malhuda/KernelSU
1
0
Fork 0
mirror of https://github.com/tiann/KernelSU.git synced 2025-02-20 11:43:32 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

compile success for libsepl in kernel

Browse Source
This commit is contained in:
weishu 2022-12-21 19:17:36 +07:00
parent 06d0430e52
commit 5180e4add4
361 changed files with 157714 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
kernel/Makefile
View File

@ -5,6 +5,7 @@ obj-y += module_api.o
obj-y += sucompat.o
obj-y += selinux/
obj-y += libsepol/
EXPECTED_SIZE := 0x033b
EXPECTED_HASH := 0xb0b91415

BIN
kernel/libsepol/.DS_Store vendored Normal file
View File

Binary file not shown.

7
kernel/libsepol/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
utils/chkcon
utils/sepol_check_access
utils/sepol_compute_av
utils/sepol_compute_member
utils/sepol_compute_relabel
utils/sepol_validate_transition
libsepol.map

504
kernel/libsepol/COPYING Normal file
View File

@ -0,0 +1,504 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Libraries
If you develop a new library, and you want it to be of the greatest
possible use to the public, we recommend making it free software that
everyone can redistribute and change. You can do so by permitting
redistribution under these terms (or, alternatively, under the terms of the
ordinary General Public License).
To apply these terms, attach the following notices to the library. It is
safest to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
<one line to give the library's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Also add information on how to contact you by electronic and paper mail.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the library, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the
library `Frob' (a library for tweaking knobs) written by James Random Hacker.
<signature of Ty Coon>, 1 April 1990
Ty Coon, President of Vice
That's all there is to it!

48
kernel/libsepol/Makefile Normal file
View File

@ -0,0 +1,48 @@
obj-y += src/assertion.o
obj-y += src/avrule_block.o
obj-y += src/avtab.o
obj-y += src/boolean_record.o
obj-y += src/booleans.o
obj-y += src/conditional.o
obj-y += src/constraint.o
obj-y += src/context.o
obj-y += src/context_record.o
obj-y += src/debug.o
obj-y += src/ebitmap.o
obj-y += src/expand.o
obj-y += src/handle.o
obj-y += src/hashtab.o
obj-y += src/hierarchy.o
# obj-y += src/ibendport_record.o
# obj-y += src/ibendports.o
# obj-y += src/ibpkey_record.o
# obj-y += src/ibpkeys.o
# obj-y += src/iface_record.o
# obj-y += src/interfaces.o
# obj-y += src/kernel_to_cil.o
# obj-y += src/kernel_to_common.o
# obj-y += src/kernel_to_conf.o
obj-y += src/link.o
obj-y += src/mls.o
obj-y += src/module.o
# obj-y += src/module_to_cil.o
obj-y += src/node_record.o
obj-y += src/nodes.o
obj-y += src/optimize.o
obj-y += src/polcaps.o
obj-y += src/policydb.o
obj-y += src/policydb_convert.o
obj-y += src/policydb_public.o
obj-y += src/policydb_validate.o
obj-y += src/port_record.o
obj-y += src/ports.o
obj-y += src/services.o
obj-y += src/sidtab.o
obj-y += src/symtab.o
obj-y += src/user_record.o
obj-y += src/users.o
obj-y += src/util.o
obj-y += src/write.o
obj-y += src/inet_ntop.o
ccflags-y += -I $(srctree)/$(src)/include

1
kernel/libsepol/VERSION Normal file
View File

@ -0,0 +1 @@
3.4

BIN
kernel/libsepol/cil/.DS_Store vendored Normal file
View File

Binary file not shown.

14
kernel/libsepol/cil/.gitignore vendored Normal file
View File

@ -0,0 +1,14 @@
*.swp
*.gcda
*.gcno
*.o
*.a
src/cil_lexer.c
unit_tests
cov
secilc
docs/pdf/
docs/html/
docs/man8/
policy.*
file_contexts

86
kernel/libsepol/cil/include/cil/cil.h Normal file
View File

@ -0,0 +1,86 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_H_
#define CIL_H_
#include <sepol/policydb/policydb.h>
#ifdef __cplusplus
extern "C" {
#endif
struct cil_db;
typedef struct cil_db cil_db_t;
extern void cil_db_init(cil_db_t **db);
extern void cil_db_destroy(cil_db_t **db);
extern int cil_add_file(cil_db_t *db, const char *name, const char *data, size_t size);
extern int cil_compile(cil_db_t *db);
extern int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db);
extern int cil_userprefixes_to_string(cil_db_t *db, char **out, size_t *size);
extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size);
extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size);
extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit);
extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls);
extern void cil_set_qualified_names(struct cil_db *db, int qualified_names);
extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow);
extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables);
extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown);
extern void cil_set_mls(cil_db_t *db, int mls);
extern void cil_set_attrs_expand_generated(struct cil_db *db, int attrs_expand_generated);
extern void cil_set_attrs_expand_size(struct cil_db *db, unsigned attrs_expand_size);
extern void cil_set_target_platform(cil_db_t *db, int target_platform);
extern void cil_set_policy_version(cil_db_t *db, int policy_version);
extern void cil_write_policy_conf(FILE *out, struct cil_db *db);
extern int cil_write_parse_ast(FILE *out, cil_db_t *db);
extern int cil_write_build_ast(FILE *out, cil_db_t *db);
extern int cil_write_resolve_ast(FILE *out, cil_db_t *db);
enum cil_log_level {
CIL_ERR = 1,
CIL_WARN,
CIL_INFO
};
extern void cil_set_log_level(enum cil_log_level lvl);
extern void cil_set_log_handler(void (*handler)(int lvl, const char *msg));
#ifdef __GNUC__
__attribute__ ((format(printf, 2, 3)))
#endif
extern void cil_log(enum cil_log_level lvl, const char *msg, ...);
extern void cil_set_malloc_error_handler(void (*handler)(void));
#ifdef __cplusplus
}
#endif
#endif

2906
kernel/libsepol/cil/src/cil.c Normal file
View File

File diff suppressed because it is too large Load Diff

5217
kernel/libsepol/cil/src/cil_binary.c Normal file
View File

File diff suppressed because it is too large Load Diff

477
kernel/libsepol/cil/src/cil_binary.h Normal file
View File

@ -0,0 +1,477 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef _CIL_BINARY_H_
#define _CIL_BINARY_H_
#include <sepol/policydb/policydb.h>
#include "cil_internal.h"
#include "cil_tree.h"
#include "cil_list.h"
/**
* Create a binary policydb from the cil db.
*
* @param[in] db The cil database.
* @param[in] pdb The policy database.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_binary_create(const struct cil_db *db, sepol_policydb_t **pdb);
/**
* Create a pre allocated binary policydb from the cil db.
*
* It is assumed that pdb has been allocated and initialized so that fields such
* as policy type and version are set appropriately. It is recommended that
* instead of calling this, one instead calls cil_binary_create, which will
* properly allocate and initialize the pdb and then calls this function. This
* function is used to maintain binary backwards compatibility.
*
* @param[in] db The cil database.
* @param[in] pdb The policy database.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *pdb);
/**
* Insert cil common structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the common into.
* @param[in] datum The cil_common datum.
* @param[out] common_out The sepol common to send back.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_common_to_policydb(policydb_t *pdb, struct cil_class *cil_common, common_datum_t **common_out);
/**
* Insert cil class structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the class into.
* @param[in] datum The cil_class datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_class_to_policydb(policydb_t *pdb, struct cil_class *cil_class);
/**
* Insert cil role structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the role into.
* @param[in] datum The cil_role datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_role_to_policydb(policydb_t *pdb, struct cil_role *cil_role);
/**
* Insert cil roletype structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the roletype into.
* @param[in] db The cil database
* @param[in] datum The cil_roletype datum.
*
* @return SEPOL_OK upon success or SEPOL_ERR otherwise.
*/
int cil_roletype_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_role *role);
/**
* Insert cil type structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the type into.
* @param[in] datum The cil_type datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_type_to_policydb(policydb_t *pdb, struct cil_type *cil_type, void *type_value_to_cil[]);
/**
* Insert cil typealias structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the typealias into.
* @param[in] datum The cil_typealias datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias);
/**
* Insert cil typepermissive structure into sepol policydb.
* The function looks up the previously inserted type and flips the bit
* in the permssive types bitmap that corresponds to that type's value.
*
* @param[in] pdb The policy database to insert the typepermissive into.
* @param[in] datum The cil_typepermissive datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_typepermissive_to_policydb(policydb_t *pdb, struct cil_typepermissive *cil_typeperm);
/**
* Insert cil attribute structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the attribute into.
* @param[in] datum The cil_attribute datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil_attr, void *type_value_to_cil[]);
/**
* Insert cil attribute structure into sepol type->attribute bitmap.
* The function calls helper functions to loop over the attributes lists
* of types and negative types. If either of the lists contain an attribute,
* the helper functions will recurse into the attribute and record the
* attribute's types and negative types. There is no minimum depth.
*
* @param[in] pdb The policy database that contains the type->attribute bitmap.
* @param[in] db The cil database
* @param[in] node The tree node that contains the cil_attribute.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *cdb, struct cil_typeattribute *cil_attr);
/**
* Insert cil policycap structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the policycap into.
* @param[in] node The tree node that contains the cil_policycap.
*
* @return SEPOL_OK upon success or SEPOL_ERR upon error.
*/
int cil_policycap_to_policydb(policydb_t *pdb, struct cil_policycap *cil_polcap);
/**
* Insert cil user structure into sepol policydb.
*
* @param[in] pdb THe policy database to insert the user into.
* @param[in] node The tree node that contains the cil_user.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_user_to_policydb(policydb_t *pdb, struct cil_user *cil_user);
/**
* Insert cil userrole structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the userrole into.
* @param[in] db The cil database
* @param[in] datum The cil_user
*
* @return SEPOL_OK upon success or SEPOL_ERR otherwise.
*/
int cil_userrole_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_user *user);
/**
* Insert cil bool structure into sepol policydb.
*
* @param[in] pdb THe policy database to insert the bool into.
* @param[in] datum The cil_bool datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_bool_to_policydb(policydb_t *pdb, struct cil_bool *cil_bool);
/**
* Insert all ordered cil category structures into sepol policydb.
*
* @param[in] pdb The policy database to insert the categories into.
* @param[in] db The cil database that contains the category order list.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_catorder_to_policydb(policydb_t *pdb, const struct cil_db *db);
/**
* Insert cil category alias structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the category alias into.
* @param[in] datum The cil_catalias datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_catalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias);
/**
* Insert the cil sensitivityorder into sepol policydb.
*
* @param[in] pdb The policy database to insert the sensitivityorder into.
* @param[in] db the cil database that contains the sensitivityorder list.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_sensitivityorder_to_policydb(policydb_t *pdb, const struct cil_db *db);
/**
* Insert cil type rule structure into sepol policydb. This includes
* typetransition, typechange, and typemember.
*
* @param[in] pdb The policy database to insert the type rule into.
* @param[in] datum The cil_type_rule datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_type_rule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_type_rule *cil_rule);
/**
* Insert cil avrule structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the avrule into.
* @param[in] datum The cil_avrule datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_avrule_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule);
/**
* Insert cil booleanif structure into sepol policydb. This populates the
* policydb conditional list. Each conditional node contains an expression
* and true/false avtab_ptr lists that point into te_cond_avtab.
*
* @param[in] pdb The policy database to insert the booleanif into.
* @param[in] node The cil_booleanif node.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_tree_node *node);
/**
* Insert cil role transition structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the role transition into.
* @param[in] datum The cil_role_trans datum.
*
* @return SEPOL_OK upon success or SEPOL_ERR upon error.
*/
int cil_roletrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roletransition *roletrans, hashtab_t role_trans_table);
/**
* Insert cil role allow structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the role allow into.
* @param[in] datum The cil_role_allow datum.
*
* @return SEPOL_OK upon success or SEPOL_ERR upon error.
*/
int cil_roleallow_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_roleallow *roleallow);
/**
* Insert cil file transition structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the file transition into.
* @param[in] datum The cil_nametypetransition datum.
*
* @return SEPOL_OK upon success or SEPOL_ERR upon error.
*/
int cil_typetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_nametypetransition *typetrans);
/**
* Insert cil constrain/mlsconstrain structure(s) into sepol policydb.
*
* @param[in] pdb The policy database to insert the (mls)constrain into.
* @param[in] datum The cil_(mls)constrain datum.
*
* @return SEPOL_OK upon success or SEPOL_ERR upon error.
*/
int cil_constrain_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_constrain *cil_constrain);
/**
* Define sepol level.
* Associates the sepol level (sensitivity) with categories.
* Looks at the cil_sens structure for a list of cil_cats to
* associate the sensitivity with.
* Sets the sepol level as defined in the sepol policy database.
*
* @param[in] pdb The policy database that holds the sepol level.
* @param[in] datum The cil_sens datum.
*
* @return SEPOL_OK upon success or SEPOL_ERR upon error.
*/
int cil_sepol_level_define(policydb_t *pdb, struct cil_sens *cil_sens);
/**
* Insert cil rangetransition structure into sepol policydb.
*
* @param[in] pdb The policy database to insert the rangetransition into.
* @param[in] datum The cil_rangetransition datum.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, struct cil_rangetransition *rangetrans);
/**
* Insert cil ibpkeycon structure into sepol policydb.
* The function is given a structure containing the sorted ibpkeycons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the ibpkeycon into.
* @param[in] node The cil_sort structure that contains the sorted ibpkeycons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_ibpkeycon_to_policydb(policydb_t *pdb, struct cil_sort *ibpkeycons);
/**
* Insert cil idbev structure into sepol policydb.
* The function is given a structure containing the sorted ibendportcons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the pkeycon into.
* @param[in] node The cil_sort structure that contains the sorted ibendportcons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_ibendportcon_to_policydb(policydb_t *pdb, struct cil_sort *pkeycons);
/**
* Insert cil portcon structure into sepol policydb.
* The function is given a structure containing the sorted portcons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the portcon into.
* @param[in] node The cil_sort structure that contains the sorted portcons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons);
/**
* Insert cil netifcon structure into sepol policydb.
* The function is given a structure containing the sorted netifcons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the netifcon into.
* @param[in] node The cil_sort structure that contains the sorted netifcons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_netifcon_to_policydb(policydb_t *pdb, struct cil_sort *netifcons);
/**
* Insert cil nodecon structure into sepol policydb.
* The function is given a structure containing the sorted nodecons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the nodecon into.
* @param[in] node The cil_sort structure that contains the sorted nodecons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_nodecon_to_policydb(policydb_t *pdb, struct cil_sort *nodecons);
/**
* Insert cil fsuse structure into sepol policydb.
* The function is given a structure containing the sorted fsuses and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the fsuse into.
* @param[in] node The cil_sort structure that contains the sorted fsuses.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_fsuse_to_policydb(policydb_t *pdb, struct cil_sort *fsuses);
/**
* Insert cil genfscon structure into sepol policydb.
* The function is given a structure containing the sorted genfscons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the genfscon into.
* @param[in] node The cil_sort structure that contains the sorted genfscons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_genfscon_to_policydb(policydb_t *pdb, struct cil_sort *genfscons);
/**
* Insert cil pirqcon structure into sepol policydb.
* The function is given a structure containing the sorted pirqcons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the pirqcon into.
* @param[in] node The cil_sort structure that contains the sorted pirqcons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_pirqcon_to_policydb(policydb_t *pdb, struct cil_sort *pirqcons);
/**
* Insert cil iomemcon structure into sepol policydb.
* The function is given a structure containing the sorted iomemcons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the iomemcon into.
* @param[in] node The cil_sort structure that contains the sorted iomemcons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_iomemcon_to_policydb(policydb_t *pdb, struct cil_sort *iomemcons);
/**
* Insert cil ioportcon structure into sepol policydb.
* The function is given a structure containing the sorted ioportcons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the ioportcon into.
* @param[in] node The cil_sort structure that contains the sorted ioportcons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_ioportcon_to_policydb(policydb_t *pdb, struct cil_sort *ioportcons);
/**
* Insert cil pcidevicecon structure into sepol policydb.
* The function is given a structure containing the sorted pcidevicecons and
* loops over this structure inserting them into the policy database.
*
* @param[in] pdb The policy database to insert the pcidevicecon into.
* @param[in] node The cil_sort structure that contains the sorted pcidevicecons.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_pcidevicecon_to_policydb(policydb_t *pdb, struct cil_sort *pcidevicecons);
/**
* Create an mls level using a cil level.
* The function is given a structure containing the a cil_level and
* outputs a created mls_level_t.
*
* @param[in] pdb The policy database to use to get sepol level from cil_level's sensitivity.
* @param[in] cil_level The cil_level that will be used to create an mls_level_t.
* @param[out] mls_level The mls_level that is created.
*
* @return SEPOL_OK upon success or an error otherwise.
*/
int cil_level_to_mls_level(policydb_t *pdb, struct cil_level *cil_level, mls_level_t *mls_level);
#endif //_CIL_BINARY_H_

6623
kernel/libsepol/cil/src/cil_build_ast.c Normal file
View File

File diff suppressed because it is too large Load Diff

239
kernel/libsepol/cil/src/cil_build_ast.h Normal file
View File

@ -0,0 +1,239 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_BUILD_AST_H_
#define CIL_BUILD_AST_H_
#include <stdint.h>
#include "cil_internal.h"
#include "cil_flavor.h"
#include "cil_tree.h"
#include "cil_list.h"
int cil_add_decl_to_symtab(struct cil_db *db, symtab_t *symtab, hashtab_key_t key, struct cil_symtab_datum *datum, struct cil_tree_node *node);
int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor);
int cil_parse_to_list(struct cil_tree_node *parse_cl_head, struct cil_list *ast_cl, enum cil_flavor flavor);
int cil_gen_block(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, uint16_t is_abstract);
void cil_destroy_block(struct cil_block *block);
int cil_gen_blockinherit(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_blockinherit(struct cil_blockinherit *inherit);
int cil_gen_blockabstract(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_blockabstract(struct cil_blockabstract *abstract);
int cil_gen_in(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_in(struct cil_in *in);
int cil_gen_class(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_class(struct cil_class *class);
int cil_gen_classorder(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_classorder(struct cil_classorder *classorder);
int cil_gen_perm(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor, unsigned int *num_perms);
void cil_destroy_perm(struct cil_perm *perm);
int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, struct cil_tree_node *ast_node, enum cil_flavor flavor, unsigned int *num_perms);
int cil_fill_perms(struct cil_tree_node *start_perm, struct cil_list **perm_strs);
int cil_fill_classperms(struct cil_tree_node *parse_current, struct cil_classperms **cp);
void cil_destroy_classperms(struct cil_classperms *cp);
void cil_fill_classperms_set(struct cil_tree_node *parse_current, struct cil_classperms_set **cp_set);
void cil_destroy_classperms_set(struct cil_classperms_set *cp_set);
int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_list **expr_list);
void cil_destroy_classperms_list(struct cil_list **cp_list);
int cil_gen_classpermission(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_classpermission(struct cil_classpermission *cp);
int cil_gen_classpermissionset(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_classpermissionset(struct cil_classpermissionset *cps);
int cil_gen_map_class(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
int cil_gen_classmapping(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_classmapping(struct cil_classmapping *mapping);
int cil_gen_common(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
int cil_gen_classcommon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_classcommon(struct cil_classcommon *clscom);
int cil_gen_sid(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_sid(struct cil_sid *sid);
int cil_gen_sidcontext(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_sidcontext(struct cil_sidcontext *sidcon);
int cil_gen_sidorder(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_sidorder(struct cil_sidorder *sidorder);
int cil_gen_user(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_user(struct cil_user *user);
int cil_gen_userattribute(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_userattribute(struct cil_userattribute *attr);
int cil_gen_userattributeset(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_userattributeset(struct cil_userattributeset *attrset);
int cil_gen_userlevel(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_userlevel(struct cil_userlevel *usrlvl);
int cil_gen_userrange(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_userrange(struct cil_userrange *userrange);
int cil_gen_userbounds(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
int cil_gen_userprefix(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_userprefix(struct cil_userprefix *userprefix);
int cil_gen_selinuxuser(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
int cil_gen_selinuxuserdefault(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_selinuxuser(struct cil_selinuxuser *selinuxuser);
int cil_gen_role(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_role(struct cil_role *role);
int cil_gen_roletype(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_roletype(struct cil_roletype *roletype);
int cil_gen_userrole(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_userrole(struct cil_userrole *userrole);
int cil_gen_roletransition(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_roletransition(struct cil_roletransition *roletrans);
int cil_gen_roleallow(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_roleallow(struct cil_roleallow *roleallow);
int cil_gen_roleattribute(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_roleattribute(struct cil_roleattribute *role);
int cil_gen_roleattributeset(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_roleattributeset(struct cil_roleattributeset *attrset);
int cil_gen_rolebounds(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
int cil_gen_avrule(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, uint32_t rule_kind);
void cil_destroy_avrule(struct cil_avrule *rule);
int cil_gen_avrulex(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, uint32_t rule_kind);
int cil_gen_permissionx(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_permissionx(struct cil_permissionx *permx);
int cil_gen_type_rule(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, uint32_t rule_kind);
void cil_destroy_type_rule(struct cil_type_rule *rule);
int cil_gen_type(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_type(struct cil_type *type);
int cil_gen_typeattribute(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_typeattribute(struct cil_typeattribute *type);
int cil_gen_bool(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, int tunableif);
void cil_destroy_bool(struct cil_bool *boolean);
int cil_gen_tunable(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_tunable(struct cil_tunable *tunable);
int cil_gen_constrain_expr(struct cil_tree_node *current, enum cil_flavor flavor, struct cil_list **stack);
int cil_gen_expr(struct cil_tree_node *current, enum cil_flavor flavor, struct cil_list **stack);
int cil_gen_boolif(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, int tunable_if);
void cil_destroy_boolif(struct cil_booleanif *bif);
int cil_gen_tunif(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_tunif(struct cil_tunableif *tif);
int cil_gen_condblock(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor);
void cil_destroy_condblock(struct cil_condblock *cb);
int cil_gen_alias(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor);
void cil_destroy_alias(struct cil_alias *alias);
int cil_gen_aliasactual(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor);
void cil_destroy_aliasactual(struct cil_aliasactual *aliasactual);
int cil_gen_typeattributeset(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_typeattributeset(struct cil_typeattributeset *attrtypes);
int cil_gen_expandtypeattribute(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_expandtypeattribute(struct cil_expandtypeattribute *expandattr);
int cil_gen_typebounds(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
int cil_gen_typepermissive(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_typepermissive(struct cil_typepermissive *typeperm);
int cil_gen_typetransition(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_name(struct cil_name *name);
void cil_destroy_typetransition(struct cil_nametypetransition *nametypetrans);
int cil_gen_rangetransition(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_rangetransition(struct cil_rangetransition *rangetrans);
int cil_gen_sensitivity(struct cil_db *idb, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_sensitivity(struct cil_sens *sens);
int cil_gen_category(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_category(struct cil_cat *cat);
int cil_set_to_list(struct cil_tree_node *parse_current, struct cil_list *ast_cl);
void cil_destroy_catset(struct cil_catset *catset);
int cil_gen_catorder(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_catorder(struct cil_catorder *catorder);
int cil_gen_sensitivityorder(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_sensitivityorder(struct cil_sensorder *sensorder);
int cil_gen_senscat(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_senscat(struct cil_senscat *senscat);
int cil_gen_level(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_level(struct cil_level *level);
int cil_fill_levelrange(struct cil_tree_node *low, struct cil_levelrange *lvlrange);
int cil_gen_levelrange(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_levelrange(struct cil_levelrange *lvlrange);
void cil_destroy_constrain_node(struct cil_tree_node *cons_node);
int cil_gen_constrain(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor);
void cil_destroy_constrain(struct cil_constrain *cons);
int cil_gen_validatetrans(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor);
void cil_destroy_validatetrans(struct cil_validatetrans *validtrans);
int cil_fill_context(struct cil_tree_node *user_node, struct cil_context *context);
int cil_gen_context(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_context(struct cil_context *context);
int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_filecon(struct cil_filecon *filecon);
int cil_gen_ibpkeycon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_ibpkeycon(struct cil_ibpkeycon *ibpkeycon);
int cil_gen_ibendportcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_ibendportcon(struct cil_ibendportcon *ibendportcon);
int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_portcon(struct cil_portcon *portcon);
int cil_gen_nodecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_nodecon(struct cil_nodecon *nodecon);
int cil_gen_genfscon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_genfscon(struct cil_genfscon *genfscon);
int cil_gen_netifcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_netifcon(struct cil_netifcon *netifcon);
int cil_gen_pirqcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_pirqcon(struct cil_pirqcon *pirqcon);
int cil_gen_iomemcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_iomemcon(struct cil_iomemcon *iomemcon);
int cil_gen_ioportcon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_ioportcon(struct cil_ioportcon *ioportcon);
int cil_gen_pcidevicecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_pcidevicecon(struct cil_pcidevicecon *pcidevicecon);
int cil_gen_devicetreecon(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_devicetreecon(struct cil_devicetreecon *devicetreecon);
int cil_gen_fsuse(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_fsuse(struct cil_fsuse *fsuse);
void cil_destroy_param(struct cil_param *param);
int cil_gen_macro(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_macro(struct cil_macro *macro);
int cil_gen_call(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_call(struct cil_call *call);
void cil_destroy_args(struct cil_args *args);
int cil_gen_optional(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_optional(struct cil_optional *optional);
int cil_gen_policycap(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_policycap(struct cil_policycap *polcap);
int cil_gen_ipaddr(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_ipaddr(struct cil_ipaddr *ipaddr);
int cil_gen_bounds(struct cil_db *db, struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor);
void cil_destroy_bounds(struct cil_bounds *bounds);
int cil_gen_default(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node, enum cil_flavor flavor);
void cil_destroy_default(struct cil_default *def);
int cil_gen_handleunknown(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_handleunknown(struct cil_handleunknown *unk);
int cil_gen_mls(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_mls(struct cil_mls *mls);
int cil_gen_defaultrange(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_defaultrange(struct cil_defaultrange *def);
int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node);
void cil_destroy_src_info(struct cil_src_info *info);
int cil_fill_cats(struct cil_tree_node *curr, struct cil_cats **cats);
void cil_destroy_cats(struct cil_cats *cats);
int cil_fill_context(struct cil_tree_node *user_node, struct cil_context *context);
int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer, int base);
int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer, int base);
int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr);
int cil_fill_level(struct cil_tree_node *sens, struct cil_level *level);
int cil_build_ast(struct cil_db *db, struct cil_tree_node *parse_tree, struct cil_tree_node *ast);
#endif /* CIL_BUILD_AST_H_ */

2144
kernel/libsepol/cil/src/cil_copy_ast.c Normal file
View File

File diff suppressed because it is too large Load Diff

120
kernel/libsepol/cil/src/cil_copy_ast.h Normal file
View File

@ -0,0 +1,120 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_COPY_H_
#define CIL_COPY_H_
#include "cil_internal.h"
#include "cil_tree.h"
#include "cil_symtab.h"
void cil_copy_list(struct cil_list *orig, struct cil_list **copy);
int cil_copy_expr(struct cil_db *db, struct cil_list *orig, struct cil_list **new);
int cil_copy_block(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_blockabstract(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_blockinherit(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_perm(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_class(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_classorder(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_classmapping(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_permset(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
void cil_copy_classperms(struct cil_classperms *orig, struct cil_classperms **new);
void cil_copy_classperms_set(struct cil_classperms_set *orig, struct cil_classperms_set **new);
void cil_copy_classperms_list(struct cil_list *orig, struct cil_list **new);
int cil_copy_classpermission(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_classpermissionset(__attribute__((unused)) struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab);
int cil_copy_common(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_classcommon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_sid(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_sidcontext(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_sidorder(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_user(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_userattribute(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_userattributeset(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_userrole(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_userlevel(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_userrange(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_userbounds(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_userprefix(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_role(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_roletype(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_rolebounds(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_roleattribute(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_roleattributeset(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_roleallow(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_type(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_typebounds(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_typepermissive(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_typeattribute(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_typeattributeset(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_typealias(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_nametypetransition(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_rangetransition(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_bool(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_avrule(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_type_rule(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_sens(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_sensalias(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_cat(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_catalias(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_catset(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_senscat(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_catorder(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_sensitivityorder(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
void cil_copy_fill_level(struct cil_db *db, struct cil_level *orig, struct cil_level **new);
int cil_copy_level(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
void cil_copy_fill_levelrange(struct cil_db *db, struct cil_levelrange *orig, struct cil_levelrange *new);
int cil_copy_levelrange(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
void cil_copy_fill_context(struct cil_db *db, struct cil_context *orig, struct cil_context *new);
int cil_copy_context(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_netifcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_genfscon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_filecon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_nodecon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_ibpkeycon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_portcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_pirqcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_iomemcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_ioportcon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_pcidevicecon(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_fsuse(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_exrp(struct cil_db *db, struct cil_list *orig, struct cil_list **new);
int cil_copy_constrain(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_validatetrans(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_call(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_optional(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
void cil_copy_fill_ipaddr(struct cil_ipaddr *orig, struct cil_ipaddr *new);
int cil_copy_ipaddr(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_boolif(struct cil_db *db, void *data, void **copy, symtab_t *symtab);
int cil_copy_ast(struct cil_db *db, struct cil_tree_node *orig, struct cil_tree_node *dest);
#endif

