113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Author: Mary Garvin <mgarvin@tresys.com> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2007-2008 Tresys Technology, LLC 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This library is free software; you can redistribute it and/or 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * modify it under the terms of the GNU Lesser General Public 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * License as published by the Free Software Foundation; either 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * version 2.1 of the License, or (at your option) any later version. 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This library is distributed in the hope that it will be useful, 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * but WITHOUT ANY WARRANTY; without even the implied warranty of 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Lesser General Public License for more details. 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * You should have received a copy of the GNU Lesser General Public 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * License along with this library; if not, write to the Free Software 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "test-downgrade.h" 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "parse_util.h" 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "helpers.h" 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/debug.h> 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/handle.h> 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/policydb.h> 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/link.h> 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/expand.h> 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/conditional.h> 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <limits.h> 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <CUnit/Basic.h> 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define POLICY_BIN_HI "policies/test-downgrade/policy.hi" 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define POLICY_BIN_LO "policies/test-downgrade/policy.lo" 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic policydb_t policydb; 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Function Name: downgrade_test_init 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Input: None 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Output: None 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Description: Initialize the policydb (policy data base structure) 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint downgrade_test_init(void) 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Initialize the policydb_t structure */ 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_init(&policydb)) { 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Function Name: downgrade_test_cleanup 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Input: None 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Output: None 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Description: Destroys policydb structure 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint downgrade_test_cleanup(void) 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Function Name: downgrade_add_tests 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Input: CU_pSuite 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Output: Returns 0 upon success. Returns a CUnit error value on failure. 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Description: Add the given downgrade tests to the downgrade suite. 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint downgrade_add_tests(CU_pSuite suite) 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (CU_add_test(suite, "downgrade", test_downgrade) == NULL) 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return CU_get_error(); 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Function Name: test_downgrade_possible 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Input: None 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Output: None 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Description: 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Tests the backward compatability of MLS and Non-MLS binary policy versions. 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid test_downgrade(void) 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (do_downgrade_test(0) < 0) 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "\nError during downgrade testing of Non-MLS policy\n"); 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (do_downgrade_test(1) < 0) 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "\nError during downgrade testing of MLS policy\n"); 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Function Name: do_downgrade_test 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Input: 0 for Non-MLS policy and 1 for MLS policy downgrade testing 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Output: 0 on success, negative number upon failure 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Description: This function handles the downgrade testing. 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * A binary policy is read into the policydb structure, the 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * policy version is decreased by a specific amount, written 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * back out and then read back in again. The process is 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * repeated until the minimum policy version is reached. 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint do_downgrade_test(int mls) 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t policydb_tmp; 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int hi, lo, version; 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Reset policydb for re-use */ 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle downgrade_test_init(); 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Read in the hi policy from file */ 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_binary_policy(POLICY_BIN_HI, &policydb) != 0) { 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "error reading %spolicy binary\n", mls ? "mls " : ""); 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle CU_FAIL("Unable to read the binary policy"); 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Change MLS value based on parameter */ 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb.mls = mls ? 1 : 0; 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (hi = policydb.policyvers; hi >= POLICYDB_VERSION_MIN; hi--) { 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Stash old version number */ 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle version = policydb.policyvers; 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Try downgrading to each possible version. */ 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (lo = hi - 1; lo >= POLICYDB_VERSION_MIN; lo--) { 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Reduce policy version */ 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb.policyvers = lo; 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Write out modified binary policy */ 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (write_binary_policy(POLICY_BIN_LO, &policydb) != 0) { 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Error from MLS to pre-MLS is expected due 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * to MLS re-implementation in version 19. 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls && lo < POLICYDB_VERSION_MLS) 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "error writing %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi); 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle CU_FAIL("Failed to write downgraded binary policy"); 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Make sure we can read back what we wrote. */ 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_init(&policydb_tmp)) { 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: Out of memory!\n", 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __FUNCTION__); 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_binary_policy(POLICY_BIN_LO, &policydb_tmp) != 0) { 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "error reading %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi); 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle CU_FAIL("Unable to read downgraded binary policy"); 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 18113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb_tmp); 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Restore version number */ 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb.policyvers = version; 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Function Name: read_binary_policy 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Input: char * which is the path to the file containing the binary policy 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Output: Returns 0 upon success. Upon failure, -1 is returned. 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Possible failures are, filename with given path does not exist, 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * a failure to open the file, or a failure from prolicydb_read 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * function call. 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Description: Get a filename, open file and read binary policy into policydb 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * structure. 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint read_binary_policy(const char *path, policydb_t *p) 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *in_fp = NULL; 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file f; 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Open the binary policy file */ 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((in_fp = fopen(path, "rb")) == NULL) { 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Unable to open %s: %s\n", path, 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strerror(errno)); 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_handle_destroy(f.handle); 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Read in the binary policy. */ 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(&f, 0, sizeof(struct policy_file)); 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = PF_USE_STDIO; 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.fp = in_fp; 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = policydb_read(p, &f, 0); 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_handle_destroy(f.handle); 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(in_fp); 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Function Name: write_binary_policy 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Input: char * which is the path to the file containing the binary policy 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Output: Returns 0 upon success. Upon failure, -1 is returned. 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Possible failures are, filename with given path does not exist, 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * a failure to open the file, or a failure from prolicydb_read 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * function call. 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Description: open file and write the binary policy from policydb structure. 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint write_binary_policy(const char *path, policydb_t *p) 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *out_fp = NULL; 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file f; 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_handle_t *handle; 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* We don't want libsepol to print warnings to stderr */ 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle handle = sepol_handle_create(); 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (handle == NULL) { 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Out of memory!\n"); 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_msg_set_callback(handle, NULL, NULL); 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Open the binary policy file for writing */ 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((out_fp = fopen(path, "w" )) == NULL) { 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Unable to open %s: %s\n", path, 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strerror(errno)); 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_handle_destroy(f.handle); 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Write the binary policy */ 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(&f, 0, sizeof(struct policy_file)); 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = PF_USE_STDIO; 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.fp = out_fp; 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.handle = handle; 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = policydb_write(p, &f); 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_handle_destroy(f.handle); 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(out_fp); 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 274