93 static int context_struct_to_string(struct policydb *policydb,
98 static void context_struct_compute_av(struct policydb *policydb,
105 static int selinux_set_mapping(struct policydb *pol,  in selinux_set_mapping()
250 	struct policydb *p = &state->ss->policydb;  in security_mls_enabled()
266 static int constraint_expr_eval(struct policydb *policydb,  in constraint_expr_eval()  argument
311 				r1 = policydb->role_val_to_struct[val1 - 1];  in constraint_expr_eval()
312 				r2 = policydb->role_val_to_struct[val2 - 1];  in constraint_expr_eval()
457 static void security_dump_masked_av(struct policydb *policydb,  in security_dump_masked_av()  argument
478 	tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);  in security_dump_masked_av()
479 	tclass_dat = policydb->class_val_to_struct[tclass - 1];  in security_dump_masked_av()
493 	if (context_struct_to_string(policydb, scontext,  in security_dump_masked_av()
497 	if (context_struct_to_string(policydb, tcontext,  in security_dump_masked_av()
536 static void type_attribute_bounds_av(struct policydb *policydb,  in type_attribute_bounds_av()  argument
549 	source = flex_array_get_ptr(policydb->type_val_to_struct_array,  in type_attribute_bounds_av()
556 	target = flex_array_get_ptr(policydb->type_val_to_struct_array,  in type_attribute_bounds_av()
571 	context_struct_compute_av(policydb, &lo_scontext,  in type_attribute_bounds_av()
586 	security_dump_masked_av(policydb, scontext, tcontext,  in type_attribute_bounds_av()
619 static void context_struct_compute_av(struct policydb *policydb,  in context_struct_compute_av()  argument
643 	if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {  in context_struct_compute_av()
649 	tclass_datum = policydb->class_val_to_struct[tclass - 1];  in context_struct_compute_av()
657 	sattr = flex_array_get(policydb->type_attr_map_array,  in context_struct_compute_av()
660 	tattr = flex_array_get(policydb->type_attr_map_array,  in context_struct_compute_av()
667 			for (node = avtab_search_node(&policydb->te_avtab,  in context_struct_compute_av()
682 			cond_compute_av(&policydb->te_cond_avtab, &avkey,  in context_struct_compute_av()
695 		    !constraint_expr_eval(policydb, scontext, tcontext, NULL,  in context_struct_compute_av()
707 	if (tclass == policydb->process_class &&  in context_struct_compute_av()
708 	    (avd->allowed & policydb->process_trans_perms) &&  in context_struct_compute_av()
710 		for (ra = policydb->role_allow; ra; ra = ra->next) {  in context_struct_compute_av()
716 			avd->allowed &= ~policydb->process_trans_perms;  in context_struct_compute_av()
724 	type_attribute_bounds_av(policydb, scontext, tcontext,  in context_struct_compute_av()
734 	struct policydb *p = &state->ss->policydb;  in security_validtrans_handle_fail()
762 	struct policydb *policydb;  in security_compute_validatetrans()  local
778 	policydb = &state->ss->policydb;  in security_compute_validatetrans()
786 	if (!tclass || tclass > policydb->p_classes.nprim) {  in security_compute_validatetrans()
790 	tclass_datum = policydb->class_val_to_struct[tclass - 1];  in security_compute_validatetrans()
818 		if (!constraint_expr_eval(policydb, ocontext, ncontext,  in security_compute_validatetrans()
866 	struct policydb *policydb;  in security_bounded_transition()  local
878 	policydb = &state->ss->policydb;  in security_bounded_transition()
904 		type = flex_array_get_ptr(policydb->type_val_to_struct_array,  in security_bounded_transition()
926 		if (!context_struct_to_string(policydb, old_context,  in security_bounded_transition()
928 		    !context_struct_to_string(policydb, new_context,  in security_bounded_transition()
1016 	struct policydb *policydb;  in security_compute_xperms_decision()  local
1036 	policydb = &state->ss->policydb;  in security_compute_xperms_decision()
1055 		if (policydb->allow_unknown)  in security_compute_xperms_decision()