391
kernel/libsepol/cil/src/cil_find.c Normal file
View File

@ -0,0 +1,391 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/ebitmap.h>
#include "cil_internal.h"
#include "cil_find.h"
#include "cil_flavor.h"
#include "cil_list.h"
#include "cil_log.h"
#include "cil_symtab.h"
struct cil_args_find {
enum cil_flavor flavor;
void *target;
struct cil_list *matching;
int match_self;
};
static int cil_type_match_any(struct cil_symtab_datum *d1, struct cil_symtab_datum *d2)
{
enum cil_flavor f1 = FLAVOR(d1);
enum cil_flavor f2 = FLAVOR(d2);
if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
struct cil_type *t1 = (struct cil_type *)d1;
struct cil_type *t2 = (struct cil_type *)d2;
if (t1->value == t2->value) {
return CIL_TRUE;
}
} else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
struct cil_typeattribute *a = (struct cil_typeattribute *)d1;
struct cil_type *t = (struct cil_type *)d2;
if (ksu_ebitmap_get_bit(a->types, t->value)) {
return CIL_TRUE;
}
} else if (f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) {
struct cil_type *t = (struct cil_type *)d1;
struct cil_typeattribute *a = (struct cil_typeattribute *)d2;
if (ksu_ebitmap_get_bit(a->types, t->value)) {
return CIL_TRUE;
}
} else {
/* Both are attributes */
struct cil_typeattribute *a1 = (struct cil_typeattribute *)d1;
struct cil_typeattribute *a2 = (struct cil_typeattribute *)d2;
if (d1 == d2) {
return CIL_TRUE;
} else if (ebitmap_match_any(a1->types, a2->types)) {
return CIL_TRUE;
}
}
return CIL_FALSE;
}
static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, struct cil_symtab_datum *d2)
{
int rc = SEPOL_OK;
enum cil_flavor f1 = FLAVOR(d1);
enum cil_flavor f2 = FLAVOR(d2);
if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
struct cil_type *t1 = (struct cil_type *)d1;
struct cil_type *t2 = (struct cil_type *)d2;
if (t1->value == t2->value) {
ksu_ebitmap_set_bit(matches, t1->value, 1);
}
} else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
struct cil_typeattribute *a = (struct cil_typeattribute *)d1;
struct cil_type *t = (struct cil_type *)d2;
if (ksu_ebitmap_get_bit(a->types, t->value)) {
ksu_ebitmap_set_bit(matches, t->value, 1);
}
} else if (f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) {
struct cil_type *t = (struct cil_type *)d1;
struct cil_typeattribute *a = (struct cil_typeattribute *)d2;
if (ksu_ebitmap_get_bit(a->types, t->value)) {
ksu_ebitmap_set_bit(matches, t->value, 1);
}
} else {
/* Both are attributes */
struct cil_typeattribute *a1 = (struct cil_typeattribute *)d1;
struct cil_typeattribute *a2 = (struct cil_typeattribute *)d2;
rc = ksu_ebitmap_and(matches, a1->types, a2->types);
}
return rc;
}
/* s1 is the src type that is matched with a self
* s2, and t2 are the source and type of the other rule
*/
static int cil_self_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2)
{
int rc;
struct cil_tree_node *n1 = NODE(s1);
if (n1->flavor != CIL_TYPEATTRIBUTE) {
rc = cil_type_match_any(s1, t2);
} else {
struct cil_typeattribute *a = (struct cil_typeattribute *)s1;
ebitmap_t map;
ebitmap_init(&map);
rc = cil_type_matches(&map, s2, t2);
if (rc < 0) {
ksu_ebitmap_destroy(&map);
goto exit;
}
if (map.node == NULL) {
rc = CIL_FALSE;
goto exit;
}
rc = ebitmap_match_any(&map, a->types);
ksu_ebitmap_destroy(&map);
}
exit:
return rc;
}
static int cil_classperms_match_any(struct cil_classperms *cp1, struct cil_classperms *cp2)
{
struct cil_class *c1 = cp1->class;
struct cil_class *c2 = cp2->class;
struct cil_list_item *i1, *i2;
if (&c1->datum != &c2->datum) return CIL_FALSE;
cil_list_for_each(i1, cp1->perms) {
struct cil_perm *p1 = i1->data;
cil_list_for_each(i2, cp2->perms) {
struct cil_perm *p2 = i2->data;
if (&p1->datum == &p2->datum) return CIL_TRUE;
}
}
return CIL_FALSE;
}
static int __cil_classperms_list_match_any(struct cil_classperms *cp1, struct cil_list *cpl2)
{
int rc;
struct cil_list_item *curr;
cil_list_for_each(curr, cpl2) {
if (curr->flavor == CIL_CLASSPERMS) {
struct cil_classperms *cp = curr->data;
if (FLAVOR(cp->class) == CIL_CLASS) {
rc = cil_classperms_match_any(cp1, cp);
if (rc == CIL_TRUE) return CIL_TRUE;
} else { /* MAP */
struct cil_list_item *i = NULL;
cil_list_for_each(i, cp->perms) {
struct cil_perm *cmp = i->data;
rc = __cil_classperms_list_match_any(cp1, cmp->classperms);
if (rc == CIL_TRUE) return CIL_TRUE;
}
}
} else { /* SET */
struct cil_classperms_set *cp_set = curr->data;
struct cil_classpermission *cp = cp_set->set;
rc = __cil_classperms_list_match_any(cp1, cp->classperms);
if (rc == CIL_TRUE) return CIL_TRUE;
}
}
return CIL_FALSE;
}
static int cil_classperms_list_match_any(struct cil_list *cpl1, struct cil_list *cpl2)
{
int rc;
struct cil_list_item *curr;
cil_list_for_each(curr, cpl1) {
if (curr->flavor == CIL_CLASSPERMS) {
struct cil_classperms *cp = curr->data;
if (FLAVOR(cp->class) == CIL_CLASS) {
rc = __cil_classperms_list_match_any(cp, cpl2);
if (rc == CIL_TRUE) return CIL_TRUE;
} else { /* MAP */
struct cil_list_item *i = NULL;
cil_list_for_each(i, cp->perms) {
struct cil_perm *cmp = i->data;
rc = cil_classperms_list_match_any(cmp->classperms, cpl2);
if (rc == CIL_TRUE) return CIL_TRUE;
}
}
} else { /* SET */
struct cil_classperms_set *cp_set = curr->data;
struct cil_classpermission *cp = cp_set->set;
rc = cil_classperms_list_match_any(cp->classperms, cpl2);
if (rc == CIL_TRUE) return CIL_TRUE;
}
}
return CIL_FALSE;
}
static void __add_classes_from_classperms_list(struct cil_list *classperms, struct cil_list *class_list)
{
struct cil_list_item *curr;
cil_list_for_each(curr, classperms) {
if (curr->flavor == CIL_CLASSPERMS) {
struct cil_classperms *cp = curr->data;
if (FLAVOR(cp->class) == CIL_CLASS) {
cil_list_append(class_list, CIL_CLASS, cp->class);
} else { /* MAP */
struct cil_list_item *i = NULL;
cil_list_for_each(i, cp->perms) {
struct cil_perm *cmp = i->data;
__add_classes_from_classperms_list(cmp->classperms, class_list);
}
}
} else { /* SET */
struct cil_classperms_set *cp_set = curr->data;
struct cil_classpermission *cp = cp_set->set;
__add_classes_from_classperms_list(cp->classperms, class_list);
}
}
}
static int __add_classes_from_map_perms(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
{
struct cil_list *class_list = args;
struct cil_perm *cmp = (struct cil_perm *)d;
__add_classes_from_classperms_list(cmp->classperms, class_list);
return SEPOL_OK;
}
struct cil_list *cil_expand_class(struct cil_class *class)
{
struct cil_list *class_list;
cil_list_init(&class_list, CIL_CLASS);
if (FLAVOR(class) == CIL_CLASS) {
cil_list_append(class_list, CIL_CLASS, class);
} else { /* MAP */
cil_symtab_map(&class->perms, __add_classes_from_map_perms, class_list);
}
return class_list;
}
static int cil_permissionx_match_any(struct cil_permissionx *px1, struct cil_permissionx *px2)
{
int rc = CIL_FALSE;
struct cil_list *cl1 = NULL;
struct cil_list *cl2 = NULL;
if (px1->kind != px2->kind) goto exit;
if (!ebitmap_match_any(px1->perms, px2->perms)) goto exit;
cl1 = cil_expand_class(px1->obj);
cl2 = cil_expand_class(px2->obj);
if (!cil_list_match_any(cl1, cl2)) goto exit;
rc = CIL_TRUE;
exit:
cil_list_destroy(&cl1, CIL_FALSE);
cil_list_destroy(&cl2, CIL_FALSE);
return rc;
}
static int cil_find_matching_avrule(struct cil_tree_node *node, struct cil_avrule *avrule, struct cil_avrule *target, struct cil_list *matching, int match_self)
{
int rc = SEPOL_OK;
struct cil_symtab_datum *s1 = avrule->src;
struct cil_symtab_datum *t1 = avrule->tgt;
struct cil_symtab_datum *s2 = target->src;
struct cil_symtab_datum *t2 = target->tgt;
if (match_self != CIL_TRUE && avrule == target) goto exit;
if (avrule->rule_kind != target->rule_kind) goto exit;
if (avrule->is_extended != target->is_extended) goto exit;
if (!cil_type_match_any(s1, s2)) goto exit;
if (t1->fqn != CIL_KEY_SELF && t2->fqn != CIL_KEY_SELF) {
if (!cil_type_match_any(t1, t2)) goto exit;
} else {
if (t1->fqn == CIL_KEY_SELF && t2->fqn == CIL_KEY_SELF) {
/* The earlier check whether s1 and s2 matches is all that is needed */
} else if (t1->fqn == CIL_KEY_SELF) {
rc = cil_self_match_any(s1, s2, t2);
if (rc < 0) {
goto exit;
} else if (rc == CIL_FALSE) {
rc = SEPOL_OK;
goto exit;
}
} else if (t2->fqn == CIL_KEY_SELF) {
rc = cil_self_match_any(s2, s1, t1);
if (rc < 0) {
goto exit;
} else if (rc == CIL_FALSE) {
rc = SEPOL_OK;
goto exit;
}
}
}
if (!target->is_extended) {
if (cil_classperms_list_match_any(avrule->perms.classperms, target->perms.classperms)) {
cil_list_append(matching, CIL_NODE, node);
}
} else {
if (cil_permissionx_match_any(avrule->perms.x.permx, target->perms.x.permx)) {
cil_list_append(matching, CIL_NODE, node);
}
}
rc = SEPOL_OK;
exit:
return rc;
}
static int __cil_find_matching_avrule_in_ast(struct cil_tree_node *node, uint32_t *finished, void *extra_args)
{
int rc = SEPOL_OK;
struct cil_args_find *args = extra_args;
if (node->flavor == CIL_BLOCK) {
struct cil_block *blk = node->data;
if (blk->is_abstract == CIL_TRUE) {
*finished = CIL_TREE_SKIP_HEAD;
goto exit;
}
} else if (node->flavor == CIL_MACRO) {
*finished = CIL_TREE_SKIP_HEAD;
goto exit;
} else if (node->flavor == CIL_AVRULE || node->flavor == CIL_AVRULEX) {
if (node->flavor == args->flavor) {
rc = cil_find_matching_avrule(node, node->data, args->target, args->matching, args->match_self);
}
}
exit:
return rc;
}
int cil_find_matching_avrule_in_ast(struct cil_tree_node *current, enum cil_flavor flavor, void *target, struct cil_list *matching, int match_self)
{
int rc;
struct cil_args_find args;
args.flavor = flavor;
args.target = target;
args.matching = matching;
args.match_self = match_self;
rc = cil_tree_walk(current, __cil_find_matching_avrule_in_ast, NULL, NULL, &args);
if (rc) {
cil_log(CIL_ERR, "An error occurred while searching for avrule in AST\n");
}
return rc;
}

40
kernel/libsepol/cil/src/cil_find.h Normal file
View File

@ -0,0 +1,40 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include "cil_flavor.h"
#include "cil_tree.h"
#include "cil_list.h"
#ifndef CIL_FIND_H_
#define CIL_FIND_H_
int cil_find_matching_avrule_in_ast(struct cil_tree_node *current, enum cil_flavor flavor, void *target, struct cil_list *matching, int match_self);
struct cil_list *cil_expand_class(struct cil_class *class);
#endif

194
kernel/libsepol/cil/src/cil_flavor.h Normal file
View File

@ -0,0 +1,194 @@
/*
* Copyright 2013 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_FLAVOR_H_
#define CIL_FLAVOR_H_
/*
Tree/list node types
*/
#define CIL_MIN_OP_OPERANDS 1000
#define CIL_MIN_DECLARATIVE 2000
enum cil_flavor {
CIL_NONE = 0,
CIL_ROOT,
CIL_NODE,
CIL_STRING,
CIL_DATUM,
CIL_LIST,
CIL_LIST_ITEM,
CIL_PARAM,
CIL_ARGS,
CIL_BLOCKINHERIT,
CIL_BLOCKABSTRACT,
CIL_IN,
CIL_CALL,
CIL_BOOLEANIF,
CIL_TUNABLEIF,
CIL_CONDBLOCK,
CIL_CONDTRUE,
CIL_CONDFALSE,
CIL_CLASSORDER,
CIL_CLASSCOMMON,
CIL_CLASSMAPPING,
CIL_CLASSPERMS,
CIL_CLASSPERMS_SET,
CIL_CLASSPERMISSIONSET,
CIL_USERPREFIX,
CIL_USERROLE,
CIL_USERATTRIBUTESET,
CIL_USERLEVEL,
CIL_USERRANGE,
CIL_USERBOUNDS,
CIL_SELINUXUSER,
CIL_SELINUXUSERDEFAULT,
CIL_ROLEATTRIBUTESET,
CIL_ROLETYPE,
CIL_ROLEBOUNDS,
CIL_TYPEATTRIBUTESET,
CIL_EXPANDTYPEATTRIBUTE,
CIL_TYPEALIASACTUAL,
CIL_TYPEBOUNDS,
CIL_TYPEPERMISSIVE,
CIL_SENSALIASACTUAL,
CIL_SENSITIVITYORDER,
CIL_SENSCAT,
CIL_CATALIASACTUAL,
CIL_CATORDER,
CIL_SIDORDER,
CIL_ROLEALLOW,
CIL_AVRULE,
CIL_AVRULEX,
CIL_ROLETRANSITION,
CIL_TYPE_RULE,
CIL_NAMETYPETRANSITION,
CIL_RANGETRANSITION,
CIL_CONSTRAIN,
CIL_MLSCONSTRAIN,
CIL_VALIDATETRANS,
CIL_MLSVALIDATETRANS,
CIL_SIDCONTEXT,
CIL_FSUSE,
CIL_FILECON,
CIL_PORTCON,
CIL_NODECON,
CIL_GENFSCON,
CIL_NETIFCON,
CIL_PIRQCON,
CIL_IOMEMCON,
CIL_IOPORTCON,
CIL_PCIDEVICECON,
CIL_DEVICETREECON,
CIL_DEFAULTUSER,
CIL_DEFAULTROLE,
CIL_DEFAULTTYPE,
CIL_DEFAULTRANGE,
CIL_HANDLEUNKNOWN,
CIL_MLS,
CIL_SRC_INFO,
CIL_IBPKEYCON,
CIL_IBENDPORTCON,
/*
* boolean constraint set catset
* dom X
* domby X
* incomp X
* eq X X
* ne X X
* and X X X X
* not X X X X
* or X X X X
* xor X X X
* all X X
* range X
*/
CIL_OP = CIL_MIN_OP_OPERANDS,
CIL_ALL,
CIL_AND,
CIL_OR,
CIL_XOR,
CIL_NOT,
CIL_EQ,
CIL_NEQ,
CIL_RANGE,
CIL_CONS_DOM,
CIL_CONS_DOMBY,
CIL_CONS_INCOMP,
CIL_CONS_OPERAND,
CIL_CONS_U1,
CIL_CONS_U2,
CIL_CONS_U3,
CIL_CONS_T1,
CIL_CONS_T2,
CIL_CONS_T3,
CIL_CONS_R1,
CIL_CONS_R2,
CIL_CONS_R3,
CIL_CONS_L1,
CIL_CONS_L2,
CIL_CONS_H1,
CIL_CONS_H2,
CIL_BLOCK = CIL_MIN_DECLARATIVE,
CIL_MACRO,
CIL_OPTIONAL,
CIL_BOOL,
CIL_TUNABLE,
CIL_PERM,
CIL_MAP_PERM,
CIL_COMMON,
CIL_CLASS,
CIL_MAP_CLASS,
CIL_CLASSPERMISSION,
CIL_USER,
CIL_USERATTRIBUTE,
CIL_ROLE,
CIL_ROLEATTRIBUTE,
CIL_TYPE,
CIL_TYPEATTRIBUTE,
CIL_TYPEALIAS,
CIL_SENS,
CIL_SENSALIAS,
CIL_CAT,
CIL_CATSET,
CIL_CATALIAS,
CIL_LEVEL,
CIL_LEVELRANGE,
CIL_SID,
CIL_NAME,
CIL_CONTEXT,
CIL_IPADDR,
CIL_POLICYCAP,
CIL_PERMISSIONX
};
#endif /* CIL_FLAVOR_H_ */

143
kernel/libsepol/cil/src/cil_fqn.c Normal file
View File

@ -0,0 +1,143 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "cil_fqn.h"
#include "cil_internal.h"
#include "cil_log.h"
#include "cil_strpool.h"
#include "cil_symtab.h"
struct cil_fqn_args {
char prefix[CIL_MAX_NAME_LENGTH];
int len;
struct cil_tree_node *node;
};
static int __cil_fqn_qualify_decls(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
{
struct cil_fqn_args *fqn_args = args;
struct cil_symtab_datum *datum = (struct cil_symtab_datum *)d;
int newlen;
char prefix[CIL_MAX_NAME_LENGTH];
int rc = SEPOL_OK;
if (fqn_args->len == 0) {
goto exit;
}
newlen = fqn_args->len + strlen(datum->name);
if (newlen >= CIL_MAX_NAME_LENGTH) {
cil_log(CIL_INFO, "Fully qualified name for %s is too long\n", datum->name);
rc = SEPOL_ERR;
goto exit;
}
strcpy(prefix, fqn_args->prefix);
strcat(prefix, datum->name);
datum->fqn = cil_strpool_add(prefix);
exit:
return rc;
}
static int __cil_fqn_qualify_blocks(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
{
struct cil_fqn_args *fqn_args = args;
struct cil_fqn_args child_args;
struct cil_block *block = (struct cil_block *)d;
struct cil_symtab_datum *datum = (struct cil_symtab_datum *)block;
struct cil_tree_node *node = NODE(datum);
int i;
int rc = SEPOL_OK;
int newlen;
if (node->flavor != CIL_BLOCK) {
goto exit;
}
newlen = fqn_args->len + strlen(datum->name) + 1;
if (newlen >= CIL_MAX_NAME_LENGTH) {
cil_log(CIL_INFO, "Fully qualified name for block %s is too long\n", datum->name);
rc = SEPOL_ERR;
goto exit;
}
child_args.node = node;
child_args.len = newlen;
strcpy(child_args.prefix, fqn_args->prefix);
strcat(child_args.prefix, datum->name);
strcat(child_args.prefix, ".");
for (i=1; i<CIL_SYM_NUM; i++) {
switch (i) {
case CIL_SYM_CLASSPERMSETS:
case CIL_SYM_CONTEXTS:
case CIL_SYM_LEVELRANGES:
case CIL_SYM_IPADDRS:
case CIL_SYM_NAMES:
case CIL_SYM_PERMX:
/* These do not show up in the kernel policy */
break;
case CIL_SYM_POLICYCAPS:
/* Valid policy capability names are defined in libsepol */
break;
default:
rc = cil_symtab_map(&(block->symtab[i]), __cil_fqn_qualify_decls, &child_args);
if (rc != SEPOL_OK) {
goto exit;
}
break;
}
}
rc = cil_symtab_map(&(block->symtab[CIL_SYM_BLOCKS]), __cil_fqn_qualify_blocks, &child_args);
exit:
if (rc != SEPOL_OK) {
cil_tree_log(node, CIL_ERR,"Problem qualifying names in block");
}
return rc;
}
int cil_fqn_qualify(struct cil_tree_node *root_node)
{
struct cil_root *root = root_node->data;
struct cil_fqn_args fqn_args;
fqn_args.prefix[0] = '\0';
fqn_args.len = 0;
fqn_args.node = root_node;
return cil_symtab_map(&(root->symtab[CIL_SYM_BLOCKS]), __cil_fqn_qualify_blocks, &fqn_args);
}

38
kernel/libsepol/cil/src/cil_fqn.h Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_FQN_H_
#define CIL_FQN_H_
#include "cil_internal.h"
#include "cil_tree.h"
int cil_fqn_qualify(struct cil_tree_node *root_node);
#endif /* CIL_FQN_H_ */

1089
kernel/libsepol/cil/src/cil_internal.h Normal file
View File

File diff suppressed because it is too large Load Diff

55
kernel/libsepol/cil/src/cil_lexer.h Normal file
View File

@ -0,0 +1,55 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_LEXER_H_
#define CIL_LEXER_H_
#include <stdint.h>
#define OPAREN 1
#define CPAREN 2
#define SYMBOL 3
#define QSTRING 4
#define COMMENT 5
#define HLL_LINEMARK 6
#define NEWLINE 7
#define END_OF_FILE 8
#define UNKNOWN 9
struct token {
uint32_t type;
char * value;
uint32_t line;
};
int cil_lexer_setup(char *buffer, uint32_t size);
void cil_lexer_destroy(void);
int cil_lexer_next(struct token *tok);
#endif /* CIL_LEXER_H_ */

94
kernel/libsepol/cil/src/cil_lexer.l Normal file
View File

@ -0,0 +1,94 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
%{
#include <stdint.h>
#include <sepol/errcodes.h>
#include "cil_internal.h"
#include "cil_lexer.h"
#include "cil_log.h"
#include "cil_mem.h"
char *value = NULL;
int line = 1;
%}
%option nounput
%option noinput
%option noyywrap
%option prefix="cil_yy"
digit [0-9]
alpha [a-zA-Z]
spec_char [\[\]\.\@\=\/\*\-\_\$\%\+\-\!\|\&\^\:\~\`\#\{\}\'\<\>\?\,]
symbol ({digit}|{alpha}|{spec_char})+
white [ \t]
newline [\n\r]
qstring \"[^"\n\0]*\"
hll_lm ^;;\*
comment ;
%%
{newline} line++; return NEWLINE;
{hll_lm} value=yytext; return HLL_LINEMARK;
{comment} value=yytext; return COMMENT;
"(" value=yytext; return OPAREN;
")" value=yytext; return CPAREN;
{symbol} value=yytext; return SYMBOL;
{white} ;
{qstring} value=yytext; return QSTRING;
<<EOF>> return END_OF_FILE;
. value=yytext; return UNKNOWN;
%%
int cil_lexer_setup(char *buffer, uint32_t size)
{
size = (yy_size_t)size;
if (yy_scan_buffer(buffer, size) == NULL) {
cil_log(CIL_INFO, "Lexer failed to setup buffer\n");
return SEPOL_ERR;
}
line = 1;
return SEPOL_OK;
}
void cil_lexer_destroy(void)
{
yylex_destroy();
}
int cil_lexer_next(struct token *tok)
{
tok->type = yylex();
tok->value = value;
tok->line = line;
return SEPOL_OK;
}

278
kernel/libsepol/cil/src/cil_list.c Normal file
View File

@ -0,0 +1,278 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdlib.h>
#include <stdarg.h>
#include "cil_internal.h"
#include "cil_flavor.h"
#include "cil_log.h"
#include "cil_mem.h"
__attribute__((noreturn)) __attribute__((format (printf, 1, 2))) static void cil_list_error(const char* msg, ...)
{
va_list ap;
va_start(ap, msg);
cil_vlog(CIL_ERR, msg, ap);
va_end(ap);
exit(1);
}
void cil_list_init(struct cil_list **list, enum cil_flavor flavor)
{
struct cil_list *new_list = cil_malloc(sizeof(*new_list));
new_list->head = NULL;
new_list->tail = NULL;
new_list->flavor = flavor;
*list = new_list;
}
void cil_list_destroy(struct cil_list **list, unsigned destroy_data)
{
struct cil_list_item *item;
if (*list == NULL) {
return;
}
item = (*list)->head;
while (item != NULL)
{
struct cil_list_item *next = item->next;
if (item->flavor == CIL_LIST) {
cil_list_destroy((struct cil_list**)&(item->data), destroy_data);
free(item);
} else {
cil_list_item_destroy(&item, destroy_data);
}
item = next;
}
free(*list);
*list = NULL;
}
void cil_list_item_init(struct cil_list_item **item)
{
struct cil_list_item *new_item = cil_malloc(sizeof(*new_item));
new_item->next = NULL;
new_item->flavor = CIL_NONE;
new_item->data = NULL;
*item = new_item;
}
void cil_list_item_destroy(struct cil_list_item **item, unsigned destroy_data)
{
if (destroy_data) {
cil_destroy_data(&(*item)->data, (*item)->flavor);
}
free(*item);
*item = NULL;
}
void cil_list_append(struct cil_list *list, enum cil_flavor flavor, void *data)
{
struct cil_list_item *item;
if (list == NULL) {
cil_list_error("Attempt to append data to a NULL list");
}
cil_list_item_init(&item);
item->flavor = flavor;
item->data = data;
if (list->tail == NULL) {
list->head = item;
list->tail = item;
return;
}
list->tail->next = item;
list->tail = item;
}
void cil_list_prepend(struct cil_list *list, enum cil_flavor flavor, void *data)
{
struct cil_list_item *item;
if (list == NULL) {
cil_list_error("Attempt to prepend data to a NULL list");
}
cil_list_item_init(&item);
item->flavor = flavor;
item->data = data;
if (list->tail == NULL) {
list->head = item;
list->tail = item;
return;
}
item->next = list->head;
list->head = item;
}
struct cil_list_item *cil_list_insert(struct cil_list *list, struct cil_list_item *curr, enum cil_flavor flavor, void *data)
{
struct cil_list_item *item;
if (list == NULL) {
cil_list_error("Attempt to append data to a NULL list");
}
if (curr == NULL) {
/* Insert at the front of the list */
cil_list_prepend(list, flavor, data);
return list->head;
}
if (curr == list->tail) {
cil_list_append(list, flavor, data);
return list->tail;
}
cil_list_item_init(&item);
item->flavor = flavor;
item->data = data;
item->next = curr->next;
curr->next = item;
return item;
}
void cil_list_append_item(struct cil_list *list, struct cil_list_item *item)
{
struct cil_list_item *last = item;
if (list == NULL) {
cil_list_error("Attempt to append an item to a NULL list");
}
if (item == NULL) {
cil_list_error("Attempt to append a NULL item to a list");
}
while (last->next != NULL) {
last = last->next;
}
if (list->tail == NULL) {
list->head = item;
list->tail = last;
return;
}
list->tail->next = item;
list->tail = last;
}
void cil_list_prepend_item(struct cil_list *list, struct cil_list_item *item)
{
struct cil_list_item *last = item;
if (list == NULL) {
cil_list_error("Attempt to prepend an item to a NULL list");
}
if (item == NULL) {
cil_list_error("Attempt to prepend a NULL item to a list");
}
while (last->next != NULL) {
last = last->next;
}
if (list->tail == NULL) {
list->head = item;
list->tail = last;
return;
}
last->next = list->head;
list->head = item;
}
void cil_list_remove(struct cil_list *list, enum cil_flavor flavor, void *data, unsigned destroy_data)
{
struct cil_list_item *item;
struct cil_list_item *previous = NULL;
if (list == NULL) {
cil_list_error("Attempt to remove data from a NULL list");
}
cil_list_for_each(item, list) {
if (item->data == data && item->flavor == flavor) {
if (previous == NULL) {
list->head = item->next;
} else {
previous->next = item->next;
}
if (item->next == NULL) {
list->tail = previous;
}
cil_list_item_destroy(&item, destroy_data);
break;
}
previous = item;
}
}
int cil_list_contains(struct cil_list *list, void *data)
{
struct cil_list_item *curr = NULL;
cil_list_for_each(curr, list) {
if (curr->data == data) {
return CIL_TRUE;
}
}
return CIL_FALSE;
}
int cil_list_match_any(struct cil_list *l1, struct cil_list *l2)
{
struct cil_list_item *i1;
struct cil_list_item *i2;
cil_list_for_each(i1, l1) {
cil_list_for_each(i2, l2) {
if (i1->data == i2->data && i1->flavor == i2->flavor) {
return CIL_TRUE;
}
}
}
return CIL_FALSE;
}

64
kernel/libsepol/cil/src/cil_list.h Normal file
View File

@ -0,0 +1,64 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_LIST_H_
#define CIL_LIST_H_
#include "cil_flavor.h"
struct cil_list {
struct cil_list_item *head;
struct cil_list_item *tail;
enum cil_flavor flavor;
};
struct cil_list_item {
struct cil_list_item *next;
enum cil_flavor flavor;
void *data;
};
#define cil_list_for_each(item, list) \
for (item = (list)->head; item != NULL; item = item->next)
void cil_list_init(struct cil_list **list, enum cil_flavor flavor);
void cil_list_destroy (struct cil_list **list, unsigned destroy_data);
void cil_list_item_init(struct cil_list_item **item);
void cil_list_item_destroy(struct cil_list_item **item, unsigned destroy_data);
void cil_list_append(struct cil_list *list, enum cil_flavor flavor, void *data);
void cil_list_prepend(struct cil_list *list, enum cil_flavor flavor, void *data);
void cil_list_remove(struct cil_list *list, enum cil_flavor flavor, void *data, unsigned destroy_data);
struct cil_list_item *cil_list_insert(struct cil_list *list, struct cil_list_item *curr, enum cil_flavor flavor, void *data);
void cil_list_append_item(struct cil_list *list, struct cil_list_item *item);
void cil_list_prepend_item(struct cil_list *list, struct cil_list_item *item);
int cil_list_contains(struct cil_list *list, void *data);
int cil_list_match_any(struct cil_list *l1, struct cil_list *l2);
#endif

