113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Authors: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2003,2004,2005 Tresys Technology, LLC 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This program is free software; you can redistribute it and/or modify 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * it under the terms of the GNU General Public License as published by 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * the Free Software Foundation, version 2. 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * dismod.c 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Test program to the contents of a binary policy in text 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * form. 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * dismod binary_mod_file 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <getopt.h> 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <assert.h> 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/stat.h> 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/types.h> 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/mman.h> 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <errno.h> 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <fcntl.h> 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <unistd.h> 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/policydb.h> 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/services.h> 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/conditional.h> 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/flask.h> 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/link.h> 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/module.h> 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/util.h> 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/polcaps.h> 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <byteswap.h> 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <endian.h> 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if __BYTE_ORDER == __LITTLE_ENDIAN 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define le32_to_cpu(x) (x) 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#else 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define le32_to_cpu(x) bswap_32(x) 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 484ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_COND_AVTAB 0 494ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_UNCOND_AVTAB 1 504ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_ROLE_TYPE_NODE 2 /* unused? */ 514ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_ROLE_TRANS 3 524ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_ROLE_ALLOW 4 534ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_REQUIRES 5 544ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_DECLARES 6 55516cb2a264448421bff692f47f61e8cf2a74237eEric Paris#define DISPLAY_AVBLOCK_FILENAME_TRANS 7 564ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic policydb_t policydb; 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleextern unsigned int ss_initialized; 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policyvers = MOD_POLICYDB_VERSION_BASE; 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic const char *symbol_labels[9] = { 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "commons", 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "classes", "roles ", "types ", "users ", "bools ", 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "levels ", "cats ", "attribs" 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 687dcb7a594698124940d148f00f85be90c6757d7fNicolas Ioossvoid usage(const char *progname) 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("usage: %s binary_pol_file\n\n", progname); 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void render_access_mask(uint32_t mask, uint32_t class, policydb_t * p, 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * fp) 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *perm; 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perm = sepol_av_to_string(p, class, mask); 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (perm) 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "%s ", perm); 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "}"); 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void render_access_bitmap(ebitmap_t * map, uint32_t class, 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t * p, FILE * fp) 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *perm; 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(map); i < ebitmap_length(map); i++) { 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(map, i)) { 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perm = sepol_av_to_string(p, class, 1 << i); 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (perm) 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " %s", perm); 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type, 1027dcb7a594698124940d148f00f85be90c6757d7fNicolas Iooss uint32_t symbol_value, const char *prefix) 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *id = p->sym_val_to_name[symbol_type][symbol_value]; 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum_t *scope = 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (scope_datum_t *) hashtab_search(p->scope[symbol_type].table, id); 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(scope != NULL); 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (scope->scope == SCOPE_REQ) { 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " [%s%s]", prefix, id); 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " %s%s", prefix, id); 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy, 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * fp) 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 11844d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, num_types; 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (set->flags & TYPE_STAR) { 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " * "); 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (set->flags & TYPE_COMP) { 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " ~"); 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types = 0; 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (flags & RULE_SELF) { 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types++; 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->types); i < ebitmap_length(&set->types); 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i++) { 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->types, i)) 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types++; 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types <= 1) { 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->negset); 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&set->negset); i++) { 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->negset, i)) 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types++; 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->types); i < ebitmap_length(&set->types); 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i++) { 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->types, i)) 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(policy, fp, SYM_TYPES, i, ""); 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->negset); 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&set->negset); i++) { 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->negset, i)) 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(policy, fp, SYM_TYPES, i, "-"); 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (flags & RULE_SELF) { 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " self"); 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp) 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 18144d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, num = 0; 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (roles->flags & ROLE_STAR) { 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " * "); 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (roles->flags & ROLE_COMP) { 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " ~"); 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&roles->roles); 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&roles->roles); i++) { 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&roles->roles, i)) 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num++; 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num > 1) { 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&roles->roles); 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&roles->roles); i++) { 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(&roles->roles, i)) 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_ROLES, i, ""); 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num > 1) 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21458179a99884b54537ee5b367abdd4c3918198501Eric Parisint