mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-28 03:40:04 +00:00
ded34574d4
The arrays for the policy capability names, the initial sid identifiers and the class and permission names are not changed at runtime. Declare them const to avoid accidental modification. Do not override the classmap and the initial sid list in the build time script genheaders. Check flose(3) is successful in genheaders.c, otherwise the written data might be corrupted or incomplete. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: manual merge due to fuzz, minor style tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com>
157 lines
3.5 KiB
C
157 lines
3.5 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
/* NOTE: we really do want to use the kernel headers here */
|
|
#define __EXPORTED_HEADERS__
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <ctype.h>
|
|
|
|
struct security_class_mapping {
|
|
const char *name;
|
|
const char *perms[sizeof(unsigned) * 8 + 1];
|
|
};
|
|
|
|
#include "classmap.h"
|
|
#include "initial_sid_to_string.h"
|
|
|
|
const char *progname;
|
|
|
|
static void usage(void)
|
|
{
|
|
printf("usage: %s flask.h av_permissions.h\n", progname);
|
|
exit(1);
|
|
}
|
|
|
|
static char *stoupperx(const char *s)
|
|
{
|
|
char *s2 = strdup(s);
|
|
char *p;
|
|
|
|
if (!s2) {
|
|
fprintf(stderr, "%s: out of memory\n", progname);
|
|
exit(3);
|
|
}
|
|
|
|
for (p = s2; *p; p++)
|
|
*p = toupper(*p);
|
|
return s2;
|
|
}
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
int i, j;
|
|
int isids_len;
|
|
FILE *fout;
|
|
|
|
progname = argv[0];
|
|
|
|
if (argc < 3)
|
|
usage();
|
|
|
|
fout = fopen(argv[1], "w");
|
|
if (!fout) {
|
|
fprintf(stderr, "Could not open %s for writing: %s\n",
|
|
argv[1], strerror(errno));
|
|
exit(2);
|
|
}
|
|
|
|
fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
|
|
fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
|
|
|
|
for (i = 0; secclass_map[i].name; i++) {
|
|
char *name = stoupperx(secclass_map[i].name);
|
|
|
|
fprintf(fout, "#define SECCLASS_%-39s %2d\n", name, i+1);
|
|
free(name);
|
|
}
|
|
|
|
fprintf(fout, "\n");
|
|
|
|
isids_len = sizeof(initial_sid_to_string) / sizeof(char *);
|
|
for (i = 1; i < isids_len; i++) {
|
|
const char *s = initial_sid_to_string[i];
|
|
if (s) {
|
|
char *sidname = stoupperx(s);
|
|
|
|
fprintf(fout, "#define SECINITSID_%-39s %2d\n", sidname, i);
|
|
free(sidname);
|
|
}
|
|
}
|
|
fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
|
|
fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
|
|
fprintf(fout, "{\n");
|
|
fprintf(fout, "\tbool sock = false;\n\n");
|
|
fprintf(fout, "\tswitch (kern_tclass) {\n");
|
|
for (i = 0; secclass_map[i].name; i++) {
|
|
static char s[] = "SOCKET";
|
|
int len, l;
|
|
char *name = stoupperx(secclass_map[i].name);
|
|
|
|
len = strlen(name);
|
|
l = sizeof(s) - 1;
|
|
if (len >= l && memcmp(name + len - l, s, l) == 0)
|
|
fprintf(fout, "\tcase SECCLASS_%s:\n", name);
|
|
free(name);
|
|
}
|
|
fprintf(fout, "\t\tsock = true;\n");
|
|
fprintf(fout, "\t\tbreak;\n");
|
|
fprintf(fout, "\tdefault:\n");
|
|
fprintf(fout, "\t\tbreak;\n");
|
|
fprintf(fout, "\t}\n\n");
|
|
fprintf(fout, "\treturn sock;\n");
|
|
fprintf(fout, "}\n");
|
|
|
|
fprintf(fout, "\n#endif\n");
|
|
|
|
if (fclose(fout) != 0) {
|
|
fprintf(stderr, "Could not successfully close %s: %s\n",
|
|
argv[1], strerror(errno));
|
|
exit(4);
|
|
}
|
|
|
|
fout = fopen(argv[2], "w");
|
|
if (!fout) {
|
|
fprintf(stderr, "Could not open %s for writing: %s\n",
|
|
argv[2], strerror(errno));
|
|
exit(5);
|
|
}
|
|
|
|
fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
|
|
fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
|
|
|
|
for (i = 0; secclass_map[i].name; i++) {
|
|
const struct security_class_mapping *map = &secclass_map[i];
|
|
int len;
|
|
char *name = stoupperx(map->name);
|
|
|
|
len = strlen(name);
|
|
for (j = 0; map->perms[j]; j++) {
|
|
char *permname;
|
|
|
|
if (j >= 32) {
|
|
fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
|
|
map->name, map->perms[j]);
|
|
exit(5);
|
|
}
|
|
permname = stoupperx(map->perms[j]);
|
|
fprintf(fout, "#define %s__%-*s 0x%08xU\n", name,
|
|
39-len, permname, 1U<<j);
|
|
free(permname);
|
|
}
|
|
free(name);
|
|
}
|
|
|
|
fprintf(fout, "\n#endif\n");
|
|
|
|
if (fclose(fout) != 0) {
|
|
fprintf(stderr, "Could not successfully close %s: %s\n",
|
|
argv[2], strerror(errno));
|
|
exit(6);
|
|
}
|
|
|
|
exit(0);
|
|
}
|