+ const apol_string_vector_t *wrap_get_min_unmodified_cats() {
return (apol_string_vector_t*)poldiff_range_get_min_unmodified_cats(self);
};
};
@@ -910,19 +983,20 @@ typedef struct poldiff_range {} poldiff_range_t;
/* range_transition rule diff */
typedef struct poldiff_range_trans {} poldiff_range_trans_t;
%extend poldiff_range_trans_t {
- poldiff_range_trans_t() {
+ poldiff_range_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_range_trans_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_range_trans_t() {
+ ~poldiff_range_trans() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_range_trans_to_string(p, self);
@@ -933,19 +1007,24 @@ typedef struct poldiff_range_trans {} poldiff_range_trans_t;
fail:
return str;
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_range_trans_get_form(self);
};
- const char *get_source_type() {
+ %rename(get_source_type) wrap_get_source_type;
+ const char *wrap_get_source_type() {
return poldiff_range_trans_get_source_type(self);
};
- const char *get_target_type() {
+ %rename(get_target_type) wrap_get_target_type;
+ const char *wrap_get_target_type() {
return poldiff_range_trans_get_target_type(self);
};
- const char *get_target_class() {
+ %rename(get_target_class) wrap_get_target_class;
+ const char *wrap_get_target_class() {
return poldiff_range_trans_get_target_class(self);
};
- const poldiff_range_t *get_range() {
+ %rename(get_range) wrap_get_range;
+ const poldiff_range_t *wrap_get_range() {
return poldiff_range_trans_get_range(self);
};
};
@@ -958,19 +1037,20 @@ typedef struct poldiff_range_trans {} poldiff_range_trans_t;
/* role allow rule diff */
typedef struct poldiff_role_allow {} poldiff_role_allow_t;
%extend poldiff_role_allow_t {
- poldiff_role_allow_t() {
+ poldiff_role_allow() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_role_allow_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_role_allow_t() {
+ ~poldiff_role_allow() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_role_allow_to_string(p, self);
@@ -981,19 +1061,24 @@ typedef struct poldiff_role_allow {} poldiff_role_allow_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_role_allow_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_role_allow_get_form(self);
};
- const apol_string_vector_t *get_unmodified_roles() {
+ %rename(get_unmodified_roles) wrap_get_unmodified_roles;
+ const apol_string_vector_t *wrap_get_unmodified_roles() {
return (apol_string_vector_t*)poldiff_role_allow_get_unmodified_roles(self);
};
- const apol_string_vector_t *get_added_roles() {
+ %rename(get_added_roles) wrap_get_added_roles;
+ const apol_string_vector_t *wrap_get_added_roles() {
return (apol_string_vector_t*)poldiff_role_allow_get_added_roles(self);
};
- const apol_string_vector_t *get_removed_roles() {
+ %rename(get_removed_roles) wrap_get_removed_roles;
+ const apol_string_vector_t *wrap_get_removed_roles() {
return (apol_string_vector_t*)poldiff_role_allow_get_removed_roles(self);
};
};
@@ -1006,19 +1091,20 @@ typedef struct poldiff_role_allow {} poldiff_role_allow_t;
/* role_transition rule diff */
typedef struct poldiff_role_trans {} poldiff_role_trans_t;
%extend poldiff_role_trans_t {
- poldiff_role_trans_t() {
+ poldiff_role_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_role_trans_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_role_trans_t() {
+ ~poldiff_role_trans() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_role_trans_to_string(p, self);
@@ -1029,19 +1115,24 @@ typedef struct poldiff_role_trans {} poldiff_role_trans_t;
fail:
return str;
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_role_trans_get_form(self);
};
- const char *get_source_role() {
+ %rename(get_source_role) wrap_get_source_role;
+ const char *wrap_get_source_role() {
return poldiff_role_trans_get_source_role(self);
};
- const char *get_target_type() {
+ %rename(get_target_type) wrap_get_target_type;
+ const char *wrap_get_target_type() {
return poldiff_role_trans_get_target_type(self);
};
- const char *get_original_default() {
+ %rename(get_original_default) wrap_get_original_default;
+ const char *wrap_get_original_default() {
return poldiff_role_trans_get_original_default(self);
};
- const char *get_modified_default() {
+ %rename(get_modified_default) wrap_get_modified_default;
+ const char *wrap_get_modified_default() {
return poldiff_role_trans_get_modified_default(self);
};
};
@@ -1054,19 +1145,20 @@ typedef struct poldiff_role_trans {} poldiff_role_trans_t;
/* role diff */
typedef struct poldiff_role {} poldiff_role_t;
%extend poldiff_role_t {
- poldiff_role_t() {
+ poldiff_role() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_role_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_role_t() {
+ ~poldiff_role() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_role_to_string(p, self);
@@ -1077,16 +1169,20 @@ typedef struct poldiff_role {} poldiff_role_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_role_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_role_get_form(self);
};
- const apol_string_vector_t *get_added_types() {
+ %rename(get_added_types) wrap_get_added_types;
+ const apol_string_vector_t *wrap_get_added_types() {
return (apol_string_vector_t*)poldiff_role_get_added_types(self);
};
- const apol_string_vector_t *get_removed_types() {
+ %rename(get_removed_types) wrap_get_removed_types;
+ const apol_string_vector_t *wrap_get_removed_types() {
return (apol_string_vector_t*)poldiff_role_get_removed_types(self);
};
};
@@ -1099,19 +1195,20 @@ typedef struct poldiff_role {} poldiff_role_t;
/* te rule diff */
typedef struct poldiff_terule {} poldiff_terule_t;
%extend poldiff_terule_t {
- poldiff_terule_t() {
+ poldiff_terule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_terule_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_terule_t() {
+ ~poldiff_terule() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_terule_to_string(p, self);
@@ -1122,22 +1219,28 @@ typedef struct poldiff_terule {} poldiff_terule_t;
fail:
return str;
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_terule_get_form(self);
};
- uint32_t get_rule_type() {
+ %rename(get_rule_type) wrap_get_rule_type;
+ uint32_t wrap_get_rule_type() {
return poldiff_terule_get_rule_type(self);
};
- const char *get_source_type() {
+ %rename(get_source_type) wrap_get_source_type;
+ const char *wrap_get_source_type() {
return poldiff_terule_get_source_type(self);
};
- const char *get_target_type() {
+ %rename(get_target_type) wrap_get_target_type;
+ const char *wrap_get_target_type() {
return poldiff_terule_get_target_type(self);
};
- const char *get_object_class() {
+ %rename(get_object_class) wrap_get_object_class;
+ const char *wrap_get_object_class() {
return poldiff_terule_get_object_class(self);
};
- const qpol_cond_t *get_cond(poldiff_t *p) {
+ %rename(get_cond) wrap_get_cond;
+ const qpol_cond_t *wrap_get_cond(poldiff_t *p) {
const qpol_cond_t *cond;
uint32_t which_list;
const apol_policy_t *which_pol;
@@ -1158,16 +1261,20 @@ typedef struct poldiff_terule {} poldiff_terule_t;
poldiff_terule_get_cond(p, self, &cond, &which_list, &which_pol);
return which_pol;
};
- const char *get_original_default() {
+ %rename(get_original_default) wrap_get_original_default;
+ const char *wrap_get_original_default() {
return poldiff_terule_get_original_default(self);
};
- const char *get_modified_default() {
+ %rename(get_modified_default) wrap_get_modified_default;
+ const char *wrap_get_modified_default() {
return poldiff_terule_get_modified_default(self);
};
- const apol_vector_t *get_orig_line_numbers() {
+ %rename(get_orig_line_numbers) wrap_get_orig_line_numbers;
+ const apol_vector_t *wrap_get_orig_line_numbers() {
return poldiff_terule_get_orig_line_numbers(self);
};
- const apol_vector_t *get_mod_line_numbers() {
+ %rename(get_mod_line_numbers) wrap_get_mod_line_numbers;
+ const apol_vector_t *wrap_get_mod_line_numbers() {
return poldiff_terule_get_mod_line_numbers(self);
};
};
@@ -1180,19 +1287,20 @@ typedef struct poldiff_terule {} poldiff_terule_t;
/* type diff */
typedef struct poldiff_type {} poldiff_type_t;
%extend poldiff_type_t {
- poldiff_type_t() {
+ poldiff_type() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_type_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_type_t() {
+ ~poldiff_type() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_type_to_string(p, self);
@@ -1203,16 +1311,20 @@ typedef struct poldiff_type {} poldiff_type_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_type_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_type_get_form(self);
};
- const apol_string_vector_t *get_added_attribs() {
+ %rename(get_added_attribs) wrap_get_added_attribs;
+ const apol_string_vector_t *wrap_get_added_attribs() {
return (apol_string_vector_t*)poldiff_type_get_added_attribs(self);
};
- const apol_string_vector_t *get_removed_attribs() {
+ %rename(get_removed_attribs) wrap_get_removed_attribs;
+ const apol_string_vector_t *wrap_get_removed_attribs() {
return (apol_string_vector_t*)poldiff_type_get_removed_attribs(self);
};
};
@@ -1225,19 +1337,20 @@ typedef struct poldiff_type {} poldiff_type_t;
/* user diff */
typedef struct poldiff_user {} poldiff_user_t;
%extend poldiff_user_t {
- poldiff_user_t() {
+ poldiff_user() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_user_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_user_t() {
+ ~poldiff_user() {
/* no op */
return;
};
%newobject to_string(poldiff_t*);
- char *to_string(poldiff_t *p) {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string(poldiff_t *p) {
char *str;
BEGIN_EXCEPTION
str = poldiff_user_to_string(p, self);
@@ -1248,28 +1361,36 @@ typedef struct poldiff_user {} poldiff_user_t;
fail:
return str;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return poldiff_user_get_name(self);
};
- poldiff_form_e get_form() {
+ %rename(get_form) wrap_get_form;
+ poldiff_form_e wrap_get_form() {
return poldiff_user_get_form(self);
};
- const apol_string_vector_t *get_unmodified_roles() {
+ %rename(get_unmodified_roles) wrap_get_unmodified_roles;
+ const apol_string_vector_t *wrap_get_unmodified_roles() {
return (apol_string_vector_t*)poldiff_user_get_unmodified_roles(self);
};
- const apol_string_vector_t *get_added_roles() {
+ %rename(get_added_roles) wrap_get_added_roles;
+ const apol_string_vector_t *wrap_get_added_roles() {
return (apol_string_vector_t*)poldiff_user_get_added_roles(self);
};
- const apol_string_vector_t *get_removed_roles() {
+ %rename(get_removed_roles) wrap_get_removed_roles;
+ const apol_string_vector_t *wrap_get_removed_roles() {
return (apol_string_vector_t*)poldiff_user_get_removed_roles(self);
};
- const poldiff_level_t *get_original_dfltlevel() {
+ %rename(get_original_dfltlevel) wrap_get_original_dfltlevel;
+ const poldiff_level_t *wrap_get_original_dfltlevel() {
return poldiff_user_get_original_dfltlevel(self);
};
- const poldiff_level_t *get_modified_dfltlevel() {
+ %rename(get_modified_dfltlevel) wrap_get_modified_dfltlevel;
+ const poldiff_level_t *wrap_get_modified_dfltlevel() {
return poldiff_user_get_modified_dfltlevel(self);
};
- const poldiff_range_t *get_range() {
+ %rename(get_range) wrap_get_range;
+ const poldiff_range_t *wrap_get_range() {
return poldiff_user_get_range(self);
};
};
@@ -1282,19 +1403,20 @@ typedef struct poldiff_user {} poldiff_user_t;
/* type remap */
typedef struct poldiff_type_remap_entry {} poldiff_type_remap_entry_t;
%extend poldiff_type_remap_entry_t {
- poldiff_type_remap_entry_t() {
+ poldiff_type_remap_entry() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create poldiff_type_remap_entry_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~poldiff_type_remap_entry_t() {
+ ~poldiff_type_remap_entry() {
/* no op */
return;
};
%newobject get_original_types(poldiff_t*);
- apol_string_vector_t *get_original_types(poldiff_t *p) {
+ %rename(get_original_types) wrap_get_original_types;
+ apol_string_vector_t *wrap_get_original_types(poldiff_t *p) {
apol_vector_t *v;
BEGIN_EXCEPTION
v = poldiff_type_remap_entry_get_original_types(p, self);
@@ -1306,7 +1428,8 @@ typedef struct poldiff_type_remap_entry {} poldiff_type_remap_entry_t;
return (apol_string_vector_t*)v;
};
%newobject get_modified_types(poldiff_t*);
- apol_string_vector_t *get_modified_types(poldiff_t *p) {
+ %rename(get_modified_types) wrap_get_modified_types;
+ apol_string_vector_t *wrap_get_modified_types(poldiff_t *p) {
apol_vector_t *v;
BEGIN_EXCEPTION
v = poldiff_type_remap_entry_get_modified_types(p, self);
@@ -1317,13 +1440,16 @@ typedef struct poldiff_type_remap_entry {} poldiff_type_remap_entry_t;
fail:
return (apol_string_vector_t*)v;
};
- int get_is_inferred() {
+ %rename(get_is_inferred) wrap_get_is_inferred;
+ int wrap_get_is_inferred() {
return poldiff_type_remap_entry_get_is_inferred(self);
};
- int get_is_enabled() {
+ %rename(get_is_enabled) wrap_get_is_enabled;
+ int wrap_get_is_enabled() {
return poldiff_type_remap_entry_get_is_enabled(self);
};
- void set_enabled(int enable) {
+ %rename(set_enabled) wrap_set_enabled;
+ void wrap_set_enabled(int enable) {
poldiff_type_remap_entry_set_enabled(self, enable);
};
};
diff --git a/libqpol/include/qpol/Makefile.am b/libqpol/include/qpol/Makefile.am
index 9b570e1..cfd4b12 100644
--- a/libqpol/include/qpol/Makefile.am
+++ b/libqpol/include/qpol/Makefile.am
@@ -7,6 +7,7 @@ qpol_HEADERS = \
cond_query.h \
constraint_query.h \
context_query.h \
+ default_object_query.h \
fs_use_query.h \
genfscon_query.h \
isid_query.h \
@@ -17,6 +18,7 @@ qpol_HEADERS = \
netifcon_query.h \
nodecon_query.h \
permissive_query.h \
+ bounds_query.h \
polcap_query.h \
policy.h \
policy_extend.h \
diff --git a/libqpol/include/qpol/bounds_query.h b/libqpol/include/qpol/bounds_query.h
new file mode 100644
index 0000000..da5e525
--- /dev/null
+++ b/libqpol/include/qpol/bounds_query.h
@@ -0,0 +1,162 @@
+/**
+ * @file
+ * Defines the public interface for searching and iterating over the permissive types.
+ *
+ * @author Richard Haines richard_c_haines@btinternet.com
+ *
+ * Copyright (C) 2006-2009 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef QPOL_BOUNDS_QUERY_H
+#define QPOL_BOUNDS_QUERY_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+#include <qpol/iterator.h>
+#include <qpol/policy.h>
+
+
+ /************ TYPEBOUNDS *************/
+ typedef struct qpol_typebounds qpol_typebounds_t;
+
+/**
+ * Get an iterator for the typebounds types in a policy.
+ * @param policy The policy from which to create the iterator.
+ * @param iter Iterator over items of type qpol_isid_t returned.
+ * The caller is responsible for calling qpol_iterator_destroy
+ * to free memory used by this iterator.
+ * It is important to note that this iterator is only valid as long
+ * as the policy is unmodified.
+ * @return 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *iter will be NULL.
+ */
+ extern int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter);
+
+
+/**
+ * Get the name which identifies a typebounds type from its datum.
+ * @param policy The policy with which the type bounds type is associated.
+ * @param datum typebounds datum for which to get the name. Must be non-NULL.
+ * @param name Pointer to the string in which to store the name.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *name will be NULL.
+ */
+ extern int qpol_typebounds_get_parent_name(const qpol_policy_t *policy, const qpol_typebounds_t *datum, const char **name);
+
+/**
+ * Get the name which identifies a typebounds type from its datum.
+ * @param policy The policy with which the type bounds type is associated.
+ * @param datum typebounds datum for which to get the name. Must be non-NULL.
+ * @param name Pointer to the string in which to store the name.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *name will be NULL.
+ */
+ extern int qpol_typebounds_get_child_name(const qpol_policy_t *policy, const qpol_typebounds_t *datum, const char **name);
+
+ /************ ROLEBOUNDS *************/
+ typedef struct qpol_rolebounds qpol_rolebounds_t;
+
+/**
+ * Get an iterator for the rolebounds types in a policy.
+ * @param policy The policy from which to create the iterator.
+ * @param iter Iterator over items of type qpol_isid_t returned.
+ * The caller is responsible for calling qpol_iterator_destroy
+ * to free memory used by this iterator.
+ * It is important to note that this iterator is only valid as long
+ * as the policy is unmodified.
+ * @return 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *iter will be NULL.
+ */
+ extern int qpol_policy_get_rolebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter);
+
+
+/**
+ * Get the name which identifies a rolebounds type from its datum.
+ * @param policy The policy with which the type bounds type is associated.
+ * @param datum rolebounds datum for which to get the name. Must be non-NULL.
+ * @param name Pointer to the string in which to store the name.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *name will be NULL.
+ */
+ extern int qpol_rolebounds_get_parent_name(const qpol_policy_t *policy, const qpol_rolebounds_t *datum, const char **name);
+
+/**
+ * Get the name which identifies a rolebounds type from its datum.
+ * @param policy The policy with which the type bounds type is associated.
+ * @param datum rolebounds datum for which to get the name. Must be non-NULL.
+ * @param name Pointer to the string in which to store the name.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *name will be NULL.
+ */
+ extern int qpol_rolebounds_get_child_name(const qpol_policy_t *policy, const qpol_rolebounds_t *datum, const char **name);
+
+ /************ USERBOUNDS *************/
+ typedef struct qpol_userbounds qpol_userbounds_t;
+
+/**
+ * Get an iterator for the userbounds types in a policy.
+ * @param policy The policy from which to create the iterator.
+ * @param iter Iterator over items of type qpol_isid_t returned.
+ * The caller is responsible for calling qpol_iterator_destroy
+ * to free memory used by this iterator.
+ * It is important to note that this iterator is only valid as long
+ * as the policy is unmodified.
+ * @return 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *iter will be NULL.
+ */
+ extern int qpol_policy_get_userbounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter);
+
+
+/**
+ * Get the name which identifies a userbounds type from its datum.
+ * @param policy The policy with which the type bounds type is associated.
+ * @param datum userbounds datum for which to get the name. Must be non-NULL.
+ * @param name Pointer to the string in which to store the name.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *name will be NULL.
+ */
+ extern int qpol_userbounds_get_parent_name(const qpol_policy_t *policy, const qpol_userbounds_t *datum, const char **name);
+
+/**
+ * Get the name which identifies a userbounds type from its datum.
+ * @param policy The policy with which the type bounds type is associated.
+ * @param datum userbounds datum for which to get the name. Must be non-NULL.
+ * @param name Pointer to the string in which to store the name.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *name will be NULL.
+ */
+ extern int qpol_userbounds_get_child_name(const qpol_policy_t *policy, const qpol_userbounds_t *datum, const char **name);
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* QPOL_BOUNDS_QUERY_H */
diff --git a/libqpol/include/qpol/default_object_query.h b/libqpol/include/qpol/default_object_query.h
new file mode 100644
index 0000000..e077287
--- /dev/null
+++ b/libqpol/include/qpol/default_object_query.h
@@ -0,0 +1,113 @@
+/**
+ * @file
+ * Defines the public interface for searching and iterating over default objects.
+ *
+ * @author Richard Haines richard_c_haines@btinternet.com
+ *
+ * Copyright (C) 2006-2009 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef QPOL_DEFAULT_OBJECT_QUERY_H
+#define QPOL_DEFAULT_OBJECT_QUERY_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+#include <qpol/iterator.h>
+#include <qpol/policy.h>
+
+
+ typedef struct qpol_default_object qpol_default_object_t;
+
+/**
+ * Get an iterator for the default_object types in a policy.
+ * @param policy The policy from which to create the iterator.
+ * @param iter Iterator over items of type qpol_isid_t returned.
+ * The caller is responsible for calling qpol_iterator_destroy
+ * to free memory used by this iterator.
+ * It is important to note that this iterator is only valid as long
+ * as the policy is unmodified.
+ * @return 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *iter will be NULL.
+ */
+ extern int qpol_policy_get_default_object_iter(const qpol_policy_t *policy, qpol_iterator_t **iter);
+
+/**
+ * Get the name which identifies a default_object class from its datum.
+ * @param policy The policy with which class is associated.
+ * @param datum default_object datum for which to get the name. Must be non-NULL.
+ * @param name Pointer to the string in which to store the name.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *name will be NULL.
+ */
+ extern int qpol_default_object_get_class(const qpol_policy_t *policy, const qpol_default_object_t *datum, const char **name);
+
+/**
+ * Get the value of a default user source/dest from its datum.
+ * @param policy The policy with which the default object is associated.
+ * @param datum default_object datum for which to get the value. Must be non-NULL.
+ * @param default Pointer to the value in which to store the default.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *default will be 0.
+ */
+ extern int qpol_default_object_get_user_default(const qpol_policy_t *policy, const qpol_default_object_t *datum, const char **value);
+
+/**
+ * Get the value of a default role source/dest from its datum.
+ * @param policy The policy with which the default object type is associated.
+ * @param datum default_object datum for which to get the value. Must be non-NULL.
+ * @param default Pointer to the value in which to store the default.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *default will be 0.
+ */
+ extern int qpol_default_object_get_role_default(const qpol_policy_t *policy, const qpol_default_object_t *datum, const char **value);
+
+/**
+ * Get the value of a default type source/dest from its datum.
+ * @param policy The policy with which the default object type is associated.
+ * @param datum default_object datum for which to get the value. Must be non-NULL.
+ * @param default Pointer to the value in which to store the default.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *default will be 0.
+ */
+ extern int qpol_default_object_get_type_default(const qpol_policy_t *policy, const qpol_default_object_t *datum, const char **value);
+
+/**
+ * Get the value of a default range source/dest from its datum.
+ * @param policy The policy with which the default object type is associated.
+ * @param datum default_object datum for which to get the value. Must be non-NULL.
+ * @param default Pointer to the value in which to store the default.
+ * Must be non-NULL. The caller should not free the string.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *default will be 0.
+ */
+ extern int qpol_default_object_get_range_default(const qpol_policy_t *policy, const qpol_default_object_t *datum, const char **value);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libqpol/include/qpol/policy.h b/libqpol/include/qpol/policy.h
index bf85718..4e01cdb 100644
--- a/libqpol/include/qpol/policy.h
+++ b/libqpol/include/qpol/policy.h
@@ -52,6 +52,8 @@ extern "C"
#include <qpol/netifcon_query.h>
#include <qpol/nodecon_query.h>
#include <qpol/permissive_query.h>
+#include <qpol/bounds_query.h>
+#include <qpol/default_object_query.h>
#include <qpol/polcap_query.h>
#include <qpol/portcon_query.h>
#include <qpol/rbacrule_query.h>
@@ -117,7 +119,18 @@ extern "C"
/** The policy source may be displayed. */
QPOL_CAP_SOURCE,
/** The policy supports and was loaded with neverallow rules. */
- QPOL_CAP_NEVERALLOW
+ QPOL_CAP_NEVERALLOW,
+ /** The policy supports bounds rules. */
+ QPOL_CAP_BOUNDS,
+ /** The policy supports default object rules. */
+ QPOL_CAP_DEFAULT_OBJECTS,
+ QPOL_CAP_DEFAULT_TYPE,
+ /** The policy supports permissive types. */
+ QPOL_CAP_PERMISSIVE,
+ /** The policy supports filename type_transition rules. */
+ QPOL_CAP_FILENAME_TRANS,
+ /** The policy supports role transition rules. */
+ QPOL_CAP_ROLETRANS
} qpol_capability_e;
/**
@@ -255,6 +268,15 @@ extern "C"
*/
extern int qpol_policy_has_capability(const qpol_policy_t * policy, qpol_capability_e cap);
+/**
+ * Get the handle_unknown classes/perms flag for the policy.
+ * @param policy The policy for which to get the version.
+ * @param handle_unknown Pointer to the integer to set to the version number.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *handle_unknown will be 0.
+ */
+ extern int qpol_policy_get_policy_handle_unknown(const qpol_policy_t * policy, unsigned int *handle_unknown);
+
#ifdef __cplusplus
}
#endif
diff --git a/libqpol/include/qpol/rbacrule_query.h b/libqpol/include/qpol/rbacrule_query.h
index 342e597..cb26600 100644
--- a/libqpol/include/qpol/rbacrule_query.h
+++ b/libqpol/include/qpol/rbacrule_query.h
@@ -112,6 +112,17 @@ extern "C"
const qpol_type_t ** target);
/**
+ * Get the object class from a role transition rule.
+ * @param rule The rule from which to get the object class.
+ * @param obj_class Pointer in which to store the object class.
+ * The caller should not free this pointer.
+ * @return 0 on success and < 0 on failure; if the call fails,
+ * errno will be set and *target will be NULL.
+ */
+ extern int qpol_role_trans_get_object_class(const qpol_policy_t * policy, const qpol_role_trans_t * rule,
+ const qpol_class_t ** obj_class);
+
+/**
* Get the default role from a role transition rule.
* @param policy The policy from which the rule comes.
* @param rule The rule from which to get the default role.
diff --git a/libqpol/src/Makefile.am b/libqpol/src/Makefile.am
index 0889a61..77213f4 100644
--- a/libqpol/src/Makefile.am
+++ b/libqpol/src/Makefile.am
@@ -21,6 +21,7 @@ libqpol_a_SOURCES = \
cond_query.c \
constraint_query.c \
context_query.c \
+ default_object_query.c \
expand.c \
expand.h \
fs_use_query.c \
@@ -35,6 +36,7 @@ libqpol_a_SOURCES = \
netifcon_query.c \
nodecon_query.c \
permissive_query.c \
+ bounds_query.c \
polcap_query.c \
policy.c \
policy_define.c policy_define.h \
diff --git a/libqpol/src/bounds_query.c b/libqpol/src/bounds_query.c
new file mode 100644
index 0000000..c3eb020
--- /dev/null
+++ b/libqpol/src/bounds_query.c
@@ -0,0 +1,332 @@
+/**
+* @file
+* Defines the public interface for searching and iterating over the permissive types.
+*
+* @author Richard Haines richard_c_haines@btinternet.com
+*
+* Copyright (C) 2006-2007 Tresys Technology, LLC
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU Lesser General Public
+* License as published by the Free Software Foundation; either
+* version 2.1 of the License, or (at your option) any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this library; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <qpol/iterator.h>
+#include <qpol/policy.h>
+#include <qpol/bounds_query.h>
+#include <sepol/policydb/policydb.h>
+#include "qpol_internal.h"
+#include "iterator_internal.h"
+
+ /************ TYPEBOUNDS *************/
+int qpol_typebounds_get_parent_name(const qpol_policy_t *policy, const qpol_typebounds_t * datum, const char **name)
+{
+ type_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || name == NULL) {
+ if (name != NULL)
+ *name = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *name = NULL;
+
+ /* The bounds rules started in ver 24 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_BOUNDS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (type_datum_t *)datum;
+
+ /* This will be zero if not a typebounds statement */
+ if (internal_datum->flavor == TYPE_TYPE && internal_datum->bounds != 0) {
+ *name = db->p_type_val_to_name[internal_datum->bounds - 1];
+ }
+ return STATUS_SUCCESS;
+}
+
+int qpol_typebounds_get_child_name(const qpol_policy_t *policy, const qpol_typebounds_t * datum, const char **name)
+{
+ type_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || name == NULL) {
+ if (name != NULL)
+ *name = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *name = NULL;
+
+ /* The bounds rules started in ver 24 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_BOUNDS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (type_datum_t *)datum;
+
+ if (internal_datum->flavor == TYPE_TYPE && internal_datum->bounds != 0) {
+ *name = db->p_type_val_to_name[internal_datum->s.value - 1];
+ }
+ return STATUS_SUCCESS;
+}
+
+/* As type bounds are in types use these, however will need to calc number of bounds manually in top.tcl*/
+int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
+{
+ policydb_t *db;
+ int error = 0;
+ hash_state_t *hs = NULL;
+
+ if (policy == NULL || iter == NULL) {
+ if (iter != NULL)
+ *iter = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+
+ db = &policy->p->p;
+/*
+ struct type_datum *type;
+ size_t i;
+ int count = 0;
+
+ for (i = 0; i < db->p_types.nprim - 1; i++) {
+ type = db->type_val_to_struct[i];
+ if (type->flavor == TYPE_TYPE && type->bounds != 0) {
+ printf("PARENT DOMAIN: %s\n", db->p_type_val_to_name[type->bounds - 1]);
+ printf("CHILD NAME: %s\n", db->p_type_val_to_name[type->s.value - 1]);
+ count++;
+ }
+ }
+ printf("Type Bounds count: %d\n", count);
+*/
+ hs = calloc(1, sizeof(hash_state_t));
+ if (hs == NULL) {
+ error = errno;
+ ERR(policy, "%s", strerror(ENOMEM));
+ errno = error;
+ return STATUS_ERR;
+ }
+ hs->table = &db->p_types.table;
+ hs->node = (*(hs->table))->htable[0];
+
+ if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
+ hash_state_next, hash_state_end, hash_state_size, free, iter)) {
+ free(hs);
+ return STATUS_ERR;
+ }
+
+ if (hs->node == NULL)
+ hash_state_next(*iter);
+
+ return STATUS_SUCCESS;
+}
+
+ /************ ROLEBOUNDS *************/
+int qpol_rolebounds_get_parent_name(const qpol_policy_t *policy, const qpol_rolebounds_t * datum, const char **name)
+{
+ role_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || name == NULL) {
+ if (name != NULL)
+ *name = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *name = NULL;
+
+ /* The bounds rules started in ver 24 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_BOUNDS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (role_datum_t *)datum;
+
+ /* This will be zero if not a rolebounds statement */
+ if (internal_datum->flavor == ROLE_ROLE && internal_datum->bounds != 0) {
+ *name = db->p_role_val_to_name[internal_datum->bounds - 1];
+ }
+ return STATUS_SUCCESS;
+}
+
+int qpol_rolebounds_get_child_name(const qpol_policy_t *policy, const qpol_rolebounds_t * datum, const char **name)
+{
+ role_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || name == NULL) {
+ if (name != NULL)
+ *name = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *name = NULL;
+
+ /* The bounds rules started in ver 24 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_BOUNDS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (role_datum_t *)datum;
+
+ if (internal_datum->flavor == ROLE_ROLE && internal_datum->bounds != 0) {
+ *name = db->p_role_val_to_name[internal_datum->s.value - 1];
+ }
+ return STATUS_SUCCESS;
+}
+
+/* As rolebounds are in roles use these, however will need to calc number of bounds manually in top.tcl*/
+int qpol_policy_get_rolebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
+{
+ policydb_t *db;
+ int error = 0;
+ hash_state_t *hs = NULL;
+
+ if (policy == NULL || iter == NULL) {
+ if (iter != NULL)
+ *iter = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+
+ db = &policy->p->p;
+
+ hs = calloc(1, sizeof(hash_state_t));
+ if (hs == NULL) {
+ error = errno;
+ ERR(policy, "%s", strerror(ENOMEM));
+ errno = error;
+ return STATUS_ERR;
+ }
+ hs->table = &db->p_roles.table;
+ hs->node = (*(hs->table))->htable[0];
+
+ if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
+ hash_state_next, hash_state_end, hash_state_size, free, iter)) {
+ free(hs);
+ return STATUS_ERR;
+ }
+
+ if (hs->node == NULL)
+ hash_state_next(*iter);
+
+ return STATUS_SUCCESS;
+}
+
+ /************ USERBOUNDS *************/
+int qpol_userbounds_get_parent_name(const qpol_policy_t *policy, const qpol_userbounds_t * datum, const char **name)
+{
+ user_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || name == NULL) {
+ if (name != NULL)
+ *name = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *name = NULL;
+
+ /* The bounds rules started in ver 24 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_BOUNDS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (user_datum_t *)datum;
+
+ /* This will be zero if not a userbounds statement */
+ if (internal_datum->bounds != 0) {
+ *name = db->p_user_val_to_name[internal_datum->bounds - 1];
+ }
+ return STATUS_SUCCESS;
+}
+
+int qpol_userbounds_get_child_name(const qpol_policy_t *policy, const qpol_userbounds_t * datum, const char **name)
+{
+ user_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || name == NULL) {
+ if (name != NULL)
+ *name = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *name = NULL;
+
+ /* The bounds rules started in ver 24 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_BOUNDS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (user_datum_t *)datum;
+
+ if (internal_datum->bounds != 0) {
+ *name = db->p_user_val_to_name[internal_datum->s.value - 1];
+ }
+ return STATUS_SUCCESS;
+}
+
+/* As userbounds are in users use these, however will need to calc number of bounds manually in top.tcl*/
+int qpol_policy_get_userbounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
+{
+ policydb_t *db;
+ int error = 0;
+ hash_state_t *hs = NULL;
+
+ if (policy == NULL || iter == NULL) {
+ if (iter != NULL)
+ *iter = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+
+ db = &policy->p->p;
+
+ hs = calloc(1, sizeof(hash_state_t));
+ if (hs == NULL) {
+ error = errno;
+ ERR(policy, "%s", strerror(ENOMEM));
+ errno = error;
+ return STATUS_ERR;
+ }
+ hs->table = &db->p_users.table;
+ hs->node = (*(hs->table))->htable[0];
+
+ if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
+ hash_state_next, hash_state_end, hash_state_size, free, iter)) {
+ free(hs);
+ return STATUS_ERR;
+ }
+
+ if (hs->node == NULL)
+ hash_state_next(*iter);
+
+ return STATUS_SUCCESS;
+}
+
diff --git a/libqpol/src/constraint_query.c b/libqpol/src/constraint_query.c
index 1545ad7..28111b7 100644
--- a/libqpol/src/constraint_query.c
+++ b/libqpol/src/constraint_query.c
@@ -778,9 +778,16 @@ int qpol_constraint_expr_node_get_names_iter(const qpol_policy_t * policy, const
errno = ENOMEM;
return STATUS_ERR;
}
+
+ int policy_version;
+ if (qpol_policy_get_policy_version(policy, &policy_version))
+ return STATUS_ERR;
+
if (internal_expr->attr & QPOL_CEXPR_SYM_TYPE) {
- if (policy_type == QPOL_POLICY_KERNEL_BINARY) {
+ if (policy_type == QPOL_POLICY_KERNEL_BINARY && policy_version <= 28) {
cns->inc = &(internal_expr->names);
+ } else if (policy_type == QPOL_POLICY_KERNEL_BINARY && policy_version > 28) {
+ cns->inc = &(internal_expr->type_names->types);
} else {
cns->inc = &(internal_expr->type_names->types);
cns->sub = &(internal_expr->type_names->negset);
diff --git a/libqpol/src/default_object_query.c b/libqpol/src/default_object_query.c
new file mode 100644
index 0000000..4143674
--- /dev/null
+++ b/libqpol/src/default_object_query.c
@@ -0,0 +1,281 @@
+/**
+* @file
+* Defines the public interface for searching and iterating over default objects.