1061 	if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {  in security_compute_xperms_decision()
1068 	sattr = flex_array_get(policydb->type_attr_map_array,  in security_compute_xperms_decision()
1071 	tattr = flex_array_get(policydb->type_attr_map_array,  in security_compute_xperms_decision()
1078 			for (node = avtab_search_node(&policydb->te_avtab,  in security_compute_xperms_decision()
1084 			cond_compute_xperms(&policydb->te_cond_avtab,  in security_compute_xperms_decision()
1114 	struct policydb *policydb;  in security_compute_av()  local
1125 	policydb = &state->ss->policydb;  in security_compute_av()
1136 	if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))  in security_compute_av()
1148 		if (policydb->allow_unknown)  in security_compute_av()
1152 	context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,  in security_compute_av()
1155 		     policydb->allow_unknown);  in security_compute_av()
1170 	struct policydb *policydb;  in security_compute_av_user()  local
1179 	policydb = &state->ss->policydb;  in security_compute_av_user()
1190 	if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))  in security_compute_av_user()
1201 		if (policydb->allow_unknown)  in security_compute_av_user()
1206 	context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,  in security_compute_av_user()
1223 static int context_struct_to_string(struct policydb *p,  in context_struct_to_string()
1286 	struct policydb *policydb;  in security_sid_to_context_core()  local
1317 	policydb = &state->ss->policydb;  in security_sid_to_context_core()
1329 	rc = context_struct_to_string(policydb, context, scontext,  in security_sid_to_context_core()
1365 static int string_to_context_struct(struct policydb *pol,  in string_to_context_struct()
1452 	struct policydb *policydb;  in security_context_to_sid_core()  local
1489 	policydb = &state->ss->policydb;  in security_context_to_sid_core()
1491 	rc = string_to_context_struct(policydb, sidtab, scontext2,  in security_context_to_sid_core()
1577 	struct policydb *policydb = &state->ss->policydb;  in compute_sid_handle_invalid_context()  local
1581 	if (context_struct_to_string(policydb, scontext, &s, &slen))  in compute_sid_handle_invalid_context()
1583 	if (context_struct_to_string(policydb, tcontext, &t, &tlen))  in compute_sid_handle_invalid_context()
1585 	if (context_struct_to_string(policydb, newcontext, &n, &nlen))  in compute_sid_handle_invalid_context()
1592 		  n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1));  in compute_sid_handle_invalid_context()
1602 static void filename_compute_type(struct policydb *policydb,  in filename_compute_type()  argument
1615 	if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))  in filename_compute_type()
1623 	otype = hashtab_search(policydb->filename_trans, &ft);  in filename_compute_type()
1637 	struct policydb *policydb;  in security_compute_sid()  local
1674 	policydb = &state->ss->policydb;  in security_compute_sid()
1692 	if (tclass && tclass <= policydb->p_classes.nprim)  in security_compute_sid()
1693 		cladatum = policydb->class_val_to_struct[tclass - 1];  in security_compute_sid()
1719 		if ((tclass == policydb->process_class) || (sock == true))  in security_compute_sid()
1731 		if ((tclass == policydb->process_class) || (sock == true)) {  in security_compute_sid()
1745 	avdatum = avtab_search(&policydb->te_avtab, &avkey);  in security_compute_sid()
1749 		node = avtab_search_node(&policydb->te_cond_avtab, &avkey);  in security_compute_sid()
1765 		filename_compute_type(policydb, &newcontext, scontext->type,  in security_compute_sid()
1771 		for (roletr = policydb->role_tr; roletr;  in security_compute_sid()
1785 	rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,  in security_compute_sid()
1791 	if (!policydb_context_isvalid(policydb, &newcontext)) {  in security_compute_sid()
