1 /* 2 * 3 * mdp - make dummy policy 4 * 5 * When pointed at a kernel tree, builds a dummy policy for that kernel 6 * with exactly one type with full rights to itself. 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 21 * 22 * Copyright (C) IBM Corporation, 2006 23 * 24 * Authors: Serge E. Hallyn <serue@us.ibm.com> 25 */ 26 27 28 /* NOTE: we really do want to use the kernel headers here */ 29 #define __EXPORTED_HEADERS__ 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <unistd.h> 34 #include <string.h> 35 #include <linux/kconfig.h> 36 37 static void usage(char *name) 38 { 39 printf("usage: %s [-m] policy_file context_file\n", name); 40 exit(1); 41 } 42 43 /* Class/perm mapping support */ 44 struct security_class_mapping { 45 const char *name; 46 const char *perms[sizeof(unsigned) * 8 + 1]; 47 }; 48 49 #include "classmap.h" 50 #include "initial_sid_to_string.h" 51 52 int main(int argc, char *argv[]) 53 { 54 int i, j, mls = 0; 55 int initial_sid_to_string_len; 56 char **arg, *polout, *ctxout; 57 58 FILE *fout; 59 60 if (argc < 3) 61 usage(argv[0]); 62 arg = argv+1; 63 if (argc==4 && strcmp(argv[1], "-m") == 0) { 64 mls = 1; 65 arg++; 66 } 67 polout = *arg++; 68 ctxout = *arg; 69 70 fout = fopen(polout, "w"); 71 if (!fout) { 72 printf("Could not open %s for writing\n", polout); 73 usage(argv[0]); 74 } 75 76 /* print out the classes */ 77 for (i = 0; secclass_map[i].name; i++) 78 fprintf(fout, "class %s\n", secclass_map[i].name); 79 fprintf(fout, "\n"); 80 81 initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *); 82 /* print out the sids */ 83 for (i = 1; i < initial_sid_to_string_len; i++) 84 fprintf(fout, "sid %s\n", initial_sid_to_string[i]); 85 fprintf(fout, "\n"); 86 87 /* print out the class permissions */ 88 for (i = 0; secclass_map[i].name; i++) { 89 struct security_class_mapping *map = &secclass_map[i]; 90 fprintf(fout, "class %s\n", map->name); 91 fprintf(fout, "{\n"); 92 for (j = 0; map->perms[j]; j++) 93 fprintf(fout, "\t%s\n", map->perms[j]); 94 fprintf(fout, "}\n\n"); 95 } 96 fprintf(fout, "\n"); 97 98 /* print out mls declarations and constraints */ 99 if (mls) { 100 fprintf(fout, "sensitivity s0;\n"); 101 fprintf(fout, "sensitivity s1;\n"); 102 fprintf(fout, "dominance { s0 s1 }\n"); 103 fprintf(fout, "category c0;\n"); 104 fprintf(fout, "category c1;\n"); 105 fprintf(fout, "level s0:c0.c1;\n"); 106 fprintf(fout, "level s1:c0.c1;\n"); 107 #define SYSTEMLOW "s0" 108 #define SYSTEMHIGH "s1:c0.c1" 109 for (i = 0; secclass_map[i].name; i++) { 110 struct security_class_mapping *map = &secclass_map[i]; 111 112 fprintf(fout, "mlsconstrain %s {\n", map->name); 113 for (j = 0; map->perms[j]; j++) 114 fprintf(fout, "\t%s\n", map->perms[j]); 115 /* 116 * This requires all subjects and objects to be 117 * single-level (l2 eq h2), and that the subject 118 * level dominate the object level (h1 dom h2) 119 * in order to have any permissions to it. 120 */ 121 fprintf(fout, "} (l2 eq h2 and h1 dom h2);\n\n"); 122 } 123 } 124 125 /* types, roles, and allows */ 126 fprintf(fout, "type base_t;\n"); 127 fprintf(fout, "role base_r;\n"); 128 fprintf(fout, "role base_r types { base_t };\n"); 129 for (i = 0; secclass_map[i].name; i++) 130 fprintf(fout, "allow base_t base_t:%s *;\n", 131 secclass_map[i].name); 132 fprintf(fout, "user user_u roles { base_r }"); 133 if (mls) 134 fprintf(fout, " level %s range %s - %s", SYSTEMLOW, 135 SYSTEMLOW, SYSTEMHIGH); 136 fprintf(fout, ";\n"); 137 138 #define SUBJUSERROLETYPE "user_u:base_r:base_t" 139 #define OBJUSERROLETYPE "user_u:object_r:base_t" 140 141 /* default sids */ 142 for (i = 1; i < initial_sid_to_string_len; i++) 143 fprintf(fout, "sid %s " SUBJUSERROLETYPE "%s\n", 144 initial_sid_to_string[i], mls ? ":" SYSTEMLOW : ""); 145 fprintf(fout, "\n"); 146 147 #define FS_USE(behavior, fstype) \ 148 fprintf(fout, "fs_use_%s %s " OBJUSERROLETYPE "%s;\n", \ 149 behavior, fstype, mls ? ":" SYSTEMLOW : "") 150 151 /* 152 * Filesystems whose inode labels can be fetched via getxattr. 