77 static int context_struct_to_string(struct policydb *policydb,
82 static int sidtab_entry_to_string(struct policydb *policydb,
88 static void context_struct_compute_av(struct policydb *policydb,
95 static int selinux_set_mapping(struct policydb *pol,  in selinux_set_mapping()
248 	mls_enabled = policy->policydb.mls_enabled;  in security_mls_enabled()
264 static int constraint_expr_eval(struct policydb *policydb,  in constraint_expr_eval()  argument
309 				r1 = policydb->role_val_to_struct[val1 - 1];  in constraint_expr_eval()
310 				r2 = policydb->role_val_to_struct[val2 - 1];  in constraint_expr_eval()
455 static void security_dump_masked_av(struct policydb *policydb,  in security_dump_masked_av()  argument
476 	tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);  in security_dump_masked_av()
477 	tclass_dat = policydb->class_val_to_struct[tclass - 1];  in security_dump_masked_av()
491 	if (context_struct_to_string(policydb, scontext,  in security_dump_masked_av()
495 	if (context_struct_to_string(policydb, tcontext,  in security_dump_masked_av()
532 static void type_attribute_bounds_av(struct policydb *policydb,  in type_attribute_bounds_av()  argument
545 	source = policydb->type_val_to_struct[scontext->type - 1];  in type_attribute_bounds_av()
551 	target = policydb->type_val_to_struct[tcontext->type - 1];  in type_attribute_bounds_av()
565 	context_struct_compute_av(policydb, &lo_scontext,  in type_attribute_bounds_av()
580 	security_dump_masked_av(policydb, scontext, tcontext,  in type_attribute_bounds_av()
611 static void context_struct_compute_av(struct policydb *policydb,  in context_struct_compute_av()  argument
635 	if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {  in context_struct_compute_av()
640 	tclass_datum = policydb->class_val_to_struct[tclass - 1];  in context_struct_compute_av()
648 	sattr = &policydb->type_attr_map_array[scontext->type - 1];  in context_struct_compute_av()
649 	tattr = &policydb->type_attr_map_array[tcontext->type - 1];  in context_struct_compute_av()
654 			for (node = avtab_search_node(&policydb->te_avtab,  in context_struct_compute_av()
669 			cond_compute_av(&policydb->te_cond_avtab, &avkey,  in context_struct_compute_av()
682 		    !constraint_expr_eval(policydb, scontext, tcontext, NULL,  in context_struct_compute_av()
694 	if (tclass == policydb->process_class &&  in context_struct_compute_av()
695 	    (avd->allowed & policydb->process_trans_perms) &&  in context_struct_compute_av()
697 		for (ra = policydb->role_allow; ra; ra = ra->next) {  in context_struct_compute_av()
703 			avd->allowed &= ~policydb->process_trans_perms;  in context_struct_compute_av()
711 	type_attribute_bounds_av(policydb, scontext, tcontext,  in context_struct_compute_av()
721 	struct policydb *p = &policy->policydb;  in security_validtrans_handle_fail()
750 	struct policydb *policydb;  in security_compute_validatetrans()  local
767 	policydb = &policy->policydb;  in security_compute_validatetrans()
775 	if (!tclass || tclass > policydb->p_classes.nprim) {  in security_compute_validatetrans()
779 	tclass_datum = policydb->class_val_to_struct[tclass - 1];  in security_compute_validatetrans()
807 		if (!constraint_expr_eval(policydb, &oentry->context,  in security_compute_validatetrans()
854 	struct policydb *policydb;  in security_bounded_transition()  local
866 	policydb = &policy->policydb;  in security_bounded_transition()
892 		type = policydb->type_val_to_struct[index - 1];  in security_bounded_transition()
913 		if (!sidtab_entry_to_string(policydb, sidtab, old_entry,  in security_bounded_transition()
915 		    !sidtab_entry_to_string(policydb, sidtab, new_entry,  in security_bounded_transition()
1006 	struct policydb *policydb;  in security_compute_xperms_decision()  local
1027 	policydb = &policy->policydb;  in security_compute_xperms_decision()