82
kernel/libsepol/cil/src/cil_log.c Normal file
View File

@ -0,0 +1,82 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <cil/cil.h>
#include "cil_log.h"
static enum cil_log_level cil_log_level = CIL_ERR;
static void cil_default_log_handler(__attribute__((unused)) int lvl, const char *msg)
{
fprintf(stderr, "%s", msg);
}
static void (*cil_log_handler)(int lvl, const char *msg) = &cil_default_log_handler;
void cil_set_log_handler(void (*handler)(int lvl, const char *msg))
{
cil_log_handler = handler;
}
__attribute__ ((format (printf, 2, 0))) void cil_vlog(enum cil_log_level lvl, const char *msg, va_list args)
{
if (cil_log_level >= lvl) {
char buff[MAX_LOG_SIZE];
int n = vsnprintf(buff, MAX_LOG_SIZE, msg, args);
if (n > 0) {
(*cil_log_handler)(cil_log_level, buff);
if (n >= MAX_LOG_SIZE) {
(*cil_log_handler)(cil_log_level, " <LOG MESSAGE TRUNCATED>");
}
}
}
}
__attribute__ ((format (printf, 2, 3))) void cil_log(enum cil_log_level lvl, const char *msg, ...)
{
va_list args;
va_start(args, msg);
cil_vlog(lvl, msg, args);
va_end(args);
}
void cil_set_log_level(enum cil_log_level lvl)
{
cil_log_level = lvl;
}
enum cil_log_level cil_get_log_level(void)
{
return cil_log_level;
}

43
kernel/libsepol/cil/src/cil_log.h Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_LOG_H_
#define CIL_LOG_H_
#include <stdlib.h>
#include <stdarg.h>
#include <cil/cil.h>
#define MAX_LOG_SIZE 512
__attribute__ ((format(printf, 2, 0))) void cil_vlog(enum cil_log_level lvl, const char *msg, va_list args);
__attribute__ ((format(printf, 2, 3))) void cil_log(enum cil_log_level lvl, const char *msg, ...);
enum cil_log_level cil_get_log_level(void);
#endif // CIL_LOG_H_

110
kernel/libsepol/cil/src/cil_mem.c Normal file
View File

@ -0,0 +1,110 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include "cil_log.h"
#include "cil_mem.h"
void *cil_malloc(size_t size)
{
void *mem = malloc(size);
if (mem == NULL){
if (size == 0) {
return NULL;
}
cil_log(CIL_ERR, "Failed to allocate memory\n");
exit(1);
}
return mem;
}
void *cil_calloc(size_t num_elements, size_t element_size)
{
void *mem = calloc(num_elements, element_size);
if (mem == NULL){
cil_log(CIL_ERR, "Failed to allocate memory\n");
exit(1);
}
return mem;
}
void *cil_realloc(void *ptr, size_t size)
{
void *mem = realloc(ptr, size);
if (mem == NULL){
if (size == 0) {
return NULL;
}
cil_log(CIL_ERR, "Failed to allocate memory\n");
exit(1);
}
return mem;
}
char *cil_strdup(const char *str)
{
char *mem = NULL;
if (str == NULL) {
return NULL;
}
mem = strdup(str);
if (mem == NULL) {
cil_log(CIL_ERR, "Failed to allocate memory\n");
exit(1);
}
return mem;
}
__attribute__ ((format (printf, 2, 3))) int cil_asprintf(char **strp, const char *fmt, ...)
{
int rc;
va_list ap;
va_start(ap, fmt);
rc = vasprintf(strp, fmt, ap);
va_end(ap);
if (rc == -1) {
cil_log(CIL_ERR, "Failed to allocate memory\n");
exit(1);
}
return rc;
}

41
kernel/libsepol/cil/src/cil_mem.h Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_MEM_H_
#define CIL_MEM_H_
/* Wrapped malloc that catches errors and calls the error callback */
void *cil_malloc(size_t size);
void *cil_calloc(size_t num_elements, size_t element_size);
void *cil_realloc(void *ptr, size_t size);
char *cil_strdup(const char *str);
int cil_asprintf(char **strp, const char *fmt, ...);
#endif /* CIL_MEM_H_ */

331
kernel/libsepol/cil/src/cil_parser.c Normal file
View File

@ -0,0 +1,331 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <sepol/errcodes.h>
#include "cil_internal.h"
#include "cil_log.h"
#include "cil_mem.h"
#include "cil_tree.h"
#include "cil_lexer.h"
#include "cil_parser.h"
#include "cil_strpool.h"
#include "cil_stack.h"
#define CIL_PARSER_MAX_EXPR_DEPTH (0x1 << 12)
struct hll_info {
uint32_t hll_offset;
uint32_t hll_expand;
};
static void push_hll_info(struct cil_stack *stack, uint32_t hll_offset, uint32_t hll_expand)
{
struct hll_info *new = cil_malloc(sizeof(*new));
new->hll_offset = hll_offset;
new->hll_expand = hll_expand;
cil_stack_push(stack, CIL_NONE, new);
}
static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_offset, uint32_t *hll_expand)
{
struct cil_stack_item *curr = cil_stack_pop(stack);
struct hll_info *info;
if (!curr) {
return;
}
info = curr->data;
*hll_expand = info->hll_expand;
*hll_offset = info->hll_offset;
free(curr->data);
}
static void create_node(struct cil_tree_node **node, struct cil_tree_node *current, uint32_t line, uint32_t hll_offset, void *value)
{
cil_tree_node_init(node);
(*node)->parent = current;
(*node)->flavor = CIL_NODE;
(*node)->line = line;
(*node)->hll_offset = hll_offset;
(*node)->data = value;
}
static void insert_node(struct cil_tree_node *node, struct cil_tree_node *current)
{
if (current->cl_head == NULL) {
current->cl_head = node;
} else {
current->cl_tail->next = node;
}
current->cl_tail = node;
}
static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_offset, uint32_t *hll_expand, struct cil_stack *stack, char *path)
{
char *hll_type;
struct cil_tree_node *node;
struct token tok;
uint32_t prev_hll_expand, prev_hll_offset;
cil_lexer_next(&tok);
if (tok.type != SYMBOL) {
cil_log(CIL_ERR, "Invalid line mark syntax\n");
goto exit;
}
hll_type = cil_strpool_add(tok.value);
if (hll_type != CIL_KEY_SRC_HLL_LME && hll_type != CIL_KEY_SRC_HLL_LMS && hll_type != CIL_KEY_SRC_HLL_LMX) {
cil_log(CIL_ERR, "Invalid line mark syntax\n");
goto exit;
}
if (hll_type == CIL_KEY_SRC_HLL_LME) {
if (cil_stack_is_empty(stack)) {
cil_log(CIL_ERR, "Line mark end without start\n");
goto exit;
}
prev_hll_expand = *hll_expand;
prev_hll_offset = *hll_offset;
pop_hll_info(stack, hll_offset, hll_expand);
if (!*hll_expand) {
/* This is needed if not going back to an lmx section. */
*hll_offset = prev_hll_offset;
}
if (prev_hll_expand && !*hll_expand) {
/* This is needed to count the lme at the end of an lmx section
* within an lms section (or within no hll section).
*/
(*hll_offset)++;
}
*current = (*current)->parent;
} else {
push_hll_info(stack, *hll_offset, *hll_expand);
if (cil_stack_number_of_items(stack) > CIL_PARSER_MAX_EXPR_DEPTH) {
cil_log(CIL_ERR, "Number of active line marks exceeds limit of %d\n", CIL_PARSER_MAX_EXPR_DEPTH);
goto exit;
}
create_node(&node, *current, tok.line, *hll_offset, NULL);
insert_node(node, *current);
*current = node;
create_node(&node, *current, tok.line, *hll_offset, CIL_KEY_SRC_INFO);
insert_node(node, *current);
create_node(&node, *current, tok.line, *hll_offset, hll_type);
insert_node(node, *current);
cil_lexer_next(&tok);
if (tok.type != SYMBOL) {
cil_log(CIL_ERR, "Invalid line mark syntax\n");
goto exit;
}
create_node(&node, *current, tok.line, *hll_offset, cil_strpool_add(tok.value));
insert_node(node, *current);
cil_lexer_next(&tok);
if (tok.type != SYMBOL && tok.type != QSTRING) {
cil_log(CIL_ERR, "Invalid line mark syntax\n");
goto exit;
}
if (tok.type == QSTRING) {
tok.value[strlen(tok.value) - 1] = '\0';
tok.value = tok.value+1;
}
create_node(&node, *current, tok.line, *hll_offset, cil_strpool_add(tok.value));
insert_node(node, *current);
*hll_expand = (hll_type == CIL_KEY_SRC_HLL_LMX) ? 1 : 0;
}
cil_lexer_next(&tok);
if (tok.type != NEWLINE) {
cil_log(CIL_ERR, "Invalid line mark syntax\n");
goto exit;
}
if (!*hll_expand) {
/* Need to increment because of the NEWLINE */
(*hll_offset)++;
}
return SEPOL_OK;
exit:
cil_log(CIL_ERR, "Problem with high-level line mark at line %u of %s\n", tok.line, path);
return SEPOL_ERR;
}
static void add_cil_path(struct cil_tree_node **current, char *path)
{
struct cil_tree_node *node;
create_node(&node, *current, 0, 0, NULL);
insert_node(node, *current);
*current = node;
create_node(&node, *current, 0, 0, CIL_KEY_SRC_INFO);
insert_node(node, *current);
create_node(&node, *current, 0, 0, CIL_KEY_SRC_CIL);
insert_node(node, *current);
create_node(&node, *current, 0, 0, cil_strpool_add("1"));
insert_node(node, *current);
create_node(&node, *current, 0, 0, path);
insert_node(node, *current);
}
int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree **parse_tree)
{
int paren_count = 0;
struct cil_tree *tree = NULL;
struct cil_tree_node *node = NULL;
struct cil_tree_node *current = NULL;
char *path = cil_strpool_add(_path);
struct cil_stack *stack;
uint32_t hll_offset = 1;
uint32_t hll_expand = 0;
struct token tok;
int rc = SEPOL_OK;
cil_stack_init(&stack);
cil_lexer_setup(buffer, size);
tree = *parse_tree;
current = tree->root;
add_cil_path(&current, path);
do {
cil_lexer_next(&tok);
switch (tok.type) {
case HLL_LINEMARK:
rc = add_hll_linemark(&current, &hll_offset, &hll_expand, stack, path);
if (rc != SEPOL_OK) {
goto exit;
}
break;
case OPAREN:
paren_count++;
if (paren_count > CIL_PARSER_MAX_EXPR_DEPTH) {
cil_log(CIL_ERR, "Number of open parenthesis exceeds limit of %d at line %d of %s\n", CIL_PARSER_MAX_EXPR_DEPTH, tok.line, path);
goto exit;
}
create_node(&node, current, tok.line, hll_offset, NULL);
insert_node(node, current);
current = node;
break;
case CPAREN:
paren_count--;
if (paren_count < 0) {
cil_log(CIL_ERR, "Close parenthesis without matching open at line %d of %s\n", tok.line, path);
goto exit;
}
current = current->parent;
break;
case QSTRING:
tok.value[strlen(tok.value) - 1] = '\0';
tok.value = tok.value+1;
/* FALLTHRU */
case SYMBOL:
if (paren_count == 0) {
cil_log(CIL_ERR, "Symbol not inside parenthesis at line %d of %s\n", tok.line, path);
goto exit;
}
create_node(&node, current, tok.line, hll_offset, cil_strpool_add(tok.value));
insert_node(node, current);
break;
case NEWLINE :
if (!hll_expand) {
hll_offset++;
}
break;
case COMMENT:
while (tok.type != NEWLINE && tok.type != END_OF_FILE) {
cil_lexer_next(&tok);
}
if (!hll_expand) {
hll_offset++;
}
if (tok.type != END_OF_FILE) {
break;
}
/* FALLTHRU */
// Fall through if EOF
case END_OF_FILE:
if (paren_count > 0) {
cil_log(CIL_ERR, "Open parenthesis without matching close at line %d of %s\n", tok.line, path);
goto exit;
}
if (!cil_stack_is_empty(stack)) {
cil_log(CIL_ERR, "High-level language line marker start without close at line %d of %s\n", tok.line, path);
goto exit;
}
break;
case UNKNOWN:
cil_log(CIL_ERR, "Invalid token '%s' at line %d of %s\n", tok.value, tok.line, path);
goto exit;
default:
cil_log(CIL_ERR, "Unknown token type '%d' at line %d of %s\n", tok.type, tok.line, path);
goto exit;
}
}
while (tok.type != END_OF_FILE);
cil_lexer_destroy();
cil_stack_destroy(&stack);
*parse_tree = tree;
return SEPOL_OK;
exit:
while (!cil_stack_is_empty(stack)) {
pop_hll_info(stack, &hll_offset, &hll_expand);
}
cil_lexer_destroy();
cil_stack_destroy(&stack);
return SEPOL_ERR;
}

37
kernel/libsepol/cil/src/cil_parser.h Normal file
View File

@ -0,0 +1,37 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_PARSER_H_
#define CIL_PARSER_H_
#include "cil_tree.h"
int cil_parser(const char *path, char *buffer, uint32_t size, struct cil_tree **parse_tree);
#endif /* CIL_PARSER_H_ */

1989
kernel/libsepol/cil/src/cil_policy.c Normal file
View File

File diff suppressed because it is too large Load Diff

37
kernel/libsepol/cil/src/cil_policy.h Normal file
View File

@ -0,0 +1,37 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_POLICY_H_
#define CIL_POLICY_H_
#include "cil_internal.h"
void cil_gen_policy(FILE *out, struct cil_db *db);
#endif

2575
kernel/libsepol/cil/src/cil_post.c Normal file
View File

File diff suppressed because it is too large Load Diff

46
kernel/libsepol/cil/src/cil_post.h Normal file
View File

@ -0,0 +1,46 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_POST_H_
#define CIL_POST_H_
int cil_post_filecon_compare(const void *a, const void *b);
int cil_post_ibpkeycon_compare(const void *a, const void *b);
int cil_post_portcon_compare(const void *a, const void *b);
int cil_post_ibendportcon_compare(const void *a, const void *b);
int cil_post_genfscon_compare(const void *a, const void *b);
int cil_post_netifcon_compare(const void *a, const void *b);
int cil_post_nodecon_compare(const void *a, const void *b);
int cil_post_fsuse_compare(const void *a, const void *b);
int cil_post_context_sort(struct cil_db *db);
int cil_post_process(struct cil_db *db);
#endif

660
kernel/libsepol/cil/src/cil_reset_ast.c Normal file
View File

@ -0,0 +1,660 @@
#include "cil_internal.h"
#include "cil_log.h"
#include "cil_list.h"
#include "cil_reset_ast.h"
#include "cil_symtab.h"
static inline void cil_reset_classperms_list(struct cil_list *cp_list);
static inline void cil_reset_level(struct cil_level *level);
static inline void cil_reset_levelrange(struct cil_levelrange *levelrange);
static inline void cil_reset_context(struct cil_context *context);
static int __class_reset_perm_values(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
{
struct cil_perm *perm = (struct cil_perm *)d;
perm->value -= *((int *)args);
return SEPOL_OK;
}
static void cil_reset_class(struct cil_class *class)
{
if (class->common != NULL) {
/* Must assume that the common has been destroyed */
int num_common_perms = class->num_perms - class->perms.nprim;
cil_symtab_map(&class->perms, __class_reset_perm_values, &num_common_perms);
/* during a re-resolve, we need to reset the common, so a classcommon
* statement isn't seen as a duplicate */
class->num_perms = class->perms.nprim;
class->common = NULL; /* Must make this NULL or there will be an error when re-resolving */
}
class->ordered = CIL_FALSE;
}
static void cil_reset_perm(struct cil_perm *perm)
{
cil_list_destroy(&perm->classperms, CIL_FALSE);
}
static inline void cil_reset_classperms(struct cil_classperms *cp)
{
if (cp == NULL) {
return;
}
cp->class = NULL;
cil_list_destroy(&cp->perms, CIL_FALSE);
}
static void cil_reset_classpermission(struct cil_classpermission *cp)
{
if (cp == NULL) {
return;
}
cil_list_destroy(&cp->classperms, CIL_FALSE);
}
static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)
{
if (cp_set == NULL || cp_set->set == NULL) {
return;
}
if (cp_set->set->datum.name == NULL) {
cil_reset_classperms_list(cp_set->set->classperms);
}
cp_set->set = NULL;
}
static inline void cil_reset_classperms_list(struct cil_list *cp_list)
{
struct cil_list_item *curr;
if (cp_list == NULL) {
return;
}
cil_list_for_each(curr, cp_list) {
if (curr->flavor == CIL_CLASSPERMS) { /* KERNEL or MAP */
cil_reset_classperms(curr->data);
} else if (curr->flavor == CIL_CLASSPERMS_SET) { /* SET */
cil_reset_classperms_set(curr->data);
}
}
}
static void cil_reset_classpermissionset(struct cil_classpermissionset *cps)
{
cil_reset_classperms_list(cps->classperms);
}
static void cil_reset_classmapping(struct cil_classmapping *cm)
{
cil_reset_classperms_list(cm->classperms);
}
static void cil_reset_alias(struct cil_alias *alias)
{
/* reset actual to NULL during a re-resolve */
alias->actual = NULL;
}
static void cil_reset_user(struct cil_user *user)
{
/* reset the bounds to NULL during a re-resolve */
user->bounds = NULL;
user->dftlevel = NULL;
user->range = NULL;
}
static void cil_reset_userattr(struct cil_userattribute *attr)
{
struct cil_list_item *expr = NULL;
struct cil_list_item *next = NULL;
/* during a re-resolve, we need to reset the lists of expression stacks associated with this attribute from a userattribute statement */
if (attr->expr_list != NULL) {
/* we don't want to destroy the expression stacks (cil_list) inside
* this list cil_list_destroy destroys sublists, so we need to do it
* manually */
expr = attr->expr_list->head;
while (expr != NULL) {
next = expr->next;
cil_list_item_destroy(&expr, CIL_FALSE);
expr = next;
}
free(attr->expr_list);
attr->expr_list = NULL;
}
}
static void cil_reset_userattributeset(struct cil_userattributeset *uas)
{
cil_list_destroy(&uas->datum_expr, CIL_FALSE);
}
static void cil_reset_selinuxuser(struct cil_selinuxuser *selinuxuser)
{
selinuxuser->user = NULL;
if (selinuxuser->range_str == NULL) {
cil_reset_levelrange(selinuxuser->range);
} else {
selinuxuser->range = NULL;
}
}
static void cil_reset_role(struct cil_role *role)
{
/* reset the bounds to NULL during a re-resolve */
role->bounds = NULL;
}
static void cil_reset_roleattr(struct cil_roleattribute *attr)
{
/* during a re-resolve, we need to reset the lists of expression stacks associated with this attribute from a attributeroles statement */
if (attr->expr_list != NULL) {
/* we don't want to destroy the expression stacks (cil_list) inside
* this list cil_list_destroy destroys sublists, so we need to do it
* manually */
struct cil_list_item *expr = attr->expr_list->head;
while (expr != NULL) {
struct cil_list_item *next = expr->next;
cil_list_item_destroy(&expr, CIL_FALSE);
expr = next;
}
free(attr->expr_list);
attr->expr_list = NULL;
}
}
static void cil_reset_roleattributeset(struct cil_roleattributeset *ras)
{
cil_list_destroy(&ras->datum_expr, CIL_FALSE);
}
static void cil_reset_type(struct cil_type *type)
{
/* reset the bounds to NULL during a re-resolve */
type->bounds = NULL;
}
static void cil_reset_typeattr(struct cil_typeattribute *attr)
{
/* during a re-resolve, we need to reset the lists of expression stacks associated with this attribute from a attributetypes statement */
if (attr->expr_list != NULL) {
/* we don't want to destroy the expression stacks (cil_list) inside
* this list cil_list_destroy destroys sublists, so we need to do it
* manually */
struct cil_list_item *expr = attr->expr_list->head;
while (expr != NULL) {
struct cil_list_item *next = expr->next;
cil_list_item_destroy(&expr, CIL_FALSE);
expr = next;
}
free(attr->expr_list);
attr->expr_list = NULL;
}
attr->used = CIL_FALSE;
attr->keep = CIL_FALSE;
}
static void cil_reset_typeattributeset(struct cil_typeattributeset *tas)
{
cil_list_destroy(&tas->datum_expr, CIL_FALSE);
}
static void cil_reset_expandtypeattribute(struct cil_expandtypeattribute *expandattr)
{
cil_list_destroy(&expandattr->attr_datums, CIL_FALSE);
}
static void cil_reset_avrule(struct cil_avrule *rule)
{
cil_reset_classperms_list(rule->perms.classperms);
}
static void cil_reset_rangetransition(struct cil_rangetransition *rangetrans)
{
if (rangetrans->range_str == NULL) {
cil_reset_levelrange(rangetrans->range);
} else {
rangetrans->range = NULL;
}
}
static void cil_reset_sens(struct cil_sens *sens)
{
/* during a re-resolve, we need to reset the categories associated with
* this sensitivity from a (sensitivitycategory) statement */
cil_list_destroy(&sens->cats_list, CIL_FALSE);
sens->ordered = CIL_FALSE;
}
static void cil_reset_cat(struct cil_cat *cat)
{
cat->ordered = CIL_FALSE;
}
static inline void cil_reset_cats(struct cil_cats *cats)
{
if (cats != NULL) {
cats->evaluated = CIL_FALSE;
cil_list_destroy(&cats->datum_expr, CIL_FALSE);
}
}
static void cil_reset_senscat(struct cil_senscat *senscat)
{
cil_reset_cats(senscat->cats);
}
static void cil_reset_catset(struct cil_catset *catset)
{
cil_reset_cats(catset->cats);
}
static inline void cil_reset_level(struct cil_level *level)
{
level->sens = NULL;
cil_reset_cats(level->cats);
}
static inline void cil_reset_levelrange(struct cil_levelrange *levelrange)
{
if (levelrange->low_str == NULL) {
cil_reset_level(levelrange->low);
} else {
levelrange->low = NULL;
}
if (levelrange->high_str == NULL) {
cil_reset_level(levelrange->high);
} else {
levelrange->high = NULL;
}
}
static inline void cil_reset_userlevel(struct cil_userlevel *userlevel)
{
if (userlevel->level_str == NULL) {
cil_reset_level(userlevel->level);
} else {
userlevel->level = NULL;
}
}
static inline void cil_reset_userrange(struct cil_userrange *userrange)
{
if (userrange->range_str == NULL) {
cil_reset_levelrange(userrange->range);
} else {
userrange->range = NULL;
}
}
static inline void cil_reset_context(struct cil_context *context)
{
if (!context) {
return;
}
if (context->range_str == NULL) {
cil_reset_levelrange(context->range);
} else {
context->range = NULL;
}
}
static void cil_reset_sidcontext(struct cil_sidcontext *sidcontext)
{
if (sidcontext->context_str == NULL) {
cil_reset_context(sidcontext->context);
} else {
sidcontext->context = NULL;
}
}
static void cil_reset_filecon(struct cil_filecon *filecon)
{
if (filecon->context_str == NULL) {
cil_reset_context(filecon->context);
} else {
filecon->context = NULL;
}
}
static void cil_reset_ibpkeycon(struct cil_ibpkeycon *ibpkeycon)
{
if (ibpkeycon->context_str == NULL) {
cil_reset_context(ibpkeycon->context);
} else {
ibpkeycon->context = NULL;
}
}
static void cil_reset_portcon(struct cil_portcon *portcon)
{
if (portcon->context_str == NULL) {
cil_reset_context(portcon->context);
} else {
portcon->context = NULL;
}
}
static void cil_reset_nodecon(struct cil_nodecon *nodecon)
{
if (nodecon->context_str == NULL) {
cil_reset_context(nodecon->context);
} else {
nodecon->context = NULL;
}
}
static void cil_reset_genfscon(struct cil_genfscon *genfscon)
{
if (genfscon->context_str == NULL) {
cil_reset_context(genfscon->context);
} else {
genfscon->context = NULL;
}
}
static void cil_reset_netifcon(struct cil_netifcon *netifcon)
{
if (netifcon->if_context_str == NULL) {
cil_reset_context(netifcon->if_context);
} else {
netifcon->if_context = NULL;
}
if (netifcon->packet_context_str == NULL) {
cil_reset_context(netifcon->packet_context);
} else {
netifcon->packet_context = NULL;
}
}
static void cil_reset_ibendportcon(struct cil_ibendportcon *ibendportcon)
{
if (ibendportcon->context_str == NULL) {
cil_reset_context(ibendportcon->context);
} else {
ibendportcon->context = NULL;
}
}
static void cil_reset_pirqcon(struct cil_pirqcon *pirqcon)
{
if (pirqcon->context_str == NULL) {
cil_reset_context(pirqcon->context);
} else {
pirqcon->context = NULL;
}
}
static void cil_reset_iomemcon(struct cil_iomemcon *iomemcon)
{
if (iomemcon->context_str == NULL) {
cil_reset_context(iomemcon->context);
} else {
iomemcon->context = NULL;
}
}
static void cil_reset_ioportcon(struct cil_ioportcon *ioportcon)
{
if (ioportcon->context_str == NULL) {
cil_reset_context(ioportcon->context);
} else {
ioportcon->context = NULL;
}
}
static void cil_reset_pcidevicecon(struct cil_pcidevicecon *pcidevicecon)
{
if (pcidevicecon->context_str == NULL) {
cil_reset_context(pcidevicecon->context);
} else {
pcidevicecon->context = NULL;
}
}
static void cil_reset_devicetreecon(struct cil_devicetreecon *devicetreecon)
{
if (devicetreecon->context_str == NULL) {
cil_reset_context(devicetreecon->context);
} else {
devicetreecon->context = NULL;
}
}
static void cil_reset_fsuse(struct cil_fsuse *fsuse)
{
if (fsuse->context_str == NULL) {
cil_reset_context(fsuse->context);
} else {
fsuse->context = NULL;
}
}
static void cil_reset_sid(struct cil_sid *sid)
{
/* reset the context to NULL during a re-resolve */
sid->context = NULL;
sid->ordered = CIL_FALSE;
}
static void cil_reset_constrain(struct cil_constrain *con)
{
cil_reset_classperms_list(con->classperms);
cil_list_destroy(&con->datum_expr, CIL_FALSE);
}
static void cil_reset_validatetrans(struct cil_validatetrans *vt)
{
cil_list_destroy(&vt->datum_expr, CIL_FALSE);
}
static void cil_reset_default(struct cil_default *def)
{
cil_list_destroy(&def->class_datums, CIL_FALSE);
}
static void cil_reset_defaultrange(struct cil_defaultrange *def)
{
cil_list_destroy(&def->class_datums, CIL_FALSE);
}
static void cil_reset_booleanif(struct cil_booleanif *bif)
{
cil_list_destroy(&bif->datum_expr, CIL_FALSE);
}
static int __cil_reset_node(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, __attribute__((unused)) void *extra_args)
{
switch (node->flavor) {
case CIL_CLASS:
cil_reset_class(node->data);
break;
case CIL_PERM:
case CIL_MAP_PERM:
cil_reset_perm(node->data);
break;
case CIL_CLASSPERMISSION:
cil_reset_classpermission(node->data);
break;
case CIL_CLASSPERMISSIONSET:
cil_reset_classpermissionset(node->data);
break;
case CIL_CLASSMAPPING:
cil_reset_classmapping(node->data);
break;
case CIL_TYPEALIAS:
case CIL_SENSALIAS:
case CIL_CATALIAS:
cil_reset_alias(node->data);
break;
case CIL_USERRANGE:
cil_reset_userrange(node->data);
break;
case CIL_USERLEVEL:
cil_reset_userlevel(node->data);
break;
case CIL_USER:
cil_reset_user(node->data);
break;
case CIL_USERATTRIBUTE:
cil_reset_userattr(node->data);
break;
case CIL_USERATTRIBUTESET:
cil_reset_userattributeset(node->data);
break;
case CIL_SELINUXUSERDEFAULT:
case CIL_SELINUXUSER:
cil_reset_selinuxuser(node->data);
break;
case CIL_ROLE:
cil_reset_role(node->data);
break;
case CIL_ROLEATTRIBUTE:
cil_reset_roleattr(node->data);
break;
case CIL_ROLEATTRIBUTESET:
cil_reset_roleattributeset(node->data);
break;
case CIL_TYPE:
cil_reset_type(node->data);
break;
case CIL_TYPEATTRIBUTE:
cil_reset_typeattr(node->data);
break;
case CIL_TYPEATTRIBUTESET:
cil_reset_typeattributeset(node->data);
break;
case CIL_EXPANDTYPEATTRIBUTE:
cil_reset_expandtypeattribute(node->data);
break;
case CIL_RANGETRANSITION:
cil_reset_rangetransition(node->data);
break;
case CIL_AVRULE:
cil_reset_avrule(node->data);
break;
case CIL_SENS:
cil_reset_sens(node->data);
break;
case CIL_CAT:
cil_reset_cat(node->data);
break;
case CIL_SENSCAT:
cil_reset_senscat(node->data);
break;
case CIL_CATSET:
cil_reset_catset(node->data);
break;
case CIL_LEVEL:
cil_reset_level(node->data);
break;
case CIL_LEVELRANGE:
cil_reset_levelrange(node->data);
break;
case CIL_CONTEXT:
cil_reset_context(node->data);
break;
case CIL_SIDCONTEXT:
cil_reset_sidcontext(node->data);
break;
case CIL_FILECON:
cil_reset_filecon(node->data);
break;
case CIL_IBPKEYCON:
cil_reset_ibpkeycon(node->data);
break;
case CIL_IBENDPORTCON:
cil_reset_ibendportcon(node->data);
break;
case CIL_PORTCON:
cil_reset_portcon(node->data);
break;
case CIL_NODECON:
cil_reset_nodecon(node->data);
break;
case CIL_GENFSCON:
cil_reset_genfscon(node->data);
break;
case CIL_NETIFCON:
cil_reset_netifcon(node->data);
break;
case CIL_PIRQCON:
cil_reset_pirqcon(node->data);
break;
case CIL_IOMEMCON:
cil_reset_iomemcon(node->data);
break;
case CIL_IOPORTCON:
cil_reset_ioportcon(node->data);
break;
case CIL_PCIDEVICECON:
cil_reset_pcidevicecon(node->data);
break;
case CIL_DEVICETREECON:
cil_reset_devicetreecon(node->data);
break;
case CIL_FSUSE:
cil_reset_fsuse(node->data);
break;
case CIL_SID:
cil_reset_sid(node->data);
break;
case CIL_CONSTRAIN:
case CIL_MLSCONSTRAIN:
cil_reset_constrain(node->data);
break;
case CIL_VALIDATETRANS:
case CIL_MLSVALIDATETRANS:
cil_reset_validatetrans(node->data);
break;
case CIL_DEFAULTUSER:
case CIL_DEFAULTROLE:
case CIL_DEFAULTTYPE:
cil_reset_default(node->data);
break;
case CIL_DEFAULTRANGE:
cil_reset_defaultrange(node->data);
break;
case CIL_BOOLEANIF:
cil_reset_booleanif(node->data);
break;
case CIL_TUNABLEIF:
case CIL_CALL:
break; /* Not effected by optional block disabling */
case CIL_MACRO:
case CIL_SIDORDER:
case CIL_CLASSORDER:
case CIL_CATORDER:
case CIL_SENSITIVITYORDER:
break; /* Nothing to reset */
default:
break;
}
return SEPOL_OK;
}
int cil_reset_ast(struct cil_tree_node *current)
{
int rc = SEPOL_ERR;
rc = cil_tree_walk(current, __cil_reset_node, NULL, NULL, NULL);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Failed to reset AST\n");
return SEPOL_ERR;
}
return SEPOL_OK;
}