+*
+* @author Richard Haines richard_c_haines@btinternet.com
+*
+* Copyright (C) 2006-2007 Tresys Technology, LLC
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU Lesser General Public
+* License as published by the Free Software Foundation; either
+* version 2.1 of the License, or (at your option) any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this library; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <qpol/iterator.h>
+#include <qpol/policy.h>
+#include <qpol/default_object_query.h>
+#include <sepol/policydb/policydb.h>
+#include "qpol_internal.h"
+#include "iterator_internal.h"
+
+int qpol_default_object_get_class(const qpol_policy_t *policy, const qpol_default_object_t * datum, const char **name)
+{
+ class_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || name == NULL) {
+ if (name != NULL)
+ *name = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *name = NULL;
+
+ db = &policy->p->p;
+ internal_datum = (class_datum_t *)datum;
+
+ /* These will be zero if no default_objects set */
+ if (internal_datum->default_user || internal_datum->default_role ||
+ internal_datum->default_type ||
+ internal_datum->default_range) {
+ *name = db->p_class_val_to_name[internal_datum->s.value - 1];
+ }
+ return STATUS_SUCCESS;
+}
+
+int qpol_default_object_get_user_default(const qpol_policy_t *policy, const qpol_default_object_t * datum, const char **value)
+{
+ class_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || value == NULL) {
+ if (value != NULL)
+ *value = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *value = NULL;
+
+ /* The user default started in ver 27 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_DEFAULT_OBJECTS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (class_datum_t *)datum;
+
+ if (internal_datum->default_user == DEFAULT_SOURCE) {
+ *value = "source";
+ } else if (internal_datum->default_user == DEFAULT_TARGET) {
+ *value = "target";
+ }
+ return STATUS_SUCCESS;
+}
+
+int qpol_default_object_get_role_default(const qpol_policy_t *policy, const qpol_default_object_t * datum, const char **value)
+{
+ class_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || value == NULL) {
+ if (value != NULL)
+ *value = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *value = NULL;
+
+ /* The role default started in ver 27 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_DEFAULT_OBJECTS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (class_datum_t *)datum;
+
+ if (internal_datum->default_role == DEFAULT_SOURCE) {
+ *value = "source";
+ } else if (internal_datum->default_role == DEFAULT_TARGET) {
+ *value = "target";
+ }
+ return STATUS_SUCCESS;
+}
+
+int qpol_default_object_get_type_default(const qpol_policy_t *policy, const qpol_default_object_t * datum, const char **value)
+{
+ class_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || value == NULL) {
+ if (value != NULL)
+ *value = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *value = NULL;
+
+ /* The type default started in ver 28 */
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_DEFAULT_TYPE))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (class_datum_t *)datum;
+
+ if (internal_datum->default_type == DEFAULT_SOURCE) {
+ *value = "source";
+ } else if (internal_datum->default_type == DEFAULT_TARGET) {
+ *value = "target";
+ }
+ return STATUS_SUCCESS;
+}
+
+int qpol_default_object_get_range_default(const qpol_policy_t *policy, const qpol_default_object_t * datum, const char **value)
+{
+ class_datum_t *internal_datum = NULL;
+ policydb_t *db = NULL;
+
+ if (policy == NULL || datum == NULL || value == NULL) {
+ if (value != NULL)
+ *value = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+ *value = NULL;
+
+ /* The range default started in ver 27 */
+ int policy_version;
+ if (!qpol_policy_has_capability(policy, QPOL_CAP_DEFAULT_OBJECTS))
+ return STATUS_SUCCESS;
+
+ db = &policy->p->p;
+ internal_datum = (class_datum_t *)datum;
+
+ switch (internal_datum->default_range) {
+ case DEFAULT_SOURCE_LOW:
+ *value = "source low";
+ break;
+ case DEFAULT_SOURCE_HIGH:
+ *value = "source high";
+ break;
+ case DEFAULT_SOURCE_LOW_HIGH:
+ *value = "source low_high";
+ break;
+ case DEFAULT_TARGET_LOW:
+ *value = "target low";
+ break;
+ case DEFAULT_TARGET_HIGH:
+ *value = "target high";
+ break;
+ case DEFAULT_TARGET_LOW_HIGH:
+ *value = "target low_high";
+ break;
+ default:
+ break;
+ }
+ return STATUS_SUCCESS;
+}
+
+/* As default objects are in classes use these, however will need to calc number of default objects manually in top.tcl*/
+int qpol_policy_get_default_object_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
+{
+ policydb_t *db;
+ int error = 0;
+ hash_state_t *hs = NULL;
+
+ if (policy == NULL || iter == NULL) {
+ if (iter != NULL)
+ *iter = NULL;
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+
+ db = &policy->p->p;
+/*
+ class_datum_t *cladatum;
+ sepol_security_class_t tclass;
+ char *class;
+
+ for (tclass = 1; tclass <= db->p_classes.nprim; tclass++) {
+ cladatum = db->class_val_to_struct[tclass - 1];
+ class = db->p_class_val_to_name[tclass - 1];
+
+ if (cladatum->default_user == DEFAULT_SOURCE) {
+ printf("default_user %s source;\n", class);
+ } else if (cladatum->default_user == DEFAULT_TARGET) {
+ printf("default_user %s target;\n", class);
+ }
+
+ if (cladatum->default_role == DEFAULT_SOURCE) {
+ printf("default_role %s source;\n", class);
+ } else if (cladatum->default_role == DEFAULT_TARGET) {
+ printf("default_role %s target;\n", class);
+ }
+
+ if (cladatum->default_type == DEFAULT_SOURCE) {
+ printf("default_type %s source;\n", class);
+ } else if (cladatum->default_type == DEFAULT_TARGET) {
+ printf("default_type %s target;\n", class);
+ }
+
+ switch (cladatum->default_range) {
+ case DEFAULT_SOURCE_LOW:
+ printf("default_range %s source low;\n", class);
+ break;
+ case DEFAULT_SOURCE_HIGH:
+ printf("default_range %s source high;\n", class);
+ break;
+ case DEFAULT_SOURCE_LOW_HIGH:
+ printf("default_range %s source low_high;\n", class);
+ break;
+ case DEFAULT_TARGET_LOW:
+ printf("default_range %s target low;\n", class);
+ break;
+ case DEFAULT_TARGET_HIGH:
+ printf("default_range %s target high;\n", class);
+ break;
+ case DEFAULT_TARGET_LOW_HIGH:
+ printf("default_range %s target low_high;\n", class);
+ break;
+ default:
+ break;
+ }
+ }
+*/
+ hs = calloc(1, sizeof(hash_state_t));
+ if (hs == NULL) {
+ error = errno;
+ ERR(policy, "%s", strerror(ENOMEM));
+ errno = error;
+ return STATUS_ERR;
+ }
+ hs->table = &db->p_classes.table;
+ hs->node = (*(hs->table))->htable[0];
+
+ if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
+ hash_state_next, hash_state_end, hash_state_size, free, iter)) {
+ free(hs);
+ return STATUS_ERR;
+ }
+
+ if (hs->node == NULL)
+ hash_state_next(*iter);
+
+ return STATUS_SUCCESS;
+}
diff --git a/libqpol/src/libqpol.map b/libqpol/src/libqpol.map
index 6973cca..1e80308 100644
--- a/libqpol/src/libqpol.map
+++ b/libqpol/src/libqpol.map
@@ -63,12 +63,17 @@ VERS_1.3 {
VERS_1.4 {
global:
qpol_type_get_ispermissive;
+ qpol_type_get_parent_name;
} VERS_1.3;
VERS_1.5 {
global:
qpol_policy_permissive_*;
qpol_permissive_*;
+ qpol_typebounds_*;
+ qpol_rolebounds_*;
+ qpol_userbounds_*;
qpol_policy_polcap_*;
qpol_polcap_*;
+ qpol_default_object_*;
} VERS_1.4;
diff --git a/libqpol/src/module_compiler.c b/libqpol/src/module_compiler.c
index b06e285..b00d97e 100644
--- a/libqpol/src/module_compiler.c
+++ b/libqpol/src/module_compiler.c
@@ -14,6 +14,7 @@
* the Free Software Foundation, version 2.
*/
+/* Required for SETools libqpol services */
#include <config.h>
#include <assert.h>
@@ -28,21 +29,19 @@
#include "queue.h"
#include "module_compiler.h"
-union stack_item_u
-{
+union stack_item_u {
avrule_block_t *avrule;
cond_list_t *cond_list;
};
-typedef struct scope_stack
-{
+typedef struct scope_stack {
union stack_item_u u;
- int type; /* for above union: 1 = avrule block, 2 = conditional */
- avrule_decl_t *decl; /* if in an avrule block, which
- * declaration is current */
+ int type; /* for above union: 1 = avrule block, 2 = conditional */
+ avrule_decl_t *decl; /* if in an avrule block, which
+ * declaration is current */
avrule_t *last_avrule;
- int in_else; /* if in an avrule block, within ELSE branch */
- int require_given; /* 1 if this block had at least one require */
+ int in_else; /* if in an avrule block, within ELSE branch */
+ int require_given; /* 1 if this block had at least one require */
struct scope_stack *parent, *child;
} scope_stack_t;
@@ -65,7 +64,8 @@ int define_policy(int pass, int module_header_given)
if (module_header_given) {
if (policydbp->policy_type != POLICY_MOD) {
- yyerror("Module specification found while not building a policy module.\n");
+ yyerror
+ ("Module specification found while not building a policy module.\n");
return -1;
}
@@ -79,14 +79,17 @@ int define_policy(int pass, int module_header_given)
return -1;
}
policydbp->name = id;
- if ((policydbp->version = queue_remove(id_queue)) == NULL) {
- yyerror("Expected a module version but none was found.");
+ if ((policydbp->version =
+ queue_remove(id_queue)) == NULL) {
+ yyerror
+ ("Expected a module version but none was found.");
return -1;
}
}
} else {
if (policydbp->policy_type == POLICY_MOD) {
- yyerror("Building a policy module, but no module specification found.\n");
+ yyerror
+ ("Building a policy module, but no module specification found.\n");
return -1;
}
}
@@ -98,7 +101,8 @@ int define_policy(int pass, int module_header_given)
while (stack_top != NULL) {
pop_stack();
}
- if (push_stack(1, policydbp->global, policydbp->global->branch_list) == -1) {
+ if (push_stack(1, policydbp->global, policydbp->global->branch_list) ==
+ -1) {
return -1;
}
last_block = policydbp->global;
@@ -127,7 +131,9 @@ static int is_declaration_allowed(void)
* For duplicate declarations return -2. For all else, including out
* of memory, return -3. Note that dest_value and datum_value might
* not be restricted pointers. */
-int declare_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datum, uint32_t * dest_value, uint32_t * datum_value)
+int declare_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value)
{
avrule_decl_t *decl = stack_top->decl;
int retval;
@@ -136,14 +142,17 @@ int declare_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datu
if (!is_declaration_allowed()) {
return -1;
}
- retval = symtab_insert(policydbp, symbol_type, key, datum, SCOPE_DECL, decl->decl_id, dest_value);
+ retval = symtab_insert(policydbp, symbol_type, key, datum,
+ SCOPE_DECL, decl->decl_id, dest_value);
if (retval == 1 && dest_value) {
- symtab_datum_t *s = (symtab_datum_t *) hashtab_search(policydbp->symtab[symbol_type].table,
- key);
+ symtab_datum_t *s =
+ (symtab_datum_t *) hashtab_search(policydbp->
+ symtab[symbol_type].table,
+ key);
assert(s != NULL);
-
+
if (symbol_type == SYM_LEVELS) {
- *dest_value = ((level_datum_t *) s)->level->sens;
+ *dest_value = ((level_datum_t *)s)->level->sens;
} else {
*dest_value = s->value;
}
@@ -151,35 +160,38 @@ int declare_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datu
return -2;
} else if (retval < 0) {
return -3;
- } else { /* fall through possible if retval is 0 */
+ } else { /* fall through possible if retval is 0 */
}
if (datum_value != NULL) {
- if (ebitmap_set_bit(decl->declared.scope + symbol_type, *datum_value - 1, 1)) {
+ if (ebitmap_set_bit(decl->declared.scope + symbol_type,
+ *datum_value - 1, 1)) {
return -3;
}
}
return retval;
}
-static int role_implicit_bounds(hashtab_t roles_tab, char *role_id, role_datum_t * role)
+static int role_implicit_bounds(hashtab_t roles_tab,
+ char *role_id, role_datum_t *role)
{
role_datum_t *bounds;
char *bounds_id, *delim;
delim = strrchr(role_id, '.');
if (!delim)
- return 0; /* no implicit boundary */
+ return 0; /* no implicit boundary */
bounds_id = strdup(role_id);
if (!bounds_id) {
yyerror("out of memory");
return -1;
}
- bounds_id[(size_t) (delim - role_id)] = '\0';
+ bounds_id[(size_t)(delim - role_id)] = '\0';
bounds = hashtab_search(roles_tab, bounds_id);
if (!bounds) {
- yyerror2("role %s doesn't exist, is implicit bounds of %s", bounds_id, role_id);
+ yyerror2("role %s doesn't exist, is implicit bounds of %s",
+ bounds_id, role_id);
return -1;
}
@@ -187,7 +199,8 @@ static int role_implicit_bounds(hashtab_t roles_tab, char *role_id, role_datum_t
role->bounds = bounds->s.value;
else if (role->bounds != bounds->s.value) {
yyerror2("role %s has inconsistent bounds %s/%s",
- role_id, bounds_id, policydbp->p_role_val_to_name[role->bounds - 1]);
+ role_id, bounds_id,
+ policydbp->p_role_val_to_name[role->bounds - 1]);
return -1;
}
free(bounds_id);
@@ -195,7 +208,7 @@ static int role_implicit_bounds(hashtab_t roles_tab, char *role_id, role_datum_t
return 0;
}
-role_datum_t *declare_role(void)
+role_datum_t *declare_role(unsigned char isattr)
{
char *id = queue_remove(id_queue), *dest_id = NULL;
role_datum_t *role = NULL, *dest_role = NULL;
@@ -212,8 +225,10 @@ role_datum_t *declare_role(void)
return NULL;
}
role_datum_init(role);
-
- retval = declare_symbol(SYM_ROLES, id, (hashtab_datum_t *) role, &value, &value);
+ role->flavor = isattr ? ROLE_ATTRIB : ROLE_ROLE;
+ retval =
+ declare_symbol(SYM_ROLES, id, (hashtab_datum_t *) role, &value,
+ &value);
if (retval == 0) {
role->s.value = value;
if ((dest_id = strdup(id)) == NULL) {
@@ -238,13 +253,16 @@ role_datum_t *declare_role(void)
}
dest_role = (role_datum_t *) hashtab_search(roles_tab, dest_id);
if (dest_role == NULL) {
- if ((dest_role = (role_datum_t *) malloc(sizeof(*dest_role))) == NULL) {
+ if ((dest_role =
+ (role_datum_t *) malloc(sizeof(*dest_role))) ==
+ NULL) {
yyerror("Out of memory!");
free(dest_id);
return NULL;
}
role_datum_init(dest_role);
dest_role->s.value = value;
+ dest_role->flavor = isattr ? ROLE_ATTRIB : ROLE_ROLE;
if (role_implicit_bounds(roles_tab, dest_id, dest_role)) {
free(dest_id);
role_datum_destroy(dest_role);
@@ -266,30 +284,31 @@ role_datum_t *declare_role(void)
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return NULL;
- }
+ yyerror("Out of memory!");
+ return NULL;
+ }
case -2:{
- yyerror("duplicate declaration of role");
- return NULL;
- }
+ yyerror("duplicate declaration of role");
+ return NULL;
+ }
case -1:{
- yyerror("could not declare role here");
- return NULL;
- }
- case 0:{
- if (ebitmap_set_bit(&dest_role->dominates, role->s.value - 1, 1)) {
- yyerror("out of memory");
+ yyerror("could not declare role here");
return NULL;
}
- return dest_role;
- }
+ case 0:{
+ if (ebitmap_set_bit
+ (&dest_role->dominates, role->s.value - 1, 1)) {
+ yyerror("out of memory");
+ return NULL;
+ }
+ return dest_role;
+ }
case 1:{
- return dest_role; /* role already declared for this block */
- }
+ return dest_role; /* role already declared for this block */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
@@ -306,7 +325,8 @@ type_datum_t *declare_type(unsigned char primary, unsigned char isattr)
return NULL;
}
if (strcmp(id, "self") == 0) {
- yyerror("'self' is a reserved type name and may not be declared.");
+ yyerror
+ ("'self' is a reserved type name and may not be declared.");
free(id);
return NULL;
}
@@ -334,46 +354,48 @@ type_datum_t *declare_type(unsigned char primary, unsigned char isattr)
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return NULL;
- }
+ yyerror("Out of memory!");
+ return NULL;
+ }
case -2:{
- yyerror2("duplicate declaration of type/attribute");
- return NULL;
- }
+ yyerror2("duplicate declaration of type/attribute");
+ return NULL;
+ }
case -1:{
- yyerror("could not declare type/attribute here");
- return NULL;
- }
+ yyerror("could not declare type/attribute here");
+ return NULL;
+ }
case 0:
case 1:{
- return typdatum;
- }
+ return typdatum;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
-static int user_implicit_bounds(hashtab_t users_tab, char *user_id, user_datum_t * user)
+static int user_implicit_bounds(hashtab_t users_tab,
+ char *user_id, user_datum_t *user)
{
user_datum_t *bounds;
char *bounds_id, *delim;
delim = strrchr(user_id, '.');
if (!delim)
- return 0; /* no implicit boundary */
+ return 0; /* no implicit boundary */
bounds_id = strdup(user_id);
if (!bounds_id) {
yyerror("out of memory");
return -1;
}
- bounds_id[(size_t) (delim - user_id)] = '\0';
+ bounds_id[(size_t)(delim - user_id)] = '\0';
bounds = hashtab_search(users_tab, bounds_id);
if (!bounds) {
- yyerror2("user %s doesn't exist, is implicit bounds of %s", bounds_id, user_id);
+ yyerror2("user %s doesn't exist, is implicit bounds of %s",
+ bounds_id, user_id);
return -1;
}
@@ -381,7 +403,8 @@ static int user_implicit_bounds(hashtab_t users_tab, char *user_id, user_datum_t
user->bounds = bounds->s.value;
else if (user->bounds != bounds->s.value) {
yyerror2("user %s has inconsistent bounds %s/%s",
- user_id, bounds_id, policydbp->p_role_val_to_name[user->bounds - 1]);
+ user_id, bounds_id,
+ policydbp->p_role_val_to_name[user->bounds - 1]);
return -1;
}
free(bounds_id);
@@ -407,7 +430,9 @@ user_datum_t *declare_user(void)
}
user_datum_init(user);
- retval = declare_symbol(SYM_USERS, id, (hashtab_datum_t *) user, &value, &value);
+ retval =
+ declare_symbol(SYM_USERS, id, (hashtab_datum_t *) user, &value,
+ &value);
if (retval == 0) {
user->s.value = value;
@@ -433,7 +458,9 @@ user_datum_t *declare_user(void)
}
dest_user = (user_datum_t *) hashtab_search(users_tab, dest_id);
if (dest_user == NULL) {
- if ((dest_user = (user_datum_t *) malloc(sizeof(*dest_user))) == NULL) {
+ if ((dest_user =
+ (user_datum_t *) malloc(sizeof(*dest_user))) ==
+ NULL) {
yyerror("Out of memory!");
free(dest_id);
return NULL;
@@ -461,26 +488,26 @@ user_datum_t *declare_user(void)
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return NULL;
- }
+ yyerror("Out of memory!");
+ return NULL;
+ }
case -2:{
- yyerror("duplicate declaration of user");
- return NULL;
- }
+ yyerror("duplicate declaration of user");
+ return NULL;
+ }
case -1:{
- yyerror("could not declare user here");
- return NULL;
- }
+ yyerror("could not declare user here");
+ return NULL;
+ }
case 0:{
- return dest_user;
- }
+ return dest_user;
+ }
case 1:{
- return dest_user; /* user already declared for this block */
- }
+ return dest_user; /* user already declared for this block */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
@@ -530,6 +557,55 @@ type_datum_t *get_local_type(char *id, uint32_t value, unsigned char isattr)
return dest_typdatum;
}
+/* Return a role_datum_t for the local avrule_decl with the given ID.
+ * If it does not exist, create one with the same value as 'value'.
+ * This function assumes that the ID is within scope. c.f.,
+ * is_id_in_scope().
+ *
+ * NOTE: this function usurps ownership of id afterwards. The caller
+ * shall not reference it nor free() it afterwards.
+ */
+role_datum_t *get_local_role(char *id, uint32_t value, unsigned char isattr)
+{
+ role_datum_t *dest_roledatum;
+ hashtab_t roles_tab;
+
+ assert(stack_top->type == 1);
+
+ if (stack_top->parent == NULL) {
+ /* in global, so use global symbol table */
+ roles_tab = policydbp->p_roles.table;
+ } else {
+ roles_tab = stack_top->decl->p_roles.table;
+ }
+
+ dest_roledatum = hashtab_search(roles_tab, id);
+ if (!dest_roledatum) {
+ dest_roledatum = (role_datum_t *)malloc(sizeof(role_datum_t));
+ if (dest_roledatum == NULL) {
+ free(id);
+ return NULL;
+ }
+
+ role_datum_init(dest_roledatum);
+ dest_roledatum->s.value = value;
+ dest_roledatum->flavor = isattr ? ROLE_ATTRIB : ROLE_ROLE;
+
+ if (hashtab_insert(roles_tab, id, dest_roledatum)) {
+ free(id);
+ role_datum_destroy(dest_roledatum);
+ free(dest_roledatum);
+ return NULL;
+ }
+ } else {
+ free(id);
+ if (dest_roledatum->flavor != isattr ? ROLE_ATTRIB : ROLE_ROLE)
+ return NULL;
+ }
+
+ return dest_roledatum;
+}
+
/* Given the current parse stack, returns 1 if a requirement would be
* allowed here or 0 if not. For example, the ELSE branch may never
* have its own requirements.
@@ -550,7 +626,9 @@ static int is_require_allowed(void)
* return -3.. Note that dest_value and datum_value might not be
* restricted pointers.
*/
-int require_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datum, uint32_t * dest_value, uint32_t * datum_value)
+int require_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value)
{
avrule_decl_t *decl = stack_top->decl;
int retval;
@@ -559,14 +637,17 @@ int require_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datu
if (!is_require_allowed()) {
return -1;
}
- retval = symtab_insert(policydbp, symbol_type, key, datum, SCOPE_REQ, decl->decl_id, dest_value);
+ retval = symtab_insert(policydbp, symbol_type, key, datum,
+ SCOPE_REQ, decl->decl_id, dest_value);
if (retval == 1) {
- symtab_datum_t *s = (symtab_datum_t *) hashtab_search(policydbp->symtab[symbol_type].table,
- key);
+ symtab_datum_t *s =
+ (symtab_datum_t *) hashtab_search(policydbp->
+ symtab[symbol_type].table,
+ key);
assert(s != NULL);
-
+
if (symbol_type == SYM_LEVELS) {
- *dest_value = ((level_datum_t *) s)->level->sens;
+ *dest_value = ((level_datum_t *)s)->level->sens;
} else {
*dest_value = s->value;
}
@@ -578,11 +659,17 @@ int require_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datu
if (symbol_type == SYM_TYPES) {
/* check that previous symbol has same
* type/attribute-ness */
- unsigned char new_isattr = ((type_datum_t *) datum)->flavor;
- type_datum_t *old_datum = (type_datum_t *) hashtab_search(policydbp->symtab[SYM_TYPES].table, key);
+ unsigned char new_isattr =
+ ((type_datum_t *) datum)->flavor;
+ type_datum_t *old_datum =
+ (type_datum_t *) hashtab_search(policydbp->
+ symtab
+ [SYM_TYPES].
+ table, key);
assert(old_datum != NULL);
unsigned char old_isattr = old_datum->flavor;
- prev_declaration_ok = (old_isattr == new_isattr ? 1 : 0);
+ prev_declaration_ok =
+ (old_isattr == new_isattr ? 1 : 0);
} else {
prev_declaration_ok = 1;
}
@@ -600,10 +687,11 @@ int require_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datu
}
} else if (retval < 0) {
return -3;
- } else { /* fall through possible if retval is 0 or 1 */
+ } else { /* fall through possible if retval is 0 or 1 */
}
if (datum_value != NULL) {
- if (ebitmap_set_bit(decl->required.scope + symbol_type, *datum_value - 1, 1)) {
+ if (ebitmap_set_bit(decl->required.scope + symbol_type,
+ *datum_value - 1, 1)) {
return -3;
}
}
@@ -632,13 +720,15 @@ int add_perm_to_class(uint32_t perm_value, uint32_t class_value)
}
scope->class_perms_len = class_value;
}
- if (ebitmap_set_bit(scope->class_perms_map + class_value - 1, perm_value - 1, 1)) {
+ if (ebitmap_set_bit(scope->class_perms_map + class_value - 1,
+ perm_value - 1, 1)) {
return -1;
}
return 0;
}
-static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p __attribute__ ((unused)))
+static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
{
if (key)
free(key);
@@ -676,48 +766,53 @@ int require_class(int pass)
return -1;
}
- if ((datum = calloc(1, sizeof(*datum))) == NULL || symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
+ if ((datum = calloc(1, sizeof(*datum))) == NULL ||
+ symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
yyerror("Out of memory!");
goto cleanup;
}
- ret = require_symbol(SYM_CLASSES, class_id, datum, &datum->s.value, &datum->s.value);
+ ret =
+ require_symbol(SYM_CLASSES, class_id, datum, &datum->s.value,
+ &datum->s.value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- free(class_id);
- class_datum_destroy(datum);
- goto cleanup;
- }
+ yyerror("Out of memory!");
+ free(class_id);
+ class_datum_destroy(datum);
+ goto cleanup;
+ }
case -2:{
- yyerror("duplicate declaration of class");
- free(class_id);
- class_datum_destroy(datum);
- goto cleanup;
- }
+ yyerror("duplicate declaration of class");
+ free(class_id);
+ class_datum_destroy(datum);
+ goto cleanup;
+ }
case -1:{
- yyerror("could not require class here");
- free(class_id);
- class_datum_destroy(datum);
- goto cleanup;
- }
- case 0:{
- /* a new class was added; reindex everything */
- if (policydb_index_classes(policydbp)) {
- yyerror("Out of memory!");
+ yyerror("could not require class here");
+ free(class_id);
+ class_datum_destroy(datum);
goto cleanup;
}
- break;
- }
+ case 0:{
+ /* a new class was added; reindex everything */
+ if (policydb_index_classes(policydbp)) {
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+ break;
+ }
case 1:{
- class_datum_destroy(datum);
- datum = hashtab_search(policydbp->p_classes.table, class_id);
- assert(datum); /* the class datum should have existed */
- free(class_id);
- break;
- }
+ class_datum_destroy(datum);
+ datum =
+ hashtab_search(policydbp->p_classes.table,
+ class_id);
+ assert(datum); /* the class datum should have existed */
+ free(class_id);
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
/* now add each of the permissions to this class's requirements */
@@ -727,14 +822,18 @@ int require_class(int pass)
/* Is the permission already in the table? */
perm = hashtab_search(datum->permissions.table, perm_id);
if (!perm && datum->comdatum)
- perm = hashtab_search(datum->comdatum->permissions.table, perm_id);
+ perm =
+ hashtab_search(datum->comdatum->permissions.table,
+ perm_id);
if (perm) {
/* Yes, drop the name. */
free(perm_id);
} else {
/* No - allocate and insert an entry for it. */
if (policydbp->policy_type == POLICY_BASE) {
- yyerror2("Base policy - require of permission %s without prior declaration.", perm_id);
+ yyerror2
+ ("Base policy - require of permission %s without prior declaration.",
+ perm_id);
free(perm_id);
goto cleanup;
}
@@ -745,7 +844,9 @@ int require_class(int pass)
goto cleanup;
}
memset(perm, 0, sizeof(*perm));
- ret = hashtab_insert(datum->permissions.table, perm_id, perm);
+ ret =
+ hashtab_insert(datum->permissions.table, perm_id,
+ perm);
if (ret) {
yyerror("Out of memory!");
free(perm_id);
@@ -769,7 +870,7 @@ int require_class(int pass)
return -1;
}
-int require_role(int pass)
+static int require_role_or_attribute(int pass, unsigned char isattr)
{
char *id = queue_remove(id_queue);
role_datum_t *role = NULL;
@@ -788,7 +889,10 @@ int require_role(int pass)
return -1;
}
role_datum_init(role);
- retval = require_symbol(SYM_ROLES, id, (hashtab_datum_t *) role, &role->s.value, &role->s.value);
+ role->flavor = isattr ? ROLE_ATTRIB : ROLE_ROLE;
+ retval =
+ require_symbol(SYM_ROLES, id, (hashtab_datum_t *) role,
+ &role->s.value, &role->s.value);
if (retval != 0) {
free(id);
role_datum_destroy(role);
@@ -796,34 +900,45 @@ int require_role(int pass)
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return -1;
- }
+ yyerror("Out of memory!");
+ return -1;
+ }
case -2:{
- yyerror("duplicate declaration of role");
- return -1;
- }
+ yyerror("duplicate declaration of role");
+ return -1;
+ }
case -1:{
- yyerror("could not require role here");
- return -1;
- }
- case 0:{
- /* all roles dominate themselves */
- if (ebitmap_set_bit(&role->dominates, role->s.value - 1, 1)) {
- yyerror("Out of memory");
+ yyerror("could not require role here");
return -1;
}
- return 0;
- }
+ case 0:{
+ /* all roles dominate themselves */
+ if (ebitmap_set_bit
+ (&role->dominates, role->s.value - 1, 1)) {
+ yyerror("Out of memory");
+ return -1;
+ }
+ return 0;
+ }
case 1:{
- return 0; /* role already required */
- }
+ return 0; /* role already required */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
+int require_role(int pass)
+{
+ return require_role_or_attribute(pass, 0);
+}
+
+int require_attribute_role(int pass)
+{
+ return require_role_or_attribute(pass, 1);
+}
+
static int require_type_or_attribute(int pass, unsigned char isattr)
{
char *id = queue_remove(id_queue);
@@ -845,33 +960,35 @@ static int require_type_or_attribute(int pass, unsigned char isattr)
type_datum_init(type);
type->primary = 1;
type->flavor = isattr ? TYPE_ATTRIB : TYPE_TYPE;
- retval = require_symbol(SYM_TYPES, id, (hashtab_datum_t *) type, &type->s.value, &type->s.value);
+ retval =
+ require_symbol(SYM_TYPES, id, (hashtab_datum_t *) type,
+ &type->s.value, &type->s.value);
if (retval != 0) {
free(id);
free(type);
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return -1;
- }
+ yyerror("Out of memory!");
+ return -1;
+ }
case -2:{
- yyerror("duplicate declaration of type/attribute");
- return -1;
- }
+ yyerror("duplicate declaration of type/attribute");
+ return -1;
+ }
case -1:{
- yyerror("could not require type/attribute here");
- return -1;
- }
+ yyerror("could not require type/attribute here");
+ return -1;
+ }
case 0:{
- return 0;
- }
+ return 0;
+ }
case 1:{
- return 0; /* type already required */
- }
+ return 0; /* type already required */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
@@ -904,37 +1021,39 @@ int require_user(int pass)
return -1;
}
user_datum_init(user);
- retval = require_symbol(SYM_USERS, id, (hashtab_datum_t *) user, &user->s.value, &user->s.value);
+ retval =
+ require_symbol(SYM_USERS, id, (hashtab_datum_t *) user,
+ &user->s.value, &user->s.value);
if (retval != 0) {
free(id);
user_datum_destroy(user);
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return -1;
- }
+ yyerror("Out of memory!");
+ return -1;
+ }
case -2:{
- yyerror("duplicate declaration of user");
- return -1;
- }
+ yyerror("duplicate declaration of user");
+ return -1;
+ }
case -1:{
- yyerror("could not require user here");
- return -1;
- }
+ yyerror("could not require user here");
+ return -1;
+ }
case 0:{
- return 0;
- }
+ return 0;
+ }
case 1:{
- return 0; /* user already required */
- }
+ return 0; /* user already required */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
-int require_bool(int pass)
+static int require_bool_tunable(int pass, int is_tunable)
{
char *id = queue_remove(id_queue);
cond_bool_datum_t *booldatum = NULL;
@@ -952,35 +1071,49 @@ int require_bool(int pass)
yyerror("Out of memory!");
return -1;
}
- retval = require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum, &booldatum->s.value, &booldatum->s.value);
+ if (is_tunable)
+ booldatum->flags |= COND_BOOL_FLAGS_TUNABLE;
+ retval =
+ require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum,
+ &booldatum->s.value, &booldatum->s.value);
if (retval != 0) {
cond_destroy_bool(id, booldatum, NULL);
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return -1;
- }
+ yyerror("Out of memory!");
+ return -1;
+ }
case -2:{
- yyerror("duplicate declaration of boolean");
- return -1;
- }
+ yyerror("duplicate declaration of boolean");
+ return -1;
+ }
case -1:{
- yyerror("could not require boolean here");
- return -1;
- }
+ yyerror("could not require boolean here");
+ return -1;
+ }
case 0:{
- return 0;
- }
+ return 0;
+ }
case 1:{
- return 0; /* boolean already required */
- }
+ return 0; /* boolean already required */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
+int require_bool(int pass)
+{
+ return require_bool_tunable(pass, 0);
+}
+
+int require_tunable(int pass)
+{
+ return require_bool_tunable(pass, 1);
+}
+
int require_sens(int pass)
{
char *id = queue_remove(id_queue);
@@ -1010,7 +1143,8 @@ int require_sens(int pass)
return -1;
}
mls_level_init(level->level);
- retval = require_symbol(SYM_LEVELS, id, (hashtab_datum_t *) level, &level->level->sens, &level->level->sens);
+ retval = require_symbol(SYM_LEVELS, id, (hashtab_datum_t *) level,
+ &level->level->sens, &level->level->sens);
if (retval != 0) {
free(id);
mls_level_destroy(level->level);
@@ -1020,26 +1154,26 @@ int require_sens(int pass)
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return -1;
- }
+ yyerror("Out of memory!");
+ return -1;
+ }
case -2:{
- yyerror("duplicate declaration of sensitivity");
- return -1;
- }
+ yyerror("duplicate declaration of sensitivity");
+ return -1;
+ }
case -1:{
- yyerror("could not require sensitivity here");
- return -1;
- }
+ yyerror("could not require sensitivity here");
+ return -1;
+ }
case 0:{
- return 0;
- }
+ return 0;
+ }
case 1:{
- return 0; /* sensitivity already required */
- }
+ return 0; /* sensitivity already required */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
@@ -1064,7 +1198,8 @@ int require_cat(int pass)
}
cat_datum_init(cat);
- retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat, &cat->s.value, &cat->s.value);
+ retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat,
+ &cat->s.value, &cat->s.value);
if (retval != 0) {
free(id);
cat_datum_destroy(cat);
@@ -1072,26 +1207,26 @@ int require_cat(int pass)
}
switch (retval) {
case -3:{
- yyerror("Out of memory!");
- return -1;
- }
+ yyerror("Out of memory!");
+ return -1;
+ }
case -2:{
- yyerror("duplicate declaration of category");
- return -1;
- }
+ yyerror("duplicate declaration of category");
+ return -1;
+ }
case -1:{
- yyerror("could not require category here");
- return -1;
- }
+ yyerror("could not require category here");
+ return -1;
+ }
case 0:{
- return 0;
- }
+ return 0;
+ }
case 1:{
- return 0; /* category already required */
- }
+ return 0; /* category already required */
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
@@ -1099,7 +1234,7 @@ static int is_scope_in_stack(scope_datum_t * scope, scope_stack_t * stack)
{
int i;
if (stack == NULL) {
- return 0; /* no matching scope found */
+ return 0; /* no matching scope found */
}
if (stack->type == 1) {
avrule_decl_t *decl = stack->decl;
@@ -1119,33 +1254,40 @@ static int is_scope_in_stack(scope_datum_t * scope, scope_stack_t * stack)
int is_id_in_scope(uint32_t symbol_type, hashtab_key_t id)
{
- scope_datum_t *scope = (scope_datum_t *) hashtab_search(policydbp->scope[symbol_type].table, id);
+ scope_datum_t *scope =
+ (scope_datum_t *) hashtab_search(policydbp->scope[symbol_type].
+ table, id);
if (scope == NULL) {
- return 1; /* id is not known, so return success */
+ return 1; /* id is not known, so return success */
}
return is_scope_in_stack(scope, stack_top);
}
-static int is_perm_in_scope_index(uint32_t perm_value, uint32_t class_value, scope_index_t * scope)
+static int is_perm_in_scope_index(uint32_t perm_value, uint32_t class_value,
+ scope_index_t * scope)
{
if (class_value > scope->class_perms_len) {
return 1;
}
- if (ebitmap_get_bit(scope->class_perms_map + class_value - 1, perm_value - 1)) {
+ if (ebitmap_get_bit(scope->class_perms_map + class_value - 1,
+ perm_value - 1)) {
return 1;
}
return 0;
}
-static int is_perm_in_stack(uint32_t perm_value, uint32_t class_value, scope_stack_t * stack)
+static int is_perm_in_stack(uint32_t perm_value, uint32_t class_value,
+ scope_stack_t * stack)
{
if (stack == NULL) {
- return 0; /* no matching scope found */
+ return 0; /* no matching scope found */
}
if (stack->type == 1) {
avrule_decl_t *decl = stack->decl;
- if (is_perm_in_scope_index(perm_value, class_value, &decl->required)
- || is_perm_in_scope_index(perm_value, class_value, &decl->declared)) {
+ if (is_perm_in_scope_index
+ (perm_value, class_value, &decl->required)
+ || is_perm_in_scope_index(perm_value, class_value,
+ &decl->declared)) {
return 1;
}
} else {
@@ -1159,17 +1301,20 @@ static int is_perm_in_stack(uint32_t perm_value, uint32_t class_value, scope_sta
int is_perm_in_scope(hashtab_key_t perm_id, hashtab_key_t class_id)
{
- class_datum_t *cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table,
- class_id);
+ class_datum_t *cladatum =
+ (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ class_id);
perm_datum_t *perdatum;
if (cladatum == NULL) {
return 1;
}
- perdatum = (perm_datum_t *) hashtab_search(cladatum->permissions.table, perm_id);
+ perdatum = (perm_datum_t *) hashtab_search(cladatum->permissions.table,
+ perm_id);
if (perdatum == NULL) {
return 1;
}
- return is_perm_in_stack(perdatum->s.value, cladatum->s.value, stack_top);
+ return is_perm_in_stack(perdatum->s.value, cladatum->s.value,
+ stack_top);
}
cond_list_t *get_current_cond_list(cond_list_t * cond)
@@ -1188,19 +1333,23 @@ void append_cond_list(cond_list_t * cond)
{
cond_list_t *old_cond = get_current_cond_list(cond);
avrule_t *tmp;
- assert(old_cond != NULL); /* probably out of memory */
+ assert(old_cond != NULL); /* probably out of memory */
if (old_cond->avtrue_list == NULL) {
old_cond->avtrue_list = cond->avtrue_list;
} else {
- for (tmp = old_cond->avtrue_list; tmp->next != NULL; tmp = tmp->next) ;
+ for (tmp = old_cond->avtrue_list; tmp->next != NULL;
+ tmp = tmp->next) ;
tmp->next = cond->avtrue_list;
}
if (old_cond->avfalse_list == NULL) {
old_cond->avfalse_list = cond->avfalse_list;
} else {
- for (tmp = old_cond->avfalse_list; tmp->next != NULL; tmp = tmp->next) ;
+ for (tmp = old_cond->avfalse_list; tmp->next != NULL;
+ tmp = tmp->next) ;
tmp->next = cond->avfalse_list;
}
+
+ old_cond->flags |= cond->flags;
}
void append_avrule(avrule_t * avrule)
@@ -1276,7 +1425,8 @@ int begin_optional(int pass)
avrule_decl_t *decl;
if (pass == 1) {
/* allocate a new avrule block for this optional block */
- if ((block = avrule_block_create()) == NULL || (decl = avrule_decl_create(next_decl_id)) == NULL) {
+ if ((block = avrule_block_create()) == NULL ||
+ (decl = avrule_decl_create(next_decl_id)) == NULL) {
goto cleanup;
}
block->flags |= AVRULE_OPTIONAL;
@@ -1285,7 +1435,9 @@ int begin_optional(int pass)
} else {
/* select the next block from the chain built during pass 1 */
block = last_block->next;
- assert(block != NULL && block->branch_list != NULL && block->branch_list->decl_id == next_decl_id);
+ assert(block != NULL &&
+ block->branch_list != NULL &&
+ block->branch_list->decl_id == next_decl_id);
decl = block->branch_list;
}
if (push_stack(1, block, decl) == -1) {
@@ -1324,7 +1476,8 @@ int begin_optional_else(int pass)
/* pick the (hopefully last) declaration of this
avrule block, built from pass 1 */
decl = stack_top->decl->next;
- assert(decl != NULL && decl->next == NULL && decl->decl_id == next_decl_id);
+ assert(decl != NULL &&
+ decl->next == NULL && decl->decl_id == next_decl_id);
}
stack_top->in_else = 1;
stack_top->decl = decl;
@@ -1353,21 +1506,26 @@ static int copy_requirements(avrule_decl_t * dest, scope_stack_t * stack)
}
/* now copy class permissions */
if (src_scope->class_perms_len > dest_scope->class_perms_len) {
- ebitmap_t *new_map = realloc(dest_scope->class_perms_map,
- src_scope->class_perms_len * sizeof(*new_map));
+ ebitmap_t *new_map =
+ realloc(dest_scope->class_perms_map,
+ src_scope->class_perms_len *
+ sizeof(*new_map));
if (new_map == NULL) {
yyerror("Out of memory!");
return -1;
}
dest_scope->class_perms_map = new_map;
- for (i = dest_scope->class_perms_len; i < src_scope->class_perms_len; i++) {
+ for (i = dest_scope->class_perms_len;
+ i < src_scope->class_perms_len; i++) {
ebitmap_init(dest_scope->class_perms_map + i);
}
- dest_scope->class_perms_len = src_scope->class_perms_len;
+ dest_scope->class_perms_len =
+ src_scope->class_perms_len;
}
for (i = 0; i < src_scope->class_perms_len; i++) {
ebitmap_t *src_bitmap = &src_scope->class_perms_map[i];
- ebitmap_t *dest_bitmap = &dest_scope->class_perms_map[i];
+ ebitmap_t *dest_bitmap =
+ &dest_scope->class_perms_map[i];
if (ebitmap_union(dest_bitmap, src_bitmap)) {
yyerror("Out of memory!");
return -1;
@@ -1394,7 +1552,8 @@ int end_avrule_block(int pass)
return 0;
}
if (!stack_top->in_else && !stack_top->require_given) {
- if (policydbp->policy_type == POLICY_BASE && stack_top->parent != NULL) {
+ if (policydbp->policy_type == POLICY_BASE
+ && stack_top->parent != NULL) {
/* if this is base no require should be in the global block */
return 0;
} else {
@@ -1418,14 +1577,14 @@ static int push_stack(int stack_type, ...)
va_start(ap, stack_type);
switch (s->type = stack_type) {
case 1:{
- s->u.avrule = va_arg(ap, avrule_block_t *);
- s->decl = va_arg(ap, avrule_decl_t *);
- break;
- }
+ s->u.avrule = va_arg(ap, avrule_block_t *);
+ s->decl = va_arg(ap, avrule_decl_t *);
+ break;
+ }
case 2:{
- s->u.cond_list = va_arg(ap, cond_list_t *);
- break;
- }
+ s->u.cond_list = va_arg(ap, cond_list_t *);
+ break;
+ }
default:
/* invalid stack type given */
assert(0);
diff --git a/libqpol/src/module_compiler.h b/libqpol/src/module_compiler.h
index d46dca6..b9c0526 100644
--- a/libqpol/src/module_compiler.h
+++ b/libqpol/src/module_compiler.h
@@ -17,6 +17,7 @@
#ifndef MODULE_COMPILER_H
#define MODULE_COMPILER_H
+/* Required for SETools libqpol services */
#ifdef __cplusplus
extern "C"
{
@@ -36,18 +37,23 @@ int define_policy(int pass, int module_header_given);
* needs to free() the datum), -1 if declarations not allowed, -2 for
* duplicate declarations, -3 for all else.
