1#include <stdio.h> 2#include <stdlib.h> 3#include <unistd.h> 4#include <string.h> 5#include <errno.h> 6#include <ctype.h> 7 8struct security_class_mapping { 9 const char *name; 10 const char *perms[sizeof(unsigned) * 8 + 1]; 11}; 12 13#include "classmap.h" 14#include "initial_sid_to_string.h" 15 16#define max(x, y) (((int)(x) > (int)(y)) ? x : y) 17 18const char *progname; 19 20static void usage(void) 21{ 22 printf("usage: %s flask.h av_permissions.h\n", progname); 23 exit(1); 24} 25 26static char *stoupperx(const char *s) 27{ 28 char *s2 = strdup(s); 29 char *p; 30 31 if (!s2) { 32 fprintf(stderr, "%s: out of memory\n", progname); 33 exit(3); 34 } 35 36 for (p = s2; *p; p++) 37 *p = toupper(*p); 38 return s2; 39} 40 41int main(int argc, char *argv[]) 42{ 43 int i, j, k; 44 int isids_len; 45 FILE *fout; 46 const char *needle = "SOCKET"; 47 char *substr; 48 49 progname = argv[0]; 50 51 if (argc < 3) 52 usage(); 53 54 fout = fopen(argv[1], "w"); 55 if (!fout) { 56 fprintf(stderr, "Could not open %s for writing: %s\n", 57 argv[1], strerror(errno)); 58 exit(2); 59 } 60 61 for (i = 0; secclass_map[i].name; i++) { 62 struct security_class_mapping *map = &secclass_map[i]; 63 map->name = stoupperx(map->name); 64 for (j = 0; map->perms[j]; j++) 65 map->perms[j] = stoupperx(map->perms[j]); 66 } 67 68 isids_len = sizeof(initial_sid_to_string) / sizeof (char *); 69 for (i = 1; i < isids_len; i++) 70 initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]); 71 72 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 73 fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); 74 75 for (i = 0; secclass_map[i].name; i++) { 76 struct security_class_mapping *map = &secclass_map[i]; 77 fprintf(fout, "#define SECCLASS_%s", map->name); 78 for (j = 0; j < max(1, 40 - strlen(map->name)); j++) 79 fprintf(fout, " "); 80 fprintf(fout, "%2d\n", i+1); 81 } 82 83 fprintf(fout, "\n"); 84 85 for (i = 1; i < isids_len; i++) { 86 const char *s = initial_sid_to_string[i]; 87 fprintf(fout, "#define SECINITSID_%s", s); 88 for (j = 0; j < max(1, 40 - strlen(s)); j++) 89 fprintf(fout, " "); 90 fprintf(fout, "%2d\n", i); 91 } 92 fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); 93 fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); 94 fprintf(fout, "{\n"); 95 fprintf(fout, "\tbool sock = false;\n\n"); 96 fprintf(fout, "\tswitch (kern_tclass) {\n"); 97 for (i = 0; secclass_map[i].name; i++) { 98 struct security_class_mapping *map = &secclass_map[i]; 99 substr = strstr(map->name, needle); 100 if (substr && strcmp(substr, needle) == 0) 101 fprintf(fout, "\tcase SECCLASS_%s:\n", map->name); 102 } 103 fprintf(fout, "\t\tsock = true;\n"); 104 fprintf(fout, "\t\tbreak;\n"); 105 fprintf(fout, "\tdefault:\n"); 106 fprintf(fout, "\t\tbreak;\n"); 107 fprintf(fout, "\t}\n\n"); 108 fprintf(fout, "\treturn sock;\n"); 109 fprintf(fout, "}\n"); 110 111 fprintf(fout, "\n#endif\n"); 112 fclose(fout); 113 114 fout = fopen(argv[2], "w"); 115 if (!fout) { 116 fprintf(stderr, "Could not open %s for writing: %s\n", 117 argv[2], strerror(errno)); 118 exit(4); 119 } 120 121 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 122 fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n"); 123 124 for (i = 0; secclass_map[i].name; i++) { 125 struct security_class_mapping *map = &secclass_map[i]; 126 for (j = 0; map->perms[j]; j++) { 127 fprintf(fout, "#define %s__%s", map->name, 128 map->perms[j]); 129 for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) 130 fprintf(fout, " "); 131 fprintf(fout, "0x%08xUL\n", (1<<j)); 132 } 133 } 134 135 fprintf(fout, "\n#endif\n"); 136 fclose(fout); 137 exit(0); 138} 139