1ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman#include <fcntl.h>
2ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman#include <sepol/policydb/policydb.h>
3ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman#include <sepol/policydb/util.h>
4ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman#include <sys/mman.h>
5ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman#include <sys/stat.h>
6ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman#include <unistd.h>
7ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman
8ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman#include "utils.h"
9ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman
10ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashmanbool USAGE_ERROR = false;
11ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman
12ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashmanvoid display_allow(policydb_t *policydb, avtab_key_t *key, int idx, uint32_t perms)
13ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman{
14ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    printf("    allow %s %s:%s { %s };\n",
15ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman           policydb->p_type_val_to_name[key->source_type
16ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman                                        ? key->source_type - 1 : idx],
17ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman           key->target_type == key->source_type ? "self" :
18ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman           policydb->p_type_val_to_name[key->target_type
19ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman                                        ? key->target_type - 1 : idx],
20ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman           policydb->p_class_val_to_name[key->target_class - 1],
21ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman           sepol_av_to_string
22ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman           (policydb, key->target_class, perms));
23ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman}
24ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman
25ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashmanint load_policy(char *filename, policydb_t * policydb, struct policy_file *pf)
26ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman{
27ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    int fd;
28ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    struct stat sb;
29ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    void *map;
30ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    int ret;
31ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman
32ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    fd = open(filename, O_RDONLY);
33ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    if (fd < 0) {
34ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        fprintf(stderr, "Can't open '%s':  %s\n", filename, strerror(errno));
35ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        return 1;
36ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    }
37ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    if (fstat(fd, &sb) < 0) {
38ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        fprintf(stderr, "Can't stat '%s':  %s\n", filename, strerror(errno));
39ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        close(fd);
40ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        return 1;
41ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    }
42ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    map = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
43ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    if (map == MAP_FAILED) {
44ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        fprintf(stderr, "Can't mmap '%s':  %s\n", filename, strerror(errno));
45ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        close(fd);
46ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        return 1;
47ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    }
48ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman
49ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    policy_file_init(pf);
50ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    pf->type = PF_USE_MEMORY;
51ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    pf->data = map;
52ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    pf->len = sb.st_size;
53ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    if (policydb_init(policydb)) {
54ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        fprintf(stderr, "Could not initialize policydb!\n");
55ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        close(fd);
56ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        munmap(map, sb.st_size);
57ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        return 1;
58ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    }
59ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    ret = policydb_read(policydb, pf, 0);
60ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    if (ret) {
61ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        fprintf(stderr, "error(s) encountered while parsing configuration\n");
62ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        close(fd);
63ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        munmap(map, sb.st_size);
64ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman        return 1;
65ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    }
66ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman
67ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman    return 0;
68ef4fd30672ebfeac1a0ad04f65deb7b38050b818dcashman}
69