*/
-int declare_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datum, uint32_t * dest_value, uint32_t * datum_value);
+int declare_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value);
-role_datum_t *declare_role(void);
+role_datum_t *declare_role(unsigned char isattr);
type_datum_t *declare_type(unsigned char primary, unsigned char isattr);
user_datum_t *declare_user(void);
type_datum_t *get_local_type(char *id, uint32_t value, unsigned char isattr);
+role_datum_t *get_local_role(char *id, uint32_t value, unsigned char isattr);
/* Add a symbol to the current avrule_block's require section. Note
* that a module may not both declare and require the same symbol.
* Returns 0 on success, -1 on error. */
-int require_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_t datum, uint32_t * dest_value, uint32_t * datum_value);
+int require_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value);
/* Enable a permission for a class within the current avrule_decl.
* Return 0 on success, -1 if out of memory. */
@@ -60,8 +66,10 @@ int require_class(int pass);
int require_role(int pass);
int require_type(int pass);
int require_attribute(int pass);
+int require_attribute_role(int pass);
int require_user(int pass);
int require_bool(int pass);
+int require_tunable(int pass);
int require_sens(int pass);
int require_cat(int pass);
diff --git a/libqpol/src/policy.c b/libqpol/src/policy.c
index 7180556..717c079 100644
--- a/libqpol/src/policy.c
+++ b/libqpol/src/policy.c
@@ -412,6 +412,45 @@ static int infer_policy_version(qpol_policy_t * policy)
}
qpol_iterator_destroy(&iter);
+/* Check each version change from 29 to 24 */
+/* If this is available then just set version 29 */
+#ifdef HAVE_SEPOL_CONSTRAINT_NAMES
+ db->policyvers = 29;
+ return STATUS_SUCCESS;
+#endif
+
+/*
+ * These will remove the rules from policy_define.c if libsepol
+ * does not have the support listed in policydb.h. The earlier code
+ * checked for at least one rule before enabling - this patch does not
+ * as if in policydb.h then must be capable of being built.
+ */
+#ifdef HAVE_SEPOL_DEFAULT_TYPE
+ db->policyvers = 28;
+ return STATUS_SUCCESS;
+#endif
+
+#ifdef HAVE_SEPOL_NEW_OBJECT_DEFAULTS
+ db->policyvers = 27;
+ return STATUS_SUCCESS;
+#endif
+
+/* This seems to be in place already ??
+#ifdef HAVE_SEPOL_ROLETRANS
+ db->policyvers = 26;
+ return STATUS_SUCCESS;
+#endif */
+
+#ifdef HAVE_SEPOL_FILENAME_TRANS
+ db->policyvers = 25;
+ return STATUS_SUCCESS;
+#endif
+
+#ifdef HAVE_SEPOL_BOUNDARY
+ db->policyvers = 24;
+ return STATUS_SUCCESS;
+#endif
+
#if defined(HAVE_SEPOL_PERMISSIVE_TYPES) || defined(HAVE_SEPOL_POLICYCAPS)
ebitmap_node_t *node = NULL;
unsigned int i = 0;
@@ -1466,6 +1505,25 @@ int qpol_policy_get_policy_version(const qpol_policy_t * policy, unsigned int *v
return STATUS_SUCCESS;
}
+int qpol_policy_get_policy_handle_unknown(const qpol_policy_t * policy, unsigned int *handle_unknown)
+{
+ policydb_t *db;
+
+ if (handle_unknown != NULL)
+ *handle_unknown = 0;
+
+ if (policy == NULL || handle_unknown == NULL) {
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+
+ db = &policy->p->p;
+ *handle_unknown = db->handle_unknown;
+
+ return STATUS_SUCCESS;
+}
+
int qpol_policy_get_type(const qpol_policy_t * policy, int *type)
{
if (!policy || !type) {
@@ -1534,6 +1592,55 @@ int qpol_policy_has_capability(const qpol_policy_t * policy, qpol_capability_e c
return 1;
break;
}
+ case QPOL_CAP_BOUNDS:
+ {
+ if (version >= 24 && policy->type != QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ if (version >= 9 && policy->type == QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ break;
+ }
+ case QPOL_CAP_PERMISSIVE:
+ {
+ if (version >= 23 && policy->type != QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ if (version >= 8 && policy->type == QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ break;
+ }
+ case QPOL_CAP_FILENAME_TRANS:
+ {
+ if (version >= 25 && policy->type != QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ if (version >= 11 && policy->type == QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ break;
+ }
+ case QPOL_CAP_ROLETRANS:
+ {
+ if (version >= 26 && policy->type != QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ if (version >= 12 && policy->type == QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ break;
+ }
+ /* This indicates the user, role and range - types were ate 28/16 */
+ case QPOL_CAP_DEFAULT_OBJECTS:
+ {
+ if (version >= 27 && policy->type != QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ if (version >= 15 && policy->type == QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ break;
+ }
+ case QPOL_CAP_DEFAULT_TYPE:
+ {
+ if (version >= 28 && policy->type != QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ if (version >= 16 && policy->type == QPOL_POLICY_MODULE_BINARY)
+ return 1;
+ break;
+ }
case QPOL_CAP_RULES_LOADED:
{
if (!(policy->options & QPOL_POLICY_OPTION_NO_RULES))
diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
index fad6b60..15f70ba 100644
--- a/libqpol/src/policy_define.c
+++ b/libqpol/src/policy_define.c
@@ -3,6 +3,8 @@
*
* This file is based upon checkpolicy/policy_define.c from NSA's SVN
* repository. It has been modified to support older policy formats.
+ * The older format just seems to be PSID support (see
+ * int define_fs_use(int behavior).
*/
/*
@@ -33,7 +35,7 @@
*/
/* FLASK */
-
+/* Required for SETools libqpol */
#include <config.h>
#include <sys/types.h>
@@ -54,6 +56,7 @@
#include <sepol/policydb/conditional.h>
#include <sepol/policydb/flask.h>
#include <sepol/policydb/hierarchy.h>
+/* Required for SETools libqpol */
#ifdef HAVE_SEPOL_POLICYCAPS
#include <sepol/policydb/polcaps.h>
#endif
@@ -62,15 +65,15 @@
#endif
#include "queue.h"
+/* Required for SETools libqpol - Removed #include "checkpolicy.h"*/
#include <qpol/policy.h>
+
#include "module_compiler.h"
#include "policy_define.h"
policydb_t *policydbp;
queue_t id_queue = 0;
unsigned int pass;
-static int load_rules;
-static unsigned int num_rules = 0;
char *curfile = 0;
int mlspol = 0;
@@ -82,12 +85,15 @@ extern int yywarn(char *msg);
extern int yyerror(char *msg);
#define ERRORMSG_LEN 255
-static char errormsg[ERRORMSG_LEN + 1] = { 0 };
+static char errormsg[ERRORMSG_LEN + 1] = {0};
static int id_has_dot(char *id);
-static int parse_security_context(context_struct_t * c);
+static int parse_security_context(context_struct_t *c);
/* initialize all of the state variables for the scanner/parser */
+/* Modified for SETools libqpol */
+static int load_rules;
+static unsigned int num_rules = 0;
void init_parser(int pass_number, int do_rules)
{
policydb_lineno = 1;
@@ -107,6 +113,7 @@ void yyerror2(char *fmt, ...)
va_end(ap);
}
+/* Required for SETools libqpol */
int define_mls(void)
{
mlspol = 1;
@@ -115,6 +122,7 @@ int define_mls(void)
return 0;
}
+/* Required for SETools libqpol */
/* Add a rule onto an avtab hash table only if it does not already
* exist. (Note that the avtab is discarded afterwards; it will be
* regenerated during expansion.) Return 1 if rule was added (or
@@ -135,11 +143,13 @@ static int insert_check_type_rule(avrule_t * rule, avtab_t * avtab, cond_av_list
#endif
ret = expand_rule(NULL, policydbp, rule, avtab, list, other, 0);
+
if (ret < 0) {
yyerror("Failed on expanding rule");
}
return ret;
}
+
int insert_separator(int push)
{
int error;
@@ -217,24 +227,24 @@ int define_class(void)
ret = declare_symbol(SYM_CLASSES, id, datum, &value, &value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto bad;
- }
+ yyerror("Out of memory!");
+ goto bad;
+ }
case -2:{
- yyerror2("duplicate declaration of class %s", id);
- goto bad;
- }
+ yyerror2("duplicate declaration of class %s", id);
+ goto bad;
+ }
case -1:{
- yyerror("could not declare class here");
- goto bad;
- }
+ yyerror("could not declare class here");
+ goto bad;
+ }
case 0:
case 1:{
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
datum->s.value = value;
return 0;
@@ -282,12 +292,13 @@ int define_permissive(void)
rc = -1;
goto out;
}
+/* Required for SETools libqpol */
#ifdef HAVE_SEPOL_PERMISSIVE_TYPES
t->flags |= TYPE_FLAGS_PERMISSIVE;
#else
yyerror("This version of SETools does not have permissive types enabled.");
#endif
- out:
+out:
free(type);
return rc;
}
@@ -308,6 +319,7 @@ int define_polcap(void)
yyerror("no capability name for policycap definition?");
goto bad;
}
+/* Required for SETools libqpol */
#ifdef HAVE_SEPOL_POLICYCAPS
/* Check for valid cap name -> number mapping */
capnum = sepol_polcap_getnum(id);
@@ -384,6 +396,178 @@ int define_initial_sid(void)
return -1;
}
+static int read_classes(ebitmap_t *e_classes)
+{
+ char *id;
+ class_datum_t *cladatum;
+
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ return -1;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table, id);
+ if (!cladatum) {
+ yyerror2("unknown class %s", id);
+ return -1;
+ }
+ if (ebitmap_set_bit(e_classes, cladatum->s.value - 1, TRUE)) {
+ yyerror("Out of memory");
+ return -1;
+ }
+ free(id);
+ }
+ return 0;
+}
+
+int define_default_user(int which)
+{
+ char *id;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+/* Required for SETools libqpol */
+#ifdef HAVE_SEPOL_NEW_OBJECT_DEFAULTS
+ class_datum_t *cladatum;
+
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ return -1;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table, id);
+ if (!cladatum) {
+ yyerror2("unknown class %s", id);
+ return -1;
+ }
+ if (cladatum->default_user && cladatum->default_user != which) {
+ yyerror2("conflicting default user information for class %s", id);
+ return -1;
+ }
+ cladatum->default_user = which;
+ free(id);
+ }
+
+ return 0;
+#else
+ yyerror("This version of SETools does not have default_user enabled.");
+#endif
+}
+
+int define_default_role(int which)
+{
+ char *id;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+/* Required for SETools libqpol */
+#ifdef HAVE_SEPOL_NEW_OBJECT_DEFAULTS
+ class_datum_t *cladatum;
+
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ return -1;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table, id);
+ if (!cladatum) {
+ yyerror2("unknown class %s", id);
+ return -1;
+ }
+ if (cladatum->default_role && cladatum->default_role != which) {
+ yyerror2("conflicting default role information for class %s", id);
+ return -1;
+ }
+ cladatum->default_role = which;
+ free(id);
+ }
+
+ return 0;
+#else
+ yyerror("This version of SETools does not have default_role enabled.");
+#endif
+}
+
+int define_default_type(int which)
+{
+ char *id;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+/* Required for SETools libqpol */
+#ifdef HAVE_SEPOL_DEFAULT_TYPE
+ class_datum_t *cladatum;
+
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ return -1;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table, id);
+ if (!cladatum) {
+ yyerror2("unknown class %s", id);
+ return -1;
+ }
+ if (cladatum->default_type && cladatum->default_type != which) {
+ yyerror2("conflicting default type information for class %s", id);
+ return -1;
+ }
+ cladatum->default_type = which;
+ free(id);
+ }
+
+ return 0;
+#else
+ yyerror("This version of SETools does not have default_type enabled.");
+#endif
+}
+
+int define_default_range(int which)
+{
+ char *id;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+/* Required for SETools libqpol */
+#ifdef HAVE_SEPOL_NEW_OBJECT_DEFAULTS
+ class_datum_t *cladatum;
+
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ return -1;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table, id);
+ if (!cladatum) {
+ yyerror2("unknown class %s", id);
+ return -1;
+ }
+ if (cladatum->default_range && cladatum->default_range != which) {
+ yyerror2("conflicting default range information for class %s", id);
+ return -1;
+ }
+ cladatum->default_range = which;
+ free(id);
+ }
+
+ return 0;
+#else
+ yyerror("This version of SETools does not have default_range enabled.");
+#endif
+}
+
int define_common_perms(void)
{
char *id = 0, *perm = 0;
@@ -413,7 +597,8 @@ int define_common_perms(void)
goto bad;
}
memset(comdatum, 0, sizeof(common_datum_t));
- ret = hashtab_insert(policydbp->p_commons.table, (hashtab_key_t) id, (hashtab_datum_t) comdatum);
+ ret = hashtab_insert(policydbp->p_commons.table,
+ (hashtab_key_t) id, (hashtab_datum_t) comdatum);
if (ret == SEPOL_EEXIST) {
yyerror("duplicate common definition");
@@ -439,13 +624,17 @@ int define_common_perms(void)
perdatum->s.value = comdatum->permissions.nprim + 1;
if (perdatum->s.value > (sizeof(sepol_access_vector_t) * 8)) {
- yyerror("too many permissions to fit in an access vector");
+ yyerror
+ ("too many permissions to fit in an access vector");
goto bad_perm;
}
- ret = hashtab_insert(comdatum->permissions.table, (hashtab_key_t) perm, (hashtab_datum_t) perdatum);
+ ret = hashtab_insert(comdatum->permissions.table,
+ (hashtab_key_t) perm,
+ (hashtab_datum_t) perdatum);
if (ret == SEPOL_EEXIST) {
- yyerror2("duplicate permission %s in common %s", perm, id);
+ yyerror2("duplicate permission %s in common %s", perm,
+ id);
goto bad_perm;
}
if (ret == SEPOL_ENOMEM) {
@@ -491,7 +680,8 @@ int define_av_perms(int inherits)
yyerror("no tclass name for av perm definition?");
return -1;
}
- cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table, (hashtab_key_t) id);
+ cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ (hashtab_key_t) id);
if (!cladatum) {
yyerror2("class %s is not defined", id);
goto bad;
@@ -509,10 +699,14 @@ int define_av_perms(int inherits)
if (inherits) {
id = (char *)queue_remove(id_queue);
if (!id) {
- yyerror("no inherits name for access vector definition?");
+ yyerror
+ ("no inherits name for access vector definition?");
return -1;
}
- comdatum = (common_datum_t *) hashtab_search(policydbp->p_commons.table, (hashtab_key_t) id);
+ comdatum =
+ (common_datum_t *) hashtab_search(policydbp->p_commons.
+ table,
+ (hashtab_key_t) id);
if (!comdatum) {
yyerror2("common %s is not defined", id);
@@ -537,7 +731,8 @@ int define_av_perms(int inherits)
perdatum->s.value = ++cladatum->permissions.nprim;
if (perdatum->s.value > (sizeof(sepol_access_vector_t) * 8)) {
- yyerror("too many permissions to fit in an access vector");
+ yyerror
+ ("too many permissions to fit in an access vector");
goto bad;
}
if (inherits) {
@@ -546,13 +741,19 @@ int define_av_perms(int inherits)
* common permissions exist in the same
* name space.
*/
- perdatum2 = (perm_datum_t *) hashtab_search(cladatum->comdatum->permissions.table, (hashtab_key_t) id);
+ perdatum2 =
+ (perm_datum_t *) hashtab_search(cladatum->comdatum->
+ permissions.table,
+ (hashtab_key_t) id);
if (perdatum2) {
- yyerror2("permission %s conflicts with an " "inherited permission", id);
+ yyerror2("permission %s conflicts with an "
+ "inherited permission", id);
goto bad;
}
}
- ret = hashtab_insert(cladatum->permissions.table, (hashtab_key_t) id, (hashtab_datum_t) perdatum);
+ ret = hashtab_insert(cladatum->permissions.table,
+ (hashtab_key_t) id,
+ (hashtab_datum_t) perdatum);
if (ret == SEPOL_EEXIST) {
yyerror2("duplicate permission %s", id);
@@ -584,7 +785,7 @@ int define_sens(void)
mls_level_t *level = 0;
level_datum_t *datum = 0, *aliasdatum = 0;
int ret;
- uint32_t value; /* dummy variable -- its value is never used */
+ uint32_t value; /* dummy variable -- its value is never used */
if (!mlspol) {
yyerror("sensitivity definition in non-MLS configuration");
@@ -612,8 +813,8 @@ int define_sens(void)
goto bad;
}
mls_level_init(level);
- level->sens = 0; /* actual value set in define_dominance */
- ebitmap_init(&level->cat); /* actual value set in define_level */
+ level->sens = 0; /* actual value set in define_dominance */
+ ebitmap_init(&level->cat); /* actual value set in define_level */
datum = (level_datum_t *) malloc(sizeof(level_datum_t));
if (!datum) {
@@ -627,24 +828,24 @@ int define_sens(void)
ret = declare_symbol(SYM_LEVELS, id, datum, &value, &value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto bad;
- }
+ yyerror("Out of memory!");
+ goto bad;
+ }
case -2:{
- yyerror("duplicate declaration of sensitivity level");
- goto bad;
- }
+ yyerror("duplicate declaration of sensitivity level");
+ goto bad;
+ }
case -1:{
- yyerror("could not declare sensitivity level here");
- goto bad;
- }
+ yyerror("could not declare sensitivity level here");
+ goto bad;
+ }
case 0:
case 1:{
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
while ((id = queue_remove(id_queue))) {
@@ -664,24 +865,26 @@ int define_sens(void)
ret = declare_symbol(SYM_LEVELS, id, aliasdatum, NULL, &value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto bad_alias;
- }
+ yyerror("Out of memory!");
+ goto bad_alias;
+ }
case -2:{
- yyerror("duplicate declaration of sensitivity alias");
- goto bad_alias;
- }
+ yyerror
+ ("duplicate declaration of sensitivity alias");
+ goto bad_alias;
+ }
case -1:{
- yyerror("could not declare sensitivity alias here");
- goto bad_alias;
- }
+ yyerror
+ ("could not declare sensitivity alias here");
+ goto bad_alias;
+ }
case 0:
case 1:{
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
@@ -727,14 +930,18 @@ int define_dominance(void)
order = 0;
while ((id = (char *)queue_remove(id_queue))) {
- datum = (level_datum_t *) hashtab_search(policydbp->p_levels.table, (hashtab_key_t) id);
+ datum =
+ (level_datum_t *) hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
if (!datum) {
- yyerror2("unknown sensitivity %s used in dominance " "definition", id);
+ yyerror2("unknown sensitivity %s used in dominance "
+ "definition", id);
free(id);
return -1;
}
if (datum->level->sens != 0) {
- yyerror2("sensitivity %s occurs multiply in dominance " "definition", id);
+ yyerror2("sensitivity %s occurs multiply in dominance "
+ "definition", id);
free(id);
return -1;
}
@@ -745,7 +952,8 @@ int define_dominance(void)
}
if (order != policydbp->p_levels.nprim) {
- yyerror("all sensitivities must be specified in dominance definition");
+ yyerror
+ ("all sensitivities must be specified in dominance definition");
return -1;
}
return 0;
@@ -789,24 +997,24 @@ int define_category(void)
ret = declare_symbol(SYM_CATS, id, datum, &value, &value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto bad;
- }
+ yyerror("Out of memory!");
+ goto bad;
+ }
case -2:{
- yyerror("duplicate declaration of category");
- goto bad;
- }
+ yyerror("duplicate declaration of category");
+ goto bad;
+ }
case -1:{
- yyerror("could not declare category here");
- goto bad;
- }
+ yyerror("could not declare category here");
+ goto bad;
+ }
case 0:
case 1:{
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
datum->s.value = value;
@@ -824,27 +1032,31 @@ int define_category(void)
aliasdatum->isalias = TRUE;
aliasdatum->s.value = datum->s.value;
- ret = declare_symbol(SYM_CATS, id, aliasdatum, NULL, &datum->s.value);
+ ret =
+ declare_symbol(SYM_CATS, id, aliasdatum, NULL,
+ &datum->s.value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto bad_alias;
- }
+ yyerror("Out of memory!");
+ goto bad_alias;
+ }
case -2:{
- yyerror("duplicate declaration of category aliases");
- goto bad_alias;
- }
+ yyerror
+ ("duplicate declaration of category aliases");
+ goto bad_alias;
+ }
case -1:{
- yyerror("could not declare category aliases here");
- goto bad_alias;
- }
+ yyerror
+ ("could not declare category aliases here");
+ goto bad_alias;
+ }
case 0:
case 1:{
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
@@ -911,14 +1123,16 @@ int define_level(void)
yyerror("no level name for level definition?");
return -1;
}
- levdatum = (level_datum_t *) hashtab_search(policydbp->p_levels.table, (hashtab_key_t) id);
+ levdatum = (level_datum_t *) hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
if (!levdatum) {
yyerror2("unknown sensitivity %s used in level definition", id);
free(id);
return -1;
}
if (ebitmap_length(&levdatum->level->cat)) {
- yyerror2("sensitivity %s used in multiple level definitions", id);
+ yyerror2("sensitivity %s used in multiple level definitions",
+ id);
free(id);
return -1;
}
@@ -936,16 +1150,22 @@ int define_level(void)
*(id_end++) = '\0';
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t)
- id_start);
+ cdatum =
+ (cat_datum_t *) hashtab_search(policydbp->p_cats.
+ table,
+ (hashtab_key_t)
+ id_start);
if (!cdatum) {
yyerror2("unknown category %s", id_start);
free(id);
return -1;
}
range_start = cdatum->s.value - 1;
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t)
- id_end);
+ cdatum =
+ (cat_datum_t *) hashtab_search(policydbp->p_cats.
+ table,
+ (hashtab_key_t)
+ id_end);
if (!cdatum) {
yyerror2("unknown category %s", id_end);
free(id);
@@ -959,7 +1179,10 @@ int define_level(void)
return -1;
}
} else {
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t) id);
+ cdatum =
+ (cat_datum_t *) hashtab_search(policydbp->p_cats.
+ table,
+ (hashtab_key_t) id);
range_start = range_end = cdatum->s.value - 1;
}
@@ -974,7 +1197,8 @@ int define_level(void)
free(id);
}
- if (hashtab_map(policydbp->p_levels.table, clone_level, levdatum->level)) {
+ if (hashtab_map
+ (policydbp->p_levels.table, clone_level, levdatum->level)) {
yyerror("out of memory");
return -1;
}
@@ -1003,7 +1227,8 @@ static int add_aliases_to_type(type_datum_t * type)
while ((id = queue_remove(id_queue))) {
if (id_has_dot(id)) {
free(id);
- yyerror("type alias identifiers may not contain periods");
+ yyerror
+ ("type alias identifiers may not contain periods");
return -1;
}
aliasdatum = (type_datum_t *) malloc(sizeof(type_datum_t));
@@ -1015,39 +1240,40 @@ static int add_aliases_to_type(type_datum_t * type)
memset(aliasdatum, 0, sizeof(type_datum_t));
aliasdatum->s.value = type->s.value;
- ret = declare_symbol(SYM_TYPES, id, aliasdatum, NULL, &aliasdatum->s.value);
+ ret = declare_symbol(SYM_TYPES, id, aliasdatum,
+ NULL, &aliasdatum->s.value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto cleanup;
- }
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
case -2:{
- yyerror2("duplicate declaration of alias %s", id);
- goto cleanup;
- }
+ yyerror2("duplicate declaration of alias %s",
+ id);
+ goto cleanup;
+ }
case -1:{
- yyerror("could not declare alias here");
- goto cleanup;
- }
- case 0:
- break;
+ yyerror("could not declare alias here");
+ goto cleanup;
+ }
+ case 0: break;
case 1:{
- /* ret == 1 means the alias was required and therefore already
- * has a value. Set it up as an alias with a different primary. */
- type_datum_destroy(aliasdatum);
- free(aliasdatum);
+ /* ret == 1 means the alias was required and therefore already
+ * has a value. Set it up as an alias with a different primary. */
+ type_datum_destroy(aliasdatum);
+ free(aliasdatum);
- aliasdatum = hashtab_search(policydbp->symtab[SYM_TYPES].table, id);
- assert(aliasdatum);
+ aliasdatum = hashtab_search(policydbp->symtab[SYM_TYPES].table, id);
+ assert(aliasdatum);
- aliasdatum->primary = type->s.value;
- aliasdatum->flavor = TYPE_ALIAS;
+ aliasdatum->primary = type->s.value;
+ aliasdatum->flavor = TYPE_ALIAS;
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
}
return 0;
@@ -1082,11 +1308,11 @@ int define_typealias(void)
}
t = hashtab_search(policydbp->p_types.table, id);
if (!t || t->flavor == TYPE_ATTRIB) {
- yyerror2("unknown type %s, or it was already declared as an " "attribute", id);
+ yyerror2("unknown type %s, or it was already declared as an "
+ "attribute", id);
free(id);
return -1;
}
- free(id);
return add_aliases_to_type(t);
}
@@ -1118,7 +1344,6 @@ int define_typeattribute(void)
free(id);
return -1;
}
- free(id);
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_TYPES, id)) {
@@ -1191,7 +1416,8 @@ static int define_typebounds_helper(char *bounds_id, char *type_id)
else if (type->bounds != bounds->s.value) {
yyerror2("type %s has inconsistent master {%s,%s}",
type_id,
- policydbp->p_type_val_to_name[type->bounds - 1], policydbp->p_type_val_to_name[bounds->s.value - 1]);
+ policydbp->p_type_val_to_name[type->bounds - 1],
+ policydbp->p_type_val_to_name[bounds->s.value - 1]);
return -1;
}
@@ -1200,15 +1426,18 @@ static int define_typebounds_helper(char *bounds_id, char *type_id)
int define_typebounds(void)
{
- char *bounds, *id;
+ char *id;
if (pass == 1) {
while ((id = queue_remove(id_queue)))
free(id);
return 0;
}
+/* Required for SETools libqpol */
+#ifdef HAVE_SEPOL_BOUNDARY
+ char *bounds;
- bounds = (char *)queue_remove(id_queue);
+ bounds = (char *) queue_remove(id_queue);
if (!bounds) {
yyerror("no type name for typebounds definition?");
return -1;
@@ -1222,13 +1451,15 @@ int define_typebounds(void)
free(bounds);
return 0;
+#else
+ yyerror("This version of SETools does not have typebounds enabled.");
+#endif
}
int define_type(int alias)
{
char *id;
type_datum_t *datum, *attr;
- int newattr = 0;
if (pass == 2) {
/*
@@ -1241,7 +1472,7 @@ int define_type(int alias)
if ((delim = strrchr(id, '.'))
&& (bounds = strdup(id))) {
- bounds[(size_t) (delim - id)] = '\0';
+ bounds[(size_t)(delim - id)] = '\0';
if (define_typebounds_helper(bounds, id))
return -1;
@@ -1281,8 +1512,6 @@ int define_type(int alias)
/* treat it as a fatal error */
yyerror2("attribute %s is not declared", id);
return -1;
- } else {
- newattr = 0;
}
if (attr->flavor != TYPE_ATTRIB) {
@@ -1304,8 +1533,7 @@ int define_type(int alias)
return 0;
}
-struct val_to_name
-{
+struct val_to_name {
unsigned int val;
char *name;
};
@@ -1379,7 +1607,6 @@ int define_compute_type_helper(int which, avrule_t ** rule)
{
char *id;
type_datum_t *datum;
- class_datum_t *cladatum;
ebitmap_t tclasses;
ebitmap_node_t *node;
avrule_t *avrule;
@@ -1397,32 +1624,17 @@ int define_compute_type_helper(int which, avrule_t ** rule)
while ((id = queue_remove(id_queue))) {
if (set_types(&avrule->stypes, id, &add, 0))
- return -1;
+ goto bad;
}
add = 1;
while ((id = queue_remove(id_queue))) {
if (set_types(&avrule->ttypes, id, &add, 0))
- return -1;
+ goto bad;
}
ebitmap_init(&tclasses);
- while ((id = queue_remove(id_queue))) {
- if (!is_id_in_scope(SYM_CLASSES, id)) {
- yyerror2("class %s is not within scope", id);
- free(id);
- goto bad;
- }
- cladatum = hashtab_search(policydbp->p_classes.table, id);
- if (!cladatum) {
- yyerror2("unknown class %s", id);
- goto bad;
- }
- if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
- yyerror("Out of memory");
- goto bad;
- }
- free(id);
- }
+ if (read_classes(&tclasses))
+ goto bad;
id = (char *)queue_remove(id_queue);
if (!id) {
@@ -1434,22 +1646,22 @@ int define_compute_type_helper(int which, avrule_t ** rule)
free(id);
goto bad;
}
- datum = (type_datum_t *) hashtab_search(policydbp->p_types.table, (hashtab_key_t) id);
+ datum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
+ (hashtab_key_t) id);
if (!datum || datum->flavor == TYPE_ATTRIB) {
yyerror2("unknown type %s", id);
goto bad;
}
- free(id);
ebitmap_for_each_bit(&tclasses, node, i) {
if (ebitmap_node_get_bit(node, i)) {
perm = malloc(sizeof(class_perm_node_t));
if (!perm) {
yyerror("out of memory");
- return -1;
+ goto bad;
}
class_perm_node_init(perm);
- perm->class = i + 1;
+ perm->tclass = i + 1;
perm->data = datum->s.value;
perm->next = avrule->perms;
avrule->perms = perm;
@@ -1472,7 +1684,7 @@ int define_compute_type(int which)
avrule_t *avrule;
int retval;
- if (pass == 1 || (num_rules && !load_rules)) {
+ if (pass == 1 || (num_rules && !load_rules)) { /* Required for SETools libqpol */
while ((id = queue_remove(id_queue)))
free(id);
while ((id = queue_remove(id_queue)))
@@ -1519,7 +1731,7 @@ avrule_t *define_cond_compute_type(int which)
char *id;
avrule_t *avrule;
- if (pass == 1 || (num_rules && !load_rules)) {
+ if (pass == 1 || (num_rules && !load_rules)) { /* Required for SETools libqpol */
while ((id = queue_remove(id_queue)))
free(id);
while ((id = queue_remove(id_queue)))
@@ -1539,7 +1751,7 @@ avrule_t *define_cond_compute_type(int which)
return avrule;
}
-int define_bool(void)
+int define_bool_tunable(int is_tunable)
{
char *id, *bool_value;
cond_bool_datum_t *datum;
@@ -1569,27 +1781,29 @@ int define_bool(void)
return -1;
}
memset(datum, 0, sizeof(cond_bool_datum_t));
+ if (is_tunable)
+ datum->flags |= COND_BOOL_FLAGS_TUNABLE;
ret = declare_symbol(SYM_BOOLS, id, datum, &value, &value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto cleanup;
- }
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
case -2:{
- yyerror2("duplicate declaration of boolean %s", id);
- goto cleanup;
- }
+ yyerror2("duplicate declaration of boolean %s", id);
+ goto cleanup;
+ }
case -1:{
- yyerror("could not declare boolean here");
- goto cleanup;
- }
+ yyerror("could not declare boolean here");
+ goto cleanup;
+ }
case 0:
case 1:{
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
datum->s.value = value;
@@ -1601,7 +1815,6 @@ int define_bool(void)
}
datum->state = (int)(bool_value[0] == 'T') ? 1 : 0;
- free(bool_value);
return 0;
cleanup:
cond_destroy_bool(id, datum, NULL);
@@ -1610,7 +1823,7 @@ int define_bool(void)
avrule_t *define_cond_pol_list(avrule_t * avlist, avrule_t * sl)
{
- if (pass == 1 || (num_rules && !load_rules)) {
+ if (pass == 1 || (num_rules && !load_rules)) { /* Required for SETools libqpol */
/* return something so we get through pass 1 */
return (avrule_t *) 1;
}
@@ -1649,7 +1862,9 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
avrule->line = policydb_lineno;
while ((id = queue_remove(id_queue))) {
- if (set_types(&avrule->stypes, id, &add, which == AVRULE_NEVERALLOW ? 1 : 0)) {
+ if (set_types
+ (&avrule->stypes, id, &add,
+ which == AVRULE_NEVERALLOW ? 1 : 0)) {
ret = -1;
goto out;
}
@@ -1661,45 +1876,32 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
avrule->flags |= RULE_SELF;
continue;
}
- if (set_types(&avrule->ttypes, id, &add, which == AVRULE_NEVERALLOW ? 1 : 0)) {
+ if (set_types
+ (&avrule->ttypes, id, &add,
+ which == AVRULE_NEVERALLOW ? 1 : 0)) {
ret = -1;
goto out;
}
}
ebitmap_init(&tclasses);
- while ((id = queue_remove(id_queue))) {
- if (!is_id_in_scope(SYM_CLASSES, id)) {
- yyerror2("class %s is not within scope", id);
- ret = -1;
- goto out;
- }
- cladatum = hashtab_search(policydbp->p_classes.table, id);
- if (!cladatum) {
- yyerror2("unknown class %s used in rule", id);
- ret = -1;
- goto out;
- }
- if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
- yyerror("Out of memory");
- ret = -1;
- goto out;
- }
- free(id);
- }
+ ret = read_classes(&tclasses);
+ if (ret)
+ goto out;
perms = NULL;
ebitmap_for_each_bit(&tclasses, node, i) {
if (!ebitmap_node_get_bit(node, i))
continue;
- cur_perms = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
+ cur_perms =
+ (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
if (!cur_perms) {
yyerror("out of memory");
ret = -1;
goto out;
}
class_perm_node_init(cur_perms);
- cur_perms->class = i + 1;
+ cur_perms->tclass = i + 1;
if (!perms)
perms = cur_perms;
if (tail)
@@ -1728,21 +1930,29 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
goto next;
}
- perdatum = hashtab_search(cladatum->permissions.table, id);
+ perdatum =
+ hashtab_search(cladatum->permissions.table, id);
if (!perdatum) {
if (cladatum->comdatum) {
- perdatum = hashtab_search(cladatum->comdatum->permissions.table, id);
+ perdatum =
+ hashtab_search(cladatum->comdatum->
+ permissions.table,
+ id);
}
}
if (!perdatum) {
if (!suppress)
yyerror2("permission %s is not defined"
- " for class %s", id, policydbp->p_class_val_to_name[i]);
+ " for class %s", id,
+ policydbp->p_class_val_to_name[i]);
continue;
- } else if (!is_perm_in_scope(id, policydbp->p_class_val_to_name[i])) {
+ } else
+ if (!is_perm_in_scope
+ (id, policydbp->p_class_val_to_name[i])) {
if (!suppress) {
yyerror2("permission %s of class %s is"
- " not within scope", id, policydbp->p_class_val_to_name[i]);
+ " not within scope", id,
+ policydbp->p_class_val_to_name[i]);
}
continue;
} else {
@@ -1765,70 +1975,216 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
}
-avrule_t *define_cond_te_avtab(int which)
+avrule_t *define_cond_te_avtab(int which)
+{
+ char *id;
+ avrule_t *avrule;
+ int i;
+
+ if (pass == 1 || (num_rules && !load_rules)) { /* Required for SETools libqpol */
+ for (i = 0; i < 4; i++) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ }
+ return (avrule_t *) 1; /* any non-NULL value */
+ }
+
+ num_rules++;
+
+ if (define_te_avtab_helper(which, &avrule))
+ return COND_ERR;
+
+ return avrule;
+}
+
+int define_te_avtab(int which)
+{
+ char *id;
+ avrule_t *avrule;
+ int i;
+
+ if (pass == 1 || (num_rules && !load_rules)) { /* Required for SETools libqpol */
+ for (i = 0; i < 4; i++) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ }
+ return 0;
+ }
+
+ num_rules++;
+
+ if (define_te_avtab_helper(which, &avrule))
+ return -1;
+
+ /* append this avrule to the end of the current rules list */
+ append_avrule(avrule);
+ return 0;
+}
+
+/* The role-types rule is no longer used to declare regular role or
+ * role attribute, but solely aimed for declaring role-types associations.
