80 struct policydb policydb;  variable
109 static int selinux_set_mapping(struct policydb *pol,  in selinux_set_mapping()
257 	return policydb.mls_enabled;  in security_mls_enabled()
315 				r1 = policydb.role_val_to_struct[val1 - 1];  in constraint_expr_eval()
316 				r2 = policydb.role_val_to_struct[val2 - 1];  in constraint_expr_eval()
481 	tclass_name = sym_name(&policydb, SYM_CLASSES, tclass - 1);  in security_dump_masked_av()
482 	tclass_dat = policydb.class_val_to_struct[tclass - 1];  in security_dump_masked_av()
551 	source = flex_array_get_ptr(policydb.type_val_to_struct_array,  in type_attribute_bounds_av()
555 	target = flex_array_get_ptr(policydb.type_val_to_struct_array,  in type_attribute_bounds_av()
637 	if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {  in context_struct_compute_av()
643 	tclass_datum = policydb.class_val_to_struct[tclass - 1];  in context_struct_compute_av()
651 	sattr = flex_array_get(policydb.type_attr_map_array, scontext->type - 1);  in context_struct_compute_av()
653 	tattr = flex_array_get(policydb.type_attr_map_array, tcontext->type - 1);  in context_struct_compute_av()
659 			for (node = avtab_search_node(&policydb.te_avtab, &avkey);  in context_struct_compute_av()
671 			cond_compute_av(&policydb.te_cond_avtab, &avkey, avd);  in context_struct_compute_av()
695 	if (tclass == policydb.process_class &&  in context_struct_compute_av()
696 	    (avd->allowed & policydb.process_trans_perms) &&  in context_struct_compute_av()
698 		for (ra = policydb.role_allow; ra; ra = ra->next) {  in context_struct_compute_av()
704 			avd->allowed &= ~policydb.process_trans_perms;  in context_struct_compute_av()
733 		  o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));  in security_validtrans_handle_fail()
762 	if (!tclass || tclass > policydb.p_classes.nprim) {  in security_validate_transition()
768 	tclass_datum = policydb.class_val_to_struct[tclass - 1];  in security_validate_transition()
851 		type = flex_array_get_ptr(policydb.type_val_to_struct_array,  in security_bounded_transition()
934 	if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))  in security_compute_av()
946 		if (policydb.allow_unknown)  in security_compute_av()
951 	map_decision(orig_tclass, avd, policydb.allow_unknown);  in security_compute_av()
980 	if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))  in security_compute_av_user()
991 		if (policydb.allow_unknown)  in security_compute_av_user()
1031 	*scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;  in context_struct_to_string()
1032 	*scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;  in context_struct_to_string()
1033 	*scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;  in context_struct_to_string()
1049 		sym_name(&policydb, SYM_USERS, context->user - 1),  in context_struct_to_string()
1050 		sym_name(&policydb, SYM_ROLES, context->role - 1),  in context_struct_to_string()
1051 		sym_name(&policydb, SYM_TYPES, context->type - 1));  in context_struct_to_string()
1052 	scontextp += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) +  in context_struct_to_string()
1053 		     1 + strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) +  in context_struct_to_string()
1054 		     1 + strlen(sym_name(&policydb, SYM_TYPES, context->type - 1));  in context_struct_to_string()
1145 static int string_to_context_struct(struct policydb *pol,  in string_to_context_struct()
1269 	rc = string_to_context_struct(&policydb, &sidtab, scontext2,  in security_context_to_sid_core()
1358 		  n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));  in compute_sid_handle_invalid_context()
1368 static void filename_compute_type(struct policydb *p, struct context *newcontext,  in filename_compute_type()
1450 	if (tclass && tclass <= policydb.p_classes.nprim)  in security_compute_sid()
1451 		cladatum = policydb.class_val_to_struct[tclass - 1];  in security_compute_sid()
1477 		if ((tclass == policydb.process_class) || (sock == true))  in security_compute_sid()
1489 		if ((tclass == policydb.process_class) || (sock == true)) {  in security_compute_sid()
1503 	avdatum = avtab_search(&policydb.te_avtab, &avkey);  in security_compute_sid()
1507 		node = avtab_search_node(&policydb.te_cond_avtab, &avkey);  in security_compute_sid()
1523 		filename_compute_type(&policydb, &newcontext, scontext->type,  in security_compute_sid()
1529 		for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {  in security_compute_sid()