display_avrule(avrule_t * avrule, policydb_t * policy, 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * fp) 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_perm_node_t *cur; 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int num_classes; 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule == NULL) { 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " <empty>\n"); 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_AV) { 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_ALLOWED) { 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " allow"); 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_AUDITALLOW) { 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " auditallow "); 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_DONTAUDIT) { 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " dontaudit"); 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (avrule->specified & AVRULE_TYPE) { 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_TRANSITION) { 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " type_transition"); 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_MEMBER) { 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " type_member"); 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_CHANGE) { 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " type_change"); 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (avrule->specified & AVRULE_NEVERALLOW) { 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " neverallow"); 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " ERROR: no valid rule type specified\n"); 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_type_set(&avrule->stypes, 0, policy, fp)) 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_type_set(&avrule->ttypes, avrule->flags, policy, fp)) 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " :"); 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = avrule->perms; 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_classes = 0; 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (cur) { 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_classes++; 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_classes > 1) 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = cur->next; 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_classes > 1) 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " {"); 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = avrule->perms; 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (cur) { 272ed7a6ba24ad3241e696fa7bc9bb56bb4f373147bdcashman display_id(policy, fp, SYM_CLASSES, cur->tclass - 1, ""); 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = cur->next; 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_classes > 1) 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " "); 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & (AVRULE_AV | AVRULE_NEVERALLOW)) { 281ed7a6ba24ad3241e696fa7bc9bb56bb4f373147bdcashman render_access_mask(avrule->perms->data, avrule->perms->tclass, 28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy, fp); 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (avrule->specified & AVRULE_TYPE) { 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(policy, fp, SYM_TYPES, avrule->perms->data - 1, ""); 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, ";\n"); 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_datum_t *type; 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *fp; 29644d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, first_attrib = 1; 29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type = (type_datum_t *) datum; 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fp = (FILE *) data; 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type->primary) { 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_TYPES, type->s.value - 1, ""); 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " [%d]: ", type->s.value); 30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* as that aliases have no value of their own and that 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * they can never be required by a module, use this 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * alternative way of displaying a name */ 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " %s [%d]: ", (char *)key, type->s.value); 30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type->flavor == TYPE_ATTRIB) { 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "attribute for types"); 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&type->types); 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&type->types); i++) { 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&type->types, i)) 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 31613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (first_attrib) { 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle first_attrib = 0; 31813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 31913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, ","); 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 32113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_TYPES, i, ""); 32213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 32313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (type->primary) { 32413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "type"); 32513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 32613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "alias for type"); 32713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_TYPES, type->s.value - 1, ""); 32813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 32913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " flags:%x\n", type->flags); 33013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 33213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 33313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_types(policydb_t * p, FILE * fp) 33513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 33613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_types.table, display_type_callback, fp)) 33713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 33813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 33913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 34013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_users(policydb_t * p, FILE * fp) 34213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 34344d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, j; 34413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_t *bitmap; 34513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_users.nprim; i++) { 34613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_USERS, i, ""); 34713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, ":"); 34813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bitmap = &(p->user_val_to_struct[i]->roles.roles); 34913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = ebitmap_startbit(bitmap); j < ebitmap_length(bitmap); 35013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle j++) { 35113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(bitmap, j)) { 35213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_ROLES, j, ""); 35313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 35413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 35513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 35613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 35713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 35813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 35913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_bools(policydb_t * p, FILE * fp) 36113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 36244d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i; 36313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_bools.nprim; i++) { 36513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_BOOLS, i, ""); 36613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " : %d\n", p->bool_val_to_struct[i]->state); 36713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 36813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 36913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 37013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) 37213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 37313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_expr_t *cur; 37513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = exp; cur != NULL; cur = cur->next) { 37613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (cur->expr_type) { 37713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_BOOL: 37813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "%s ", 37913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_bool_val_to_name[cur->bool - 1]); 38013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 38113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_NOT: 38213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "! "); 38313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_OR: 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "|| "); 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_AND: 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "&& "); 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_XOR: 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "^ "); 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_EQ: 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "== "); 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_NEQ: 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "!= "); 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default: 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "error!"); 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 40213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 40313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 40413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 40513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40658179a99884b54537ee5b367abdd4c3918198501Eric Parisvoid display_policycon(FILE * fp) 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 40858179a99884b54537ee5b367abdd4c3918198501Eric Paris /* There was an attempt to implement this at one time. Look through 40958179a99884b54537ee5b367abdd4c3918198501Eric Paris * git history to find it. */ 41058179a99884b54537ee5b367abdd4c3918198501Eric Paris fprintf(fp, "Sorry, not implemented\n"); 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_initial_sids(policydb_t * p, FILE * fp) 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ocontext_t *cur; 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *user, *role, *type; 41713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "Initial SIDs:\n"); 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = p->ocontexts[OCON_ISID]; cur != NULL; cur = cur->next) { 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user = p->p_user_val_to_name[cur->context[0].user - 1]; 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = p->p_role_val_to_name[cur->context[0].role - 1]; 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type = p->p_type_val_to_name[cur->context[0].type - 1]; 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t%s: sid %d, context %s:%s:%s\n", 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur->u.name, cur->sid[0], user, role, type); 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if 0 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "Policy Initial SIDs:\n"); 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = p->ocontexts[OCON_POLICYISID]; cur != NULL; cur = cur->next) { 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user = p->p_user_val_to_name[cur->context[0].user - 1]; 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = p->p_role_val_to_name[cur->context[0].role - 1]; 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type = p->p_type_val_to_name[cur->context[0].type - 1]; 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t%s: sid %d, context %s:%s:%s\n", 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur->u.name, cur->sid[0], user, role, type); 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 438f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciaovoid display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp) 439f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao{ 44044d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, num = 0; 441f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 442f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) { 443f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (!ebitmap_get_bit(classes, i)) 444f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao continue; 445f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao num++; 446f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (num > 1) { 447f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao fprintf(fp, "{"); 448f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao break; 449f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao } 450f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao } 451f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 452f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) { 453f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (ebitmap_get_bit(classes, i)) 454f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao display_id(p, fp, SYM_CLASSES, i, ""); 455f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao } 456f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 457f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (num > 1) 458f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao fprintf(fp, " }"); 459f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao} 460f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 46113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_role_trans(role_trans_rule_t * tr, policydb_t * p, FILE * fp) 46213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 46313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (; tr; tr = tr->next) { 46413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "role transition "); 46513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_mod_role_set(&tr->roles, p, fp); 46613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_type_set(&tr->types, 0, p, fp); 467f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao fprintf(fp, " :"); 468f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao display_class_set(&tr->classes, p, fp); 469f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao display_id(p, fp, SYM_ROLES, tr->new_role - 1, ""); 47013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 47113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 47213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 47313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 47413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_role_allow(role_allow_rule_t * ra, policydb_t * p, FILE * fp) 47513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 47613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (; ra; ra = ra->next) { 47713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "role allow "); 47813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_mod_role_set(&ra->roles, p, fp); 47913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_mod_role_set(&ra->new_roles, p, fp); 48013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 48113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 48213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 48313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 484f1b004bf7d2453bda1a8076270f5c56b7ad90f56Eric Parisstatic void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, FILE * fp) 485516cb2a264448421bff692f47f61e8cf2a74237eEric Paris{ 486f1b004bf7d2453bda1a8076270f5c56b7ad90f56Eric Paris fprintf(fp, "filename transition"); 487516cb2a264448421bff692f47f61e8cf2a74237eEric Paris for (; tr; tr = tr->next) { 488516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_type_set(&tr->stypes, 0, p, fp); 489516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_type_set(&tr->ttypes, 0, p, fp); 490516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_id(p, fp, SYM_CLASSES, tr->tclass - 1, ":"); 491516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_id(p, fp, SYM_TYPES, tr->otype - 1, ""); 492f1b004bf7d2453bda1a8076270f5c56b7ad90f56Eric Paris fprintf(fp, " %s\n", tr->name); 493516cb2a264448421bff692f47f61e8cf2a74237eEric Paris } 494516cb2a264448421bff692f47f61e8cf2a74237eEric Paris} 495516cb2a264448421bff692f47f61e8cf2a74237eEric Paris 49658179a99884b54537ee5b367abdd4c3918198501Eric Parisint role_display_callback(hashtab_key_t key __attribute__((unused)), 49758179a99884b54537ee5b367abdd4c3918198501Eric Paris hashtab_datum_t datum, void *data) 49813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 49913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_datum_t *role; 50013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *fp; 50113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 50213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = (role_datum_t *) datum; 50313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fp = (FILE *) data; 50413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 50513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "role:"); 50613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_ROLES, role->s.value - 1, ""); 50713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " types: "); 50813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_type_set(&role->types, 0, &policydb, fp); 50913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 51013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 51213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 51313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int display_scope_index(scope_index_t * indices, policydb_t * p, 51513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * out_fp) 