18c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 28c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 38c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 48c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 58c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 68c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 78c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 88c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 98c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Support for enhanced MLS infrastructure. 108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: Karl MacMillan <kmacmillan@tresys.com> 128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Added conditional policy language extensions 148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: James Morris <jmorris@intercode.com.au> 168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Added IPv6 support. 188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: Joshua Brindle <jbrindle@tresys.com> 208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Karl MacMillan <kmacmillan@tresys.com> 218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Jason Tang <jtang@tresys.com> 228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Policy Module support. 248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2003 - 2005 Tresys Technology, LLC 278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * This program is free software; you can redistribute it and/or modify 298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * it under the terms of the GNU General Public License as published by 308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the Free Software Foundation, version 2. 318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* FLASK */ 348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * checkpolicy 378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Load and check a policy configuration. 398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * A policy configuration is created in a text format, 418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * and then compiled into a binary format for use by 428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the security server. By default, checkpolicy reads 438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the text format. If '-b' is specified, then checkpolicy 448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * reads the binary format instead. 458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * If '-o output_file' is specified, then checkpolicy 478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * writes the binary format version of the configuration 488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * to the specified output file. 498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * If '-d' is specified, then checkpolicy permits the user 518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * to interactively test the security server functions with 528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the loaded policy configuration. 538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * If '-c' is specified, then the supplied parameter is used to 558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * determine which policy version to use for generating binary 568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * policy. This is for compatibility with older kernels. If any 578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * booleans or conditional rules are thrown away a warning is printed. 588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <getopt.h> 618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <unistd.h> 628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdlib.h> 638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/types.h> 648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/stat.h> 658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/socket.h> 668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <netinet/in.h> 678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <arpa/inet.h> 688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <fcntl.h> 698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdio.h> 708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <errno.h> 718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/mman.h> 728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 733fab9cdeebb5bd40681a59f9f3f3406ff600cfebStephen Smalley#ifdef DARWIN 743fab9cdeebb5bd40681a59f9f3f3406ff600cfebStephen Smalley#include <ctype.h> 753fab9cdeebb5bd40681a59f9f3f3406ff600cfebStephen Smalley#endif 763fab9cdeebb5bd40681a59f9f3f3406ff600cfebStephen Smalley 778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/policydb.h> 788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/services.h> 798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/conditional.h> 808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/hierarchy.h> 818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/flask.h> 828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/expand.h> 838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/link.h> 848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "queue.h" 868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "checkpolicy.h" 878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "parse_util.h" 888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern char *optarg; 908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int optind; 918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic policydb_t policydb; 938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic sidtab_t sidtab; 948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern policydb_t *policydbp; 968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int mlspol; 978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int handle_unknown = SEPOL_DENY_UNKNOWN; 998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic char *txtfile = "policy.conf"; 1008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic char *binfile = "policy"; 1018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidunsigned int policyvers = POLICYDB_VERSION_MAX; 1038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidvoid usage(char *progname) 1058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf 1078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject)] [-M]" 1088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "[-c policyvers (%d-%d)] [-o output_file] [-t target_platform (selinux,xen)]" 1098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "[input_file]\n", 1108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 1128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#define FGETS(out, size, in) \ 1158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidif (fgets(out,size,in)==NULL) { \ 1168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,\ 1178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android strerror(errno)); \ 1188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1);\ 1198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int print_sid(sepol_security_id_t sid, 1218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android context_struct_t * context 1228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android __attribute__ ((unused)), void *data 1238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android __attribute__ ((unused))) 1248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_security_context_t scontext; 1268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android size_t scontext_len; 1278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int rc; 1288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android rc = sepol_sid_to_context(sid, &scontext, &scontext_len); 1308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (rc) 1318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("sid %d -> error %d\n", sid, rc); 1328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else { 1338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("sid %d -> scontext %s\n", sid, scontext); 1348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(scontext); 1358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 1378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstruct val_to_name { 1408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int val; 1418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android char *name; 1428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android}; 1438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *p) 1458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct val_to_name *v = p; 1478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android perm_datum_t *perdatum; 1488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android perdatum = (perm_datum_t *) datum; 1508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (v->val == perdatum->s.value) { 1528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android v->name = key; 1538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 1; 1548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 1578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#ifdef EQUIVTYPES 1608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int insert_type_rule(avtab_key_t * k, avtab_datum_t * d, 1618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct avtab_node *type_rules) 1628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct avtab_node *p, *c, *n; 1648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (p = type_rules, c = type_rules->next; c; p = c, c = c->next) { 1668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* 1678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Find the insertion point, keeping the list 1688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * ordered by source type, then target type, then 1698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * target class. 