80 struct policydb policydb;  variable
110 static int selinux_set_mapping(struct policydb *pol,  in selinux_set_mapping()
258 	return policydb.mls_enabled;  in security_mls_enabled()
316 				r1 = policydb.role_val_to_struct[val1 - 1];  in constraint_expr_eval()
317 				r2 = policydb.role_val_to_struct[val2 - 1];  in constraint_expr_eval()
482 	tclass_name = sym_name(&policydb, SYM_CLASSES, tclass - 1);  in security_dump_masked_av()
483 	tclass_dat = policydb.class_val_to_struct[tclass - 1];  in security_dump_masked_av()
552 	source = flex_array_get_ptr(policydb.type_val_to_struct_array,  in type_attribute_bounds_av()
556 	target = flex_array_get_ptr(policydb.type_val_to_struct_array,  in type_attribute_bounds_av()
671 	if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {  in context_struct_compute_av()
677 	tclass_datum = policydb.class_val_to_struct[tclass - 1];  in context_struct_compute_av()
685 	sattr = flex_array_get(policydb.type_attr_map_array, scontext->type - 1);  in context_struct_compute_av()
687 	tattr = flex_array_get(policydb.type_attr_map_array, tcontext->type - 1);  in context_struct_compute_av()
693 			for (node = avtab_search_node(&policydb.te_avtab, &avkey);  in context_struct_compute_av()
707 			cond_compute_av(&policydb.te_cond_avtab, &avkey,  in context_struct_compute_av()
732 	if (tclass == policydb.process_class &&  in context_struct_compute_av()
733 	    (avd->allowed & policydb.process_trans_perms) &&  in context_struct_compute_av()
735 		for (ra = policydb.role_allow; ra; ra = ra->next) {  in context_struct_compute_av()
741 			avd->allowed &= ~policydb.process_trans_perms;  in context_struct_compute_av()
770 		  o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));  in security_validtrans_handle_fail()
799 	if (!tclass || tclass > policydb.p_classes.nprim) {  in security_validate_transition()
805 	tclass_datum = policydb.class_val_to_struct[tclass - 1];  in security_validate_transition()
888 		type = flex_array_get_ptr(policydb.type_val_to_struct_array,  in security_bounded_transition()
1033 		if (policydb.allow_unknown)  in security_compute_xperms_decision()
1039 	if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {  in security_compute_xperms_decision()
1046 	sattr = flex_array_get(policydb.type_attr_map_array,  in security_compute_xperms_decision()
1049 	tattr = flex_array_get(policydb.type_attr_map_array,  in security_compute_xperms_decision()
1056 			for (node = avtab_search_node(&policydb.te_avtab, &avkey);  in security_compute_xperms_decision()
1061 			cond_compute_xperms(&policydb.te_cond_avtab,  in security_compute_xperms_decision()
1107 	if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))  in security_compute_av()
1119 		if (policydb.allow_unknown)  in security_compute_av()
1124 	map_decision(orig_tclass, avd, policydb.allow_unknown);  in security_compute_av()
1153 	if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))  in security_compute_av_user()
1164 		if (policydb.allow_unknown)  in security_compute_av_user()
1204 	*scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;  in context_struct_to_string()
1205 	*scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;  in context_struct_to_string()
1206 	*scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;  in context_struct_to_string()
1222 		sym_name(&policydb, SYM_USERS, context->user - 1),  in context_struct_to_string()
1223 		sym_name(&policydb, SYM_ROLES, context->role - 1),  in context_struct_to_string()
1224 		sym_name(&policydb, SYM_TYPES, context->type - 1));  in context_struct_to_string()
1315 static int string_to_context_struct(struct policydb *pol,  in string_to_context_struct()
1439 	rc = string_to_context_struct(&policydb, &sidtab, scontext2,  in security_context_to_sid_core()
1533 		  n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));  in compute_sid_handle_invalid_context()
1543 static void filename_compute_type(struct policydb *p, struct context *newcontext,  in filename_compute_type()
1625 	if (tclass && tclass <= policydb.p_classes.nprim)  in security_compute_sid()
1626 		cladatum = policydb.class_val_to_struct[tclass - 1];  in security_compute_sid()
1652 		if ((tclass == policydb.process_class) || (sock == true))  in security_compute_sid()
1664 		if ((tclass == policydb.process_class) || (sock == true)) {  in security_compute_sid()
1678 	avdatum = avtab_search(&policydb.te_avtab, &avkey);  in security_compute_sid()
1682 		node = avtab_search_node(&policydb.te_cond_avtab, &avkey);  in security_compute_sid()