153 */ 154 #ifdef CONFIG_EXT2_FS_SECURITY 155 FS_USE("xattr", "ext2"); 156 #endif 157 #ifdef CONFIG_EXT4_FS_SECURITY 158 #ifdef CONFIG_EXT4_USE_FOR_EXT2 159 FS_USE("xattr", "ext2"); 160 #endif 161 FS_USE("xattr", "ext3"); 162 FS_USE("xattr", "ext4"); 163 #endif 164 #ifdef CONFIG_JFS_SECURITY 165 FS_USE("xattr", "jfs"); 166 #endif 167 #ifdef CONFIG_REISERFS_FS_SECURITY 168 FS_USE("xattr", "reiserfs"); 169 #endif 170 #ifdef CONFIG_JFFS2_FS_SECURITY 171 FS_USE("xattr", "jffs2"); 172 #endif 173 #ifdef CONFIG_XFS_FS 174 FS_USE("xattr", "xfs"); 175 #endif 176 #ifdef CONFIG_GFS2_FS 177 FS_USE("xattr", "gfs2"); 178 #endif 179 #ifdef CONFIG_BTRFS_FS 180 FS_USE("xattr", "btrfs"); 181 #endif 182 #ifdef CONFIG_F2FS_FS_SECURITY 183 FS_USE("xattr", "f2fs"); 184 #endif 185 #ifdef CONFIG_OCFS2_FS 186 FS_USE("xattr", "ocsfs2"); 187 #endif 188 #ifdef CONFIG_OVERLAY_FS 189 FS_USE("xattr", "overlay"); 190 #endif 191 #ifdef CONFIG_SQUASHFS_XATTR 192 FS_USE("xattr", "squashfs"); 193 #endif 194 195 /* 196 * Filesystems whose inodes are labeled from allocating task. 197 */ 198 FS_USE("task", "pipefs"); 199 FS_USE("task", "sockfs"); 200 201 /* 202 * Filesystems whose inode labels are computed from both 203 * the allocating task and the superblock label. 204 */ 205 #ifdef CONFIG_UNIX98_PTYS 206 FS_USE("trans", "devpts"); 207 #endif 208 #ifdef CONFIG_HUGETLBFS 209 FS_USE("trans", "hugetlbfs"); 210 #endif 211 #ifdef CONFIG_TMPFS 212 FS_USE("trans", "tmpfs"); 213 #endif 214 #ifdef CONFIG_DEVTMPFS 215 FS_USE("trans", "devtmpfs"); 216 #endif 217 #ifdef CONFIG_POSIX_MQUEUE 218 FS_USE("trans", "mqueue"); 219 #endif 220 221 #define GENFSCON(fstype, prefix) \ 222 fprintf(fout, "genfscon %s %s " OBJUSERROLETYPE "%s\n", \ 223 fstype, prefix, mls ? ":" SYSTEMLOW : "") 224 225 /* 226 * Filesystems whose inodes are labeled from path prefix match 227 * relative to the filesystem root. Depending on the filesystem, 228 * only a single label for all inodes may be supported. Here 229 * we list the filesystem types for which per-file labeling is 230 * supported using genfscon; any other filesystem type can also 231 * be added by only with a single entry for all of its inodes. 232 */ 233 #ifdef CONFIG_PROC_FS 234 GENFSCON("proc", "/"); 235 #endif 236 #ifdef CONFIG_SECURITY_SELINUX 237 GENFSCON("selinuxfs", "/"); 238 #endif 239 #ifdef CONFIG_SYSFS 240 GENFSCON("sysfs", "/"); 241 #endif 242 #ifdef CONFIG_DEBUG_FS 243 GENFSCON("debugfs", "/"); 244 #endif 245 #ifdef CONFIG_TRACING 246 GENFSCON("tracefs", "/"); 247 #endif 248 #ifdef CONFIG_PSTORE 249 GENFSCON("pstore", "/"); 250 #endif 251 GENFSCON("cgroup", "/"); 252 GENFSCON("cgroup2", "/"); 253 254 fclose(fout); 255 256 fout = fopen(ctxout, "w"); 257 if (!fout) { 258 printf("Wrote policy, but cannot open %s for writing\n", ctxout); 259 usage(argv[0]); 260 } 261 fprintf(fout, "/ " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : ""); 262 fprintf(fout, "/.* " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : ""); 263 fclose(fout); 264 265 return 0; 266 } 267