dismod.c revision 44d8a2fed985858669d415ebe028d71768dd6652
113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Authors: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2003,2004,2005 Tresys Technology, LLC 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This program is free software; you can redistribute it and/or modify 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * it under the terms of the GNU General Public License as published by 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * the Free Software Foundation, version 2. 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * dismod.c 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Test program to the contents of a binary policy in text 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * form. 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * dismod binary_mod_file 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <getopt.h> 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <assert.h> 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/stat.h> 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/types.h> 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/mman.h> 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <errno.h> 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <fcntl.h> 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <unistd.h> 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/policydb.h> 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/services.h> 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/conditional.h> 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/flask.h> 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/link.h> 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/module.h> 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/util.h> 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/polcaps.h> 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <byteswap.h> 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <endian.h> 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if __BYTE_ORDER == __LITTLE_ENDIAN 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define le32_to_cpu(x) (x) 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#else 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define le32_to_cpu(x) bswap_32(x) 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 484ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_COND_AVTAB 0 494ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_UNCOND_AVTAB 1 504ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_ROLE_TYPE_NODE 2 /* unused? */ 514ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_ROLE_TRANS 3 524ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_ROLE_ALLOW 4 534ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_REQUIRES 5 544ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris#define DISPLAY_AVBLOCK_DECLARES 6 55516cb2a264448421bff692f47f61e8cf2a74237eEric Paris#define DISPLAY_AVBLOCK_FILENAME_TRANS 7 564ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic policydb_t policydb; 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleextern unsigned int ss_initialized; 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policyvers = MOD_POLICYDB_VERSION_BASE; 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic const char *symbol_labels[9] = { 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "commons", 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "classes", "roles ", "types ", "users ", "bools ", 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "levels ", "cats ", "attribs" 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid usage(char *progname) 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("usage: %s binary_pol_file\n\n", progname); 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void render_access_mask(uint32_t mask, uint32_t class, policydb_t * p, 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * fp) 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *perm; 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perm = sepol_av_to_string(p, class, mask); 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (perm) 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "%s ", perm); 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "}"); 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void render_access_bitmap(ebitmap_t * map, uint32_t class, 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t * p, FILE * fp) 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *perm; 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(map); i < ebitmap_length(map); i++) { 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(map, i)) { 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perm = sepol_av_to_string(p, class, 1 << i); 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (perm) 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " %s", perm); 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type, 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t symbol_value, char *prefix) 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *id = p->sym_val_to_name[symbol_type][symbol_value]; 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum_t *scope = 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (scope_datum_t *) hashtab_search(p->scope[symbol_type].table, id); 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(scope != NULL); 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (scope->scope == SCOPE_REQ) { 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " [%s%s]", prefix, id); 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " %s%s", prefix, id); 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy, 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * fp) 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 11844d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, num_types; 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (set->flags & TYPE_STAR) { 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " * "); 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (set->flags & TYPE_COMP) { 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " ~"); 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types = 0; 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (flags & RULE_SELF) { 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types++; 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->types); i < ebitmap_length(&set->types); 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i++) { 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->types, i)) 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types++; 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types <= 1) { 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->negset); 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&set->negset); i++) { 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->negset, i)) 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_types++; 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->types); i < ebitmap_length(&set->types); 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i++) { 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->types, i)) 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(policy, fp, SYM_TYPES, i, ""); 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&set->negset); 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&set->negset); i++) { 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&set->negset, i)) 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(policy, fp, SYM_TYPES, i, "-"); 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (flags & RULE_SELF) { 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " self"); 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_types > 1) 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp) 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 18144d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, num = 0; 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (roles->flags & ROLE_STAR) { 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " * "); 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (roles->flags & ROLE_COMP) { 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " ~"); 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&roles->roles); 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&roles->roles); i++) { 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&roles->roles, i)) 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num++; 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num > 1) { 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "{"); 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&roles->roles); 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&roles->roles); i++) { 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(&roles->roles, i)) 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_ROLES, i, ""); 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num > 1) 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 'what' values for this function */ 