linux/scripts/selinux/mdp/mdp.c
<<
>>
Prefs 
   1/*
   2 *
   3 * mdp - make dummy policy
   4 *
   5 * When pointed at a kernel tree, builds a dummy policy for that kernel
   6 * with exactly one type with full rights to itself.
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License as published by
  10 * the Free Software Foundation; either version 2 of the License, or
  11 * (at your option) any later version.
  12 *
  13 * This program is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 * GNU General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; if not, write to the Free Software
  20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  21 *
  22 * Copyright (C) IBM Corporation, 2006
  23 *
  24 * Authors: Serge E. Hallyn <serue@us.ibm.com>
  25 */
  26
  27#include <stdio.h>
  28#include <stdlib.h>
  29#include <unistd.h>
  30#include <string.h>
  31
  32static void usage(char *name)
  33{
  34        printf("usage: %s [-m] policy_file context_file\n", name);
  35        exit(1);
  36}
  37
  38/* Class/perm mapping support */
  39struct security_class_mapping {
  40        const char *name;
  41        const char *perms[sizeof(unsigned) * 8 + 1];
  42};
  43
  44#include "classmap.h"
  45#include "initial_sid_to_string.h"
  46
  47int main(int argc, char *argv[])
  48{
  49        int i, j, mls = 0;
  50        int initial_sid_to_string_len;
  51        char **arg, *polout, *ctxout;
  52
  53        FILE *fout;
  54
  55        if (argc < 3)
  56                usage(argv[0]);
  57        arg = argv+1;
  58        if (argc==4 && strcmp(argv[1], "-m") == 0) {
  59                mls = 1;
  60                arg++;
  61        }
  62        polout = *arg++;
  63        ctxout = *arg;
  64
  65        fout = fopen(polout, "w");
  66        if (!fout) {
  67                printf("Could not open %s for writing\n", polout);
  68                usage(argv[0]);
  69        }
  70
  71        /* print out the classes */
  72        for (i = 0; secclass_map[i].name; i++)
  73                fprintf(fout, "class %s\n", secclass_map[i].name);
  74        fprintf(fout, "\n");
  75
  76        initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *);
  77        /* print out the sids */
  78        for (i = 1; i < initial_sid_to_string_len; i++)
  79                fprintf(fout, "sid %s\n", initial_sid_to_string[i]);
  80        fprintf(fout, "\n");
  81
  82        /* print out the class permissions */
  83        for (i = 0; secclass_map[i].name; i++) {
  84                struct security_class_mapping *map = &secclass_map[i];
  85                fprintf(fout, "class %s\n", map->name);
  86                fprintf(fout, "{\n");
  87                for (j = 0; map->perms[j]; j++)
  88                        fprintf(fout, "\t%s\n", map->perms[j]);
  89                fprintf(fout, "}\n\n");
  90        }
  91        fprintf(fout, "\n");
  92
  93        /* NOW PRINT OUT MLS STUFF */
  94        if (mls) {
  95                printf("MLS not yet implemented\n");
  96                exit(1);
  97        }
  98
  99        /* types, roles, and allows */
 100        fprintf(fout, "type base_t;\n");
 101        fprintf(fout, "role base_r types { base_t };\n");
 102        for (i = 0; secclass_map[i].name; i++)
 103                fprintf(fout, "allow base_t base_t:%s *;\n",
 104                        secclass_map[i].name);
 105        fprintf(fout, "user user_u roles { base_r };\n");
 106        fprintf(fout, "\n");
 107
 108        /* default sids */
 109        for (i = 1; i < initial_sid_to_string_len; i++)
 110                fprintf(fout, "sid %s user_u:base_r:base_t\n", initial_sid_to_string[i]);
 111        fprintf(fout, "\n");
 112
 113        fprintf(fout, "fs_use_xattr ext2 user_u:base_r:base_t;\n");
 114        fprintf(fout, "fs_use_xattr ext3 user_u:base_r:base_t;\n");
 115        fprintf(fout, "fs_use_xattr ext4 user_u:base_r:base_t;\n");
 116        fprintf(fout, "fs_use_xattr jfs user_u:base_r:base_t;\n");
 117        fprintf(fout, "fs_use_xattr xfs user_u:base_r:base_t;\n");
 118        fprintf(fout, "fs_use_xattr reiserfs user_u:base_r:base_t;\n");
 119        fprintf(fout, "fs_use_xattr jffs2 user_u:base_r:base_t;\n");
 120        fprintf(fout, "fs_use_xattr gfs2 user_u:base_r:base_t;\n");
 121        fprintf(fout, "fs_use_xattr lustre user_u:base_r:base_t;\n");
 122
 123        fprintf(fout, "fs_use_task eventpollfs user_u:base_r:base_t;\n");
 124        fprintf(fout, "fs_use_task pipefs user_u:base_r:base_t;\n");
 125        fprintf(fout, "fs_use_task sockfs user_u:base_r:base_t;\n");
 126
 127        fprintf(fout, "fs_use_trans mqueue user_u:base_r:base_t;\n");
 128        fprintf(fout, "fs_use_trans devpts user_u:base_r:base_t;\n");
 129        fprintf(fout, "fs_use_trans hugetlbfs user_u:base_r:base_t;\n");
 130        fprintf(fout, "fs_use_trans tmpfs user_u:base_r:base_t;\n");
 131        fprintf(fout, "fs_use_trans shm user_u:base_r:base_t;\n");
 132
 133        fprintf(fout, "genfscon proc / user_u:base_r:base_t\n");
 134
 135        fclose(fout);
 136
 137        fout = fopen(ctxout, "w");
 138        if (!fout) {
 139                printf("Wrote policy, but cannot open %s for writing\n", ctxout);
 140                usage(argv[0]);
 141        }
 142        fprintf(fout, "/ user_u:base_r:base_t\n");
 143        fprintf(fout, "/.* user_u:base_r:base_t\n");
 144        fclose(fout);
 145
 146        return 0;
 147}
 148
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.