8
kernel/libsepol/cil/src/cil_reset_ast.h Normal file
View File

@ -0,0 +1,8 @@
#ifndef CIL_RESET_AST_H_
#define CIL_RESET_AST_H_
#include "cil_tree.h"
int cil_reset_ast(struct cil_tree_node *current);
#endif /* CIL_RESET_AST_H_ */

4479
kernel/libsepol/cil/src/cil_resolve_ast.c Normal file
View File

File diff suppressed because it is too large Load Diff

104
kernel/libsepol/cil/src/cil_resolve_ast.h Normal file
View File

@ -0,0 +1,104 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_RESOLVE_AST_H_
#define CIL_RESOLVE_AST_H_
#include <stdint.h>
#include "cil_internal.h"
#include "cil_tree.h"
int cil_resolve_classorder(struct cil_tree_node *current, void *extra_args);
int cil_resolve_classperms(struct cil_tree_node *current, struct cil_classperms *cp, void *extra_args);
int cil_resolve_classpermissionset(struct cil_tree_node *current, struct cil_classpermissionset *cps, void *extra_args);
int cil_resolve_classperms_list(struct cil_tree_node *current, struct cil_list *cp_list, void *extra_args);
int cil_resolve_avrule(struct cil_tree_node *current, void *extra_args);
int cil_resolve_type_rule(struct cil_tree_node *current, void *extra_args);
int cil_resolve_typeattributeset(struct cil_tree_node *current, void *extra_args);
int cil_resolve_typealias(struct cil_tree_node *current, void *extra_args);
int cil_resolve_typebounds(struct cil_tree_node *current, void *extra_args);
int cil_resolve_typepermissive(struct cil_tree_node *current, void *extra_args);
int cil_resolve_nametypetransition(struct cil_tree_node *current, void *extra_args);
int cil_resolve_rangetransition(struct cil_tree_node *current, void *extra_args);
int cil_resolve_classcommon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_classmapping(struct cil_tree_node *current, void *extra_args);
int cil_resolve_userrole(struct cil_tree_node *current, void *extra_args);
int cil_resolve_userlevel(struct cil_tree_node *current, void *extra_args);
int cil_resolve_userrange(struct cil_tree_node *current, void *extra_args);
int cil_resolve_userbounds(struct cil_tree_node *current, void *extra_args);
int cil_resolve_userprefix(struct cil_tree_node *current, void *extra_args);
int cil_resolve_userattributeset(struct cil_tree_node *current, void *extra_args);
int cil_resolve_selinuxuser(struct cil_tree_node *current, void *extra_args);
int cil_resolve_roletype(struct cil_tree_node *current, void *extra_args);
int cil_resolve_roletransition(struct cil_tree_node *current, void *extra_args);
int cil_resolve_roleallow(struct cil_tree_node *current, void *extra_args);
int cil_resolve_roleattributeset(struct cil_tree_node *current, void *extra_args);
int cil_resolve_rolebounds(struct cil_tree_node *current, void *extra_args);
int cil_resolve_sensalias(struct cil_tree_node *current, void *extra_args);
int cil_resolve_catalias(struct cil_tree_node *current, void *extra_args);
int cil_resolve_catorder(struct cil_tree_node *current, void *extra_args);
int cil_resolve_sensitivityorder(struct cil_tree_node *current, void *extra_args);
int cil_resolve_cat_list(struct cil_tree_node *current, struct cil_list *cat_list, struct cil_list *res_cat_list, void *extra_args);
int cil_resolve_catset(struct cil_tree_node *current, struct cil_catset *catset, void *extra_args);
int cil_resolve_senscat(struct cil_tree_node *current, void *extra_args);
int cil_resolve_level(struct cil_tree_node *current, struct cil_level *level, void *extra_args);
int cil_resolve_levelrange(struct cil_tree_node *current, struct cil_levelrange *levelrange, void *extra_args);
int cil_resolve_constrain(struct cil_tree_node *current, void *extra_args);
int cil_resolve_validatetrans(struct cil_tree_node *current, void *extra_args);
int cil_resolve_context(struct cil_tree_node *current, struct cil_context *context, void *extra_args);
int cil_resolve_filecon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_ibpkeycon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_ibendportcon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_portcon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_genfscon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_nodecon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_netifcon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_pirqcon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_iomemcon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_ioportcon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_pcidevicecon(struct cil_tree_node *current, void *extra_args);
int cil_resolve_fsuse(struct cil_tree_node *current, void *extra_args);
int cil_resolve_sidcontext(struct cil_tree_node *current, void *extra_args);
int cil_resolve_sidorder(struct cil_tree_node *current, void *extra_args);
int cil_resolve_blockinherit(struct cil_tree_node *current, void *extra_args);
int cil_resolve_in(struct cil_tree_node *current, void *extra_args);
int cil_resolve_call1(struct cil_tree_node *current, void *extra_args);
int cil_resolve_call2(struct cil_tree_node *, void *extra_args);
int cil_resolve_name_call_args(struct cil_call *call, char *name, enum cil_sym_index sym_index, struct cil_symtab_datum **datum);
int cil_resolve_expr(enum cil_flavor expr_type, struct cil_list *str_expr, struct cil_list **datum_expr, struct cil_tree_node *parent, void *extra_args);
int cil_resolve_boolif(struct cil_tree_node *current, void *extra_args);
int cil_evaluate_expr(struct cil_list *datum_expr, uint16_t *result);
int cil_resolve_tunif(struct cil_tree_node *current, void *extra_args);
int cil_resolve_ast(struct cil_db *db, struct cil_tree_node *current);
int cil_resolve_name(struct cil_tree_node *ast_node, char *name, enum cil_sym_index sym_index, void *extra_args, struct cil_symtab_datum **datum);
int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, enum cil_sym_index sym_index, void *extra_args, struct cil_symtab_datum **datum);
#endif /* CIL_RESOLVE_AST_H_ */

116
kernel/libsepol/cil/src/cil_stack.c Normal file
View File

@ -0,0 +1,116 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdlib.h>
#include "cil_internal.h"
#include "cil_log.h"
#include "cil_mem.h"
#include "cil_stack.h"
#define CIL_STACK_INIT_SIZE 16
void cil_stack_init(struct cil_stack **stack)
{
struct cil_stack *new_stack = cil_malloc(sizeof(*new_stack));
new_stack->stack = cil_malloc(sizeof(*(new_stack->stack)) * CIL_STACK_INIT_SIZE);
new_stack->size = CIL_STACK_INIT_SIZE;
new_stack->pos = -1;
*stack = new_stack;
}
void cil_stack_destroy(struct cil_stack **stack)
{
if (stack == NULL || *stack == NULL) {
return;
}
free((*stack)->stack);
free(*stack);
*stack = NULL;
}
void cil_stack_empty(struct cil_stack *stack)
{
stack->pos = -1;
}
int cil_stack_is_empty(struct cil_stack *stack)
{
return (stack->pos == -1);
}
int cil_stack_number_of_items(struct cil_stack *stack)
{
return stack->pos + 1;
}
void cil_stack_push(struct cil_stack *stack, enum cil_flavor flavor, void *data)
{
stack->pos++;
if (stack->pos == stack->size) {
stack->size *= 2;
stack->stack = cil_realloc(stack->stack, sizeof(*stack->stack) * stack->size);
}
stack->stack[stack->pos].flavor = flavor;
stack->stack[stack->pos].data = data;
}
struct cil_stack_item *cil_stack_pop(struct cil_stack *stack)
{
if (stack->pos == -1) {
return NULL;
}
stack->pos--;
return &stack->stack[stack->pos + 1];
}
struct cil_stack_item *cil_stack_peek(struct cil_stack *stack)
{
if (stack->pos < 0) {
return NULL;
}
return &stack->stack[stack->pos];
}
struct cil_stack_item *cil_stack_peek_at(struct cil_stack *stack, int pos)
{
int peekpos = stack->pos - pos;
if (peekpos < 0 || peekpos > stack->pos) {
return NULL;
}
return &stack->stack[peekpos];
}

63
kernel/libsepol/cil/src/cil_stack.h Normal file
View File

@ -0,0 +1,63 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_STACK_H_
#define CIL_STACK_H_
struct cil_stack {
struct cil_stack_item *stack;
int size;
int pos;
};
struct cil_stack_item {
enum cil_flavor flavor;
void *data;
};
#define cil_stack_for_each_starting_at(stack, start, pos, item) \
for (pos = start, item = cil_stack_peek_at(stack, pos); item != NULL; pos++, item = cil_stack_peek_at(stack, pos))
#define cil_stack_for_each(stack, pos, item) cil_stack_for_each_starting_at(stack, 0, pos, item)
void cil_stack_init(struct cil_stack **stack);
void cil_stack_destroy(struct cil_stack **stack);
void cil_stack_empty(struct cil_stack *stack);
int cil_stack_is_empty(struct cil_stack *stack);
int cil_stack_number_of_items(struct cil_stack *stack);
void cil_stack_push(struct cil_stack *stack, enum cil_flavor flavor, void *data);
struct cil_stack_item *cil_stack_pop(struct cil_stack *stack);
struct cil_stack_item *cil_stack_peek(struct cil_stack *stack);
struct cil_stack_item *cil_stack_peek_at(struct cil_stack *stack, int pos);
#endif

123
kernel/libsepol/cil/src/cil_strpool.c Normal file
View File

@ -0,0 +1,123 @@
/*
* Copyright 2014 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <pthread.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "cil_mem.h"
#include "cil_strpool.h"
#include "cil_log.h"
#define CIL_STRPOOL_TABLE_SIZE 1 << 15
struct cil_strpool_entry {
char *str;
};
static pthread_mutex_t cil_strpool_mutex = PTHREAD_MUTEX_INITIALIZER;
static unsigned int cil_strpool_readers = 0;
static hashtab_t cil_strpool_tab = NULL;
static unsigned int cil_strpool_hash(hashtab_t h, const_hashtab_key_t key)
{
const char *p;
size_t size;
unsigned int val;
val = 0;
size = strlen(key);
for (p = key; ((size_t) (p - key)) < size; p++)
val =
(val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
return val & (h->size - 1);
}
static int cil_strpool_compare(hashtab_t h __attribute__ ((unused)), const_hashtab_key_t key1, const_hashtab_key_t key2)
{
return strcmp(key1, key2);
}
char *cil_strpool_add(const char *str)
{
struct cil_strpool_entry *strpool_ref = NULL;
pthread_mutex_lock(&cil_strpool_mutex);
strpool_ref = hashtab_search(cil_strpool_tab, str);
if (strpool_ref == NULL) {
int rc;
strpool_ref = cil_malloc(sizeof(*strpool_ref));
strpool_ref->str = cil_strdup(str);
rc = hashtab_insert(cil_strpool_tab, strpool_ref->str, strpool_ref);
if (rc != SEPOL_OK) {
pthread_mutex_unlock(&cil_strpool_mutex);
cil_log(CIL_ERR, "Failed to allocate memory\n");
exit(1);
}
}
pthread_mutex_unlock(&cil_strpool_mutex);
return strpool_ref->str;
}
static int cil_strpool_entry_destroy(hashtab_key_t k __attribute__ ((unused)), hashtab_datum_t d, void *args __attribute__ ((unused)))
{
struct cil_strpool_entry *strpool_ref = (struct cil_strpool_entry*)d;
free(strpool_ref->str);
free(strpool_ref);
return SEPOL_OK;
}
void cil_strpool_init(void)
{
pthread_mutex_lock(&cil_strpool_mutex);
if (cil_strpool_tab == NULL) {
cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
if (cil_strpool_tab == NULL) {
pthread_mutex_unlock(&cil_strpool_mutex);
cil_log(CIL_ERR, "Failed to allocate memory\n");
exit(1);
}
}
cil_strpool_readers++;
pthread_mutex_unlock(&cil_strpool_mutex);
}
void cil_strpool_destroy(void)
{
pthread_mutex_lock(&cil_strpool_mutex);
cil_strpool_readers--;
if (cil_strpool_readers == 0) {
ksu_hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL);
ksu_hashtab_destroy(cil_strpool_tab);
cil_strpool_tab = NULL;
}
pthread_mutex_unlock(&cil_strpool_mutex);
}

38
kernel/libsepol/cil/src/cil_strpool.h Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright 2014 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_STRPOOL_H_
#define CIL_STRPOOL_H_
#include <sepol/policydb/hashtab.h>
char *cil_strpool_add(const char *str);
void cil_strpool_init(void);
void cil_strpool_destroy(void);
#endif /* CIL_STRPOOL_H_ */

289
kernel/libsepol/cil/src/cil_symtab.c Normal file
View File

@ -0,0 +1,289 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <sepol/errcodes.h>
#include <sepol/policydb/hashtab.h>
#include <sepol/policydb/symtab.h>
#include "cil_internal.h"
#include "cil_tree.h"
#include "cil_symtab.h"
#include "cil_mem.h"
#include "cil_strpool.h"
#include "cil_log.h"
__attribute__((noreturn)) __attribute__((format (printf, 1, 2))) static void cil_symtab_error(const char* msg, ...)
{
va_list ap;
va_start(ap, msg);
cil_vlog(CIL_ERR, msg, ap);
va_end(ap);
exit(1);
}
void cil_symtab_init(symtab_t *symtab, unsigned int size)
{
int rc = ksu_symtab_init(symtab, size);
if (rc != SEPOL_OK) {
cil_symtab_error("Failed to create symtab\n");
}
}
void cil_symtab_datum_init(struct cil_symtab_datum *datum)
{
datum->name = NULL;
datum->fqn = NULL;
datum->symtab = NULL;
cil_list_init(&datum->nodes, CIL_LIST_ITEM);
}
void cil_symtab_datum_destroy(struct cil_symtab_datum *datum)
{
cil_list_destroy(&datum->nodes, 0);
cil_symtab_remove_datum(datum);
}
void cil_symtab_datum_remove_node(struct cil_symtab_datum *datum, struct cil_tree_node *node)
{
if (datum && datum->nodes != NULL) {
cil_list_remove(datum->nodes, CIL_NODE, node, 0);
if (datum->nodes->head == NULL) {
cil_symtab_datum_destroy(datum);
}
}
}
/* This both initializes the datum and inserts it into the symtab.
Note that cil_symtab_datum_destroy() is the analog to the initializer portion */
int cil_symtab_insert(symtab_t *symtab, hashtab_key_t key, struct cil_symtab_datum *datum, struct cil_tree_node *node)
{
int rc = hashtab_insert(symtab->table, key, (hashtab_datum_t)datum);
if (rc == SEPOL_OK) {
datum->name = key;
datum->fqn = key;
datum->symtab = symtab;
symtab->nprim++;
if (node) {
cil_list_append(datum->nodes, CIL_NODE, node);
}
} else if (rc != SEPOL_EEXIST) {
cil_symtab_error("Failed to insert datum into hashtab\n");
}
return rc;
}
void cil_symtab_remove_datum(struct cil_symtab_datum *datum)
{
symtab_t *symtab = datum->symtab;
if (symtab == NULL) {
return;
}
hashtab_remove(symtab->table, datum->name, NULL, NULL);
symtab->nprim--;
datum->symtab = NULL;
}
int cil_symtab_get_datum(symtab_t *symtab, char *key, struct cil_symtab_datum **datum)
{
*datum = (struct cil_symtab_datum*)hashtab_search(symtab->table, (hashtab_key_t)key);
if (*datum == NULL) {
return SEPOL_ENOENT;
}
return SEPOL_OK;
}
int cil_symtab_map(symtab_t *symtab,
int (*apply) (hashtab_key_t k, hashtab_datum_t d, void *args),
void *args)
{
return ksu_hashtab_map(symtab->table, apply, args);
}
static int __cil_symtab_destroy_helper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, __attribute__((unused)) void *args)
{
struct cil_symtab_datum *datum = d;
datum->symtab = NULL;
return SEPOL_OK;
}
void cil_symtab_destroy(symtab_t *symtab)
{
if (symtab->table != NULL){
cil_symtab_map(symtab, __cil_symtab_destroy_helper, NULL);
ksu_hashtab_destroy(symtab->table);
symtab->table = NULL;
}
}
static void cil_complex_symtab_hash(struct cil_complex_symtab_key *ckey, int mask, intptr_t *hash)
{
intptr_t sum = ckey->key1 + ckey->key2 + ckey->key3 + ckey->key4;
*hash = (intptr_t)((sum >> 2) & mask);
}
void cil_complex_symtab_init(struct cil_complex_symtab *symtab, unsigned int size)
{
symtab->htable = cil_calloc(size, sizeof(struct cil_complex_symtab *));
symtab->nelems = 0;
symtab->nslots = size;
symtab->mask = size - 1;
}
int cil_complex_symtab_insert(struct cil_complex_symtab *symtab,
struct cil_complex_symtab_key *ckey,
struct cil_complex_symtab_datum *datum)
{
intptr_t hash;
struct cil_complex_symtab_node *node = NULL;
struct cil_complex_symtab_node *prev = NULL;
struct cil_complex_symtab_node *curr = NULL;
node = cil_malloc(sizeof(*node));
memset(node, 0, sizeof(*node));
node->ckey = ckey;
node->datum = datum;
cil_complex_symtab_hash(ckey, symtab->mask, &hash);
for (prev = NULL, curr = symtab->htable[hash]; curr != NULL;
prev = curr, curr = curr->next) {
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 == curr->ckey->key2 &&
ckey->key3 == curr->ckey->key3 &&
ckey->key4 == curr->ckey->key4) {
free(node);
return SEPOL_EEXIST;
}
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 < curr->ckey->key2) {
break;
}
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 == curr->ckey->key2 &&
ckey->key3 < curr->ckey->key3) {
break;
}
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 == curr->ckey->key2 &&
ckey->key3 == curr->ckey->key3 &&
ckey->key4 < curr->ckey->key4) {
break;
}
}
if (prev != NULL) {
node->next = prev->next;
prev->next = node;
} else {
node->next = symtab->htable[hash];
symtab->htable[hash] = node;
}
symtab->nelems++;
return SEPOL_OK;
}
void cil_complex_symtab_search(struct cil_complex_symtab *symtab,
struct cil_complex_symtab_key *ckey,
struct cil_complex_symtab_datum **out)
{
intptr_t hash;
struct cil_complex_symtab_node *curr = NULL;
cil_complex_symtab_hash(ckey, symtab->mask, &hash);
for (curr = symtab->htable[hash]; curr != NULL; curr = curr->next) {
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 == curr->ckey->key2 &&
ckey->key3 == curr->ckey->key3 &&
ckey->key4 == curr->ckey->key4) {
*out = curr->datum;
return;
}
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 < curr->ckey->key2) {
break;
}
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 == curr->ckey->key2 &&
ckey->key3 < curr->ckey->key3) {
break;
}
if (ckey->key1 == curr->ckey->key1 &&
ckey->key2 == curr->ckey->key2 &&
ckey->key3 == curr->ckey->key3 &&
ckey->key4 < curr->ckey->key4) {
break;
}
}
*out = NULL;
}
void cil_complex_symtab_destroy(struct cil_complex_symtab *symtab)
{
struct cil_complex_symtab_node *curr = NULL;
struct cil_complex_symtab_node *temp = NULL;
unsigned int i;
if (symtab == NULL) {
return;
}
for (i = 0; i < symtab->nslots; i++) {
curr = symtab->htable[i];
while (curr != NULL) {
temp = curr;
curr = curr->next;
free(temp);
}
symtab->htable[i] = NULL;
}
free(symtab->htable);
symtab->htable = NULL;
symtab->nelems = 0;
symtab->nslots = 0;
symtab->mask = 0;
}

89
kernel/libsepol/cil/src/cil_symtab.h Normal file
View File

@ -0,0 +1,89 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef __CIL_SYMTAB_H_
#define __CIL_SYMTAB_H_
#include <sepol/policydb/symtab.h>
#include <sepol/policydb/hashtab.h>
#include "cil_tree.h"
struct cil_symtab_datum {
struct cil_list *nodes;
char *name;
char *fqn;
symtab_t *symtab;
};
#define DATUM(d) ((struct cil_symtab_datum *)(d))
#define NODE(n) ((struct cil_tree_node *)(DATUM(n)->nodes->head->data))
#define FLAVOR(f) (NODE(f)->flavor)
struct cil_complex_symtab_key {
intptr_t key1;
intptr_t key2;
intptr_t key3;
intptr_t key4;
};
struct cil_complex_symtab_datum {
void *data;
};
struct cil_complex_symtab_node {
struct cil_complex_symtab_key *ckey;
struct cil_complex_symtab_datum *datum;
struct cil_complex_symtab_node *next;
};
struct cil_complex_symtab {
struct cil_complex_symtab_node **htable;
uint32_t nelems;
uint32_t nslots;
uint32_t mask;
};
void cil_symtab_init(symtab_t *symtab, unsigned int size);
void cil_symtab_datum_init(struct cil_symtab_datum *datum);
void cil_symtab_datum_destroy(struct cil_symtab_datum *datum);
void cil_symtab_datum_remove_node(struct cil_symtab_datum *datum, struct cil_tree_node *node);
int cil_symtab_insert(symtab_t *symtab, hashtab_key_t key, struct cil_symtab_datum *datum, struct cil_tree_node *node);
void cil_symtab_remove_datum(struct cil_symtab_datum *datum);
int cil_symtab_get_datum(symtab_t *symtab, char *key, struct cil_symtab_datum **datum);
int cil_symtab_map(symtab_t *symtab,
int (*apply) (hashtab_key_t k, hashtab_datum_t d, void *args),
void *args);
void cil_symtab_destroy(symtab_t *symtab);
void cil_complex_symtab_init(struct cil_complex_symtab *symtab, unsigned int size);
int cil_complex_symtab_insert(struct cil_complex_symtab *symtab, struct cil_complex_symtab_key *ckey, struct cil_complex_symtab_datum *datum);
void cil_complex_symtab_search(struct cil_complex_symtab *symtab, struct cil_complex_symtab_key *ckey, struct cil_complex_symtab_datum **out);
void cil_complex_symtab_destroy(struct cil_complex_symtab *symtab);
#endif

337
kernel/libsepol/cil/src/cil_tree.c Normal file
View File

@ -0,0 +1,337 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdio.h>
#include <stdarg.h>
#include <inttypes.h>
#include <sepol/policydb/conditional.h>
#include "cil_internal.h"
#include "cil_flavor.h"
#include "cil_log.h"
#include "cil_tree.h"
#include "cil_list.h"
#include "cil_parser.h"
#include "cil_strpool.h"
struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **info_kind, uint32_t *hll_line, char **path)
{
int rc;
if (!node) {
goto exit;
}
node = node->parent;
while (node) {
if (node->flavor == CIL_NODE && node->data == NULL) {
if (node->cl_head && node->cl_head->data == CIL_KEY_SRC_INFO) {
if (!node->cl_head->next || !node->cl_head->next->next || !node->cl_head->next->next->next) {
goto exit;
}
/* Parse Tree */
*info_kind = node->cl_head->next->data;
rc = cil_string_to_uint32(node->cl_head->next->next->data, hll_line, 10);
if (rc != SEPOL_OK) {
goto exit;
}
*path = node->cl_head->next->next->next->data;
return node;
}
node = node->parent;
} else if (node->flavor == CIL_SRC_INFO) {
/* AST */
struct cil_src_info *info = node->data;
*info_kind = info->kind;
*hll_line = info->hll_line;
*path = info->path;
return node;
} else {
if (node->flavor == CIL_CALL) {
struct cil_call *call = node->data;
node = NODE(call->macro);
} else if (node->flavor == CIL_BLOCKINHERIT) {
struct cil_blockinherit *inherit = node->data;
node = NODE(inherit->block);
} else {
node = node->parent;
}
}
}
exit:
*info_kind = NULL;
*hll_line = 0;
*path = NULL;
return NULL;
}
char *cil_tree_get_cil_path(struct cil_tree_node *node)
{
char *info_kind;
uint32_t hll_line;
char *path;
while (node) {
node = cil_tree_get_next_path(node, &info_kind, &hll_line, &path);
if (node && info_kind == CIL_KEY_SRC_CIL) {
return path;
}
}
return NULL;
}
__attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *node, enum cil_log_level lvl, const char* msg, ...)
{
va_list ap;
va_start(ap, msg);
cil_vlog(lvl, msg, ap);
va_end(ap);
if (node) {
char *path = NULL;
uint32_t hll_offset = node->hll_offset;
path = cil_tree_get_cil_path(node);
if (path != NULL) {
cil_log(lvl, " at %s:%u", path, node->line);
}
while (node) {
do {
char *info_kind;
uint32_t hll_line;
node = cil_tree_get_next_path(node, &info_kind, &hll_line, &path);
if (!node || info_kind == CIL_KEY_SRC_CIL) {
break;
}
if (info_kind == CIL_KEY_SRC_HLL_LMS) {
hll_line += hll_offset - node->hll_offset - 1;
}
cil_log(lvl," from %s:%u", path, hll_line);
} while (1);
}
}
cil_log(lvl,"\n");
}
int cil_tree_subtree_has_decl(struct cil_tree_node *node)
{
while (node) {
if (node->flavor >= CIL_MIN_DECLARATIVE) {
return CIL_TRUE;
}
if (node->cl_head != NULL) {
if (cil_tree_subtree_has_decl(node->cl_head))
return CIL_TRUE;
}
node = node->next;
}
return CIL_FALSE;
}
int cil_tree_init(struct cil_tree **tree)
{
struct cil_tree *new_tree = cil_malloc(sizeof(*new_tree));
cil_tree_node_init(&new_tree->root);
*tree = new_tree;
return SEPOL_OK;
}
void cil_tree_destroy(struct cil_tree **tree)
{
if (tree == NULL || *tree == NULL) {
return;
}
cil_tree_subtree_destroy((*tree)->root);
free(*tree);
*tree = NULL;
}
void cil_tree_subtree_destroy(struct cil_tree_node *node)
{
cil_tree_children_destroy(node);
cil_tree_node_destroy(&node);
}
void cil_tree_children_destroy(struct cil_tree_node *node)
{
struct cil_tree_node *curr, *next;
if (!node) {
return;
}
curr = node->cl_head;
while (curr) {
next = curr->next;
cil_tree_children_destroy(curr);
cil_tree_node_destroy(&curr);
curr = next;
}
node->cl_head = NULL;
node->cl_tail = NULL;
}
void cil_tree_node_init(struct cil_tree_node **node)
{
struct cil_tree_node *new_node = cil_malloc(sizeof(*new_node));
new_node->cl_head = NULL;
new_node->cl_tail = NULL;
new_node->parent = NULL;
new_node->data = NULL;
new_node->next = NULL;
new_node->flavor = CIL_ROOT;
new_node->line = 0;
new_node->hll_offset = 0;
*node = new_node;
}
void cil_tree_node_destroy(struct cil_tree_node **node)
{
struct cil_symtab_datum *datum;
if (node == NULL || *node == NULL) {
return;
}
if ((*node)->flavor >= CIL_MIN_DECLARATIVE) {
datum = (*node)->data;
cil_symtab_datum_remove_node(datum, *node);
if (datum->nodes == NULL) {
cil_destroy_data(&(*node)->data, (*node)->flavor);
}
} else {
cil_destroy_data(&(*node)->data, (*node)->flavor);
}
free(*node);
*node = NULL;
}
/* Perform depth-first walk of the tree
Parameters:
start_node: root node to start walking from
process_node: function to call when visiting a node
Takes parameters:
node: node being visited
finished: boolean indicating to the tree walker that it should move on from this branch
extra_args: additional data
first_child: Function to call before entering list of children
Takes parameters:
node: node of first child
extra args: additional data
last_child: Function to call when finished with the last child of a node's children
extra_args: any additional data to be passed to the helper functions
*/
static int cil_tree_walk_core(struct cil_tree_node *node,
int (*process_node)(struct cil_tree_node *node, uint32_t *finished, void *extra_args),
int (*first_child)(struct cil_tree_node *node, void *extra_args),
int (*last_child)(struct cil_tree_node *node, void *extra_args),
void *extra_args)
{
int rc = SEPOL_ERR;
while (node) {
uint32_t finished = CIL_TREE_SKIP_NOTHING;
if (process_node != NULL) {
rc = (*process_node)(node, &finished, extra_args);
if (rc != SEPOL_OK) {
cil_tree_log(node, CIL_INFO, "Problem");
return rc;
}
}
if (finished & CIL_TREE_SKIP_NEXT) {
return SEPOL_OK;
}
if (node->cl_head != NULL && !(finished & CIL_TREE_SKIP_HEAD)) {
rc = cil_tree_walk(node, process_node, first_child, last_child, extra_args);
if (rc != SEPOL_OK) {
return rc;
}
}
node = node->next;
}
return SEPOL_OK;
}
int cil_tree_walk(struct cil_tree_node *node,
int (*process_node)(struct cil_tree_node *node, uint32_t *finished, void *extra_args),
int (*first_child)(struct cil_tree_node *node, void *extra_args),
int (*last_child)(struct cil_tree_node *node, void *extra_args),
void *extra_args)
{
int rc = SEPOL_ERR;
if (!node || !node->cl_head) {
return SEPOL_OK;
}
if (first_child != NULL) {
rc = (*first_child)(node->cl_head, extra_args);
if (rc != SEPOL_OK) {
cil_tree_log(node, CIL_INFO, "Problem");
return rc;
}
}
rc = cil_tree_walk_core(node->cl_head, process_node, first_child, last_child, extra_args);
if (rc != SEPOL_OK) {
return rc;
}
if (last_child != NULL) {
rc = (*last_child)(node->cl_tail, extra_args);
if (rc != SEPOL_OK) {
cil_tree_log(node, CIL_INFO, "Problem");
return rc;
}
}
return SEPOL_OK;
}

