2016-12-21 22:39:25 +07:00
|
|
|
|
|
|
|
/* NOTE: we really do want to use the kernel headers here */
|
|
|
|
#define __EXPORTED_HEADERS__
|
|
|
|
|
2009-10-01 00:41:02 +07:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <ctype.h>
|
2017-03-05 21:01:52 +07:00
|
|
|
#include <sys/socket.h>
|
2009-10-01 00:41:02 +07:00
|
|
|
|
|
|
|
struct security_class_mapping {
|
|
|
|
const char *name;
|
|
|
|
const char *perms[sizeof(unsigned) * 8 + 1];
|
|
|
|
};
|
|
|
|
|
|
|
|
#include "classmap.h"
|
|
|
|
#include "initial_sid_to_string.h"
|
|
|
|
|
2009-11-20 23:00:12 +07:00
|
|
|
#define max(x, y) (((int)(x) > (int)(y)) ? x : y)
|
2009-10-01 00:41:02 +07:00
|
|
|
|
|
|
|
const char *progname;
|
|
|
|
|
2009-11-18 21:39:51 +07:00
|
|
|
static void usage(void)
|
2009-10-01 00:41:02 +07:00
|
|
|
{
|
|
|
|
printf("usage: %s flask.h av_permissions.h\n", progname);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2009-11-18 21:39:51 +07:00
|
|
|
static char *stoupperx(const char *s)
|
2009-10-01 00:41:02 +07:00
|
|
|
{
|
|
|
|
char *s2 = strdup(s);
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
if (!s2) {
|
|
|
|
fprintf(stderr, "%s: out of memory\n", progname);
|
|
|
|
exit(3);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (p = s2; *p; p++)
|
|
|
|
*p = toupper(*p);
|
|
|
|
return s2;
|
|
|
|
}
|
|
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
int i, j, k;
|
|
|
|
int isids_len;
|
|
|
|
FILE *fout;
|
2011-03-02 12:46:08 +07:00
|
|
|
const char *needle = "SOCKET";
|
|
|
|
char *substr;
|
2009-10-01 00:41:02 +07:00
|
|
|
|
|
|
|
progname = argv[0];
|
|
|
|
|
|
|
|
if (argc < 3)
|
|
|
|
usage();
|
|
|
|
|
|
|
|
fout = fopen(argv[1], "w");
|
|
|
|
if (!fout) {
|
|
|
|
fprintf(stderr, "Could not open %s for writing: %s\n",
|
|
|
|
argv[1], strerror(errno));
|
|
|
|
exit(2);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; secclass_map[i].name; i++) {
|
|
|
|
struct security_class_mapping *map = &secclass_map[i];
|
|
|
|
map->name = stoupperx(map->name);
|
|
|
|
for (j = 0; map->perms[j]; j++)
|
|
|
|
map->perms[j] = stoupperx(map->perms[j]);
|
|
|
|
}
|
|
|
|
|
|
|
|
isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
|
|
|
|
for (i = 1; i < isids_len; i++)
|
|
|
|
initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);
|
|
|
|
|
|
|
|
fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
|
|
|
|
fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
|
|
|
|
|
|
|
|
for (i = 0; secclass_map[i].name; i++) {
|
|
|
|
struct security_class_mapping *map = &secclass_map[i];
|
|
|
|
fprintf(fout, "#define SECCLASS_%s", map->name);
|
|
|
|
for (j = 0; j < max(1, 40 - strlen(map->name)); j++)
|
|
|
|
fprintf(fout, " ");
|
|
|
|
fprintf(fout, "%2d\n", i+1);
|
|
|
|
}
|
|
|
|
|
|
|
|
fprintf(fout, "\n");
|
|
|
|
|
|
|
|
for (i = 1; i < isids_len; i++) {
|
2010-03-16 04:47:36 +07:00
|
|
|
const char *s = initial_sid_to_string[i];
|
2009-10-01 00:41:02 +07:00
|
|
|
fprintf(fout, "#define SECINITSID_%s", s);
|
|
|
|
for (j = 0; j < max(1, 40 - strlen(s)); j++)
|
|
|
|
fprintf(fout, " ");
|
|
|
|
fprintf(fout, "%2d\n", i);
|
|
|
|
}
|
|
|
|
fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
|
2011-03-02 12:46:08 +07:00
|
|
|
fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
|
|
|
|
fprintf(fout, "{\n");
|
|
|
|
fprintf(fout, "\tbool sock = false;\n\n");
|
|
|
|
fprintf(fout, "\tswitch (kern_tclass) {\n");
|
|
|
|
for (i = 0; secclass_map[i].name; i++) {
|
|
|
|
struct security_class_mapping *map = &secclass_map[i];
|
|
|
|
substr = strstr(map->name, needle);
|
|
|
|
if (substr && strcmp(substr, needle) == 0)
|
|
|
|
fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
|
|
|
|
}
|
|
|
|
fprintf(fout, "\t\tsock = true;\n");
|
|
|
|
fprintf(fout, "\t\tbreak;\n");
|
|
|
|
fprintf(fout, "\tdefault:\n");
|
|
|
|
fprintf(fout, "\t\tbreak;\n");
|
|
|
|
fprintf(fout, "\t}\n\n");
|
|
|
|
fprintf(fout, "\treturn sock;\n");
|
|
|
|
fprintf(fout, "}\n");
|
|
|
|
|
2009-10-01 00:41:02 +07:00
|
|
|
fprintf(fout, "\n#endif\n");
|
|
|
|
fclose(fout);
|
|
|
|
|
|
|
|
fout = fopen(argv[2], "w");
|
|
|
|
if (!fout) {
|
|
|
|
fprintf(stderr, "Could not open %s for writing: %s\n",
|
|
|
|
argv[2], strerror(errno));
|
|
|
|
exit(4);
|
|
|
|
}
|
|
|
|
|
|
|
|
fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
|
|
|
|
fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
|
|
|
|
|
|
|
|
for (i = 0; secclass_map[i].name; i++) {
|
|
|
|
struct security_class_mapping *map = &secclass_map[i];
|
|
|
|
for (j = 0; map->perms[j]; j++) {
|
|
|
|
fprintf(fout, "#define %s__%s", map->name,
|
|
|
|
map->perms[j]);
|
|
|
|
for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
|
|
|
|
fprintf(fout, " ");
|
|
|
|
fprintf(fout, "0x%08xUL\n", (1<<j));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fprintf(fout, "\n#endif\n");
|
|
|
|
fclose(fout);
|
|
|
|
exit(0);
|
|
|
|
}
|