1708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 1718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (k->source_type < c->key.source_type) 1728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (k->source_type == c->key.source_type && 1748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android k->target_type < c->key.target_type) 1758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (k->source_type == c->key.source_type && 1778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android k->target_type == c->key.target_type && 1788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android k->target_class < c->key.target_class) 1798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Insert the rule */ 1838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android n = malloc(sizeof(struct avtab_node)); 1848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!n) { 1858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "out of memory\n"); 1868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 1878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android n->key = *k; 1908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android n->datum = *d; 1918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android n->next = p->next; 1928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p->next = n; 1938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 1948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int create_type_rules(avtab_key_t * k, avtab_datum_t * d, void *args) 1978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct avtab_node *type_rules = args; 1998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (d->specified & AVTAB_ALLOWED) { 2018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* 2028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Insert the rule into the lists for both 2038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the source type and the target type. 2048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 2058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_type_rule(k, d, &type_rules[k->source_type - 1])) 2068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 2078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_type_rule(k, d, &type_rules[k->target_type - 1])) 2088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 2098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 2128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 2138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic void free_type_rules(struct avtab_node *l) 2158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 2168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct avtab_node *tmp; 2178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android while (l) { 2198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tmp = l; 2208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android l = l->next; 2218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(tmp); 2228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 2248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int identify_equiv_types(void) 2268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 2278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct avtab_node *type_rules, *l1, *l2; 2288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int i, j; 2298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* 2318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Create a list of access vector rules for each type 2328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * from the access vector table. 2338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 2348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android type_rules = malloc(sizeof(struct avtab_node) * policydb.p_types.nprim); 2358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!type_rules) { 2368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "out of memory\n"); 2378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android memset(type_rules, 0, 2408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sizeof(struct avtab_node) * policydb.p_types.nprim); 2418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (avtab_map(&policydb.te_avtab, create_type_rules, type_rules)) 2428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* 2458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Compare the type lists and identify equivalent types. 2468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 2478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (i = 0; i < policydb.p_types.nprim - 1; i++) { 2488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!type_rules[i].next) 2498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android continue; 2508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (j = i + 1; j < policydb.p_types.nprim; j++) { 2518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (l1 = type_rules[i].next, l2 = type_rules[j].next; 2528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android l1 && l2; l1 = l1->next, l2 = l2->next) { 2538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l2->key.source_type == (j + 1)) { 2548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l1->key.source_type != (i + 1)) 2558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 2578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l1->key.source_type != 2588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android l2->key.source_type) 2598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l2->key.target_type == (j + 1)) { 2628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l1->key.target_type != (i + 1)) 2638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 2658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l1->key.target_type != 2668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android l2->key.target_type) 2678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l1->key.target_class != l2->key.target_class 2708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android || l1->datum.allowed != l2->datum.allowed) 2718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (l1 || l2) 2748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android continue; 2758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free_type_rules(type_rules[j].next); 2768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android type_rules[j].next = NULL; 2778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("Types %s and %s are equivalent.\n", 2788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb.p_type_val_to_name[i], 2798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb.p_type_val_to_name[j]); 2808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free_type_rules(type_rules[i].next); 2828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android type_rules[i].next = NULL; 2838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(type_rules); 2868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 2878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 2888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#endif 2898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern char *av_to_string(uint32_t tclass, sepol_access_vector_t av); 2918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidint display_bools() 2938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 2948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int i; 2958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (i = 0; i < policydbp->p_bools.nprim; i++) { 2978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s : %d\n", policydbp->p_bool_val_to_name[i], 2988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydbp->bool_val_to_struct[i]->state); 2998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 3008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 3018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 3028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidvoid display_expr(cond_expr_t * exp) 3048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 3058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android cond_expr_t *cur; 3078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (cur = exp; cur != NULL; cur = cur->next) { 3088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (cur->expr_type) { 3098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case COND_BOOL: 3108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s ", 3118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydbp->p_bool_val_to_name[cur->bool - 1]); 3128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case COND_NOT: 3148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("! "); 3158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case COND_OR: 3178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("|| "); 3188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case COND_AND: 3208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("&& "); 3218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case COND_XOR: 3238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("^ "); 3248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case COND_EQ: 3268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("== "); 3278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case COND_NEQ: 3298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("!