75
kernel/libsepol/cil/src/cil_tree.h Normal file
View File

@ -0,0 +1,75 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_TREE_H_
#define CIL_TREE_H_
#include <stdint.h>
#include "cil_flavor.h"
#include "cil_list.h"
struct cil_tree {
struct cil_tree_node *root;
};
struct cil_tree_node {
struct cil_tree_node *parent;
struct cil_tree_node *cl_head; //Head of child_list
struct cil_tree_node *cl_tail; //Tail of child_list
struct cil_tree_node *next; //Each element in the list points to the next element
enum cil_flavor flavor;
uint32_t line;
uint32_t hll_offset;
void *data;
};
struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **info_kind, uint32_t *hll_line, char **path);
char *cil_tree_get_cil_path(struct cil_tree_node *node);
__attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *node, enum cil_log_level lvl, const char* msg, ...);
int cil_tree_subtree_has_decl(struct cil_tree_node *node);
int cil_tree_init(struct cil_tree **tree);
void cil_tree_destroy(struct cil_tree **tree);
void cil_tree_subtree_destroy(struct cil_tree_node *node);
void cil_tree_children_destroy(struct cil_tree_node *node);
void cil_tree_node_init(struct cil_tree_node **node);
void cil_tree_node_destroy(struct cil_tree_node **node);
//finished values
#define CIL_TREE_SKIP_NOTHING 0
#define CIL_TREE_SKIP_NEXT 1
#define CIL_TREE_SKIP_HEAD 2
#define CIL_TREE_SKIP_ALL (CIL_TREE_SKIP_NOTHING | CIL_TREE_SKIP_NEXT | CIL_TREE_SKIP_HEAD)
int cil_tree_walk(struct cil_tree_node *start_node, int (*process_node)(struct cil_tree_node *node, uint32_t *finished, void *extra_args), int (*first_child)(struct cil_tree_node *node, void *extra_args), int (*last_child)(struct cil_tree_node *node, void *extra_args), void *extra_args);
#endif /* CIL_TREE_H_ */

1874
kernel/libsepol/cil/src/cil_verify.c Normal file
View File

File diff suppressed because it is too large Load Diff

74
kernel/libsepol/cil/src/cil_verify.h Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_VERIFY_H_
#define CIL_VERIFY_H_
#include <stdint.h>
#include "cil_internal.h"
#include "cil_flavor.h"
#include "cil_tree.h"
#include "cil_list.h"
enum cil_syntax {
CIL_SYN_STRING = 1 << 0,
CIL_SYN_LIST = 1 << 1,
CIL_SYN_EMPTY_LIST = 1 << 2,
CIL_SYN_N_LISTS = 1 << 3,
CIL_SYN_N_STRINGS = 1 << 4,
CIL_SYN_END = 1 << 5
};
struct cil_args_verify {
struct cil_db *db;
struct cil_complex_symtab *csymtab;
int *avrule_cnt;
int *handleunknown;
int *mls;
int *nseuserdflt;
int *pass;
};
int cil_verify_name(const struct cil_db *db, const char *name, enum cil_flavor flavor);
int __cil_verify_syntax(struct cil_tree_node *parse_current, enum cil_syntax s[], size_t len);
int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, enum cil_flavor expr_flavor);
int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_flavor r_flavor, enum cil_flavor op, enum cil_flavor expr_flavor);
int cil_verify_constraint_expr_syntax(struct cil_tree_node *current, enum cil_flavor op);
int cil_verify_conditional_blocks(struct cil_tree_node *current);
int cil_verify_decl_does_not_shadow_macro_parameter(struct cil_macro *macro, struct cil_tree_node *node, const char *name);
int __cil_verify_ranges(struct cil_list *list);
int __cil_verify_ordered_node_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args);
int __cil_verify_ordered(struct cil_tree_node *current, enum cil_flavor flavor);
int __cil_verify_initsids(struct cil_list *sids);
int __cil_verify_senscat(struct cil_sens *sens, struct cil_cat *cat);
int __cil_verify_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *extra_args);
int __cil_pre_verify_helper(struct cil_tree_node *node, __attribute__((unused)) uint32_t *finished, void *extra_args);
#endif

1627
kernel/libsepol/cil/src/cil_write_ast.c Normal file
View File

File diff suppressed because it is too large Load Diff

46
kernel/libsepol/cil/src/cil_write_ast.h Normal file
View File

@ -0,0 +1,46 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CIL_WRITE_AST_H_
#define CIL_WRITE_AST_H_
#include <stdio.h>
#include "cil_tree.h"
enum cil_write_ast_phase {
CIL_WRITE_AST_PHASE_PARSE = 0,
CIL_WRITE_AST_PHASE_BUILD,
CIL_WRITE_AST_PHASE_RESOLVE,
};
void cil_write_ast_node(FILE *out, struct cil_tree_node *node);
int cil_write_ast(FILE *out, enum cil_write_ast_phase phase, struct cil_tree_node *node);
#endif /* CIL_WRITE_AST_H_ */

115
kernel/libsepol/cil/test/integration_testing/mls_policy.cil Normal file
View File

@ -0,0 +1,115 @@
(class testing (read open close write exec))
(class fooclass (read open close write exec))
(category c0)
(category c1)
(category c2)
(category c3)
(category c4)
(categoryalias c0 cat)
(categoryorder (c0 c1 c2 c3 c4))
(categoryset catset (c0 c2 c3))
(sensitivity s0)
(sensitivity s1)
(sensitivity s2)
(sensitivity s3)
(sensitivityalias s3 sens)
(dominance (s0 s1 s2 s3))
(sensitivitycategory s0 (c0 c2 c3))
(sensitivitycategory s0 (cat))
; the following causes a segfault
;(sensitivitycategory sens (c2))
(type foo_t)
(type typea_t)
(type typeb_t)
(type typec_t)
(role foo_r)
(role rolea_r)
(role roleb_r)
(user foo_u)
(user user_u)
(userrole foo_u foo_r)
(level low (s0 catset))
(level high (s0 (c0)))
(level test_l (s0 (cat)))
(sid test_sid)
(sidcontext test_sid (foo_u foo_r foo_t (s0 (c0)) (s0 (c0))))
(sid test_sid_anon_l)
(sidcontext test_sid_anon_l (foo_u foo_r foo_t low high))
(context con (foo_u foo_r foo_t low high))
(context con_anon_l (foo_u foo_r foo_t (s0 (c0)) high))
(fsuse xattr ext3 con)
(fsuse xattr ext3 con_anon_l)
(netifcon eth0 con con_anon_l)
(ipaddr ip_v4 192.25.35.200)
(ipaddr netmask 192.168.1.1)
(ipaddr ip_v6 2001:0DB8:AC10:FE01::)
(ipaddr netmask_v6 2001:0DE0:DA88:2222::)
; will need anon levels
(nodecon ip_v4 netmask con)
(nodecon ip_v6 netmask_v6 con_anon_l)
;needs anon levels
(portcon type 25 con)
(filecon root path file con)
(genfscon type path con)
(netifcon eth0 con con_anon_l)
(typemember typea_t typeb_t testing typec_t)
(typechange typea_t typeb_t testing typec_t)
(typetransition typea_t typeb_t testing typec_t)
(permissionset permset (open close))
(allow typea_t typeb_t testing (write))
(allow typea_t typeb_t testing permset)
(roleallow rolea_r roleb_r)
(rolebounds rolea_r roleb_r)
(roletransition foo_r foo_t testing rolea_r)
(level l2 (s0 (c0)))
(level h2 (s0 (c0)))
(mlsconstrain (fooclass testing)(open close)(eq l2 h2))
(common fooclass (open))
(classcommon fooclass fooclass)
(rangetransition typea_t typeb_t fooclass low high)
(nametypetransition string typea_t typeb_t fooclass foo_t)
(typepermissive foo_t)
(typebounds typea_t typeb_t)
(block test_b
(typealias .test_b.test typea_t)
(type test))
(attribute attrs)
(attributetypes attrs (foo_t))
(roletype foo_r foo_t)
(userbounds user_u foo_u)
(userrole user_u foo_r)
(bool foo_b true)
(bool baz_b false)
(booleanif (&& foo_b baz_b)
(allow typea_t typeb_t fooclass(read)))
;(class baz (read))
;(booleanif (&& foo_b baz_b)
; (allow foo_b baz_b fooclass (read)))

86
kernel/libsepol/cil/test/integration_testing/nonmls.cil Normal file
View File

@ -0,0 +1,86 @@
(class testing (read open close write exec))
(class fooclass (read open close write exec))
(type foo_t)
(type typea_t)
(type typeb_t)
(type typec_t)
(role foo_r)
(role rolea_r)
(role roleb_r)
(user foo_u)
(user user_u)
(userrole foo_u foo_r)
(sid test_sid)
;(sidcontext test_sid (foo_u foo_r foo_t (s0 (c0)) (s0 (c0))))
;(sid test_sid_anon_l)
;(fsuse xattr ext3 con)
;(fsuse xattr ext3 con_anon_l)
;(netifcon eth0 con con_anon_l)
(ipaddr ip_v4 192.25.35.200)
(ipaddr netmask 192.168.1.1)
(ipaddr ip_v6 2001:0DB8:AC10:FE01::)
(ipaddr netmask_v6 2001:0DE0:DA88:2222::)
; will need anon levels
;(nodecon ip_v4 netmask con)
;(nodecon ip_v6 netmask_v6 con_anon_l)
;needs anon levels
;(portcon type 25 con)
;(filecon root path file con)
;(genfscon type path con)
;(netifcon eth0 con con_anon_l)
(typemember typea_t typeb_t testing typec_t)
(typechange typea_t typeb_t testing typec_t)
(typetransition typea_t typeb_t testing typec_t)
(permissionset permset (open close))
(allow typea_t typeb_t testing (write))
(allow typea_t typeb_t testing permset)
(roleallow rolea_r roleb_r)
(rolebounds rolea_r roleb_r)
(roletransition foo_r foo_t testing rolea_r)
(common fooclass (open))
(classcommon fooclass fooclass)
(nametypetransition string typea_t typeb_t fooclass foo_t)
(typepermissive foo_t)
(typebounds typea_t typeb_t)
(block test_b
(typealias .test_b.test typea_t)
(type test))
(attribute attrs)
(attributetypes attrs (foo_t))
(roletype foo_r foo_t)
(userbounds user_u foo_u)
(userrole user_u foo_r)
;(bool foo_b true)
;(bool baz_b false)
;(booleanif (&& foo_b baz_b)
; (allow typea_t typeb_t fooclass(read)))
;(class baz (read))
;(booleanif (&& foo_b baz_b)
; (allow foo_b baz_b fooclass (read)))

76
kernel/libsepol/cil/test/integration_testing/nonmls.conf Normal file
View File

@ -0,0 +1,76 @@
class testing
class fooclass
sid test_sid
#end
#sid decl
sid security
class testing
{
read
open
close
write
exec
}
class fooclass
{
read
open
close
write
exec
}
#end
#attribs
attribute attrs;
#end
type foo_t, attrs;
type typea_t;
type typeb_t;
type typec_t;
#end
bool foo_b true;
bool baz_b false;
#end
role foo_r types foo_t;
role rolea_r;
role roleb_r;
#end
#role decl
allow typea_t typeb_t : testing write;
allow typea_t typeb_t : testing {open close};
type_transition typea_t typeb_t : testing typec_t;
#end
#audit rules
#dontaudit {kernel} unknown : dir search;
allow rolea_r roleb_r;
#end
#rbac stuff
#allow system {guest local_user};
#allow local_user guest;
user foo_u roles foo_r;
#end
sid test_sid foo_u:foo_r:foo_t

42
kernel/libsepol/cil/test/integration_testing/ordered_lists_bad1.cil Normal file
View File

@ -0,0 +1,42 @@
; Minimum policy
; ****************************
(class foo (read))
(type bar)
(allow bar self (foo (read)))
; ****************************
(sensitivity s0)
(sensitivity s1)
(sensitivity s2)
(sensitivity s3)
(sensitivity s4)
(sensitivity s5)
(sensitivity s6)
(sensitivity s7)
(sensitivity s8)
(sensitivity s9)
(dominance (s2 s3 s4))
(dominance (s1 s2 s4 s5))
(dominance (s5 s6 s8))
(dominance (s6 s7 s8 s9))
(category c0)
(category c1)
(category c2)
(category c3)
(category c4)
(category c5)
(category c6)
(category c7)
(category c8)
(category c9)
(categoryorder (c1 c3))
(categoryorder (c1 c2 c3))
(categoryorder (c5 c6 c7))
(categoryorder (c3 c4 c5))
(categoryorder (c7 c8 c9))
(categoryorder (c0 c1))

43
kernel/libsepol/cil/test/integration_testing/ordered_lists_bad2.cil Normal file
View File

@ -0,0 +1,43 @@
; Minimum policy
; ****************************
(class foo (read))
(type bar)
(allow bar self (foo (read)))
; ****************************
(sensitivity s0)
(sensitivity s1)
(sensitivity s2)
(sensitivity s3)
(sensitivity s4)
(sensitivity s5)
(sensitivity s6)
(sensitivity s7)
(sensitivity s8)
(sensitivity s9)
(dominance (s2 s3 s4))
(dominance (s1 s2 s4 s5))
(dominance (s5 s6 s8))
(dominance (s6 s7 s8 s9))
(dominance (s0 s1))
(category c0)
(category c1)
(category c2)
(category c3)
(category c4)
(category c5)
(category c6)
(category c7)
(category c8)
(category c9)
(categoryorder (c1 c3))
(categoryorder (c1 c2 c3))
(categoryorder (c5 c6 c7))
(categoryorder (c3 c4 c5))
(categoryorder (c7 c8 c9))

43
kernel/libsepol/cil/test/integration_testing/ordered_lists_bad3.cil Normal file
View File

@ -0,0 +1,43 @@
; Minimum policy
; ****************************
(class foo (read))
(type bar)
(allow bar self (foo (read)))
; ****************************
(sensitivity s0)
(sensitivity s1)
(sensitivity s2)
(sensitivity s3)
(sensitivity s4)
(sensitivity s5)
(sensitivity s6)
(sensitivity s7)
(sensitivity s8)
(sensitivity s9)
(dominance (s2 s3 s4))
(dominance (s1 s2 s5))
(dominance (s5 s6 s8))
(dominance (s6 s7 s8 s9))
(dominance (s0 s1))
(category c0)
(category c1)
(category c2)
(category c3)
(category c4)
(category c5)
(category c6)
(category c7)
(category c8)
(category c9)
(categoryorder (c1 c3))
(categoryorder (c1 c2 c3))
(categoryorder (c5 c6 c7))
(categoryorder (c3 c4 c5))
(categoryorder (c7 c8 c9))
(categoryorder (c0 c1))

38
kernel/libsepol/cil/test/integration_testing/ordered_lists_easy.cil Normal file
View File

@ -0,0 +1,38 @@
; Minimum policy
; ****************************
(class foo (read))
(type bar)
(allow bar self (foo (read)))
; ****************************
(sensitivity s0)
(sensitivity s1)
(sensitivity s2)
(sensitivity s3)
(sensitivity s4)
(sensitivity s5)
(sensitivity s6)
(sensitivity s7)
(sensitivity s8)
(sensitivity s9)
(dominance (s0 s1 s2 s3 s4 s5 s6 s7 s8 s9))
(category c0)
(category c1)
(category c2)
(category c3)
(category c4)
(category c5)
(category c6)
(category c7)
(category c8)
(category c9)
(categoryorder (c2 c3 c4 c5))
(categoryorder (c0 c1 c2 c3))
(categoryorder (c5 c6 c7))
(categoryorder (c7 c8 c9))

43
kernel/libsepol/cil/test/integration_testing/ordered_lists_hard.cil Normal file
View File

@ -0,0 +1,43 @@
; Minimum policy
; ****************************
(class foo (read))
(type bar)
(allow bar self (foo (read)))
; ****************************
(sensitivity s0)
(sensitivity s1)
(sensitivity s2)
(sensitivity s3)
(sensitivity s4)
(sensitivity s5)
(sensitivity s6)
(sensitivity s7)
(sensitivity s8)
(sensitivity s9)
(dominance (s2 s3 s4))
(dominance (s1 s2 s4 s5))
(dominance (s5 s6 s8))
(dominance (s6 s7 s8 s9))
(dominance (s0 s1))
(category c0)
(category c1)
(category c2)
(category c3)
(category c4)
(category c5)
(category c6)
(category c7)
(category c8)
(category c9)
(categoryorder (c1 c3))
(categoryorder (c1 c2 c3))
(categoryorder (c5 c6 c7))
(categoryorder (c3 c4 c5))
(categoryorder (c7 c8 c9))
(categoryorder (c0 c1))

5
kernel/libsepol/cil/test/integration_testing/small.cil Normal file
View File

@ -0,0 +1,5 @@
(class foo (read))
(type bar)
(allow bar self (foo (read)))

76
kernel/libsepol/cil/test/unit/AllTests.c Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <stdio.h>
#include "CuTest.h"
#include "../../src/cil_log.h"
CuSuite* CilTreeGetSuite(void);
CuSuite* CilTreeGetResolveSuite(void);
CuSuite* CilTreeGetBuildSuite(void);
CuSuite* CilTestFullCil(void);
void RunAllTests(void) {
/* disable cil log output */
cil_set_log_level(0);
CuString *output = CuStringNew();
CuSuite* suite = CuSuiteNew();
CuSuite* suiteResolve = CuSuiteNew();
CuSuite* suiteBuild = CuSuiteNew();
CuSuite* suiteIntegration = CuSuiteNew();
CuSuiteAddSuite(suite, CilTreeGetSuite());
CuSuiteAddSuite(suiteResolve, CilTreeGetResolveSuite());
CuSuiteAddSuite(suiteBuild, CilTreeGetBuildSuite());
CuSuiteAddSuite(suiteIntegration, CilTestFullCil());
CuSuiteRun(suite);
CuSuiteDetails(suite, output);
CuSuiteSummary(suite, output);
CuSuiteRun(suiteResolve);
CuSuiteDetails(suiteResolve, output);
CuSuiteSummary(suiteResolve, output);
CuSuiteRun(suiteBuild);
CuSuiteDetails(suiteBuild, output);
CuSuiteSummary(suiteBuild, output);
CuSuiteRun(suiteIntegration);
CuSuiteDetails(suiteIntegration, output);
CuSuiteSummary(suiteIntegration, output);
printf("\n%s\n", output->buffer);
}
int main(__attribute__((unused)) int argc, __attribute__((unused)) char *argv[]) {
RunAllTests();
return 0;
}

1974
kernel/libsepol/cil/test/unit/CilTest.c Normal file
View File

File diff suppressed because it is too large Load Diff

44
kernel/libsepol/cil/test/unit/CilTest.h Normal file
View File

@ -0,0 +1,44 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef CILTEST_H_
#define CILTEST_H_
#include "../../src/cil_tree.h"
// TODO Check more in the data structures
struct cil_file_data {
char *buffer;
uint32_t file_size;
};
void set_cil_file_data(struct cil_file_data **);
void gen_test_tree(struct cil_tree **, char **);
#endif

362
kernel/libsepol/cil/test/unit/CuTest.c Normal file
View File

@ -0,0 +1,362 @@
/*
* Copyright (c) 2003 Asim Jalis
*
* This software is provided 'as-is', without any express or implied
* warranty. In no event will the authors be held liable for any damages
* arising from the use of this software.
*
* Permission is granted to anyone to use this software for any purpose,
* including commercial applications, and to alter it and redistribute it
* freely, subject to the following restrictions:
*
* 1. The origin of this software must not be misrepresented; you must not
* claim that you wrote the original software. If you use this software in
* a product, an acknowledgment in the product documentation would be
* appreciated but is not required.
*
* 2. Altered source versions must be plainly marked as such, and must not
* be misrepresented as being the original software.
*
* 3. This notice may not be removed or altered from any source
* distribution.
*/
#include <assert.h>
#include <setjmp.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <math.h>
#include "CuTest.h"
/*-------------------------------------------------------------------------*
* CuStr
*-------------------------------------------------------------------------*/
char* CuStrAlloc(int size)
{
char* newStr = (char*) malloc( sizeof(char) * (size) );
return newStr;
}
char* CuStrCopy(const char* old)
{
int len = strlen(old);
char* newStr = CuStrAlloc(len + 1);
strcpy(newStr, old);
return newStr;
}
/*-------------------------------------------------------------------------*
* CuString
*-------------------------------------------------------------------------*/
void CuStringInit(CuString* str)
{
str->length = 0;
str->size = STRING_MAX;
str->buffer = (char*) malloc(sizeof(char) * str->size);
str->buffer[0] = '\0';
}
CuString* CuStringNew(void)
{
CuString* str = (CuString*) malloc(sizeof(CuString));
str->length = 0;
str->size = STRING_MAX;
str->buffer = (char*) malloc(sizeof(char) * str->size);
str->buffer[0] = '\0';
return str;
}
void CuStringDelete(CuString *str)
{
if (!str) return;
free(str->buffer);
free(str);
}
void CuStringResize(CuString* str, int newSize)
{
str->buffer = (char*) realloc(str->buffer, sizeof(char) * newSize);
str->size = newSize;
}
void CuStringAppend(CuString* str, const char* text)
{
int length;
if (text == NULL) {
text = "NULL";
}
length = strlen(text);
if (str->length + length + 1 >= str->size)
CuStringResize(str, str->length + length + 1 + STRING_INC);
str->length += length;
strcat(str->buffer, text);
}
void CuStringAppendChar(CuString* str, char ch)
{
char text[2];
text[0] = ch;
text[1] = '\0';
CuStringAppend(str, text);
}
__attribute__ ((format (printf, 2, 3))) void CuStringAppendFormat(CuString* str, const char* format, ...)
{
va_list argp;
char buf[HUGE_STRING_LEN];
va_start(argp, format);
vsprintf(buf, format, argp);
va_end(argp);
CuStringAppend(str, buf);
}
void CuStringInsert(CuString* str, const char* text, int pos)
{
int length = strlen(text);
if (pos > str->length)
pos = str->length;
if (str->length + length + 1 >= str->size)
CuStringResize(str, str->length + length + 1 + STRING_INC);
memmove(str->buffer + pos + length, str->buffer + pos, (str->length - pos) + 1);
str->length += length;
memcpy(str->buffer + pos, text, length);
}
/*-------------------------------------------------------------------------*
* CuTest
*-------------------------------------------------------------------------*/
void CuTestInit(CuTest* t, const char* name, TestFunction function)
{
t->name = CuStrCopy(name);
t->failed = 0;
t->ran = 0;
t->message = NULL;
t->function = function;
t->jumpBuf = NULL;
}
CuTest* CuTestNew(const char* name, TestFunction function)
{
CuTest* tc = CU_ALLOC(CuTest);
CuTestInit(tc, name, function);
return tc;
}
void CuTestDelete(CuTest *t)
{
if (!t) return;
free(t->name);
free(t);
}
void CuTestRun(CuTest* tc)
{
jmp_buf buf;
tc->jumpBuf = &buf;
if (setjmp(buf) == 0)
{
tc->ran = 1;
(tc->function)(tc);
}
tc->jumpBuf = 0;
}
static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* string)
{
char buf[HUGE_STRING_LEN];
sprintf(buf, "%s:%d: ", file, line);
CuStringInsert(string, buf, 0);
tc->failed = 1;
tc->message = string->buffer;
if (tc->jumpBuf != 0) longjmp(*(tc->jumpBuf), 0);
}
void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message)
{
CuString string;
CuStringInit(&string);
if (message2 != NULL)
{
CuStringAppend(&string, message2);
CuStringAppend(&string, ": ");
}
CuStringAppend(&string, message);
CuFailInternal(tc, file, line, &string);
}
void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition)
{
if (condition) return;
CuFail_Line(tc, file, line, NULL, message);
}
void CuAssertStrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
const char* expected, const char* actual)
{
CuString string;
if ((expected == NULL && actual == NULL) ||
(expected != NULL && actual != NULL &&
strcmp(expected, actual) == 0))
{
return;
}
CuStringInit(&string);
if (message != NULL)
{
CuStringAppend(&string, message);
CuStringAppend(&string, ": ");
}
CuStringAppend(&string, "expected <");
CuStringAppend(&string, expected);
CuStringAppend(&string, "> but was <");
CuStringAppend(&string, actual);
CuStringAppend(&string, ">");
CuFailInternal(tc, file, line, &string);
}
void CuAssertIntEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
int expected, int actual)
{
char buf[STRING_MAX];
if (expected == actual) return;
sprintf(buf, "expected <%d> but was <%d>", expected, actual);
CuFail_Line(tc, file, line, message, buf);
}
void CuAssertDblEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
double expected, double actual, double delta)
{
char buf[STRING_MAX];
if (fabs(expected - actual) <= delta) return;
sprintf(buf, "expected <%f> but was <%f>", expected, actual);
CuFail_Line(tc, file, line, message, buf);
}
void CuAssertPtrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
void* expected, void* actual)
{
char buf[STRING_MAX];
if (expected == actual) return;
sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual);
CuFail_Line(tc, file, line, message, buf);
}
/*-------------------------------------------------------------------------*
* CuSuite
*-------------------------------------------------------------------------*/
void CuSuiteInit(CuSuite* testSuite)
{
testSuite->count = 0;
testSuite->failCount = 0;
memset(testSuite->list, 0, sizeof(testSuite->list));
}
CuSuite* CuSuiteNew(void)
{
CuSuite* testSuite = CU_ALLOC(CuSuite);
CuSuiteInit(testSuite);
return testSuite;
}
void CuSuiteDelete(CuSuite *testSuite)
{
unsigned int n;
for (n=0; n < MAX_TEST_CASES; n++)
{
if (testSuite->list[n])
{
CuTestDelete(testSuite->list[n]);
}
}
free(testSuite);
}
void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase)
{
assert(testSuite->count < MAX_TEST_CASES);
testSuite->list[testSuite->count] = testCase;
testSuite->count++;
}
void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2)
{
int i;
for (i = 0 ; i < testSuite2->count ; ++i)
{
CuTest* testCase = testSuite2->list[i];
CuSuiteAdd(testSuite, testCase);
}
}
void CuSuiteRun(CuSuite* testSuite)
{
int i;
for (i = 0 ; i < testSuite->count ; ++i)
{
CuTest* testCase = testSuite->list[i];
CuTestRun(testCase);
if (testCase->failed) { testSuite->failCount += 1; }
}
}
void CuSuiteSummary(CuSuite* testSuite, CuString* summary)
{
int i;
for (i = 0 ; i < testSuite->count ; ++i)
{
CuTest* testCase = testSuite->list[i];
CuStringAppend(summary, testCase->failed ? "F" : ".");
}
CuStringAppend(summary, "\n\n");
}
void CuSuiteDetails(CuSuite* testSuite, CuString* details)
{
int i;
int failCount = 0;
if (testSuite->failCount == 0)
{
int passCount = testSuite->count - testSuite->failCount;
const char* testWord = passCount == 1 ? "test" : "tests";
CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord);
}
else
{
if (testSuite->failCount == 1)
CuStringAppend(details, "There was 1 failure:\n");
else
CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount);
for (i = 0 ; i < testSuite->count ; ++i)
{
CuTest* testCase = testSuite->list[i];
if (testCase->failed)
{
failCount++;
CuStringAppendFormat(details, "%d) %s: %s\n",
failCount, testCase->name, testCase->message);
}
}
CuStringAppend(details, "\n!!!FAILURES!!!\n");
CuStringAppendFormat(details, "Runs: %d ", testSuite->count);
CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount);
CuStringAppendFormat(details, "Fails: %d\n", testSuite->failCount);
}
}