1046 		if (policydb->allow_unknown)  in security_compute_xperms_decision()
1052 	if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {  in security_compute_xperms_decision()
1059 	sattr = &policydb->type_attr_map_array[scontext->type - 1];  in security_compute_xperms_decision()
1060 	tattr = &policydb->type_attr_map_array[tcontext->type - 1];  in security_compute_xperms_decision()
1065 			for (node = avtab_search_node(&policydb->te_avtab,  in security_compute_xperms_decision()
1071 			cond_compute_xperms(&policydb->te_cond_avtab,  in security_compute_xperms_decision()
1101 	struct policydb *policydb;  in security_compute_av()  local
1113 	policydb = &policy->policydb;  in security_compute_av()
1124 	if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))  in security_compute_av()
1136 		if (policydb->allow_unknown)  in security_compute_av()
1140 	context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,  in security_compute_av()
1143 		     policydb->allow_unknown);  in security_compute_av()
1158 	struct policydb *policydb;  in security_compute_av_user()  local
1168 	policydb = &policy->policydb;  in security_compute_av_user()
1179 	if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))  in security_compute_av_user()
1190 		if (policydb->allow_unknown)  in security_compute_av_user()
1195 	context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,  in security_compute_av_user()
1212 static int context_struct_to_string(struct policydb *p,  in context_struct_to_string()
1262 static int sidtab_entry_to_string(struct policydb *p,  in sidtab_entry_to_string()
1312 	struct policydb *policydb;  in security_sid_to_context_core()  local
1354 	policydb = &policy->policydb;  in security_sid_to_context_core()
1370 	rc = sidtab_entry_to_string(policydb, sidtab, entry, scontext,  in security_sid_to_context_core()
1425 static int string_to_context_struct(struct policydb *pol,  in string_to_context_struct()
1508 	struct policydb *policydb;  in security_context_to_sid_core()  local
1549 	policydb = &policy->policydb;  in security_context_to_sid_core()
1551 	rc = string_to_context_struct(policydb, sidtab, scontext2,  in security_context_to_sid_core()
1643 	struct policydb *policydb = &policy->policydb;  in compute_sid_handle_invalid_context()  local
1649 	if (sidtab_entry_to_string(policydb, sidtab, sentry, &s, &slen))  in compute_sid_handle_invalid_context()
1651 	if (sidtab_entry_to_string(policydb, sidtab, tentry, &t, &tlen))  in compute_sid_handle_invalid_context()
1653 	if (context_struct_to_string(policydb, newcontext, &n, &nlen))  in compute_sid_handle_invalid_context()
1663 			 s, t, sym_name(policydb, SYM_CLASSES, tclass-1));  in compute_sid_handle_invalid_context()
1674 static void filename_compute_type(struct policydb *policydb,  in filename_compute_type()  argument
1687 	if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))  in filename_compute_type()
1694 	datum = policydb_filenametr_search(policydb, &ft);  in filename_compute_type()
1713 	struct policydb *policydb;  in security_compute_sid()  local
1753 	policydb = &policy->policydb;  in security_compute_sid()
1774 	if (tclass && tclass <= policydb->p_classes.nprim)  in security_compute_sid()
1775 		cladatum = policydb->class_val_to_struct[tclass - 1];  in security_compute_sid()
1801 		if ((tclass == policydb->process_class) || sock)  in security_compute_sid()
1814 	avnode = avtab_search_node(&policydb->te_avtab, &avkey);  in security_compute_sid()
1818 		node = avtab_search_node(&policydb->te_cond_avtab, &avkey);  in security_compute_sid()
1838 		if ((tclass == policydb->process_class) || sock) {  in security_compute_sid()
1849 		filename_compute_type(policydb, &newcontext, scontext->type,  in security_compute_sid()
1862 		rtd = policydb_roletr_search(policydb, &rtk);  in security_compute_sid()