1548 	if (!policydb_context_isvalid(&policydb, &newcontext)) {  in security_compute_sid()
1665 	struct policydb *oldp;
1666 	struct policydb *newp;
1818 	selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,  in security_load_policycaps()
1820 	selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,  in security_load_policycaps()
1822 	selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,  in security_load_policycaps()
1826 static int security_preserve_bools(struct policydb *p);
1840 	struct policydb *oldpolicydb, *newpolicydb;  in security_load_policy()
1858 		rc = policydb_read(&policydb, fp);  in security_load_policy()
1864 		policydb.len = len;  in security_load_policy()
1865 		rc = selinux_set_mapping(&policydb, secclass_map,  in security_load_policy()
1869 			policydb_destroy(&policydb);  in security_load_policy()
1874 		rc = policydb_load_isids(&policydb, &sidtab);  in security_load_policy()
1876 			policydb_destroy(&policydb);  in security_load_policy()
1903 	if (policydb.mls_enabled && !newpolicydb->mls_enabled)  in security_load_policy()
1905 	else if (!policydb.mls_enabled && newpolicydb->mls_enabled)  in security_load_policy()
1936 	args.oldp = &policydb;  in security_load_policy()
1947 	memcpy(oldpolicydb, &policydb, sizeof(policydb));  in security_load_policy()
1952 	memcpy(&policydb, newpolicydb, sizeof(policydb));  in security_load_policy()
1990 	len = policydb.len;  in security_policydb_len()
2009 	c = policydb.ocontexts[OCON_PORT];  in security_port_sid()
2048 	c = policydb.ocontexts[OCON_NETIF];  in security_netif_sid()
2117 		c = policydb.ocontexts[OCON_NODE];  in security_node_sid()
2130 		c = policydb.ocontexts[OCON_NODE6];  in security_node_sid()
2209 	user = hashtab_search(policydb.p_users.table, username);  in security_get_user_sids()
2221 		role = policydb.role_val_to_struct[i];  in security_get_user_sids()
2309 	for (genfs = policydb.genfs; genfs; genfs = genfs->next) {  in __security_genfs_sid()
2378 	c = policydb.ocontexts[OCON_FSUSE];  in security_fs_use()
2419 	*len = policydb.p_bools.nprim;  in security_get_bools()
2436 		(*values)[i] = policydb.bool_val_to_struct[i]->state;  in security_get_bools()
2437 		name_len = strlen(sym_name(&policydb, SYM_BOOLS, i)) + 1;  in security_get_bools()
2444 		strncpy((*names)[i], sym_name(&policydb, SYM_BOOLS, i), name_len);  in security_get_bools()
2470 	lenp = policydb.p_bools.nprim;  in security_set_bools()
2475 		if (!!values[i] != policydb.bool_val_to_struct[i]->state) {  in security_set_bools()
2479 				sym_name(&policydb, SYM_BOOLS, i),  in security_set_bools()
2481 				policydb.bool_val_to_struct[i]->state,  in security_set_bools()
2486 			policydb.bool_val_to_struct[i]->state = 1;  in security_set_bools()
2488 			policydb.bool_val_to_struct[i]->state = 0;  in security_set_bools()
2491 	for (cur = policydb.cond_list; cur; cur = cur->next) {  in security_set_bools()
2492 		rc = evaluate_cond_node(&policydb, cur);  in security_set_bools()
2518 	len = policydb.p_bools.nprim;  in security_get_bool_value()
2522 	rc = policydb.bool_val_to_struct[bool]->state;  in security_get_bool_value()
2528 static int security_preserve_bools(struct policydb *p)  in security_preserve_bools()
2573 	if (!ss_initialized || !policydb.mls_enabled) {  in security_sid_mls_copy()
2606 	if (!policydb_context_isvalid(&policydb, &newcon)) {  in security_sid_mls_copy()
2676 	if (!policydb.mls_enabled)  in security_net_peersid_resolve()
2730 	*nclasses = policydb.p_classes.nprim;  in security_get_classes()
2735 	rc = hashtab_map(policydb.p_classes.table, get_classes_callback,  in security_get_classes()
2770 	match = hashtab_search(policydb.p_classes.table, class);  in security_get_permissions()
2809 	return policydb.reject_unknown;  in security_get_reject_unknown()
2814 	return policydb.allow_unknown;  in security_get_allow_unknown()
2832 	rc = ebitmap_get_bit(&policydb.policycaps, req_cap);  in security_policycap_supported()
2905 		userdatum = hashtab_search(policydb.p_users.table, rulestr);  in selinux_audit_rule_init()
2913 		roledatum = hashtab_search(policydb.p_roles.table, rulestr);  in selinux_audit_rule_init()
2921 		typedatum = hashtab_search(policydb.p_types.table, rulestr);  in selinux_audit_rule_init()
3187 		if (!mls_context_isvalid(&policydb, &ctx_new))  in security_netlbl_secattr_to_sid()
3235 	secattr->domain = kstrdup(sym_name(&policydb, SYM_TYPES, ctx->type - 1),  in security_netlbl_sid_to_secattr()
3274 	rc = policydb_write(&policydb, &fp);  in security_read_policy()