139
kernel/libsepol/cil/test/unit/CuTest.h Normal file
View File

@ -0,0 +1,139 @@
/*
* Copyright (c) 2003 Asim Jalis
*
* This software is provided 'as-is', without any express or implied
* warranty. In no event will the authors be held liable for any damages
* arising from the use of this software.
*
* Permission is granted to anyone to use this software for any purpose,
* including commercial applications, and to alter it and redistribute it
* freely, subject to the following restrictions:
*
* 1. The origin of this software must not be misrepresented; you must not
* claim that you wrote the original software. If you use this software in
* a product, an acknowledgment in the product documentation would be
* appreciated but is not required.
*
* 2. Altered source versions must be plainly marked as such, and must not
* be misrepresented as being the original software.
*
* 3. This notice may not be removed or altered from any source
* distribution.
*/
#ifndef CU_TEST_H
#define CU_TEST_H
#include <setjmp.h>
#include <stdarg.h>
#define CUTEST_VERSION "CuTest 1.5"
/* CuString */
char* CuStrAlloc(int size);
char* CuStrCopy(const char* old);
#define CU_ALLOC(TYPE) ((TYPE*) malloc(sizeof(TYPE)))
#define HUGE_STRING_LEN 8192
#define STRING_MAX 256
#define STRING_INC 256
typedef struct
{
int length;
int size;
char* buffer;
} CuString;
void CuStringInit(CuString* str);
CuString* CuStringNew(void);
void CuStringRead(CuString* str, const char* path);
void CuStringAppend(CuString* str, const char* text);
void CuStringAppendChar(CuString* str, char ch);
void CuStringAppendFormat(CuString* str, const char* format, ...);
void CuStringInsert(CuString* str, const char* text, int pos);
void CuStringResize(CuString* str, int newSize);
void CuStringDelete(CuString* str);
/* CuTest */
typedef struct CuTest CuTest;
typedef void (*TestFunction)(CuTest *);
struct CuTest
{
char* name;
TestFunction function;
int failed;
int ran;
const char* message;
jmp_buf *jumpBuf;
};
void CuTestInit(CuTest* t, const char* name, TestFunction function);
CuTest* CuTestNew(const char* name, TestFunction function);
void CuTestRun(CuTest* tc);
void CuTestDelete(CuTest *t);
/* Internal versions of assert functions -- use the public versions */
void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message);
void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition);
void CuAssertStrEquals_LineMsg(CuTest* tc,
const char* file, int line, const char* message,
const char* expected, const char* actual);
void CuAssertIntEquals_LineMsg(CuTest* tc,
const char* file, int line, const char* message,
int expected, int actual);
void CuAssertDblEquals_LineMsg(CuTest* tc,
const char* file, int line, const char* message,
double expected, double actual, double delta);
void CuAssertPtrEquals_LineMsg(CuTest* tc,
const char* file, int line, const char* message,
void* expected, void* actual);
/* public assert functions */
#define CuFail(tc, ms) CuFail_Line( (tc), __FILE__, __LINE__, NULL, (ms))
#define CuAssert(tc, ms, cond) CuAssert_Line((tc), __FILE__, __LINE__, (ms), (cond))
#define CuAssertTrue(tc, cond) CuAssert_Line((tc), __FILE__, __LINE__, "assert failed", (cond))
#define CuAssertStrEquals(tc,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac))
#define CuAssertStrEquals_Msg(tc,ms,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac))
#define CuAssertIntEquals(tc,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac))
#define CuAssertIntEquals_Msg(tc,ms,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac))
#define CuAssertDblEquals(tc,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac),(dl))
#define CuAssertDblEquals_Msg(tc,ms,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac),(dl))
#define CuAssertPtrEquals(tc,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac))
#define CuAssertPtrEquals_Msg(tc,ms,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac))
#define CuAssertPtrNotNull(tc,p) CuAssert_Line((tc),__FILE__,__LINE__,"null pointer unexpected",(p != NULL))
#define CuAssertPtrNotNullMsg(tc,msg,p) CuAssert_Line((tc),__FILE__,__LINE__,(msg),(p != NULL))
/* CuSuite */
#define MAX_TEST_CASES 1024
#define SUITE_ADD_TEST(SUITE,TEST) CuSuiteAdd(SUITE, CuTestNew(#TEST, TEST))
typedef struct
{
int count;
CuTest* list[MAX_TEST_CASES];
int failCount;
} CuSuite;
void CuSuiteInit(CuSuite* testSuite);
CuSuite* CuSuiteNew(void);
void CuSuiteDelete(CuSuite *testSuite);
void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase);
void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2);
void CuSuiteRun(CuSuite* testSuite);
void CuSuiteSummary(CuSuite* testSuite, CuString* summary);
void CuSuiteDetails(CuSuite* testSuite, CuString* details);
#endif /* CU_TEST_H */

179
kernel/libsepol/cil/test/unit/test_cil.c Normal file
View File

@ -0,0 +1,179 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "test_cil.h"
#include "../../src/cil_internal.h"
#include "../../src/cil_tree.h"
void test_cil_symtab_array_init(CuTest *tc) {
struct cil_db *test_new_db;
test_new_db = malloc(sizeof(*test_new_db));
cil_symtab_array_init(test_new_db->symtab, cil_sym_sizes[CIL_SYM_ARRAY_ROOT]);
CuAssertPtrNotNull(tc, test_new_db->symtab);
free(test_new_db);
}
void test_cil_db_init(CuTest *tc) {
struct cil_db *test_db;
cil_db_init(&test_db);
CuAssertPtrNotNull(tc, test_db->ast);
CuAssertPtrNotNull(tc, test_db->symtab);
CuAssertPtrNotNull(tc, test_db->symtab);
}
// TODO: Reach SEPOL_ERR return in cil_db_init ( currently can't produce a method to do so )
void test_cil_get_symtab_block(CuTest *tc) {
symtab_t *symtab = NULL;
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->parent->flavor = CIL_BLOCK;
test_ast_node->line = 1;
int rc = cil_get_symtab(test_db, test_ast_node->parent, &symtab, CIL_SYM_BLOCKS);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertPtrNotNull(tc, symtab);
}
void test_cil_get_symtab_class(CuTest *tc) {
symtab_t *symtab = NULL;
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->parent->flavor = CIL_CLASS;
test_ast_node->line = 1;
int rc = cil_get_symtab(test_db, test_ast_node->parent, &symtab, CIL_SYM_BLOCKS);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertPtrNotNull(tc, symtab);
}
void test_cil_get_symtab_root(CuTest *tc) {
symtab_t *symtab = NULL;
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->parent->flavor = CIL_ROOT;
test_ast_node->line = 1;
int rc = cil_get_symtab(test_db, test_ast_node->parent, &symtab, CIL_SYM_BLOCKS);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertPtrNotNull(tc, symtab);
}
void test_cil_get_symtab_flavor_neg(CuTest *tc) {
symtab_t *symtab = NULL;
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->parent->flavor = 1234567;
test_ast_node->line = 1;
int rc = cil_get_symtab(test_db, test_ast_node->parent, &symtab, CIL_SYM_BLOCKS);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
CuAssertPtrEquals(tc, symtab, NULL);
}
void test_cil_get_symtab_null_neg(CuTest *tc) {
symtab_t *symtab = NULL;
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = NULL;
test_ast_node->line = 1;
int rc = cil_get_symtab(test_db, test_ast_node->parent, &symtab, CIL_SYM_BLOCKS);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
CuAssertPtrEquals(tc, symtab, NULL);
}
void test_cil_get_symtab_node_null_neg(CuTest *tc) {
symtab_t *symtab = NULL;
struct cil_tree_node *test_ast_node = NULL;
struct cil_db *test_db;
cil_db_init(&test_db);
int rc = cil_get_symtab(test_db, test_ast_node, &symtab, CIL_SYM_BLOCKS);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
CuAssertPtrEquals(tc, symtab, NULL);
CuAssertPtrEquals(tc, test_ast_node, NULL);
}
void test_cil_get_symtab_parent_null_neg(CuTest *tc) {
symtab_t *symtab = NULL;
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = NULL;
test_ast_node->line = 1;
int rc = cil_get_symtab(test_db, test_ast_node->parent, &symtab, CIL_SYM_BLOCKS);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
CuAssertPtrEquals(tc, symtab, NULL);
}

46
kernel/libsepol/cil/test/unit/test_cil.h Normal file
View File

@ -0,0 +1,46 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_H_
#define TEST_CIL_H_
#include "CuTest.h"
void test_cil_symtab_array_init(CuTest *);
void test_cil_symtab_array_init_null_symtab_neg(CuTest *);
void test_cil_db_init(CuTest *);
void test_cil_get_symtab_block(CuTest *);
void test_cil_get_symtab_class(CuTest *);
void test_cil_get_symtab_root(CuTest *);
void test_cil_get_symtab_flavor_neg(CuTest *);
void test_cil_get_symtab_null_neg(CuTest *);
void test_cil_get_symtab_node_null_neg(CuTest *);
void test_cil_get_symtab_parent_null_neg(CuTest *);
#endif

19179
kernel/libsepol/cil/test/unit/test_cil_build_ast.c Normal file
View File

File diff suppressed because it is too large Load Diff

1198
kernel/libsepol/cil/test/unit/test_cil_build_ast.h Normal file
View File

File diff suppressed because it is too large Load Diff

2571
kernel/libsepol/cil/test/unit/test_cil_copy_ast.c Normal file
View File

File diff suppressed because it is too large Load Diff

176
kernel/libsepol/cil/test/unit/test_cil_copy_ast.h Normal file
View File

@ -0,0 +1,176 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_COPY_AST_H_
#define TEST_CIL_COPY_AST_H_
#include "CuTest.h"
void test_cil_copy_list(CuTest *);
void test_cil_copy_list_sublist(CuTest *);
void test_cil_copy_list_sublist_extra(CuTest *);
void test_cil_copy_list_orignull_neg(CuTest *);
void test_cil_copy_block(CuTest *);
void test_cil_copy_node_helper_block(CuTest *tc);
void test_cil_copy_node_helper_block_merge(CuTest *tc);
void test_cil_copy_perm(CuTest *);
void test_cil_copy_node_helper_perm(CuTest *tc);
void test_cil_copy_node_helper_perm_neg(CuTest *tc);
void test_cil_copy_class(CuTest *);
void test_cil_copy_node_helper_class(CuTest *tc);
void test_cil_copy_node_helper_class_dup_neg(CuTest *tc);
void test_cil_copy_common(CuTest *);
void test_cil_copy_node_helper_common(CuTest *tc);
void test_cil_copy_node_helper_common_dup_neg(CuTest *tc);
void test_cil_copy_classcommon(CuTest *);
void test_cil_copy_node_helper_classcommon(CuTest *tc);
void test_cil_copy_sid(CuTest *);
void test_cil_copy_node_helper_sid(CuTest *tc);
void test_cil_copy_node_helper_sid_merge(CuTest *tc);
void test_cil_copy_sidcontext(CuTest *);
void test_cil_copy_node_helper_sidcontext(CuTest *tc);
void test_cil_copy_user(CuTest *);
void test_cil_copy_node_helper_user(CuTest *tc);
void test_cil_copy_node_helper_user_merge(CuTest *tc);
void test_cil_copy_role(CuTest *);
void test_cil_copy_node_helper_role(CuTest *tc);
void test_cil_copy_node_helper_role_merge(CuTest *tc);
void test_cil_copy_userrole(CuTest *);
void test_cil_copy_node_helper_userrole(CuTest *tc);
void test_cil_copy_type(CuTest *);
void test_cil_copy_node_helper_type(CuTest *tc);
void test_cil_copy_node_helper_type_merge(CuTest *tc);
void test_cil_copy_typeattribute(CuTest *);
void test_cil_copy_node_helper_typeattribute(CuTest *tc);
void test_cil_copy_node_helper_typeattribute_merge(CuTest *tc);
void test_cil_copy_typealias(CuTest *);
void test_cil_copy_node_helper_typealias(CuTest *tc);
void test_cil_copy_node_helper_typealias_dup_neg(CuTest *tc);
void test_cil_copy_bool(CuTest *);
void test_cil_copy_node_helper_bool(CuTest *tc);
void test_cil_copy_node_helper_bool_dup_neg(CuTest *tc);
void test_cil_copy_avrule(CuTest *);
void test_cil_copy_node_helper_avrule(CuTest *tc);
void test_cil_copy_type_rule(CuTest *);
void test_cil_copy_node_helper_type_rule(CuTest *tc);
void test_cil_copy_sens(CuTest *);
void test_cil_copy_node_helper_sens(CuTest *tc);
void test_cil_copy_node_helper_sens_merge(CuTest *tc);
void test_cil_copy_sensalias(CuTest *);
void test_cil_copy_node_helper_sensalias(CuTest *tc);
void test_cil_copy_node_helper_sensalias_dup_neg(CuTest *tc);
void test_cil_copy_cat(CuTest *);
void test_cil_copy_node_helper_cat(CuTest *tc);
void test_cil_copy_node_helper_cat_merge(CuTest *tc);
void test_cil_copy_catalias(CuTest *);
void test_cil_copy_node_helper_catalias(CuTest *tc);
void test_cil_copy_node_helper_catalias_dup_neg(CuTest *tc);
void test_cil_copy_senscat(CuTest *);
void test_cil_copy_node_helper_senscat(CuTest *tc);
void test_cil_copy_catorder(CuTest *);
void test_cil_copy_node_helper_catorder(CuTest *tc);
void test_cil_copy_dominance(CuTest *);
void test_cil_copy_node_helper_dominance(CuTest *tc);
void test_cil_copy_level(CuTest *);
void test_cil_copy_node_helper_level(CuTest *tc);
void test_cil_copy_node_helper_level_dup_neg(CuTest *tc);
void test_cil_copy_fill_level(CuTest *);
void test_cil_copy_context(CuTest *);
void test_cil_copy_node_helper_context(CuTest *tc);
void test_cil_copy_node_helper_context_dup_neg(CuTest *tc);
void test_cil_copy_netifcon(CuTest *);
void test_cil_copy_netifcon_nested(CuTest *);
void test_cil_copy_node_helper_netifcon(CuTest *tc);
void test_cil_copy_node_helper_netifcon_merge(CuTest *tc);
void test_cil_copy_fill_context(CuTest *);
void test_cil_copy_fill_context_anonrange(CuTest *);
void test_cil_copy_call(CuTest *);
void test_cil_copy_node_helper_call(CuTest *tc);
void test_cil_copy_optional(CuTest *);
void test_cil_copy_node_helper_optional(CuTest *tc);
void test_cil_copy_node_helper_optional_merge(CuTest *tc);
void test_cil_copy_nodecon(CuTest *);
void test_cil_copy_nodecon_anon(CuTest *);
void test_cil_copy_fill_ipaddr(CuTest *);
void test_cil_copy_ipaddr(CuTest *);
void test_cil_copy_node_helper_ipaddr(CuTest *tc);
void test_cil_copy_node_helper_ipaddr_dup_neg(CuTest *tc);
void test_cil_copy_conditional(CuTest *);
void test_cil_copy_boolif(CuTest *);
void test_cil_copy_node_helper_boolif(CuTest *tc);
void test_cil_copy_constrain(CuTest *);
void test_cil_copy_node_helper_mlsconstrain(CuTest *tc);
void test_cil_copy_ast(CuTest *);
void test_cil_copy_ast_neg(CuTest *);
void test_cil_copy_node_helper_orignull_neg(CuTest *tc);
void test_cil_copy_node_helper_extraargsnull_neg(CuTest *tc);
void test_cil_copy_data_helper(CuTest *tc);
void test_cil_copy_data_helper_getparentsymtab_neg(CuTest *tc);
void test_cil_copy_data_helper_duplicatedb_neg(CuTest *tc);
#endif

75
kernel/libsepol/cil/test/unit/test_cil_fqn.c Normal file
View File

@ -0,0 +1,75 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "CilTest.h"
#include "../../src/cil_fqn.h"
#include "../../src/cil_build_ast.h"
void test_cil_qualify_name(CuTest *tc) {
char *line[] = {"(", "category", "c0", ")",
"(", "categoryorder", "(", "c0", ")", ")",
"(", "sensitivity", "s0", ")",
"(", "sensitivitycategory", "s0", "(", "c0", ")", ")",
"(", "type", "blah_t", ")",
"(", "role", "blah_r", ")",
"(", "user", "blah_u", ")",
"(", "context", "con", "(", "blah_u", "blah_r", "blah_t", "(", "s0", "(", "c0", ")", ")", "(", "s0", "(", "c0", ")", ")", ")", ")",
"(", "sid", "test", "con", NULL};
struct cil_tree *tree;
gen_test_tree(&tree, line);
struct cil_db *test_db;
cil_db_init(&test_db);
cil_build_ast(test_db, tree->root, test_db->ast->root);
int rc = cil_fqn_qualify(test_db->ast->root);
CuAssertIntEquals(tc, SEPOL_OK, rc);
}
void test_cil_qualify_name_cil_flavor(CuTest *tc) {
char *line[] = {"(", "class", "file", "inherits", "file",
"(", "open", ")", ")", NULL};
struct cil_tree *tree;
gen_test_tree(&tree, line);
struct cil_db *test_db;
cil_db_init(&test_db);
cil_build_ast(test_db, tree->root, test_db->ast->root);
int rc = cil_fqn_qualify(test_db->ast->root);
CuAssertIntEquals(tc, SEPOL_OK, rc);
}

37
kernel/libsepol/cil/test/unit/test_cil_fqn.h Normal file
View File

@ -0,0 +1,37 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_FQN_H_
#define TEST_CIL_FQN_H_
#include "CuTest.h"
void test_cil_qualify_name(CuTest *);
void test_cil_qualify_name_cil_flavor(CuTest *tc);
#endif

100
kernel/libsepol/cil/test/unit/test_cil_lexer.c Normal file
View File

@ -0,0 +1,100 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "test_cil_lexer.h"
#include "../../src/cil_lexer.h"
void test_cil_lexer_setup(CuTest *tc) {
char *test_str = "(test \"qstring\");comment\n";
uint32_t str_size = strlen(test_str);
char *buffer = malloc(str_size + 2);
memset(buffer+str_size, 0, 2);
strncpy(buffer, test_str, str_size);
int rc = cil_lexer_setup(buffer, str_size + 2);
CuAssertIntEquals(tc, SEPOL_OK, rc);
free(buffer);
}
void test_cil_lexer_next(CuTest *tc) {
char *test_str = "(test \"qstring\") ;comment\n";
uint32_t str_size = strlen(test_str);
char *buffer = malloc(str_size + 2);
memset(buffer+str_size, 0, 2);
strcpy(buffer, test_str);
cil_lexer_setup(buffer, str_size + 2);
struct token test_tok;
int rc = cil_lexer_next(&test_tok);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertIntEquals(tc, OPAREN, test_tok.type);
CuAssertStrEquals(tc, "(", test_tok.value);
CuAssertIntEquals(tc, 1, test_tok.line);
rc = cil_lexer_next(&test_tok);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertIntEquals(tc, SYMBOL, test_tok.type);
CuAssertStrEquals(tc, "test", test_tok.value);
CuAssertIntEquals(tc, 1, test_tok.line);
rc = cil_lexer_next(&test_tok);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertIntEquals(tc, QSTRING, test_tok.type);
CuAssertStrEquals(tc, "\"qstring\"", test_tok.value);
CuAssertIntEquals(tc, 1, test_tok.line);
rc = cil_lexer_next(&test_tok);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertIntEquals(tc, CPAREN, test_tok.type);
CuAssertStrEquals(tc, ")", test_tok.value);
CuAssertIntEquals(tc, 1, test_tok.line);
rc = cil_lexer_next(&test_tok);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertIntEquals(tc, COMMENT, test_tok.type);
CuAssertStrEquals(tc, ";comment", test_tok.value);
CuAssertIntEquals(tc, 1, test_tok.line);
free(buffer);
}

38
kernel/libsepol/cil/test/unit/test_cil_lexer.h Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_LEXER_H_
#define TEST_CIL_LEXER_H_
#include "CuTest.h"
void test_cil_lexer_setup(CuTest *);
void test_cil_lexer_next(CuTest *);
#endif

345
kernel/libsepol/cil/test/unit/test_cil_list.c Normal file
View File

@ -0,0 +1,345 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include "CuTest.h"
#include "CilTest.h"
#include "../../src/cil_internal.h"
#include "../../src/cil_build_ast.h"
void test_cil_list_init(CuTest *tc) {
struct cil_avrule *test_avrule = malloc(sizeof(*test_avrule));
cil_classpermset_init(&test_avrule->classpermset);
cil_permset_init(&test_avrule->classpermset->permset);
cil_list_init(&test_avrule->classpermset->permset->perms_list_str);
CuAssertPtrNotNull(tc, test_avrule->classpermset->permset->perms_list_str);
cil_destroy_avrule(test_avrule);
}
void test_cil_list_append_item(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
int rc = cil_list_append_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_OK, rc);
}
void test_cil_list_append_item_append(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
int rc = cil_list_append_item(test_class_list, test_new_item);
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head->next;
int rc2 = cil_list_append_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertIntEquals(tc, SEPOL_OK, rc2);
}
void test_cil_list_append_item_append_extra(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", "process", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
int rc = cil_list_append_item(test_class_list, test_new_item);
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head->next;
int rc2 = cil_list_append_item(test_class_list, test_new_item);
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head->next->next;
int rc3 = cil_list_append_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertIntEquals(tc, SEPOL_OK, rc2);
CuAssertIntEquals(tc, SEPOL_OK, rc3);
}
void test_cil_list_append_item_listnull_neg(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list = NULL;
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
int rc = cil_list_append_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
}
void test_cil_list_append_item_itemnull_neg(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item = NULL;
int rc = cil_list_append_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
}
void test_cil_list_prepend_item(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
int rc = cil_list_prepend_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_OK, rc);
}
void test_cil_list_prepend_item_prepend(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
int rc = cil_list_prepend_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_OK, rc);
}
void test_cil_list_prepend_item_prepend_neg(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", "process", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
struct cil_list_item *test_new_item_next;
cil_list_item_init(&test_new_item_next);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head->next;
test_new_item->next = test_new_item_next;
int rc = cil_list_prepend_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
}
void test_cil_list_prepend_item_listnull_neg(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list = NULL;
struct cil_list_item *test_new_item;
cil_list_item_init(&test_new_item);
test_new_item->flavor = CIL_CLASS;
test_new_item->data = test_tree->root->cl_head->cl_head->next->cl_head;
int rc = cil_list_prepend_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
}
void test_cil_list_prepend_item_itemnull_neg(CuTest *tc) {
char *line[] = {"(", "mlsconstrain", "(", "file", "dir", ")", "(", "create", "relabelto", ")", "(", "eq", "12", "h2", ")", ")", NULL};
struct cil_tree *test_tree;
gen_test_tree(&test_tree, line);
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
struct cil_list *test_class_list;
cil_list_init(&test_class_list);
struct cil_list_item *test_new_item = NULL;
int rc = cil_list_prepend_item(test_class_list, test_new_item);
CuAssertIntEquals(tc, SEPOL_ERR, rc);
}

46
kernel/libsepol/cil/test/unit/test_cil_list.h Normal file
View File

@ -0,0 +1,46 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_LIST_H_
#define TEST_CIL_LIST_H_
#include "CuTest.h"
void test_cil_list_item_init(CuTest *);
void test_cil_list_append_item(CuTest *);
void test_cil_list_append_item_append(CuTest *);
void test_cil_list_append_item_append_extra(CuTest *);
void test_cil_list_append_item_listnull_neg(CuTest *);
void test_cil_list_append_item_itemnull_neg(CuTest *);
void test_cil_list_prepend_item_prepend(CuTest *);
void test_cil_list_prepend_item_prepend_neg(CuTest *);
void test_cil_list_prepend_item_listnull_neg(CuTest *);
void test_cil_list_prepend_item_itemnull_neg(CuTest *);
#endif

57
kernel/libsepol/cil/test/unit/test_cil_parser.c Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "CilTest.h"
#include "test_cil_parser.h"
#include "../../src/cil_parser.h"
#include "../../src/cil_internal.h"
// TODO rewrite to use the gen_tree function
void test_cil_parser(CuTest *tc) {
int rc = 0;
struct cil_file_data *data;
struct cil_tree *test_parse_root;
cil_tree_init(&test_parse_root);
struct cil_db *test_db;
cil_db_init(&test_db);
set_cil_file_data(&data);
rc = cil_parser("policy.cil", data->buffer, data->file_size + 2, &test_parse_root);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertPtrNotNull(tc, test_parse_root);
// TODO add checking of the parse tree that is returned
}

37
kernel/libsepol/cil/test/unit/test_cil_parser.h Normal file
View File

@ -0,0 +1,37 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_PARSER_H_
#define TEST_CIL_PARSER_H_
#include "CuTest.h"
void test_cil_parser(CuTest *);
#endif