51613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 51744d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i; 51813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 51944d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int any_found = 0, j; 52013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "%s:", symbol_labels[i]); 52113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = ebitmap_startbit(&indices->scope[i]); 52213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle j < ebitmap_length(&indices->scope[i]); j++) { 52313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(&indices->scope[i], j)) { 52413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle any_found = 1; 52513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, " %s", 52613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->sym_val_to_name[i][j]); 52713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (i == SYM_CLASSES) { 52813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (j < indices->class_perms_len) { 52913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle render_access_bitmap(indices-> 53013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_perms_map 53113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle + j, j + 1, 53213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p, out_fp); 53313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 53413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, 53513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "<no perms known>"); 53613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 53713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 53813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 53913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 54013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!any_found) { 54113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, " <empty>"); 54213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 54313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "\n"); 54413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 54513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 54613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 54713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 54813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if 0 54913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_cond_expressions(policydb_t * p, FILE * fp) 55013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 55113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_node_t *cur; 55213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_av_list_t *av_cur; 55313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = p->cond_list; cur != NULL; cur = cur->next) { 55413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "expression: "); 55513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_expr(p, cur->expr, fp); 55613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "current state: %d\n", cur->cur_state); 55713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "True list:\n"); 55813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (av_cur = cur->true_list; av_cur != NULL; 55913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle av_cur = av_cur->next) { 56013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t"); 56113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle render_av_rule(&av_cur->node->key, &av_cur->node->datum, 56213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle RENDER_CONDITIONAL, p, fp); 56313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "False list:\n"); 56513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (av_cur = cur->false_list; av_cur != NULL; 56613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle av_cur = av_cur->next) { 56713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t"); 56813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle render_av_rule(&av_cur->node->key, &av_cur->node->datum, 56913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle RENDER_CONDITIONAL, p, fp); 57013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 57113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 57213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 57313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 57413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint change_bool(char *name, int state, policydb_t * p, FILE * fp) 57613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 57713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_bool_datum_t *bool; 57813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bool = hashtab_search(p->p_bools.table, name); 58013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (bool == NULL) { 58113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "Could not find bool %s\n", name); 58213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 58313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 58413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bool->state = state; 58513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle evaluate_conds(p); 58613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 58713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 58813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 58913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59058179a99884b54537ee5b367abdd4c3918198501Eric Parisint display_avdecl(avrule_decl_t * decl, int field, 59113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t * policy, FILE * out_fp) 59213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 59313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "decl %u:%s\n", decl->decl_id, 59413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (decl->enabled ? " [enabled]" : "")); 59513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (field) { 5964ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_COND_AVTAB:{ 59713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_list_t *cond = decl->cond_list; 59813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_t *avrule; 59913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (cond) { 60013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "expression: "); 60113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_expr(&policydb, cond->expr, out_fp); 60213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "current state: %d\n", 60313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond->cur_state); 60413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "True list:\n"); 60513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = cond->avtrue_list; 60613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (avrule) { 60713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_avrule(avrule, 60813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &policydb, out_fp); 60913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = avrule->next; 61013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 61113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "False list:\n"); 61213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = cond->avfalse_list; 61313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (avrule) { 61413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_avrule(avrule, 61513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &policydb, out_fp); 61613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = avrule->next; 61713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 61813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond = cond->next; 61913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 62013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 62113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6224ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_UNCOND_AVTAB:{ 62313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_t *avrule = decl->avrules; 62413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule == NULL) { 62513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, " <empty>\n"); 62613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 62713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (avrule != NULL) { 62858179a99884b54537ee5b367abdd4c3918198501Eric Paris if (display_avrule(avrule, policy, out_fp)) 62913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 63013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = avrule->next; 63113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 63213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 63313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6344ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_ROLE_TYPE_NODE:{ /* role_type_node */ 63513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 63613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6374ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_ROLE_TRANS:{ 63813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_role_trans(decl->role_tr_rules, policy, out_fp); 