18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci 38c2ecf20Sopenharmony_ci/* NOTE: we really do want to use the kernel headers here */ 48c2ecf20Sopenharmony_ci#define __EXPORTED_HEADERS__ 58c2ecf20Sopenharmony_ci 68c2ecf20Sopenharmony_ci#include <stdio.h> 78c2ecf20Sopenharmony_ci#include <stdlib.h> 88c2ecf20Sopenharmony_ci#include <unistd.h> 98c2ecf20Sopenharmony_ci#include <string.h> 108c2ecf20Sopenharmony_ci#include <errno.h> 118c2ecf20Sopenharmony_ci#include <ctype.h> 128c2ecf20Sopenharmony_ci 138c2ecf20Sopenharmony_cistruct security_class_mapping { 148c2ecf20Sopenharmony_ci const char *name; 158c2ecf20Sopenharmony_ci const char *perms[sizeof(unsigned) * 8 + 1]; 168c2ecf20Sopenharmony_ci}; 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_ci#include "classmap.h" 198c2ecf20Sopenharmony_ci#include "initial_sid_to_string.h" 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_ciconst char *progname; 228c2ecf20Sopenharmony_ci 238c2ecf20Sopenharmony_cistatic void usage(void) 248c2ecf20Sopenharmony_ci{ 258c2ecf20Sopenharmony_ci printf("usage: %s flask.h av_permissions.h\n", progname); 268c2ecf20Sopenharmony_ci exit(1); 278c2ecf20Sopenharmony_ci} 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_cistatic char *stoupperx(const char *s) 308c2ecf20Sopenharmony_ci{ 318c2ecf20Sopenharmony_ci char *s2 = strdup(s); 328c2ecf20Sopenharmony_ci char *p; 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_ci if (!s2) { 358c2ecf20Sopenharmony_ci fprintf(stderr, "%s: out of memory\n", progname); 368c2ecf20Sopenharmony_ci exit(3); 378c2ecf20Sopenharmony_ci } 388c2ecf20Sopenharmony_ci 398c2ecf20Sopenharmony_ci for (p = s2; *p; p++) 408c2ecf20Sopenharmony_ci *p = toupper(*p); 418c2ecf20Sopenharmony_ci return s2; 428c2ecf20Sopenharmony_ci} 438c2ecf20Sopenharmony_ci 448c2ecf20Sopenharmony_ciint main(int argc, char *argv[]) 458c2ecf20Sopenharmony_ci{ 468c2ecf20Sopenharmony_ci int i, j; 478c2ecf20Sopenharmony_ci int isids_len; 488c2ecf20Sopenharmony_ci FILE *fout; 498c2ecf20Sopenharmony_ci 508c2ecf20Sopenharmony_ci progname = argv[0]; 518c2ecf20Sopenharmony_ci 528c2ecf20Sopenharmony_ci if (argc < 3) 538c2ecf20Sopenharmony_ci usage(); 548c2ecf20Sopenharmony_ci 558c2ecf20Sopenharmony_ci fout = fopen(argv[1], "w"); 568c2ecf20Sopenharmony_ci if (!fout) { 578c2ecf20Sopenharmony_ci fprintf(stderr, "Could not open %s for writing: %s\n", 588c2ecf20Sopenharmony_ci argv[1], strerror(errno)); 598c2ecf20Sopenharmony_ci exit(2); 608c2ecf20Sopenharmony_ci } 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci for (i = 0; secclass_map[i].name; i++) { 638c2ecf20Sopenharmony_ci struct security_class_mapping *map = &secclass_map[i]; 648c2ecf20Sopenharmony_ci map->name = stoupperx(map->name); 658c2ecf20Sopenharmony_ci for (j = 0; map->perms[j]; j++) 668c2ecf20Sopenharmony_ci map->perms[j] = stoupperx(map->perms[j]); 678c2ecf20Sopenharmony_ci } 688c2ecf20Sopenharmony_ci 698c2ecf20Sopenharmony_ci isids_len = sizeof(initial_sid_to_string) / sizeof (char *); 708c2ecf20Sopenharmony_ci for (i = 1; i < isids_len; i++) { 718c2ecf20Sopenharmony_ci const char *s = initial_sid_to_string[i]; 728c2ecf20Sopenharmony_ci 738c2ecf20Sopenharmony_ci if (s) 748c2ecf20Sopenharmony_ci initial_sid_to_string[i] = stoupperx(s); 758c2ecf20Sopenharmony_ci } 768c2ecf20Sopenharmony_ci 778c2ecf20Sopenharmony_ci fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 788c2ecf20Sopenharmony_ci fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_ci for (i = 0; secclass_map[i].name; i++) { 818c2ecf20Sopenharmony_ci struct security_class_mapping *map = &secclass_map[i]; 828c2ecf20Sopenharmony_ci fprintf(fout, "#define SECCLASS_%-39s %2d\n", map->name, i+1); 838c2ecf20Sopenharmony_ci } 848c2ecf20Sopenharmony_ci 858c2ecf20Sopenharmony_ci fprintf(fout, "\n"); 868c2ecf20Sopenharmony_ci 878c2ecf20Sopenharmony_ci for (i = 1; i < isids_len; i++) { 888c2ecf20Sopenharmony_ci const char *s = initial_sid_to_string[i]; 898c2ecf20Sopenharmony_ci if (s) 908c2ecf20Sopenharmony_ci fprintf(fout, "#define SECINITSID_%-39s %2d\n", s, i); 918c2ecf20Sopenharmony_ci } 928c2ecf20Sopenharmony_ci fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); 938c2ecf20Sopenharmony_ci fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); 948c2ecf20Sopenharmony_ci fprintf(fout, "{\n"); 958c2ecf20Sopenharmony_ci fprintf(fout, "\tbool sock = false;\n\n"); 968c2ecf20Sopenharmony_ci fprintf(fout, "\tswitch (kern_tclass) {\n"); 978c2ecf20Sopenharmony_ci for (i = 0; secclass_map[i].name; i++) { 988c2ecf20Sopenharmony_ci static char s[] = "SOCKET"; 998c2ecf20Sopenharmony_ci struct security_class_mapping *map = &secclass_map[i]; 1008c2ecf20Sopenharmony_ci int len = strlen(map->name), l = sizeof(s) - 1; 1018c2ecf20Sopenharmony_ci if (len >= l && memcmp(map->name + len - l, s, l) == 0) 1028c2ecf20Sopenharmony_ci fprintf(fout, "\tcase SECCLASS_%s:\n", map->name); 1038c2ecf20Sopenharmony_ci } 1048c2ecf20Sopenharmony_ci fprintf(fout, "\t\tsock = true;\n"); 1058c2ecf20Sopenharmony_ci fprintf(fout, "\t\tbreak;\n"); 1068c2ecf20Sopenharmony_ci fprintf(fout, "\tdefault:\n"); 1078c2ecf20Sopenharmony_ci fprintf(fout, "\t\tbreak;\n"); 1088c2ecf20Sopenharmony_ci fprintf(fout, "\t}\n\n"); 1098c2ecf20Sopenharmony_ci fprintf(fout, "\treturn sock;\n"); 1108c2ecf20Sopenharmony_ci fprintf(fout, "}\n"); 1118c2ecf20Sopenharmony_ci 1128c2ecf20Sopenharmony_ci fprintf(fout, "\n#endif\n"); 1138c2ecf20Sopenharmony_ci fclose(fout); 1148c2ecf20Sopenharmony_ci 1158c2ecf20Sopenharmony_ci fout = fopen(argv[2], "w"); 1168c2ecf20Sopenharmony_ci if (!fout) { 1178c2ecf20Sopenharmony_ci fprintf(stderr, "Could not open %s for writing: %s\n", 1188c2ecf20Sopenharmony_ci argv[2], strerror(errno)); 1198c2ecf20Sopenharmony_ci exit(4); 1208c2ecf20Sopenharmony_ci } 1218c2ecf20Sopenharmony_ci 1228c2ecf20Sopenharmony_ci fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 1238c2ecf20Sopenharmony_ci fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n"); 1248c2ecf20Sopenharmony_ci 1258c2ecf20Sopenharmony_ci for (i = 0; secclass_map[i].name; i++) { 1268c2ecf20Sopenharmony_ci struct security_class_mapping *map = &secclass_map[i]; 1278c2ecf20Sopenharmony_ci int len = strlen(map->name); 1288c2ecf20Sopenharmony_ci for (j = 0; map->perms[j]; j++) { 1298c2ecf20Sopenharmony_ci if (j >= 32) { 1308c2ecf20Sopenharmony_ci fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", 1318c2ecf20Sopenharmony_ci map->name, map->perms[j]); 1328c2ecf20Sopenharmony_ci exit(5); 1338c2ecf20Sopenharmony_ci } 1348c2ecf20Sopenharmony_ci fprintf(fout, "#define %s__%-*s 0x%08xU\n", map->name, 1358c2ecf20Sopenharmony_ci 39-len, map->perms[j], 1U<<j); 1368c2ecf20Sopenharmony_ci } 1378c2ecf20Sopenharmony_ci } 1388c2ecf20Sopenharmony_ci 1398c2ecf20Sopenharmony_ci fprintf(fout, "\n#endif\n"); 1408c2ecf20Sopenharmony_ci fclose(fout); 1418c2ecf20Sopenharmony_ci exit(0); 1428c2ecf20Sopenharmony_ci} 143