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define RENDER_UNCONDITIONAL 0x0001 /* render all regardless of enabled state */ 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define RENDER_ENABLED 0x0002 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define RENDER_DISABLED 0x0004 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define RENDER_CONDITIONAL (RENDER_ENABLED|RENDER_DISABLED) 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_avrule(avrule_t * avrule, uint32_t what, policydb_t * policy, 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * fp) 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_perm_node_t *cur; 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int num_classes; 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule == NULL) { 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " <empty>\n"); 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_AV) { 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_ALLOWED) { 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " allow"); 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_AUDITALLOW) { 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " auditallow "); 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_DONTAUDIT) { 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " dontaudit"); 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (avrule->specified & AVRULE_TYPE) { 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_TRANSITION) { 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " type_transition"); 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_MEMBER) { 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " type_member"); 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & AVRULE_CHANGE) { 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " type_change"); 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (avrule->specified & AVRULE_NEVERALLOW) { 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " neverallow"); 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " ERROR: no valid rule type specified\n"); 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_type_set(&avrule->stypes, 0, policy, fp)) 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_type_set(&avrule->ttypes, avrule->flags, policy, fp)) 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " :"); 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = avrule->perms; 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_classes = 0; 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (cur) { 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_classes++; 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_classes > 1) 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = cur->next; 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_classes > 1) 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " {"); 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = avrule->perms; 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (cur) { 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(policy, fp, SYM_CLASSES, cur->class - 1, ""); 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = cur->next; 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_classes > 1) 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " }"); 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " "); 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule->specified & (AVRULE_AV | AVRULE_NEVERALLOW)) { 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle render_access_mask(avrule->perms->data, avrule->perms->class, 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy, fp); 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (avrule->specified & AVRULE_TYPE) { 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(policy, fp, SYM_TYPES, avrule->perms->data - 1, ""); 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, ";\n"); 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_datum_t *type; 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *fp; 30244d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, first_attrib = 1; 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type = (type_datum_t *) datum; 30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fp = (FILE *) data; 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type->primary) { 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_TYPES, type->s.value - 1, ""); 30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " [%d]: ", type->s.value); 31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* as that aliases have no value of their own and that 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * they can never be required by a module, use this 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * alternative way of displaying a name */ 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " %s [%d]: ", (char *)key, type->s.value); 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 31613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type->flavor == TYPE_ATTRIB) { 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "attribute for types"); 31813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = ebitmap_startbit(&type->types); 31913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i < ebitmap_length(&type->types); i++) { 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_get_bit(&type->types, i)) 32113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 32213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (first_attrib) { 32313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle first_attrib = 0; 32413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 32513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, ","); 32613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 32713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_TYPES, i, ""); 32813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 32913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (type->primary) { 33013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "type"); 33113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 33213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "alias for type"); 33313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_TYPES, type->s.value - 1, ""); 33413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 33513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " flags:%x\n", type->flags); 33613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 33813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 33913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_types(policydb_t * p, FILE * fp) 34113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 34213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_types.table, display_type_callback, fp)) 34313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 34413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 34513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 34613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_users(policydb_t * p, FILE * fp) 34813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 34944d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, j; 35013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_t *bitmap; 35113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_users.nprim; i++) { 35213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_USERS, i, ""); 35313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, ":"); 35413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bitmap = &(p->user_val_to_struct[i]->roles.roles); 35513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = ebitmap_startbit(bitmap); j < ebitmap_length(bitmap); 35613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle j++) { 35713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(bitmap, j)) { 35813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_ROLES, j, ""); 35913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 36013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 36113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 36213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 36313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 36413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 36513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_bools(policydb_t * p, FILE * fp) 36713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 36844d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i; 36913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_bools.nprim; i++) { 37113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(p, fp, SYM_BOOLS, i, ""); 37213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " : %d\n", p->bool_val_to_struct[i]->state); 37313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 37413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 37513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 37613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) 37813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 37913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 38013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_expr_t *cur; 38113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = exp; cur != NULL; cur = cur->next) { 38213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (cur->expr_type) { 38313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_BOOL: 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "%s ", 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_bool_val_to_name[cur->bool - 1]); 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_NOT: 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "! "); 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_OR: 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "|| "); 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_AND: 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "&& "); 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_XOR: 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "^ "); 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_EQ: 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "== "); 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 40213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case COND_NEQ: 40313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "!