Coverage Report

Created: 2025-07-12 06:44

/src/selinux/libsepol/src/policydb_public.c
Line
Count
Source (jump to first uncovered line)
1
#include <stdlib.h>
2
3
#include "debug.h"
4
#include <sepol/policydb/policydb.h>
5
#include "policydb_internal.h"
6
7
/* Policy file interfaces. */
8
9
int sepol_policy_file_create(sepol_policy_file_t ** pf)
10
1.41k
{
11
1.41k
  *pf = calloc(1, sizeof(sepol_policy_file_t));
12
1.41k
  if (!(*pf))
13
0
    return -1;
14
1.41k
  return 0;
15
1.41k
}
16
17
void sepol_policy_file_set_mem(sepol_policy_file_t * spf,
18
             char *data, size_t len)
19
0
{
20
0
  struct policy_file *pf = &spf->pf;
21
0
  if (!len) {
22
0
    pf->type = PF_LEN;
23
0
    return;
24
0
  }
25
0
  pf->type = PF_USE_MEMORY;
26
0
  pf->data = data;
27
0
  pf->len = len;
28
0
  pf->size = len;
29
0
  return;
30
0
}
31
32
void sepol_policy_file_set_fp(sepol_policy_file_t * spf, FILE * fp)
33
1.41k
{
34
1.41k
  struct policy_file *pf = &spf->pf;
35
1.41k
  pf->type = PF_USE_STDIO;
36
1.41k
  pf->fp = fp;
37
1.41k
  return;
38
1.41k
}
39
40
int sepol_policy_file_get_len(sepol_policy_file_t * spf, size_t * len)
41
0
{
42
0
  struct policy_file *pf = &spf->pf;
43
0
  if (pf->type != PF_LEN)
44
0
    return -1;
45
0
  *len = pf->len;
46
0
  return 0;
47
0
}
48
49
void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
50
          sepol_handle_t * handle)
51
0
{
52
0
  pf->pf.handle = handle;
53
0
}
54
55
void sepol_policy_file_free(sepol_policy_file_t * pf)
56
10.7k
{
57
10.7k
  free(pf);
58
10.7k
}
59
60
/* Policydb interfaces. */
61
62
int sepol_policydb_create(sepol_policydb_t ** sp)
63
2.01k
{
64
2.01k
  policydb_t *p;
65
2.01k
  *sp = malloc(sizeof(sepol_policydb_t));
66
2.01k
  if (!(*sp))
67
0
    return -1;
68
2.01k
  p = &(*sp)->p;
69
2.01k
  if (policydb_init(p)) {
70
0
    free(*sp);
71
0
    *sp = NULL;
72
0
    return -1;
73
0
  }
74
2.01k
  return 0;
75
2.01k
}
76
77
78
void sepol_policydb_free(sepol_policydb_t * p)
79
11.3k
{
80
11.3k
  if (!p)
81
9.32k
    return;
82
2.01k
  policydb_destroy(&p->p);
83
2.01k
  free(p);
84
2.01k
}
85
86
87
int sepol_policy_kern_vers_min(void)
88
0
{
89
0
  return POLICYDB_VERSION_MIN;
90
0
}
91
92
int sepol_policy_kern_vers_max(void)
93
0
{
94
0
  return POLICYDB_VERSION_MAX;
95
0
}
96
97
int sepol_policydb_set_typevers(sepol_policydb_t * sp, unsigned int type)
98
0
{
99
0
  struct policydb *p = &sp->p;
100
0
  switch (type) {
101
0
  case POLICY_KERN:
102
0
    p->policyvers = POLICYDB_VERSION_MAX;
103
0
    break;
104
0
  case POLICY_BASE:
105
0
  case POLICY_MOD:
106
0
    p->policyvers = MOD_POLICYDB_VERSION_MAX;
107
0
    break;
108
0
  default:
109
0
    return -1;
110
0
  }
111
0
  p->policy_type = type;
112
0
  return 0;
113
0
}
114
115
int sepol_policydb_set_vers(sepol_policydb_t * sp, unsigned int vers)
116
0
{
117
0
  struct policydb *p = &sp->p;
118
0
  switch (p->policy_type) {
119
0
  case POLICY_KERN:
120
0
    if (vers < POLICYDB_VERSION_MIN || vers > POLICYDB_VERSION_MAX)
121
0
      return -1;
122
0
    break;
123
0
  case POLICY_BASE:
124
0
  case POLICY_MOD:
125
0
    if (vers < MOD_POLICYDB_VERSION_MIN
126
0
        || vers > MOD_POLICYDB_VERSION_MAX)
127
0
      return -1;
128
0
    break;
129
0
  default:
130
0
    return -1;
131
0
  }
132
0
  p->policyvers = vers;
133
0
  return 0;
134
0
}
135
136
int sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,
137
              unsigned int handle_unknown)
138
0
{
139
0
  struct policydb *p = &sp->p;
140
141
0
  switch (handle_unknown) {
142
0
  case SEPOL_DENY_UNKNOWN:
143
0
  case SEPOL_REJECT_UNKNOWN:
144
0
  case SEPOL_ALLOW_UNKNOWN:
145
0
    break;
146
0
  default:
147
0
    return -1;
148
0
  }
149
150
0
  p->handle_unknown = handle_unknown;   
151
0
  return 0;
152
0
}
153
154
int sepol_policydb_set_target_platform(sepol_policydb_t * sp,
155
              int target_platform)
156
0
{
157
0
  struct policydb *p = &sp->p;
158
159
0
  switch (target_platform) {
160
0
  case SEPOL_TARGET_SELINUX:
161
0
  case SEPOL_TARGET_XEN:
162
0
    break;
163
0
  default:
164
0
    return -1;
165
0
  }
166
167
0
  p->target_platform = target_platform;   
168
0
  return 0;
169
0
}
170
171
int sepol_policydb_optimize(sepol_policydb_t * p)
172
1.41k
{
173
1.41k
  return policydb_optimize(&p->p);
174
1.41k
}
175
176
int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf)
177
0
{
178
0
  return policydb_read(&p->p, &pf->pf, 0);
179
0
}
180
181
int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf)
182
1.41k
{
183
1.41k
  return policydb_write(&p->p, &pf->pf);
184
1.41k
}
185
186
int sepol_policydb_from_image(sepol_handle_t * handle,
187
            void *data, size_t len, sepol_policydb_t * p)
188
0
{
189
0
  return policydb_from_image(handle, data, len, &p->p);
190
0
}
191
192
int sepol_policydb_to_image(sepol_handle_t * handle,
193
          sepol_policydb_t * p, void **newdata,
194
          size_t * newlen)
195
0
{
196
0
  return policydb_to_image(handle, &p->p, newdata, newlen);
197
0
}
198
199
int sepol_policydb_mls_enabled(const sepol_policydb_t * p)
200
0
{
201
202
0
  return p->p.mls;
203
0
}
204
205
/* 
206
 * Enable compatibility mode for SELinux network checks iff
207
 * the packet class is not defined in the policy.
208
 */
209
0
#define PACKET_CLASS_NAME "packet"
210
int sepol_policydb_compat_net(const sepol_policydb_t * p)
211
0
{
212
0
  return (hashtab_search(p->p.p_classes.table, PACKET_CLASS_NAME) ==
213
0
    NULL);
214
0
}