1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * mdp - make dummy policy 5 * 6 * When pointed at a kernel tree, builds a dummy policy for that kernel 7 * with exactly one type with full rights to itself. 8 * 9 * Copyright (C) IBM Corporation, 2006 10 * 11 * Authors: Serge E. Hallyn <serue@us.ibm.com> 12 */ 13 14 15 /* NOTE: we really do want to use the kernel headers here */ 16 #define __EXPORTED_HEADERS__ 17 18 #include <stdio.h> 19 #include <stdlib.h> 20 #include <unistd.h> 21 #include <string.h> 22 #include <linux/kconfig.h> 23 24 static void usage(char *name) 25 { 26 printf("usage: %s [-m] policy_file context_file\n", name); 27 exit(1); 28 } 29 30 /* Class/perm mapping support */ 31 struct security_class_mapping { 32 const char *name; 33 const char *perms[sizeof(unsigned) * 8 + 1]; 34 }; 35 36 #include "classmap.h" 37 #include "initial_sid_to_string.h" 38 39 int main(int argc, char *argv[]) 40 { 41 int i, j, mls = 0; 42 int initial_sid_to_string_len; 43 char **arg, *polout, *ctxout; 44 45 FILE *fout; 46 47 if (argc < 3) 48 usage(argv[0]); 49 arg = argv+1; 50 if (argc==4 && strcmp(argv[1], "-m") == 0) { 51 mls = 1; 52 arg++; 53 } 54 polout = *arg++; 55 ctxout = *arg; 56 57 fout = fopen(polout, "w"); 58 if (!fout) { 59 printf("Could not open %s for writing\n", polout); 60 usage(argv[0]); 61 } 62 63 /* print out the classes */ 64 for (i = 0; secclass_map[i].name; i++) 65 fprintf(fout, "class %s\n", secclass_map[i].name); 66 fprintf(fout, "\n"); 67 68 initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *); 69 /* print out the sids */ 70 for (i = 1; i < initial_sid_to_string_len; i++) 71 fprintf(fout, "sid %s\n", initial_sid_to_string[i]); 72 fprintf(fout, "\n"); 73 74 /* print out the class permissions */ 75 for (i = 0; secclass_map[i].name; i++) { 76 struct security_class_mapping *map = &secclass_map[i]; 77 fprintf(fout, "class %s\n", map->name); 78 fprintf(fout, "{\n"); 79 for (j = 0; map->perms[j]; j++) 80 fprintf(fout, "\t%s\n", map->perms[j]); 81 fprintf(fout, "}\n\n"); 82 } 83 fprintf(fout, "\n"); 84 85 /* print out mls declarations and constraints */ 86 if (mls) { 87 fprintf(fout, "sensitivity s0;\n"); 88 fprintf(fout, "sensitivity s1;\n"); 89 fprintf(fout, "dominance { s0 s1 }\n"); 90 fprintf(fout, "category c0;\n"); 91 fprintf(fout, "category c1;\n"); 92 fprintf(fout, "level s0:c0.c1;\n"); 93 fprintf(fout, "level s1:c0.c1;\n"); 94 #define SYSTEMLOW "s0" 95 #define SYSTEMHIGH "s1:c0.c1" 96 for (i = 0; secclass_map[i].name; i++) { 97 struct security_class_mapping *map = &secclass_map[i]; 98 99 fprintf(fout, "mlsconstrain %s {\n", map->name); 100 for (j = 0; map->perms[j]; j++) 101 fprintf(fout, "\t%s\n", map->perms[j]); 102 /* 103 * This requires all subjects and objects to be 104 * single-level (l2 eq h2), and that the subject 105 * level dominate the object level (h1 dom h2) 106 * in order to have any permissions to it. 107 */ 108 fprintf(fout, "} (l2 eq h2 and h1 dom h2);\n\n"); 109 } 110 } 111 112 /* types, roles, and allows */ 113 fprintf(fout, "type base_t;\n"); 114 fprintf(fout, "role base_r;\n"); 115 fprintf(fout, "role base_r types { base_t };\n"); 116 for (i = 0; secclass_map[i].name; i++) 117 fprintf(fout, "allow base_t base_t:%s *;\n", 118 secclass_map[i].name); 119 fprintf(fout, "user user_u roles { base_r }"); 120 if (mls) 121 fprintf(fout, " level %s range %s - %s", SYSTEMLOW, 122 SYSTEMLOW, SYSTEMHIGH); 123 fprintf(fout, ";\n"); 124 125 #define SUBJUSERROLETYPE "user_u:base_r:base_t" 126 #define OBJUSERROLETYPE "user_u:object_r:base_t" 127 128 /* default sids */ 129 for (i = 1; i < initial_sid_to_string_len; i++) 130 fprintf(fout, "sid %s " SUBJUSERROLETYPE "%s\n", 131 initial_sid_to_string[i], mls ? ":" SYSTEMLOW : ""); 132 fprintf(fout, "\n"); 133 134 #define FS_USE(behavior, fstype) \ 135 fprintf(fout, "fs_use_%s %s " OBJUSERROLETYPE "%s;\n", \ 136 behavior, fstype, mls ? ":" SYSTEMLOW : "") 137 138 /* 139 * Filesystems whose inode labels can be fetched via getxattr. 