63913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 64013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6414ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_ROLE_ALLOW:{ 64213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_role_allow(decl->role_allow_rules, policy, 64313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp); 64413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 64513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6464ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_REQUIRES:{ 64713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_scope_index 64813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&decl->required, policy, out_fp)) { 64913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 65013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 65113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 65213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6534ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_DECLARES:{ 65413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_scope_index 65513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&decl->declared, policy, out_fp)) { 65613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 65713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 65813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 65913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 660516cb2a264448421bff692f47f61e8cf2a74237eEric Paris case DISPLAY_AVBLOCK_FILENAME_TRANS: 661516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_filename_trans(decl->filename_trans_rules, policy, 662516cb2a264448421bff692f47f61e8cf2a74237eEric Paris out_fp); 663516cb2a264448421bff692f47f61e8cf2a74237eEric Paris break; 66413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default:{ 66513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(0); 66613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 66713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 66813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; /* should never get here */ 66913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 67013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 67158179a99884b54537ee5b367abdd4c3918198501Eric Parisint display_avblock(int field, policydb_t * policy, 67213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * out_fp) 67313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 67413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_t *block = policydb.global; 67513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (block != NULL) { 67613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "--- begin avrule block ---\n"); 67713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_decl_t *decl = block->branch_list; 67813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (decl != NULL) { 67958179a99884b54537ee5b367abdd4c3918198501Eric Paris if (display_avdecl(decl, field, policy, out_fp)) { 68013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 68113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 68213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle decl = decl->next; 68313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 68413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle block = block->next; 68513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 68613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 68713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 68813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 68913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_handle_unknown(policydb_t * p, FILE * out_fp) 69013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 69113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->handle_unknown == ALLOW_UNKNOWN) 69213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Allow unknown classes and perms\n"); 69313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (p->handle_unknown == DENY_UNKNOWN) 69413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Deny unknown classes and perms\n"); 69513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (p->handle_unknown == REJECT_UNKNOWN) 69613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Reject unknown classes and perms\n"); 69713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 69813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 69913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 70013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int read_policy(char *filename, policydb_t * policy) 70113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 70213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *in_fp; 70313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file f; 70413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int retval; 70513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1]; 70613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 70713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((in_fp = fopen(filename, "rb")) == NULL) { 70813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Can't open '%s': %s\n", 70913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle filename, strerror(errno)); 71013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 71113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 71213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_file_init(&f); 71313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = PF_USE_STDIO; 71413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.fp = in_fp; 71513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 71613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* peek at the first byte. if they are indicative of a 71713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle package use the package reader, otherwise use the normal 71813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy reader */ 71913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (fread(buf, sizeof(uint32_t), 1, in_fp) != 1) { 72013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Could not read from policy.\n"); 72113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 72213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 72313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rewind(in_fp); 72413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (le32_to_cpu(buf[0]) == SEPOL_MODULE_PACKAGE_MAGIC) { 72513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_module_package_t *package; 72613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sepol_module_package_create(&package)) { 72713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); 72813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 72913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 73013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle package->policy = (sepol_policydb_t *) policy; 73113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle package->file_contexts = NULL; 73213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle retval = 73313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_module_package_read(package, 73413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (sepol_policy_file_t *) & f, 1); 73513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(package->file_contexts); 73613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 73713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_init(policy)) { 73813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); 73913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 74013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 74113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle retval = policydb_read(policy, &f, 1); 74213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 74313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(in_fp); 74413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return retval; 74513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 74613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 74713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void link_module(policydb_t * base, FILE * out_fp) 74813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 74913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char module_name[80] = { 0 }; 75013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int ret; 75113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t module, *mods = &module; 75213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 75313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (base->policy_type != POLICY_BASE) { 75413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Can only link if initial file was a base policy.