18c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 28c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Authors: Joshua Brindle <jbrindle@tresys.com> 38c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Karl MacMillan <kmacmillan@tresys.com> 48c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Jason Tang <jtang@tresys.com> 58c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 68c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 78c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2004-5 Tresys Technology, LLC 88c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * This program is free software; you can redistribute it and/or modify 98c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * it under the terms of the GNU General Public License as published by 108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the Free Software Foundation, version 2. 118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <getopt.h> 148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <unistd.h> 158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdlib.h> 168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/types.h> 178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/stat.h> 188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <fcntl.h> 198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdio.h> 208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <errno.h> 218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/mman.h> 228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/policydb.h> 248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/services.h> 258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/conditional.h> 268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/flask.h> 278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/hierarchy.h> 288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/expand.h> 298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/link.h> 308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/sidtab.h> 318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "queue.h" 338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "checkpolicy.h" 348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "parse_util.h" 358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern char *optarg; 378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int optind; 388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic sidtab_t sidtab; 408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int mlspol; 428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int handle_unknown = SEPOL_DENY_UNKNOWN; 448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic char *txtfile = "policy.conf"; 458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic char *binfile = "policy"; 468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidunsigned int policy_type = POLICY_BASE; 488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidunsigned int policyvers = MOD_POLICYDB_VERSION_MAX; 498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int read_binary_policy(policydb_t * p, char *file, char *progname) 518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int fd; 538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct stat sb; 548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android void *map; 558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct policy_file f, *fp; 568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fd = open(file, O_RDONLY); 588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (fd < 0) { 598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't open '%s': %s\n", 608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file, strerror(errno)); 618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (fstat(fd, &sb) < 0) { 648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't stat '%s': %s\n", 658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file, strerror(errno)); 66ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley close(fd); 678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android map = 708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); 71ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley close(fd); 728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (map == MAP_FAILED) { 738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "Can't map '%s': %s\n", file, strerror(errno)); 748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policy_file_init(&f); 778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android f.type = PF_USE_MEMORY; 788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android f.data = map; 798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android f.len = sb.st_size; 808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fp = &f; 818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_init(p)) { 838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: policydb_init: Out of memory!\n", 848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android progname); 858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_read(p, fp, 1)) { 888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, 898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android "%s: error(s) encountered while parsing configuration\n", 908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android progname); 918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Check Policy Consistency */ 958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (p->mls) { 968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!mlspol) { 978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: MLS policy, but non-MLS" 988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android " is specified\n", progname); 998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 1008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 1028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (mlspol) { 1038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: non-MLS policy, but MLS" 1048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android " is specified\n", progname); 1058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 1068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 1098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic int write_binary_policy(policydb_t * p, char *file, char *progname) 1128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android FILE *outfp = NULL; 1148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct policy_file pf; 1158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int ret; 1168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s: writing binary representation (version %d) to %s\n", 1188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android progname, policyvers, file); 1198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android outfp = fopen(file, "w"); 1218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!outfp) { 1228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android perror(file); 1238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 1248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p->policy_type = policy_type; 1278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p->policyvers = policyvers; 1288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android p->handle_unknown = handle_unknown; 1298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policy_file_init(&pf); 1318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pf.type = PF_USE_STDIO; 1328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pf.fp = outfp; 1338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ret = policydb_write(p, &pf); 1348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (ret) { 1358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: error writing %s\n", progname, file); 1368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 1378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fclose(outfp); 1398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 1408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidstatic void usage(char *progname) 1438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("usage: %s [-h] [-V] [-b] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname); 1458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("Build base and policy modules.