= "); 3308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 3328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("error!"); 3338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 3348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 3358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 3368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 3378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidint display_cond_expressions() 3398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 3408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android cond_node_t *cur; 3418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (cur = policydbp->cond_list; cur != NULL; cur = cur->next) { 3438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("expression: "); 3448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android display_expr(cur->expr); 3458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("current state: %d\n", cur->cur_state); 3468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 3478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 3488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 3498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidint change_bool(char *name, int state) 3518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 3528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android cond_bool_datum_t *bool; 3538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android bool = hashtab_search(policydbp->p_bools.table, name); 3558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (bool == NULL) { 3568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("Could not find bool %s\n", name); 3578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 3588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 3598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android bool->state = state; 3608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android evaluate_conds(policydbp); 3618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 3628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 3638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int check_level(hashtab_key_t key, hashtab_datum_t datum, void *arg) 3658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 3668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android level_datum_t *levdatum = (level_datum_t *) datum; 3678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!levdatum->isalias && !levdatum->defined) { 3698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, 3708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "Error: sensitivity %s was not used in a level definition!\n", 3718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android key); 3728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 3738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 3748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 3758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 3768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidint main(int argc, char **argv) 3788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 3798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_security_class_t tclass; 3808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_security_id_t ssid, tsid, *sids; 3818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_security_context_t scontext; 3828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct sepol_av_decision avd; 3838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android class_datum_t *cladatum; 3848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android char ans[80 + 1], *file = txtfile, *outfile = NULL, *path, *fstype; 3858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android size_t scontext_len, pathlen; 3868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int i; 3878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int protocol, port; 3888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int binary = 0, debug = 0; 3898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct val_to_name v; 3908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int ret, ch, fd, target = SEPOL_TARGET_SELINUX; 3918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int nel, uret; 3928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct stat sb; 3938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android void *map; 3948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FILE *outfp = NULL; 3958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android char *name; 3968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int state; 3978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int show_version = 0; 3988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct policy_file pf; 3998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct option long_options[] = { 4008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"output", required_argument, NULL, 'o'}, 4018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"target", required_argument, NULL, 't'}, 4028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"binary", no_argument, NULL, 'b'}, 4038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"debug", no_argument, NULL, 'd'}, 4048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"version", no_argument, NULL, 'V'}, 405968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley {"handle-unknown", required_argument, NULL, 'U'}, 4068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"mls", no_argument, NULL, 'M'}, 4078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"help", no_argument, NULL, 'h'}, 4088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {NULL, 0, NULL, 0} 4098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android }; 4108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 4118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android while ((ch = getopt_long(argc, argv, "o:t:dbU:MVc:h", long_options, NULL)) != -1) { 4128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ch) { 4138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'o': 4148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android outfile = optarg; 4158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 't': 4178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(optarg, "Xen")) 4188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android target = SEPOL_TARGET_XEN; 4198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (!strcasecmp(optarg, "SELinux")) 4208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android target = SEPOL_TARGET_SELINUX; 4218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else{ 4228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: Unknown target platform:" 4238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "%s\n", argv[0], optarg); 4248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 4258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'b': 4288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android binary = 1; 4298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file = binfile; 4308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'd': 4328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android debug = 1; 4338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'V': 4358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android show_version = 1; 4368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'U': 4388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(optarg, "deny")) { 4398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android handle_unknown = DENY_UNKNOWN; 4408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(optarg, "allow")) { 4438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android handle_unknown = ALLOW_UNKNOWN; 4448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(optarg, "reject")) { 4478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android handle_unknown = REJECT_UNKNOWN; 4488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 4518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'M': 4528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android mlspol = 1; 4538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'c':{ 4558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android long int n = strtol(optarg, NULL, 10); 4568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (errno) { 4578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, 4588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "Invalid policyvers specified: %s\n", 