1904 	struct policydb *policydb = &state->ss->policydb;  in convert_context_handle_invalid_context()  local
1911 	if (!context_struct_to_string(policydb, context, &s, &len)) {  in convert_context_handle_invalid_context()
1921 	struct policydb *oldp;
1922 	struct policydb *newp;
2075 	struct policydb *p = &state->ss->policydb;  in security_load_policycaps()
2095 				   struct policydb *newpolicydb);
2109 	struct policydb *policydb;  in security_load_policy()  local
2111 	struct policydb *oldpolicydb, *newpolicydb;  in security_load_policy()
2127 	policydb = &state->ss->policydb;  in security_load_policy()
2131 		rc = policydb_read(policydb, fp);  in security_load_policy()
2135 		policydb->len = len;  in security_load_policy()
2136 		rc = selinux_set_mapping(policydb, secclass_map,  in security_load_policy()
2139 			policydb_destroy(policydb);  in security_load_policy()
2143 		rc = policydb_load_isids(policydb, sidtab);  in security_load_policy()
2145 			policydb_destroy(policydb);  in security_load_policy()
2171 	if (policydb->mls_enabled && !newpolicydb->mls_enabled)  in security_load_policy()
2173 	else if (!policydb->mls_enabled && newpolicydb->mls_enabled)  in security_load_policy()
2205 	args.oldp = policydb;  in security_load_policy()
2216 	memcpy(oldpolicydb, policydb, sizeof(*policydb));  in security_load_policy()
2221 	memcpy(policydb, newpolicydb, sizeof(*policydb));  in security_load_policy()
2256 	struct policydb *p = &state->ss->policydb;  in security_policydb_len()
2275 	struct policydb *policydb;  in security_port_sid()  local
2282 	policydb = &state->ss->policydb;  in security_port_sid()
2285 	c = policydb->ocontexts[OCON_PORT];  in security_port_sid()
2321 	struct policydb *policydb;  in security_ib_pkey_sid()  local
2328 	policydb = &state->ss->policydb;  in security_ib_pkey_sid()
2331 	c = policydb->ocontexts[OCON_IBPKEY];  in security_ib_pkey_sid()
2367 	struct policydb *policydb;  in security_ib_endport_sid()  local
2374 	policydb = &state->ss->policydb;  in security_ib_endport_sid()
2377 	c = policydb->ocontexts[OCON_IBENDPORT];  in security_ib_endport_sid()
2413 	struct policydb *policydb;  in security_netif_sid()  local
2420 	policydb = &state->ss->policydb;  in security_netif_sid()
2423 	c = policydb->ocontexts[OCON_NETIF];  in security_netif_sid()
2478 	struct policydb *policydb;  in security_node_sid()  local
2485 	policydb = &state->ss->policydb;  in security_node_sid()
2498 		c = policydb->ocontexts[OCON_NODE];  in security_node_sid()
2511 		c = policydb->ocontexts[OCON_NODE6];  in security_node_sid()
2567 	struct policydb *policydb;  in security_get_user_sids()  local
2585 	policydb = &state->ss->policydb;  in security_get_user_sids()
2596 	user = hashtab_search(policydb->p_users.table, username);  in security_get_user_sids()
2608 		role = policydb->role_val_to_struct[i];  in security_get_user_sids()
2613 			if (mls_setup_user_range(policydb, fromcon, user,  in security_get_user_sids()
2687 	struct policydb *policydb = &state->ss->policydb;  in __security_genfs_sid()  local
2701 	for (genfs = policydb->genfs; genfs; genfs = genfs->next) {  in __security_genfs_sid()
2764 	struct policydb *policydb;  in security_fs_use()  local
2773 	policydb = &state->ss->policydb;  in security_fs_use()
2776 	c = policydb->ocontexts[OCON_FSUSE];  in security_fs_use()
2811 	struct policydb *policydb;  in security_get_bools()  local
2823 	policydb = &state->ss->policydb;  in security_get_bools()
2829 	*len = policydb->p_bools.nprim;  in security_get_bools()
2844 		(*values)[i] = policydb->bool_val_to_struct[i]->state;  in security_get_bools()
2847 		(*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),  in security_get_bools()
2868 	struct policydb *policydb;  in security_set_bools()  local
2875 	policydb = &state->ss->policydb;  in security_set_bools()
2878 	lenp = policydb->p_bools.nprim;  in security_set_bools()
