diff options
Diffstat (limited to 'scripts/selinux/mdp/mdp.c')
| -rw-r--r-- | scripts/selinux/mdp/mdp.c | 151 |
1 files changed, 28 insertions, 123 deletions
diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c index b4ced856258..62b34ce1f50 100644 --- a/scripts/selinux/mdp/mdp.c +++ b/scripts/selinux/mdp/mdp.c @@ -29,86 +29,27 @@ #include <unistd.h> #include <string.h> -#include "flask.h" - static void usage(char *name) { printf("usage: %s [-m] policy_file context_file\n", name); exit(1); } -static void find_common_name(char *cname, char *dest, int len) -{ - char *start, *end; - - start = strchr(cname, '_')+1; - end = strchr(start, '_'); - if (!start || !end || start-cname > len || end-start > len) { - printf("Error with commons defines\n"); - exit(1); - } - strncpy(dest, start, end-start); - dest[end-start] = '\0'; -} - -#define S_(x) x, -static char *classlist[] = { -#include "class_to_string.h" - NULL +/* Class/perm mapping support */ +struct security_class_mapping { + const char *name; + const char *perms[sizeof(unsigned) * 8 + 1]; }; -#undef S_ +#include "classmap.h" #include "initial_sid_to_string.h" -#define TB_(x) char *x[] = { -#define TE_(x) NULL }; -#define S_(x) x, -#include "common_perm_to_string.h" -#undef TB_ -#undef TE_ -#undef S_ - -struct common { - char *cname; - char **perms; -}; -struct common common[] = { -#define TB_(x) { #x, x }, -#define S_(x) -#define TE_(x) -#include "common_perm_to_string.h" -#undef TB_ -#undef TE_ -#undef S_ -}; - -#define S_(x, y, z) {x, #y}, -struct av_inherit { - int class; - char *common; -}; -struct av_inherit av_inherit[] = { -#include "av_inherit.h" -}; -#undef S_ - -#include "av_permissions.h" -#define S_(x, y, z) {x, y, z}, -struct av_perms { - int class; - int perm_i; - char *perm_s; -}; -struct av_perms av_perms[] = { -#include "av_perm_to_string.h" -}; -#undef S_ - int main(int argc, char *argv[]) { int i, j, mls = 0; + int initial_sid_to_string_len; char **arg, *polout, *ctxout; - int classlist_len, initial_sid_to_string_len; + FILE *fout; if (argc < 3) @@ -127,64 +68,25 @@ int main(int argc, char *argv[]) usage(argv[0]); } - classlist_len = sizeof(classlist) / sizeof(char *); /* print out the classes */ - for (i=1; i < classlist_len; i++) { - if(classlist[i]) - fprintf(fout, "class %s\n", classlist[i]); - else - fprintf(fout, "class user%d\n", i); - } + for (i = 0; secclass_map[i].name; i++) + fprintf(fout, "class %s\n", secclass_map[i].name); fprintf(fout, "\n"); initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *); /* print out the sids */ - for (i=1; i < initial_sid_to_string_len; i++) + for (i = 1; i < initial_sid_to_string_len; i++) fprintf(fout, "sid %s\n", initial_sid_to_string[i]); fprintf(fout, "\n"); - /* print out the commons */ - for (i=0; i< sizeof(common)/sizeof(struct common); i++) { - char cname[101]; - find_common_name(common[i].cname, cname, 100); - cname[100] = '\0'; - fprintf(fout, "common %s\n{\n", cname); - for (j=0; common[i].perms[j]; j++) - fprintf(fout, "\t%s\n", common[i].perms[j]); - fprintf(fout, "}\n\n"); - } - fprintf(fout, "\n"); - /* print out the class permissions */ - for (i=1; i < classlist_len; i++) { - if (classlist[i]) { - int firstperm = -1, numperms = 0; - - fprintf(fout, "class %s\n", classlist[i]); - /* does it inherit from a common? */ - for (j=0; j < sizeof(av_inherit)/sizeof(struct av_inherit); j++) - if (av_inherit[j].class == i) - fprintf(fout, "inherits %s\n", av_inherit[j].common); - - for (j=0; j < sizeof(av_perms)/sizeof(struct av_perms); j++) { - if (av_perms[j].class == i) { - if (firstperm == -1) - firstperm = j; - numperms++; - } - } - if (!numperms) { - fprintf(fout, "\n"); - continue; - } - - fprintf(fout, "{\n"); - /* print out the av_perms */ - for (j=0; j < numperms; j++) { - fprintf(fout, "\t%s\n", av_perms[firstperm+j].perm_s); - } - fprintf(fout, "}\n\n"); - } + for (i = 0; secclass_map[i].name; i++) { + struct security_class_mapping *map = &secclass_map[i]; + fprintf(fout, "class %s\n", map->name); + fprintf(fout, "{\n"); + for (j = 0; map->perms[j]; j++) + fprintf(fout, "\t%s\n", map->perms[j]); + fprintf(fout, "}\n\n"); } fprintf(fout, "\n"); @@ -197,31 +99,34 @@ int main(int argc, char *argv[]) /* types, roles, and allows */ fprintf(fout, "type base_t;\n"); fprintf(fout, "role base_r types { base_t };\n"); - for (i=1; i < classlist_len; i++) { - if (classlist[i]) - fprintf(fout, "allow base_t base_t:%s *;\n", classlist[i]); - else - fprintf(fout, "allow base_t base_t:user%d *;\n", i); - } + for (i = 0; secclass_map[i].name; i++) + fprintf(fout, "allow base_t base_t:%s *;\n", + secclass_map[i].name); fprintf(fout, "user user_u roles { base_r };\n"); fprintf(fout, "\n"); /* default sids */ - for (i=1; i < initial_sid_to_string_len; i++) + for (i = 1; i < initial_sid_to_string_len; i++) fprintf(fout, "sid %s user_u:base_r:base_t\n", initial_sid_to_string[i]); fprintf(fout, "\n"); - fprintf(fout, "fs_use_xattr ext2 user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_xattr ext3 user_u:base_r:base_t;\n"); + fprintf(fout, "fs_use_xattr ext4 user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_xattr jfs user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_xattr xfs user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_xattr reiserfs user_u:base_r:base_t;\n"); + fprintf(fout, "fs_use_xattr jffs2 user_u:base_r:base_t;\n"); + fprintf(fout, "fs_use_xattr gfs2 user_u:base_r:base_t;\n"); + fprintf(fout, "fs_use_xattr lustre user_u:base_r:base_t;\n"); + fprintf(fout, "fs_use_task eventpollfs user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_task pipefs user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_task sockfs user_u:base_r:base_t;\n"); + fprintf(fout, "fs_use_trans mqueue user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_trans devpts user_u:base_r:base_t;\n"); + fprintf(fout, "fs_use_trans hugetlbfs user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_trans tmpfs user_u:base_r:base_t;\n"); fprintf(fout, "fs_use_trans shm user_u:base_r:base_t;\n"); |