4598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android optarg); 4608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 4618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 4628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (n < POLICYDB_VERSION_MIN 4648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android || n > POLICYDB_VERSION_MAX) { 4658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, 4668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "policyvers value %ld not in range %d-%d\n", 4678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android n, POLICYDB_VERSION_MIN, 4688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android POLICYDB_VERSION_MAX); 4698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 4708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 4718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policyvers != n) 4738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policyvers = n; 4748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 4758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'h': 4778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 4788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 4798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 4828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (show_version) { 4838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%d (compatibility range %d-%d)\n", policyvers, 4848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android POLICYDB_VERSION_MAX, POLICYDB_VERSION_MIN); 4858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(0); 4868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 4888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (optind != argc) { 4898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file = argv[optind++]; 4908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (optind != argc) 4918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 4928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 4938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s: loading policy configuration from %s\n", argv[0], file); 4948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 4958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Set policydb and sidtab used by libsepol service functions 4968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android to my structures, so that I can directly populate and 4978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android manipulate them. */ 4988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_set_policydb(&policydb); 4998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_set_sidtab(&sidtab); 5008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (binary) { 5028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fd = open(file, O_RDONLY); 5038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (fd < 0) { 5048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't open '%s': %s\n", 5058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file, strerror(errno)); 5068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (fstat(fd, &sb) < 0) { 5098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't stat '%s': %s\n", 5108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file, strerror(errno)); 5118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android map = 5148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, 5158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fd, 0); 5168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (map == MAP_FAILED) { 5178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't map '%s': %s\n", 5188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file, strerror(errno)); 5198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policy_file_init(&pf); 5228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pf.type = PF_USE_MEMORY; 5238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pf.data = map; 5248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pf.len = sb.st_size; 5258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_init(&policydb)) { 5268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: policydb_init: Out of memory!\n", 5278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android argv[0]); 5288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = policydb_read(&policydb, &pf, 1); 5318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (ret) { 5328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, 5338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "%s: error(s) encountered while parsing configuration\n", 5348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android argv[0]); 5358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydbp = &policydb; 5388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Check Policy Consistency */ 5408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydbp->mls) { 5418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!mlspol) { 5428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: MLS policy, but non-MLS" 5438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android " is specified\n", argv[0]); 5448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 5478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (mlspol) { 5488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: non-MLS policy, but MLS" 5498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android " is specified\n", argv[0]); 5508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 5548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_t parse_policy; 5558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_init(&parse_policy)) 5578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* We build this as a base policy first since that is all the parser understands */ 5598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android parse_policy.policy_type = POLICY_BASE; 5608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_set_target_platform(&parse_policy, target); 5618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Let sepol know if we are dealing with MLS support */ 5638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android parse_policy.mls = mlspol; 5648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android parse_policy.handle_unknown = handle_unknown; 5658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydbp = &parse_policy; 5678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (read_source_policy(policydbp, file, "checkpolicy") < 0) 5698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (hashtab_map(policydbp->p_levels.table, check_level, NULL)) 5728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_init(&policydb)) { 5758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: policydb_init failed\n", argv[0]); 5768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Linking takes care of optional avrule blocks */ 5808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (link_modules(NULL, &parse_policy, NULL, 0, 0)) { 5818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Error while resolving optionals\n"); 5828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (expand_module(NULL, &parse_policy, &policydb, 0, 1)) { 5868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Error while expanding policy\n"); 5878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_destroy(&parse_policy); 5908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydbp = &policydb; 5918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 5928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_load_isids(&policydb, &sidtab)) 5948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 5958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s: policy configuration loaded\n", argv[0]); 5978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 5988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (outfile) { 5998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf 6008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ("%s: writing binary representation (version %d) to %s\n", 6018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android argv[0], policyvers, outfile); 6028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android outfp = fopen(outfile, "w"); 6038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!outfp) { 6048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android perror(outfile); 6058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 6068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 6088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb.policy_type = POLICY_KERN; 6098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb.policyvers = policyvers; 6108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 6118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policy_file_init(&pf); 6128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pf.type = PF_USE_STDIO; 6138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pf.fp = outfp; 6148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = policydb_write(&policydb, &pf); 6158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (ret) { 6168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: error writing %s\n", 6178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android argv[0], outfile); 