\n"); 75513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 75613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 75713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nModule filename: "); 7580551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu if (fgets(module_name, sizeof(module_name), stdin) == NULL) { 7590551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__, 7600551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu strerror(errno)); 7610551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu exit(1); 7620551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu } 7630551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu 76413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle module_name[strlen(module_name) - 1] = '\0'; /* remove LF */ 76513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (module_name[0] == '\0') { 76613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 76713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 76813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 76913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* read the binary policy */ 77013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Reading module...\n"); 77113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_policy(module_name, mods)) { 77213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 77313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "%s: error(s) encountered while loading policy\n", 77413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle module_name); 77513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 77613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 77713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (module.policy_type != POLICY_MOD) { 77813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "This file is not a loadable policy module.\n"); 77913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 78013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 78113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_classes(&module) || 78213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_index_others(NULL, &module, 0)) { 78313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Could not index module.\n"); 78413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 78513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 78613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = link_modules(NULL, base, &mods, 1, 0); 78713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret != 0) { 78813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Link failed (error %d)\n", ret); 78913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("(You will probably need to restart dismod.)\n"); 79013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 79113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&module); 79213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 79313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 79413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 79513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void display_policycaps(policydb_t * p, FILE * fp) 79613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 79713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_node_t *node; 79813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *capname; 79913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char buf[64]; 80044d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i; 80113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 80213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "policy capabilities:\n"); 80313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_for_each_bit(&p->policycaps, node, i) { 80413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_node_get_bit(node, i)) { 80513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle capname = sepol_polcap_getname(i); 80613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (capname == NULL) { 80713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle snprintf(buf, sizeof(buf), "unknown (%d)", i); 80813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle capname = buf; 80913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 81013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t%s\n", capname); 81113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 81213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 81313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 81413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 815c4a4a1a7ed42c167a7d4bae06a1fffa8c6c9cb8dNicolas Ioossint menu(void) 81613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 81713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nSelect a command:\n"); 81813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("1) display unconditional AVTAB\n"); 81913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("2) display conditional AVTAB\n"); 82013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("3) display users\n"); 82113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("4) display bools\n"); 82213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("5) display roles\n"); 82313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("6) display types, attributes, and aliases\n"); 82413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("7) display role transitions\n"); 82513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("8) display role allows\n"); 82613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("9) Display policycon\n"); 82713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("0) Display initial SIDs\n"); 82813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 82913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("a) Display avrule requirements\n"); 83013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("b) Display avrule declarations\n"); 83113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("c) Display policy capabilities\n"); 83213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("l) Link in a module\n"); 83313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("u) Display the unknown handling setting\n"); 834516cb2a264448421bff692f47f61e8cf2a74237eEric Paris printf("F) Display filename_trans rules\n"); 83513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 83613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("f) set output file\n"); 83713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("m) display menu\n"); 83813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("q) quit\n"); 83913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 84013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 84113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 84213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint main(int argc, char **argv) 84313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 84413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *out_fp = stdout; 84513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char ans[81], OutfileName[121]; 84613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 84713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (argc != 2) 84813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usage(argv[0]); 84913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 85013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* read the binary policy */ 85113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Reading policy...\n"); 852c27a54775d42025e2249c8ee5e3a56ca38859661Dan Walsh if (policydb_init(&policydb)) { 853c27a54775d42025e2249c8ee5e3a56ca38859661Dan Walsh fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); 854c27a54775d42025e2249c8ee5e3a56ca38859661Dan Walsh exit(1); 855c27a54775d42025e2249c8ee5e3a56ca38859661Dan Walsh } 85613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_policy(argv[1], &policydb)) { 85713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 85813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "%s: error(s) encountered while loading policy\n", 85913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle argv[0]); 86013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 86113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 86213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 86313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb.policy_type != POLICY_BASE && 86413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb.policy_type != POLICY_MOD) { 86513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 86613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "This file is neither a base nor loadable policy module.\n"); 86713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 86813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 86913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_classes(&policydb)) { 87113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Error indexing classes\n"); 87213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 87313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 87413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_others(NULL, &policydb, 1)) { 87613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Error indexing others\n"); 87713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 87813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 87913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb.policy_type == POLICY_BASE) { 88113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Binary base policy file loaded.