1869 	rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,  in security_compute_sid()
1875 	if (!policydb_context_isvalid(policydb, &newcontext)) {  in security_compute_sid()
1972 	struct policydb *policydb,  in convert_context_handle_invalid_context()  argument
1981 	if (!context_struct_to_string(policydb, context, &s, &len)) {  in convert_context_handle_invalid_context()
2117 	struct policydb *p;  in security_load_policycaps()
2121 	p = &policy->policydb;  in security_load_policycaps()
2149 	policydb_destroy(&policy->policydb);  in selinux_policy_free()
2156 	cond_policydb_destroy_dup(&policy->policydb);  in selinux_policy_cond_free()
2196 		if (oldpolicy->policydb.mls_enabled && !newpolicy->policydb.mls_enabled)  in selinux_policy_commit()
2198 		else if (!oldpolicy->policydb.mls_enabled && newpolicy->policydb.mls_enabled)  in selinux_policy_commit()
2270 	rc = policydb_read(&newpolicy->policydb, fp);  in security_load_policy()
2274 	newpolicy->policydb.len = len;  in security_load_policy()
2275 	rc = selinux_set_mapping(&newpolicy->policydb, secclass_map,  in security_load_policy()
2280 	rc = policydb_load_isids(&newpolicy->policydb, newpolicy->sidtab);  in security_load_policy()
2314 	convert_data->args.oldp = &oldpolicy->policydb;  in security_load_policy()
2315 	convert_data->args.newp = &newpolicy->policydb;  in security_load_policy()
2339 	policydb_destroy(&newpolicy->policydb);  in security_load_policy()
2394 	struct policydb *policydb;  in security_port_sid()  local
2408 	policydb = &policy->policydb;  in security_port_sid()
2411 	c = policydb->ocontexts[OCON_PORT];  in security_port_sid()
2446 	struct policydb *policydb;  in security_ib_pkey_sid()  local
2460 	policydb = &policy->policydb;  in security_ib_pkey_sid()
2463 	c = policydb->ocontexts[OCON_IBPKEY];  in security_ib_pkey_sid()
2498 	struct policydb *policydb;  in security_ib_endport_sid()  local
2512 	policydb = &policy->policydb;  in security_ib_endport_sid()
2515 	c = policydb->ocontexts[OCON_IBENDPORT];  in security_ib_endport_sid()
2550 	struct policydb *policydb;  in security_netif_sid()  local
2564 	policydb = &policy->policydb;  in security_netif_sid()
2567 	c = policydb->ocontexts[OCON_NETIF];  in security_netif_sid()
2616 	struct policydb *policydb;  in security_node_sid()  local
2629 	policydb = &policy->policydb;  in security_node_sid()
2642 		c = policydb->ocontexts[OCON_NODE];  in security_node_sid()
2655 		c = policydb->ocontexts[OCON_NODE6];  in security_node_sid()
2710 	struct policydb *policydb;  in security_get_user_sids()  local
2734 	policydb = &policy->policydb;  in security_get_user_sids()
2745 	user = symtab_search(&policydb->p_users, username);  in security_get_user_sids()
2752 		role = policydb->role_val_to_struct[i];  in security_get_user_sids()
2757 			if (mls_setup_user_range(policydb, fromcon, user,  in security_get_user_sids()
2834 	struct policydb *policydb = &policy->policydb;  in __security_genfs_sid()  local
2847 	for (genfs = policydb->genfs; genfs; genfs = genfs->next) {  in __security_genfs_sid()
2919 	struct policydb *policydb;  in security_fs_use()  local
2935 	policydb = &policy->policydb;  in security_fs_use()
2938 	c = policydb->ocontexts[OCON_FSUSE];  in security_fs_use()
2977 	struct policydb *policydb;  in security_get_bools()  local
2981 	policydb = &policy->policydb;  in security_get_bools()
2987 	*len = policydb->p_bools.nprim;  in security_get_bools()
3002 		(*values)[i] = policydb->bool_val_to_struct[i]->state;  in security_get_bools()
3005 		(*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),  in security_get_bools()
3041 	if (WARN_ON(len != oldpolicy->policydb.p_bools.nprim))  in security_set_bools()
3052 	rc = cond_policydb_dup(&newpolicy->policydb, &oldpolicy->policydb);  in security_set_bools()