= "); 40413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 40513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default: 40613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "error!"); 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 40813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 40913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 41013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_policycon(policydb_t * p, FILE * fp) 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if 0 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int i; 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ocontext_t *cur; 41713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *name; 41813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < POLICYCON_NUM; i++) { 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "%s:", symbol_labels[i]); 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = p->policycon[i].head; cur != NULL; cur = cur->next) { 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (*(cur->u.name) == '\0') { 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name = "{default}"; 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name = cur->u.name; 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n%16s - %s:%s:%s", name, 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_user_val_to_name[cur->context[0].user - 1], 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_role_val_to_name[cur->context[0].role - 1], 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_type_val_to_name[cur->context[0].type - 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1]); 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_initial_sids(policydb_t * p, FILE * fp) 43913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 44013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ocontext_t *cur; 44113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *user, *role, *type; 44213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "Initial SIDs:\n"); 44413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = p->ocontexts[OCON_ISID]; cur != NULL; cur = cur->next) { 44513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user = p->p_user_val_to_name[cur->context[0].user - 1]; 44613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = p->p_role_val_to_name[cur->context[0].role - 1]; 44713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type = p->p_type_val_to_name[cur->context[0].type - 1]; 44813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t%s: sid %d, context %s:%s:%s\n", 44913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur->u.name, cur->sid[0], user, role, type); 45013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 45113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if 0 45213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "Policy Initial SIDs:\n"); 45313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = p->ocontexts[OCON_POLICYISID]; cur != NULL; cur = cur->next) { 45413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user = p->p_user_val_to_name[cur->context[0].user - 1]; 45513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = p->p_role_val_to_name[cur->context[0].role - 1]; 45613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type = p->p_type_val_to_name[cur->context[0].type - 1]; 45713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t%s: sid %d, context %s:%s:%s\n", 45813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur->u.name, cur->sid[0], user, role, type); 45913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 46013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 46113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 46213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 463f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciaovoid display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp) 464f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao{ 46544d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i, num = 0; 466f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 467f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) { 468f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (!ebitmap_get_bit(classes, i)) 469f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao continue; 470f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao num++; 471f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (num > 1) { 472f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao fprintf(fp, "{"); 473f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao break; 474f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao } 475f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao } 476f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 477f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) { 478f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (ebitmap_get_bit(classes, i)) 479f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao display_id(p, fp, SYM_CLASSES, i, ""); 480f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao } 481f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 482f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao if (num > 1) 483f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao fprintf(fp, " }"); 484f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao} 485f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao 48613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_role_trans(role_trans_rule_t * tr, policydb_t * p, FILE * fp) 48713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 48813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (; tr; tr = tr->next) { 48913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "role transition "); 49013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_mod_role_set(&tr->roles, p, fp); 49113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_type_set(&tr->types, 0, p, fp); 492f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao fprintf(fp, " :"); 493f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao display_class_set(&tr->classes, p, fp); 494f89d4aca9c9423fe7e0428900cedca0ab60ec70cHarry Ciao display_id(p, fp, SYM_ROLES, tr->new_role - 1, ""); 49513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 49613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 49713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 49813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 49913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid display_role_allow(role_allow_rule_t * ra, policydb_t * p, FILE * fp) 50013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 50113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (; ra; ra = ra->next) { 50213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "role allow "); 50313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_mod_role_set(&ra->roles, p, fp); 50413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_mod_role_set(&ra->new_roles, p, fp); 50513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 50613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 50713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 50813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 509f1b004bf7d2453bda1a8076270f5c56b7ad90f56Eric Parisstatic void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, FILE * fp) 510516cb2a264448421bff692f47f61e8cf2a74237eEric Paris{ 511f1b004bf7d2453bda1a8076270f5c56b7ad90f56Eric Paris fprintf(fp, "filename transition"); 512516cb2a264448421bff692f47f61e8cf2a74237eEric Paris for (; tr; tr = tr->next) { 513516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_type_set(&tr->stypes, 0, p, fp); 514516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_type_set(&tr->ttypes, 0, p, fp); 515516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_id(p, fp, SYM_CLASSES, tr->tclass - 1, ":"); 516516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_id(p, fp, SYM_TYPES, tr->otype - 1, ""); 517f1b004bf7d2453bda1a8076270f5c56b7ad90f56Eric Paris fprintf(fp, " %s\n", tr->name); 518516cb2a264448421bff692f47f61e8cf2a74237eEric Paris } 519516cb2a264448421bff692f47f61e8cf2a74237eEric Paris} 520516cb2a264448421bff692f47f61e8cf2a74237eEric Paris 52113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) 52213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 52313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_datum_t *role; 52413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *fp; 52513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 52613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = (role_datum_t *) datum; 52713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fp = (FILE *) data; 52813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 52913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "role:"); 53013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_id(&policydb, fp, SYM_ROLES, role->s.value - 1, ""); 53113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, " types: "); 53213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_type_set(&role->types, 0, &policydb, fp); 53313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\n"); 53413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 53613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 53713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int display_scope_index(scope_index_t * indices, policydb_t * p, 53913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * out_fp) 54013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 54144d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i; 54213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 54344d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int any_found = 0, j; 54413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "%s:", symbol_labels[i]); 54513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = ebitmap_startbit(&indices->scope[i]); 54613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle j < ebitmap_length(&indices->scope[i]); j++) { 54713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(&indices->scope[i], j)) { 54813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle any_found = 1; 54913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, " %s", 55013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->sym_val_to_name[i][j]); 55113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (i == SYM_CLASSES) { 55213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (j < indices->class_perms_len) { 55313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle render_access_bitmap(indices-> 55413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_perms_map 55513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle + j, j + 1, 55613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p, out_fp); 55713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 55813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, 55913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "<no perms known>"); 56013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!any_found) { 56513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, " <empty>"); 56613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "\n"); 56813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 57013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 57113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if 0 57313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_cond_expressions(policydb_t * p, FILE * fp) 57413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 57513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_node_t *cur; 57613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_av_list_t *av_cur; 57713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (cur = p->cond_list; cur != NULL; cur = cur->next) { 57813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "expression: "); 57913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_expr(p, cur->expr, fp); 58013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "current state: %d\n", cur->cur_state); 58113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "True list:\n"); 58213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (av_cur = cur->true_list; av_cur != NULL; 58313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle av_cur = av_cur->next) { 58413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t"); 58513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle render_av_rule(&av_cur->node->key, &av_cur->node->datum, 58613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle RENDER_CONDITIONAL, p, fp); 58713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 58813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "False list:\n"); 58913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (av_cur = cur->false_list; av_cur != NULL; 59013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle av_cur = av_cur->next) { 59113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t"); 59213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle render_av_rule(&av_cur->node->key, &av_cur->node->datum, 59313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle RENDER_CONDITIONAL, p, fp); 59413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 59513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 59613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 59713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 59813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint change_bool(char *name, int state, policydb_t * p, FILE * fp) 60013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 60113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_bool_datum_t *bool; 60213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 60313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bool = hashtab_search(p->p_bools.table, name); 60413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (bool == NULL) { 60513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "Could not find bool %s\n", name); 60613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 60713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 60813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bool->state = state; 60913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle evaluate_conds(p); 61013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 61113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 61213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 61313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 61413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_avdecl(avrule_decl_t * decl, int field, uint32_t what, 61513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t * policy, FILE * out_fp) 61613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 61713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "decl %u:%s\n", decl->decl_id, 61813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (decl->enabled ? " [enabled]" : "")); 61913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (field) { 6204ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_COND_AVTAB:{ 62113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_list_t *cond = decl->cond_list; 62213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_t *avrule; 62313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (cond) { 62413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "expression: "); 62513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_expr(&policydb, cond->expr, out_fp); 62613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "current state: %d\n", 62713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond->cur_state); 62813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "True list:\n"); 62913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = cond->avtrue_list; 63013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (avrule) { 63113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_avrule(avrule, 63213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle RENDER_UNCONDITIONAL, 63313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &policydb, out_fp); 63413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = avrule->next; 63513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 63613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "False list:\n"); 63713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = cond->avfalse_list; 63813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (avrule) { 63913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_avrule(avrule, 64013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle RENDER_UNCONDITIONAL, 64113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &policydb, out_fp); 64213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = avrule->next; 64313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 64413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond = cond->next; 64513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 64613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 