703
kernel/libsepol/cil/test/unit/test_cil_post.c Normal file
View File

@ -0,0 +1,703 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "CilTest.h"
#include "test_cil_post.h"
#include "../../src/cil_post.h"
#include "../../src/cil_internal.h"
void test_cil_post_filecon_compare_meta_a_not_b(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = "ba.r";
afilecon->path_str = "foo";
bfilecon->root_str = "barr";
bfilecon->path_str = "foo";
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_filecon_compare_meta_b_not_a(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = "bar";
afilecon->path_str = "foo";
bfilecon->root_str = "ba.rr";
bfilecon->path_str = "foo";
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_filecon_compare_meta_a_and_b_strlen_a_greater_b(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = ".\\$";
afilecon->path_str = ".$({";
bfilecon->root_str = ".?";
bfilecon->path_str = ".";
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_filecon_compare_type_atype_greater_btype(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = ".\\$";
afilecon->path_str = ".$({";
afilecon->type = CIL_FILECON_CHAR;
bfilecon->root_str = ".\\$";
bfilecon->path_str = ".$({";
bfilecon->type = CIL_FILECON_DIR;
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_filecon_compare_type_btype_greater_atype(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = ".\\$";
afilecon->path_str = ".$({";
afilecon->type = CIL_FILECON_DIR;
bfilecon->root_str = ".\\$";
bfilecon->path_str = ".$({";
bfilecon->type = CIL_FILECON_CHAR;
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_filecon_compare_meta_a_and_b_strlen_b_greater_a(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = ".";
afilecon->path_str = ".";
bfilecon->root_str = ".*+|[({";
bfilecon->path_str = ".";
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_filecon_compare_stemlen_a_greater_b(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = "bar";
afilecon->path_str = "foo";
bfilecon->root_str = "barr";
bfilecon->path_str = "foo";
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_filecon_compare_stemlen_b_greater_a(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = "barre";
afilecon->path_str = "foo";
bfilecon->root_str = "barr";
bfilecon->path_str = "foo";
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_filecon_compare_equal(CuTest *tc) {
struct cil_filecon *afilecon;
cil_filecon_init(&afilecon);
struct cil_filecon *bfilecon;
cil_filecon_init(&bfilecon);
afilecon->root_str = ".\\$";
afilecon->path_str = ".$({";
afilecon->type = CIL_FILECON_DIR;
bfilecon->root_str = ".\\$";
bfilecon->path_str = ".$({";
bfilecon->type = CIL_FILECON_DIR;
int rc = cil_post_filecon_compare(&afilecon, &bfilecon);
CuAssertIntEquals(tc, 0, rc);
}
void test_cil_post_portcon_compare_atotal_greater_btotal(CuTest *tc) {
struct cil_portcon *aportcon;
cil_portcon_init(&aportcon);
struct cil_portcon *bportcon;
cil_portcon_init(&bportcon);
aportcon->port_low = 15;
aportcon->port_high = 30;
bportcon->port_low = 10;
bportcon->port_high = 11;
int rc = cil_post_portcon_compare(&aportcon, &bportcon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_portcon_compare_btotal_greater_atotal(CuTest *tc) {
struct cil_portcon *aportcon;
cil_portcon_init(&aportcon);
struct cil_portcon *bportcon;
cil_portcon_init(&bportcon);
aportcon->port_low = 5;
aportcon->port_high = 5;
bportcon->port_low = 11;
bportcon->port_high = 20;
int rc = cil_post_portcon_compare(&aportcon, &bportcon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_portcon_compare_aportlow_greater_bportlow(CuTest *tc) {
struct cil_portcon *aportcon;
cil_portcon_init(&aportcon);
struct cil_portcon *bportcon;
cil_portcon_init(&bportcon);
aportcon->port_low = 30;
aportcon->port_high = 33;
bportcon->port_low = 17;
bportcon->port_high = 20;
int rc = cil_post_portcon_compare(&aportcon, &bportcon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_portcon_compare_bportlow_greater_aportlow(CuTest *tc) {
struct cil_portcon *aportcon;
cil_portcon_init(&aportcon);
struct cil_portcon *bportcon;
cil_portcon_init(&bportcon);
aportcon->port_low = 5;
aportcon->port_high = 8;
bportcon->port_low = 17;
bportcon->port_high = 20;
int rc = cil_post_portcon_compare(&aportcon, &bportcon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_portcon_compare_equal(CuTest *tc) {
struct cil_portcon *aportcon;
cil_portcon_init(&aportcon);
struct cil_portcon *bportcon;
cil_portcon_init(&bportcon);
aportcon->port_low = 17;
aportcon->port_high = 20;
bportcon->port_low = 17;
bportcon->port_high = 20;
int rc = cil_post_portcon_compare(&aportcon, &bportcon);
CuAssertTrue(tc, rc == 0);
}
void test_cil_post_genfscon_compare_atypestr_greater_btypestr(CuTest *tc) {
struct cil_genfscon *agenfscon;
cil_genfscon_init(&agenfscon);
agenfscon->fs_str = "aaaa";
struct cil_genfscon *bgenfscon;
cil_genfscon_init(&bgenfscon);
bgenfscon->fs_str = "bbbb";
int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_genfscon_compare_btypestr_greater_atypestr(CuTest *tc) {
struct cil_genfscon *agenfscon;
cil_genfscon_init(&agenfscon);
agenfscon->fs_str = "bbbb";
struct cil_genfscon *bgenfscon;
cil_genfscon_init(&bgenfscon);
bgenfscon->fs_str = "aaaa";
int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_genfscon_compare_apathstr_greater_bpathstr(CuTest *tc) {
struct cil_genfscon *agenfscon;
cil_genfscon_init(&agenfscon);
agenfscon->fs_str = "aaaa";
agenfscon->path_str = "ff";
struct cil_genfscon *bgenfscon;
cil_genfscon_init(&bgenfscon);
bgenfscon->fs_str = "aaaa";
bgenfscon->path_str = "gg";
int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_genfscon_compare_bpathstr_greater_apathstr(CuTest *tc) {
struct cil_genfscon *agenfscon;
cil_genfscon_init(&agenfscon);
agenfscon->fs_str = "bbbb";
agenfscon->path_str = "cccc";
struct cil_genfscon *bgenfscon;
cil_genfscon_init(&bgenfscon);
bgenfscon->fs_str = "bbbb";
bgenfscon->path_str = "aaaa";
int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_genfscon_compare_equal(CuTest *tc) {
struct cil_genfscon *agenfscon;
cil_genfscon_init(&agenfscon);
agenfscon->fs_str = "bbbb";
agenfscon->path_str = "cccc";
struct cil_genfscon *bgenfscon;
cil_genfscon_init(&bgenfscon);
bgenfscon->fs_str = "bbbb";
bgenfscon->path_str = "cccc";
int rc = cil_post_genfscon_compare(&agenfscon, &bgenfscon);
CuAssertIntEquals(tc, 0, rc);
}
void test_cil_post_netifcon_compare_a_greater_b(CuTest *tc) {
struct cil_netifcon *anetifcon;
cil_netifcon_init(&anetifcon);
anetifcon->interface_str = "aaa";
struct cil_netifcon *bnetifcon;
cil_netifcon_init(&bnetifcon);
bnetifcon->interface_str = "bbb";
int rc = cil_post_netifcon_compare(&anetifcon, &bnetifcon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_netifcon_compare_b_greater_a(CuTest *tc) {
struct cil_netifcon *anetifcon;
cil_netifcon_init(&anetifcon);
anetifcon->interface_str = "bbb";
struct cil_netifcon *bnetifcon;
cil_netifcon_init(&bnetifcon);
bnetifcon->interface_str = "aaa";
int rc = cil_post_netifcon_compare(&anetifcon, &bnetifcon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_netifcon_compare_equal(CuTest *tc) {
struct cil_netifcon *anetifcon;
cil_netifcon_init(&anetifcon);
anetifcon->interface_str = "aaa";
struct cil_netifcon *bnetifcon;
cil_netifcon_init(&bnetifcon);
bnetifcon->interface_str = "aaa";
int rc = cil_post_netifcon_compare(&anetifcon, &bnetifcon);
CuAssertTrue(tc, rc == 0);
}
void test_cil_post_nodecon_compare_aipv4_bipv6(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v4.s_addr = 103;
anodecon->mask->ip.v4.s_addr = 100;
anodecon->addr->family = AF_INET;
bnodecon->addr->ip.v4.s_addr = 100;
bnodecon->mask->ip.v4.s_addr = 100;
bnodecon->addr->family = AF_INET6;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_nodecon_compare_aipv6_bipv4(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v4.s_addr = 103;
anodecon->mask->ip.v4.s_addr = 100;
anodecon->addr->family = AF_INET6;
bnodecon->addr->ip.v4.s_addr = 100;
bnodecon->mask->ip.v4.s_addr = 100;
bnodecon->addr->family = AF_INET;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_nodecon_compare_aipv4_greaterthan_bipv4(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v4.s_addr = 103;
anodecon->mask->ip.v4.s_addr = 100;
anodecon->addr->family = AF_INET;
bnodecon->addr->ip.v4.s_addr = 100;
bnodecon->mask->ip.v4.s_addr = 100;
bnodecon->addr->family = AF_INET;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_nodecon_compare_aipv4_lessthan_bipv4(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v4.s_addr = 99;
anodecon->mask->ip.v4.s_addr = 100;
anodecon->addr->family = AF_INET;
bnodecon->addr->ip.v4.s_addr = 100;
bnodecon->mask->ip.v4.s_addr = 100;
bnodecon->addr->family = AF_INET;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_nodecon_compare_amaskipv4_greaterthan_bmaskipv4(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v4.s_addr = 103;
anodecon->mask->ip.v4.s_addr = 101;
anodecon->addr->family = AF_INET;
bnodecon->addr->ip.v4.s_addr = 100;
bnodecon->mask->ip.v4.s_addr = 100;
bnodecon->addr->family = AF_INET;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_nodecon_compare_amaskipv4_lessthan_bmaskipv4(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v4.s_addr = 99;
anodecon->mask->ip.v4.s_addr = 99;
anodecon->addr->family = AF_INET;
bnodecon->addr->ip.v4.s_addr = 100;
bnodecon->mask->ip.v4.s_addr = 100;
bnodecon->addr->family = AF_INET;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_nodecon_compare_aipv6_greaterthan_bipv6(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v6.s6_addr[0] = '5';
anodecon->mask->ip.v6.s6_addr[0] = '9';
anodecon->addr->family = AF_INET6;
bnodecon->addr->ip.v6.s6_addr[0] = '3';
bnodecon->mask->ip.v6.s6_addr[0] = '9';
bnodecon->addr->family = AF_INET6;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_nodecon_compare_aipv6_lessthan_bipv6(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v6.s6_addr[0] = '3';
anodecon->mask->ip.v6.s6_addr[0] = '1';
anodecon->addr->family = AF_INET6;
bnodecon->addr->ip.v6.s6_addr[0] = '5';
bnodecon->mask->ip.v6.s6_addr[0] = '1';
bnodecon->addr->family = AF_INET6;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_nodecon_compare_amaskipv6_greaterthan_bmaskipv6(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v6.s6_addr[0] = '1';
anodecon->mask->ip.v6.s6_addr[0] = '4';
anodecon->addr->family = AF_INET6;
bnodecon->addr->ip.v6.s6_addr[0] = '1';
bnodecon->mask->ip.v6.s6_addr[0] = '3';
bnodecon->addr->family = AF_INET6;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_nodecon_compare_amaskipv6_lessthan_bmaskipv6(CuTest *tc) {
struct cil_nodecon *anodecon;
cil_nodecon_init(&anodecon);
cil_ipaddr_init(&anodecon->addr);
cil_ipaddr_init(&anodecon->mask);
struct cil_nodecon *bnodecon;
cil_nodecon_init(&bnodecon);
cil_ipaddr_init(&bnodecon->addr);
cil_ipaddr_init(&bnodecon->mask);
anodecon->addr->ip.v6.s6_addr[0] = '5';
anodecon->mask->ip.v6.s6_addr[0] = '1';
anodecon->addr->family = AF_INET6;
bnodecon->addr->ip.v6.s6_addr[0] = '5';
bnodecon->mask->ip.v6.s6_addr[0] = '6';
bnodecon->addr->family = AF_INET6;
int rc = cil_post_nodecon_compare(&anodecon, &bnodecon);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_fsuse_compare_type_a_greater_b(CuTest *tc) {
struct cil_fsuse *afsuse;
cil_fsuse_init(&afsuse);
afsuse->type = CIL_FSUSE_XATTR;
struct cil_fsuse *bfsuse;
cil_fsuse_init(&bfsuse);
bfsuse->type = CIL_FSUSE_TASK;
int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_fsuse_compare_type_b_greater_a(CuTest *tc) {
struct cil_fsuse *afsuse;
cil_fsuse_init(&afsuse);
afsuse->type = CIL_FSUSE_TASK;
struct cil_fsuse *bfsuse;
cil_fsuse_init(&bfsuse);
bfsuse->type = CIL_FSUSE_XATTR;
int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_fsuse_compare_fsstr_a_greater_b(CuTest *tc) {
struct cil_fsuse *afsuse;
cil_fsuse_init(&afsuse);
afsuse->type = CIL_FSUSE_XATTR;
afsuse->fs_str = "aaa";
struct cil_fsuse *bfsuse;
cil_fsuse_init(&bfsuse);
bfsuse->type = CIL_FSUSE_XATTR;
bfsuse->fs_str = "bbb";
int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
CuAssertTrue(tc, rc < 0);
}
void test_cil_post_fsuse_compare_fsstr_b_greater_a(CuTest *tc) {
struct cil_fsuse *afsuse;
cil_fsuse_init(&afsuse);
afsuse->type = CIL_FSUSE_XATTR;
afsuse->fs_str = "bbb";
struct cil_fsuse *bfsuse;
cil_fsuse_init(&bfsuse);
bfsuse->type = CIL_FSUSE_XATTR;
bfsuse->fs_str = "aaa";
int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
CuAssertTrue(tc, rc > 0);
}
void test_cil_post_fsuse_compare_equal(CuTest *tc) {
struct cil_fsuse *afsuse;
cil_fsuse_init(&afsuse);
afsuse->type = CIL_FSUSE_XATTR;
afsuse->fs_str = "foo";
struct cil_fsuse *bfsuse;
cil_fsuse_init(&bfsuse);
bfsuse->type = CIL_FSUSE_XATTR;
bfsuse->fs_str = "foo";
int rc = cil_post_fsuse_compare(&afsuse, &bfsuse);
CuAssertTrue(tc, rc == 0);
}

79
kernel/libsepol/cil/test/unit/test_cil_post.h Normal file
View File

@ -0,0 +1,79 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_POLICY_H_
#define TEST_CIL_POLICY_H_
#include "CuTest.h"
void test_cil_post_filecon_compare_meta_a_not_b(CuTest *tc);
void test_cil_post_filecon_compare_meta_b_not_a(CuTest *tc);
void test_cil_post_filecon_compare_meta_a_and_b_strlen_a_greater_b(CuTest *tc);
void test_cil_post_filecon_compare_meta_a_and_b_strlen_b_greater_a(CuTest *tc);
void test_cil_post_filecon_compare_type_atype_greater_btype(CuTest *tc);
void test_cil_post_filecon_compare_type_btype_greater_atype(CuTest *tc);
void test_cil_post_filecon_compare_stemlen_a_greater_b(CuTest *tc);
void test_cil_post_filecon_compare_stemlen_b_greater_a(CuTest *tc);
void test_cil_post_filecon_compare_equal(CuTest *tc);
void test_cil_post_portcon_compare_atotal_greater_btotal(CuTest *tc);
void test_cil_post_portcon_compare_btotal_greater_atotal(CuTest *tc);
void test_cil_post_portcon_compare_aportlow_greater_bportlow(CuTest *tc);
void test_cil_post_portcon_compare_bportlow_greater_aportlow(CuTest *tc);
void test_cil_post_portcon_compare_equal(CuTest *tc);
void test_cil_post_genfscon_compare_atypestr_greater_btypestr(CuTest *tc);
void test_cil_post_genfscon_compare_btypestr_greater_atypestr(CuTest *tc);
void test_cil_post_genfscon_compare_apathstr_greater_bpathstr(CuTest *tc);
void test_cil_post_genfscon_compare_bpathstr_greater_apathstr(CuTest *tc);
void test_cil_post_genfscon_compare_equal(CuTest *tc);
void test_cil_post_netifcon_compare_a_greater_b(CuTest *tc);
void test_cil_post_netifcon_compare_b_greater_a(CuTest *tc);
void test_cil_post_netifcon_compare_equal(CuTest *tc);
void test_cil_post_nodecon_compare_aipv4_bipv6(CuTest *tc);
void test_cil_post_nodecon_compare_aipv6_bipv4(CuTest *tc);
void test_cil_post_nodecon_compare_aipv4_greaterthan_bipv4(CuTest *tc);
void test_cil_post_nodecon_compare_aipv4_lessthan_bipv4(CuTest *tc);
void test_cil_post_nodecon_compare_amaskipv4_greaterthan_bmaskipv4(CuTest *tc);
void test_cil_post_nodecon_compare_amaskipv4_lessthan_bmaskipv4(CuTest *tc);
void test_cil_post_nodecon_compare_aipv6_greaterthan_bipv6(CuTest *tc);
void test_cil_post_nodecon_compare_aipv6_lessthan_bipv6(CuTest *tc);
void test_cil_post_nodecon_compare_amaskipv6_greaterthan_bmaskipv6(CuTest *tc);
void test_cil_post_nodecon_compare_amaskipv6_lessthan_bmaskipv6(CuTest *tc);
void test_cil_post_fsuse_compare_type_a_greater_b(CuTest *tc);
void test_cil_post_fsuse_compare_type_b_greater_a(CuTest *tc);
void test_cil_post_fsuse_compare_fsstr_a_greater_b(CuTest *tc);
void test_cil_post_fsuse_compare_fsstr_b_greater_a(CuTest *tc);
void test_cil_post_fsuse_compare_equal(CuTest *tc);
#endif

11319
kernel/libsepol/cil/test/unit/test_cil_resolve_ast.c Normal file
View File

File diff suppressed because it is too large Load Diff

578
kernel/libsepol/cil/test/unit/test_cil_resolve_ast.h Normal file
View File

@ -0,0 +1,578 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_RESOLVE_AST_H_
#define TEST_CIL_RESOLVE_AST_H_
#include "CuTest.h"
void test_cil_resolve_name(CuTest *);
void test_cil_resolve_name_invalid_type_neg(CuTest *);
void test_cil_resolve_ast_curr_null_neg(CuTest *);
/*
cil_resolve test cases
*/
void test_cil_resolve_roleallow(CuTest *);
void test_cil_resolve_roleallow_srcdecl_neg(CuTest *);
void test_cil_resolve_roleallow_tgtdecl_neg(CuTest *);
void test_cil_resolve_rolebounds(CuTest *tc);
void test_cil_resolve_rolebounds_exists_neg(CuTest *tc);
void test_cil_resolve_rolebounds_role1_neg(CuTest *tc);
void test_cil_resolve_rolebounds_role2_neg(CuTest *tc);
void test_cil_resolve_sensalias(CuTest *);
void test_cil_resolve_sensalias_sensdecl_neg(CuTest *);
void test_cil_resolve_catalias(CuTest *);
void test_cil_resolve_catalias_catdecl_neg(CuTest *);
void test_cil_resolve_catorder(CuTest *);
void test_cil_resolve_catorder_neg(CuTest *);
void test_cil_resolve_dominance(CuTest *);
void test_cil_resolve_dominance_neg(CuTest *);
void test_cil_resolve_cat_list(CuTest *);
void test_cil_resolve_cat_list_catlistnull_neg(CuTest *);
void test_cil_resolve_cat_list_rescatlistnull_neg(CuTest *);
void test_cil_resolve_cat_list_catrange(CuTest *);
void test_cil_resolve_cat_list_catrange_neg(CuTest *);
void test_cil_resolve_cat_list_catname_neg(CuTest *);
void test_cil_resolve_catset(CuTest *);
void test_cil_resolve_catset_catlist_neg(CuTest *);
void test_cil_resolve_catrange(CuTest *);
void test_cil_resolve_catrange_catloworder_neg(CuTest *);
void test_cil_resolve_catrange_cathighorder_neg(CuTest *);
void test_cil_resolve_catrange_cat1_neg(CuTest *);
void test_cil_resolve_catrange_cat2_neg(CuTest *);
void test_cil_resolve_senscat(CuTest *);
void test_cil_resolve_senscat_catrange_neg(CuTest *);
void test_cil_resolve_senscat_catsetname(CuTest *);
void test_cil_resolve_senscat_catsetname_neg(CuTest *);
void test_cil_resolve_senscat_sublist(CuTest *);
void test_cil_resolve_senscat_missingsens_neg(CuTest *);
void test_cil_resolve_senscat_sublist_neg(CuTest *);
void test_cil_resolve_senscat_category_neg(CuTest *);
void test_cil_resolve_senscat_currrangecat(CuTest *);
void test_cil_resolve_senscat_currrangecat_neg(CuTest *);
void test_cil_resolve_level(CuTest *);
void test_cil_resolve_level_catlist(CuTest *);
void test_cil_resolve_level_catset(CuTest *);
void test_cil_resolve_level_catset_name_neg(CuTest *);
void test_cil_resolve_level_sens_neg(CuTest *);
void test_cil_resolve_level_cat_neg(CuTest *);
void test_cil_resolve_level_senscat_neg(CuTest *);
void test_cil_resolve_levelrange_namedlvl(CuTest *);
void test_cil_resolve_levelrange_namedlvl_low_neg(CuTest *);
void test_cil_resolve_levelrange_namedlvl_high_neg(CuTest *);
void test_cil_resolve_levelrange_anonlvl(CuTest *);
void test_cil_resolve_levelrange_anonlvl_low_neg(CuTest *);
void test_cil_resolve_levelrange_anonlvl_high_neg(CuTest *);
void test_cil_resolve_constrain(CuTest *);
void test_cil_resolve_constrain_class_neg(CuTest *);
void test_cil_resolve_constrain_perm_neg(CuTest *);
void test_cil_resolve_constrain_perm_resolve_neg(CuTest *);
void test_cil_resolve_context(CuTest *);
void test_cil_resolve_context_macro(CuTest *);
void test_cil_resolve_context_macro_neg(CuTest *);
void test_cil_resolve_context_namedrange(CuTest *);
void test_cil_resolve_context_namedrange_neg(CuTest *);
void test_cil_resolve_context_macro_namedrange_anon(CuTest *);
void test_cil_resolve_context_user_neg(CuTest *);
void test_cil_resolve_context_role_neg(CuTest *);
void test_cil_resolve_context_type_neg(CuTest *);
void test_cil_resolve_context_anon_level_neg(CuTest *);
void test_cil_resolve_roletransition(CuTest *);
void test_cil_resolve_roletransition_srcdecl_neg(CuTest *);
void test_cil_resolve_roletransition_tgtdecl_neg(CuTest *);
void test_cil_resolve_roletransition_resultdecl_neg(CuTest *);
void test_cil_resolve_typeattributeset_type_in_multiple_attrs(CuTest *);
void test_cil_resolve_typeattributeset_multiple_excludes_with_not(CuTest *);
void test_cil_resolve_typeattributeset_multiple_types_with_and(CuTest *);
void test_cil_resolve_typeattributeset_using_attr(CuTest *);
void test_cil_resolve_typeattributeset_name_neg(CuTest *);
void test_cil_resolve_typeattributeset_undef_type_neg(CuTest *);
void test_cil_resolve_typeattributeset_not(CuTest *);
void test_cil_resolve_typeattributeset_undef_type_not_neg(CuTest *);
void test_cil_resolve_typealias(CuTest *);
void test_cil_resolve_typealias_neg(CuTest *);
void test_cil_resolve_typebounds(CuTest *);
void test_cil_resolve_typebounds_repeatbind_neg(CuTest *);
void test_cil_resolve_typebounds_type1_neg(CuTest *);
void test_cil_resolve_typebounds_type2_neg(CuTest *);
void test_cil_resolve_typepermissive(CuTest *);
void test_cil_resolve_typepermissive_neg(CuTest *);
void test_cil_resolve_nametypetransition(CuTest *);
void test_cil_resolve_nametypetransition_src_neg(CuTest *);
void test_cil_resolve_nametypetransition_tgt_neg(CuTest *);
void test_cil_resolve_nametypetransition_class_neg(CuTest *);
void test_cil_resolve_nametypetransition_dest_neg(CuTest *);
void test_cil_resolve_rangetransition(CuTest *);
void test_cil_resolve_rangetransition_namedrange(CuTest *);
void test_cil_resolve_rangetransition_namedrange_anon(CuTest *);
void test_cil_resolve_rangetransition_namedrange_anon_neg(CuTest *);
void test_cil_resolve_rangetransition_namedrange_neg(CuTest *);
void test_cil_resolve_rangetransition_type1_neg(CuTest *);
void test_cil_resolve_rangetransition_type2_neg(CuTest *);
void test_cil_resolve_rangetransition_class_neg(CuTest *);
void test_cil_resolve_rangetransition_call_level_l_anon(CuTest *);
void test_cil_resolve_rangetransition_call_level_l_anon_neg(CuTest *);
void test_cil_resolve_rangetransition_call_level_h_anon(CuTest *);
void test_cil_resolve_rangetransition_call_level_h_anon_neg(CuTest *);
void test_cil_resolve_rangetransition_level_l_neg(CuTest *);
void test_cil_resolve_rangetransition_level_h_neg(CuTest *);
void test_cil_resolve_rangetransition_anon_level_l(CuTest *);
void test_cil_resolve_rangetransition_anon_level_l_neg(CuTest *);
void test_cil_resolve_rangetransition_anon_level_h(CuTest *);
void test_cil_resolve_rangetransition_anon_level_h_neg(CuTest *);
void test_cil_resolve_classcommon(CuTest *);
void test_cil_resolve_classcommon_no_class_neg(CuTest *);
void test_cil_resolve_classcommon_neg(CuTest *);
void test_cil_resolve_classcommon_no_common_neg(CuTest *);
void test_cil_resolve_classmapping_named(CuTest *);
void test_cil_resolve_classmapping_anon(CuTest *);
void test_cil_resolve_classmapping_anon_inmacro(CuTest *);
void test_cil_resolve_classmapping_anon_inmacro_neg(CuTest *);
void test_cil_resolve_classmapping_named_classmapname_neg(CuTest *);
void test_cil_resolve_classmapping_anon_classmapname_neg(CuTest *);
void test_cil_resolve_classmapping_anon_permset_neg(CuTest *);
void test_cil_resolve_classpermset_named(CuTest *);
void test_cil_resolve_classpermset_named_namedpermlist(CuTest *);
void test_cil_resolve_classpermset_named_permlist_neg(CuTest *);
void test_cil_resolve_classpermset_named_unnamedcps_neg(CuTest *);
void test_cil_resolve_classpermset_anon(CuTest *);
void test_cil_resolve_classpermset_anon_namedpermlist(CuTest *);
void test_cil_resolve_classpermset_anon_permlist_neg(CuTest *);
void test_cil_resolve_avrule(CuTest *);
void test_cil_resolve_avrule_permset(CuTest *);
void test_cil_resolve_avrule_permset_neg(CuTest *);
void test_cil_resolve_avrule_permset_permdne_neg(CuTest *);
void test_cil_resolve_avrule_firsttype_neg(CuTest *);
void test_cil_resolve_avrule_secondtype_neg(CuTest *);
void test_cil_resolve_avrule_class_neg(CuTest *);
void test_cil_resolve_avrule_perm_neg(CuTest *);
void test_cil_resolve_type_rule_transition(CuTest *);
void test_cil_resolve_type_rule_transition_srcdecl_neg(CuTest *);
void test_cil_resolve_type_rule_transition_tgtdecl_neg(CuTest *);
void test_cil_resolve_type_rule_transition_objdecl_neg(CuTest *);
void test_cil_resolve_type_rule_transition_resultdecl_neg(CuTest *);
void test_cil_resolve_type_rule_change(CuTest *);
void test_cil_resolve_type_rule_change_srcdecl_neg(CuTest *);
void test_cil_resolve_type_rule_change_tgtdecl_neg(CuTest *);
void test_cil_resolve_type_rule_change_objdecl_neg(CuTest *);
void test_cil_resolve_type_rule_change_resultdecl_neg(CuTest *);
void test_cil_resolve_type_rule_member(CuTest *);
void test_cil_resolve_type_rule_member_srcdecl_neg(CuTest *);
void test_cil_resolve_type_rule_member_tgtdecl_neg(CuTest *);
void test_cil_resolve_type_rule_member_objdecl_neg(CuTest *);
void test_cil_resolve_type_rule_member_resultdecl_neg(CuTest *);
void test_cil_resolve_filecon(CuTest *);
void test_cil_resolve_filecon_neg(CuTest *);
void test_cil_resolve_filecon_anon_context(CuTest *);
void test_cil_resolve_filecon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_filecon(CuTest *tc);
void test_cil_resolve_ast_node_helper_filecon_neg(CuTest *tc);
void test_cil_resolve_portcon(CuTest *);
void test_cil_resolve_portcon_neg(CuTest *);
void test_cil_resolve_portcon_anon_context(CuTest *);
void test_cil_resolve_portcon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_portcon(CuTest *tc);
void test_cil_resolve_ast_node_helper_portcon_neg(CuTest *tc);
void test_cil_resolve_genfscon(CuTest *);
void test_cil_resolve_genfscon_neg(CuTest *);
void test_cil_resolve_genfscon_anon_context(CuTest *);
void test_cil_resolve_genfscon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_genfscon(CuTest *tc);
void test_cil_resolve_ast_node_helper_genfscon_neg(CuTest *tc);
void test_cil_resolve_nodecon_ipv4(CuTest *);
void test_cil_resolve_nodecon_ipv6(CuTest *);
void test_cil_resolve_nodecon_anonipaddr_ipv4(CuTest *);
void test_cil_resolve_nodecon_anonnetmask_ipv4(CuTest *);
void test_cil_resolve_nodecon_anonipaddr_ipv6(CuTest *);
void test_cil_resolve_nodecon_anonnetmask_ipv6(CuTest *);
void test_cil_resolve_nodecon_diffipfam_neg(CuTest *);
void test_cil_resolve_nodecon_context_neg(CuTest *);
void test_cil_resolve_nodecon_ipaddr_neg(CuTest *);
void test_cil_resolve_nodecon_netmask_neg(CuTest *);
void test_cil_resolve_nodecon_anon_context(CuTest *);
void test_cil_resolve_nodecon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_nodecon(CuTest *tc);
void test_cil_resolve_ast_node_helper_nodecon_ipaddr_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_nodecon_netmask_neg(CuTest *tc);
void test_cil_resolve_netifcon(CuTest *);
void test_cil_resolve_netifcon_otf_neg(CuTest *);
void test_cil_resolve_netifcon_interface_neg(CuTest *);
void test_cil_resolve_netifcon_unnamed(CuTest *);
void test_cil_resolve_netifcon_unnamed_packet_neg(CuTest *);
void test_cil_resolve_netifcon_unnamed_otf_neg(CuTest *);
void test_cil_resolve_ast_node_helper_netifcon(CuTest *tc);
void test_cil_resolve_ast_node_helper_netifcon_neg(CuTest *tc);
void test_cil_resolve_pirqcon(CuTest *);
void test_cil_resolve_pirqcon_context_neg(CuTest *);
void test_cil_resolve_pirqcon_anon_context(CuTest *);
void test_cil_resolve_pirqcon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_pirqcon(CuTest *tc);
void test_cil_resolve_ast_node_helper_pirqcon_neg(CuTest *tc);
void test_cil_resolve_iomemcon(CuTest *);
void test_cil_resolve_iomemcon_context_neg(CuTest *);
void test_cil_resolve_iomemcon_anon_context(CuTest *);
void test_cil_resolve_iomemcon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_iomemcon(CuTest *tc);
void test_cil_resolve_ast_node_helper_iomemcon_neg(CuTest *tc);
void test_cil_resolve_ioportcon(CuTest *);
void test_cil_resolve_ioportcon_context_neg(CuTest *);
void test_cil_resolve_ioportcon_anon_context(CuTest *);
void test_cil_resolve_ioportcon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_ioportcon(CuTest *tc);
void test_cil_resolve_ast_node_helper_ioportcon_neg(CuTest *tc);
void test_cil_resolve_pcidevicecon(CuTest *);
void test_cil_resolve_pcidevicecon_context_neg(CuTest *);
void test_cil_resolve_pcidevicecon_anon_context(CuTest *);
void test_cil_resolve_pcidevicecon_anon_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_pcidevicecon(CuTest *tc);
void test_cil_resolve_ast_node_helper_pcidevicecon_neg(CuTest *tc);
void test_cil_resolve_fsuse(CuTest *);
void test_cil_resolve_fsuse_neg(CuTest *);
void test_cil_resolve_fsuse_anon(CuTest *);
void test_cil_resolve_fsuse_anon_neg(CuTest *);
void test_cil_resolve_ast_node_helper_fsuse(CuTest *tc);
void test_cil_resolve_ast_node_helper_fsuse_neg(CuTest *tc);
void test_cil_resolve_sidcontext(CuTest *);
void test_cil_resolve_sidcontext_named_levels(CuTest *);
void test_cil_resolve_sidcontext_named_context(CuTest *);
void test_cil_resolve_sidcontext_named_context_wrongname_neg(CuTest *tc);
void test_cil_resolve_sidcontext_named_context_invaliduser_neg(CuTest *tc);
void test_cil_resolve_sidcontext_named_context_sidcontextnull_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_sidcontext(CuTest *tc);
void test_cil_resolve_ast_node_helper_sidcontext_neg(CuTest *tc);
void test_cil_resolve_blockinherit(CuTest *);
void test_cil_resolve_blockinherit_blockstrdne_neg(CuTest *);
void test_cil_resolve_ast_node_helper_blockinherit(CuTest *tc);
void test_cil_resolve_in_block(CuTest *);
void test_cil_resolve_in_blockstrdne_neg(CuTest *);
void test_cil_resolve_in_macro(CuTest *);
void test_cil_resolve_in_optional(CuTest *);
void test_cil_resolve_call1_noparam(CuTest *);
void test_cil_resolve_call1_type(CuTest *);
void test_cil_resolve_call1_role(CuTest *);
void test_cil_resolve_call1_user(CuTest *);
void test_cil_resolve_call1_sens(CuTest *);
void test_cil_resolve_call1_cat(CuTest *);
void test_cil_resolve_call1_catset(CuTest *);
void test_cil_resolve_call1_catset_anon(CuTest *);
void test_cil_resolve_call1_catset_anon_neg(CuTest *);
void test_cil_resolve_call1_level(CuTest *);
void test_cil_resolve_call1_class(CuTest *);
void test_cil_resolve_call1_classmap(CuTest *);
void test_cil_resolve_call1_permset(CuTest *);
void test_cil_resolve_call1_permset_anon(CuTest *);
void test_cil_resolve_call1_classpermset_named(CuTest *);
void test_cil_resolve_call1_classpermset_anon(CuTest *);
void test_cil_resolve_call1_classpermset_anon_neg(CuTest *);
void test_cil_resolve_call1_level(CuTest *);
void test_cil_resolve_call1_level_anon(CuTest *);
void test_cil_resolve_call1_level_anon_neg(CuTest *);
void test_cil_resolve_call1_ipaddr(CuTest *);
void test_cil_resolve_call1_ipaddr_anon(CuTest *);
void test_cil_resolve_call1_ipaddr_anon_neg(CuTest *);
void test_cil_resolve_call1_unknown_neg(CuTest *);
void test_cil_resolve_call1_unknowncall_neg(CuTest *);
void test_cil_resolve_call1_extraargs_neg(CuTest *);
void test_cil_resolve_call1_copy_dup(CuTest *);
void test_cil_resolve_call1_missing_arg_neg(CuTest *);
void test_cil_resolve_call1_paramsflavor_neg(CuTest *);
void test_cil_resolve_call1_unknownflavor_neg(CuTest *);
void test_cil_resolve_call2_type(CuTest *);
void test_cil_resolve_call2_role(CuTest *);
void test_cil_resolve_call2_user(CuTest *);
void test_cil_resolve_call2_sens(CuTest *);
void test_cil_resolve_call2_cat(CuTest *);
void test_cil_resolve_call2_catset(CuTest *);
void test_cil_resolve_call2_catset_anon(CuTest *);
void test_cil_resolve_call2_permset(CuTest *);
void test_cil_resolve_call2_permset_anon(CuTest *);
void test_cil_resolve_call2_classpermset_named(CuTest *);
void test_cil_resolve_call2_classpermset_anon(CuTest *);
void test_cil_resolve_call2_class(CuTest *);
void test_cil_resolve_call2_classmap(CuTest *);
void test_cil_resolve_call2_level(CuTest *);
void test_cil_resolve_call2_level_anon(CuTest *);
void test_cil_resolve_call2_ipaddr(CuTest *);
void test_cil_resolve_call2_ipaddr_anon(CuTest *);
void test_cil_resolve_call2_unknown_neg(CuTest *);
void test_cil_resolve_name_call_args(CuTest *);
void test_cil_resolve_name_call_args_multipleparams(CuTest *);
void test_cil_resolve_name_call_args_diffflavor(CuTest *);
void test_cil_resolve_name_call_args_callnull_neg(CuTest *);
void test_cil_resolve_name_call_args_namenull_neg(CuTest *);
void test_cil_resolve_name_call_args_callargsnull_neg(CuTest *);
void test_cil_resolve_name_call_args_name_neg(CuTest *);
void test_cil_resolve_expr_stack_bools(CuTest *);
void test_cil_resolve_expr_stack_tunables(CuTest *);
void test_cil_resolve_expr_stack_type(CuTest *);
void test_cil_resolve_expr_stack_role(CuTest *);
void test_cil_resolve_expr_stack_user(CuTest *);
void test_cil_resolve_expr_stack_neg(CuTest *);
void test_cil_resolve_expr_stack_emptystr_neg(CuTest *);
void test_cil_resolve_boolif(CuTest *);
void test_cil_resolve_boolif_neg(CuTest *);
void test_cil_evaluate_expr_stack_and(CuTest *);
void test_cil_evaluate_expr_stack_not(CuTest *);
void test_cil_evaluate_expr_stack_or(CuTest *);
void test_cil_evaluate_expr_stack_xor(CuTest *);
void test_cil_evaluate_expr_stack_eq(CuTest *);
void test_cil_evaluate_expr_stack_neq(CuTest *);
void test_cil_evaluate_expr_stack_oper1(CuTest *);
void test_cil_evaluate_expr_stack_oper2(CuTest *);
void test_cil_evaluate_expr_stack_neg(CuTest *);
void test_cil_resolve_tunif_false(CuTest *);
void test_cil_resolve_tunif_true(CuTest *);
void test_cil_resolve_tunif_resolveexpr_neg(CuTest *);
void test_cil_resolve_tunif_evaluateexpr_neg(CuTest *);
void test_cil_resolve_userbounds(CuTest *tc);
void test_cil_resolve_userbounds_exists_neg(CuTest *tc);
void test_cil_resolve_userbounds_user1_neg(CuTest *tc);
void test_cil_resolve_userbounds_user2_neg(CuTest *tc);
void test_cil_resolve_roletype(CuTest *tc);
void test_cil_resolve_roletype_type_neg(CuTest *tc);
void test_cil_resolve_roletype_role_neg(CuTest *tc);
void test_cil_resolve_userrole(CuTest *tc);
void test_cil_resolve_userrole_user_neg(CuTest *tc);
void test_cil_resolve_userrole_role_neg(CuTest *tc);
void test_cil_resolve_userlevel(CuTest *tc);
void test_cil_resolve_userlevel_macro(CuTest *tc);
void test_cil_resolve_userlevel_macro_neg(CuTest *tc);
void test_cil_resolve_userlevel_level_anon(CuTest *tc);
void test_cil_resolve_userlevel_level_anon_neg(CuTest *tc);
void test_cil_resolve_userlevel_user_neg(CuTest *tc);
void test_cil_resolve_userlevel_level_neg(CuTest *tc);
void test_cil_resolve_userrange(CuTest *tc);
void test_cil_resolve_userrange_macro(CuTest *tc);
void test_cil_resolve_userrange_macro_neg(CuTest *tc);
void test_cil_resolve_userrange_range_anon(CuTest *tc);
void test_cil_resolve_userrange_range_anon_neg(CuTest *tc);
void test_cil_resolve_userrange_user_neg(CuTest *tc);
void test_cil_resolve_userrange_range_neg(CuTest *tc);
void test_cil_disable_children_helper_optional_enabled(CuTest *tc);
void test_cil_disable_children_helper_optional_disabled(CuTest *tc);
void test_cil_disable_children_helper_block(CuTest *tc);
void test_cil_disable_children_helper_user(CuTest *tc);
void test_cil_disable_children_helper_role(CuTest *tc);
void test_cil_disable_children_helper_type(CuTest *tc);
void test_cil_disable_children_helper_typealias(CuTest *tc);
void test_cil_disable_children_helper_common(CuTest *tc);
void test_cil_disable_children_helper_class(CuTest *tc);
void test_cil_disable_children_helper_bool(CuTest *tc);
void test_cil_disable_children_helper_sens(CuTest *tc);
void test_cil_disable_children_helper_cat(CuTest *tc);
void test_cil_disable_children_helper_catset(CuTest *tc);
void test_cil_disable_children_helper_sid(CuTest *tc);
void test_cil_disable_children_helper_macro(CuTest *tc);
void test_cil_disable_children_helper_context(CuTest *tc);
void test_cil_disable_children_helper_level(CuTest *tc);
void test_cil_disable_children_helper_policycap(CuTest *tc);
void test_cil_disable_children_helper_perm(CuTest *tc);
void test_cil_disable_children_helper_catalias(CuTest *tc);
void test_cil_disable_children_helper_sensalias(CuTest *tc);
void test_cil_disable_children_helper_tunable(CuTest *tc);
void test_cil_disable_children_helper_unknown(CuTest *tc);
/*
__cil_resolve_ast_node_helper test cases
*/
void test_cil_resolve_ast_node_helper_call1(CuTest *);
void test_cil_resolve_ast_node_helper_call1_neg(CuTest *);
void test_cil_resolve_ast_node_helper_call2(CuTest *);
void test_cil_resolve_ast_node_helper_call2_neg(CuTest *);
void test_cil_resolve_ast_node_helper_boolif(CuTest *);
void test_cil_resolve_ast_node_helper_boolif_neg(CuTest *);
void test_cil_resolve_ast_node_helper_tunif(CuTest *);
void test_cil_resolve_ast_node_helper_tunif_neg(CuTest *);
void test_cil_resolve_ast_node_helper_catorder(CuTest *);
void test_cil_resolve_ast_node_helper_catorder_neg(CuTest *);
void test_cil_resolve_ast_node_helper_dominance(CuTest *);
void test_cil_resolve_ast_node_helper_dominance_neg(CuTest *);
void test_cil_resolve_ast_node_helper_roleallow(CuTest *);
void test_cil_resolve_ast_node_helper_roleallow_neg(CuTest *);
void test_cil_resolve_ast_node_helper_rolebounds(CuTest *tc);
void test_cil_resolve_ast_node_helper_rolebounds_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_sensalias(CuTest *);
void test_cil_resolve_ast_node_helper_sensalias_neg(CuTest *);
void test_cil_resolve_ast_node_helper_catalias(CuTest *);
void test_cil_resolve_ast_node_helper_catalias_neg(CuTest *);
void test_cil_resolve_ast_node_helper_catset(CuTest *);
void test_cil_resolve_ast_node_helper_catset_catlist_neg(CuTest *);
void test_cil_resolve_ast_node_helper_level(CuTest *);
void test_cil_resolve_ast_node_helper_level_neg(CuTest *);
void test_cil_resolve_ast_node_helper_levelrange(CuTest *);
void test_cil_resolve_ast_node_helper_levelrange_neg(CuTest *);
void test_cil_resolve_ast_node_helper_constrain(CuTest *);
void test_cil_resolve_ast_node_helper_constrain_neg(CuTest *);
void test_cil_resolve_ast_node_helper_mlsconstrain(CuTest *);
void test_cil_resolve_ast_node_helper_mlsconstrain_neg(CuTest *);
void test_cil_resolve_ast_node_helper_context(CuTest *);
void test_cil_resolve_ast_node_helper_context_neg(CuTest *);
void test_cil_resolve_ast_node_helper_catrange(CuTest *tc);
void test_cil_resolve_ast_node_helper_catrange_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_senscat(CuTest *tc);
void test_cil_resolve_ast_node_helper_senscat_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_roletransition(CuTest *);
void test_cil_resolve_ast_node_helper_roletransition_srcdecl_neg(CuTest *);
void test_cil_resolve_ast_node_helper_roletransition_tgtdecl_neg(CuTest *);
void test_cil_resolve_ast_node_helper_roletransition_resultdecl_neg(CuTest *);
void test_cil_resolve_ast_node_helper_typeattributeset(CuTest *);
void test_cil_resolve_ast_node_helper_typeattributeset_undef_type_neg(CuTest *);
void test_cil_resolve_ast_node_helper_typealias(CuTest *);
void test_cil_resolve_ast_node_helper_typealias_notype_neg(CuTest *);
void test_cil_resolve_ast_node_helper_typebounds(CuTest *);
void test_cil_resolve_ast_node_helper_typebounds_neg(CuTest *);
void test_cil_resolve_ast_node_helper_typepermissive(CuTest *);
void test_cil_resolve_ast_node_helper_typepermissive_neg(CuTest *);
void test_cil_resolve_ast_node_helper_nametypetransition(CuTest *);
void test_cil_resolve_ast_node_helper_nametypetransition_neg(CuTest *);
void test_cil_resolve_ast_node_helper_rangetransition(CuTest *);
void test_cil_resolve_ast_node_helper_rangetransition_neg(CuTest *);
void test_cil_resolve_ast_node_helper_avrule(CuTest *);
void test_cil_resolve_ast_node_helper_avrule_src_nores_neg(CuTest *);
void test_cil_resolve_ast_node_helper_avrule_tgt_nores_neg(CuTest *);
void test_cil_resolve_ast_node_helper_avrule_class_nores_neg(CuTest *);
void test_cil_resolve_ast_node_helper_avrule_datum_null_neg(CuTest *);
void test_cil_resolve_ast_node_helper_type_rule_transition(CuTest *);
void test_cil_resolve_ast_node_helper_type_rule_transition_neg(CuTest *);
void test_cil_resolve_ast_node_helper_type_rule_change(CuTest *);
void test_cil_resolve_ast_node_helper_type_rule_change_neg(CuTest *);
void test_cil_resolve_ast_node_helper_type_rule_member(CuTest *);
void test_cil_resolve_ast_node_helper_type_rule_member_neg(CuTest *);
void test_cil_resolve_ast_node_helper_userbounds(CuTest *tc);
void test_cil_resolve_ast_node_helper_userbounds_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_roletype(CuTest *tc);
void test_cil_resolve_ast_node_helper_roletype_role_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_roletype_type_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_userrole(CuTest *tc);
void test_cil_resolve_ast_node_helper_userrole_user_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_userrole_role_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_userlevel(CuTest *tc);
void test_cil_resolve_ast_node_helper_userlevel_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_userlevel(CuTest *tc);
void test_cil_resolve_ast_node_helper_userlevel_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_userrange(CuTest *tc);
void test_cil_resolve_ast_node_helper_userrange_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_classcommon(CuTest *tc);
void test_cil_resolve_ast_node_helper_classcommon_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_callstack(CuTest *tc);
void test_cil_resolve_ast_node_helper_call(CuTest *tc);
void test_cil_resolve_ast_node_helper_optional(CuTest *tc);
void test_cil_resolve_ast_node_helper_macro(CuTest *tc);
void test_cil_resolve_ast_node_helper_optstack(CuTest *tc);
void test_cil_resolve_ast_node_helper_optstack_tunable_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_optstack_macro_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_nodenull_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_extraargsnull_neg(CuTest *tc);
void test_cil_resolve_ast_node_helper_optfailedtoresolve(CuTest *tc);
#endif