+ */
+int define_role_types(void)
+{
+ role_datum_t *role;
+ char *id;
+ int add = 1;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no role name for role-types rule?");
+ return -1;
+ }
+
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("role %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+
+ role = hashtab_search(policydbp->p_roles.table, id);
+ if (!role) {
+ yyerror2("unknown role %s", id);
+ free(id);
+ return -1;
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_types(&role->types, id, &add, 0))
+ return -1;
+ }
+
+ return 0;
+}
+
+int define_attrib_role(void)
{
- char *id;
- avrule_t *avrule;
- int i;
-
- if (pass == 1 || (num_rules && !load_rules)) {
- for (i = 0; i < 4; i++) {
- while ((id = queue_remove(id_queue)))
- free(id);
- }
- return (avrule_t *) 1; /* any non-NULL value */
+ if (pass == 2) {
+ free(queue_remove(id_queue));
+ return 0;
}
- num_rules++;
-
- if (define_te_avtab_helper(which, &avrule))
- return COND_ERR;
+ /* Declare a role attribute */
+ if (declare_role(TRUE) == NULL)
+ return -1;
- return avrule;
+ return 0;
}
-int define_te_avtab(int which)
+int define_role_attr(void)
{
char *id;
- avrule_t *avrule;
- int i;
+ role_datum_t *r, *attr;
- if (pass == 1 || (num_rules && !load_rules)) {
- for (i = 0; i < 4; i++) {
- while ((id = queue_remove(id_queue)))
- free(id);
- }
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
return 0;
}
+
+ /* Declare a regular role */
+ if ((r = declare_role(FALSE)) == NULL)
+ return -1;
- num_rules++;
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("attribute %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ attr = hashtab_search(policydbp->p_roles.table, id);
+ if (!attr) {
+ /* treat it as a fatal error */
+ yyerror2("role attribute %s is not declared", id);
+ free(id);
+ return -1;
+ }
- if (define_te_avtab_helper(which, &avrule))
- return -1;
+ if (attr->flavor != ROLE_ATTRIB) {
+ yyerror2("%s is a regular role, not an attribute", id);
+ free(id);
+ return -1;
+ }
+
+ if ((attr = get_local_role(id, attr->s.value, 1)) == NULL) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+
+ if (ebitmap_set_bit(&attr->roles, (r->s.value - 1), TRUE)) {
+ yyerror("out of memory");
+ return -1;
+ }
+ }
- /* append this avrule to the end of the current rules list */
- append_avrule(avrule);
return 0;
}
-int define_role_types(void)
+int define_roleattribute(void)
{
- role_datum_t *role;
char *id;
- int add = 1;
+ role_datum_t *r, *attr;
- if (pass == 1) {
+ if (pass == 2) {
while ((id = queue_remove(id_queue)))
free(id);
return 0;
}
- if ((role = declare_role()) == NULL) {
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no role name for roleattribute definition?");
+ return -1;
+ }
+
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("role %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ r = hashtab_search(policydbp->p_roles.table, id);
+ /* We support adding one role attribute into another */
+ if (!r) {
+ yyerror2("unknown role %s", id);
+ free(id);
return -1;
}
+
while ((id = queue_remove(id_queue))) {
- if (set_types(&role->types, id, &add, 0))
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("attribute %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ attr = hashtab_search(policydbp->p_roles.table, id);
+ if (!attr) {
+ /* treat it as a fatal error */
+ yyerror2("role attribute %s is not declared", id);
+ free(id);
+ return -1;
+ }
+
+ if (attr->flavor != ROLE_ATTRIB) {
+ yyerror2("%s is a regular role, not an attribute", id);
+ free(id);
+ return -1;
+ }
+
+ if ((attr = get_local_role(id, attr->s.value, 1)) == NULL) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+
+ if (ebitmap_set_bit(&attr->roles, (r->s.value - 1), TRUE)) {
+ yyerror("out of memory");
return -1;
+ }
}
return 0;
@@ -1848,13 +2204,15 @@ role_datum_t *merge_roles_dom(role_datum_t * r1, role_datum_t * r2)
return NULL;
}
memset(new, 0, sizeof(role_datum_t));
- new->s.value = 0; /* temporary role */
+ new->s.value = 0; /* temporary role */
if (ebitmap_or(&new->dominates, &r1->dominates, &r2->dominates)) {
yyerror("out of memory");
+ free(new);
return NULL;
}
if (ebitmap_or(&new->types.types, &r1->types.types, &r2->types.types)) {
yyerror("out of memory");
+ free(new);
return NULL;
}
if (!r1->s.value) {
@@ -1874,7 +2232,8 @@ role_datum_t *merge_roles_dom(role_datum_t * r1, role_datum_t * r2)
}
/* This function eliminates the ordering dependency of role dominance rule */
-static int dominate_role_recheck(hashtab_key_t key, hashtab_datum_t datum, void *arg)
+static int dominate_role_recheck(hashtab_key_t key, hashtab_datum_t datum,
+ void *arg)
{
role_datum_t *rdp = (role_datum_t *) arg;
role_datum_t *rdatum = (role_datum_t *) datum;
@@ -1896,12 +2255,14 @@ static int dominate_role_recheck(hashtab_key_t key, hashtab_datum_t datum, void
/* raise types and dominates from dominated role */
ebitmap_for_each_bit(&rdp->dominates, node, i) {
if (ebitmap_node_get_bit(node, i))
- if (ebitmap_set_bit(&rdatum->dominates, i, TRUE))
+ if (ebitmap_set_bit
+ (&rdatum->dominates, i, TRUE))
goto oom;
}
ebitmap_for_each_bit(&types, node, i) {
if (ebitmap_node_get_bit(node, i))
- if (ebitmap_set_bit(&rdatum->types.types, i, TRUE))
+ if (ebitmap_set_bit
+ (&rdatum->types.types, i, TRUE))
goto oom;
}
ebitmap_destroy(&types);
@@ -1936,7 +2297,8 @@ role_datum_t *define_role_dom(role_datum_t * r)
free(role_id);
return NULL;
}
- role = (role_datum_t *) hashtab_search(policydbp->p_roles.table, role_id);
+ role = (role_datum_t *) hashtab_search(policydbp->p_roles.table,
+ role_id);
if (!role) {
role = (role_datum_t *) malloc(sizeof(role_datum_t));
if (!role) {
@@ -1945,27 +2307,31 @@ role_datum_t *define_role_dom(role_datum_t * r)
return NULL;
}
memset(role, 0, sizeof(role_datum_t));
- ret = declare_symbol(SYM_ROLES, (hashtab_key_t) role_id, (hashtab_datum_t) role, &role->s.value, &role->s.value);
+ ret =
+ declare_symbol(SYM_ROLES, (hashtab_key_t) role_id,
+ (hashtab_datum_t) role, &role->s.value,
+ &role->s.value);
switch (ret) {
case -3:{
- yyerror("Out of memory!");
- goto cleanup;
- }
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
case -2:{
- yyerror2("duplicate declaration of role %s", role_id);
- goto cleanup;
- }
+ yyerror2("duplicate declaration of role %s",
+ role_id);
+ goto cleanup;
+ }
case -1:{
- yyerror("could not declare role here");
- goto cleanup;
- }
+ yyerror("could not declare role here");
+ goto cleanup;
+ }
case 0:
case 1:{
- break;
- }
+ break;
+ }
default:{
- assert(0); /* should never get here */
- }
+ assert(0); /* should never get here */
+ }
}
if (ebitmap_set_bit(&role->dominates, role->s.value - 1, TRUE)) {
yyerror("Out of memory!");
@@ -1986,7 +2352,8 @@ role_datum_t *define_role_dom(role_datum_t * r)
}
ebitmap_for_each_bit(&types, node, i) {
if (ebitmap_node_get_bit(node, i))
- if (ebitmap_set_bit(&role->types.types, i, TRUE))
+ if (ebitmap_set_bit
+ (&role->types.types, i, TRUE))
goto oom;
}
ebitmap_destroy(&types);
@@ -2000,7 +2367,8 @@ role_datum_t *define_role_dom(role_datum_t * r)
* Now go through all the roles and escalate this role's
* dominates and types if a role dominates this role.
*/
- hashtab_map(policydbp->p_roles.table, dominate_role_recheck, role);
+ hashtab_map(policydbp->p_roles.table,
+ dominate_role_recheck, role);
}
return role;
cleanup:
@@ -2013,7 +2381,8 @@ role_datum_t *define_role_dom(role_datum_t * r)
goto cleanup;
}
-static int role_val_to_name_helper(hashtab_key_t key, hashtab_datum_t datum, void *p)
+static int role_val_to_name_helper(hashtab_key_t key, hashtab_datum_t datum,
+ void *p)
{
struct val_to_name *v = p;
role_datum_t *roldatum;
@@ -2076,17 +2445,18 @@ static int set_roles(role_set_t * set, char *id)
return 0;
}
-int define_role_trans(void)
+int define_role_trans(int class_specified)
{
char *id;
role_datum_t *role;
role_set_t roles;
type_set_t types;
- ebitmap_t e_types, e_roles;
- ebitmap_node_t *tnode, *rnode;
+ class_datum_t *cladatum;
+ ebitmap_t e_types, e_roles, e_classes;
+ ebitmap_node_t *tnode, *rnode, *cnode;
struct role_trans *tr = NULL;
struct role_trans_rule *rule = NULL;
- unsigned int i, j;
+ unsigned int i, j, k;
int add = 1;
if (pass == 1) {
@@ -2094,6 +2464,9 @@ int define_role_trans(void)
free(id);
while ((id = queue_remove(id_queue)))
free(id);
+ if (class_specified)
+ while ((id = queue_remove(id_queue)))
+ free(id);
id = queue_remove(id_queue);
free(id);
return 0;
@@ -2103,6 +2476,7 @@ int define_role_trans(void)
ebitmap_init(&e_roles);
type_set_init(&types);
ebitmap_init(&e_types);
+ ebitmap_init(&e_classes);
while ((id = queue_remove(id_queue))) {
if (set_roles(&roles, id))
@@ -2114,6 +2488,24 @@ int define_role_trans(void)
return -1;
}
+ if (class_specified) {
+ if (read_classes(&e_classes))
+ return -1;
+ } else {
+ cladatum = hashtab_search(policydbp->p_classes.table,
+ "process");
+ if (!cladatum) {
+ yyerror2("could not find process class for "
+ "legacy role_transition statement");
+ return -1;
+ }
+
+ if (ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE)) {
+ yyerror("out of memory");
+ return -1;
+ }
+ }
+
id = (char *)queue_remove(id_queue);
if (!id) {
yyerror("no new role in transition definition?");
@@ -2129,9 +2521,14 @@ int define_role_trans(void)
yyerror2("unknown role %s used in transition definition", id);
goto bad;
}
- free(id);
+
+ if (role->flavor != ROLE_ROLE) {
+ yyerror2("the new role %s must be a regular role", id);
+ goto bad;
+ }
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
+/* Required for SETools libqpol */
#ifdef HAVE_SEPOL_ROLE_ATTRS
if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
#elif HAVE_SEPOL_USER_ROLE_MAPPING
@@ -2150,26 +2547,37 @@ int define_role_trans(void)
ebitmap_for_each_bit(&e_types, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
-
- for (tr = policydbp->role_tr; tr; tr = tr->next) {
- if (tr->role == (i + 1) && tr->type == (j + 1)) {
- yyerror2("duplicate role transition for (%s,%s)",
- role_val_to_name(i + 1), policydbp->p_type_val_to_name[j]);
- goto bad;
+ ebitmap_for_each_bit(&e_classes, cnode, k) {
+ if (!ebitmap_node_get_bit(cnode, k))
+ continue;
+ for (tr = policydbp->role_tr; tr;
+ tr = tr->next) {
+ if (tr->role == (i + 1) &&
+ tr->type == (j + 1) &&
+ tr->tclass == (k + 1)) {
+ yyerror2("duplicate role "
+ "transition for "
+ "(%s,%s,%s)",
+ role_val_to_name(i+1),
+ policydbp->p_type_val_to_name[j],
+ policydbp->p_class_val_to_name[k]);
+ goto bad;
+ }
}
- }
- tr = malloc(sizeof(struct role_trans));
- if (!tr) {
- yyerror("out of memory");
- return -1;
+ tr = malloc(sizeof(struct role_trans));
+ if (!tr) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(tr, 0, sizeof(struct role_trans));
+ tr->role = i + 1;
+ tr->type = j + 1;
+ tr->tclass = k + 1;
+ tr->new_role = role->s.value;
+ tr->next = policydbp->role_tr;
+ policydbp->role_tr = tr;
}
- memset(tr, 0, sizeof(struct role_trans));
- tr->role = i + 1;
- tr->type = j + 1;
- tr->new_role = role->s.value;
- tr->next = policydbp->role_tr;
- policydbp->role_tr = tr;
}
}
/* Now add the real rule */
@@ -2181,6 +2589,7 @@ int define_role_trans(void)
memset(rule, 0, sizeof(struct role_trans_rule));
rule->roles = roles;
rule->types = types;
+ rule->classes = e_classes;
rule->new_role = role->s.value;
append_role_trans(rule);
@@ -2215,13 +2624,17 @@ int define_role_allow(void)
role_allow_rule_init(ra);
while ((id = queue_remove(id_queue))) {
- if (set_roles(&ra->roles, id))
+ if (set_roles(&ra->roles, id)) {
+ free(ra);
return -1;
+ }
}
while ((id = queue_remove(id_queue))) {
- if (set_roles(&ra->new_roles, id))
+ if (set_roles(&ra->new_roles, id)) {
+ free(ra);
return -1;
+ }
}
append_role_allow(ra);
@@ -2237,18 +2650,7 @@ avrule_t *define_cond_filename_trans(void)
int define_filename_trans(void)
{
- char *id, *name = NULL;
- type_set_t stypes, ttypes;
- ebitmap_t e_stypes, e_ttypes;
- ebitmap_t e_tclasses;
- ebitmap_node_t *snode, *tnode, *cnode;
- filename_trans_t *ft;
- filename_trans_rule_t *ftr;
- class_datum_t *cladatum;
- type_datum_t *typdatum;
- uint32_t otype;
- unsigned int c, s, t;
- int add;
+ char *id;
if (pass == 1) {
/* stype */
@@ -2268,7 +2670,19 @@ int define_filename_trans(void)
free(id);
return 0;
}
-
+/* Required for SETools libqpol */
+#ifdef HAVE_SEPOL_FILENAME_TRANS
+ char *name = NULL;
+ type_set_t stypes, ttypes;
+ ebitmap_t e_stypes, e_ttypes;
+ ebitmap_t e_tclasses;
+ ebitmap_node_t *snode, *tnode, *cnode;
+ filename_trans_t *ft;
+ filename_trans_rule_t *ftr;
+ type_datum_t *typdatum;
+ uint32_t otype;
+ unsigned int c, s, t;
+ int add;
add = 1;
type_set_init(&stypes);
@@ -2285,23 +2699,8 @@ int define_filename_trans(void)
}
ebitmap_init(&e_tclasses);
- while ((id = queue_remove(id_queue))) {
- if (!is_id_in_scope(SYM_CLASSES, id)) {
- yyerror2("class %s is not within scope", id);
- free(id);
- goto bad;
- }
- cladatum = hashtab_search(policydbp->p_classes.table, id);
- if (!cladatum) {
- yyerror2("unknown class %s", id);
- goto bad;
- }
- if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) {
- yyerror("Out of memory");
- goto bad;
- }
- free(id);
- }
+ if (read_classes(&e_tclasses))
+ goto bad;
id = (char *)queue_remove(id_queue);
if (!id) {
@@ -2360,8 +2759,7 @@ int define_filename_trans(void)
policydbp->p_class_val_to_name[c]);
goto bad;
}
- }
-
+ }
ft = malloc(sizeof(*ft));
if (!ft) {
yyerror("out of memory");
@@ -2383,7 +2781,6 @@ int define_filename_trans(void)
ft->otype = otype;
}
}
-
/* Now add the real rule since we didn't find any duplicates */
ftr = malloc(sizeof(*ftr));
if (!ftr) {
@@ -2410,6 +2807,9 @@ int define_filename_trans(void)
bad:
free(name);
return -1;
+#else
+ yyerror("This version of SETools does not have filename type_transition rules enabled.");
+#endif
}
static constraint_expr_t *constraint_expr_clone(constraint_expr_t * expr)
@@ -2433,7 +2833,8 @@ static constraint_expr_t *constraint_expr_clone(constraint_expr_t * expr)
newe->op = e->op;
if (newe->expr_type == CEXPR_NAMES) {
if (newe->attr & CEXPR_TYPE) {
- if (type_set_cpy(newe->type_names, e->type_names))
+ if (type_set_cpy
+ (newe->type_names, e->type_names))
goto oom;
} else {
if (ebitmap_cpy(&newe->names, &e->names))
@@ -2520,7 +2921,9 @@ int define_constraint(constraint_expr_t * expr)
free(id);
return -1;
}
- cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table, (hashtab_key_t) id);
+ cladatum =
+ (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ (hashtab_key_t) id);
if (!cladatum) {
yyerror2("class %s is not defined", id);
ebitmap_destroy(&classmap);
@@ -2536,6 +2939,7 @@ int define_constraint(constraint_expr_t * expr)
node = malloc(sizeof(struct constraint_node));
if (!node) {
yyerror("out of memory");
+ free(node);
return -1;
}
memset(node, 0, sizeof(constraint_node_t));
@@ -2547,6 +2951,7 @@ int define_constraint(constraint_expr_t * expr)
}
if (!node->expr) {
yyerror("out of memory");
+ free(node);
return -1;
}
node->permissions = 0;
@@ -2563,22 +2968,33 @@ int define_constraint(constraint_expr_t * expr)
cladatum = policydbp->class_val_to_struct[i];
node = cladatum->constraints;
- perdatum = (perm_datum_t *) hashtab_search(cladatum->permissions.table, (hashtab_key_t)
- id);
+ perdatum =
+ (perm_datum_t *) hashtab_search(cladatum->
+ permissions.
+ table,
+ (hashtab_key_t)
+ id);
if (!perdatum) {
if (cladatum->comdatum) {
- perdatum = (perm_datum_t *)
- hashtab_search(cladatum->comdatum->permissions.table, (hashtab_key_t)
- id);
+ perdatum =
+ (perm_datum_t *)
+ hashtab_search(cladatum->
+ comdatum->
+ permissions.
+ table,
+ (hashtab_key_t)
+ id);
}
if (!perdatum) {
- yyerror2("permission %s is not" " defined", id);
+ yyerror2("permission %s is not"
+ " defined", id);
free(id);
ebitmap_destroy(&classmap);
return -1;
}
}
- node->permissions |= (1 << (perdatum->s.value - 1));
+ node->permissions |=
+ (1 << (perdatum->s.value - 1));
}
}
free(id);
@@ -2647,7 +3063,9 @@ int define_validatetrans(constraint_expr_t * expr)
free(id);
return -1;
}
- cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table, (hashtab_key_t) id);
+ cladatum =
+ (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ (hashtab_key_t) id);
if (!cladatum) {
yyerror2("class %s is not defined", id);
ebitmap_destroy(&classmap);
@@ -2701,10 +3119,11 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
while ((id = queue_remove(id_queue)))
free(id);
}
- return 1; /* any non-NULL value */
+ return 1; /* any non-NULL value */
}
- if ((expr = malloc(sizeof(*expr))) == NULL || constraint_expr_init(expr) == -1) {
+ if ((expr = malloc(sizeof(*expr))) == NULL ||
+ constraint_expr_init(expr) == -1) {
yyerror("out of memory");
free(expr);
return 0;
@@ -2766,12 +3185,17 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
while ((id = (char *)queue_remove(id_queue))) {
if (expr->attr & CEXPR_USER) {
if (!is_id_in_scope(SYM_USERS, id)) {
- yyerror2("user %s is not within scope", id);
+ yyerror2("user %s is not within scope",
+ id);
constraint_expr_destroy(expr);
return 0;
}
- user = (user_datum_t *) hashtab_search(policydbp->p_users.table, (hashtab_key_t)
- id);
+ user =
+ (user_datum_t *) hashtab_search(policydbp->
+ p_users.
+ table,
+ (hashtab_key_t)
+ id);
if (!user) {
yyerror2("unknown user %s", id);
constraint_expr_destroy(expr);
@@ -2780,12 +3204,17 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
val = user->s.value;
} else if (expr->attr & CEXPR_ROLE) {
if (!is_id_in_scope(SYM_ROLES, id)) {
- yyerror2("role %s is not within scope", id);
+ yyerror2("role %s is not within scope",
+ id);
constraint_expr_destroy(expr);
return 0;
}
- role = (role_datum_t *) hashtab_search(policydbp->p_roles.table, (hashtab_key_t)
- id);
+ role =
+ (role_datum_t *) hashtab_search(policydbp->
+ p_roles.
+ table,
+ (hashtab_key_t)
+ id);
if (!role) {
yyerror2("unknown role %s", id);
constraint_expr_destroy(expr);
@@ -2814,22 +3243,19 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
ebitmap_destroy(&negset);
return (uintptr_t) expr;
default:
- yyerror("invalid constraint expression");
- constraint_expr_destroy(expr);
- return 0;
+ break;
}
yyerror("invalid constraint expression");
- free(expr);
+ constraint_expr_destroy(expr);
return 0;
}
int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
{
cond_expr_t *e;
- int depth, retval;
+ int depth;
cond_node_t cn, *cn_old;
- avrule_t *tmp, *last_tmp;
/* expression cannot be NULL */
if (!expr) {
@@ -2858,7 +3284,8 @@ int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
switch (e->expr_type) {
case COND_NOT:
if (depth < 0) {
- yyerror("illegal conditional expression; Bad NOT");
+ yyerror
+ ("illegal conditional expression; Bad NOT");
return -1;
}
break;
@@ -2868,14 +3295,16 @@ int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
case COND_EQ:
case COND_NEQ:
if (depth < 1) {
- yyerror("illegal conditional expression; Bad binary op");
+ yyerror
+ ("illegal conditional expression; Bad binary op");
return -1;
}
depth--;
break;
case COND_BOOL:
if (depth == (COND_EXPR_MAXDEPTH - 1)) {
- yyerror("conditional expression is like totally too deep");
+ yyerror
+ ("conditional expression is like totally too deep");
return -1;
}
depth++;
@@ -2908,11 +3337,14 @@ int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
return -1;
}
+ /* Required for SETools libqpol */
+ avrule_t *tmp, *last_tmp;
+ int retval;
/* verify te rules -- both true and false branches of conditional */
tmp = cn.avtrue_list;
last_tmp = NULL;
while (tmp) {
- if (!tmp->specified & AVRULE_TRANSITION)
+ if (!(tmp->specified & AVRULE_TRANSITION))
continue;
retval = insert_check_type_rule(tmp, &policydbp->te_cond_avtab, &cn_old->true_list, &cn_old->false_list);
switch (retval) {
@@ -2951,7 +3383,7 @@ int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
tmp = cn.avfalse_list;
last_tmp = NULL;
while (tmp) {
- if (!tmp->specified & AVRULE_TRANSITION)
+ if (!(tmp->specified & AVRULE_TRANSITION))
continue;
retval = insert_check_type_rule(tmp, &policydbp->te_cond_avtab, &cn_old->false_list, &cn_old->true_list);
switch (retval) {
@@ -3053,7 +3485,8 @@ cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void *arg2)
e2 = e2->next;
}
if (!e1 || e1->next) {
- yyerror("illegal left side of conditional binary op expression");
+ yyerror
+ ("illegal left side of conditional binary op expression");
free(expr);
return NULL;
}
@@ -3066,7 +3499,8 @@ cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void *arg2)
e2 = e2->next;
}
if (!e1 || e1->next) {
- yyerror("illegal right side of conditional binary op expression");
+ yyerror
+ ("illegal right side of conditional binary op expression");
free(expr);
return NULL;
}
@@ -3086,9 +3520,13 @@ cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void *arg2)
free(expr);
return NULL;
}
- bool_var = (cond_bool_datum_t *) hashtab_search(policydbp->p_bools.table, (hashtab_key_t) id);
+ bool_var =
+ (cond_bool_datum_t *) hashtab_search(policydbp->p_bools.
+ table,
+ (hashtab_key_t) id);
if (!bool_var) {
- yyerror2("unknown boolean %s in conditional expression", id);
+ yyerror2("unknown boolean %s in conditional expression",
+ id);
free(expr);
free(id);
return NULL;
@@ -3098,6 +3536,7 @@ cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void *arg2)
return expr;
default:
yyerror("illegal conditional expression");
+ free(expr);
return NULL;
}
}
@@ -3156,14 +3595,16 @@ static int parse_categories(char *id, level_datum_t * levdatum, ebitmap_t * cats
*(id_end++) = '\0';
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t)
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t)
id_start);
if (!cdatum) {
yyerror2("unknown category %s", id_start);
return -1;
}
range_start = cdatum->s.value - 1;
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t) id_end);
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id_end);
if (!cdatum) {
yyerror2("unknown category %s", id_end);
return -1;
@@ -3175,7 +3616,8 @@ static int parse_categories(char *id, level_datum_t * levdatum, ebitmap_t * cats
return -1;
}
} else {
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t) id);
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id);
if (!cdatum) {
yyerror2("unknown category %s", id);
return -1;
@@ -3188,7 +3630,9 @@ static int parse_categories(char *id, level_datum_t * levdatum, ebitmap_t * cats
uint32_t level_value = levdatum->level->sens - 1;
policydb_index_others(NULL, policydbp, 0);
yyerror2("category %s can not be associated "
- "with level %s", policydbp->p_cat_val_to_name[i], policydbp->p_sens_val_to_name[level_value]);
+ "with level %s",
+ policydbp->p_cat_val_to_name[i],
+ policydbp->p_sens_val_to_name[level_value]);
return -1;
}
if (ebitmap_set_bit(cats, i, TRUE)) {
@@ -3200,7 +3644,8 @@ static int parse_categories(char *id, level_datum_t * levdatum, ebitmap_t * cats
return 0;
}
-static int parse_semantic_categories(char *id, level_datum_t * levdatum, mls_semantic_cat_t ** cats)
+static int parse_semantic_categories(char *id, level_datum_t * levdatum,
+ mls_semantic_cat_t ** cats)
{
cat_datum_t *cdatum;
mls_semantic_cat_t *newcat;
@@ -3212,7 +3657,8 @@ static int parse_semantic_categories(char *id, level_datum_t * levdatum, mls_sem
*(id_end++) = '\0';
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t)
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t)
id_start);
if (!cdatum) {
yyerror2("unknown category %s", id_start);
@@ -3220,14 +3666,16 @@ static int parse_semantic_categories(char *id, level_datum_t * levdatum, mls_sem
}
range_start = cdatum->s.value;
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t) id_end);
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id_end);
if (!cdatum) {
yyerror2("unknown category %s", id_end);
return -1;
}
range_end = cdatum->s.value;
} else {
- cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table, (hashtab_key_t) id);
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id);
if (!cdatum) {
yyerror2("unknown category %s", id);
return -1;
@@ -3296,9 +3744,11 @@ int define_user(void)
}
levdatum = (level_datum_t *)
- hashtab_search(policydbp->p_levels.table, (hashtab_key_t) id);
+ hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
if (!levdatum) {
- yyerror2("unknown sensitivity %s used in user" " level definition", id);
+ yyerror2("unknown sensitivity %s used in user"
+ " level definition", id);
free(id);
return -1;
}
@@ -3307,7 +3757,8 @@ int define_user(void)
usrdatum->dfltlevel.sens = levdatum->level->sens;
while ((id = queue_remove(id_queue))) {
- if (parse_semantic_categories(id, levdatum, &usrdatum->dfltlevel.cat)) {
+ if (parse_semantic_categories(id, levdatum,
+ &usrdatum->dfltlevel.cat)) {
free(id);
return -1;
}
@@ -3318,9 +3769,11 @@ int define_user(void)
for (l = 0; l < 2; l++) {
levdatum = (level_datum_t *)
- hashtab_search(policydbp->p_levels.table, (hashtab_key_t) id);
+ hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
if (!levdatum) {
- yyerror2("unknown sensitivity %s used in user" " range definition", id);
+ yyerror2("unknown sensitivity %s used in user"
+ " range definition", id);
free(id);
return -1;
}
@@ -3329,7 +3782,8 @@ int define_user(void)
usrdatum->range.level[l].sens = levdatum->level->sens;
while ((id = queue_remove(id_queue))) {
- if (parse_semantic_categories(id, levdatum, &usrdatum->range.level[l].cat)) {
+ if (parse_semantic_categories(id, levdatum,
+ &usrdatum->range.level[l].cat)) {
free(id);
return -1;
}
@@ -3342,7 +3796,8 @@ int define_user(void)
}
if (l == 0) {
- if (mls_semantic_level_cpy(&usrdatum->range.level[1], &usrdatum->range.level[0])) {
+ if (mls_semantic_level_cpy(&usrdatum->range.level[1],
+ &usrdatum->range.level[0])) {
yyerror("out of memory");
return -1;
}
@@ -3362,11 +3817,11 @@ static int parse_security_context(context_struct_t * c)
if (pass == 1) {
id = queue_remove(id_queue);
- free(id); /* user */
+ free(id); /* user */
id = queue_remove(id_queue);
- free(id); /* role */
+ free(id); /* role */
id = queue_remove(id_queue);
- free(id); /* type */
+ free(id); /* type */
if (mlspol) {
id = queue_remove(id_queue);
free(id);
@@ -3383,6 +3838,12 @@ static int parse_security_context(context_struct_t * c)
return 0;
}
+ /* check context c to make sure ok to dereference c later */
+ if (c == NULL) {
+ yyerror("null context pointer!");
+ return -1;
+ }
+
context_init(c);
/* extract the user */
@@ -3396,7 +3857,8 @@ static int parse_security_context(context_struct_t * c)
free(id);
goto bad;
}
- usrdatum = (user_datum_t *) hashtab_search(policydbp->p_users.table, (hashtab_key_t) id);
+ usrdatum = (user_datum_t *) hashtab_search(policydbp->p_users.table,
+ (hashtab_key_t) id);
if (!usrdatum) {
yyerror2("user %s is not defined", id);
free(id);
@@ -3418,7 +3880,8 @@ static int parse_security_context(context_struct_t * c)
free(id);
return -1;
}
- role = (role_datum_t *) hashtab_search(policydbp->p_roles.table, (hashtab_key_t) id);
+ role = (role_datum_t *) hashtab_search(policydbp->p_roles.table,
+ (hashtab_key_t) id);
if (!role) {
yyerror2("role %s is not defined", id);
free(id);
@@ -3440,7 +3903,8 @@ static int parse_security_context(context_struct_t * c)
free(id);
return -1;
}
- typdatum = (type_datum_t *) hashtab_search(policydbp->p_types.table, (hashtab_key_t) id);
+ typdatum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
+ (hashtab_key_t) id);
if (!typdatum || typdatum->flavor == TYPE_ATTRIB) {
yyerror2("type %s is not defined or is an attribute", id);
free(id);
@@ -3455,14 +3919,16 @@ static int parse_security_context(context_struct_t * c)
/* extract the low sensitivity */
id = (char *)queue_head(id_queue);
if (!id) {
- yyerror("no sensitivity name for sid context" " definition?");
+ yyerror("no sensitivity name for sid context"
+ " definition?");
return -1;
}
id = (char *)queue_remove(id_queue);
for (l = 0; l < 2; l++) {
levdatum = (level_datum_t *)
- hashtab_search(policydbp->p_levels.table, (hashtab_key_t) id);
+ hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
if (!levdatum) {
yyerror2("Sensitivity %s is not defined", id);
free(id);
@@ -3473,7 +3939,8 @@ static int parse_security_context(context_struct_t * c)
/* extract low category set */
while ((id = queue_remove(id_queue))) {
- if (parse_categories(id, levdatum, &c->range.level[l].cat)) {
+ if (parse_categories(id, levdatum,
+ &c->range.level[l].cat)) {
free(id);
return -1;
}
@@ -3488,7 +3955,8 @@ static int parse_security_context(context_struct_t * c)
if (l == 0) {
c->range.level[1].sens = c->range.level[0].sens;
- if (ebitmap_cpy(&c->range.level[1].cat, &c->range.level[0].cat)) {
+ if (ebitmap_cpy(&c->range.level[1].cat,
+ &c->range.level[0].cat)) {
yyerror("out of memory");
goto bad;
@@ -3554,12 +4022,10 @@ int define_fs_context(unsigned int major, unsigned int minor)
{
ocontext_t *newc, *c, *head;
-#ifdef SEPOL_TARGET_XEN
if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
yyerror("fscon not supported for target");
return -1;
}
-#endif
if (pass == 1) {
parse_security_context(NULL);
@@ -3597,7 +4063,8 @@ int define_fs_context(unsigned int major, unsigned int minor)
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- yyerror2("duplicate entry for file system %s", newc->u.name);
+ yyerror2("duplicate entry for file system %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
context_destroy(&newc->context[1]);
free(newc->u.name);
@@ -3617,17 +4084,13 @@ int define_pirq_context(unsigned int pirq)
ocontext_t *newc, *c, *l, *head;
char *id;
-#ifndef SEPOL_TARGET_XEN
- yyerror("pirqcon not supported for target");
- return -1;
-#else
if (policydbp->target_platform != SEPOL_TARGET_XEN) {
yyerror("pirqcon not supported for target");
return -1;
}
if (pass == 1) {
- id = (char *)queue_remove(id_queue);
+ id = (char *) queue_remove(id_queue);
free(id);
parse_security_context(NULL);
return 0;
@@ -3665,10 +4128,9 @@ int define_pirq_context(unsigned int pirq)
return 0;
- bad:
+bad:
free(newc);
return -1;
-#endif
}
int define_iomem_context(unsigned long low, unsigned long high)
@@ -3676,10 +4138,6 @@ int define_iomem_context(unsigned long low, unsigned long high)
ocontext_t *newc, *c, *l, *head;
char *id;
-#ifndef SEPOL_TARGET_XEN
- yyerror("iomemcon not supported for target");
- return -1;
-#else
if (policydbp->target_platform != SEPOL_TARGET_XEN) {
yyerror("iomemcon not supported for target");
return -1;
@@ -3699,7 +4157,7 @@ int define_iomem_context(unsigned long low, unsigned long high)
}
memset(newc, 0, sizeof(ocontext_t));
- newc->u.iomem.low_iomem = low;
+ newc->u.iomem.low_iomem = low;
newc->u.iomem.high_iomem = high;
if (low > high) {
@@ -3720,7 +4178,9 @@ int define_iomem_context(unsigned long low, unsigned long high)
low2 = c->u.iomem.low_iomem;
high2 = c->u.iomem.high_iomem;
if (low <= high2 && low2 <= high) {
- yyerror2("iomemcon entry for 0x%x-0x%x overlaps with " "earlier entry 0x%x-0x%x", low, high, low2, high2);
+ yyerror2("iomemcon entry for 0x%x-0x%x overlaps with "
+ "earlier entry 0x%x-0x%x", low, high,
+ low2, high2);
goto bad;
}
}
@@ -3732,10 +4192,9 @@ int define_iomem_context(unsigned long low, unsigned long high)
return 0;
- bad:
+bad:
free(newc);
return -1;
-#endif
}
int define_ioport_context(unsigned long low, unsigned long high)
@@ -3743,10 +4202,6 @@ int define_ioport_context(unsigned long low, unsigned long high)
ocontext_t *newc, *c, *l, *head;
char *id;
-#ifndef SEPOL_TARGET_XEN
- yyerror("ioportcon not supported for target");
- return -1;
-#else
if (policydbp->target_platform != SEPOL_TARGET_XEN) {
yyerror("ioportcon not supported for target");
return -1;
@@ -3766,7 +4221,7 @@ int define_ioport_context(unsigned long low, unsigned long high)
}
memset(newc, 0, sizeof(ocontext_t));
- newc->u.ioport.low_ioport = low;
+ newc->u.ioport.low_ioport = low;
newc->u.ioport.high_ioport = high;
if (low > high) {
@@ -3787,7 +4242,9 @@ int define_ioport_context(unsigned long low, unsigned long high)
low2 = c->u.ioport.low_ioport;
high2 = c->u.ioport.high_ioport;
if (low <= high2 && low2 <= high) {
- yyerror2("ioportcon entry for 0x%x-0x%x overlaps with" "earlier entry 0x%x-0x%x", low, high, low2, high2);
+ yyerror2("ioportcon entry for 0x%x-0x%x overlaps with"
+ "earlier entry 0x%x-0x%x", low, high,
+ low2, high2);
goto bad;
}
}
@@ -3799,10 +4256,9 @@ int define_ioport_context(unsigned long low, unsigned long high)
return 0;
- bad:
+bad:
free(newc);
return -1;
-#endif
}
int define_pcidevice_context(unsigned long device)
@@ -3810,17 +4266,13 @@ int define_pcidevice_context(unsigned long device)
ocontext_t *newc, *c, *l, *head;
char *id;
-#ifndef SEPOL_TARGET_XEN
- yyerror("pcidevicecon not supported for target");
- return -1;
-#else
if (policydbp->target_platform != SEPOL_TARGET_XEN) {
yyerror("pcidevicecon not supported for target");
return -1;
}
if (pass == 1) {
- id = (char *)queue_remove(id_queue);
+ id = (char *) queue_remove(id_queue);
free(id);
parse_security_context(NULL);
return 0;
@@ -3846,7 +4298,8 @@ int define_pcidevice_context(unsigned long device)
device2 = c->u.device;
if (device == device2) {
- yyerror2("duplicate pcidevicecon entry for 0x%x ", device);
+ yyerror2("duplicate pcidevicecon entry for 0x%x ",
+ device);
goto bad;
}
}
@@ -3858,10 +4311,9 @@ int define_pcidevice_context(unsigned long device)
return 0;
- bad:
+bad:
free(newc);
return -1;
-#endif
}
int define_port_context(unsigned int low, unsigned int high)
@@ -3870,12 +4322,10 @@ int define_port_context(unsigned int low, unsigned int high)
unsigned int protocol;
char *id;
-#ifdef SEPOL_TARGET_XEN
if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
yyerror("portcon not supported for target");
return -1;
}
-#endif
if (pass == 1) {
id = (char *)queue_remove(id_queue);
@@ -3932,15 +4382,16 @@ int define_port_context(unsigned int low, unsigned int high)
if (protocol != prot2)
continue;
if (low == low2 && high == high2) {
- yyerror2("duplicate portcon entry for %s %d-%d ", id, low, high);
+ yyerror2("duplicate portcon entry for %s %d-%d ", id,
+ low, high);
goto bad;
}
if (low2 <= low && high2 >= high) {
- yyerror2("portcon entry for %s %d-%d hidden by earlier " "entry for %d-%d", id, low, high, low2, high2);
+ yyerror2("portcon entry for %s %d-%d hidden by earlier "
+ "entry for %d-%d", id, low, high, low2, high2);
goto bad;
}
}
- free(id);
if (l)
l->next = newc;
@@ -3958,12 +4409,10 @@ int define_netif_context(void)
{
ocontext_t *newc, *c, *head;
-#ifdef SEPOL_TARGET_XEN
if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
yyerror("netifcon not supported for target");
return -1;
}
-#endif
if (pass == 1) {
free(queue_remove(id_queue));
@@ -3999,7 +4448,8 @@ int define_netif_context(void)
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- yyerror2("duplicate entry for network interface %s", newc->u.name);
+ yyerror2("duplicate entry for network interface %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
context_destroy(&newc->context[1]);
free(newc->u.name);
@@ -4014,18 +4464,16 @@ int define_netif_context(void)
}
int define_ipv4_node_context()
-{
+{
char *id;
int rc = 0;
struct in_addr addr, mask;
ocontext_t *newc, *c, *l, *head;
-#ifdef SEPOL_TARGET_XEN
if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
yyerror("nodecon not supported for target");
return -1;
}
-#endif
if (pass == 1) {
free(queue_remove(id_queue));
@@ -4097,7 +4545,7 @@ int define_ipv4_node_context()
else
policydbp->ocontexts[OCON_NODE] = newc;
rc = 0;
- out:
+out:
return rc;
}
@@ -4108,12 +4556,10 @@ int define_ipv6_node_context(void)
struct in6_addr addr, mask;
ocontext_t *newc, *c, *l, *head;
-#ifdef SEPOL_TARGET_XEN
if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
yyerror("nodecon not supported for target");
return -1;
}
-#endif
if (pass == 1) {
free(queue_remove(id_queue));
@@ -4162,8 +4608,14 @@ int define_ipv6_node_context(void)
}
memset(newc, 0, sizeof(ocontext_t));
+
+#ifdef DARWIN
+ memcpy(&newc->u.node6.addr[0], &addr.s6_addr[0], 16);
+ memcpy(&newc->u.node6.mask[0], &mask.s6_addr[0], 16);
+#else
memcpy(&newc->u.node6.addr[0], &addr.s6_addr32[0], 16);
memcpy(&newc->u.node6.mask[0], &mask.s6_addr32[0], 16);
+#endif
if (parse_security_context(&newc->context[0])) {
free(newc);
@@ -4195,15 +4647,14 @@ int define_fs_use(int behavior)
{
ocontext_t *newc, *c, *head;
-#ifdef SEPOL_TARGET_XEN
if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
yyerror("fsuse not supported for target");
return -1;
}
-#endif
if (pass == 1) {
free(queue_remove(id_queue));
+ /* Required for SETools libqpol */
if (behavior != SECURITY_FS_USE_PSIDS)
parse_security_context(NULL);
return 0;
@@ -4222,6 +4673,7 @@ int define_fs_use(int behavior)
return -1;
}
newc->v.behavior = behavior;
+ /* Required for SETools libqpol */
if (newc->v.behavior != SECURITY_FS_USE_PSIDS) {
if (parse_security_context(&newc->context[0])) {
free(newc->u.name);
@@ -4235,7 +4687,8 @@ int define_fs_use(int behavior)
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- yyerror2("duplicate fs_use entry for filesystem type %s", newc->u.name);
+ yyerror2("duplicate fs_use entry for filesystem type %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
free(newc->u.name);
free(newc);
@@ -4255,12 +4708,10 @@ int define_genfs_context_helper(char *fstype, int has_type)
char *type = NULL;
int len, len2;
-#ifdef SEPOL_TARGET_XEN
if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
yyerror("genfs not supported for target");
return -1;
}
-#endif
if (pass == 1) {
free(fstype);
@@ -4271,7 +4722,8 @@ int define_genfs_context_helper(char *fstype, int has_type)
return 0;
}
- for (genfs_p = NULL, genfs = policydbp->genfs; genfs; genfs_p = genfs, genfs = genfs->next) {
+ for (genfs_p = NULL, genfs = policydbp->genfs;
+ genfs; genfs_p = genfs, genfs = genfs->next) {
if (strcmp(fstype, genfs->fstype) <= 0)
break;
}
@@ -4290,9 +4742,6 @@ int define_genfs_context_helper(char *fstype, int has_type)
else
policydbp->genfs = newgenfs;
genfs = newgenfs;
- } else {
- free(fstype);
- fstype=NULL;
}
newc = (ocontext_t *) malloc(sizeof(ocontext_t));
@@ -4340,16 +4789,17 @@ int define_genfs_context_helper(char *fstype, int has_type)
goto fail;
}
}
- free(type);
- type = NULL;
if (parse_security_context(&newc->context[0]))
goto fail;
head = genfs->head;
for (p = NULL, c = head; c; p = c, c = c->next) {
- if (!strcmp(newc->u.name, c->u.name) && (!newc->v.sclass || !c->v.sclass || newc->v.sclass == c->v.sclass)) {
- yyerror2("duplicate entry for genfs entry (%s, %s)", fstype, newc->u.name);
+ if (!strcmp(newc->u.name, c->u.name) &&
+ (!newc->v.sclass || !c->v.sclass
+ || newc->v.sclass == c->v.sclass)) {
+ yyerror2("duplicate entry for genfs entry (%s, %s)",
+ fstype, newc->u.name);
goto fail;
}
len = strlen(newc->u.name);
@@ -4434,29 +4884,21 @@ int define_range_trans(int class_specified)
}
if (class_specified) {
- while ((id = queue_remove(id_queue))) {
- if (!is_id_in_scope(SYM_CLASSES, id)) {
- yyerror2("class %s is not within scope", id);
- free(id);
- goto out;
- }
- cladatum = hashtab_search(policydbp->p_classes.table, id);
- if (!cladatum) {
- yyerror2("unknown class %s", id);
- goto out;
- }
-
- ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1, TRUE);
- free(id);
- }
+ if (read_classes(&rule->tclasses))
+ goto out;
} else {
- cladatum = hashtab_search(policydbp->p_classes.table, "process");
+ cladatum = hashtab_search(policydbp->p_classes.table,
+ "process");
if (!cladatum) {
- yyerror2("could not find process class for " "legacy range_transition statement");
+ yyerror2("could not find process class for "
+ "legacy range_transition statement");
goto out;
}
- ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1, TRUE);
+ if (ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1, TRUE)) {
+ yyerror("out of memory");
+ goto out;
+ }
}
id = (char *)queue_remove(id_queue);
@@ -4467,7 +4909,8 @@ int define_range_trans(int class_specified)
for (l = 0; l < 2; l++) {
levdatum = hashtab_search(policydbp->p_levels.table, id);
if (!levdatum) {
- yyerror2("unknown level %s used in range_transition " "definition", id);
+ yyerror2("unknown level %s used in range_transition "
+ "definition", id);
free(id);
goto out;
}
@@ -4476,7 +4919,8 @@ int define_range_trans(int class_specified)
rule->trange.level[l].sens = levdatum->level->sens;
while ((id = queue_remove(id_queue))) {
- if (parse_semantic_categories(id, levdatum, &rule->trange.level[l].cat)) {
+ if (parse_semantic_categories(id, levdatum,
+ &rule->trange.level[l].cat)) {
free(id);
goto out;
}
@@ -4488,7 +4932,8 @@ int define_range_trans(int class_specified)
break;
}
if (l == 0) {
- if (mls_semantic_level_cpy(&rule->trange.level[1], &rule->trange.level[0])) {
+ if (mls_semantic_level_cpy(&rule->trange.level[1],
+ &rule->trange.level[0])) {
yyerror("out of memory");
goto out;
}
@@ -4497,8 +4942,9 @@ int define_range_trans(int class_specified)
append_range_trans(rule);
return 0;
- out:
+out:
range_trans_rule_destroy(rule);
+ free(rule);
return -1;
}
diff --git a/libqpol/src/policy_define.h b/libqpol/src/policy_define.h
index f273fed..14c1747 100644
--- a/libqpol/src/policy_define.h
+++ b/libqpol/src/policy_define.h
@@ -19,24 +19,32 @@
#define TRUE 1
#define FALSE 0
+/* Used by SETools libqpol */
/** parser used to support fs_use_psid declarations, so revert that bit
* of code here */
#define SECURITY_FS_USE_PSIDS 6
+/* Used by SETools to determine if source MLS or not */
+int define_mls(void);
avrule_t *define_cond_compute_type(int which);
-avrule_t *define_cond_pol_list(avrule_t * avlist, avrule_t * stmt);
+avrule_t *define_cond_pol_list(avrule_t *avlist, avrule_t *stmt);
avrule_t *define_cond_te_avtab(int which);
avrule_t *define_cond_filename_trans(void);
-cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void *arg2);
+cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void* arg2);
int define_attrib(void);
+int define_attrib_role(void);
int define_av_perms(int inherits);
-int define_bool(void);
+int define_bool_tunable(int is_tunable);
int define_category(void);
int define_class(void);
+int define_default_user(int which);
+int define_default_role(int which);
+int define_default_type(int which);
+int define_default_range(int which);
int define_common_perms(void);
int define_compute_type(int which);
-int define_conditional(cond_expr_t * expr, avrule_t * t_list, avrule_t * f_list);
-int define_constraint(constraint_expr_t * expr);
+int define_conditional(cond_expr_t *expr, avrule_t *t_list, avrule_t *f_list );
+int define_constraint(constraint_expr_t *expr);
int define_dominance(void);
int define_fs_context(unsigned int major, unsigned int minor);
int define_fs_use(int behavior);
@@ -46,7 +54,6 @@ int define_initial_sid(void);
int define_ipv4_node_context(void);
int define_ipv6_node_context(void);
int define_level(void);
-int define_mls(void);
int define_netif_context(void);
int define_permissive(void);
int define_polcap(void);
@@ -57,8 +64,10 @@ int define_ioport_context(unsigned long low, unsigned long high);
int define_pcidevice_context(unsigned long device);
int define_range_trans(int class_specified);
int define_role_allow(void);
-int define_role_trans(void);
+int define_role_trans(int class_specified);
int define_role_types(void);
+int define_role_attr(void);
+int define_roleattribute(void);
int define_filename_trans(void);
int define_sens(void);
int define_te_avtab(int which);
@@ -67,11 +76,11 @@ int define_typeattribute(void);
int define_typebounds(void);
int define_type(int alias);
int define_user(void);
-int define_validatetrans(constraint_expr_t * expr);
-int insert_id(char *id, int push);
+int define_validatetrans(constraint_expr_t *expr);
+int insert_id(char *id,int push);
int insert_separator(int push);
-role_datum_t *define_role_dom(role_datum_t * r);
-role_datum_t *merge_roles_dom(role_datum_t * r1, role_datum_t * r2);
+role_datum_t *define_role_dom(role_datum_t *r);
+role_datum_t *merge_roles_dom(role_datum_t *r1,role_datum_t *r2);
uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2);
-#endif /* _POLICY_DEFINE_H_ */
+#endif /* _POLICY_DEFINE_H_ */
diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
index 5325a87..1417271 100644
--- a/libqpol/src/policy_extend.c
+++ b/libqpol/src/policy_extend.c
@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
for (class_node = rule->perms; class_node; class_node = class_node->next) {
key.rule_type = rule->specified;
key.source_val = key.target_val = i + 1;
- key.class_val = class_node->class;
+ key.class_val = class_node->tclass;
key.cond = cond;
if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
goto err;
@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
key.rule_type = rule->specified;
key.source_val = i + 1;
key.target_val = j + 1;
- key.class_val = class_node->class;
+ key.class_val = class_node->tclass;
key.cond = cond;
if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
goto err;
diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y
index dc16c6f..357f3d8 100644
--- a/libqpol/src/policy_parse.y
+++ b/libqpol/src/policy_parse.y
@@ -3,6 +3,8 @@
*
* This file is based upon checkpolicy/policy_parse.y from NSA's SVN
* repository. It has been modified to support older policy formats.