2883 		if (!!values[i] != policydb->bool_val_to_struct[i]->state) {  in security_set_bools()
2887 				sym_name(policydb, SYM_BOOLS, i),  in security_set_bools()
2889 				policydb->bool_val_to_struct[i]->state,  in security_set_bools()
2894 			policydb->bool_val_to_struct[i]->state = 1;  in security_set_bools()
2896 			policydb->bool_val_to_struct[i]->state = 0;  in security_set_bools()
2899 	for (cur = policydb->cond_list; cur; cur = cur->next) {  in security_set_bools()
2900 		rc = evaluate_cond_node(policydb, cur);  in security_set_bools()
2921 	struct policydb *policydb;  in security_get_bool_value()  local
2927 	policydb = &state->ss->policydb;  in security_get_bool_value()
2930 	len = policydb->p_bools.nprim;  in security_get_bool_value()
2934 	rc = policydb->bool_val_to_struct[index]->state;  in security_get_bool_value()
2941 				   struct policydb *policydb)  in security_preserve_bools()  argument
2952 		booldatum = hashtab_search(policydb->p_bools.table, bnames[i]);  in security_preserve_bools()
2956 	for (cur = policydb->cond_list; cur; cur = cur->next) {  in security_preserve_bools()
2957 		rc = evaluate_cond_node(policydb, cur);  in security_preserve_bools()
2979 	struct policydb *policydb = &state->ss->policydb;  in security_sid_mls_copy()  local
2989 	if (!state->initialized || !policydb->mls_enabled) {  in security_sid_mls_copy()
3022 	if (!policydb_context_isvalid(policydb, &newcon)) {  in security_sid_mls_copy()
3025 			if (!context_struct_to_string(policydb, &newcon, &s,  in security_sid_mls_copy()
3070 	struct policydb *policydb = &state->ss->policydb;  in security_net_peersid_resolve()  local
3098 	if (!policydb->mls_enabled)  in security_net_peersid_resolve()
3148 	struct policydb *policydb = &state->ss->policydb;  in security_get_classes()  local
3160 	*nclasses = policydb->p_classes.nprim;  in security_get_classes()
3165 	rc = hashtab_map(policydb->p_classes.table, get_classes_callback,  in security_get_classes()
3195 	struct policydb *policydb = &state->ss->policydb;  in security_get_permissions()  local
3202 	match = hashtab_search(policydb->p_classes.table, class);  in security_get_permissions()
3241 	return state->ss->policydb.reject_unknown;  in security_get_reject_unknown()
3246 	return state->ss->policydb.allow_unknown;  in security_get_allow_unknown()
3262 	struct policydb *policydb = &state->ss->policydb;  in security_policycap_supported()  local
3266 	rc = ebitmap_get_bit(&policydb->policycaps, req_cap);  in security_policycap_supported()
3290 	struct policydb *policydb = &state->ss->policydb;  in selinux_audit_rule_init()  local
3341 		userdatum = hashtab_search(policydb->p_users.table, rulestr);  in selinux_audit_rule_init()
3349 		roledatum = hashtab_search(policydb->p_roles.table, rulestr);  in selinux_audit_rule_init()
3357 		typedatum = hashtab_search(policydb->p_types.table, rulestr);  in selinux_audit_rule_init()
3366 		rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,  in selinux_audit_rule_init()
3594 	struct policydb *policydb = &state->ss->policydb;  in security_netlbl_secattr_to_sid()  local
3621 		mls_import_netlbl_lvl(policydb, &ctx_new, secattr);  in security_netlbl_secattr_to_sid()
3623 			rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);  in security_netlbl_secattr_to_sid()
3628 		if (!mls_context_isvalid(policydb, &ctx_new))  in security_netlbl_secattr_to_sid()
3663 	struct policydb *policydb = &state->ss->policydb;  in security_netlbl_sid_to_secattr()  local
3678 	secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),  in security_netlbl_sid_to_secattr()
3685 	mls_export_netlbl_lvl(policydb, ctx, secattr);  in security_netlbl_sid_to_secattr()
3686 	rc = mls_export_netlbl_cat(policydb, ctx, secattr);  in security_netlbl_sid_to_secattr()
3702 	struct policydb *policydb = &state->ss->policydb;  in security_read_policy()  local
3719 	rc = policydb_write(policydb, &fp);  in security_read_policy()