6188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 6198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fclose(outfp); 6218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!debug) { 6238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_destroy(&policydb); 6248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(0); 6258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 6278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android menu: 6288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nSelect an option:\n"); 6298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("0) Call compute_access_vector\n"); 6308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("1) Call sid_to_context\n"); 6318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("2) Call context_to_sid\n"); 6328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("3) Call transition_sid\n"); 6338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("4) Call member_sid\n"); 6348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("5) Call change_sid\n"); 6358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("6) Call list_sids\n"); 6368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("7) Call load_policy\n"); 6378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("8) Call fs_sid\n"); 6388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("9) Call port_sid\n"); 6398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("a) Call netif_sid\n"); 6408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("b) Call node_sid\n"); 6418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("c) Call fs_use\n"); 6428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("d) Call genfs_sid\n"); 6438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("e) Call get_user_sids\n"); 6448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("f) display conditional bools\n"); 6458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("g) display conditional expressions\n"); 6468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("h) change a boolean value\n"); 6478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#ifdef EQUIVTYPES 6488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("z) Show equivalent types\n"); 6498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#endif 6508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("m) Show menu again\n"); 6518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("q) Exit\n"); 6528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android while (1) { 6538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nChoose: "); 6548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 6558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ans[0]) { 6568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '0': 6578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("source sid? "); 6588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 6598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ssid = atoi(ans); 6608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 6618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("target sid? "); 6628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 6638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tsid = atoi(ans); 6648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 6658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("target class? "); 6668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 6678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (isdigit(ans[0])) { 6688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tclass = atoi(ans); 6698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!tclass 6708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android || tclass > policydb.p_classes.nprim) { 6718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nNo such class.\n"); 6728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 6738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android cladatum = 6758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb.class_val_to_struct[tclass - 1]; 6768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 6778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 6788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android cladatum = 6798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android (class_datum_t *) hashtab_search(policydb. 6808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p_classes. 6818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android table, 6828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans); 6838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!cladatum) { 6848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nNo such class\n"); 6858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 6868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tclass = cladatum->s.value; 6888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 6908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!cladatum->comdatum && !cladatum->permissions.nprim) { 6918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf 6928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ("\nNo access vector definition for that class\n"); 6938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 6948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 6958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = sepol_compute_av(ssid, tsid, tclass, 0, &avd); 6968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ret) { 6978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 0: 6988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nallowed {"); 6998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (i = 1; i <= sizeof(avd.allowed) * 8; i++) { 7008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (avd.allowed & (1 << (i - 1))) { 7018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android v.val = i; 7028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = 7038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android hashtab_map(cladatum-> 7048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android permissions. 7058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android table, 7068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android find_perm, &v); 7078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!ret && cladatum->comdatum) { 7088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = 7098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android hashtab_map 7108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android (cladatum-> 7118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android comdatum-> 7128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android permissions.table, 7138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android find_perm, &v); 7148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (ret) 7168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" %s", v.name); 7178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" }\n"); 7208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -EINVAL: 7228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\ninvalid sid\n"); 7238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 7258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("return code 0x%x\n", ret); 7268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '1': 7298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("sid? "); 7308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 7318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ssid = atoi(ans); 7328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = sepol_sid_to_context(ssid, 7338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android &scontext, &scontext_len); 7348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ret) { 7358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 0: 7368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nscontext %s\n", scontext); 7378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(scontext); 7388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -EINVAL: 7408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\ninvalid sid\n"); 7418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -ENOMEM: 7438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nout of memory\n"); 7448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 7468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("return code 0x%x\n", ret); 7478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '2': 7508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("scontext? "); 7518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 7528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android scontext_len = strlen(ans); 7538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[scontext_len - 1] = 0; 7548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = sepol_context_to_sid(ans, scontext_len, &ssid); 7558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ret) { 7568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 0: 7578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nsid %d\n", ssid); 7588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -EINVAL: 7608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\ninvalid context\n"); 