1 2 /* NOTE: we really do want to use the kernel headers here */ 3 #define __EXPORTED_HEADERS__ 4 5 #include <stdio.h> 6 #include <stdlib.h> 7 #include <unistd.h> 8 #include <string.h> 9 #include <errno.h> 10 #include <ctype.h> 11 #include <sys/socket.h> 12 13 struct security_class_mapping { 14 const char *name; 15 const char *perms[sizeof(unsigned) * 8 + 1]; 16 }; 17 18 #include "classmap.h" 19 #include "initial_sid_to_string.h" 20 21 #define max(x, y) (((int)(x) > (int)(y)) ? x : y) 22 23 const char *progname; 24 25 static void usage(void) 26 { 27 printf("usage: %s flask.h av_permissions.h\n", progname); 28 exit(1); 29 } 30 31 static char *stoupperx(const char *s) 32 { 33 char *s2 = strdup(s); 34 char *p; 35 36 if (!s2) { 37 fprintf(stderr, "%s: out of memory\n", progname); 38 exit(3); 39 } 40 41 for (p = s2; *p; p++) 42 *p = toupper(*p); 43 return s2; 44 } 45 46 int main(int argc, char *argv[]) 47 { 48 int i, j, k; 49 int isids_len; 50 FILE *fout; 51 const char *needle = "SOCKET"; 52 char *substr; 53 54 progname = argv[0]; 55 56 if (argc < 3) 57 usage(); 58 59 fout = fopen(argv[1], "w"); 60 if (!fout) { 61 fprintf(stderr, "Could not open %s for writing: %s\n", 62 argv[1], strerror(errno)); 63 exit(2); 64 } 65 66 for (i = 0; secclass_map[i].name; i++) { 67 struct security_class_mapping *map = &secclass_map[i]; 68 map->name = stoupperx(map->name); 69 for (j = 0; map->perms[j]; j++) 70 map->perms[j] = stoupperx(map->perms[j]); 71 } 72 73 isids_len = sizeof(initial_sid_to_string) / sizeof (char *); 74 for (i = 1; i < isids_len; i++) 75 initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]); 76 77 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 78 fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); 79 80 for (i = 0; secclass_map[i].name; i++) { 81 struct security_class_mapping *map = &secclass_map[i]; 82 fprintf(fout, "#define SECCLASS_%s", map->name); 83 for (j = 0; j < max(1, 40 - strlen(map->name)); j++) 84 fprintf(fout, " "); 85 fprintf(fout, "%2d\n", i+1); 86 } 87 88 fprintf(fout, "\n"); 89 90 for (i = 1; i < isids_len; i++) { 91 const char *s = initial_sid_to_string[i]; 92 fprintf(fout, "#define SECINITSID_%s", s); 93 for (j = 0; j < max(1, 40 - strlen(s)); j++) 94 fprintf(fout, " "); 95 fprintf(fout, "%2d\n", i); 96 } 97 fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); 98 fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); 99 fprintf(fout, "{\n"); 100 fprintf(fout, "\tbool sock = false;\n\n"); 101 fprintf(fout, "\tswitch (kern_tclass) {\n"); 102 for (i = 0; secclass_map[i].name; i++) { 103 struct security_class_mapping *map = &secclass_map[i]; 104 substr = strstr(map->name, needle); 105 if (substr && strcmp(substr, needle) == 0) 106 fprintf(fout, "\tcase SECCLASS_%s:\n", map->name); 107 } 108 fprintf(fout, "\t\tsock = true;\n"); 109 fprintf(fout, "\t\tbreak;\n"); 110 fprintf(fout, "\tdefault:\n"); 111 fprintf(fout, "\t\tbreak;\n"); 112 fprintf(fout, "\t}\n\n"); 113 fprintf(fout, "\treturn sock;\n"); 114 fprintf(fout, "}\n"); 115 116 fprintf(fout, "\n#endif\n"); 117 fclose(fout); 118 119 fout = fopen(argv[2], "w"); 120 if (!fout) { 121 fprintf(stderr, "Could not open %s for writing: %s\n", 122 argv[2], strerror(errno)); 123 exit(4); 124 } 125 126 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 127 fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n"); 128 129 for (i = 0; secclass_map[i].name; i++) { 130 struct security_class_mapping *map = &secclass_map[i]; 131 for (j = 0; map->perms[j]; j++) { 132 if (j >= 32) { 133 fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", 134 map->name, map->perms[j]); 135 exit(5); 136 } 137 fprintf(fout, "#define %s__%s", map->name, 138 map->perms[j]); 139 for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) 140 fprintf(fout, " "); 141 fprintf(fout, "0x%08xU\n", (1<<j)); 142 } 143 } 144 145 fprintf(fout, "\n#endif\n"); 146 fclose(fout); 147 exit(0); 148 } 149