\n\n"); 88213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 88313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Binary policy module file loaded.\n"); 88413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Module name: %s\n", policydb.name); 88513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Module version: %s\n", policydb.version); 88613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 88713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 88813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle menu(); 89013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (;;) { 89113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nCommand (\'m\' for menu): "); 8920551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu if (fgets(ans, sizeof(ans), stdin) == NULL) { 8930551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__, 8940551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu strerror(errno)); 8950551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu continue; 8960551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu } 8970551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu 89813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (ans[0]) { 89913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9004ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case '1': 9014ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris fprintf(out_fp, "unconditional avtab:\n"); 9024ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_UNCOND_AVTAB, 90358179a99884b54537ee5b367abdd4c3918198501Eric Paris &policydb, out_fp); 9044ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris break; 90513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '2': 90613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "conditional avtab:\n"); 9074ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_COND_AVTAB, 90858179a99884b54537ee5b367abdd4c3918198501Eric Paris &policydb, out_fp); 90913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 91013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '3': 91113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_users(&policydb, out_fp); 91213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 91313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '4': 91413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_bools(&policydb, out_fp); 91513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 91613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '5': 91713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map 91813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (policydb.p_roles.table, role_display_callback, 91913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp)) 92013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 92113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 92213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '6': 92313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_types(&policydb, out_fp)) { 92413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Error displaying types\n"); 92513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 92613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 92713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 92813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '7': 92913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "role transitions:\n"); 93058179a99884b54537ee5b367abdd4c3918198501Eric Paris display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, 9314ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 93213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 93313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '8': 93413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "role allows:\n"); 93558179a99884b54537ee5b367abdd4c3918198501Eric Paris display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, 9364ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 93713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 93813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '9': 93958179a99884b54537ee5b367abdd4c3918198501Eric Paris display_policycon(out_fp); 94013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 94113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '0': 94213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_initial_sids(&policydb, out_fp); 94313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 94413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'a': 94513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "avrule block requirements:\n"); 94658179a99884b54537ee5b367abdd4c3918198501Eric Paris display_avblock(DISPLAY_AVBLOCK_REQUIRES, 9474ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 94813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 94913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'b': 95013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "avrule block declarations:\n"); 95158179a99884b54537ee5b367abdd4c3918198501Eric Paris display_avblock(DISPLAY_AVBLOCK_DECLARES, 9524ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 95313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 95413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'c': 95513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_policycaps(&policydb, out_fp); 95613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 95713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'u': 95813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'U': 95913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_handle_unknown(&policydb, out_fp); 96013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 96113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'f': 96213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf 96313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ("\nFilename for output (<CR> for screen output): "); 9640551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu if (fgets(OutfileName, sizeof(OutfileName), stdin) == NULL) { 9650551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__, 9660551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu strerror(errno)); 9670551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu break; 9680551fb1080249d89811c888f4f09f1ae49bb4bc6Emre Can Kucukoglu } 96913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle OutfileName[strlen(OutfileName) - 1] = '\0'; /* fix_string (remove LF) */ 97013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strlen(OutfileName) == 0) 97113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp = stdout; 97213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if ((out_fp = fopen(OutfileName, "w")) == NULL) { 97313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Cannot open output file %s\n", 97413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle OutfileName); 97513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp = stdout; 97613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 97713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (out_fp != stdout) 97813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nOutput to file: %s\n", OutfileName); 97913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 980516cb2a264448421bff692f47f61e8cf2a74237eEric Paris case 'F': 981516cb2a264448421bff692f47f61e8cf2a74237eEric Paris fprintf(out_fp, "filename_trans rules:\n"); 982516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_avblock(DISPLAY_AVBLOCK_FILENAME_TRANS, 98358179a99884b54537ee5b367abdd4c3918198501Eric Paris &policydb, out_fp); 984516cb2a264448421bff692f47f61e8cf2a74237eEric Paris break; 98513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'l': 98613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle link_module(&policydb, out_fp); 98713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 98813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'q': 98913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 99013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(0); 99113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 99213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'm': 99313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle menu(); 99413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 99513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default: 99613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nInvalid choice\n"); 99713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle menu(); 99813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 99913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 100013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 100113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 100213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(EXIT_SUCCESS); 100313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 1004