+ * The older format just seems to be FSUSEPSID support (see fs_use_def
+ * entry.
*/
/*
@@ -35,6 +37,7 @@
/* FLASK */
%{
+/* Add for SETools */
#include <config.h>
#include <sys/types.h>
@@ -55,12 +58,16 @@
#include <sepol/policydb/conditional.h>
#include <sepol/policydb/flask.h>
#include <sepol/policydb/hierarchy.h>
+/* Add for SETools libqpol */
#ifdef HAVE_SEPOL_POLICYCAPS
#include <sepol/policydb/polcaps.h>
#endif
#include "queue.h"
+
+/* #include "checkpolicy.h" - Remove for setools and replace with: */
#include <qpol/policy.h>
+
#include "module_compiler.h"
#include "policy_define.h"
@@ -74,6 +81,7 @@ extern int yyerror(char *msg);
typedef int (* require_func_t)();
+/* Add for SETools libqpol */
/* redefine input so we can read from a string */
/* borrowed from O'Reilly lex and yacc pg 157 */
extern char qpol_src_input[];
@@ -107,6 +115,8 @@ extern char *qpol_src_inputlim;/* end of data */
%token INHERITS
%token SID
%token ROLE
+%token ROLEATTRIBUTE
+%token ATTRIBUTE_ROLE
%token ROLES
%token TYPEALIAS
%token TYPEATTRIBUTE
@@ -116,6 +126,7 @@ extern char *qpol_src_inputlim;/* end of data */
%token ALIAS
%token ATTRIBUTE
%token BOOL
+%token TUNABLE
%token IF
%token ELSE
%token TYPE_TRANSITION
@@ -156,6 +167,9 @@ extern char *qpol_src_inputlim;/* end of data */
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
%token POLICYCAP
%token PERMISSIVE
+%token FILESYSTEM
+%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
+%token LOW_HIGH LOW HIGH
%left OR
%left XOR
@@ -170,7 +184,7 @@ base_policy : { if (define_policy(pass, 0) == -1) return -1; }
classes initial_sids access_vectors
{ if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; }
else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }}
- opt_mls te_rbac users opt_constraints
+ opt_default_rules opt_mls te_rbac users opt_constraints
{ if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;}
else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}}
initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts
@@ -208,6 +222,46 @@ av_perms_def : CLASS identifier '{' identifier_list '}'
| CLASS identifier INHERITS identifier '{' identifier_list '}'
{if (define_av_perms(TRUE)) return -1;}
;
+opt_default_rules : default_rules
+ |
+ ;
+default_rules : default_user_def
+ | default_role_def
+ | default_type_def
+ | default_range_def
+ | default_rules default_user_def
+ | default_rules default_role_def
+ | default_rules default_type_def
+ | default_rules default_range_def
+ ;
+default_user_def : DEFAULT_USER names SOURCE ';'
+ {if (define_default_user(DEFAULT_SOURCE)) return -1; }
+ | DEFAULT_USER names TARGET ';'
+ {if (define_default_user(DEFAULT_TARGET)) return -1; }
+ ;
+default_role_def : DEFAULT_ROLE names SOURCE ';'
+ {if (define_default_role(DEFAULT_SOURCE)) return -1; }
+ | DEFAULT_ROLE names TARGET ';'
+ {if (define_default_role(DEFAULT_TARGET)) return -1; }
+ ;
+default_type_def : DEFAULT_TYPE names SOURCE ';'
+ {if (define_default_type(DEFAULT_SOURCE)) return -1; }
+ | DEFAULT_TYPE names TARGET ';'
+ {if (define_default_type(DEFAULT_TARGET)) return -1; }
+ ;
+default_range_def : DEFAULT_RANGE names SOURCE LOW ';'
+ {if (define_default_range(DEFAULT_SOURCE_LOW)) return -1; }
+ | DEFAULT_RANGE names SOURCE HIGH ';'
+ {if (define_default_range(DEFAULT_SOURCE_HIGH)) return -1; }
+ | DEFAULT_RANGE names SOURCE LOW_HIGH ';'
+ {if (define_default_range(DEFAULT_SOURCE_LOW_HIGH)) return -1; }
+ | DEFAULT_RANGE names TARGET LOW ';'
+ {if (define_default_range(DEFAULT_TARGET_LOW)) return -1; }
+ | DEFAULT_RANGE names TARGET HIGH ';'
+ {if (define_default_range(DEFAULT_TARGET_HIGH)) return -1; }
+ | DEFAULT_RANGE names TARGET LOW_HIGH ';'
+ {if (define_default_range(DEFAULT_TARGET_LOW_HIGH)) return -1; }
+ ;
opt_mls : mls
|
;
@@ -216,8 +270,14 @@ mls : sensitivities dominance opt_categories levels mlspolicy
sensitivities : sensitivity_def
| sensitivities sensitivity_def
;
-/* Need to call define_mls here, as we are working with files */
-/* only, not command line options */
+/*sensitivity_def : SENSITIVITY identifier alias_def ';'
+ {if (define_sens()) return -1;}
+ | SENSITIVITY identifier ';'
+ {if (define_sens()) return -1;}
+ ;
+The above has been replaced by: */
+/* Needed for SETools to call define_mls here, as we are working */
+/* with files only, not command line options */
sensitivity_def : SENSITIVITY identifier alias_def ';'
{if (define_mls() | define_sens()) return -1;}
| SENSITIVITY identifier ';'
@@ -271,10 +331,13 @@ te_rbac_decl : te_decl
| policycap_def
| ';'
;
-rbac_decl : role_type_def
+rbac_decl : attribute_role_def
+ | role_type_def
| role_dominance
| role_trans_def
| role_allow_def
+ | roleattribute_def
+ | role_attr_def
;
te_decl : attribute_def
| type_def
@@ -282,6 +345,7 @@ te_decl : attribute_def
| typeattribute_def
| typebounds_def
| bool_def
+ | tunable_def
| transition_def
| range_trans_def
| te_avtab_def
@@ -308,8 +372,11 @@ opt_attr_list : ',' id_comma_list
|
;
bool_def : BOOL identifier bool_val ';'
- {if (define_bool()) return -1;}
+ { if (define_bool_tunable(0)) return -1; }
;
+tunable_def : TUNABLE identifier bool_val ';'
+ { if (define_bool_tunable(1)) return -1; }
+ ;
bool_val : CTRUE
{ if (insert_id("T",0)) return -1; }
| CFALSE
@@ -364,7 +431,7 @@ cond_rule_def : cond_transition_def
cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
{ $$ = define_cond_filename_trans() ;
if ($$ == COND_ERR) return -1;}
- | TYPE_TRANSITION names names ':' names identifier ';'
+ | TYPE_TRANSITION names names ':' names identifier ';'
{ $$ = define_cond_compute_type(AVRULE_TRANSITION) ;
if ($$ == COND_ERR) return -1;}
| TYPE_MEMBER names names ':' names identifier ';'
@@ -399,6 +466,7 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
{ $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
if ($$ == COND_ERR) return -1; }
;
+ ;
transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
{if (define_filename_trans()) return -1; }
| TYPE_TRANSITION names names ':' names identifier ';'
@@ -434,15 +502,21 @@ dontaudit_def : DONTAUDIT names names ':' names names ';'
neverallow_def : NEVERALLOW names names ':' names names ';'
{if (define_te_avtab(AVRULE_NEVERALLOW)) return -1; }
;
+attribute_role_def : ATTRIBUTE_ROLE identifier ';'
+ {if (define_attrib_role()) return -1; }
+ ;
role_type_def : ROLE identifier TYPES names ';'
{if (define_role_types()) return -1;}
- | ROLE identifier';'
- {if (define_role_types()) return -1;}
+ ;
+role_attr_def : ROLE identifier opt_attr_list ';'
+ {if (define_role_attr()) return -1;}
;
role_dominance : DOMINANCE '{' roles '}'
;
role_trans_def : ROLE_TRANSITION names names identifier ';'
- {if (define_role_trans()) return -1; }
+ {if (define_role_trans(0)) return -1; }
+ | ROLE_TRANSITION names names ':' names identifier ';'
+ {if (define_role_trans(1)) return -1;}
;
role_allow_def : ALLOW names names ';'
{if (define_role_allow()) return -1; }
@@ -457,6 +531,9 @@ role_def : ROLE identifier_push ';'
| ROLE identifier_push '{' roles '}'
{$$ = define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;}
;
+roleattribute_def : ROLEATTRIBUTE identifier id_comma_list ';'
+ {if (define_roleattribute()) return -1;}
+ ;
opt_constraints : constraints
|
;
@@ -662,7 +739,7 @@ opt_fs_uses : fs_uses
fs_uses : fs_use_def
| fs_uses fs_use_def
;
-fs_use_def : FSUSEXATTR identifier security_context_def ';'
+fs_use_def : FSUSEXATTR filesystem security_context_def ';'
{if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
| FSUSETASK identifier security_context_def ';'
{if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
@@ -677,11 +754,11 @@ opt_genfs_contexts : genfs_contexts
genfs_contexts : genfs_context_def
| genfs_contexts genfs_context_def
;
-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
+genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
{if (define_genfs_context(1)) return -1;}
- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
+ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
{if (define_genfs_context(1)) return -1;}
- | GENFSCON identifier path security_context_def
+ | GENFSCON filesystem path security_context_def
{if (define_genfs_context(0)) return -1;}
;
ipv4_addr_def : IPV4_ADDR
@@ -755,6 +832,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; }
identifier : IDENTIFIER
{ if (insert_id(yytext,0)) return -1; }
;
+filesystem : FILESYSTEM
+ { if (insert_id(yytext,0)) return -1; }
+ | IDENTIFIER
+ { if (insert_id(yytext,0)) return -1; }
+ ;
path : PATH
{ if (insert_id(yytext,0)) return -1; }
;
@@ -785,6 +867,8 @@ module_def : MODULE identifier version_identifier ';'
;
version_identifier : VERSION_IDENTIFIER
{ if (insert_id(yytext,0)) return -1; }
+ | number
+ { if (insert_id(yytext,0)) return -1; }
| ipv4_addr_def /* version can look like ipv4 address */
;
avrules_block : avrule_decls avrule_user_defs
@@ -813,8 +897,10 @@ require_class : CLASS identifier names
require_decl_def : ROLE { $$ = require_role; }
| TYPE { $$ = require_type; }
| ATTRIBUTE { $$ = require_attribute; }
+ | ATTRIBUTE_ROLE { $$ = require_attribute_role; }
| USER { $$ = require_user; }
| BOOL { $$ = require_bool; }
+ | TUNABLE { $$ = require_tunable; }
| SENSITIVITY { $$ = require_sens; }
| CATEGORY { $$ = require_cat; }
;
diff --git a/libqpol/src/policy_scan.l b/libqpol/src/policy_scan.l
index 30203cd..b4e3fe1 100644
--- a/libqpol/src/policy_scan.l
+++ b/libqpol/src/policy_scan.l
@@ -3,6 +3,8 @@
*
* This file is based upon checkpolicy/policy_scan.l fram NSA's SVN
* repository. It has been modified to support older policy formats.
+ * The older format just seems to be FSUSEPSID support (see fs_use_psid
+ * entry.
*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
*
@@ -22,6 +24,7 @@
/* FLASK */
+/* Required for SETools libqpol services */
%{
#undef YY_INPUT
#define YY_INPUT(b, r, ms) (r = qpol_src_yyinput(b, ms))
@@ -35,7 +38,12 @@
typedef int (* require_func_t)();
+/* For SETools libqpol services leave this as policy_parse.h */
+/* #ifdef ANDROID */
#include "policy_parse.h"
+/*#else
+#include "y.tab.h"
+#endif */
static char linebuf[2][255];
static unsigned int lno = 0;
@@ -50,17 +58,16 @@ unsigned long policydb_lineno = 1;
unsigned int policydb_errors = 0;
+/* These are required for SETools libqpol services */
/* redefine input so we can read from a string */
/* borrowed from O'Reilly lex and yacc pg 157 */
extern char qpol_src_input[];
extern char *qpol_src_inputptr;/* current position in myinput */
extern char *qpol_src_inputlim;/* end of data */
int qpol_src_yyinput(char *buf, int max_size);
-
%}
-%option nounput
-%option noyywrap
+%option noinput nounput noyywrap
%array
letter [A-Za-z]
@@ -93,6 +100,10 @@ ROLE |
role { return(ROLE); }
ROLES |
roles { return(ROLES); }
+ROLEATTRIBUTE |
+roleattribute { return(ROLEATTRIBUTE);}
+ATTRIBUTE_ROLE |
+attribute_role { return(ATTRIBUTE_ROLE);}
TYPES |
types { return(TYPES); }
TYPEALIAS |
@@ -105,6 +116,8 @@ TYPE |
type { return(TYPE); }
BOOL |
bool { return(BOOL); }
+TUNABLE |
+tunable { return(TUNABLE); }
IF |
if { return(IF); }
ELSE |
@@ -234,9 +247,24 @@ policycap |
POLICYCAP { return(POLICYCAP); }
permissive |
PERMISSIVE { return(PERMISSIVE); }
+default_user |
+DEFAULT_USER { return(DEFAULT_USER); }
+default_role |
+DEFAULT_ROLE { return(DEFAULT_ROLE); }
+default_type |
+DEFAULT_TYPE { return(DEFAULT_TYPE); }
+default_range |
+DEFAULT_RANGE { return(DEFAULT_RANGE); }
+low-high |
+LOW-HIGH { return(LOW_HIGH); }
+high |
+HIGH { return(HIGH); }
+low |
+LOW { return(LOW); }
"/"({alnum}|[_\.\-/])* { return(PATH); }
-\"({alnum}|[_\.\-])+\" { return(FILENAME); }
+\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); }
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
+{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
{digit}+|0x{hexval}+ { return(NUMBER); }
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
@@ -304,6 +332,7 @@ void set_source_file(const char *name)
source_file[sizeof(source_file)-1] = '\0';
}
+/* Required for SETools libqpol services */
int qpol_src_yyinput(char *buf, int max_size)
{
int n = max_size < (qpol_src_inputlim - qpol_src_inputptr) ? max_size : (qpol_src_inputlim - qpol_src_inputptr);
@@ -315,6 +344,7 @@ int qpol_src_yyinput(char *buf, int max_size)
return n;
}
+/* Required for SETools libqpol services */
void init_scanner(void)
{
yy_flush_buffer(YY_CURRENT_BUFFER);
diff --git a/libqpol/src/queue.c b/libqpol/src/queue.c
index 18667d5..45a510a 100644
--- a/libqpol/src/queue.c
+++ b/libqpol/src/queue.c
@@ -6,6 +6,8 @@
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
*/
+/* No changes for SETools libqpol services - Just the header */
+
/* FLASK */
/*
@@ -144,7 +146,9 @@ int queue_map(queue_t q, int (*f) (queue_element_t, void *), void *vp)
return 0;
}
-void queue_map_remove_on_error(queue_t q, int (*f) (queue_element_t, void *), void (*g) (queue_element_t, void *), void *vp)
+void queue_map_remove_on_error(queue_t q,
+ int (*f) (queue_element_t, void *),
+ void (*g) (queue_element_t, void *), void *vp)
{
queue_node_ptr_t p, last, temp;
int ret;
diff --git a/libqpol/src/queue.h b/libqpol/src/queue.h
index bca304b..dca1b2e 100644
--- a/libqpol/src/queue.h
+++ b/libqpol/src/queue.h
@@ -6,6 +6,8 @@
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
*/
+/* No changes for SETools libqpol services - Just the header */
+
/* FLASK */
/*
@@ -21,14 +23,12 @@ typedef void *queue_element_t;
typedef struct queue_node *queue_node_ptr_t;
-typedef struct queue_node
-{
+typedef struct queue_node {
queue_element_t element;
queue_node_ptr_t next;
} queue_node_t;
-typedef struct queue_info
-{
+typedef struct queue_info {
queue_node_ptr_t head;
queue_node_ptr_t tail;
} queue_info_t;
@@ -60,7 +60,9 @@ int queue_map(queue_t, int (*f) (queue_element_t, void *), void *);
then the element will be removed from the queue and the g
function will be applied to the element.
*/
-void queue_map_remove_on_error(queue_t, int (*f) (queue_element_t, void *), void (*g) (queue_element_t, void *), void *);
+void queue_map_remove_on_error(queue_t,
+ int (*f) (queue_element_t, void *),
+ void (*g) (queue_element_t, void *), void *);
#endif
diff --git a/libqpol/src/rbacrule_query.c b/libqpol/src/rbacrule_query.c
index 7f84459..28449b3 100644
--- a/libqpol/src/rbacrule_query.c
+++ b/libqpol/src/rbacrule_query.c
@@ -334,6 +334,29 @@ int qpol_role_trans_get_target_type(const qpol_policy_t * policy, const qpol_rol
return STATUS_SUCCESS;
}
+int qpol_role_trans_get_object_class(const qpol_policy_t * policy, const qpol_role_trans_t * rule, const qpol_class_t ** obj_class)
+{
+ policydb_t *db = NULL;
+ role_trans_t *rt = NULL;
+
+ if (obj_class) {
+ *obj_class = NULL;
+ }
+
+ if (!policy || !rule || !obj_class) {
+ ERR(policy, "%s", strerror(EINVAL));
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+
+ db = &policy->p->p;
+ rt = (role_trans_t *) rule;
+
+ *obj_class = (qpol_class_t *) db->class_val_to_struct[rt->tclass - 1];
+
+ return STATUS_SUCCESS;
+}
+
int qpol_role_trans_get_default_role(const qpol_policy_t * policy, const qpol_role_trans_t * rule, const qpol_role_t ** dflt)
{
policydb_t *db = NULL;
diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
index 3e63204..d7578f1 100644
--- a/libqpol/src/syn_rule_query.c
+++ b/libqpol/src/syn_rule_query.c
@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
return NULL;
}
- return db->class_val_to_struct[srcs->cur->class - 1];
+ return db->class_val_to_struct[srcs->cur->tclass - 1];
}
static int syn_rule_class_state_next(qpol_iterator_t * iter)
@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
}
for (node = internal_rule->perms; node; node = node->next) {
- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
if (!(node->data & (1 << i)))
continue;
- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
if (tmp) {
tmp++; /* remove prepended space */
for (cur = 0; cur < perm_list_sz; cur++)
diff --git a/libqpol/swig/qpol.i b/libqpol/swig/qpol.i
index 45a2403..b604488 100644
--- a/libqpol/swig/qpol.i
+++ b/libqpol/swig/qpol.i
@@ -228,7 +228,7 @@ SWIGEXPORT int Tqpol_Init(Tcl_Interp *interp) {
#define QPOL_MODULE_OTHER 2
typedef struct qpol_module {} qpol_module_t;
%extend qpol_module_t {
- qpol_module_t(const char *path) {
+ qpol_module(const char *path) {
qpol_module_t *m;
BEGIN_EXCEPTION
if (qpol_module_create_from_file(path, &m)) {
@@ -239,10 +239,11 @@ typedef struct qpol_module {} qpol_module_t;
fail:
return NULL;
};
- ~qpol_module_t() {
+ ~qpol_module() {
qpol_module_destroy(&self);
};
- const char *get_path() {
+ %rename(get_path) wrap_get_path;
+ const char *wrap_get_path() {
const char *p;
BEGIN_EXCEPTION
if (qpol_module_get_path(self, &p)) {
@@ -253,7 +254,8 @@ typedef struct qpol_module {} qpol_module_t;
fail:
return NULL;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
const char *n;
BEGIN_EXCEPTION
if (qpol_module_get_name(self, &n)) {
@@ -264,7 +266,8 @@ typedef struct qpol_module {} qpol_module_t;
fail:
return NULL;
};
- const char *get_version() {
+ %rename(get_version) wrap_get_version;
+ const char *wrap_get_version() {
const char *v;
BEGIN_EXCEPTION
if (qpol_module_get_version(self, &v)) {
@@ -275,7 +278,8 @@ typedef struct qpol_module {} qpol_module_t;
fail:
return NULL;
};
- int get_type() {
+ %rename(get_type) wrap_get_type;
+ int wrap_get_type() {
int t;
BEGIN_EXCEPTION
if (qpol_module_get_type(self, &t)) {
@@ -285,7 +289,8 @@ typedef struct qpol_module {} qpol_module_t;
fail:
return t;
};
- int get_enabled() {
+ %rename(get_enabled) wrap_get_enabled;
+ int wrap_get_enabled() {
int e;
BEGIN_EXCEPTION
if (qpol_module_get_enabled(self, &e)) {
@@ -295,7 +300,8 @@ typedef struct qpol_module {} qpol_module_t;
fail:
return e;
};
- void set_enabled(int state) {
+ %rename(set_enabled) wrap_set_enabled;
+ void wrap_set_enabled(int state) {
BEGIN_EXCEPTION
if (qpol_module_set_enabled(self, state)) {
SWIG_exception(SWIG_RuntimeError, "Could not set module state");
@@ -326,11 +332,18 @@ typedef enum qpol_capability
QPOL_CAP_MODULES,
QPOL_CAP_RULES_LOADED,
QPOL_CAP_SOURCE,
- QPOL_CAP_NEVERALLOW
+ QPOL_CAP_NEVERALLOW,
+ QPOL_CAP_POLCAPS,
+ QPOL_CAP_BOUNDS,
+ QPOL_CAP_DEFAULT_OBJECTS,
+ QPOL_CAP_DEFAULT_TYPE,
+ QPOL_CAP_PERMISSIVE,
+ QPOL_CAP_FILENAME_TRANS,
+ QPOL_CAP_ROLETRANS
} qpol_capability_e;
%extend qpol_policy_t {
- qpol_policy_t(const char *path, const int options) {
+ qpol_policy(const char *path, const int options) {
qpol_policy_t *p;
BEGIN_EXCEPTION
if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) {
@@ -341,10 +354,11 @@ typedef enum qpol_capability
fail:
return NULL;
}
- ~qpol_policy_t() {
+ ~qpol_policy() {
qpol_policy_destroy(&self);
};
- void reevaluate_conds() {
+ %rename(reevaluate_conds) wrap_reevaluate_conds;
+ void wrap_reevaluate_conds() {
BEGIN_EXCEPTION
if (qpol_policy_reevaluate_conds(self)) {
SWIG_exception(SWIG_ValueError, "Error evaluating conditional expressions");
@@ -353,7 +367,8 @@ typedef enum qpol_capability
fail:
return;
};
- void append_module(qpol_module_t *mod) {
+ %rename(append_module) wrap_append_module;
+ void wrap_append_module(qpol_module_t *mod) {
BEGIN_EXCEPTION
if (qpol_policy_append_module(self, mod)) {
SWIG_exception(SWIG_MemoryError, "Out of Memory");
@@ -362,7 +377,8 @@ typedef enum qpol_capability
fail:
return;
};
- void rebuild (const int options) {
+ %rename(rebuild) wrap_rebuild;
+ void wrap_rebuild (const int options) {
BEGIN_EXCEPTION
if (qpol_policy_rebuild(self, options)) {
SWIG_exception(SWIG_RuntimeError, "Failed rebuilding policy");
@@ -376,15 +392,25 @@ typedef enum qpol_capability
(void)qpol_policy_get_policy_version(self, &v); /* only error is on null parameters neither can be here */
return (int) v;
};
- int get_type () {
+
+ int get_handle_unknown () {
+ unsigned int h;
+ (void)qpol_policy_get_policy_handle_unknown(self, &h);
+ return (int) h;
+ };
+
+ %rename(get_type) wrap_get_type;
+ int wrap_get_type () {
int t;
(void)qpol_policy_get_type(self, &t); /* only error is on null parameters neither can be here */
return t;
};
- int has_capability (qpol_capability_e cap) {
+ %rename(has_capability) wrap_has_capability;
+ int wrap_has_capability (qpol_capability_e cap) {
return qpol_policy_has_capability(self, cap);
};
- void build_syn_rule_table() {
+ %rename(build_syn_rule_table) wrap_build_syn_rule_table;
+ void wrap_build_syn_rule_table() {
BEGIN_EXCEPTION
if (qpol_policy_build_syn_rule_table(self)) {
SWIG_exception(SWIG_MemoryError, "Out of Memory");
@@ -394,7 +420,8 @@ typedef enum qpol_capability
return;
};
%newobject get_module_iter();
- qpol_iterator_t *get_module_iter() {
+ %rename(get_module_iter) wrap_get_module_iter;
+ qpol_iterator_t *wrap_get_module_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_module_iter(self, &iter)) {
@@ -406,7 +433,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_type_iter();
- qpol_iterator_t *get_type_iter() {
+ %rename(get_type_iter) wrap_get_type_iter;
+ qpol_iterator_t *wrap_get_type_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_type_iter(self, &iter)) {
@@ -418,7 +446,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_role_iter();
- qpol_iterator_t *get_role_iter() {
+ %rename(get_role_iter) wrap_get_role_iter;
+ qpol_iterator_t *wrap_get_role_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_role_iter(self, &iter)) {
@@ -430,7 +459,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_level_iter();
- qpol_iterator_t *get_level_iter() {
+ %rename(get_level_iter) wrap_get_level_iter;
+ qpol_iterator_t *wrap_get_level_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_level_iter(self, &iter)) {
@@ -442,7 +472,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_cat_iter();
- qpol_iterator_t *get_cat_iter() {
+ %rename(get_cat_iter) wrap_get_cat_iter;
+ qpol_iterator_t *wrap_get_cat_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_cat_iter(self, &iter)) {
@@ -454,7 +485,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_user_iter();
- qpol_iterator_t *get_user_iter() {
+ %rename(get_user_iter) wrap_get_user_iter;
+ qpol_iterator_t *wrap_get_user_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_user_iter(self, &iter)) {
@@ -466,7 +498,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_bool_iter();
- qpol_iterator_t *get_bool_iter() {
+ %rename(get_bool_iter) wrap_get_bool_iter;
+ qpol_iterator_t *wrap_get_bool_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_bool_iter(self, &iter)) {
@@ -478,7 +511,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_class_iter(char*);
- qpol_iterator_t *get_class_iter(char *perm=NULL) {
+ %rename(get_class_iter) wrap_get_class_iter;
+ qpol_iterator_t *wrap_get_class_iter(char *perm=NULL) {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (perm) {
@@ -496,7 +530,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_common_iter(char*);
- qpol_iterator_t *get_common_iter(char *perm=NULL) {
+ %rename(get_common_iter) wrap_get_common_iter;
+ qpol_iterator_t *wrap_get_common_iter(char *perm=NULL) {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (perm) {
@@ -514,7 +549,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_fs_use_iter();
- qpol_iterator_t *get_fs_use_iter() {
+ %rename(get_fs_use_iter) wrap_get_fs_use_iter;
+ qpol_iterator_t *wrap_get_fs_use_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_fs_use_iter(self, &iter)) {
@@ -526,7 +562,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_genfscon_iter();
- qpol_iterator_t *get_genfscon_iter() {
+ %rename(get_genfscon_iter) wrap_get_genfscon_iter;
+ qpol_iterator_t *wrap_get_genfscon_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_genfscon_iter(self, &iter)) {
@@ -538,7 +575,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_isid_iter();
- qpol_iterator_t *get_isid_iter() {
+ %rename(get_isid_iter) wrap_get_isid_iter;
+ qpol_iterator_t *wrap_get_isid_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_isid_iter(self, &iter)) {
@@ -550,7 +588,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_netifcon_iter();
- qpol_iterator_t *get_netifcon_iter() {
+ %rename(get_netifcon_iter) wrap_get_netifcon_iter;
+ qpol_iterator_t *wrap_get_netifcon_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_netifcon_iter(self, &iter)) {
@@ -562,7 +601,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_nodecon_iter();
- qpol_iterator_t *get_nodecon_iter() {
+ %rename(get_nodecon_iter) wrap_get_nodecon_iter;
+ qpol_iterator_t *wrap_get_nodecon_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_nodecon_iter(self, &iter)) {
@@ -574,7 +614,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_portcon_iter();
- qpol_iterator_t *get_portcon_iter() {
+ %rename(get_portcon_iter) wrap_get_portcon_iter;
+ qpol_iterator_t *wrap_get_portcon_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_portcon_iter(self, &iter)) {
@@ -586,7 +627,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_constraint_iter();
- qpol_iterator_t *get_constraint_iter() {
+ %rename(get_constraint_iter) wrap_get_constraint_iter;
+ qpol_iterator_t *wrap_get_constraint_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_constraint_iter(self, &iter)) {
@@ -598,7 +640,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_validatetrans_iter();
- qpol_iterator_t *get_validatetrans_iter() {
+ %rename(get_validatetrans_iter) wrap_get_validatetrans_iter;
+ qpol_iterator_t *wrap_get_validatetrans_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_validatetrans_iter(self, &iter)) {
@@ -610,7 +653,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_role_allow_iter();
- qpol_iterator_t *get_role_allow_iter() {
+ %rename(get_role_allow_iter) wrap_get_role_allow_iter;
+ qpol_iterator_t *wrap_get_role_allow_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_role_allow_iter(self, &iter)) {
@@ -622,7 +666,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_role_trans_iter();
- qpol_iterator_t *get_role_trans_iter() {
+ %rename(get_role_trans_iter) wrap_get_role_trans_iter;
+ qpol_iterator_t *wrap_get_role_trans_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_role_trans_iter(self, &iter)) {
@@ -634,7 +679,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_range_trans_iter();
- qpol_iterator_t *get_range_trans_iter() {
+ %rename(get_range_trans_iter) wrap_get_range_trans_iter;
+ qpol_iterator_t *wrap_get_range_trans_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_range_trans_iter(self, &iter)) {
@@ -646,7 +692,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_avrule_iter(int);
- qpol_iterator_t *get_avrule_iter(int rule_types) {
+ %rename(get_avrule_iter) wrap_get_avrule_iter;
+ qpol_iterator_t *wrap_get_avrule_iter(int rule_types) {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_avrule_iter(self, rule_types, &iter)) {
@@ -658,7 +705,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_terule_iter(int);
- qpol_iterator_t *get_terule_iter(int rule_types) {
+ %rename(get_terule_iter) wrap_get_terule_iter;
+ qpol_iterator_t *wrap_get_terule_iter(int rule_types) {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_terule_iter(self, rule_types, &iter)) {
@@ -670,7 +718,8 @@ typedef enum qpol_capability
return NULL;
};
%newobject get_cond_iter();
- qpol_iterator_t *get_cond_iter() {
+ %rename(get_cond_iter) wrap_get_cond_iter;
+ qpol_iterator_t *wrap_get_cond_iter() {
BEGIN_EXCEPTION
qpol_iterator_t *iter;
if (qpol_policy_get_cond_iter(self, &iter)) {
@@ -681,23 +730,76 @@ typedef enum qpol_capability
fail:
return NULL;
};
+ %newobject get_filename_trans_iter();
+ %rename(get_filename_trans_iter) wrap_get_filename_trans_iter;
+ qpol_iterator_t *wrap_get_filename_trans_iter() {
+ BEGIN_EXCEPTION
+ qpol_iterator_t *iter;
+ if (qpol_policy_get_filename_trans_iter(self, &iter)) {
+ SWIG_exception(SWIG_MemoryError, "Out of Memory");
+ }
+ return iter;
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ %newobject get_permissive_iter();
+ %rename(get_permissive_iter) wrap_get_permissive_iter;
+ qpol_iterator_t *wrap_get_permissive_iter() {
+ BEGIN_EXCEPTION
+ qpol_iterator_t *iter;
+ if (qpol_policy_get_permissive_iter(self, &iter)) {
+ SWIG_exception(SWIG_MemoryError, "Out of Memory");
+ }
+ return iter;
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ %newobject get_typebounds_iter();
+ %rename(get_typebounds_iter) wrap_get_typebounds_iter;
+ qpol_iterator_t *wrap_get_typebounds_iter() {
+ BEGIN_EXCEPTION
+ qpol_iterator_t *iter;
+ if (qpol_policy_get_typebounds_iter(self, &iter)) {
+ SWIG_exception(SWIG_MemoryError, "Out of Memory");
+ }
+ return iter;
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ %newobject get_polcap_iter();
+ %rename(get_polcap_iter) wrap_get_polcap_iter;
+ qpol_iterator_t *wrap_get_polcap_iter() {
+ BEGIN_EXCEPTION
+ qpol_iterator_t *iter;
+ if (qpol_policy_get_polcap_iter(self, &iter)) {
+ SWIG_exception(SWIG_MemoryError, "Out of Memory");
+ }
+ return iter;
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
};
/* qpol iterator */
typedef struct qpol_iterator {} qpol_iterator_t;
%extend qpol_iterator_t {
/* user never directly creates, but SWIG expects a constructor */
- qpol_iterator_t() {
+ qpol_iterator() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_TypeError, "User may not create iterators difectly");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_iterator_t() {
+ ~qpol_iterator() {
qpol_iterator_destroy(&self);
};
- void *get_item() {
+ %rename(get_item) wrap_get_item;
+ void *wrap_get_item() {
BEGIN_EXCEPTION
void *i;
if (qpol_iterator_get_item(self, &i)) {
@@ -708,7 +810,8 @@ typedef struct qpol_iterator {} qpol_iterator_t;
fail:
return NULL;
};
- void next() {
+ %rename(next) wrap_next;
+ void wrap_next() {
BEGIN_EXCEPTION
if (qpol_iterator_next(self)) {
SWIG_exception(SWIG_RuntimeError, "Error advancing iterator");
@@ -717,10 +820,12 @@ typedef struct qpol_iterator {} qpol_iterator_t;
fail:
return;
};
- int end() {
+ %rename(end) wrap_end;
+ int wrap_end() {
return qpol_iterator_end(self);
};
- size_t get_size() {
+ %rename(get_size) wrap_get_size;
+ size_t wrap_get_size() {
BEGIN_EXCEPTION
size_t s;
if (qpol_iterator_get_size(self, &s)) {
@@ -736,7 +841,7 @@ typedef struct qpol_iterator {} qpol_iterator_t;
/* qpol type */
typedef struct qpol_type {} qpol_type_t;
%extend qpol_type_t {
- qpol_type_t(qpol_policy_t *p, const char *name) {
+ qpol_type(qpol_policy_t *p, const char *name) {
BEGIN_EXCEPTION
const qpol_type_t *t;
if (qpol_policy_get_type_by_name(p, name, &t)) {
@@ -747,11 +852,12 @@ typedef struct qpol_type {} qpol_type_t;
fail:
return NULL;
};
- ~qpol_type_t() {
+ ~qpol_type() {
/* no op */
return;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
BEGIN_EXCEPTION
const char *name;
if (qpol_type_get_name(p, self, &name)) {
@@ -762,7 +868,8 @@ typedef struct qpol_type {} qpol_type_t;
fail:
return NULL;
};
- int get_value(qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value(qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_type_get_value(p, self, &v)) {
@@ -772,7 +879,8 @@ typedef struct qpol_type {} qpol_type_t;
fail:
return (int) v;
};
- int get_isalias(qpol_policy_t *p) {
+ %rename(get_isalias) wrap_get_isalias;
+ int wrap_get_isalias(qpol_policy_t *p) {
unsigned char i;
BEGIN_EXCEPTION
if (qpol_type_get_isalias(p, self, &i)) {
@@ -782,7 +890,8 @@ typedef struct qpol_type {} qpol_type_t;
fail:
return (int)i;
};
- int get_isattr(qpol_policy_t *p) {
+ %rename(get_isattr) wrap_get_isattr;
+ int wrap_get_isattr(qpol_policy_t *p) {
unsigned char i;
BEGIN_EXCEPTION
if (qpol_type_get_isattr(p, self, &i)) {
@@ -792,7 +901,8 @@ typedef struct qpol_type {} qpol_type_t;
fail:
return (int)i;
};
- int get_ispermissive(qpol_policy_t *p) {
+ %rename(get_ispermissive) wrap_get_ispermissive;
+ int wrap_get_ispermissive(qpol_policy_t *p) {
unsigned char i;
BEGIN_EXCEPTION
if (qpol_type_get_ispermissive(p, self, &i)) {
@@ -803,7 +913,8 @@ typedef struct qpol_type {} qpol_type_t;
return (int)i;
};
%newobject get_type_iter(qpol_policy_t*);
- qpol_iterator_t *get_type_iter(qpol_policy_t *p) {
+ %rename(get_type_iter) wrap_get_type_iter;
+ qpol_iterator_t *wrap_get_type_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
