1*2d543d20SAndroid Build Coastguard Worker#!/usr/bin/python3 -EsI 2*2d543d20SAndroid Build Coastguard Worker# 3*2d543d20SAndroid Build Coastguard Worker# Authors: Karl MacMillan <[email protected]> 4*2d543d20SAndroid Build Coastguard Worker# 5*2d543d20SAndroid Build Coastguard Worker# Copyright (C) 2006 Red Hat 6*2d543d20SAndroid Build Coastguard Worker# see file 'COPYING' for use and warranty information 7*2d543d20SAndroid Build Coastguard Worker# 8*2d543d20SAndroid Build Coastguard Worker# This program is free software; you can redistribute it and/or 9*2d543d20SAndroid Build Coastguard Worker# modify it under the terms of the GNU General Public License as 10*2d543d20SAndroid Build Coastguard Worker# published by the Free Software Foundation; version 2 only 11*2d543d20SAndroid Build Coastguard Worker# 12*2d543d20SAndroid Build Coastguard Worker# This program is distributed in the hope that it will be useful, 13*2d543d20SAndroid Build Coastguard Worker# but WITHOUT ANY WARRANTY; without even the implied warranty of 14*2d543d20SAndroid Build Coastguard Worker# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15*2d543d20SAndroid Build Coastguard Worker# GNU General Public License for more details. 16*2d543d20SAndroid Build Coastguard Worker# 17*2d543d20SAndroid Build Coastguard Worker# You should have received a copy of the GNU General Public License 18*2d543d20SAndroid Build Coastguard Worker# along with this program; if not, write to the Free Software 19*2d543d20SAndroid Build Coastguard Worker# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20*2d543d20SAndroid Build Coastguard Worker# 21*2d543d20SAndroid Build Coastguard Worker 22*2d543d20SAndroid Build Coastguard Worker# Parse interfaces and output extracted information about them 23*2d543d20SAndroid Build Coastguard Worker# suitable for policy generation. By default writes the output 24*2d543d20SAndroid Build Coastguard Worker# to the default location (obtained from sepolgen.defaults), but 25*2d543d20SAndroid Build Coastguard Worker# will output to another file provided as an argument: 26*2d543d20SAndroid Build Coastguard Worker# sepolgen-ifgen [headers] [output-filename] 27*2d543d20SAndroid Build Coastguard Worker 28*2d543d20SAndroid Build Coastguard Worker 29*2d543d20SAndroid Build Coastguard Workerimport sys 30*2d543d20SAndroid Build Coastguard Workerimport tempfile 31*2d543d20SAndroid Build Coastguard Workerimport subprocess 32*2d543d20SAndroid Build Coastguard Worker 33*2d543d20SAndroid Build Coastguard Workerimport selinux 34*2d543d20SAndroid Build Coastguard Worker 35*2d543d20SAndroid Build Coastguard Workerimport sepolgen.refparser as refparser 36*2d543d20SAndroid Build Coastguard Workerimport sepolgen.defaults as defaults 37*2d543d20SAndroid Build Coastguard Workerimport sepolgen.interfaces as interfaces 38*2d543d20SAndroid Build Coastguard Worker 39*2d543d20SAndroid Build Coastguard Worker 40*2d543d20SAndroid Build Coastguard WorkerVERSION = "%prog .1" 41*2d543d20SAndroid Build Coastguard WorkerATTR_HELPER = "/usr/bin/sepolgen-ifgen-attr-helper" 42*2d543d20SAndroid Build Coastguard Worker 43*2d543d20SAndroid Build Coastguard Worker 44*2d543d20SAndroid Build Coastguard Workerdef parse_options(): 45*2d543d20SAndroid Build Coastguard Worker from optparse import OptionParser 46*2d543d20SAndroid Build Coastguard Worker 47*2d543d20SAndroid Build Coastguard Worker parser = OptionParser(version=VERSION) 48*2d543d20SAndroid Build Coastguard Worker parser.add_option("-o", "--output", dest="output", default=defaults.interface_info(), 49*2d543d20SAndroid Build Coastguard Worker help="filename to