64713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6484ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_UNCOND_AVTAB:{ 64913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_t *avrule = decl->avrules; 65013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule == NULL) { 65113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, " <empty>\n"); 65213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 65313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (avrule != NULL) { 65413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_avrule 65513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (avrule, what, policy, out_fp)) { 65613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 65713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 65813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = avrule->next; 65913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 66013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 66113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6624ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_ROLE_TYPE_NODE:{ /* role_type_node */ 66313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 66413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6654ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_ROLE_TRANS:{ 66613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_role_trans(decl->role_tr_rules, policy, out_fp); 66713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 66813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6694ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_ROLE_ALLOW:{ 67013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_role_allow(decl->role_allow_rules, policy, 67113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp); 67213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 67313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6744ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_REQUIRES:{ 67513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_scope_index 67613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&decl->required, policy, out_fp)) { 67713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 67813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 67913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 68013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6814ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case DISPLAY_AVBLOCK_DECLARES:{ 68213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_scope_index 68313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&decl->declared, policy, out_fp)) { 68413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 68513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 68613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 68713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 688516cb2a264448421bff692f47f61e8cf2a74237eEric Paris case DISPLAY_AVBLOCK_FILENAME_TRANS: 689516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_filename_trans(decl->filename_trans_rules, policy, 690516cb2a264448421bff692f47f61e8cf2a74237eEric Paris out_fp); 691516cb2a264448421bff692f47f61e8cf2a74237eEric Paris break; 69213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default:{ 69313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(0); 69413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 69513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 69613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; /* should never get here */ 69713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 69813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 69913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_avblock(int field, uint32_t what, policydb_t * policy, 70013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE * out_fp) 70113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 70213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_t *block = policydb.global; 70313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (block != NULL) { 70413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "--- begin avrule block ---\n"); 70513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_decl_t *decl = block->branch_list; 70613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (decl != NULL) { 70713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_avdecl(decl, field, what, policy, out_fp)) { 70813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 70913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 71013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle decl = decl->next; 71113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 71213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle block = block->next; 71313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 71413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 71513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 71613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 71713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint display_handle_unknown(policydb_t * p, FILE * out_fp) 71813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 71913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->handle_unknown == ALLOW_UNKNOWN) 72013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Allow unknown classes and perms\n"); 72113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (p->handle_unknown == DENY_UNKNOWN) 72213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Deny unknown classes and perms\n"); 72313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (p->handle_unknown == REJECT_UNKNOWN) 72413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Reject unknown classes and perms\n"); 72513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 72613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 72713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 72813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int read_policy(char *filename, policydb_t * policy) 72913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 73013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *in_fp; 73113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file f; 73213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int retval; 73313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1]; 73413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 73513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((in_fp = fopen(filename, "rb")) == NULL) { 73613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Can't open '%s': %s\n", 73713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle filename, strerror(errno)); 73813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 73913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 74013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_file_init(&f); 74113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = PF_USE_STDIO; 74213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.fp = in_fp; 74313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 74413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* peek at the first byte. if they are indicative of a 74513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle package use the package reader, otherwise use the normal 74613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy reader */ 74713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (fread(buf, sizeof(uint32_t), 1, in_fp) != 1) { 74813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Could not read from policy.\n"); 74913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 75013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 75113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rewind(in_fp); 75213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (le32_to_cpu(buf[0]) == SEPOL_MODULE_PACKAGE_MAGIC) { 75313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_module_package_t *package; 75413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sepol_module_package_create(&package)) { 75513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); 75613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 75713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 75813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle package->policy = (sepol_policydb_t *) policy; 75913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle package->file_contexts = NULL; 76013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle retval = 76113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_module_package_read(package, 76213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (sepol_policy_file_t *) & f, 1); 76313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(package->file_contexts); 76413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 76513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_init(policy)) { 76613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); 76713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 76813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 76913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle retval = policydb_read(policy, &f, 1); 77013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 77113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(in_fp); 77213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return retval; 77313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 77413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 77513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void link_module(policydb_t * base, FILE * out_fp) 77613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 77713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char module_name[80] = { 0 }; 77813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int ret; 77913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t module, *mods = &module; 78013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 78113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (base->policy_type != POLICY_BASE) { 78213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Can only link if initial file was a base policy.