int retv = qpol_type_get_type_iter(p, self, &iter);
@@ -817,7 +928,8 @@ typedef struct qpol_type {} qpol_type_t;
return iter;
};
%newobject get_attr_iter(qpol_policy_t*);
- qpol_iterator_t *get_attr_iter(qpol_policy_t *p) {
+ %rename(get_attr_iter) wrap_get_attr_iter;
+ qpol_iterator_t *wrap_get_attr_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
int retv = qpol_type_get_attr_iter(p, self, &iter);
@@ -831,7 +943,8 @@ typedef struct qpol_type {} qpol_type_t;
return iter;
};
%newobject get_alias_iter(qpol_policy_t*);
- qpol_iterator_t *get_alias_iter(qpol_policy_t *p) {
+ %rename(get_alias_iter) wrap_get_alias_iter;
+ qpol_iterator_t *wrap_get_alias_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_type_get_alias_iter(p, self, &iter)) {
@@ -841,6 +954,18 @@ typedef struct qpol_type {} qpol_type_t;
fail:
return iter;
};
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
+ BEGIN_EXCEPTION
+ const char *name;
+ if (qpol_permissive_get_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get permissive type name");
+ }
+ return name;
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
};
%inline %{
qpol_type_t *qpol_type_from_void(void *x) {
@@ -851,7 +976,7 @@ typedef struct qpol_type {} qpol_type_t;
/* qpol role */
typedef struct qpol_role {} qpol_role_t;
%extend qpol_role_t {
- qpol_role_t(qpol_policy_t *p, const char *name) {
+ qpol_role(qpol_policy_t *p, const char *name) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_policy_get_role_by_name(p, name, &r)) {
@@ -862,11 +987,12 @@ typedef struct qpol_role {} qpol_role_t;
fail:
return NULL;
};
- ~qpol_role_t() {
+ ~qpol_role() {
/* no op */
return;
};
- int get_value (qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value (qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_role_get_value(p, self, &v)) {
@@ -876,7 +1002,8 @@ typedef struct qpol_role {} qpol_role_t;
fail:
return (int) v;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_role_get_name(p, self, &name)) {
@@ -888,7 +1015,8 @@ typedef struct qpol_role {} qpol_role_t;
return NULL;
};
%newobject get_type_iter(qpol_policy_t*);
- qpol_iterator_t *get_type_iter(qpol_policy_t *p) {
+ %rename(get_type_iter) wrap_get_type_iter;
+ qpol_iterator_t *wrap_get_type_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_role_get_type_iter(p, self, &iter)) {
@@ -899,7 +1027,8 @@ typedef struct qpol_role {} qpol_role_t;
return iter;
};
%newobject get_dominate_iter(qpol_policy_t*);
- qpol_iterator_t *get_dominate_iter(qpol_policy_t *p) {
+ %rename(get_dominate_iter) wrap_get_dominate_iter;
+ qpol_iterator_t *wrap_get_dominate_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_role_get_dominate_iter(p, self, &iter)) {
@@ -919,7 +1048,7 @@ typedef struct qpol_role {} qpol_role_t;
/* qpol level */
typedef struct qpol_level {} qpol_level_t;
%extend qpol_level_t {
- qpol_level_t(qpol_policy_t *p, const char *name) {
+ qpol_level(qpol_policy_t *p, const char *name) {
const qpol_level_t *l;
BEGIN_EXCEPTION
if (qpol_policy_get_level_by_name(p, name, &l)) {
@@ -930,11 +1059,12 @@ typedef struct qpol_level {} qpol_level_t;
fail:
return NULL;
};
- ~qpol_level_t() {
+ ~qpol_level() {
/* no op */
return;
};
- int get_isalias(qpol_policy_t *p) {
+ %rename(get_isalias) wrap_get_isalias;
+ int wrap_get_isalias(qpol_policy_t *p) {
unsigned char i;
BEGIN_EXCEPTION
if (qpol_level_get_isalias(p, self, &i)) {
@@ -944,7 +1074,8 @@ typedef struct qpol_level {} qpol_level_t;
fail:
return (int)i;
};
- int get_value(qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value(qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_level_get_value(p, self, &v)) {
@@ -954,7 +1085,8 @@ typedef struct qpol_level {} qpol_level_t;
fail:
return (int) v;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_level_get_name(p, self, &name)) {
@@ -966,7 +1098,8 @@ typedef struct qpol_level {} qpol_level_t;
return NULL;
};
%newobject get_cat_iter(qpol_policy_t*);
- qpol_iterator_t *get_cat_iter(qpol_policy_t *p) {
+ %rename(get_cat_iter) wrap_get_cat_iter;
+ qpol_iterator_t *wrap_get_cat_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_level_get_cat_iter(p, self, &iter)) {
@@ -977,7 +1110,8 @@ typedef struct qpol_level {} qpol_level_t;
return iter;
};
%newobject get_alias_iter(qpol_policy_t*);
- qpol_iterator_t *get_alias_iter(qpol_policy_t *p) {
+ %rename(get_alias_iter) wrap_get_alias_iter;
+ qpol_iterator_t *wrap_get_alias_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_level_get_alias_iter(p, self, &iter)) {
@@ -997,7 +1131,7 @@ typedef struct qpol_level {} qpol_level_t;
/* qpol cat */
typedef struct qpol_cat {} qpol_cat_t;
%extend qpol_cat_t {
- qpol_cat_t(qpol_policy_t *p, const char *name) {
+ qpol_cat(qpol_policy_t *p, const char *name) {
const qpol_cat_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_cat_by_name(p, name, &c)) {
@@ -1008,11 +1142,12 @@ typedef struct qpol_cat {} qpol_cat_t;
fail:
return NULL;
};
- ~qpol_cat_t() {
+ ~qpol_cat() {
/* no op */
return;
};
- int get_isalias(qpol_policy_t *p) {
+ %rename(get_isalias) wrap_get_isalias;
+ int wrap_get_isalias(qpol_policy_t *p) {
unsigned char i;
BEGIN_EXCEPTION
if (qpol_cat_get_isalias(p, self, &i)) {
@@ -1022,7 +1157,8 @@ typedef struct qpol_cat {} qpol_cat_t;
fail:
return (int)i;
};
- int get_value(qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value(qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_cat_get_value(p, self, &v)) {
@@ -1032,7 +1168,8 @@ typedef struct qpol_cat {} qpol_cat_t;
fail:
return (int) v;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_cat_get_name(p, self, &name)) {
@@ -1044,7 +1181,8 @@ typedef struct qpol_cat {} qpol_cat_t;
return NULL;
};
%newobject get_alias_iter(qpol_policy_t*);
- qpol_iterator_t *get_alias_iter(qpol_policy_t *p) {
+ %rename(get_alias_iter) wrap_get_alias_iter;
+ qpol_iterator_t *wrap_get_alias_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_cat_get_alias_iter(p, self, &iter)) {
@@ -1064,18 +1202,19 @@ typedef struct qpol_cat {} qpol_cat_t;
/* qpol mls range */
typedef struct qpol_mls_range {} qpol_mls_range_t;
%extend qpol_mls_range_t {
- qpol_mls_range_t() {
+ qpol_mls_range() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~qpol_mls_range_t() {
+ ~qpol_mls_range() {
/* no op */
return;
};
- const qpol_mls_level_t *get_high_level(qpol_policy_t *p) {
+ %rename(get_high_level) wrap_get_high_level;
+ const qpol_mls_level_t *wrap_get_high_level(qpol_policy_t *p) {
const qpol_mls_level_t *l;
BEGIN_EXCEPTION
if (qpol_mls_range_get_high_level(p, self, &l)) {
@@ -1085,7 +1224,8 @@ typedef struct qpol_mls_range {} qpol_mls_range_t;
fail:
return l;
};
- const qpol_mls_level_t *get_low_level(qpol_policy_t *p) {
+ %rename(get_low_level) wrap_get_low_level;
+ const qpol_mls_level_t *wrap_get_low_level(qpol_policy_t *p) {
const qpol_mls_level_t *l;
BEGIN_EXCEPTION
if (qpol_mls_range_get_low_level(p, self, &l)) {
@@ -1105,18 +1245,19 @@ typedef struct qpol_mls_range {} qpol_mls_range_t;
/* qpol mls level */
typedef struct qpol_mls_level {} qpol_mls_level_t;
%extend qpol_mls_level_t {
- qpol_mls_level_t() {
+ qpol_mls_level() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~qpol_mls_level_t() {
+ ~qpol_mls_level() {
/* no op */
return;
};
- const char *get_sens_name(qpol_policy_t *p) {
+ %rename(get_sens_name) wrap_get_sens_name;
+ const char *wrap_get_sens_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_mls_level_get_sens_name(p, self, &name)) {
@@ -1127,7 +1268,8 @@ typedef struct qpol_mls_level {} qpol_mls_level_t;
return name;
};
%newobject get_cat_iter(qpol_policy_t*);
- qpol_iterator_t *get_cat_iter(qpol_policy_t *p) {
+ %rename(get_cat_iter) wrap_get_cat_iter;
+ qpol_iterator_t *wrap_get_cat_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_mls_level_get_cat_iter(p, self, &iter)) {
@@ -1147,7 +1289,7 @@ typedef struct qpol_mls_level {} qpol_mls_level_t;
/* qpol user */
typedef struct qpol_user {} qpol_user_t;
%extend qpol_user_t {
- qpol_user_t(qpol_policy_t *p, const char *name) {
+ qpol_user(qpol_policy_t *p, const char *name) {
const qpol_user_t *u;
BEGIN_EXCEPTION
if (qpol_policy_get_user_by_name(p, name, &u)) {
@@ -1158,11 +1300,12 @@ typedef struct qpol_user {} qpol_user_t;
fail:
return NULL;
};
- ~qpol_user_t() {
+ ~qpol_user() {
/* no op */
return;
};
- int get_value(qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value(qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_user_get_value(p, self, &v)) {
@@ -1173,7 +1316,8 @@ typedef struct qpol_user {} qpol_user_t;
return (int) v;
};
%newobject get_role_iter(qpol_policy_t*);
- qpol_iterator_t *get_role_iter(qpol_policy_t *p) {
+ %rename(get_role_iter) wrap_get_role_iter;
+ qpol_iterator_t *wrap_get_role_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_user_get_role_iter(p, self, &iter)) {
@@ -1183,7 +1327,8 @@ typedef struct qpol_user {} qpol_user_t;
fail:
return iter;
};
- const qpol_mls_range_t *get_range(qpol_policy_t *p) {
+ %rename(get_range) wrap_get_range;
+ const qpol_mls_range_t *wrap_get_range(qpol_policy_t *p) {
const qpol_mls_range_t *r;
BEGIN_EXCEPTION
if (qpol_user_get_range(p, self, &r)) {
@@ -1193,7 +1338,8 @@ typedef struct qpol_user {} qpol_user_t;
fail:
return r;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_user_get_name(p, self, &name)) {
@@ -1203,7 +1349,8 @@ typedef struct qpol_user {} qpol_user_t;
fail:
return name;
};
- const qpol_mls_level_t *get_dfltlevel(qpol_policy_t *p) {
+ %rename(get_dfltlevel) wrap_get_dfltlevel;
+ const qpol_mls_level_t *wrap_get_dfltlevel(qpol_policy_t *p) {
const qpol_mls_level_t *l;
BEGIN_EXCEPTION
if (qpol_user_get_dfltlevel(p, self, &l)) {
@@ -1223,7 +1370,7 @@ typedef struct qpol_user {} qpol_user_t;
/* qpol bool */
typedef struct qpol_bool {} qpol_bool_t;
%extend qpol_bool_t {
- qpol_bool_t(qpol_policy_t *p, const char *name) {
+ qpol_bool(qpol_policy_t *p, const char *name) {
qpol_bool_t *b;
BEGIN_EXCEPTION
if (qpol_policy_get_bool_by_name(p, name, &b)) {
@@ -1233,11 +1380,12 @@ typedef struct qpol_bool {} qpol_bool_t;
fail:
return b;
};
- ~qpol_bool_t() {
+ ~qpol_bool() {
/* no op */
return;
};
- int get_value(qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value(qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_bool_get_value(p, self, &v)) {
@@ -1247,7 +1395,8 @@ typedef struct qpol_bool {} qpol_bool_t;
fail:
return (int) v;
};
- int get_state(qpol_policy_t *p) {
+ %rename(get_state) wrap_get_state;
+ int wrap_get_state(qpol_policy_t *p) {
int s;
BEGIN_EXCEPTION
if (qpol_bool_get_state(p, self, &s)) {
@@ -1257,7 +1406,8 @@ typedef struct qpol_bool {} qpol_bool_t;
fail:
return s;
};
- void set_state(qpol_policy_t *p, int state) {
+ %rename(set_state) wrap_set_state;
+ void wrap_set_state(qpol_policy_t *p, int state) {
BEGIN_EXCEPTION
if (qpol_bool_set_state(p, self, state)) {
SWIG_exception(SWIG_RuntimeError, "Error setting boolean state");
@@ -1266,7 +1416,8 @@ typedef struct qpol_bool {} qpol_bool_t;
fail:
return;
};
- void set_state_no_eval(qpol_policy_t *p, int state) {
+ %rename(set_state_no_eval) wrap_set_state_no_eval;
+ void wrap_set_state_no_eval(qpol_policy_t *p, int state) {
BEGIN_EXCEPTION
if (qpol_bool_set_state_no_eval(p, self, state)) {
SWIG_exception(SWIG_RuntimeError, "Error setting boolean state");
@@ -1275,7 +1426,8 @@ typedef struct qpol_bool {} qpol_bool_t;
fail:
return;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_bool_get_name(p, self, &name)) {
@@ -1295,18 +1447,18 @@ typedef struct qpol_bool {} qpol_bool_t;
/* qpol context */
typedef struct qpol_context {} qpol_context_t;
%extend qpol_context_t {
- qpol_context_t() {
+ qpol_context() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_context_t() {
+ ~qpol_context() {
/* no op */
return;
};
- const qpol_user_t *get_user(qpol_policy_t *p) {
+ const qpol_user_t *wrap_get_user(qpol_policy_t *p) {
const qpol_user_t *u;
BEGIN_EXCEPTION
if (qpol_context_get_user(p, self, &u)) {
@@ -1316,7 +1468,7 @@ typedef struct qpol_context {} qpol_context_t;
fail:
return u;
};
- const qpol_role_t *get_role(qpol_policy_t *p) {
+ const qpol_role_t *wrap_get_role(qpol_policy_t *p) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_context_get_role(p, self, &r)) {
@@ -1326,7 +1478,7 @@ typedef struct qpol_context {} qpol_context_t;
fail:
return r;
};
- const qpol_type_t *get_type(qpol_policy_t *p) {
+ const qpol_type_t *wrap_get_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_context_get_type(p, self, &t)) {
@@ -1336,7 +1488,7 @@ typedef struct qpol_context {} qpol_context_t;
fail:
return t;
};
- const qpol_mls_range_t *get_range(qpol_policy_t *p) {
+ const qpol_mls_range_t *wrap_get_range(qpol_policy_t *p) {
const qpol_mls_range_t *r;
BEGIN_EXCEPTION
if (qpol_context_get_range(p, self, &r)) {
@@ -1356,7 +1508,7 @@ typedef struct qpol_context {} qpol_context_t;
/* qpol class */
typedef struct qpol_class {} qpol_class_t;
%extend qpol_class_t {
- qpol_class_t(qpol_policy_t *p, const char *name) {
+ qpol_class(qpol_policy_t *p, const char *name) {
const qpol_class_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_class_by_name(p, name, &c)) {
@@ -1366,11 +1518,12 @@ typedef struct qpol_class {} qpol_class_t;
fail:
return (qpol_class_t*)c;
};
- ~qpol_class_t() {
+ ~qpol_class() {
/* no op */
return;
};
- int get_value(qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value(qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_class_get_value(p, self, &v)) {
@@ -1380,7 +1533,8 @@ typedef struct qpol_class {} qpol_class_t;
fail:
return (int) v;
};
- const qpol_common_t *get_common(qpol_policy_t *p) {
+ %rename(get_common) wrap_get_common;
+ const qpol_common_t *wrap_get_common(qpol_policy_t *p) {
const qpol_common_t *c;
BEGIN_EXCEPTION
if(qpol_class_get_common(p, self, &c)) {
@@ -1391,7 +1545,8 @@ typedef struct qpol_class {} qpol_class_t;
return c;
};
%newobject get_perm_iter(qpol_policy_t*);
- qpol_iterator_t *get_perm_iter(qpol_policy_t *p) {
+ %rename(get_perm_iter) wrap_get_perm_iter;
+ qpol_iterator_t *wrap_get_perm_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if(qpol_class_get_perm_iter(p, self, &iter)) {
@@ -1402,7 +1557,8 @@ typedef struct qpol_class {} qpol_class_t;
return iter;
};
%newobject get_constraint_iter(qpol_policy_t*);
- qpol_iterator_t *get_constraint_iter(qpol_policy_t *p) {
+ %rename(get_constraint_iter) wrap_get_constraint_iter;
+ qpol_iterator_t *wrap_get_constraint_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if(qpol_class_get_constraint_iter(p, self, &iter)) {
@@ -1413,7 +1569,8 @@ typedef struct qpol_class {} qpol_class_t;
return iter;
};
%newobject get_validatetrans_iter(qpol_policy_t*);
- qpol_iterator_t *get_validatetrans_iter(qpol_policy_t *p) {
+ %rename(get_validatetrans_iter) wrap_get_validatetrans_iter;
+ qpol_iterator_t *wrap_get_validatetrans_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if(qpol_class_get_validatetrans_iter(p, self, &iter)) {
@@ -1423,7 +1580,8 @@ typedef struct qpol_class {} qpol_class_t;
fail:
return iter;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_class_get_name(p, self, &name)) {
@@ -1443,7 +1601,7 @@ typedef struct qpol_class {} qpol_class_t;
/* qpol common */
typedef struct qpol_common {} qpol_common_t;
%extend qpol_common_t {
- qpol_common_t(qpol_policy_t *p, const char *name) {
+ qpol_common(qpol_policy_t *p, const char *name) {
const qpol_common_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_common_by_name(p, name, &c)) {
@@ -1453,11 +1611,12 @@ typedef struct qpol_common {} qpol_common_t;
fail:
return (qpol_common_t*)c;
};
- ~qpol_common_t() {
+ ~qpol_common() {
/* no op */
return;
};
- int get_value(qpol_policy_t *p) {
+ %rename(get_value) wrap_get_value;
+ int wrap_get_value(qpol_policy_t *p) {
uint32_t v;
BEGIN_EXCEPTION
if (qpol_common_get_value(p, self, &v)) {
@@ -1468,7 +1627,8 @@ typedef struct qpol_common {} qpol_common_t;
return (int) v;
};
%newobject get_perm_iter(qpol_policy_t*);
- qpol_iterator_t *get_perm_iter(qpol_policy_t *p) {
+ %rename(get_perm_iter) wrap_get_perm_iter;
+ qpol_iterator_t *wrap_get_perm_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if(qpol_common_get_perm_iter(p, self, &iter)) {
@@ -1478,7 +1638,8 @@ typedef struct qpol_common {} qpol_common_t;
fail:
return iter;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_common_get_name(p, self, &name)) {
@@ -1516,7 +1677,7 @@ typedef struct qpol_common {} qpol_common_t;
#endif
typedef struct qpol_fs_use {} qpol_fs_use_t;
%extend qpol_fs_use_t {
- qpol_fs_use_t(qpol_policy_t *p, const char *name) {
+ qpol_fs_use(qpol_policy_t *p, const char *name) {
const qpol_fs_use_t *f;
BEGIN_EXCEPTION
if (qpol_policy_get_fs_use_by_name(p, name, &f)) {
@@ -1526,11 +1687,12 @@ typedef struct qpol_fs_use {} qpol_fs_use_t;
fail:
return (qpol_fs_use_t*)f;
};
- ~qpol_fs_use_t() {
+ ~qpol_fs_use() {
/* no op */
return;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_fs_use_get_name(p, self, &name)) {
@@ -1540,7 +1702,8 @@ typedef struct qpol_fs_use {} qpol_fs_use_t;
fail:
return name;
};
- int get_behavior(qpol_policy_t *p) {
+ %rename(get_behavior) wrap_get_behavior;
+ int wrap_get_behavior(qpol_policy_t *p) {
uint32_t behav;
BEGIN_EXCEPTION
if (qpol_fs_use_get_behavior(p, self, &behav)) {
@@ -1550,7 +1713,8 @@ typedef struct qpol_fs_use {} qpol_fs_use_t;
fail:
return (int) behav;
};
- const qpol_context_t *get_context(qpol_policy_t *p) {
+ %rename(get_context) wrap_get_context;
+ const qpol_context_t *wrap_get_context(qpol_policy_t *p) {
uint32_t behav;
const qpol_context_t *ctx = NULL;
BEGIN_EXCEPTION
@@ -1594,7 +1758,7 @@ typedef struct qpol_fs_use {} qpol_fs_use_t;
#endif
typedef struct qpol_genfscon {} qpol_genfscon_t;
%extend qpol_genfscon_t {
- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) {
+ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) {
qpol_genfscon_t *g;
BEGIN_EXCEPTION
if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) {
@@ -1604,10 +1768,11 @@ typedef struct qpol_genfscon {} qpol_genfscon_t;
fail:
return g;
};
- ~qpol_genfscon_t() {
+ ~qpol_genfscon() {
free(self);
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_genfscon_get_name(p, self, &name)) {
@@ -1617,7 +1782,8 @@ typedef struct qpol_genfscon {} qpol_genfscon_t;
fail:
return name;
};
- const char *get_path(qpol_policy_t *p) {
+ %rename(get_path) wrap_get_path;
+ const char *wrap_get_path(qpol_policy_t *p) {
const char *path;
BEGIN_EXCEPTION
if (qpol_genfscon_get_path(p, self, &path)) {
@@ -1627,7 +1793,8 @@ typedef struct qpol_genfscon {} qpol_genfscon_t;
fail:
return path;
};
- int get_class(qpol_policy_t *p) {
+ %rename(get_class) wrap_get_class;
+ int wrap_get_class(qpol_policy_t *p) {
uint32_t cls;
BEGIN_EXCEPTION
if (qpol_genfscon_get_class(p, self, &cls)) {
@@ -1637,7 +1804,8 @@ typedef struct qpol_genfscon {} qpol_genfscon_t;
fail:
return (int) cls;
};
- const qpol_context_t *get_context(qpol_policy_t *p) {
+ %rename(get_context) wrap_get_context;
+ const qpol_context_t *wrap_get_context(qpol_policy_t *p) {
const qpol_context_t *ctx;
BEGIN_EXCEPTION
if (qpol_genfscon_get_context(p, self, &ctx)) {
@@ -1657,7 +1825,7 @@ typedef struct qpol_genfscon {} qpol_genfscon_t;
/* qpol isid */
typedef struct qpol_isid {} qpol_isid_t;
%extend qpol_isid_t {
- qpol_isid_t(qpol_policy_t *p, const char *name) {
+ qpol_isid(qpol_policy_t *p, const char *name) {
const qpol_isid_t *i;
BEGIN_EXCEPTION
if (qpol_policy_get_isid_by_name(p, name, &i)) {
@@ -1667,11 +1835,12 @@ typedef struct qpol_isid {} qpol_isid_t;
fail:
return (qpol_isid_t*)i;
};
- ~qpol_isid_t() {
+ ~qpol_isid() {
/* no op */
return;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_isid_get_name(p, self, &name)) {
@@ -1681,7 +1850,8 @@ typedef struct qpol_isid {} qpol_isid_t;
fail:
return name;
};
- const qpol_context_t *get_context(qpol_policy_t *p) {
+ %rename(get_context) wrap_get_context;
+ const qpol_context_t *wrap_get_context(qpol_policy_t *p) {
const qpol_context_t *ctx;
BEGIN_EXCEPTION
if (qpol_isid_get_context(p, self, &ctx)) {
@@ -1701,7 +1871,7 @@ typedef struct qpol_isid {} qpol_isid_t;
/* qpol netifcon */
typedef struct qpol_netifcon {} qpol_netifcon_t;
%extend qpol_netifcon_t {
- qpol_netifcon_t(qpol_policy_t *p, const char *name) {
+ qpol_netifcon(qpol_policy_t *p, const char *name) {
const qpol_netifcon_t *n;
BEGIN_EXCEPTION
if (qpol_policy_get_netifcon_by_name(p, name, &n)) {
@@ -1711,11 +1881,12 @@ typedef struct qpol_netifcon {} qpol_netifcon_t;
fail:
return (qpol_netifcon_t*)n;
};
- ~qpol_netifcon_t() {
+ ~qpol_netifcon() {
/* no op */
return;
};
- const char *get_name(qpol_policy_t *p) {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
const char *name;
BEGIN_EXCEPTION
if (qpol_netifcon_get_name(p, self, &name)) {
@@ -1725,7 +1896,8 @@ typedef struct qpol_netifcon {} qpol_netifcon_t;
fail:
return name;
};
- const qpol_context_t *get_msg_con(qpol_policy_t *p) {
+ %rename(get_msg_con) wrap_get_msg_con;
+ const qpol_context_t *wrap_get_msg_con(qpol_policy_t *p) {
const qpol_context_t *ctx;
BEGIN_EXCEPTION
if (qpol_netifcon_get_msg_con(p, self, &ctx)) {
@@ -1735,7 +1907,8 @@ typedef struct qpol_netifcon {} qpol_netifcon_t;
fail:
return ctx;
};
- const qpol_context_t *get_if_con(qpol_policy_t *p) {
+ %rename(get_if_con) wrap_get_if_con;
+ const qpol_context_t *wrap_get_if_con(qpol_policy_t *p) {
const qpol_context_t *ctx;
BEGIN_EXCEPTION
if (qpol_netifcon_get_if_con(p, self, &ctx)) {
@@ -1757,7 +1930,7 @@ typedef struct qpol_netifcon {} qpol_netifcon_t;
#define QPOL_IPV6 1
typedef struct qpol_nodecon {} qpol_nodecon_t;
%extend qpol_nodecon_t {
- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
+ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
uint32_t a[4], m[4];
qpol_nodecon_t *n;
BEGIN_EXCEPTION
@@ -1772,10 +1945,11 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
fail:
return n;
}
- ~qpol_nodecon_t() {
+ ~qpol_nodecon() {
free(self);
};
- uint32_t *get_addr(qpol_policy_t *p) {
+ %rename(get_addr) wrap_get_addr;
+ uint32_t *wrap_get_addr(qpol_policy_t *p) {
uint32_t *a;
BEGIN_EXCEPTION
unsigned char proto; /* currently dropped; stores the protocol - call get_protocol() */
@@ -1786,7 +1960,8 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
fail:
return a;
};
- uint32_t *get_mask(qpol_policy_t *p) {
+ %rename(get_mask) wrap_get_mask;
+ uint32_t *wrap_get_mask(qpol_policy_t *p) {
uint32_t *m;
BEGIN_EXCEPTION
unsigned char proto; /* currently dropped; stores the protocol - call get_protocol() */
@@ -1797,7 +1972,8 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
fail:
return m;
};
- int get_protocol(qpol_policy_t *p) {
+ %rename(get_protocol) wrap_get_protocol;
+ int wrap_get_protocol(qpol_policy_t *p) {
unsigned char proto;
BEGIN_EXCEPTION
if (qpol_nodecon_get_protocol(p, self, &proto)) {
@@ -1807,7 +1983,8 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
fail:
return proto;
};
- const qpol_context_t *get_context(qpol_policy_t *p) {
+ %rename(get_context) wrap_get_context;
+ const qpol_context_t *wrap_get_context(qpol_policy_t *p) {
const qpol_context_t *ctx;
BEGIN_EXCEPTION
if (qpol_nodecon_get_context(p, self, &ctx)) {
@@ -1830,7 +2007,7 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
#define IPPROTO_UDP 17
typedef struct qpol_portcon {} qpol_portcon_t;
%extend qpol_portcon_t {
- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
+ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
const qpol_portcon_t *qp;
BEGIN_EXCEPTION
if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) {
@@ -1840,11 +2017,12 @@ typedef struct qpol_portcon {} qpol_portcon_t;
fail:
return (qpol_portcon_t*)qp;
};
- ~qpol_portcon_t() {
+ ~qpol_portcon() {
/* no op */
return;
};
- uint16_t get_low_port(qpol_policy_t *p) {
+ %rename(get_low_port) wrap_get_low_port;
+ uint16_t wrap_get_low_port(qpol_policy_t *p) {
uint16_t port = 0;
BEGIN_EXCEPTION
if(qpol_portcon_get_low_port(p, self, &port)) {
@@ -1854,7 +2032,8 @@ typedef struct qpol_portcon {} qpol_portcon_t;
fail:
return port;
};
- uint16_t get_high_port(qpol_policy_t *p) {
+ %rename(get_high_port) wrap_get_high_port;
+ uint16_t wrap_get_high_port(qpol_policy_t *p) {
uint16_t port = 0;
BEGIN_EXCEPTION
if(qpol_portcon_get_high_port(p, self, &port)) {
@@ -1864,7 +2043,8 @@ typedef struct qpol_portcon {} qpol_portcon_t;
fail:
return port;
};
- uint8_t get_protocol(qpol_policy_t *p) {
+ %rename(get_protocol) wrap_get_protocol;
+ uint8_t wrap_get_protocol(qpol_policy_t *p) {
uint8_t proto = 0;
BEGIN_EXCEPTION
if (qpol_portcon_get_protocol(p, self, &proto)) {
@@ -1874,7 +2054,8 @@ typedef struct qpol_portcon {} qpol_portcon_t;
fail:
return proto;
};
- const qpol_context_t *get_context(qpol_policy_t *p) {
+ %rename(get_context) wrap_get_context;
+ const qpol_context_t *wrap_get_context(qpol_policy_t *p) {
const qpol_context_t *ctx;
BEGIN_EXCEPTION
if (qpol_portcon_get_context(p, self, &ctx)) {
@@ -1894,17 +2075,18 @@ typedef struct qpol_portcon {} qpol_portcon_t;
/* qpol constraint */
typedef struct qpol_constraint {} qpol_constraint_t;
%extend qpol_constraint_t {
- qpol_constraint_t() {
+ qpol_constraint() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_constraint_t() {
+ ~qpol_constraint() {
free(self);
};
- const qpol_class_t *get_class(qpol_policy_t *p) {
+ %rename(get_class) wrap_get_class;
+ const qpol_class_t *wrap_get_class(qpol_policy_t *p) {
const qpol_class_t *cls;
BEGIN_EXCEPTION
if (qpol_constraint_get_class(p, self, &cls)) {
@@ -1915,7 +2097,8 @@ typedef struct qpol_constraint {} qpol_constraint_t;
return cls;
};
%newobject get_perm_iter(qpol_policy_t*);
- qpol_iterator_t *get_perm_iter(qpol_policy_t *p) {
+ %rename(get_perm_iter) wrap_get_perm_iter;
+ qpol_iterator_t *wrap_get_perm_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_constraint_get_perm_iter(p, self, &iter)) {
@@ -1926,7 +2109,8 @@ typedef struct qpol_constraint {} qpol_constraint_t;
return iter;
};
%newobject get_expr_iter(qpol_policy_t*);
- qpol_iterator_t *get_expr_iter(qpol_policy_t *p) {
+ %rename(get_expr_iter) wrap_get_expr_iter;
+ qpol_iterator_t *wrap_get_expr_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_constraint_get_expr_iter(p, self, &iter)) {
@@ -1946,17 +2130,18 @@ typedef struct qpol_constraint {} qpol_constraint_t;
/* qpol validatetrans */
typedef struct qpol_validatetrans {} qpol_validatetrans_t;
%extend qpol_validatetrans_t {
- qpol_validatetrans_t() {
+ qpol_validatetrans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_validatetrans_t() {
+ ~qpol_validatetrans() {
free(self);
};
- const qpol_class_t *get_class(qpol_policy_t *p) {
+ %rename(get_class) wrap_get_class;
+ const qpol_class_t *wrap_get_class(qpol_policy_t *p) {
const qpol_class_t *cls;
BEGIN_EXCEPTION
if (qpol_validatetrans_get_class(p, self, &cls)) {
@@ -1967,7 +2152,8 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t;
return cls;
};
%newobject get_expr_iter(qpol_policy_t*);
- qpol_iterator_t *get_expr_iter(qpol_policy_t *p) {
+ %rename(get_expr_iter) wrap_get_expr_iter;
+ qpol_iterator_t *wrap_get_expr_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_validatetrans_get_expr_iter(p, self, &iter)) {
@@ -2011,18 +2197,19 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t;
#define QPOL_CEXPR_OP_INCOMP 5
typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
%extend qpol_constraint_expr_node_t {
- qpol_constraint_expr_node_t() {
+ qpol_constraint_expr_node() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_constraint_expr_node_t() {
+ ~qpol_constraint_expr_node() {
/* no op */
return;
};
- int get_expr_type(qpol_policy_t *p) {
+ %rename(get_expr_type) wrap_get_expr_type;
+ int wrap_get_expr_type(qpol_policy_t *p) {
uint32_t et;
BEGIN_EXCEPTION
if (qpol_constraint_expr_node_get_expr_type(p, self, &et)) {
@@ -2032,7 +2219,8 @@ typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
fail:
return (int) et;
};
- int get_sym_type(qpol_policy_t *p) {
+ %rename(get_sym_type) wrap_get_sym_type;
+ int wrap_get_sym_type(qpol_policy_t *p) {
uint32_t st;
BEGIN_EXCEPTION
if (qpol_constraint_expr_node_get_sym_type(p, self, &st)) {
@@ -2042,7 +2230,8 @@ typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
fail:
return (int) st;
};
- int get_op(qpol_policy_t *p) {
+ %rename(get_op) wrap_get_op;
+ int wrap_get_op(qpol_policy_t *p) {
uint32_t op;
BEGIN_EXCEPTION
if (qpol_constraint_expr_node_get_op(p, self, &op)) {
@@ -2053,7 +2242,8 @@ typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
return (int) op;
};
%newobject get_names_iter(qpol_policy_t*);
- qpol_iterator_t *get_names_iter(qpol_policy_t *p) {
+ %rename(get_names_iter) wrap_get_names_iter;
+ qpol_iterator_t *wrap_get_names_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_constraint_expr_node_get_names_iter(p, self, &iter)) {
@@ -2073,18 +2263,19 @@ typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
/* qpol role allow */
typedef struct qpol_role_allow {} qpol_role_allow_t;
%extend qpol_role_allow_t {
- qpol_role_allow_t() {
+ qpol_role_allow() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_role_allow_t() {
+ ~qpol_role_allow() {
/* no op */
return;
};
- const qpol_role_t *get_source_role(qpol_policy_t *p) {
+ %rename(get_source_role) wrap_get_source_role;
+ const qpol_role_t *wrap_get_source_role(qpol_policy_t *p) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_role_allow_get_source_role(p, self, &r)) {
@@ -2094,7 +2285,8 @@ typedef struct qpol_role_allow {} qpol_role_allow_t;
fail:
return r;
};
- const qpol_role_t *get_target_role(qpol_policy_t *p) {
+ %rename(get_target_role) wrap_get_target_role;
+ const qpol_role_t *wrap_get_target_role(qpol_policy_t *p) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_role_allow_get_target_role(p, self, &r)) {
@@ -2114,18 +2306,19 @@ typedef struct qpol_role_allow {} qpol_role_allow_t;
/* qpol role trans */
typedef struct qpol_role_trans {} qpol_role_trans_t;
%extend qpol_role_trans_t {
- qpol_role_trans_t() {
+ qpol_role_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_role_trans_t() {
+ ~qpol_role_trans() {
/* no op */
return;
};
- const qpol_role_t *get_source_role(qpol_policy_t *p) {
+ %rename(get_source_role) wrap_get_source_role;
+ const qpol_role_t *wrap_get_source_role(qpol_policy_t *p) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_role_trans_get_source_role(p, self, &r)) {
@@ -2135,7 +2328,8 @@ typedef struct qpol_role_trans {} qpol_role_trans_t;
fail:
return r;
};
- const qpol_type_t *get_target_type(qpol_policy_t *p) {
+ %rename(get_target_type) wrap_get_target_type;
+ const qpol_type_t *wrap_get_target_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_role_trans_get_target_type(p, self, &t)) {
@@ -2145,7 +2339,19 @@ typedef struct qpol_role_trans {} qpol_role_trans_t;
fail:
return t;
};
- const qpol_role_t *get_default_role(qpol_policy_t *p) {
+ %rename(get_object_class) wrap_get_object_class;
+ const qpol_class_t *wrap_get_object_class(qpol_policy_t *p) {
+ const qpol_class_t *c;
+ BEGIN_EXCEPTION
+ if (qpol_role_trans_get_object_class(p, self, &c)) {
+ SWIG_exception(SWIG_ValueError, "Could not get class for role_transition rule");
+ }
+ END_EXCEPTION
+ fail:
+ return c;
+ };
+ %rename(get_default_role) wrap_get_default_role;
+ const qpol_role_t *wrap_get_default_role(qpol_policy_t *p) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_role_trans_get_default_role(p, self, &r)) {
@@ -2165,18 +2371,19 @@ typedef struct qpol_role_trans {} qpol_role_trans_t;
/* qpol range trans */
typedef struct qpol_range_trans {} qpol_range_trans_t;
%extend qpol_range_trans_t {
- qpol_range_trans_t() {
+ qpol_range_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_range_trans_t() {
+ ~qpol_range_trans() {
/* no op */
return;
};
- const qpol_type_t *get_source_type (qpol_policy_t *p) {
+ %rename(get_source_type) wrap_get_source_type;
+ const qpol_type_t *wrap_get_source_type (qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_range_trans_get_source_type(p, self, &t)) {
@@ -2186,7 +2393,8 @@ typedef struct qpol_range_trans {} qpol_range_trans_t;
fail:
return t;
};
- const qpol_type_t *get_target_type (qpol_policy_t *p) {
+ %rename(get_target_type) wrap_get_target_type;