1698 		filename_compute_type(&policydb, &newcontext, scontext->type,  in security_compute_sid()
1704 		for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {  in security_compute_sid()
1723 	if (!policydb_context_isvalid(&policydb, &newcontext)) {  in security_compute_sid()
1840 	struct policydb *oldp;
1841 	struct policydb *newp;
1993 	selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,  in security_load_policycaps()
1995 	selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,  in security_load_policycaps()
1997 	selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,  in security_load_policycaps()
2001 static int security_preserve_bools(struct policydb *p);
2015 	struct policydb *oldpolicydb, *newpolicydb;  in security_load_policy()
2033 		rc = policydb_read(&policydb, fp);  in security_load_policy()
2039 		policydb.len = len;  in security_load_policy()
2040 		rc = selinux_set_mapping(&policydb, secclass_map,  in security_load_policy()
2044 			policydb_destroy(&policydb);  in security_load_policy()
2049 		rc = policydb_load_isids(&policydb, &sidtab);  in security_load_policy()
2051 			policydb_destroy(&policydb);  in security_load_policy()
2078 	if (policydb.mls_enabled && !newpolicydb->mls_enabled)  in security_load_policy()
2080 	else if (!policydb.mls_enabled && newpolicydb->mls_enabled)  in security_load_policy()
2111 	args.oldp = &policydb;  in security_load_policy()
2122 	memcpy(oldpolicydb, &policydb, sizeof(policydb));  in security_load_policy()
2127 	memcpy(&policydb, newpolicydb, sizeof(policydb));  in security_load_policy()
2165 	len = policydb.len;  in security_policydb_len()
2184 	c = policydb.ocontexts[OCON_PORT];  in security_port_sid()
2223 	c = policydb.ocontexts[OCON_NETIF];  in security_netif_sid()
2292 		c = policydb.ocontexts[OCON_NODE];  in security_node_sid()
2305 		c = policydb.ocontexts[OCON_NODE6];  in security_node_sid()
2384 	user = hashtab_search(policydb.p_users.table, username);  in security_get_user_sids()
2396 		role = policydb.role_val_to_struct[i];  in security_get_user_sids()
2484 	for (genfs = policydb.genfs; genfs; genfs = genfs->next) {  in __security_genfs_sid()
2553 	c = policydb.ocontexts[OCON_FSUSE];  in security_fs_use()
2594 	*len = policydb.p_bools.nprim;  in security_get_bools()
2609 		(*values)[i] = policydb.bool_val_to_struct[i]->state;  in security_get_bools()
2612 		(*names)[i] = kstrdup(sym_name(&policydb, SYM_BOOLS, i), GFP_ATOMIC);  in security_get_bools()
2639 	lenp = policydb.p_bools.nprim;  in security_set_bools()
2644 		if (!!values[i] != policydb.bool_val_to_struct[i]->state) {  in security_set_bools()
2648 				sym_name(&policydb, SYM_BOOLS, i),  in security_set_bools()
2650 				policydb.bool_val_to_struct[i]->state,  in security_set_bools()
2655 			policydb.bool_val_to_struct[i]->state = 1;  in security_set_bools()
2657 			policydb.bool_val_to_struct[i]->state = 0;  in security_set_bools()
2660 	for (cur = policydb.cond_list; cur; cur = cur->next) {  in security_set_bools()
2661 		rc = evaluate_cond_node(&policydb, cur);  in security_set_bools()
2687 	len = policydb.p_bools.nprim;  in security_get_bool_value()
2691 	rc = policydb.bool_val_to_struct[bool]->state;  in security_get_bool_value()
2697 static int security_preserve_bools(struct policydb *p)  in security_preserve_bools()
2742 	if (!ss_initialized || !policydb.mls_enabled) {  in security_sid_mls_copy()
2775 	if (!policydb_context_isvalid(&policydb, &newcon)) {  in security_sid_mls_copy()
2845 	if (!policydb.mls_enabled)  in security_net_peersid_resolve()
2899 	*nclasses = policydb.p_classes.nprim;  in security_get_classes()
2904 	rc = hashtab_map(policydb.p_classes.table, get_classes_callback,  in security_get_classes()
2939 	match = hashtab_search(policydb.p_classes.table, class);  in security_get_permissions()
2978 	return policydb.reject_unknown;  in security_get_reject_unknown()
2983 	return policydb.allow_unknown;  in security_get_allow_unknown()
3001 	rc = ebitmap_get_bit(&policydb.policycaps, req_cap);  in security_policycap_supported()
3074 		userdatum = hashtab_search(policydb.p_users.table, rulestr);  in selinux_audit_rule_init()
3082 		roledatum = hashtab_search(policydb.p_roles.table, rulestr);  in selinux_audit_rule_init()
3090 		typedatum = hashtab_search(policydb.p_types.table, rulestr);  in selinux_audit_rule_init()
3356 		if (!mls_context_isvalid(&policydb, &ctx_new))  in security_netlbl_secattr_to_sid()
3404 	secattr->domain = kstrdup(sym_name(&policydb, SYM_TYPES, ctx->type - 1),  in security_netlbl_sid_to_secattr()
3443 	rc = policydb_write(&policydb, &fp);  in security_read_policy()