1// SPDX-License-Identifier: GPL-2.0
2
3/* NOTE: we really do want to use the kernel headers here */
4#define __EXPORTED_HEADERS__
5
6#include <stdio.h>
7#include <stdlib.h>
8#include <unistd.h>
9#include <string.h>
10#include <errno.h>
11#include <ctype.h>
12
13struct security_class_mapping {
14 const char *name;
15 const char *perms[sizeof(unsigned) * 8 + 1];
16};
17
18#include "classmap.h"
19#include "initial_sid_to_string.h"
20
21const char *progname;
22
23static void usage(void)
24{
25 printf(format: "usage: %s flask.h av_permissions.h\n", progname);
26 exit(status: 1);
27}
28
29static char *stoupperx(const char *s)
30{
31 char *s2 = strdup(s: s);
32 char *p;
33
34 if (!s2) {
35 fprintf(stderr, format: "%s: out of memory\n", progname);
36 exit(status: 3);
37 }
38
39 for (p = s2; *p; p++)
40 *p = toupper(*p);
41 return s2;
42}
43
44int main(int argc, char *argv[])
45{
46 int i, j;
47 int isids_len;
48 FILE *fout;
49
50 progname = argv[0];
51
52 if (argc < 3)
53 usage();
54
55 fout = fopen(filename: argv[1], modes: "w");
56 if (!fout) {
57 fprintf(stderr, format: "Could not open %s for writing: %s\n",
58 argv[1], strerror(errno));
59 exit(status: 2);
60 }
61
62 fprintf(stream: fout, format: "/* This file is automatically generated. Do not edit. */\n");
63 fprintf(stream: fout, format: "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
64
65 for (i = 0; secclass_map[i].name; i++) {
66 char *name = stoupperx(s: secclass_map[i].name);
67
68 fprintf(stream: fout, format: "#define SECCLASS_%-39s %2d\n", name, i+1);
69 free(ptr: name);
70 }
71
72 fprintf(stream: fout, format: "\n");
73
74 isids_len = sizeof(initial_sid_to_string) / sizeof(char *);
75 for (i = 1; i < isids_len; i++) {
76 const char *s = initial_sid_to_string[i];
77 if (s) {
78 char *sidname = stoupperx(s);
79
80 fprintf(stream: fout, format: "#define SECINITSID_%-39s %2d\n", sidname, i);
81 free(ptr: sidname);
82 }
83 }
84 fprintf(stream: fout, format: "\n#define SECINITSID_NUM %d\n", i-1);
85 fprintf(stream: fout, format: "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
86 fprintf(stream: fout, format: "{\n");
87 fprintf(stream: fout, format: "\tbool sock = false;\n\n");
88 fprintf(stream: fout, format: "\tswitch (kern_tclass) {\n");
89 for (i = 0; secclass_map[i].name; i++) {
90 static char s[] = "SOCKET";
91 int len, l;
92 char *name = stoupperx(s: secclass_map[i].name);
93
94 len = strlen(s: name);
95 l = sizeof(s) - 1;
96 if (len >= l && memcmp(s1: name + len - l, s2: s, n: l) == 0)
97 fprintf(stream: fout, format: "\tcase SECCLASS_%s:\n", name);
98 free(ptr: name);
99 }
100 fprintf(stream: fout, format: "\t\tsock = true;\n");
101 fprintf(stream: fout, format: "\t\tbreak;\n");
102 fprintf(stream: fout, format: "\tdefault:\n");
103 fprintf(stream: fout, format: "\t\tbreak;\n");
104 fprintf(stream: fout, format: "\t}\n\n");
105 fprintf(stream: fout, format: "\treturn sock;\n");
106 fprintf(stream: fout, format: "}\n");
107
108 fprintf(stream: fout, format: "\n#endif\n");
109
110 if (fclose(stream: fout) != 0) {
111 fprintf(stderr, format: "Could not successfully close %s: %s\n",
112 argv[1], strerror(errno));
113 exit(status: 4);
114 }
115
116 fout = fopen(filename: argv[2], modes: "w");
117 if (!fout) {
118 fprintf(stderr, format: "Could not open %s for writing: %s\n",
119 argv[2], strerror(errno));
120 exit(status: 5);
121 }
122
123 fprintf(stream: fout, format: "/* This file is automatically generated. Do not edit. */\n");
124 fprintf(stream: fout, format: "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
125
126 for (i = 0; secclass_map[i].name; i++) {
127 const struct security_class_mapping *map = &secclass_map[i];
128 int len;
129 char *name = stoupperx(s: map->name);
130
131 len = strlen(s: name);
132 for (j = 0; map->perms[j]; j++) {
133 char *permname;
134
135 if (j >= 32) {
136 fprintf(stderr, format: "Too many permissions to fit into an access vector at (%s, %s).\n",
137 map->name, map->perms[j]);
138 exit(status: 5);
139 }
140 permname = stoupperx(s: map->perms[j]);
141 fprintf(stream: fout, format: "#define %s__%-*s 0x%08xU\n", name,
142 39-len, permname, 1U<<j);
143 free(ptr: permname);
144 }
145 free(ptr: name);
146 }
147
148 fprintf(stream: fout, format: "\n#endif\n");
149
150 if (fclose(stream: fout) != 0) {
151 fprintf(stderr, format: "Could not successfully close %s: %s\n",
152 argv[2], strerror(errno));
153 exit(status: 6);
154 }
155
156 exit(status: 0);
157}
158

source code of linux/scripts/selinux/genheaders/genheaders.c