\n"); 78313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 78413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 78513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nModule filename: "); 78613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fgets(module_name, sizeof(module_name), stdin); 78713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle module_name[strlen(module_name) - 1] = '\0'; /* remove LF */ 78813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (module_name[0] == '\0') { 78913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 79013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 79113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 79213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* read the binary policy */ 79313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Reading module...\n"); 79413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_policy(module_name, mods)) { 79513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 79613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "%s: error(s) encountered while loading policy\n", 79713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle module_name); 79813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 79913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 80013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (module.policy_type != POLICY_MOD) { 80113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "This file is not a loadable policy module.\n"); 80213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 80313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 80413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_classes(&module) || 80513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_index_others(NULL, &module, 0)) { 80613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Could not index module.\n"); 80713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 80813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 80913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = link_modules(NULL, base, &mods, 1, 0); 81013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret != 0) { 81113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Link failed (error %d)\n", ret); 81213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("(You will probably need to restart dismod.)\n"); 81313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 81413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&module); 81513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 81613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 81713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 81813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void display_policycaps(policydb_t * p, FILE * fp) 81913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 82013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_node_t *node; 82113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *capname; 82213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char buf[64]; 82344d8a2fed985858669d415ebe028d71768dd6652Eric Paris unsigned int i; 82413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 82513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "policy capabilities:\n"); 82613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_for_each_bit(&p->policycaps, node, i) { 82713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_node_get_bit(node, i)) { 82813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle capname = sepol_polcap_getname(i); 82913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (capname == NULL) { 83013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle snprintf(buf, sizeof(buf), "unknown (%d)", i); 83113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle capname = buf; 83213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 83313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(fp, "\t%s\n", capname); 83413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 83513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 83613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 83713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 83813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint menu() 83913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 84013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nSelect a command:\n"); 84113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("1) display unconditional AVTAB\n"); 84213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("2) display conditional AVTAB\n"); 84313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("3) display users\n"); 84413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("4) display bools\n"); 84513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("5) display roles\n"); 84613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("6) display types, attributes, and aliases\n"); 84713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("7) display role transitions\n"); 84813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("8) display role allows\n"); 84913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("9) Display policycon\n"); 85013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("0) Display initial SIDs\n"); 85113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 85213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("a) Display avrule requirements\n"); 85313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("b) Display avrule declarations\n"); 85413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("c) Display policy capabilities\n"); 85513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("l) Link in a module\n"); 85613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("u) Display the unknown handling setting\n"); 857516cb2a264448421bff692f47f61e8cf2a74237eEric Paris printf("F) Display filename_trans rules\n"); 85813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 85913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("f) set output file\n"); 86013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("m) display menu\n"); 86113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("q) quit\n"); 86213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 86313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 86413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 86513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint main(int argc, char **argv) 86613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 86713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *out_fp = stdout; 86813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char ans[81], OutfileName[121]; 86913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (argc != 2) 87113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usage(argv[0]); 87213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* read the binary policy */ 87413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "Reading policy...\n"); 87513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_init(&policydb); 87613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_policy(argv[1], &policydb)) { 87713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 87813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "%s: error(s) encountered while loading policy\n", 87913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle argv[0]); 88013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 88113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 88213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb.policy_type != POLICY_BASE && 88413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb.policy_type != POLICY_MOD) { 88513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 88613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "This file is neither a base nor loadable policy module.