genheaders.c (3608B)
1// SPDX-License-Identifier: GPL-2.0 2 3/* NOTE: we really do want to use the kernel headers here */ 4#define __EXPORTED_HEADERS__ 5 6#include <stdio.h> 7#include <stdlib.h> 8#include <unistd.h> 9#include <string.h> 10#include <errno.h> 11#include <ctype.h> 12 13struct security_class_mapping { 14 const char *name; 15 const char *perms[sizeof(unsigned) * 8 + 1]; 16}; 17 18#include "classmap.h" 19#include "initial_sid_to_string.h" 20 21const char *progname; 22 23static void usage(void) 24{ 25 printf("usage: %s flask.h av_permissions.h\n", progname); 26 exit(1); 27} 28 29static char *stoupperx(const char *s) 30{ 31 char *s2 = strdup(s); 32 char *p; 33 34 if (!s2) { 35 fprintf(stderr, "%s: out of memory\n", progname); 36 exit(3); 37 } 38 39 for (p = s2; *p; p++) 40 *p = toupper(*p); 41 return s2; 42} 43 44int main(int argc, char *argv[]) 45{ 46 int i, j; 47 int isids_len; 48 FILE *fout; 49 50 progname = argv[0]; 51 52 if (argc < 3) 53 usage(); 54 55 fout = fopen(argv[1], "w"); 56 if (!fout) { 57 fprintf(stderr, "Could not open %s for writing: %s\n", 58 argv[1], strerror(errno)); 59 exit(2); 60 } 61 62 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 63 fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); 64 65 for (i = 0; secclass_map[i].name; i++) { 66 char *name = stoupperx(secclass_map[i].name); 67 68 fprintf(fout, "#define SECCLASS_%-39s %2d\n", name, i+1); 69 free(name); 70 } 71 72 fprintf(fout, "\n"); 73 74 isids_len = sizeof(initial_sid_to_string) / sizeof(char *); 75 for (i = 1; i < isids_len; i++) { 76 const char *s = initial_sid_to_string[i]; 77 if (s) { 78 char *sidname = stoupperx(s); 79 80 fprintf(fout, "#define SECINITSID_%-39s %2d\n", sidname, i); 81 free(sidname); 82 } 83 } 84 fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); 85 fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); 86 fprintf(fout, "{\n"); 87 fprintf(fout, "\tbool sock = false;\n\n"); 88 fprintf(fout, "\tswitch (kern_tclass) {\n"); 89 for (i = 0; secclass_map[i].name; i++) { 90 static char s[] = "SOCKET"; 91 int len, l; 92 char *name = stoupperx(secclass_map[i].name); 93 94 len = strlen(name); 95 l = sizeof(s) - 1; 96 if (len >= l && memcmp(name + len - l, s, l) == 0) 97 fprintf(fout, "\tcase SECCLASS_%s:\n", name); 98 free(name); 99 } 100 fprintf(fout, "\t\tsock = true;\n"); 101 fprintf(fout, "\t\tbreak;\n"); 102 fprintf(fout, "\tdefault:\n"); 103 fprintf(fout, "\t\tbreak;\n"); 104 fprintf(fout, "\t}\n\n"); 105 fprintf(fout, "\treturn sock;\n"); 106 fprintf(fout, "}\n"); 107 108 fprintf(fout, "\n#endif\n"); 109 110 if (fclose(fout) != 0) { 111 fprintf(stderr, "Could not successfully close %s: %s\n", 112 argv[1], strerror(errno)); 113 exit(4); 114 } 115 116 fout = fopen(argv[2], "w"); 117 if (!fout) { 118 fprintf(stderr, "Could not open %s for writing: %s\n", 119 argv[2], strerror(errno)); 120 exit(5); 121 } 122 123 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); 124 fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n"); 125 126 for (i = 0; secclass_map[i].name; i++) { 127 const struct security_class_mapping *map = &secclass_map[i]; 128 int len; 129 char *name = stoupperx(map->name); 130 131 len = strlen(name); 132 for (j = 0; map->perms[j]; j++) { 133 char *permname; 134 135 if (j >= 32) { 136 fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", 137 map->name, map->perms[j]); 138 exit(5); 139 } 140 permname = stoupperx(map->perms[j]); 141 fprintf(fout, "#define %s__%-*s 0x%08xU\n", name, 142 39-len, permname, 1U<<j); 143 free(permname); 144 } 145 free(name); 146 } 147 148 fprintf(fout, "\n#endif\n"); 149 150 if (fclose(fout) != 0) { 151 fprintf(stderr, "Could not successfully close %s: %s\n", 152 argv[2], strerror(errno)); 153 exit(6); 154 } 155 156 exit(0); 157}