3061 		int old_state = newpolicy->policydb.bool_val_to_struct[i]->state;  in security_set_bools()
3067 				sym_name(&newpolicy->policydb, SYM_BOOLS, i),  in security_set_bools()
3072 			newpolicy->policydb.bool_val_to_struct[i]->state = new_state;  in security_set_bools()
3077 	evaluate_cond_nodes(&newpolicy->policydb);  in security_set_bools()
3102 	struct policydb *policydb;  in security_get_bool_value()  local
3111 	policydb = &policy->policydb;  in security_get_bool_value()
3114 	len = policydb->p_bools.nprim;  in security_get_bool_value()
3118 	rc = policydb->bool_val_to_struct[index]->state;  in security_get_bool_value()
3136 		booldatum = symtab_search(&newpolicy->policydb.p_bools,  in security_preserve_bools()
3141 	evaluate_cond_nodes(&newpolicy->policydb);  in security_preserve_bools()
3160 	struct policydb *policydb;  in security_sid_mls_copy()  local
3180 	policydb = &policy->policydb;  in security_sid_mls_copy()
3183 	if (!policydb->mls_enabled) {  in security_sid_mls_copy()
3212 	if (!policydb_context_isvalid(policydb, &newcon)) {  in security_sid_mls_copy()
3213 		rc = convert_context_handle_invalid_context(policydb,  in security_sid_mls_copy()
3216 			if (!context_struct_to_string(policydb, &newcon, &s,  in security_sid_mls_copy()
3271 	struct policydb *policydb;  in security_net_peersid_resolve()  local
3299 	policydb = &policy->policydb;  in security_net_peersid_resolve()
3307 	if (!policydb->mls_enabled) {  in security_net_peersid_resolve()
3357 	struct policydb *policydb;  in security_get_classes()  local
3360 	policydb = &policy->policydb;  in security_get_classes()
3363 	*nclasses = policydb->p_classes.nprim;  in security_get_classes()
3368 	rc = hashtab_map(&policydb->p_classes.table, get_classes_callback,  in security_get_classes()
3398 	struct policydb *policydb;  in security_get_permissions()  local
3403 	policydb = &policy->policydb;  in security_get_permissions()
3406 	match = symtab_search(&policydb->p_classes, class);  in security_get_permissions()
3451 	value = policy->policydb.reject_unknown;  in security_get_reject_unknown()
3466 	value = policy->policydb.allow_unknown;  in security_get_allow_unknown()
3491 	rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);  in security_policycap_supported()
3517 	struct policydb *policydb;  in selinux_audit_rule_init()  local
3561 	policydb = &policy->policydb;  in selinux_audit_rule_init()
3566 		userdatum = symtab_search(&policydb->p_users, rulestr);  in selinux_audit_rule_init()
3575 		roledatum = symtab_search(&policydb->p_roles, rulestr);  in selinux_audit_rule_init()
3584 		typedatum = symtab_search(&policydb->p_types, rulestr);  in selinux_audit_rule_init()
3595 		rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,  in selinux_audit_rule_init()
3822 	struct policydb *policydb;  in security_netlbl_secattr_to_sid()  local
3837 	policydb = &policy->policydb;  in security_netlbl_secattr_to_sid()
3854 		mls_import_netlbl_lvl(policydb, &ctx_new, secattr);  in security_netlbl_secattr_to_sid()
3856 			rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);  in security_netlbl_secattr_to_sid()
3861 		if (!mls_context_isvalid(policydb, &ctx_new)) {  in security_netlbl_secattr_to_sid()
3897 	struct policydb *policydb;  in security_netlbl_sid_to_secattr()  local
3906 	policydb = &policy->policydb;  in security_netlbl_sid_to_secattr()
3914 	secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),  in security_netlbl_sid_to_secattr()
3921 	mls_export_netlbl_lvl(policydb, ctx, secattr);  in security_netlbl_sid_to_secattr()
3922 	rc = mls_export_netlbl_cat(policydb, ctx, secattr);  in security_netlbl_sid_to_secattr()
3945 	rc = policydb_write(&policy->policydb, &fp);  in __security_read_policy()
3969 	*len = policy->policydb.len;  in security_read_policy()
3999 	*len = policy->policydb.len;  in security_read_state_kernel()