projects / mirror_ubuntu-bionic-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
| bfc5e3a6 PM |
2 | |
| 3 | /* NOTE: we really do want to use the kernel headers here */ | |
| 4 | #define __EXPORTED_HEADERS__ | |
| 5 | ||
| 8753f6be SS |
6 | #include <stdio.h> |
| 7 | #include <stdlib.h> | |
| 8 | #include <unistd.h> | |
| 9 | #include <string.h> | |
| 10 | #include <errno.h> | |
| 11 | #include <ctype.h> | |
| c017c71c | 12 | #include <sys/socket.h> |
| 8753f6be SS |
13 | |
| 14 | struct security_class_mapping { | |
| 15 | const char *name; | |
| 16 | const char *perms[sizeof(unsigned) * 8 + 1]; | |
| 17 | }; | |
| 18 | ||
| 19 | #include "classmap.h" | |
| 20 | #include "initial_sid_to_string.h" | |
| 21 | ||
| 85c3b529 | 22 | #define max(x, y) (((int)(x) > (int)(y)) ? x : y) |
| 8753f6be SS |
23 | |
| 24 | const char *progname; | |
| 25 | ||
| 821d35a5 | 26 | static void usage(void) |
| 8753f6be SS |
27 | { |
| 28 | printf("usage: %s flask.h av_permissions.h\n", progname); | |
| 29 | exit(1); | |
| 30 | } | |
| 31 | ||
| 821d35a5 | 32 | static char *stoupperx(const char *s) |
| 8753f6be SS |
33 | { |
| 34 | char *s2 = strdup(s); | |
| 35 | char *p; | |
| 36 | ||
| 37 | if (!s2) { | |
| 38 | fprintf(stderr, "%s: out of memory\n", progname); | |
| 39 | exit(3); | |
| 40 | } | |
| 41 | ||
| 42 | for (p = s2; *p; p++) | |
| 43 | *p = toupper(*p); | |
| 44 | return s2; | |
| 45 | } | |
| 46 | ||
| 47 | int main(int argc, char *argv[]) | |
| 48 | { | |
| 49 | int i, j, k; | |
| 50 | int isids_len; | |
| 51 | FILE *fout; | |
| 4bc6c2d5 HC |
52 | const char *needle = "SOCKET"; |
| 53 | char *substr; | |
| 8753f6be SS |
54 | |
| 55 | progname = argv[0]; | |
| 56 | ||
| 57 | if (argc < 3) | |
| 58 | usage(); | |
| 59 | ||
| 60 | fout = fopen(argv[1], "w"); | |
| 61 | if (!fout) { | |
| 62 | fprintf(stderr, "Could not open %s for writing: %s\n", | |
| 63 | argv[1], strerror(errno)); | |
| 64 | exit(2); | |
| 65 | } | |
| 66 | ||
| 67 | for (i = 0; secclass_map[i].name; i++) { | |
| 68 | struct security_class_mapping *map = &secclass_map[i]; | |
| 69 | map->name = stoupperx(map->name); | |
| 70 | for (j = 0; map->perms[j]; j++) | |
| 71 | map->perms[j] = stoupperx(map->perms[j]); | |
| 72 | } | |
| 73 | ||
| 74 | isids_len = sizeof(initial_sid_to_string) / sizeof (char *); | |
| 75 | for (i = 1; i < isids_len; i++) | |
| 76 | initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]); | |
| 77 | ||
| 78 | fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); | |
| 79 | fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); | |
| 80 | ||
| 81 | for (i = 0; secclass_map[i].name; i++) { | |
| 82 | struct security_class_mapping *map = &secclass_map[i]; | |
| 83 | fprintf(fout, "#define SECCLASS_%s", map->name); | |
| 84 | for (j = 0; j < max(1, 40 - strlen(map->name)); j++) | |
| 85 | fprintf(fout, " "); | |
| 86 | fprintf(fout, "%2d\n", i+1); | |
| 87 | } | |
| 88 | ||
| 89 | fprintf(fout, "\n"); | |
| 90 | ||
| 91 | for (i = 1; i < isids_len; i++) { | |
| 310de047 | 92 | const char *s = initial_sid_to_string[i]; |
| 8753f6be SS |
93 | fprintf(fout, "#define SECINITSID_%s", s); |
| 94 | for (j = 0; j < max(1, 40 - strlen(s)); j++) | |
| 95 | fprintf(fout, " "); | |
| 96 | fprintf(fout, "%2d\n", i); | |
| 97 | } | |
| 98 | fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); | |
| 4bc6c2d5 HC |
99 | fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); |
| 100 | fprintf(fout, "{\n"); | |
| 101 | fprintf(fout, "\tbool sock = false;\n\n"); | |
| 102 | fprintf(fout, "\tswitch (kern_tclass) {\n"); | |
| 103 | for (i = 0; secclass_map[i].name; i++) { | |
| 104 | struct security_class_mapping *map = &secclass_map[i]; | |
| 105 | substr = strstr(map->name, needle); | |
| 106 | if (substr && strcmp(substr, needle) == 0) | |
| 107 | fprintf(fout, "\tcase SECCLASS_%s:\n", map->name); | |
| 108 | } | |
| 109 | fprintf(fout, "\t\tsock = true;\n"); | |
| 110 | fprintf(fout, "\t\tbreak;\n"); | |
| 111 | fprintf(fout, "\tdefault:\n"); | |
| 112 | fprintf(fout, "\t\tbreak;\n"); | |
| 113 | fprintf(fout, "\t}\n\n"); | |
| 114 | fprintf(fout, "\treturn sock;\n"); | |
| 115 | fprintf(fout, "}\n"); | |
| 116 | ||
| 8753f6be SS |
117 | fprintf(fout, "\n#endif\n"); |
| 118 | fclose(fout); | |
| 119 | ||
| 120 | fout = fopen(argv[2], "w"); | |
| 121 | if (!fout) { | |
| 122 | fprintf(stderr, "Could not open %s for writing: %s\n", | |
| 123 | argv[2], strerror(errno)); | |
| 124 | exit(4); | |
| 125 | } | |
| 126 | ||
| 127 | fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); | |
| 128 | fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n"); | |
| 129 | ||
| 130 | for (i = 0; secclass_map[i].name; i++) { | |
| 131 | struct security_class_mapping *map = &secclass_map[i]; | |
| 132 | for (j = 0; map->perms[j]; j++) { | |
| 20a8d62e SS |
133 | if (j >= 32) { |
| 134 | fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", | |
| 135 | map->name, map->perms[j]); | |
| 136 | exit(5); | |
| 137 | } | |
| 8753f6be SS |
138 | fprintf(fout, "#define %s__%s", map->name, |
| 139 | map->perms[j]); | |
| 140 | for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) | |
| 141 | fprintf(fout, " "); | |
| 20a8d62e | 142 | fprintf(fout, "0x%08xU\n", (1<<j)); |
| 8753f6be SS |
143 | } |
| 144 | } | |
| 145 | ||
| 146 | fprintf(fout, "\n#endif\n"); | |
| 147 | fclose(fout); | |
| 148 | exit(0); | |
| 149 | } |