\n"); 1468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("Options:\n"); 1478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" INPUT build module from INPUT (else read from \"%s\")\n", 1488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android txtfile); 1498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" -V show policy versions created by this program\n"); 1508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" -b treat input as a binary policy file\n"); 1518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" -h print usage\n"); 1528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" -U OPTION How to handle unknown classes and permissions\n"); 1538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" deny: Deny unknown kernel checks\n"); 1548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" reject: Reject loading of policy with unknowns\n"); 1558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" allow: Allow unknown kernel checks\n"); 1568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" -m build a policy module instead of a base module\n"); 1578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" -M enable MLS policy\n"); 1588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf(" -o FILE write module to FILE (else just check syntax)\n"); 1598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 1608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 1618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidint main(int argc, char **argv) 1638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android{ 1648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android char *file = txtfile, *outfile = NULL; 1658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int binary = 0; 1668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int ch; 1678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android int show_version = 0; 1688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_t modpolicydb; 1698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android struct option long_options[] = { 1708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"help", no_argument, NULL, 'h'}, 1718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"output", required_argument, NULL, 'o'}, 1728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"binary", no_argument, NULL, 'b'}, 1738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"version", no_argument, NULL, 'V'}, 174968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley {"handle-unknown", required_argument, NULL, 'U'}, 1758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {"mls", no_argument, NULL, 'M'}, 1768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {NULL, 0, NULL, 0} 1778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android }; 1788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android while ((ch = getopt_long(argc, argv, "ho:bVU:mM", long_options, NULL)) != -1) { 1808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android switch (ch) { 1818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'h': 1828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 1838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'o': 1858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android outfile = optarg; 1868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'b': 1888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android binary = 1; 1898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file = binfile; 1908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'V': 1928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android show_version = 1; 1938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'U': 1958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(optarg, "deny")) { 1968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android handle_unknown = DENY_UNKNOWN; 1978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 1988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 1998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(optarg, "reject")) { 2008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android handle_unknown = REJECT_UNKNOWN; 2018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (!strcasecmp(optarg, "allow")) { 2048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android handle_unknown = ALLOW_UNKNOWN; 2058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 2088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'm': 2098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policy_type = POLICY_MOD; 2108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policyvers = MOD_POLICYDB_VERSION_MAX; 2118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android case 'M': 2138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android mlspol = 1; 2148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android break; 2158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android default: 2168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 2178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (show_version) { 2218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("Module versions %d-%d\n", 2228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android MOD_POLICYDB_VERSION_MIN, MOD_POLICYDB_VERSION_MAX); 2238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(0); 2248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (handle_unknown && (policy_type != POLICY_BASE)) { 2278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("Handling of unknown classes and permissions is only "); 2288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("valid in the base module\n"); 2298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (optind != argc) { 2338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android file = argv[optind++]; 2348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (optind != argc) 2358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android usage(argv[0]); 2368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s: loading policy configuration from %s\n", argv[0], file); 2388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Set policydb and sidtab used by libsepol service functions 2408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android to my structures, so that I can directly populate and 2418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android manipulate them. */ 2428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_set_policydb(&modpolicydb); 2438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_set_sidtab(&sidtab); 2448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (binary) { 2468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (read_binary_policy(&modpolicydb, file, argv[0]) == -1) { 2478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } else { 2508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_init(&modpolicydb)) { 2518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: out of memory!\n", argv[0]); 2528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 2538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android modpolicydb.policy_type = policy_type; 2568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android modpolicydb.mls = mlspol; 2578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android modpolicydb.handle_unknown = handle_unknown; 2588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (read_source_policy(&modpolicydb, file, argv[0]) == -1) { 2608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (hierarchy_check_constraints(NULL, &modpolicydb)) { 2648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return -1; 2658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (modpolicydb.policy_type == POLICY_BASE) { 2698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android /* Verify that we can successfully expand the base module. */ 2708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_t kernpolicydb; 2718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_init(&kernpolicydb)) { 2738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: policydb_init failed\n", argv[0]); 2748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (link_modules(NULL, &modpolicydb, NULL, 0, 0)) { 2778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: link modules failed\n", argv[0]); 2788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (expand_module(NULL, &modpolicydb, &kernpolicydb, 0, 1)) { 2818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android fprintf(stderr, "%s: expand module failed\n", argv[0]); 2828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_destroy(&kernpolicydb); 2858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_load_isids(&modpolicydb, &sidtab)) 2888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android sepol_sidtab_destroy(&sidtab); 2918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android printf("%s: policy configuration loaded\n", argv[0]); 2938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 2948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (outfile && 2958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android write_binary_policy(&modpolicydb, outfile, argv[0]) == -1) { 2968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android exit(1); 2978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 2988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android policydb_destroy(&modpolicydb); 2998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android return 0; 3018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 3028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 3038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* FLASK */ 304