]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
bfc5e3a6 PM |
2 | |
3 | /* NOTE: we really do want to use the kernel headers here */ | |
4 | #define __EXPORTED_HEADERS__ | |
5 | ||
8753f6be SS |
6 | #include <stdio.h> |
7 | #include <stdlib.h> | |
8 | #include <unistd.h> | |
9 | #include <string.h> | |
10 | #include <errno.h> | |
11 | #include <ctype.h> | |
c017c71c | 12 | #include <sys/socket.h> |
8753f6be SS |
13 | |
14 | struct security_class_mapping { | |
15 | const char *name; | |
16 | const char *perms[sizeof(unsigned) * 8 + 1]; | |
17 | }; | |
18 | ||
19 | #include "classmap.h" | |
20 | #include "initial_sid_to_string.h" | |
21 | ||
85c3b529 | 22 | #define max(x, y) (((int)(x) > (int)(y)) ? x : y) |
8753f6be SS |
23 | |
24 | const char *progname; | |
25 | ||
821d35a5 | 26 | static void usage(void) |
8753f6be SS |
27 | { |
28 | printf("usage: %s flask.h av_permissions.h\n", progname); | |
29 | exit(1); | |
30 | } | |
31 | ||
821d35a5 | 32 | static char *stoupperx(const char *s) |
8753f6be SS |
33 | { |
34 | char *s2 = strdup(s); | |
35 | char *p; | |
36 | ||
37 | if (!s2) { | |
38 | fprintf(stderr, "%s: out of memory\n", progname); | |
39 | exit(3); | |
40 | } | |
41 | ||
42 | for (p = s2; *p; p++) | |
43 | *p = toupper(*p); | |
44 | return s2; | |
45 | } | |
46 | ||
47 | int main(int argc, char *argv[]) | |
48 | { | |
49 | int i, j, k; | |
50 | int isids_len; | |
51 | FILE *fout; | |
4bc6c2d5 HC |
52 | const char *needle = "SOCKET"; |
53 | char *substr; | |
8753f6be SS |
54 | |
55 | progname = argv[0]; | |
56 | ||
57 | if (argc < 3) | |
58 | usage(); | |
59 | ||
60 | fout = fopen(argv[1], "w"); | |
61 | if (!fout) { | |
62 | fprintf(stderr, "Could not open %s for writing: %s\n", | |
63 | argv[1], strerror(errno)); | |
64 | exit(2); | |
65 | } | |
66 | ||
67 | for (i = 0; secclass_map[i].name; i++) { | |
68 | struct security_class_mapping *map = &secclass_map[i]; | |
69 | map->name = stoupperx(map->name); | |
70 | for (j = 0; map->perms[j]; j++) | |
71 | map->perms[j] = stoupperx(map->perms[j]); | |
72 | } | |
73 | ||
74 | isids_len = sizeof(initial_sid_to_string) / sizeof (char *); | |
75 | for (i = 1; i < isids_len; i++) | |
76 | initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]); | |
77 | ||
78 | fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); | |
79 | fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); | |
80 | ||
81 | for (i = 0; secclass_map[i].name; i++) { | |
82 | struct security_class_mapping *map = &secclass_map[i]; | |
83 | fprintf(fout, "#define SECCLASS_%s", map->name); | |
84 | for (j = 0; j < max(1, 40 - strlen(map->name)); j++) | |
85 | fprintf(fout, " "); | |
86 | fprintf(fout, "%2d\n", i+1); | |
87 | } | |
88 | ||
89 | fprintf(fout, "\n"); | |
90 | ||
91 | for (i = 1; i < isids_len; i++) { | |
310de047 | 92 | const char *s = initial_sid_to_string[i]; |
8753f6be SS |
93 | fprintf(fout, "#define SECINITSID_%s", s); |
94 | for (j = 0; j < max(1, 40 - strlen(s)); j++) | |
95 | fprintf(fout, " "); | |
96 | fprintf(fout, "%2d\n", i); | |
97 | } | |
98 | fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); | |
4bc6c2d5 HC |
99 | fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); |
100 | fprintf(fout, "{\n"); | |
101 | fprintf(fout, "\tbool sock = false;\n\n"); | |
102 | fprintf(fout, "\tswitch (kern_tclass) {\n"); | |
103 | for (i = 0; secclass_map[i].name; i++) { | |
104 | struct security_class_mapping *map = &secclass_map[i]; | |
105 | substr = strstr(map->name, needle); | |
106 | if (substr && strcmp(substr, needle) == 0) | |
107 | fprintf(fout, "\tcase SECCLASS_%s:\n", map->name); | |
108 | } | |
109 | fprintf(fout, "\t\tsock = true;\n"); | |
110 | fprintf(fout, "\t\tbreak;\n"); | |
111 | fprintf(fout, "\tdefault:\n"); | |
112 | fprintf(fout, "\t\tbreak;\n"); | |
113 | fprintf(fout, "\t}\n\n"); | |
114 | fprintf(fout, "\treturn sock;\n"); | |
115 | fprintf(fout, "}\n"); | |
116 | ||
8753f6be SS |
117 | fprintf(fout, "\n#endif\n"); |
118 | fclose(fout); | |
119 | ||
120 | fout = fopen(argv[2], "w"); | |
121 | if (!fout) { | |
122 | fprintf(stderr, "Could not open %s for writing: %s\n", | |
123 | argv[2], strerror(errno)); | |
124 | exit(4); | |
125 | } | |
126 | ||
127 | fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); | |
128 | fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n"); | |
129 | ||
130 | for (i = 0; secclass_map[i].name; i++) { | |
131 | struct security_class_mapping *map = &secclass_map[i]; | |
132 | for (j = 0; map->perms[j]; j++) { | |
20a8d62e SS |
133 | if (j >= 32) { |
134 | fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", | |
135 | map->name, map->perms[j]); | |
136 | exit(5); | |
137 | } | |
8753f6be SS |
138 | fprintf(fout, "#define %s__%s", map->name, |
139 | map->perms[j]); | |
140 | for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) | |
141 | fprintf(fout, " "); | |
20a8d62e | 142 | fprintf(fout, "0x%08xU\n", (1<<j)); |
8753f6be SS |
143 | } |
144 | } | |
145 | ||
146 | fprintf(fout, "\n#endif\n"); | |
147 | fclose(fout); | |
148 | exit(0); | |
149 | } |