61
kernel/libsepol/cil/test/unit/test_cil_symtab.c Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "test_cil_symtab.h"
#include "../../src/cil_tree.h"
#include "../../src/cil_symtab.h"
#include "../../src/cil_internal.h"
void test_cil_symtab_insert(CuTest *tc) {
symtab_t *test_symtab = NULL;
char* test_name = "test";
struct cil_block *test_block = malloc(sizeof(*test_block));
struct cil_tree_node *test_ast_node;
cil_tree_node_init(&test_ast_node);
struct cil_db *test_db;
cil_db_init(&test_db);
test_ast_node->parent = test_db->ast->root;
test_ast_node->line = 1;
cil_symtab_array_init(test_block->symtab, cil_sym_sizes[CIL_SYM_ARRAY_BLOCK]);
test_block->is_abstract = 0;
cil_get_symtab(test_db, test_ast_node->parent, &test_symtab, CIL_SYM_BLOCKS);
int rc = cil_symtab_insert(test_symtab, (hashtab_key_t)test_name, (struct cil_symtab_datum*)test_block, test_ast_node);
CuAssertIntEquals(tc, SEPOL_OK, rc);
}

37
kernel/libsepol/cil/test/unit/test_cil_symtab.h Normal file
View File

@ -0,0 +1,37 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_SYMTAB_H_
#define TEST_CIL_SYMTAB_H_
#include "CuTest.h"
void test_cil_symtab_insert(CuTest *);
#endif

71
kernel/libsepol/cil/test/unit/test_cil_tree.c Normal file
View File

@ -0,0 +1,71 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "test_cil_tree.h"
#include "../../src/cil_tree.h"
void test_cil_tree_node_init(CuTest *tc) {
struct cil_tree_node *test_node;
cil_tree_node_init(&test_node);
CuAssertPtrNotNull(tc, test_node);
CuAssertPtrEquals(tc, NULL, test_node->cl_head);
CuAssertPtrEquals(tc, NULL, test_node->cl_tail);
CuAssertPtrEquals(tc, NULL, test_node->parent);
CuAssertPtrEquals(tc, NULL, test_node->data);
CuAssertPtrEquals(tc, NULL, test_node->next);
CuAssertIntEquals(tc, 0, test_node->flavor);
CuAssertIntEquals(tc, 0, test_node->line);
free(test_node);
}
void test_cil_tree_init(CuTest *tc) {
struct cil_tree *test_tree;
int rc = cil_tree_init(&test_tree);
CuAssertIntEquals(tc, SEPOL_OK, rc);
CuAssertPtrNotNull(tc, test_tree);
CuAssertPtrEquals(tc, NULL, test_tree->root->cl_head);
CuAssertPtrEquals(tc, NULL, test_tree->root->cl_tail);
CuAssertPtrEquals(tc, NULL, test_tree->root->parent);
CuAssertPtrEquals(tc, NULL, test_tree->root->data);
CuAssertPtrEquals(tc, NULL, test_tree->root->next);
CuAssertIntEquals(tc, 0, test_tree->root->flavor);
CuAssertIntEquals(tc, 0, test_tree->root->line);
free(test_tree);
}

38
kernel/libsepol/cil/test/unit/test_cil_tree.h Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_CIL_TREE_H_
#define TEST_CIL_TREE_H_
#include "CuTest.h"
void test_cil_tree_node_init(CuTest *);
void test_cil_tree_init(CuTest *);
#endif

76
kernel/libsepol/cil/test/unit/test_integration.c Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#include <sepol/policydb/policydb.h>
#include "CuTest.h"
#include "test_integration.h"
#include <unistd.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
void test_integration(CuTest *tc) {
int status = 0, status1 = 0, status2 = 0;
status = system("./secilc -M -c 24 test/integration.cil &> /dev/null");
if (WIFSIGNALED(status) && (WTERMSIG(status) == SIGINT || WTERMSIG(status) == SIGQUIT))
printf("Call to system for secilc failed.\n");
status1 = system("checkpolicy -M -c 24 -o policy.conf.24 test/policy.conf &> /dev/null");
if (WIFSIGNALED(status1) && (WTERMSIG(status1) == SIGINT || WTERMSIG(status1) == SIGQUIT))
printf("Call to checkpolicy failed.\n");
status2 = system("sediff -q policy.24 \\; policy.conf.24 &> /dev/null");
if (WIFSIGNALED(status2) && (WTERMSIG(status2) == SIGINT || WTERMSIG(status2) == SIGQUIT))
printf("Call to sediff for secilc failed.\n");
CuAssertIntEquals(tc, 1, WIFEXITED(status));
CuAssertIntEquals(tc, 0, WEXITSTATUS(status));
CuAssertIntEquals(tc, 1, WIFEXITED(status1));
CuAssertIntEquals(tc, 0, WEXITSTATUS(status1));
CuAssertIntEquals(tc, 1, WIFEXITED(status2));
CuAssertIntEquals(tc, 0, WEXITSTATUS(status2));
}
void test_min_policy(CuTest *tc) {
int status = 0;
status = system("./secilc -M -c 24 test/policy.cil &> /dev/null");
if (WIFSIGNALED(status) && (WTERMSIG(status) == SIGINT || WTERMSIG(status) == SIGQUIT))
printf("Call to system for secilc failed.\n");
CuAssertIntEquals(tc, 1, WIFEXITED(status));
CuAssertIntEquals(tc, 0, WEXITSTATUS(status));
}

38
kernel/libsepol/cil/test/unit/test_integration.h Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
*/
#ifndef TEST_INTEGRATION_H
#define TEST_INTEGRATION_H
#include "CuTest.h"
void test_min_policy(CuTest *);
void test_integration(CuTest *);
#endif

63
kernel/libsepol/fuzz/binpolicy-fuzzer.c Normal file
View File

@ -0,0 +1,63 @@
#include <sepol/debug.h>
#include <sepol/kernel_to_cil.h>
#include <sepol/kernel_to_conf.h>
#include <sepol/policydb/policydb.h>
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
static int write_binary_policy(policydb_t *p, FILE *outfp)
{
struct policy_file pf;
policy_file_init(&pf);
pf.type = PF_USE_STDIO;
pf.fp = outfp;
return ksu_policydb_write(p, &pf);
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
policydb_t policydb = {};
sidtab_t sidtab = {};
struct policy_file pf;
FILE *devnull = NULL;
sepol_debug(0);
policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = (char *) data;
pf.len = size;
if (policydb_init(&policydb))
goto exit;
if (ksu_policydb_read(&policydb, &pf, /*verbose=*/0))
goto exit;
if (ksu_policydb_load_isids(&policydb, &sidtab))
goto exit;
if (policydb.policy_type == POLICY_KERN)
(void) policydb_optimize(&policydb);
devnull = fopen("/dev/null", "w");
if (!devnull)
goto exit;
(void) write_binary_policy(&policydb, devnull);
(void) sepol_kernel_policydb_to_conf(devnull, &policydb);
(void) sepol_kernel_policydb_to_cil(devnull, &policydb);
exit:
if (devnull != NULL)
fclose(devnull);
ksu_policydb_destroy(&policydb);
sepol_sidtab_destroy(&sidtab);
/* Non-zero return values are reserved for future use. */
return 0;
}

BIN
kernel/libsepol/fuzz/policy.bin Normal file
View File

Binary file not shown.

74
kernel/libsepol/fuzz/secilc-fuzzer.c Normal file
View File

@ -0,0 +1,74 @@
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <getopt.h>
#include <sys/stat.h>
#include <sepol/cil/cil.h>
#include <sepol/policydb.h>
static void log_handler(__attribute__((unused)) int lvl, __attribute__((unused)) const char *msg) {
/* be quiet */
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
enum cil_log_level log_level = CIL_ERR;
struct sepol_policy_file *pf = NULL;
FILE *dev_null = NULL;
int target = SEPOL_TARGET_SELINUX;
int disable_dontaudit = 0;
int multiple_decls = 0;
int disable_neverallow = 0;
int preserve_tunables = 0;
int policyvers = POLICYDB_VERSION_MAX;
int mls = -1;
int attrs_expand_generated = 0;
struct cil_db *db = NULL;
sepol_policydb_t *pdb = NULL;
cil_set_log_level(log_level);
cil_set_log_handler(log_handler);
cil_db_init(&db);
cil_set_disable_dontaudit(db, disable_dontaudit);
cil_set_multiple_decls(db, multiple_decls);
cil_set_disable_neverallow(db, disable_neverallow);
cil_set_preserve_tunables(db, preserve_tunables);
cil_set_mls(db, mls);
cil_set_target_platform(db, target);
cil_set_policy_version(db, policyvers);
cil_set_attrs_expand_generated(db, attrs_expand_generated);
if (cil_add_file(db, "fuzz", (const char *)data, size) != SEPOL_OK)
goto exit;
if (cil_compile(db) != SEPOL_OK)
goto exit;
if (cil_build_policydb(db, &pdb) != SEPOL_OK)
goto exit;
if (sepol_policydb_optimize(pdb) != SEPOL_OK)
goto exit;
dev_null = fopen("/dev/null", "w");
if (dev_null == NULL)
goto exit;
if (sepol_policy_file_create(&pf) != 0)
goto exit;
sepol_policy_file_set_fp(pf, dev_null);
if (sepol_policydb_write(pdb, pf) != 0)
goto exit;
exit:
if (dev_null != NULL)
fclose(dev_null);
cil_db_destroy(&db);
sepol_policydb_free(pdb);
sepol_policy_file_free(pf);
return 0;
}

17
kernel/libsepol/include/Makefile Normal file
View File

@ -0,0 +1,17 @@
# Installation directories.
PREFIX ?= /usr
INCDIR = $(PREFIX)/include/sepol
CILDIR ?= ../cil
all:
install: all
test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb
test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil
install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb
install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil
indent:
../../scripts/Lindent $(wildcard sepol/*.h)

59
kernel/libsepol/include/sepol/boolean_record.h Normal file
View File

@ -0,0 +1,59 @@
#ifndef _SEPOL_BOOLEAN_RECORD_H_
#define _SEPOL_BOOLEAN_RECORD_H_
#include <stddef.h>
#include <sepol/handle.h>
#ifdef __cplusplus
extern "C" {
#endif
struct sepol_bool;
struct sepol_bool_key;
typedef struct sepol_bool sepol_bool_t;
typedef struct sepol_bool_key sepol_bool_key_t;
/* Key */
extern int sepol_bool_key_create(sepol_handle_t * handle,
const char *name, sepol_bool_key_t ** key);
extern void sepol_bool_key_unpack(const sepol_bool_key_t * key,
const char **name);
extern int sepol_bool_key_extract(sepol_handle_t * handle,
const sepol_bool_t * boolean,
sepol_bool_key_t ** key_ptr);
extern void sepol_bool_key_free(sepol_bool_key_t * key);
extern int sepol_bool_compare(const sepol_bool_t * boolean,
const sepol_bool_key_t * key);
extern int sepol_bool_compare2(const sepol_bool_t * boolean,
const sepol_bool_t * boolean2);
/* Name */
extern const char *sepol_bool_get_name(const sepol_bool_t * boolean);
extern int sepol_bool_set_name(sepol_handle_t * handle,
sepol_bool_t * boolean, const char *name);
/* Value */
extern int sepol_bool_get_value(const sepol_bool_t * boolean);
extern void sepol_bool_set_value(sepol_bool_t * boolean, int value);
/* Create/Clone/Destroy */
extern int sepol_bool_create(sepol_handle_t * handle, sepol_bool_t ** bool_ptr);
extern int sepol_bool_clone(sepol_handle_t * handle,
const sepol_bool_t * boolean,
sepol_bool_t ** bool_ptr);
extern void sepol_bool_free(sepol_bool_t * boolean);
#ifdef __cplusplus
}
#endif
#endif

49
kernel/libsepol/include/sepol/booleans.h Normal file
View File

@ -0,0 +1,49 @@
#ifndef _SEPOL_BOOLEANS_H_
#define _SEPOL_BOOLEANS_H_
#include <stddef.h>
#include <sepol/policydb.h>
#include <sepol/boolean_record.h>
#include <sepol/handle.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Set the specified boolean */
extern int sepol_bool_set(sepol_handle_t * handle,
sepol_policydb_t * policydb,
const sepol_bool_key_t * key,
const sepol_bool_t * data);
/* Return the number of booleans */
extern int sepol_bool_count(sepol_handle_t * handle,
const sepol_policydb_t * p, unsigned int *response);
/* Check if the specified boolean exists */
extern int sepol_bool_exists(sepol_handle_t * handle,
const sepol_policydb_t * policydb,
const sepol_bool_key_t * key, int *response);
/* Query a boolean - returns the boolean, or NULL if not found */
extern int sepol_bool_query(sepol_handle_t * handle,
const sepol_policydb_t * p,
const sepol_bool_key_t * key,
sepol_bool_t ** response);
/* Iterate the booleans
* The handler may return:
* -1 to signal an error condition,
* 1 to signal successful exit
* 0 to signal continue */
extern int sepol_bool_iterate(sepol_handle_t * handle,
const sepol_policydb_t * policydb,
int (*fn) (const sepol_bool_t * boolean,
void *fn_arg), void *arg);
#ifdef __cplusplus
}
#endif
#endif

34
kernel/libsepol/include/sepol/context.h Normal file
View File

@ -0,0 +1,34 @@
#ifndef _SEPOL_CONTEXT_H_
#define _SEPOL_CONTEXT_H_
#include <sepol/context_record.h>
#include <sepol/policydb.h>
#include <sepol/handle.h>
#ifdef __cplusplus
extern "C" {
#endif
/* -- Deprecated -- */
extern int sepol_check_context(const char *context);
/* -- End deprecated -- */
extern int sepol_context_check(sepol_handle_t * handle,
const sepol_policydb_t * policydb,
const sepol_context_t * context);
extern int sepol_mls_contains(sepol_handle_t * handle,
const sepol_policydb_t * policydb,
const char *mls1,
const char *mls2, int *response);
extern int sepol_mls_check(sepol_handle_t * handle,
const sepol_policydb_t * policydb, const char *mls);
#ifdef __cplusplus
}
#endif
#endif

61
kernel/libsepol/include/sepol/context_record.h Normal file
View File

@ -0,0 +1,61 @@
#ifndef _SEPOL_CONTEXT_RECORD_H_
#define _SEPOL_CONTEXT_RECORD_H_
#include <sepol/handle.h>
#ifdef __cplusplus
extern "C" {
#endif
struct sepol_context;
typedef struct sepol_context sepol_context_t;
/* We don't need a key, because the context is never stored
* in a data collection by itself */
/* User */
extern const char *sepol_context_get_user(const sepol_context_t * con);
extern int sepol_context_set_user(sepol_handle_t * handle,
sepol_context_t * con, const char *user);
/* Role */
extern const char *sepol_context_get_role(const sepol_context_t * con);
extern int sepol_context_set_role(sepol_handle_t * handle,
sepol_context_t * con, const char *role);
/* Type */
extern const char *sepol_context_get_type(const sepol_context_t * con);
extern int sepol_context_set_type(sepol_handle_t * handle,
sepol_context_t * con, const char *type);
/* MLS */
extern const char *sepol_context_get_mls(const sepol_context_t * con);
extern int sepol_context_set_mls(sepol_handle_t * handle,
sepol_context_t * con, const char *mls_range);
/* Create/Clone/Destroy */
extern int sepol_context_create(sepol_handle_t * handle,
sepol_context_t ** con_ptr);
extern int sepol_context_clone(sepol_handle_t * handle,
const sepol_context_t * con,
sepol_context_t ** con_ptr);
extern void sepol_context_free(sepol_context_t * con);
/* Parse to/from string */
extern int sepol_context_from_string(sepol_handle_t * handle,
const char *str, sepol_context_t ** con);
extern int sepol_context_to_string(sepol_handle_t * handle,
const sepol_context_t * con, char **str_ptr);
#ifdef __cplusplus
}
#endif
#endif

43
kernel/libsepol/include/sepol/debug.h Normal file
View File

@ -0,0 +1,43 @@
#ifndef _SEPOL_DEBUG_H_
#define _SEPOL_DEBUG_H_
#include <sepol/handle.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Deprecated */
extern void sepol_debug(int on);
/* End deprecated */
#define SEPOL_MSG_ERR 1
#define SEPOL_MSG_WARN 2
#define SEPOL_MSG_INFO 3
extern int sepol_msg_get_level(sepol_handle_t * handle);
extern const char *sepol_msg_get_channel(sepol_handle_t * handle);
extern const char *sepol_msg_get_fname(sepol_handle_t * handle);
/* Set the messaging callback.
* By the default, the callback will print
* the message on standard output, in a
* particular format. Passing NULL here
* indicates that messaging should be suppressed */
extern void sepol_msg_set_callback(sepol_handle_t * handle,
#ifdef __GNUC__
__attribute__ ((format(printf, 3, 4)))
#endif
void (*msg_callback) (void *varg,
sepol_handle_t *
handle,
const char *fmt, ...),
void *msg_callback_arg);
#ifdef __cplusplus
}
#endif
#endif

34
kernel/libsepol/include/sepol/errcodes.h Normal file
View File

@ -0,0 +1,34 @@
/* Author: Karl MacMillan <kmacmillan@mentalrootkit.com> */
#ifndef __sepol_errno_h__
#define __sepol_errno_h__
// #include <errno.h>
#include <linux/errno.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SEPOL_OK 0
/* These first error codes are defined for compatibility with
* previous version of libsepol. In the future, custom error
* codes that don't map to system error codes should be defined
* outside of the range of system error codes.
*/
#define SEPOL_ERR -1
#define SEPOL_ENOTSUP -2 /* feature not supported in module language */
#define SEPOL_EREQ -3 /* requirements not met */
/* Error codes that map to system error codes */
#define SEPOL_ENOMEM -ENOMEM
#define SEPOL_ERANGE -ERANGE
#define SEPOL_EEXIST -EEXIST
#define SEPOL_ENOENT -ENOENT
#ifdef __cplusplus
}
#endif
#endif

Some files were not shown because too many files have changed in this diff Show More