73 	struct policydb *oldp;
74 	struct policydb *newp;
83 static int context_struct_to_string(struct policydb *policydb,
88 static int sidtab_entry_to_string(struct policydb *policydb,
94 static void context_struct_compute_av(struct policydb *policydb,
101 static int selinux_set_mapping(struct policydb *pol,  in selinux_set_mapping()
254 	mls_enabled = policy->policydb.mls_enabled;  in security_mls_enabled()
270 static int constraint_expr_eval(struct policydb *policydb,  in constraint_expr_eval()  argument
315 				r1 = policydb->role_val_to_struct[val1 - 1];  in constraint_expr_eval()
316 				r2 = policydb->role_val_to_struct[val2 - 1];  in constraint_expr_eval()
461 static void security_dump_masked_av(struct policydb *policydb,  in security_dump_masked_av()  argument
482 	tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);  in security_dump_masked_av()
483 	tclass_dat = policydb->class_val_to_struct[tclass - 1];  in security_dump_masked_av()
497 	if (context_struct_to_string(policydb, scontext,  in security_dump_masked_av()
501 	if (context_struct_to_string(policydb, tcontext,  in security_dump_masked_av()
540 static void type_attribute_bounds_av(struct policydb *policydb,  in type_attribute_bounds_av()  argument
553 	source = policydb->type_val_to_struct[scontext->type - 1];  in type_attribute_bounds_av()
559 	target = policydb->type_val_to_struct[tcontext->type - 1];  in type_attribute_bounds_av()
573 	context_struct_compute_av(policydb, &lo_scontext,  in type_attribute_bounds_av()
588 	security_dump_masked_av(policydb, scontext, tcontext,  in type_attribute_bounds_av()
621 static void context_struct_compute_av(struct policydb *policydb,  in context_struct_compute_av()  argument
645 	if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {  in context_struct_compute_av()
651 	tclass_datum = policydb->class_val_to_struct[tclass - 1];  in context_struct_compute_av()
659 	sattr = &policydb->type_attr_map_array[scontext->type - 1];  in context_struct_compute_av()
660 	tattr = &policydb->type_attr_map_array[tcontext->type - 1];  in context_struct_compute_av()
665 			for (node = avtab_search_node(&policydb->te_avtab,  in context_struct_compute_av()
680 			cond_compute_av(&policydb->te_cond_avtab, &avkey,  in context_struct_compute_av()
693 		    !constraint_expr_eval(policydb, scontext, tcontext, NULL,  in context_struct_compute_av()
705 	if (tclass == policydb->process_class &&  in context_struct_compute_av()
706 	    (avd->allowed & policydb->process_trans_perms) &&  in context_struct_compute_av()
708 		for (ra = policydb->role_allow; ra; ra = ra->next) {  in context_struct_compute_av()
714 			avd->allowed &= ~policydb->process_trans_perms;  in context_struct_compute_av()
722 	type_attribute_bounds_av(policydb, scontext, tcontext,  in context_struct_compute_av()
733 	struct policydb *p = &policy->policydb;  in security_validtrans_handle_fail()
763 	struct policydb *policydb;  in security_compute_validatetrans()  local
780 	policydb = &policy->policydb;  in security_compute_validatetrans()
788 	if (!tclass || tclass > policydb->p_classes.nprim) {  in security_compute_validatetrans()
792 	tclass_datum = policydb->class_val_to_struct[tclass - 1];  in security_compute_validatetrans()
820 		if (!constraint_expr_eval(policydb, &oentry->context,  in security_compute_validatetrans()
871 	struct policydb *policydb;  in security_bounded_transition()  local
883 	policydb = &policy->policydb;  in security_bounded_transition()
909 		type = policydb->type_val_to_struct[index - 1];  in security_bounded_transition()
930 		if (!sidtab_entry_to_string(policydb, sidtab, old_entry,  in security_bounded_transition()
932 		    !sidtab_entry_to_string(policydb, sidtab, new_entry,  in security_bounded_transition()
1024 	struct policydb *policydb;  in security_compute_xperms_decision()  local