+ const qpol_type_t *wrap_get_target_type (qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_range_trans_get_target_type(p, self, &t)) {
@@ -2195,7 +2403,8 @@ typedef struct qpol_range_trans {} qpol_range_trans_t;
fail:
return t;
};
- const qpol_class_t *get_target_class(qpol_policy_t *p) {
+ %rename(get_target_class) wrap_get_target_class;
+ const qpol_class_t *wrap_get_target_class(qpol_policy_t *p) {
const qpol_class_t *cls;
BEGIN_EXCEPTION
if (qpol_range_trans_get_target_class(p, self, &cls)) {
@@ -2204,7 +2413,8 @@ typedef struct qpol_range_trans {} qpol_range_trans_t;
fail:
return cls;
};
- const qpol_mls_range_t *get_range(qpol_policy_t *p) {
+ %rename(get_range) wrap_get_range;
+ const qpol_mls_range_t *wrap_get_range(qpol_policy_t *p) {
const qpol_mls_range_t *r;
BEGIN_EXCEPTION
if (qpol_range_trans_get_range(p, self, &r)) {
@@ -2228,18 +2438,19 @@ typedef struct qpol_range_trans {} qpol_range_trans_t;
#define QPOL_RULE_DONTAUDIT 4
typedef struct qpol_avrule {} qpol_avrule_t;
%extend qpol_avrule_t {
- qpol_avrule_t() {
+ qpol_avrule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_avrule_t() {
+ ~qpol_avrule() {
/* no op */
return;
};
- int get_rule_type(qpol_policy_t *p) {
+ %rename(get_rule_type) wrap_get_rule_type;
+ int wrap_get_rule_type(qpol_policy_t *p) {
uint32_t rt;
BEGIN_EXCEPTION
if (qpol_avrule_get_rule_type(p, self, &rt)) {
@@ -2249,7 +2460,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
fail:
return (int) rt;
};
- const qpol_type_t *get_source_type(qpol_policy_t *p) {
+ %rename(get_source_type) wrap_get_source_type;
+ const qpol_type_t *wrap_get_source_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_avrule_get_source_type(p, self, &t)) {
@@ -2259,7 +2471,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
fail:
return t;
};
- const qpol_type_t *get_target_type(qpol_policy_t *p) {
+ %rename(get_target_type) wrap_get_target_type;
+ const qpol_type_t *wrap_get_target_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_avrule_get_target_type(p, self, &t)) {
@@ -2269,7 +2482,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
fail:
return t;
};
- const qpol_class_t *get_object_class(qpol_policy_t *p) {
+ %rename(get_object_class) wrap_get_object_class;
+ const qpol_class_t *wrap_get_object_class(qpol_policy_t *p) {
const qpol_class_t *cls;
BEGIN_EXCEPTION
if (qpol_avrule_get_object_class(p, self, &cls)) {
@@ -2280,7 +2494,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
return cls;
};
%newobject get_perm_iter(qpol_policy_t *p);
- qpol_iterator_t *get_perm_iter(qpol_policy_t *p) {
+ %rename(get_perm_iter) wrap_get_perm_iter;
+ qpol_iterator_t *wrap_get_perm_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_avrule_get_perm_iter(p, self, &iter)) {
@@ -2290,7 +2505,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
fail:
return iter;
};
- const qpol_cond_t *get_cond(qpol_policy_t *p) {
+ %rename(get_cond) wrap_get_cond;
+ const qpol_cond_t *wrap_get_cond(qpol_policy_t *p) {
const qpol_cond_t *c;
BEGIN_EXCEPTION
if (qpol_avrule_get_cond(p, self, &c)) {
@@ -2300,7 +2516,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
fail:
return c;
};
- int get_is_enabled(qpol_policy_t *p) {
+ %rename(get_is_enabled) wrap_get_is_enabled;
+ int wrap_get_is_enabled(qpol_policy_t *p) {
uint32_t e;
BEGIN_EXCEPTION
if (qpol_avrule_get_is_enabled(p, self, &e)) {
@@ -2310,7 +2527,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
fail:
return (int) e;
};
- int get_which_list(qpol_policy_t *p) {
+ %rename(get_which_list) wrap_get_which_list;
+ int wrap_get_which_list(qpol_policy_t *p) {
const qpol_cond_t *c;
uint32_t which = 0;
BEGIN_EXCEPTION
@@ -2325,7 +2543,8 @@ typedef struct qpol_avrule {} qpol_avrule_t;
return (int) which;
};
%newobject get_syn_avrule_iter(qpol_policy_t*);
- qpol_iterator_t *get_syn_avrule_iter(qpol_policy_t *p) {
+ %rename(get_syn_avrule_iter) wrap_get_syn_avrule_iter;
+ qpol_iterator_t *wrap_get_syn_avrule_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_avrule_get_syn_avrule_iter(p, self, &iter)) {
@@ -2348,18 +2567,19 @@ typedef struct qpol_avrule {} qpol_avrule_t;
#define QPOL_RULE_TYPE_MEMBER 32
typedef struct qpol_terule {} qpol_terule_t;
%extend qpol_terule_t {
- qpol_terule_t() {
+ qpol_terule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_terule_t() {
+ ~qpol_terule() {
/* no op */
return;
};
- int get_rule_type(qpol_policy_t *p) {
+ %rename(get_rule_type) wrap_get_rule_type;
+ int wrap_get_rule_type(qpol_policy_t *p) {
uint32_t rt;
BEGIN_EXCEPTION
if (qpol_terule_get_rule_type(p, self, &rt)) {
@@ -2369,7 +2589,8 @@ typedef struct qpol_terule {} qpol_terule_t;
fail:
return (int) rt;
};
- const qpol_type_t *get_source_type(qpol_policy_t *p) {
+ %rename(get_source_type) wrap_get_source_type;
+ const qpol_type_t *wrap_get_source_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_terule_get_source_type(p, self, &t)) {
@@ -2379,7 +2600,8 @@ typedef struct qpol_terule {} qpol_terule_t;
fail:
return t;
};
- const qpol_type_t *get_target_type(qpol_policy_t *p) {
+ %rename(get_target_type) wrap_get_target_type;
+ const qpol_type_t *wrap_get_target_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_terule_get_target_type(p, self, &t)) {
@@ -2389,7 +2611,8 @@ typedef struct qpol_terule {} qpol_terule_t;
fail:
return t;
};
- const qpol_class_t *get_object_class(qpol_policy_t *p) {
+ %rename(get_object_class) wrap_get_object_class;
+ const qpol_class_t *wrap_get_object_class(qpol_policy_t *p) {
const qpol_class_t *cls;
BEGIN_EXCEPTION
if (qpol_terule_get_object_class(p, self, &cls)) {
@@ -2399,7 +2622,8 @@ typedef struct qpol_terule {} qpol_terule_t;
fail:
return cls;
};
- const qpol_type_t *get_default_type(qpol_policy_t *p) {
+ %rename(get_default_type) wrap_get_default_type;
+ const qpol_type_t *wrap_get_default_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_terule_get_default_type(p, self, &t)) {
@@ -2409,7 +2633,8 @@ typedef struct qpol_terule {} qpol_terule_t;
fail:
return t;
};
- const qpol_cond_t *get_cond(qpol_policy_t *p) {
+ %rename(get_cond) wrap_get_cond;
+ const qpol_cond_t *wrap_get_cond(qpol_policy_t *p) {
const qpol_cond_t *c;
BEGIN_EXCEPTION
if (qpol_terule_get_cond(p, self, &c)) {
@@ -2419,7 +2644,8 @@ typedef struct qpol_terule {} qpol_terule_t;
fail:
return c;
};
- int get_is_enabled(qpol_policy_t *p) {
+ %rename(get_is_enabled) wrap_get_is_enabled;
+ int wrap_get_is_enabled(qpol_policy_t *p) {
uint32_t e;
BEGIN_EXCEPTION
if (qpol_terule_get_is_enabled(p, self, &e)) {
@@ -2429,7 +2655,8 @@ typedef struct qpol_terule {} qpol_terule_t;
fail:
return (int) e;
};
- int get_which_list(qpol_policy_t *p) {
+ %rename(get_which_list) wrap_get_which_list;
+ int wrap_get_which_list(qpol_policy_t *p) {
const qpol_cond_t *c;
uint32_t which = 0;
BEGIN_EXCEPTION
@@ -2444,7 +2671,8 @@ typedef struct qpol_terule {} qpol_terule_t;
return (int) which;
};
%newobject get_syn_terule_iter(qpol_policy_t*);
- qpol_iterator_t *get_syn_terule_iter(qpol_policy_t *p) {
+ %rename(get_syn_terule_iter) wrap_get_syn_terule_iter;
+ qpol_iterator_t *wrap_get_syn_terule_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_terule_get_syn_terule_iter(p, self, &iter)) {
@@ -2464,19 +2692,20 @@ typedef struct qpol_terule {} qpol_terule_t;
/* qpol conditional */
typedef struct qpol_cond {} qpol_cond_t;
%extend qpol_cond_t {
- qpol_cond_t() {
+ qpol_cond() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_cond_t() {
+ ~qpol_cond() {
/* no op */
return;
};
%newobject get_expr_node_iter(qpol_policy_t*);
- qpol_iterator_t *get_expr_node_iter(qpol_policy_t *p) {
+ %rename(get_expr_node_iter) wrap_get_expr_node_iter;
+ qpol_iterator_t *wrap_get_expr_node_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_cond_get_expr_node_iter(p, self, &iter)) {
@@ -2487,7 +2716,8 @@ typedef struct qpol_cond {} qpol_cond_t;
return iter;
};
%newobject get_av_true_iter(qpol_policy_t*, int);
- qpol_iterator_t *get_av_true_iter(qpol_policy_t *p, int rule_types) {
+ %rename(get_av_true_iter) wrap_get_av_true_iter;
+ qpol_iterator_t *wrap_get_av_true_iter(qpol_policy_t *p, int rule_types) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_cond_get_av_true_iter(p, self, rule_types, &iter)) {
@@ -2498,7 +2728,8 @@ typedef struct qpol_cond {} qpol_cond_t;
return iter;
};
%newobject get_av_false_iter(qpol_policy_t*, int);
- qpol_iterator_t *get_av_false_iter(qpol_policy_t *p, int rule_types) {
+ %rename(get_av_false_iter) wrap_get_av_false_iter;
+ qpol_iterator_t *wrap_get_av_false_iter(qpol_policy_t *p, int rule_types) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_cond_get_av_false_iter(p, self, rule_types, &iter)) {
@@ -2509,7 +2740,8 @@ typedef struct qpol_cond {} qpol_cond_t;
return iter;
};
%newobject get_te_true_iter(qpol_policy_t*, int);
- qpol_iterator_t *get_te_true_iter(qpol_policy_t *p, int rule_types) {
+ %rename(get_te_true_iter) wrap_get_te_true_iter;
+ qpol_iterator_t *wrap_get_te_true_iter(qpol_policy_t *p, int rule_types) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_cond_get_te_true_iter(p, self, rule_types, &iter)) {
@@ -2520,7 +2752,8 @@ typedef struct qpol_cond {} qpol_cond_t;
return iter;
};
%newobject get_te_false_iter(qpol_policy_t*, int);
- qpol_iterator_t *get_te_false_iter(qpol_policy_t *p, int rule_types) {
+ %rename(get_te_false_iter) wrap_get_te_false_iter;
+ qpol_iterator_t *wrap_get_te_false_iter(qpol_policy_t *p, int rule_types) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_cond_get_te_false_iter(p, self, rule_types, &iter)) {
@@ -2530,7 +2763,8 @@ typedef struct qpol_cond {} qpol_cond_t;
fail:
return iter;
};
- int eval(qpol_policy_t *p) {
+ %rename(eval) wrap_eval;
+ int wrap_eval(qpol_policy_t *p) {
uint32_t e;
BEGIN_EXCEPTION
if (qpol_cond_eval(p, self, &e)) {
@@ -2557,18 +2791,19 @@ typedef struct qpol_cond {} qpol_cond_t;
#define QPOL_COND_EXPR_NEQ 7 /* bool != bool */
typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
%extend qpol_cond_expr_node_t {
- qpol_cond_expr_node_t() {
+ qpol_cond_expr_node() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_cond_expr_node_t() {
+ ~qpol_cond_expr_node() {
/* no op */
return;
};
- int get_expr_type(qpol_policy_t *p) {
+ %rename(get_expr_type) wrap_get_expr_type;
+ int wrap_get_expr_type(qpol_policy_t *p) {
uint32_t et;
BEGIN_EXCEPTION
if (qpol_cond_expr_node_get_expr_type(p, self, &et)) {
@@ -2578,7 +2813,8 @@ typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
fail:
return (int) et;
};
- qpol_bool_t *get_bool(qpol_policy_t *p) {
+ %rename(get_bool) wrap_get_bool;
+ qpol_bool_t *wrap_get_bool(qpol_policy_t *p) {
uint32_t et;
qpol_bool_t *b = NULL;
BEGIN_EXCEPTION
@@ -2602,19 +2838,20 @@ typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
/* qpol type set */
typedef struct qpol_type_set {} qpol_type_set_t;
%extend qpol_type_set_t {
- qpol_type_set_t() {
+ qpol_type_set() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_type_set_t() {
+ ~qpol_type_set() {
/* no op */
return;
};
%newobject get_included_types_iter(qpol_policy_t*);
- qpol_iterator_t *get_included_types_iter(qpol_policy_t *p) {
+ %rename(get_included_types_iter) wrap_get_included_types_iter;
+ qpol_iterator_t *wrap_get_included_types_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_type_set_get_included_types_iter(p, self, &iter)) {
@@ -2625,7 +2862,8 @@ typedef struct qpol_type_set {} qpol_type_set_t;
return iter;
};
%newobject get_subtracted_types_iter(qpol_policy_t*);
- qpol_iterator_t *get_subtracted_types_iter(qpol_policy_t *p) {
+ %rename(get_subtracted_types_iter) wrap_get_subtracted_types_iter;
+ qpol_iterator_t *wrap_get_subtracted_types_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_type_set_get_subtracted_types_iter(p, self, &iter)) {
@@ -2635,7 +2873,8 @@ typedef struct qpol_type_set {} qpol_type_set_t;
fail:
return iter;
};
- int get_is_star(qpol_policy_t *p) {
+ %rename(get_is_star) wrap_get_is_star;
+ int wrap_get_is_star(qpol_policy_t *p) {
uint32_t s;
BEGIN_EXCEPTION
if (qpol_type_set_get_is_star(p, self, &s)) {
@@ -2645,7 +2884,8 @@ typedef struct qpol_type_set {} qpol_type_set_t;
fail:
return (int) s;
};
- int get_is_comp(qpol_policy_t *p) {
+ %rename(get_is_comp) wrap_get_is_comp;
+ int wrap_get_is_comp(qpol_policy_t *p) {
uint32_t c;
BEGIN_EXCEPTION
if (qpol_type_set_get_is_comp(p, self, &c)) {
@@ -2665,18 +2905,19 @@ typedef struct qpol_type_set {} qpol_type_set_t;
/* qpol syn av rule */
typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
%extend qpol_syn_avrule_t {
- qpol_syn_avrule_t() {
+ qpol_syn_avrule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_syn_avrule_t() {
+ ~qpol_syn_avrule() {
/* no op */
return;
};
- int get_rule_type(qpol_policy_t *p) {
+ %rename(get_rule_type) wrap_get_rule_type;
+ int wrap_get_rule_type(qpol_policy_t *p) {
uint32_t rt;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_rule_type(p, self, &rt)) {
@@ -2686,7 +2927,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
fail:
return (int) rt;
};
- const qpol_type_set_t *get_source_type_set(qpol_policy_t *p) {
+ %rename(get_source_type_set) wrap_get_source_type_set;
+ const qpol_type_set_t *wrap_get_source_type_set(qpol_policy_t *p) {
const qpol_type_set_t *ts;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_source_type_set(p, self, &ts)) {
@@ -2696,7 +2938,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
fail:
return ts;
};
- const qpol_type_set_t *get_target_type_set(qpol_policy_t *p) {
+ %rename(get_target_type_set) wrap_get_target_type_set;
+ const qpol_type_set_t *wrap_get_target_type_set(qpol_policy_t *p) {
const qpol_type_set_t *ts;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_target_type_set(p, self, &ts)) {
@@ -2706,7 +2949,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
fail:
return ts;
};
- int get_is_target_self(qpol_policy_t *p) {
+ %rename(get_is_target_self) wrap_get_is_target_self;
+ int wrap_get_is_target_self(qpol_policy_t *p) {
uint32_t i;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_is_target_self(p, self, &i)) {
@@ -2717,7 +2961,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
return (int) i;
};
%newobject get_class_iter(qpol_policy_t*);
- qpol_iterator_t *get_class_iter(qpol_policy_t *p) {
+ %rename(get_class_iter) wrap_get_class_iter;
+ qpol_iterator_t *wrap_get_class_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_class_iter(p, self, &iter)) {
@@ -2728,7 +2973,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
return iter;
};
%newobject get_perm_iter(qpol_policy_t*);
- qpol_iterator_t *get_perm_iter(qpol_policy_t *p) {
+ %rename(get_perm_iter) wrap_get_perm_iter;
+ qpol_iterator_t *wrap_get_perm_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_perm_iter(p, self, &iter)) {
@@ -2738,7 +2984,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
fail:
return iter;
};
- long get_lineno(qpol_policy_t *p) {
+ %rename(get_lineno) wrap_get_lineno;
+ long wrap_get_lineno(qpol_policy_t *p) {
unsigned long l;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_lineno(p, self, &l)) {
@@ -2748,7 +2995,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
fail:
return (long)l;
};
- const qpol_cond_t *get_cond(qpol_policy_t *p) {
+ %rename(get_cond) wrap_get_cond;
+ const qpol_cond_t *wrap_get_cond(qpol_policy_t *p) {
const qpol_cond_t *c;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_cond(p, self, &c)) {
@@ -2758,7 +3006,8 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
fail:
return c;
};
- int get_is_enabled(qpol_policy_t *p) {
+ %rename(get_is_enabled) wrap_get_is_enabled;
+ int wrap_get_is_enabled(qpol_policy_t *p) {
uint32_t e;
BEGIN_EXCEPTION
if (qpol_syn_avrule_get_is_enabled(p, self, &e)) {
@@ -2778,18 +3027,19 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
/* qpol syn te rule */
typedef struct qpol_syn_terule {} qpol_syn_terule_t;
%extend qpol_syn_terule_t {
- qpol_syn_terule_t() {
+ qpol_syn_terule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_syn_terule_t() {
+ ~qpol_syn_terule() {
/* no op */
return;
};
- int get_rule_type(qpol_policy_t *p) {
+ %rename(get_rule_type) wrap_get_rule_type;
+ int wrap_get_rule_type(qpol_policy_t *p) {
uint32_t rt;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_rule_type(p, self, &rt)) {
@@ -2799,7 +3049,8 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
fail:
return rt;
};
- const qpol_type_set_t *get_source_type_set(qpol_policy_t *p) {
+ %rename(get_source_type_set) wrap_get_source_type_set;
+ const qpol_type_set_t *wrap_get_source_type_set(qpol_policy_t *p) {
const qpol_type_set_t *ts;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_source_type_set(p, self, &ts)) {
@@ -2809,7 +3060,8 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
fail:
return ts;
};
- const qpol_type_set_t *get_target_type_set(qpol_policy_t *p) {
+ %rename(get_target_type_set) wrap_get_target_type_set;
+ const qpol_type_set_t *wrap_get_target_type_set(qpol_policy_t *p) {
const qpol_type_set_t *ts;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_target_type_set(p, self, &ts)) {
@@ -2820,7 +3072,8 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
return ts;
};
%newobject get_class_iter(qpol_policy_t*);
- qpol_iterator_t *get_class_iter(qpol_policy_t *p) {
+ %rename(get_class_iter) wrap_get_class_iter;
+ qpol_iterator_t *wrap_get_class_iter(qpol_policy_t *p) {
qpol_iterator_t *iter;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_class_iter(p, self, &iter)) {
@@ -2830,7 +3083,8 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
fail:
return iter;
};
- const qpol_type_t *get_default_type(qpol_policy_t *p) {
+ %rename(get_default_type) wrap_get_default_type;
+ const qpol_type_t *wrap_get_default_type(qpol_policy_t *p) {
const qpol_type_t *t;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_default_type(p, self, &t)) {
@@ -2840,7 +3094,8 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
fail:
return t;
};
- long get_lineno(qpol_policy_t *p) {
+ %rename(get_lineno) wrap_get_lineno;
+ long wrap_get_lineno(qpol_policy_t *p) {
unsigned long l;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_lineno(p, self, &l)) {
@@ -2850,7 +3105,8 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
fail:
return (long)l;
};
- const qpol_cond_t *get_cond(qpol_policy_t *p) {
+ %rename(get_cond) wrap_get_cond;
+ const qpol_cond_t *wrap_get_cond(qpol_policy_t *p) {
const qpol_cond_t *c;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_cond(p, self, &c)) {
@@ -2860,7 +3116,8 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
fail:
return c;
};
- int get_is_enabled(qpol_policy_t *p) {
+ %rename(get_is_enabled) wrap_get_is_enabled;
+ int wrap_get_is_enabled(qpol_policy_t *p) {
uint32_t e;
BEGIN_EXCEPTION
if (qpol_syn_terule_get_is_enabled(p, self, &e)) {
@@ -2876,4 +3133,317 @@ typedef struct qpol_syn_terule {} qpol_syn_terule_t;
return (qpol_syn_terule_t*)x;
};
%}
+
+/* qpol filename trans */
+typedef struct qpol_filename_trans {} qpol_filename_trans_t;
+%extend qpol_filename_trans_t {
+ qpol_filename_trans() {
+ BEGIN_EXCEPTION
+ SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_filename_trans_t objects");
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ ~qpol_filename_trans() {
+ /* no op */
+ return;
+ };
+ %rename(get_source_type) wrap_get_source_type;
+ const qpol_type_t *wrap_get_source_type (qpol_policy_t *p) {
+ const qpol_type_t *t;
+ BEGIN_EXCEPTION
+ if (qpol_filename_trans_get_source_type(p, self, &t)) {
+ SWIG_exception(SWIG_ValueError, "Could not get source for filename transition rule");
+ }
+ END_EXCEPTION
+ fail:
+ return t;
+ };
+ %rename(get_target_type) wrap_get_target_type;
+ const qpol_type_t *wrap_get_target_type (qpol_policy_t *p) {
+ const qpol_type_t *t;
+ BEGIN_EXCEPTION
+ if (qpol_filename_trans_get_target_type(p, self, &t)) {
+ SWIG_exception(SWIG_ValueError, "Could not get target for filename transition rule"); }
+ END_EXCEPTION
+ fail:
+ return t;
+ };
+ %rename(get_object_class) wrap_get_object_class;
+ const qpol_class_t *wrap_get_object_class(qpol_policy_t *p) {
+ const qpol_class_t *cls;
+ BEGIN_EXCEPTION
+ if (qpol_filename_trans_get_object_class(p, self, &cls)) {
+ SWIG_exception(SWIG_ValueError, "Could not get class for filename transition rule"); }
+ END_EXCEPTION
+ fail:
+ return cls;
+ };
+ %rename(get_default_type) wrap_get_default_type;
+ const qpol_type_t *wrap_get_default_type(qpol_policy_t *p) {
+ const qpol_type_t *t;
+ BEGIN_EXCEPTION
+ if (qpol_filename_trans_get_default_type(p, self, &t)) {
+ SWIG_exception(SWIG_ValueError, "Could not get default for filename transition rule");
+ }
+ END_EXCEPTION
+ fail:
+ return t;
+ };
+ %rename(get_filename) wrap_get_filename;
+ const char *wrap_get_filename(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_filename_trans_get_filename(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get file for filename transition rule");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+
+};
+%inline %{
+ qpol_filename_trans_t *qpol_filename_trans_from_void(void *x) {
+ return (qpol_filename_trans_t*)x;
+ };
+%}
+
+/* qpol polcap */
+typedef struct qpol_polcap {} qpol_polcap_t;
+%extend qpol_polcap_t {
+ qpol_polcap() {
+ BEGIN_EXCEPTION
+ SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_polcap_t objects");
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ ~qpol_polcap() {
+ /* no op */
+ return;
+ };
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_polcap_get_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get polcap name rule");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+
+};
+%inline %{
+ qpol_polcap_t *qpol_polcap_from_void(void *x) {
+ return (qpol_polcap_t*)x;
+ };
+%}
+
+/* qpol typebounds */
+typedef struct qpol_typebounds {} qpol_typebounds_t;
+%extend qpol_typebounds_t {
+ qpol_typebounds() {
+ BEGIN_EXCEPTION
+ SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_typebounds_t objects");
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ ~qpol_typebounds() {
+ /* no op */
+ return;
+ };
+ %rename(get_parent_name) wrap_get_parent_name;
+ const char *wrap_get_parent_name(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_typebounds_get_parent_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get parent name");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+ %rename(get_child_name) wrap_get_child_name;
+ const char *wrap_get_child_name(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_typebounds_get_child_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get child name");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+};
+%inline %{
+ qpol_typebounds_t *qpol_typebounds_from_void(void *x) {
+ return (qpol_typebounds_t*)x;
+ };
+%}
+
+/* qpol rolebounds */
+typedef struct qpol_rolebounds {} qpol_rolebounds_t;
+%extend qpol_rolebounds_t {
+ qpol_rolebounds() {
+ BEGIN_EXCEPTION
+ SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_rolebounds_t objects");
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ ~qpol_rolebounds() {
+ /* no op */
+ return;
+ };
+ %rename(get_parent_name) wrap_get_parent_name;
+ const char *wrap_get_parent_name(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_rolebounds_get_parent_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get parent name");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+ %rename(get_child_name) wrap_get_child_name;
+ const char *wrap_get_child_name(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_rolebounds_get_child_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get child name");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+};
+%inline %{
+ qpol_rolebounds_t *qpol_rolebounds_from_void(void *x) {
+ return (qpol_rolebounds_t*)x;
+ };
+%}
+
+/* qpol userbounds */
+typedef struct qpol_userbounds {} qpol_userbounds_t;
+%extend qpol_userbounds_t {
+ qpol_userbounds() {
+ BEGIN_EXCEPTION
+ SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_userbounds_t objects");
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ ~qpol_userbounds() {
+ /* no op */
+ return;
+ };
+ %rename(get_parent_name) wrap_get_parent_name;
+ const char *wrap_get_parent_name(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_userbounds_get_parent_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get parent name");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+ %rename(get_child_name) wrap_get_child_name;
+ const char *wrap_get_child_name(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_userbounds_get_child_name(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get child name");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+};
+%inline %{
+ qpol_userbounds_t *qpol_userbounds_from_void(void *x) {
+ return (qpol_userbounds_t*)x;
+ };
+%}
+
+/* qpol default_object */
+typedef struct qpol_default_object {} qpol_default_object_t;
+%extend qpol_default_object_t {
+ qpol_default_object() {
+ BEGIN_EXCEPTION
+ SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_default_object_t objects");
+ END_EXCEPTION
+ fail:
+ return NULL;
+ };
+ ~qpol_default_object() {
+ /* no op */
+ return;
+ };
+ %rename(get_class) wrap_get_class;
+ const char *wrap_get_class(qpol_policy_t *p) {
+ const char *name;
+ BEGIN_EXCEPTION
+ if (qpol_default_object_get_class(p, self, &name)) {
+ SWIG_exception(SWIG_ValueError, "Could not get class name");
+ }
+ END_EXCEPTION
+ fail:
+ return name;
+ };
+ %rename(get_user_default) wrap_get_user_default;
+ const char *wrap_get_user_default(qpol_policy_t *p) {
+ const char *value;
+ BEGIN_EXCEPTION
+ if (qpol_default_object_get_user_default(p, self, &value)) {
+ SWIG_exception(SWIG_ValueError, "Could not get user default");
+ }
+ END_EXCEPTION
+ fail:
+ return value;
+ };
+ %rename(get_role_default) wrap_get_role_default;
+ const char *wrap_get_role_default(qpol_policy_t *p) {
+ const char *value;
+ BEGIN_EXCEPTION
+ if (qpol_default_object_get_role_default(p, self, &value)) {
+ SWIG_exception(SWIG_ValueError, "Could not get role default");
+ }
+ END_EXCEPTION
+ fail:
+ return value;
+ };
+ %rename(get_type_default) wrap_get_type_default;
+ const char *wrap_get_type_default(qpol_policy_t *p) {
+ const char *value;
+ BEGIN_EXCEPTION
+ if (qpol_default_object_get_type_default(p, self, &value)) {
+ SWIG_exception(SWIG_ValueError, "Could not get type default");
+ }
+ END_EXCEPTION
+ fail:
+ return value;
+ };
+ %rename(get_range_default) wrap_get_range_default;
+ const char *wrap_get_range_default(qpol_policy_t *p) {
+ const char *value;
+ BEGIN_EXCEPTION
+ if (qpol_default_object_get_range_default(p, self, &value)) {
+ SWIG_exception(SWIG_ValueError, "Could not get range defaults");
+ }
+ END_EXCEPTION
+ fail:
+ return value;
+ };
+};
+%inline %{
+ qpol_default_object_t *qpol_default_object_from_void(void *x) {
+ return (qpol_default_object_t*)x;
+ };
+%}
// vim:ft=c noexpandtab
diff --git a/libseaudit/swig/seaudit.i b/libseaudit/swig/seaudit.i
index 8c96d89..3bd5fe4 100644
--- a/libseaudit/swig/seaudit.i
+++ b/libseaudit/swig/seaudit.i
@@ -252,7 +252,7 @@ typedef struct tm {
int tm_isdst; /* daylight saving time */
} tm_t;
%extend tm_t {
- tm_t() {
+ tm() {
struct tm *t;
BEGIN_EXCEPTION
t = calloc(1, sizeof(struct tm));
@@ -263,7 +263,7 @@ typedef struct tm {
fail:
return t;
};
- ~tm_t() {
+ ~tm() {
free(self);
}
/* use default accessor style for the rest */
@@ -280,7 +280,7 @@ typedef enum seaudit_log_type
} seaudit_log_type_e;
typedef struct seaudit_log {} seaudit_log_t;
%extend seaudit_log_t {
- seaudit_log_t() {
+ seaudit_log() {
seaudit_log_t *slog;
BEGIN_EXCEPTION
slog = seaudit_log_create(seaudit_swig_message_callback, seaudit_swig_message_callback_arg);
@@ -291,14 +291,16 @@ typedef struct seaudit_log {} seaudit_log_t;
fail:
return slog;
};
- ~seaudit_log_t() {
+ ~seaudit_log() {
seaudit_log_destroy(&self);
};
- void clear () {
+ %rename(clear) wrap_clear;
+ void wrap_clear () {
seaudit_log_clear(self);
};
%newobject get_users();
- apol_string_vector_t *get_users() {
+ %rename(get_users) wrap_get_users;
+ apol_string_vector_t *wrap_get_users() {
apol_vector_t *v;
BEGIN_EXCEPTION
v = seaudit_log_get_users(self);
@@ -310,7 +312,8 @@ typedef struct seaudit_log {} seaudit_log_t;
return (apol_string_vector_t*)v;
};
%newobject get_roles();
- apol_string_vector_t *get_roles() {
+ %rename(get_roles) wrap_get_roles;
+ apol_string_vector_t *wrap_get_roles() {
apol_vector_t *v;
BEGIN_EXCEPTION
v = seaudit_log_get_roles(self);
@@ -322,7 +325,8 @@ typedef struct seaudit_log {} seaudit_log_t;
return (apol_string_vector_t*)v;
};
%newobject get_types();
- apol_string_vector_t *get_types() {
+ %rename(get_types) wrap_get_types;
+ apol_string_vector_t *wrap_get_types() {
apol_vector_t *v;
BEGIN_EXCEPTION
v = seaudit_log_get_types(self);
@@ -334,7 +338,8 @@ typedef struct seaudit_log {} seaudit_log_t;
return (apol_string_vector_t*)v;
};
%newobject get_classes();
- apol_string_vector_t *get_classes() {
+ %rename(get_classes) wrap_get_classes;
+ apol_string_vector_t *wrap_get_classes() {
apol_vector_t *v;
BEGIN_EXCEPTION
v = seaudit_log_get_classes(self);
@@ -357,14 +362,14 @@ typedef enum seaudit_message_type
} seaudit_message_type_e;
typedef struct seaudit_message {} seaudit_message_t;
%extend seaudit_message_t {
- seaudit_message_t() {
+ seaudit_message() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Canot directly create seaudit_message_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~seaudit_message_t() {
+ ~seaudit_message() {
/* no op */
return;
};
@@ -373,18 +378,22 @@ typedef struct seaudit_message {} seaudit_message_t;
(void)seaudit_message_get_data(self, &te);
return te;
};
- void *get_data() {
+ %rename(get_data) wrap_get_data;
+ void *wrap_get_data() {
seaudit_message_type_e te;
return seaudit_message_get_data(self, &te);
};
- const char *get_host() {
+ %rename(get_host) wrap_get_host;
+ const char *wrap_get_host() {
return seaudit_message_get_host(self);
};
- const tm_t *get_time() {
+ %rename(get_time) wrap_get_time;
+ const tm_t *wrap_get_time() {
return seaudit_message_get_time(self);
}
%newobject to_string();
- char *to_string() {
+ %rename(to_string) wrap_to_string;
+ char *wrap_to_string() {
char *str;
BEGIN_EXCEPTION
str = seaudit_message_to_string(self);
@@ -396,7 +405,8 @@ typedef struct seaudit_message {} seaudit_message_t;
return str;
};
%newobject to_string_html();
- char *to_string_html() {
+ %rename(to_string_html) wrap_to_string_html;
+ char *wrap_to_string_html() {
char *str;
BEGIN_EXCEPTION
str = seaudit_message_to_string_html(self);
@@ -408,7 +418,8 @@ typedef struct seaudit_message {} seaudit_message_t;
return str;
};
%newobject to_misc_string();
- char *to_misc_string() {
+ %rename(to_misc_string) wrap_to_misc_string;
+ char *wrap_to_misc_string() {
char *str;
BEGIN_EXCEPTION
str = seaudit_message_to_misc_string(self);
@@ -429,14 +440,14 @@ typedef struct seaudit_message {} seaudit_message_t;
/* seaudit load message */
typedef struct seaudit_load_message {} seaudit_load_message_t;
%extend seaudit_load_message_t {
- seaudit_load_message_t() {
+ seaudit_load_message() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create seaudit_load_message_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~seaudit_load_message_t() {
+ ~seaudit_load_message() {
/* no op */
return;
};
@@ -450,14 +461,14 @@ typedef struct seaudit_load_message {} seaudit_load_message_t;
/* seaudit bool message */
typedef struct seaudit_bool_message {} seaudit_bool_message_t;
%extend seaudit_bool_message_t {
- seaudit_bool_message_t(void *msg) {
+ seaudit_bool_message(void *msg) {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create seaudit_bool_message_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~seaudit_bool_message_t() {
+ ~seaudit_bool_message() {
/* no op */
return;
};
@@ -477,102 +488,131 @@ typedef enum seaudit_avc_message_type
} seaudit_avc_message_type_e;
typedef struct seaudit_avc_message {} seaudit_avc_message_t;
%extend seaudit_avc_message_t {
- seaudit_avc_message_t() {
+ seaudit_avc_message() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create seaudit_avc_message_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~seaudit_avc_message_t() {
