1 | // SPDX-License-Identifier: GPL-2.0 |
2 | |
3 | /* NOTE: we really do want to use the kernel headers here */ |
4 | #define |
5 | |
6 | #include <stdio.h> |
7 | #include <stdlib.h> |
8 | #include <unistd.h> |
9 | #include <string.h> |
10 | #include <errno.h> |
11 | #include <ctype.h> |
12 | |
13 | struct security_class_mapping { |
14 | const char *name; |
15 | const char *perms[sizeof(unsigned) * 8 + 1]; |
16 | }; |
17 | |
18 | #include "classmap.h" |
19 | #include "initial_sid_to_string.h" |
20 | |
21 | const char *progname; |
22 | |
23 | static void usage(void) |
24 | { |
25 | printf(format: "usage: %s flask.h av_permissions.h\n" , progname); |
26 | exit(status: 1); |
27 | } |
28 | |
29 | static char *stoupperx(const char *s) |
30 | { |
31 | char *s2 = strdup(s: s); |
32 | char *p; |
33 | |
34 | if (!s2) { |
35 | fprintf(stderr, format: "%s: out of memory\n" , progname); |
36 | exit(status: 3); |
37 | } |
38 | |
39 | for (p = s2; *p; p++) |
40 | *p = toupper(*p); |
41 | return s2; |
42 | } |
43 | |
44 | int main(int argc, char *argv[]) |
45 | { |
46 | int i, j; |
47 | int isids_len; |
48 | FILE *fout; |
49 | |
50 | progname = argv[0]; |
51 | |
52 | if (argc < 3) |
53 | usage(); |
54 | |
55 | fout = fopen(filename: argv[1], modes: "w" ); |
56 | if (!fout) { |
57 | fprintf(stderr, format: "Could not open %s for writing: %s\n" , |
58 | argv[1], strerror(errno)); |
59 | exit(status: 2); |
60 | } |
61 | |
62 | fprintf(stream: fout, format: "/* This file is automatically generated. Do not edit. */\n" ); |
63 | fprintf(stream: fout, format: "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n" ); |
64 | |
65 | for (i = 0; secclass_map[i].name; i++) { |
66 | char *name = stoupperx(s: secclass_map[i].name); |
67 | |
68 | fprintf(stream: fout, format: "#define SECCLASS_%-39s %2d\n" , name, i+1); |
69 | free(ptr: name); |
70 | } |
71 | |
72 | fprintf(stream: fout, format: "\n" ); |
73 | |
74 | isids_len = sizeof(initial_sid_to_string) / sizeof(char *); |
75 | for (i = 1; i < isids_len; i++) { |
76 | const char *s = initial_sid_to_string[i]; |
77 | if (s) { |
78 | char *sidname = stoupperx(s); |
79 | |
80 | fprintf(stream: fout, format: "#define SECINITSID_%-39s %2d\n" , sidname, i); |
81 | free(ptr: sidname); |
82 | } |
83 | } |
84 | fprintf(stream: fout, format: "\n#define SECINITSID_NUM %d\n" , i-1); |
85 | fprintf(stream: fout, format: "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n" ); |
86 | fprintf(stream: fout, format: "{\n" ); |
87 | fprintf(stream: fout, format: "\tbool sock = false;\n\n" ); |
88 | fprintf(stream: fout, format: "\tswitch (kern_tclass) {\n" ); |
89 | for (i = 0; secclass_map[i].name; i++) { |
90 | static char s[] = "SOCKET" ; |
91 | int len, l; |
92 | char *name = stoupperx(s: secclass_map[i].name); |
93 | |
94 | len = strlen(s: name); |
95 | l = sizeof(s) - 1; |
96 | if (len >= l && memcmp(s1: name + len - l, s2: s, n: l) == 0) |
97 | fprintf(stream: fout, format: "\tcase SECCLASS_%s:\n" , name); |
98 | free(ptr: name); |
99 | } |
100 | fprintf(stream: fout, format: "\t\tsock = true;\n" ); |
101 | fprintf(stream: fout, format: "\t\tbreak;\n" ); |
102 | fprintf(stream: fout, format: "\tdefault:\n" ); |
103 | fprintf(stream: fout, format: "\t\tbreak;\n" ); |
104 | fprintf(stream: fout, format: "\t}\n\n" ); |
105 | fprintf(stream: fout, format: "\treturn sock;\n" ); |
106 | fprintf(stream: fout, format: "}\n" ); |
107 | |
108 | fprintf(stream: fout, format: "\n#endif\n" ); |
109 | |
110 | if (fclose(stream: fout) != 0) { |
111 | fprintf(stderr, format: "Could not successfully close %s: %s\n" , |
112 | argv[1], strerror(errno)); |
113 | exit(status: 4); |
114 | } |
115 | |
116 | fout = fopen(filename: argv[2], modes: "w" ); |
117 | if (!fout) { |
118 | fprintf(stderr, format: "Could not open %s for writing: %s\n" , |
119 | argv[2], strerror(errno)); |
120 | exit(status: 5); |
121 | } |
122 | |
123 | fprintf(stream: fout, format: "/* This file is automatically generated. Do not edit. */\n" ); |
124 | fprintf(stream: fout, format: "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n" ); |
125 | |
126 | for (i = 0; secclass_map[i].name; i++) { |
127 | const struct security_class_mapping *map = &secclass_map[i]; |
128 | int len; |
129 | char *name = stoupperx(s: map->name); |
130 | |
131 | len = strlen(s: name); |
132 | for (j = 0; map->perms[j]; j++) { |
133 | char *permname; |
134 | |
135 | if (j >= 32) { |
136 | fprintf(stderr, format: "Too many permissions to fit into an access vector at (%s, %s).\n" , |
137 | map->name, map->perms[j]); |
138 | exit(status: 5); |
139 | } |
140 | permname = stoupperx(s: map->perms[j]); |
141 | fprintf(stream: fout, format: "#define %s__%-*s 0x%08xU\n" , name, |
142 | 39-len, permname, 1U<<j); |
143 | free(ptr: permname); |
144 | } |
145 | free(ptr: name); |
146 | } |
147 | |
148 | fprintf(stream: fout, format: "\n#endif\n" ); |
149 | |
150 | if (fclose(stream: fout) != 0) { |
151 | fprintf(stderr, format: "Could not successfully close %s: %s\n" , |
152 | argv[2], strerror(errno)); |
153 | exit(status: 6); |
154 | } |
155 | |
156 | exit(status: 0); |
157 | } |
158 | |