\n"); 88713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 88813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 88913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 89013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_classes(&policydb)) { 89113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Error indexing classes\n"); 89213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 89313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 89413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 89513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_others(NULL, &policydb, 1)) { 89613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Error indexing others\n"); 89713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 89813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 89913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 90013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb.policy_type == POLICY_BASE) { 90113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Binary base policy file loaded.\n\n"); 90213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 90313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Binary policy module file loaded.\n"); 90413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Module name: %s\n", policydb.name); 90513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("Module version: %s\n", policydb.version); 90613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 90713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 90813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 90913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle menu(); 91013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (;;) { 91113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nCommand (\'m\' for menu): "); 91213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fgets(ans, sizeof(ans), stdin); 91313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (ans[0]) { 91413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9154ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris case '1': 9164ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris fprintf(out_fp, "unconditional avtab:\n"); 9174ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_UNCOND_AVTAB, 9184ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris RENDER_UNCONDITIONAL, &policydb, 9194ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris out_fp); 9204ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris break; 92113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '2': 92213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "conditional avtab:\n"); 9234ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_COND_AVTAB, 9244ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris RENDER_UNCONDITIONAL, &policydb, 92513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp); 92613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 92713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '3': 92813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_users(&policydb, out_fp); 92913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 93013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '4': 93113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_bools(&policydb, out_fp); 93213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 93313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '5': 93413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map 93513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (policydb.p_roles.table, role_display_callback, 93613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp)) 93713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 93813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 93913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '6': 94013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (display_types(&policydb, out_fp)) { 94113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Error displaying types\n"); 94213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 94313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 94413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 94513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '7': 94613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "role transitions:\n"); 9474ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, 0, 9484ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 94913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 95013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '8': 95113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "role allows:\n"); 9524ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, 0, 9534ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 95413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 95513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '9': 95613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_policycon(&policydb, out_fp); 95713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 95813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '0': 95913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_initial_sids(&policydb, out_fp); 96013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 96113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'a': 96213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "avrule block requirements:\n"); 9634ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_REQUIRES, 0, 9644ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 96513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 96613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'b': 96713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(out_fp, "avrule block declarations:\n"); 9684ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris display_avblock(DISPLAY_AVBLOCK_DECLARES, 0, 9694ce7d734e8b8b243fc232c93d34690f9fdf67711Eric Paris &policydb, out_fp); 97013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 97113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'c': 97213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_policycaps(&policydb, out_fp); 97313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 97413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'u': 97513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'U': 97613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle display_handle_unknown(&policydb, out_fp); 97713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 97813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'f': 97913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf 98013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ("\nFilename for output (<CR> for screen output): "); 98113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fgets(OutfileName, sizeof(OutfileName), stdin); 98213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle OutfileName[strlen(OutfileName) - 1] = '\0'; /* fix_string (remove LF) */ 98313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strlen(OutfileName) == 0) 98413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp = stdout; 98513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if ((out_fp = fopen(OutfileName, "w")) == NULL) { 98613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Cannot open output file %s\n", 98713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle OutfileName); 98813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_fp = stdout; 98913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 99013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (out_fp != stdout) 99113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nOutput to file: %s\n", OutfileName); 99213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 993516cb2a264448421bff692f47f61e8cf2a74237eEric Paris case 'F': 994516cb2a264448421bff692f47f61e8cf2a74237eEric Paris fprintf(out_fp, "filename_trans rules:\n"); 995516cb2a264448421bff692f47f61e8cf2a74237eEric Paris display_avblock(DISPLAY_AVBLOCK_FILENAME_TRANS, 996516cb2a264448421bff692f47f61e8cf2a74237eEric Paris 0, &policydb, out_fp); 997516cb2a264448421bff692f47f61e8cf2a74237eEric Paris break; 99813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'l': 99913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle link_module(&policydb, out_fp); 100013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 100113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'q': 100213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_destroy(&policydb); 100313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(0); 100413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 100513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'm': 100613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle menu(); 100713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 100813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default: 100913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\nInvalid choice\n"); 101013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle menu(); 101113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 101213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 101313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 101413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 101513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(EXIT_SUCCESS); 101613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 1017