140 */ 141 #ifdef CONFIG_EXT2_FS_SECURITY 142 FS_USE("xattr", "ext2"); 143 #endif 144 #ifdef CONFIG_EXT4_FS_SECURITY 145 #ifdef CONFIG_EXT4_USE_FOR_EXT2 146 FS_USE("xattr", "ext2"); 147 #endif 148 FS_USE("xattr", "ext3"); 149 FS_USE("xattr", "ext4"); 150 #endif 151 #ifdef CONFIG_JFS_SECURITY 152 FS_USE("xattr", "jfs"); 153 #endif 154 #ifdef CONFIG_REISERFS_FS_SECURITY 155 FS_USE("xattr", "reiserfs"); 156 #endif 157 #ifdef CONFIG_JFFS2_FS_SECURITY 158 FS_USE("xattr", "jffs2"); 159 #endif 160 #ifdef CONFIG_XFS_FS 161 FS_USE("xattr", "xfs"); 162 #endif 163 #ifdef CONFIG_GFS2_FS 164 FS_USE("xattr", "gfs2"); 165 #endif 166 #ifdef CONFIG_BTRFS_FS 167 FS_USE("xattr", "btrfs"); 168 #endif 169 #ifdef CONFIG_F2FS_FS_SECURITY 170 FS_USE("xattr", "f2fs"); 171 #endif 172 #ifdef CONFIG_OCFS2_FS 173 FS_USE("xattr", "ocsfs2"); 174 #endif 175 #ifdef CONFIG_OVERLAY_FS 176 FS_USE("xattr", "overlay"); 177 #endif 178 #ifdef CONFIG_SQUASHFS_XATTR 179 FS_USE("xattr", "squashfs"); 180 #endif 181 182 /* 183 * Filesystems whose inodes are labeled from allocating task. 184 */ 185 FS_USE("task", "pipefs"); 186 FS_USE("task", "sockfs"); 187 188 /* 189 * Filesystems whose inode labels are computed from both 190 * the allocating task and the superblock label. 191 */ 192 #ifdef CONFIG_UNIX98_PTYS 193 FS_USE("trans", "devpts"); 194 #endif 195 #ifdef CONFIG_HUGETLBFS 196 FS_USE("trans", "hugetlbfs"); 197 #endif 198 #ifdef CONFIG_TMPFS 199 FS_USE("trans", "tmpfs"); 200 #endif 201 #ifdef CONFIG_DEVTMPFS 202 FS_USE("trans", "devtmpfs"); 203 #endif 204 #ifdef CONFIG_POSIX_MQUEUE 205 FS_USE("trans", "mqueue"); 206 #endif 207 208 #define GENFSCON(fstype, prefix) \ 209 fprintf(fout, "genfscon %s %s " OBJUSERROLETYPE "%s\n", \ 210 fstype, prefix, mls ? ":" SYSTEMLOW : "") 211 212 /* 213 * Filesystems whose inodes are labeled from path prefix match 214 * relative to the filesystem root. Depending on the filesystem, 215 * only a single label for all inodes may be supported. Here 216 * we list the filesystem types for which per-file labeling is 217 * supported using genfscon; any other filesystem type can also 218 * be added by only with a single entry for all of its inodes. 219 */ 220 #ifdef CONFIG_PROC_FS 221 GENFSCON("proc", "/"); 222 #endif 223 #ifdef CONFIG_SECURITY_SELINUX 224 GENFSCON("selinuxfs", "/"); 225 #endif 226 #ifdef CONFIG_SYSFS 227 GENFSCON("sysfs", "/"); 228 #endif 229 #ifdef CONFIG_DEBUG_FS 230 GENFSCON("debugfs", "/"); 231 #endif 232 #ifdef CONFIG_TRACING 233 GENFSCON("tracefs", "/"); 234 #endif 235 #ifdef CONFIG_PSTORE 236 GENFSCON("pstore", "/"); 237 #endif 238 GENFSCON("cgroup", "/"); 239 GENFSCON("cgroup2", "/"); 240 241 fclose(fout); 242 243 fout = fopen(ctxout, "w"); 244 if (!fout) { 245 printf("Wrote policy, but cannot open %s for writing\n", ctxout); 246 usage(argv[0]); 247 } 248 fprintf(fout, "/ " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : ""); 249 fprintf(fout, "/.* " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : ""); 250 fclose(fout); 251 252 return 0; 253 } 254