7618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -ENOMEM: 7638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nout of memory\n"); 7648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 7668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("return code 0x%x\n", ret); 7678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '3': 7708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '4': 7718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '5': 7728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ch = ans[0]; 7738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 7748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("source sid? "); 7758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 7768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ssid = atoi(ans); 7778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("target sid? "); 7788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 7798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tsid = atoi(ans); 7808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 7818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("object class? "); 7828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 7838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (isdigit(ans[0])) { 7848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tclass = atoi(ans); 7858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!tclass 7868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android || tclass > policydb.p_classes.nprim) { 7878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nNo such class.\n"); 7888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 7898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 7918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 7928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android cladatum = 7938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android (class_datum_t *) hashtab_search(policydb. 7948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p_classes. 7958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android table, 7968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans); 7978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!cladatum) { 7988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nNo such class\n"); 7998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tclass = cladatum->s.value; 8028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 8048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (ch == '3') 8058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = 8068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_transition_sid(ssid, tsid, tclass, 8078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android &ssid); 8088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (ch == '4') 8098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = 8108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_member_sid(ssid, tsid, tclass, &ssid); 8118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else 8128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = 8138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_change_sid(ssid, tsid, tclass, &ssid); 8148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ret) { 8158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 0: 8168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nsid %d\n", ssid); 8178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -EINVAL: 8198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\ninvalid sid\n"); 8208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -ENOMEM: 8228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nout of memory\n"); 8238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 8258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("return code 0x%x\n", ret); 8268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '6': 8298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_sidtab_map(&sidtab, print_sid, 0); 8308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '7': 8328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("pathname? "); 8338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 8348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pathlen = strlen(ans); 8358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[pathlen - 1] = 0; 8368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s: loading policy configuration from %s\n", 8378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android argv[0], ans); 8388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fd = open(ans, O_RDONLY); 8398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (fd < 0) { 8408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't open '%s': %s\n", 8418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans, strerror(errno)); 8428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (fstat(fd, &sb) < 0) { 8458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't stat '%s': %s\n", 8468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans, strerror(errno)); 8478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android map = 8508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, 8518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android MAP_PRIVATE, fd, 0); 8528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (map == MAP_FAILED) { 8538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't map '%s': %s\n", 8548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans, strerror(errno)); 8558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = sepol_load_policy(map, sb.st_size); 8588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ret) { 8598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 0: 8608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nsuccess\n"); 8618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -EINVAL: 8638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\ninvalid policy\n"); 8648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -ENOMEM: 8668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nout of memory\n"); 8678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 8698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("return code 0x%x\n", ret); 8708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '8': 8738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("fs kdevname? "); 8748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 8758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 8768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_fs_sid(ans, &ssid, &tsid); 8778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("fs_sid %d default_file_sid %d\n", ssid, tsid); 8788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case '9': 8808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("protocol? "); 8818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 8828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 8838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcmp(ans, "tcp") || !strcmp(ans, "TCP")) 8848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android protocol = IPPROTO_TCP; 8858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP")) 8868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android protocol = IPPROTO_UDP; 8878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else { 8888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("unknown protocol\n"); 8898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("port? "); 8928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 8938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android port = atoi(ans); 8948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_port_sid(0, 0, protocol, port, &ssid); 8958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("sid %d\n", ssid); 8968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 8978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'a': 8988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("netif name? "); 8998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 9008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 9018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_netif_sid(ans, &ssid, &tsid); 9028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("if_sid %d default_msg_sid %d\n", ssid, tsid); 9038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'b':{ 9058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android char *p; 9068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int family, len; 9078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct in_addr addr4; 9088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct in6_addr addr6; 9098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 9108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("protocol family? "); 9118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 9128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 9138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(ans, "ipv4")) 9148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android family = AF_INET; 9158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (!strcasecmp(ans, "ipv6")) 9168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android family = AF_INET6; 9178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else { 9188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("unknown