+ ~seaudit_avc_message() {
/* no op */
return;
};
- seaudit_avc_message_type_e get_message_type() {
+ %rename(get_message_type) wrap_get_message_type;
+ seaudit_avc_message_type_e wrap_get_message_type() {
return seaudit_avc_message_get_message_type(self);
};
- long get_timestamp_nano() {
+ %rename(get_timestamp_nano) wrap_get_timestamp_nano;
+ long wrap_get_timestamp_nano() {
return seaudit_avc_message_get_timestamp_nano(self);
};
- const char *get_source_user() {
+ %rename(get_source_user) wrap_get_source_user;
+ const char *wrap_get_source_user() {
return seaudit_avc_message_get_source_user(self);
};
- const char *get_source_role() {
+ %rename(get_source_role) wrap_get_source_role;
+ const char *wrap_get_source_role() {
return seaudit_avc_message_get_source_role(self);
};
- const char *get_source_type() {
+ %rename(get_source_type) wrap_get_source_type;
+ const char *wrap_get_source_type() {
return seaudit_avc_message_get_source_type(self);
};
- const char *get_target_user() {
+ %rename(get_target_user) wrap_get_target_user;
+ const char *wrap_get_target_user() {
return seaudit_avc_message_get_target_user(self);
};
- const char *get_target_role() {
+ %rename(get_target_role) wrap_get_target_role;
+ const char *wrap_get_target_role() {
return seaudit_avc_message_get_target_role(self);
};
- const char *get_target_type() {
+ %rename(get_target_type) wrap_get_target_type;
+ const char *wrap_get_target_type() {
return seaudit_avc_message_get_target_type(self);
};
- const char *get_object_class() {
+ %rename(get_object_class) wrap_get_object_class;
+ const char *wrap_get_object_class() {
return seaudit_avc_message_get_object_class(self);
};
- const apol_string_vector_t *get_perm() {
+ %rename(get_perm) wrap_get_perm;
+ const apol_string_vector_t *wrap_get_perm() {
return (apol_string_vector_t*)seaudit_avc_message_get_perm(self);
};
- const char *get_exe() {
+ %rename(get_exe) wrap_get_exe;
+ const char *wrap_get_exe() {
return seaudit_avc_message_get_exe(self);
};
- const char *get_comm() {
+ %rename(get_comm) wrap_get_comm;
+ const char *wrap_get_comm() {
return seaudit_avc_message_get_comm(self);
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return seaudit_avc_message_get_name(self);
};
- int get_pid() {
+ %rename(get_pid) wrap_get_pid;
+ int wrap_get_pid() {
return (int)seaudit_avc_message_get_pid(self);
};
- long get_inode() {
+ %rename(get_inode) wrap_get_inode;
+ long wrap_get_inode() {
return (long)seaudit_avc_message_get_inode(self);
};
- const char *get_path() {
+ %rename(get_path) wrap_get_path;
+ const char *wrap_get_path() {
return seaudit_avc_message_get_path(self);
};
- const char *get_dev() {
+ %rename(get_dev) wrap_get_dev;
+ const char *wrap_get_dev() {
return seaudit_avc_message_get_dev(self);
};
- const char *get_netif() {
+ %rename(get_netif) wrap_get_netif;
+ const char *wrap_get_netif() {
return seaudit_avc_message_get_netif(self);
};
- int get_port() {
+ %rename(get_port) wrap_get_port;
+ int wrap_get_port() {
return seaudit_avc_message_get_port(self);
};
- const char *get_laddr() {
+ %rename(get_laddr) wrap_get_laddr;
+ const char *wrap_get_laddr() {
return seaudit_avc_message_get_laddr(self);
};
- int get_lport() {
+ %rename(get_lport) wrap_get_lport;
+ int wrap_get_lport() {
return seaudit_avc_message_get_lport(self);
};
- const char *get_faddr() {
+ %rename(get_faddr) wrap_get_faddr;
+ const char *wrap_get_faddr() {
return seaudit_avc_message_get_faddr(self);
};
- int get_fport() {
+ %rename(get_fport) wrap_get_fport;
+ int wrap_get_fport() {
return seaudit_avc_message_get_fport(self);
};
- const char *get_saddr() {
+ %rename(get_saddr) wrap_get_saddr;
+ const char *wrap_get_saddr() {
return seaudit_avc_message_get_saddr(self);
};
- int get_sport() {
+ %rename(get_sport) wrap_get_sport;
+ int wrap_get_sport() {
return seaudit_avc_message_get_sport(self);
};
- const char *get_daddr() {
+ %rename(get_daddr) wrap_get_daddr;
+ const char *wrap_get_daddr() {
return seaudit_avc_message_get_daddr(self);
};
- int get_dport() {
+ %rename(get_dport) wrap_get_dport;
+ int wrap_get_dport() {
return seaudit_avc_message_get_dport(self);
};
- int get_key() {
+ %rename(get_key) wrap_get_key;
+ int wrap_get_key() {
return seaudit_avc_message_get_key(self);
};
- int get_cap() {
+ %rename(get_cap) wrap_get_cap;
+ int wrap_get_cap() {
return seaudit_avc_message_get_cap(self);
};
};
@@ -608,7 +648,7 @@ typedef enum seaudit_filter_date_match
} seaudit_filter_date_match_e;
typedef struct seaudit_filter {} seaudit_filter_t;
%extend seaudit_filter_t {
- seaudit_filter_t(char *name = NULL) {
+ seaudit_filter(char *name = NULL) {
seaudit_filter_t *sf = NULL;
BEGIN_EXCEPTION
sf = seaudit_filter_create(name);
@@ -619,7 +659,7 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return sf;
};
- seaudit_filter_t(seaudit_filter_t *in) {
+ seaudit_filter(seaudit_filter_t *in) {
seaudit_filter_t *sf = NULL;
BEGIN_EXCEPTION
sf = seaudit_filter_create_from_filter(in);
@@ -630,7 +670,7 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return sf;
};
- ~seaudit_filter_t() {
+ ~seaudit_filter() {
seaudit_filter_destroy(&self);
};
void save(char *path) {
@@ -642,7 +682,8 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- void set_match(seaudit_filter_match_e match) {
+ %rename(set_match) wrap_set_match;
+ void wrap_set_match(seaudit_filter_match_e match) {
BEGIN_EXCEPTION
if (seaudit_filter_set_match(self, match)) {
SWIG_exception(SWIG_RuntimeError, "Could not set filter matching method");
@@ -651,10 +692,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
}
- seaudit_filter_match_e get_match() {
+ %rename(get_match) wrap_get_match;
+ seaudit_filter_match_e wrap_get_match() {
return seaudit_filter_get_match(self);
};
- void set_name(char *name) {
+ %rename(set_name) wrap_set_name;
+ void wrap_set_name(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_name(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set filter name");
@@ -663,10 +706,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return seaudit_filter_get_name(self);
};
- void set_description(char *description) {
+ %rename(set_description) wrap_set_description;
+ void wrap_set_description(char *description) {
BEGIN_EXCEPTION
if (seaudit_filter_set_description(self, description)) {
SWIG_exception(SWIG_RuntimeError, "Could not set filter description");
@@ -675,16 +720,20 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_description() {
+ %rename(get_description) wrap_get_description;
+ const char *wrap_get_description() {
return seaudit_filter_get_description(self);
};
- void set_strict(bool is_strict) {
+ %rename(set_strict) wrap_set_strict;
+ void wrap_set_strict(bool is_strict) {
seaudit_filter_set_strict(self, is_strict);
};
- bool get_strict() {
+ %rename(get_strict) wrap_get_strict;
+ bool wrap_get_strict() {
return seaudit_filter_get_strict(self);
};
- void set_source_user(apol_string_vector_t *v) {
+ %rename(set_source_user) wrap_set_source_user;
+ void wrap_set_source_user(apol_string_vector_t *v) {
BEGIN_EXCEPTION
if (seaudit_filter_set_source_user(self, (apol_vector_t*)v)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source user list for filter");
@@ -693,10 +742,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const apol_string_vector_t *get_source_user() {
+ %rename(get_source_user) wrap_get_source_user;
+ const apol_string_vector_t *wrap_get_source_user() {
return (apol_string_vector_t*)seaudit_filter_get_source_user(self);
};
- void set_source_role(apol_string_vector_t *v) {
+ %rename(set_source_role) wrap_set_source_role;
+ void wrap_set_source_role(apol_string_vector_t *v) {
BEGIN_EXCEPTION
if (seaudit_filter_set_source_role(self, (apol_vector_t*)v)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source role list for filter");
@@ -705,10 +756,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const apol_string_vector_t *get_source_role() {
+ %rename(get_source_role) wrap_get_source_role;
+ const apol_string_vector_t *wrap_get_source_role() {
return (apol_string_vector_t*)seaudit_filter_get_source_role(self);
};
- void set_source_type(apol_string_vector_t *v) {
+ %rename(set_source_type) wrap_set_source_type;
+ void wrap_set_source_type(apol_string_vector_t *v) {
BEGIN_EXCEPTION
if (seaudit_filter_set_source_type(self, (apol_vector_t*)v)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source type list for filter");
@@ -717,10 +770,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const apol_string_vector_t *get_source_type() {
+ %rename(get_source_type) wrap_get_source_type;
+ const apol_string_vector_t *wrap_get_source_type() {
return (apol_string_vector_t*)seaudit_filter_get_source_type(self);
};
- void set_target_user(apol_string_vector_t *v) {
+ %rename(set_target_user) wrap_set_target_user;
+ void wrap_set_target_user(apol_string_vector_t *v) {
BEGIN_EXCEPTION
if (seaudit_filter_set_target_user(self, (apol_vector_t*)v)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target user list for filter");
@@ -729,10 +784,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const apol_string_vector_t *get_target_user() {
+ %rename(get_target_user) wrap_get_target_user;
+ const apol_string_vector_t *wrap_get_target_user() {
return (apol_string_vector_t*)seaudit_filter_get_target_user(self);
};
- void set_target_role(apol_string_vector_t *v) {
+ %rename(set_target_role) wrap_set_target_role;
+ void wrap_set_target_role(apol_string_vector_t *v) {
BEGIN_EXCEPTION
if (seaudit_filter_set_target_role(self, (apol_vector_t*)v)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target role list for filter");
@@ -741,10 +798,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const apol_string_vector_t *get_target_role() {
+ %rename(get_target_role) wrap_get_target_role;
+ const apol_string_vector_t *wrap_get_target_role() {
return (apol_string_vector_t*)seaudit_filter_get_target_role(self);
};
- void set_target_type(apol_string_vector_t *v) {
+ %rename(set_target_type) wrap_set_target_type;
+ void wrap_set_target_type(apol_string_vector_t *v) {
BEGIN_EXCEPTION
if (seaudit_filter_set_target_type(self, (apol_vector_t*)v)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target type list for filter");
@@ -753,10 +812,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const apol_string_vector_t *get_target_type() {
+ %rename(get_target_type) wrap_get_target_type;
+ const apol_string_vector_t *wrap_get_target_type() {
return (apol_string_vector_t*)seaudit_filter_get_target_type(self);
};
- void set_target_class(apol_string_vector_t *v) {
+ %rename(set_target_class) wrap_set_target_class;
+ void wrap_set_target_class(apol_string_vector_t *v) {
BEGIN_EXCEPTION
if (seaudit_filter_set_target_class(self, (apol_vector_t*)v)) {
SWIG_exception(SWIG_RuntimeError, "Could not set target class list for filter");
@@ -765,10 +826,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const apol_string_vector_t *get_target_class() {
+ %rename(get_target_class) wrap_get_target_class;
+ const apol_string_vector_t *wrap_get_target_class() {
return (apol_string_vector_t*)seaudit_filter_get_target_class(self);
};
- void set_permission(char *name) {
+ %rename(set_permission) wrap_set_permission;
+ void wrap_set_permission(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_permission(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set permission for filter");
@@ -777,10 +840,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_permission() {
+ %rename(get_permission) wrap_get_permission;
+ const char *wrap_get_permission() {
return seaudit_filter_get_permission(self);
};
- void set_executable(char *name) {
+ %rename(set_executable) wrap_set_executable;
+ void wrap_set_executable(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_executable(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set executable for filter");
@@ -789,10 +854,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_executable() {
+ %rename(get_executable) wrap_get_executable;
+ const char *wrap_get_executable() {
return seaudit_filter_get_executable(self);
};
- void set_host(char *name) {
+ %rename(set_host) wrap_set_host;
+ void wrap_set_host(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_host(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set host for filter");
@@ -801,10 +868,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_host() {
+ %rename(get_host) wrap_get_host;
+ const char *wrap_get_host() {
return seaudit_filter_get_host(self);
};
- void set_path(char *path) {
+ %rename(set_path) wrap_set_path;
+ void wrap_set_path(char *path) {
BEGIN_EXCEPTION
if (seaudit_filter_set_path(self, path)) {
SWIG_exception(SWIG_RuntimeError, "Could not set path for filter");
@@ -813,10 +882,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_path() {
+ %rename(get_path) wrap_get_path;
+ const char *wrap_get_path() {
return seaudit_filter_get_path(self);
};
- void set_command(char *name) {
+ %rename(set_command) wrap_set_command;
+ void wrap_set_command(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_command(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set command for filter");
@@ -825,22 +896,28 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- void set_inode(long inode) {
+ %rename(set_inode) wrap_set_inode;
+ void wrap_set_inode(long inode) {
seaudit_filter_set_inode(self, (long) inode);
};
- long get_inode() {
+ %rename(get_inode) wrap_get_inode;
+ long wrap_get_inode() {
return (long) seaudit_filter_get_inode(self);
};
- void set_pid(long pid) {
+ %rename(set_pid) wrap_set_pid;
+ void wrap_set_pid(long pid) {
seaudit_filter_set_pid(self, (unsigned int) pid);
};
- long get_pid() {
+ %rename(get_pid) wrap_get_pid;
+ long wrap_get_pid() {
return (long) seaudit_filter_get_pid(self);
};
- const char *get_command() {
+ %rename(get_command) wrap_get_command;
+ const char *wrap_get_command() {
return seaudit_filter_get_command(self);
};
- void set_anyaddr(char *name) {
+ %rename(set_anyaddr) wrap_set_anyaddr;
+ void wrap_set_anyaddr(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_anyaddr(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set ip address for filter");
@@ -849,16 +926,20 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_anyaddr() {
+ %rename(get_anyaddr) wrap_get_anyaddr;
+ const char *wrap_get_anyaddr() {
return seaudit_filter_get_anyaddr(self);
};
- void set_anyport(int port) {
+ %rename(set_anyport) wrap_set_anyport;
+ void wrap_set_anyport(int port) {
seaudit_filter_set_anyport(self, port);
};
- int get_anyport() {
+ %rename(get_anyport) wrap_get_anyport;
+ int wrap_get_anyport() {
return seaudit_filter_get_anyport(self);
};
- void set_laddr(char *name) {
+ %rename(set_laddr) wrap_set_laddr;
+ void wrap_set_laddr(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_laddr(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set local address for filter");
@@ -867,16 +948,20 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_laddr() {
+ %rename(get_laddr) wrap_get_laddr;
+ const char *wrap_get_laddr() {
return seaudit_filter_get_laddr(self);
};
- void set_lport(int port) {
+ %rename(set_lport) wrap_set_lport;
+ void wrap_set_lport(int port) {
seaudit_filter_set_lport(self, port);
};
- int get_lport() {
+ %rename(get_lport) wrap_get_lport;
+ int wrap_get_lport() {
return seaudit_filter_get_lport(self);
};
- void set_faddr(char *name) {
+ %rename(set_faddr) wrap_set_faddr;
+ void wrap_set_faddr(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_faddr(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set foreign address for filter");
@@ -885,16 +970,20 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_faddr() {
+ %rename(get_faddr) wrap_get_faddr;
+ const char *wrap_get_faddr() {
return seaudit_filter_get_faddr(self);
};
- void set_fport(int port) {
+ %rename(set_fport) wrap_set_fport;
+ void wrap_set_fport(int port) {
seaudit_filter_set_fport(self, port);
};
- int get_fport() {
+ %rename(get_fport) wrap_get_fport;
+ int wrap_get_fport() {
return seaudit_filter_get_fport(self);
};
- void set_saddr(char *name) {
+ %rename(set_saddr) wrap_set_saddr;
+ void wrap_set_saddr(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_saddr(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set source address for filter");
@@ -903,16 +992,20 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_saddr() {
+ %rename(get_saddr) wrap_get_saddr;
+ const char *wrap_get_saddr() {
return seaudit_filter_get_saddr(self);
};
- void set_sport(int port) {
+ %rename(set_sport) wrap_set_sport;
+ void wrap_set_sport(int port) {
seaudit_filter_set_sport(self, port);
};
- int get_sport() {
+ %rename(get_sport) wrap_get_sport;
+ int wrap_get_sport() {
return seaudit_filter_get_sport(self);
};
- void set_daddr(char *name) {
+ %rename(set_daddr) wrap_set_daddr;
+ void wrap_set_daddr(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_daddr(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set destination address for filter");
@@ -921,22 +1014,28 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_daddr() {
+ %rename(get_daddr) wrap_get_daddr;
+ const char *wrap_get_daddr() {
return seaudit_filter_get_daddr(self);
};
- void set_dport(int port) {
+ %rename(set_dport) wrap_set_dport;
+ void wrap_set_dport(int port) {
seaudit_filter_set_dport(self, port);
};
- int get_dport() {
+ %rename(get_dport) wrap_get_dport;
+ int wrap_get_dport() {
return seaudit_filter_get_dport(self);
};
- void set_port(int port) {
+ %rename(set_port) wrap_set_port;
+ void wrap_set_port(int port) {
seaudit_filter_set_port(self, port);
};
- int get_port() {
+ %rename(get_port) wrap_get_port;
+ int wrap_get_port() {
return seaudit_filter_get_port(self);
};
- void set_netif(char *name) {
+ %rename(set_netif) wrap_set_netif;
+ void wrap_set_netif(char *name) {
BEGIN_EXCEPTION
if (seaudit_filter_set_netif(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set network interface for filter");
@@ -945,22 +1044,28 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- const char *get_netif() {
+ %rename(get_netif) wrap_get_netif;
+ const char *wrap_get_netif() {
return seaudit_filter_get_netif(self);
};
- void set_key(int key) {
+ %rename(set_key) wrap_set_key;
+ void wrap_set_key(int key) {
seaudit_filter_set_key(self, key);
};
- int get_key() {
+ %rename(get_key) wrap_get_key;
+ int wrap_get_key() {
return seaudit_filter_get_key(self);
};
- void set_cap(int cap) {
+ %rename(set_cap) wrap_set_cap;
+ void wrap_set_cap(int cap) {
seaudit_filter_set_cap(self, cap);
};
- int get_cap() {
+ %rename(get_cap) wrap_get_cap;
+ int wrap_get_cap() {
return seaudit_filter_get_cap(self);
};
- void set_message_type(seaudit_avc_message_type_e mtype) {
+ %rename(set_message_type) wrap_set_message_type;
+ void wrap_set_message_type(seaudit_avc_message_type_e mtype) {
BEGIN_EXCEPTION
if (seaudit_filter_set_message_type(self, mtype)) {
SWIG_exception(SWIG_RuntimeError, "Could not set message type for filter");
@@ -969,10 +1074,12 @@ typedef struct seaudit_filter {} seaudit_filter_t;
fail:
return;
};
- seaudit_message_type_e get_message_type() {
+ %rename(get_message_type) wrap_get_message_type;
+ seaudit_message_type_e wrap_get_message_type() {
return seaudit_filter_get_message_type(self);
};
- void set_date(struct tm *start, struct tm *end, seaudit_filter_date_match_e match) {
+ %rename(set_date) wrap_set_date;
+ void wrap_set_date(struct tm *start, struct tm *end, seaudit_filter_date_match_e match) {
BEGIN_EXCEPTION
if (seaudit_filter_set_date(self, start, end, match)) {
SWIG_exception(SWIG_RuntimeError, "Could not set date for filter");
@@ -1014,14 +1121,14 @@ apol_vector_t *seaudit_filter_create_from_file(const char *filename);
/* seaudit sort */
typedef struct seaudit_sort {} seaudit_sort_t;
%extend seaudit_sort_t {
- seaudit_sort_t() {
+ seaudit_sort() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create seaudit_sort_t objects");
END_EXCEPTION
fail:
return NULL;
};
- seaudit_sort_t(seaudit_sort_t *in) {
+ seaudit_sort(seaudit_sort_t *in) {
seaudit_sort_t *ss = NULL;
BEGIN_EXCEPTION
ss = seaudit_sort_create_from_sort(in);
@@ -1032,7 +1139,7 @@ typedef struct seaudit_sort {} seaudit_sort_t;
fail:
return ss;
};
- ~seaudit_sort_t() {
+ ~seaudit_sort() {
seaudit_sort_destroy(&self);
};
};
@@ -1113,7 +1220,7 @@ extern seaudit_sort_t *seaudit_sort_by_cap(const int direction);
#endif
typedef struct seaudit_model {} seaudit_model_t;
%extend seaudit_model_t {
- seaudit_model_t(char *name = NULL, seaudit_log_t *slog = NULL) {
+ seaudit_model(char *name = NULL, seaudit_log_t *slog = NULL) {
seaudit_model_t *smod;
BEGIN_EXCEPTION
smod = seaudit_model_create(name, slog);
@@ -1124,7 +1231,7 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return smod;
};
- seaudit_model_t(seaudit_model_t *in) {
+ seaudit_model(seaudit_model_t *in) {
seaudit_model_t *smod;
BEGIN_EXCEPTION
smod = seaudit_model_create_from_model(in);
@@ -1135,7 +1242,7 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return smod;
};
- seaudit_model_t(char *path) {
+ seaudit_model(char *path) {
seaudit_model_t *smod;
BEGIN_EXCEPTION
smod = seaudit_model_create_from_file(path);
@@ -1146,7 +1253,7 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return smod;
}
- ~seaudit_model_t() {
+ ~seaudit_model() {
seaudit_model_destroy(&self);
};
void save(char *path) {
@@ -1158,10 +1265,12 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
}
- const char *get_name() {
+ %rename(get_name) wrap_get_name;
+ const char *wrap_get_name() {
return seaudit_model_get_name(self);
};
- void set_name(char *name) {
+ %rename(set_name) wrap_set_name;
+ void wrap_set_name(char *name) {
BEGIN_EXCEPTION
if (seaudit_model_set_name(self, name)) {
SWIG_exception(SWIG_RuntimeError, "Could not set model name");
@@ -1170,7 +1279,8 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- void append_log(seaudit_log_t *slog) {
+ %rename(append_log) wrap_append_log;
+ void wrap_append_log(seaudit_log_t *slog) {
BEGIN_EXCEPTION
if (seaudit_model_append_log(self, slog)) {
SWIG_exception(SWIG_RuntimeError, "Could not append log to model");
@@ -1179,7 +1289,8 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- void append_filter(seaudit_filter_t *filter) {
+ %rename(append_filter) wrap_append_filter;
+ void wrap_append_filter(seaudit_filter_t *filter) {
BEGIN_EXCEPTION
#ifdef SWIGJAVA /* duplicate so the garbage collector does not double free */
seaudit_filter_t *tmp = seaudit_filter_create_from_filter(filter);
@@ -1196,11 +1307,13 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- const apol_vector_t *get_filters() {
+ %rename(get_filters) wrap_get_filters;
+ const apol_vector_t *wrap_get_filters() {
return seaudit_model_get_filters(self);
};
%delobject remove_filter();
- void remove_filter(seaudit_filter_t *filter) {
+ %rename(remove_filter) wrap_remove_filter;
+ void wrap_remove_filter(seaudit_filter_t *filter) {
BEGIN_EXCEPTION
if (seaudit_model_remove_filter(self, filter)) {
SWIG_exception(SWIG_ValueError, "Could not remove filter");
@@ -1209,7 +1322,8 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- void set_filter_match(seaudit_filter_match_e match) {
+ %rename(set_filter_match) wrap_set_filter_match;
+ void wrap_set_filter_match(seaudit_filter_match_e match) {
BEGIN_EXCEPTION
if (seaudit_model_set_filter_match(self, match)) {
SWIG_exception(SWIG_RuntimeError, "Could not set filter matching method for model");
@@ -1218,10 +1332,12 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- seaudit_filter_match_e get_filter_match() {
+ %rename(get_filter_match) wrap_get_filter_match;
+ seaudit_filter_match_e wrap_get_filter_match() {
return seaudit_model_get_filter_match(self);
};
- void set_filter_visible(seaudit_filter_visible_e vis) {
+ %rename(set_filter_visible) wrap_set_filter_visible;
+ void wrap_set_filter_visible(seaudit_filter_visible_e vis) {
BEGIN_EXCEPTION
if (seaudit_model_set_filter_visible(self, vis)) {
SWIG_exception(SWIG_RuntimeError, "Could not set filter visibility for model");
@@ -1230,10 +1346,12 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- seaudit_filter_visible_e get_filter_visible() {
+ %rename(get_filter_visible) wrap_get_filter_visible;
+ seaudit_filter_visible_e wrap_get_filter_visible() {
return seaudit_model_get_filter_visible(self);
};
- void append_sort(seaudit_sort_t *ssort) {
+ %rename(append_sort) wrap_append_sort;
+ void wrap_append_sort(seaudit_sort_t *ssort) {
BEGIN_EXCEPTION
#ifdef SWIGJAVA
seaudit_sort_t *tmp = seaudit_sort_create_from_sort(ssort);
@@ -1250,7 +1368,8 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- void clear_sorts() {
+ %rename(clear_sorts) wrap_clear_sorts;
+ void wrap_clear_sorts() {
BEGIN_EXCEPTION
if (seaudit_model_clear_sorts(self)) {
SWIG_exception(SWIG_RuntimeError, "Could not clear model sorting criteria");
@@ -1259,11 +1378,13 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return;
};
- int is_changed() {
+ %rename(is_changed) wrap_is_changed;
+ int wrap_is_changed() {
return seaudit_model_is_changed(self);
};
%newobject get_messages(seaudit_log_t*);
- apol_vector_t *get_messages(seaudit_log_t *slog) {
+ %rename(get_messages) wrap_get_messages;
+ apol_vector_t *wrap_get_messages(seaudit_log_t *slog) {
apol_vector_t *v = NULL;
BEGIN_EXCEPTION
v = seaudit_model_get_messages(slog, self);
@@ -1275,7 +1396,8 @@ typedef struct seaudit_model {} seaudit_model_t;
return v;
};
%newobject get_malformed_messages(seaudit_log_t*);
- apol_vector_t *get_malformed_messages(seaudit_log_t *slog) {
+ %rename(get_malformed_messages) wrap_get_malformed_messages;
+ apol_vector_t *wrap_get_malformed_messages(seaudit_log_t *slog) {
apol_vector_t *v = NULL;
BEGIN_EXCEPTION
v = seaudit_model_get_malformed_messages(slog, self);
@@ -1286,19 +1408,24 @@ typedef struct seaudit_model {} seaudit_model_t;
fail:
return v;
};
- void hide_message(seaudit_message_t *message) {
+ %rename(hide_message) wrap_hide_message;
+ void wrap_hide_message(seaudit_message_t *message) {
seaudit_model_hide_message(self, message);
};
- size_t get_num_allows(seaudit_log_t *slog) {
+ %rename(get_num_allows) wrap_get_num_allows;
+ size_t wrap_get_num_allows(seaudit_log_t *slog) {
return seaudit_model_get_num_allows(slog, self);
};
- size_t get_num_denies(seaudit_log_t *slog) {
+ %rename(get_num_denies) wrap_get_num_denies;
+ size_t wrap_get_num_denies(seaudit_log_t *slog) {
return seaudit_model_get_num_denies(slog, self);
};
- size_t get_num_bools(seaudit_log_t *slog) {
+ %rename(get_num_bools) wrap_get_num_bools;
+ size_t wrap_get_num_bools(seaudit_log_t *slog) {
return seaudit_model_get_num_bools(slog, self);
};
- size_t get_num_loads(seaudit_log_t *slog) {
+ %rename(get_num_loads) wrap_get_num_loads;
+ size_t wrap_get_num_loads(seaudit_log_t *slog) {
return seaudit_model_get_num_loads(slog, self);
};
};
@@ -1311,7 +1438,7 @@ typedef enum seaudit_report_format
} seaudit_report_format_e;
typedef struct seaudit_report {} seaudit_report_t;
%extend seaudit_report_t {
- seaudit_report_t(seaudit_model_t *m) {
+ seaudit_report(seaudit_model_t *m) {
seaudit_report_t *sr;
BEGIN_EXCEPTION
sr = seaudit_report_create(m);
@@ -1322,10 +1449,11 @@ typedef struct seaudit_report {} seaudit_report_t;
fail:
return sr;
};
- ~seaudit_report_t() {
+ ~seaudit_report() {
seaudit_report_destroy(&self);
};
- void write(seaudit_log_t *slog, char *path) {
+ %rename(write) wrap_write;
+ void wrap_write(seaudit_log_t *slog, char *path) {
BEGIN_EXCEPTION
if (seaudit_report_write(slog, self, path)) {
SWIG_exception(SWIG_RuntimeError, "Could not write report to file");
@@ -1334,7 +1462,8 @@ typedef struct seaudit_report {} seaudit_report_t;
fail:
return;
};
- void set_format(seaudit_log_t *slog, seaudit_report_format_e format) {
+ %rename(set_format) wrap_set_format;
+ void wrap_set_format(seaudit_log_t *slog, seaudit_report_format_e format) {
BEGIN_EXCEPTION
if (seaudit_report_set_format(slog, self, format)) {
SWIG_exception(SWIG_RuntimeError, "Could not set report format");
@@ -1343,7 +1472,8 @@ typedef struct seaudit_report {} seaudit_report_t;
fail:
return;
};
- void set_configuration(seaudit_log_t *slog, char *path) {
+ %rename(set_configuration) wrap_set_configuration;
+ void wrap_set_configuration(seaudit_log_t *slog, char *path) {
BEGIN_EXCEPTION
if (seaudit_report_set_configuration(slog, self, path)) {
SWIG_exception(SWIG_RuntimeError, "Could not set report configuration file");
@@ -1352,7 +1482,8 @@ typedef struct seaudit_report {} seaudit_report_t;
fail:
return;
};
- void set_stylesheet(seaudit_log_t *slog, char *path, int use_stylesheet) {
+ %rename(set_stylesheet) wrap_set_stylesheet;
+ void wrap_set_stylesheet(seaudit_log_t *slog, char *path, int use_stylesheet) {
BEGIN_EXCEPTION
if (seaudit_report_set_stylesheet(slog, self, path, use_stylesheet)) {
SWIG_exception(SWIG_RuntimeError, "Could not set report stylesheet");
@@ -1361,7 +1492,8 @@ typedef struct seaudit_report {} seaudit_report_t;
fail:
return;
};
- void set_malformed(seaudit_log_t *slog, int do_malformed) {
+ %rename(set_malformed) wrap_set_malformed;
+ void wrap_set_malformed(seaudit_log_t *slog, int do_malformed) {
BEGIN_EXCEPTION
if (seaudit_report_set_malformed(slog, self, do_malformed)) {
SWIG_exception(SWIG_RuntimeError, "Could not set report malformed flag");
diff --git a/libsefs/src/db.cc b/libsefs/src/db.cc
index 88ad588..191d796 100644
--- a/libsefs/src/db.cc
+++ b/libsefs/src/db.cc
@@ -479,8 +479,13 @@ int db_create_from_filesystem(sefs_fclist * fclist __attribute__ ((unused)), con
struct stat64 sb;
if (stat64(path, &sb) == -1)
{
- SEFS_ERR(dbc->_db, "%s", strerror(errno));
- throw std::bad_alloc();
+ /* If sym link broken/file not found, then ignore as this will allow
+ the index to be built. Useful when investigating broken systems.
+ Also see new_ftw.c comment regarding "lstat calls go through the
+ wrapper function" to stop index hanging on broken files. */
+ link_target[127] = '\0';
+ sb.st_mode = 0;
+ SEFS_WARN(dbc->_db, "Could not stat file: %s - ignoring", path);
}
if (S_ISLNK(sb.st_mode))
{
diff --git a/libsefs/src/new_ftw.c b/libsefs/src/new_ftw.c
index 5ebaf29..10eb78f 100644
--- a/libsefs/src/new_ftw.c
+++ b/libsefs/src/new_ftw.c
@@ -131,7 +131,11 @@ extern char *xgetcwd(void);
/* Arrange to make lstat calls go through the wrapper function
on systems with an lstat function that does not dereference symlinks
that are specified with a trailing slash. */
-#if ! _LIBC && ! LSTAT_FOLLOWS_SLASHED_SYMLINK
+/* If this is used on Linux (Fedora) when a sym link or file is broken,
+ the file context function will hang forever:
+ #if ! _LIBC && ! LSTAT_FOLLOWS_SLASHED_SYMLINK
+ Therefore changed to this so uses Linux lstat function. */
+#if _LIBC && ! LSTAT_FOLLOWS_SLASHED_SYMLINK
int rpl_lstat(const char *, struct stat *);
# undef lstat
# define lstat(Name, Stat_buf) rpl_lstat(Name, Stat_buf)
diff --git a/secmds/replcon.cc b/secmds/replcon.cc
index 34f7c1a..307c39f 100644
--- a/secmds/replcon.cc
+++ b/secmds/replcon.cc
@@ -60,7 +60,7 @@ static struct option const longopts[] = {
{NULL, 0, NULL, 0}
};
-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
/**
* As that setools must work with older libselinux versions that may
diff --git a/sediff/progress.c b/sediff/progress.c
index efaa120..09730dc 100644
--- a/sediff/progress.c
+++ b/sediff/progress.c
@@ -99,7 +99,7 @@ void progress_hide(progress_t * progress)
int progress_wait(progress_t * progress)
{
- GTimeVal wait_time = { 0, 50000 };
+ gint64 wait_time;
g_mutex_lock(progress->mutex);
while (!progress->done) {
if (progress->s != NULL) {
@@ -111,7 +111,8 @@ int progress_wait(progress_t * progress)
// still be loading, and this dialog should not block
// until the entire source has been read
gtk_main_iteration_do(FALSE);
- g_cond_timed_wait(progress->cond, progress->mutex, &wait_time);
+ wait_time = g_get_monotonic_time () + 50000;
+ g_cond_wait_until(progress->cond, progress->mutex, wait_time);
}
g_mutex_unlock(progress->mutex);
if (progress->done < 0) {
Reference in New Issue View Git Blame Copy Permalink