1045 	policydb = &policy->policydb;  in security_compute_xperms_decision()
1064 		if (policydb->allow_unknown)  in security_compute_xperms_decision()
1070 	if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {  in security_compute_xperms_decision()
1077 	sattr = &policydb->type_attr_map_array[scontext->type - 1];  in security_compute_xperms_decision()
1078 	tattr = &policydb->type_attr_map_array[tcontext->type - 1];  in security_compute_xperms_decision()
1083 			for (node = avtab_search_node(&policydb->te_avtab,  in security_compute_xperms_decision()
1089 			cond_compute_xperms(&policydb->te_cond_avtab,  in security_compute_xperms_decision()
1120 	struct policydb *policydb;  in security_compute_av()  local
1132 	policydb = &policy->policydb;  in security_compute_av()
1143 	if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))  in security_compute_av()
1155 		if (policydb->allow_unknown)  in security_compute_av()
1159 	context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,  in security_compute_av()
1162 		     policydb->allow_unknown);  in security_compute_av()
1178 	struct policydb *policydb;  in security_compute_av_user()  local
1188 	policydb = &policy->policydb;  in security_compute_av_user()
1199 	if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))  in security_compute_av_user()
1210 		if (policydb->allow_unknown)  in security_compute_av_user()
1215 	context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,  in security_compute_av_user()
1232 static int context_struct_to_string(struct policydb *p,  in context_struct_to_string()
1282 static int sidtab_entry_to_string(struct policydb *p,  in sidtab_entry_to_string()
1333 	struct policydb *policydb;  in security_sid_to_context_core()  local
1364 	policydb = &policy->policydb;  in security_sid_to_context_core()
1380 	rc = sidtab_entry_to_string(policydb, sidtab, entry, scontext,  in security_sid_to_context_core()
1436 static int string_to_context_struct(struct policydb *pol,  in string_to_context_struct()
1520 	struct policydb *policydb;  in security_context_to_sid_core()  local
1561 	policydb = &policy->policydb;  in security_context_to_sid_core()
1563 	rc = string_to_context_struct(policydb, sidtab, scontext2,  in security_context_to_sid_core()
1659 	struct policydb *policydb = &policy->policydb;  in compute_sid_handle_invalid_context()  local
1665 	if (sidtab_entry_to_string(policydb, sidtab, sentry, &s, &slen))  in compute_sid_handle_invalid_context()
1667 	if (sidtab_entry_to_string(policydb, sidtab, tentry, &t, &tlen))  in compute_sid_handle_invalid_context()
1669 	if (context_struct_to_string(policydb, newcontext, &n, &nlen))  in compute_sid_handle_invalid_context()
1677 			 s, t, sym_name(policydb, SYM_CLASSES, tclass-1));  in compute_sid_handle_invalid_context()
1688 static void filename_compute_type(struct policydb *policydb,  in filename_compute_type()  argument
1701 	if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))  in filename_compute_type()
1708 	datum = policydb_filenametr_search(policydb, &ft);  in filename_compute_type()
1728 	struct policydb *policydb;  in security_compute_sid()  local
1769 	policydb = &policy->policydb;  in security_compute_sid()
1790 	if (tclass && tclass <= policydb->p_classes.nprim)  in security_compute_sid()
1791 		cladatum = policydb->class_val_to_struct[tclass - 1];  in security_compute_sid()
1817 		if ((tclass == policydb->process_class) || sock)  in security_compute_sid()
1829 		if ((tclass == policydb->process_class) || sock) {  in security_compute_sid()
1843 	avdatum = avtab_search(&policydb->te_avtab, &avkey);  in security_compute_sid()
1847 		node = avtab_search_node(&policydb->te_cond_avtab, &avkey);  in security_compute_sid()
1863 		filename_compute_type(policydb, &newcontext, scontext->type,  in security_compute_sid()