protocol family\n"); 9198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 9228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("node address? "); 9238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 9248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 9258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 9268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (family == AF_INET) { 9278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p = (char *)&addr4; 9288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android len = sizeof(addr4); 9298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 9308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p = (char *)&addr6; 9318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android len = sizeof(addr6); 9328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 9348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (inet_pton(family, ans, p) < 1) { 9358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("error parsing address\n"); 9368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 9398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_node_sid(family, p, len, &ssid); 9408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("sid %d\n", ssid); 9418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'c': 9448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("fstype? "); 9458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 9468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 9478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_fs_use(ans, &uret, &ssid); 9488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (uret) { 9498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case SECURITY_FS_USE_XATTR: 9508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("use xattr\n"); 9518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case SECURITY_FS_USE_TRANS: 9538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("use transition SIDs\n"); 9548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case SECURITY_FS_USE_TASK: 9568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("use task SIDs\n"); 9578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case SECURITY_FS_USE_GENFS: 9598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("use genfs\n"); 9608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case SECURITY_FS_USE_NONE: 9628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("no labeling support\n"); 9638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("sid %d\n", ssid); 9668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'd': 9688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("fstype? "); 9698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 9708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 9718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fstype = strdup(ans); 9728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("path? "); 9738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 9748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 9758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android path = strdup(ans); 9768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("object class? "); 9778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 9788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (isdigit(ans[0])) { 9798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tclass = atoi(ans); 9808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!tclass 9818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android || tclass > policydb.p_classes.nprim) { 9828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nNo such class.\n"); 9838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 9868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 9878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android cladatum = 9888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android (class_datum_t *) hashtab_search(policydb. 9898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p_classes. 9908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android table, 9918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans); 9928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!cladatum) { 9938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nNo such class\n"); 9948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 9958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android tclass = cladatum->s.value; 9978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 9988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_genfs_sid(fstype, path, tclass, &ssid); 9998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("sid %d\n", ssid); 10008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(fstype); 10018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(path); 10028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'e': 10048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("from SID? "); 10058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 10068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 10078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ssid = atoi(ans); 10088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("username? "); 10108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 10118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 10128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = sepol_get_user_sids(ssid, ans, &sids, &nel); 10148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ret) { 10158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 0: 10168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!nel) 10178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nnone\n"); 10188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android for (i = 0; i < nel; i++) 10198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android print_sid(sids[i], NULL, NULL); 10208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(sids); 10218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -ENOMEM: 10238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nout of memory\n"); 10248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case -EINVAL: 10268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\ninvalid argument\n"); 10278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 10298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nerror\n"); 10308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 10328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'f': 10348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android display_bools(); 10358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'g': 10378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android display_cond_expressions(); 10388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'h': 10408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("name? "); 10418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 10428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 10438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android name = malloc((strlen(ans) + 1) * sizeof(char)); 10458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (name == NULL) { 10468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "couldn't malloc string.\n"); 10478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 10498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android strcpy(name, ans); 10508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("state? "); 10528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FGETS(ans, sizeof(ans), stdin); 10538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ans[strlen(ans) - 1] = 0; 10548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (atoi(ans)) 10568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android state = 1; 10578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else 10588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android state = 0; 10598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android change_bool(name, state); 10618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android free(name); 10628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#ifdef EQUIVTYPES 10648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'z': 10658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android identify_equiv_types(); 10668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#endif 10688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'm': 10698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android goto menu; 10708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'q': 10718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(0); 10728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 10738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 10748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("\nUnknown option %s.\n", ans); 10758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 10768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 10778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 10798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 10808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 10818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* FLASK */ 1082