1 files changed, 33 insertions, 29 deletions

diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h
index 4d1f87466508..468e98ad3ea1 100644
--- a/security/selinux/ss/conditional.h
+++ b/security/selinux/ss/conditional.h
@@ -1,10 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
 /* Authors: Karl MacMillan <kmacmillan@tresys.com>
  *          Frank Mayer <mayerf@tresys.com>
- *
- * Copyright (C) 2003 - 2004 Tresys Technology, LLC
- *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
- *	the Free Software Foundation, version 2.
+ *          Copyright (C) 2003 - 2004 Tresys Technology, LLC
  */
 
 #ifndef _CONDITIONAL_H_
@@ -21,18 +18,22 @@
  * A conditional expression is a list of operators and operands
  * in reverse polish notation.
  */
+struct cond_expr_node {
+#define COND_BOOL 1 /* plain bool */
+#define COND_NOT  2 /* !bool */
+#define COND_OR	  3 /* bool || bool */
+#define COND_AND  4 /* bool && bool */
+#define COND_XOR  5 /* bool ^ bool */
+#define COND_EQ	  6 /* bool == bool */
+#define COND_NEQ  7 /* bool != bool */
+#define COND_LAST COND_NEQ
+	u32 expr_type;
+	u32 boolean;
+};
+
 struct cond_expr {
-#define COND_BOOL	1 /* plain bool */
-#define COND_NOT	2 /* !bool */
-#define COND_OR		3 /* bool || bool */
-#define COND_AND	4 /* bool && bool */
-#define COND_XOR	5 /* bool ^ bool */
-#define COND_EQ		6 /* bool == bool */
-#define COND_NEQ	7 /* bool != bool */
-#define COND_LAST	COND_NEQ
-	__u32 expr_type;
-	__u32 bool;
-	struct cond_expr *next;
+	struct cond_expr_node *nodes;
+	u32 len;
 };
 
 /*
@@ -41,8 +42,8 @@ struct cond_expr {
  * struct is for that list.
  */
 struct cond_av_list {
-	struct avtab_node *node;
-	struct cond_av_list *next;
+	struct avtab_node **nodes;
+	u32 len;
 };
 
 /*
@@ -54,13 +55,12 @@ struct cond_av_list {
  */
 struct cond_node {
 	int cur_state;
-	struct cond_expr *expr;
-	struct cond_av_list *true_list;
-	struct cond_av_list *false_list;
-	struct cond_node *next;
+	struct cond_expr expr;
+	struct cond_av_list true_list;
+	struct cond_av_list false_list;
 };
 
-int cond_policydb_init(struct policydb *p);
+void cond_policydb_init(struct policydb *p);
 void cond_policydb_destroy(struct policydb *p);
 
 int cond_init_bool_indexes(struct policydb *p);
@@ -68,13 +68,17 @@ int cond_destroy_bool(void *key, void *datum, void *p);
 
 int cond_index_bool(void *key, void *datum, void *datap);
 
-int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
-int cond_read_list(struct policydb *p, void *fp);
+int cond_read_bool(struct policydb *p, struct symtab *s, struct policy_file *fp);
+int cond_read_list(struct policydb *p, struct policy_file *fp);
 int cond_write_bool(void *key, void *datum, void *ptr);
-int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);
-
-void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd);
+int cond_write_list(struct policydb *p, struct policy_file *fp);
 
-int evaluate_cond_node(struct policydb *p, struct cond_node *node);
+void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
+		     struct av_decision *avd, struct extended_perms *xperms);
+void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
+			 struct extended_perms_decision *xpermd);
+void evaluate_cond_nodes(struct policydb *p);
+void cond_policydb_destroy_dup(struct policydb *p);
+int cond_policydb_dup(struct policydb *new, const struct policydb *orig);
 
 #endif /* _CONDITIONAL_H_ */