1876 		rtd = policydb_roletr_search(policydb, &rtk);  in security_compute_sid()
1883 	rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,  in security_compute_sid()
1889 	if (!policydb_context_isvalid(policydb, &newcontext)) {  in security_compute_sid()
1991 	struct policydb *policydb,  in convert_context_handle_invalid_context()  argument
2000 	if (!context_struct_to_string(policydb, context, &s, &len)) {  in convert_context_handle_invalid_context()
2144 	struct policydb *p;  in security_load_policycaps()
2148 	p = &policy->policydb;  in security_load_policycaps()
2180 	policydb_destroy(&policy->policydb);  in selinux_policy_free()
2187 	cond_policydb_destroy_dup(&policy->policydb);  in selinux_policy_cond_free()
2227 		if (oldpolicy->policydb.mls_enabled && !newpolicy->policydb.mls_enabled)  in selinux_policy_commit()
2229 		else if (!oldpolicy->policydb.mls_enabled && newpolicy->policydb.mls_enabled)  in selinux_policy_commit()
2300 	rc = policydb_read(&newpolicy->policydb, fp);  in security_load_policy()
2304 	newpolicy->policydb.len = len;  in security_load_policy()
2305 	rc = selinux_set_mapping(&newpolicy->policydb, secclass_map,  in security_load_policy()
2310 	rc = policydb_load_isids(&newpolicy->policydb, newpolicy->sidtab);  in security_load_policy()
2344 	convert_data->args.oldp = &oldpolicy->policydb;  in security_load_policy()
2345 	convert_data->args.newp = &newpolicy->policydb;  in security_load_policy()
2370 	policydb_destroy(&newpolicy->policydb);  in security_load_policy()
2426 	struct policydb *policydb;  in security_port_sid()  local
2440 	policydb = &policy->policydb;  in security_port_sid()
2443 	c = policydb->ocontexts[OCON_PORT];  in security_port_sid()
2479 	struct policydb *policydb;  in security_ib_pkey_sid()  local
2493 	policydb = &policy->policydb;  in security_ib_pkey_sid()
2496 	c = policydb->ocontexts[OCON_IBPKEY];  in security_ib_pkey_sid()
2532 	struct policydb *policydb;  in security_ib_endport_sid()  local
2546 	policydb = &policy->policydb;  in security_ib_endport_sid()
2549 	c = policydb->ocontexts[OCON_IBENDPORT];  in security_ib_endport_sid()
2585 	struct policydb *policydb;  in security_netif_sid()  local
2599 	policydb = &policy->policydb;  in security_netif_sid()
2602 	c = policydb->ocontexts[OCON_NETIF];  in security_netif_sid()
2652 	struct policydb *policydb;  in security_node_sid()  local
2665 	policydb = &policy->policydb;  in security_node_sid()
2678 		c = policydb->ocontexts[OCON_NODE];  in security_node_sid()
2691 		c = policydb->ocontexts[OCON_NODE6];  in security_node_sid()
2747 	struct policydb *policydb;  in security_get_user_sids()  local
2771 	policydb = &policy->policydb;  in security_get_user_sids()
2782 	user = symtab_search(&policydb->p_users, username);  in security_get_user_sids()
2789 		role = policydb->role_val_to_struct[i];  in security_get_user_sids()
2794 			if (mls_setup_user_range(policydb, fromcon, user,  in security_get_user_sids()
2871 	struct policydb *policydb = &policy->policydb;  in __security_genfs_sid()  local
2885 	for (genfs = policydb->genfs; genfs; genfs = genfs->next) {  in __security_genfs_sid()
2958 	struct policydb *policydb;  in security_fs_use()  local
2975 	policydb = &policy->policydb;  in security_fs_use()
2978 	c = policydb->ocontexts[OCON_FSUSE];  in security_fs_use()
3017 	struct policydb *policydb;  in security_get_bools()  local
3021 	policydb = &policy->policydb;  in security_get_bools()
3027 	*len = policydb->p_bools.nprim;  in security_get_bools()
3042 		(*values)[i] = policydb->bool_val_to_struct[i]->state;  in security_get_bools()
3045 		(*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),  in security_get_bools()
3080 	if (WARN_ON(len != oldpolicy->policydb.p_bools.nprim))  in security_set_bools()
3091 	rc = cond_policydb_dup(&newpolicy->policydb, &oldpolicy->policydb);  in security_set_bools()
3100 		int old_state = newpolicy->policydb.bool_val_to_struct[i]->state;  in security_set_bools()
3106 				sym_name(&newpolicy->policydb, SYM_BOOLS, i),  in security_set_bools()
3111 			newpolicy->policydb.bool_val_to_struct[i]->state = new_state;  in security_set_bools()
3116 	evaluate_cond_nodes(&newpolicy->policydb);  in security_set_bools()
3142 	struct policydb *policydb;  in security_get_bool_value()  local
3151 	policydb = &policy->policydb;  in security_get_bool_value()
3154 	len = policydb->p_bools.nprim;  in security_get_bool_value()
3158 	rc = policydb->bool_val_to_struct[index]->state;  in security_get_bool_value()
3176 		booldatum = symtab_search(&newpolicy->policydb.p_bools,  in security_preserve_bools()
3181 	evaluate_cond_nodes(&newpolicy->policydb);  in security_preserve_bools()
3201 	struct policydb *policydb;  in security_sid_mls_copy()  local
3221 	policydb = &policy->policydb;  in security_sid_mls_copy()
3224 	if (!policydb->mls_enabled) {  in security_sid_mls_copy()
3253 	if (!policydb_context_isvalid(policydb, &newcon)) {  in security_sid_mls_copy()
3254 		rc = convert_context_handle_invalid_context(state, policydb,  in security_sid_mls_copy()
3257 			if (!context_struct_to_string(policydb, &newcon, &s,  in security_sid_mls_copy()
3312 	struct policydb *policydb;  in security_net_peersid_resolve()  local
3340 	policydb = &policy->policydb;  in security_net_peersid_resolve()
3348 	if (!policydb->mls_enabled) {  in security_net_peersid_resolve()
3398 	struct policydb *policydb;  in security_get_classes()  local
3401 	policydb = &policy->policydb;  in security_get_classes()
3404 	*nclasses = policydb->p_classes.nprim;  in security_get_classes()
3409 	rc = hashtab_map(&policydb->p_classes.table, get_classes_callback,  in security_get_classes()
3438 	struct policydb *policydb;  in security_get_permissions()  local
3442 	policydb = &policy->policydb;  in security_get_permissions()
3445 	match = symtab_search(&policydb->p_classes, class);  in security_get_permissions()
3490 	value = policy->policydb.reject_unknown;  in security_get_reject_unknown()
3505 	value = policy->policydb.allow_unknown;  in security_get_allow_unknown()
3531 	rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);  in security_policycap_supported()
3556 	struct policydb *policydb;  in selinux_audit_rule_init()  local
3601 	policydb = &policy->policydb;  in selinux_audit_rule_init()
3609 		userdatum = symtab_search(&policydb->p_users, rulestr);  in selinux_audit_rule_init()
3617 		roledatum = symtab_search(&policydb->p_roles, rulestr);  in selinux_audit_rule_init()
3625 		typedatum = symtab_search(&policydb->p_types, rulestr);  in selinux_audit_rule_init()
3634 		rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,  in selinux_audit_rule_init()
3868 	struct policydb *policydb;  in security_netlbl_secattr_to_sid()  local
3883 	policydb = &policy->policydb;  in security_netlbl_secattr_to_sid()
3900 		mls_import_netlbl_lvl(policydb, &ctx_new, secattr);  in security_netlbl_secattr_to_sid()
3902 			rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);  in security_netlbl_secattr_to_sid()
3907 		if (!mls_context_isvalid(policydb, &ctx_new)) {  in security_netlbl_secattr_to_sid()
3944 	struct policydb *policydb;  in security_netlbl_sid_to_secattr()  local
3953 	policydb = &policy->policydb;  in security_netlbl_sid_to_secattr()
3961 	secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),  in security_netlbl_sid_to_secattr()
3968 	mls_export_netlbl_lvl(policydb, ctx, secattr);  in security_netlbl_sid_to_secattr()
3969 	rc = mls_export_netlbl_cat(policydb, ctx, secattr);  in security_netlbl_sid_to_secattr()
3994 	*len = policy->policydb.len;  in security_read_policy()
4002 	rc = policydb_write(&policy->policydb, &fp);  in security_read_policy()