store output") 50*2d543d20SAndroid Build Coastguard Worker parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(), 51*2d543d20SAndroid Build Coastguard Worker help="location of the interface header files") 52*2d543d20SAndroid Build Coastguard Worker parser.add_option("-a", "--attribute_info", dest="attribute_info") 53*2d543d20SAndroid Build Coastguard Worker parser.add_option("-p", "--policy", dest="policy_path") 54*2d543d20SAndroid Build Coastguard Worker parser.add_option("-v", "--verbose", action="store_true", default=False, 55*2d543d20SAndroid Build Coastguard Worker help="print debugging output") 56*2d543d20SAndroid Build Coastguard Worker parser.add_option("-d", "--debug", action="store_true", default=False, 57*2d543d20SAndroid Build Coastguard Worker help="extra debugging output") 58*2d543d20SAndroid Build Coastguard Worker parser.add_option("--attr-helper", default=ATTR_HELPER, 59*2d543d20SAndroid Build Coastguard Worker help="path to sepolgen-ifgen-attr-helper") 60*2d543d20SAndroid Build Coastguard Worker parser.add_option("--no_attrs", action="store_true", default=False, 61*2d543d20SAndroid Build Coastguard Worker help="do not retrieve attribute access from kernel policy") 62*2d543d20SAndroid Build Coastguard Worker options, args = parser.parse_args() 63*2d543d20SAndroid Build Coastguard Worker 64*2d543d20SAndroid Build Coastguard Worker return options 65*2d543d20SAndroid Build Coastguard Worker 66*2d543d20SAndroid Build Coastguard Worker 67*2d543d20SAndroid Build Coastguard Workerdef get_attrs(policy_path, attr_helper): 68*2d543d20SAndroid Build Coastguard Worker try: 69*2d543d20SAndroid Build Coastguard Worker outfile = tempfile.NamedTemporaryFile() 70*2d543d20SAndroid Build Coastguard Worker except IOError as e: 71*2d543d20SAndroid Build Coastguard Worker sys.stderr.write("could not open attribute output file\n") 72*2d543d20SAndroid Build Coastguard Worker return None 73*2d543d20SAndroid Build Coastguard Worker 74*2d543d20SAndroid Build Coastguard Worker fd = open("/dev/null", "w") 75*2d543d20SAndroid Build Coastguard Worker if policy_path: 76*2d543d20SAndroid Build Coastguard Worker ret = subprocess.Popen([attr_helper, outfile.name, policy_path], stdout=fd).wait() 77*2d543d20SAndroid Build Coastguard Worker else: 78*2d543d20SAndroid Build Coastguard Worker ret = subprocess.Popen([attr_helper, outfile.name], stdout=fd).wait() 79*2d543d20SAndroid Build Coastguard Worker fd.close() 80*2d543d20SAndroid Build Coastguard Worker if ret != 0: 81*2d543d20SAndroid Build Coastguard Worker sys.stderr.write("could not run attribute helper\n") 82*2d543d20SAndroid Build Coastguard Worker return None 83*2d543d20SAndroid Build Coastguard Worker 84*2d543d20SAndroid Build Coastguard Worker attrs = interfaces.AttributeSet() 85*2d543d20SAndroid Build Coastguard Worker try: 86*2d543d20SAndroid Build Coastguard Worker attrs.from_file(outfile) 87*2d543d20SAndroid Build Coastguard Worker except: 88*2d543d20SAndroid Build Coastguard Worker print("error parsing attribute info") 89*2d543d20SAndroid Build Coastguard Worker return None 90*2d543d20SAndroid Build Coastguard Worker 91*2d543d20SAndroid Build Coastguard Worker return attrs 92*2d543d20SAndroid Build Coastguard Worker 93*2d543d20SAndroid Build Coastguard Worker 94*2d543d20SAndroid Build Coastguard Workerdef main(): 95*2d543d20SAndroid Build Coastguard Worker options = parse_options() 96*2d543d20SAndroid Build Coastguard Worker 97*2d543d20SAndroid Build Coastguard Worker # Open the output first to generate errors before parsing 98*2d543d20SAndroid Build Coastguard Worker try: 99*2d543d20SAndroid Build Coastguard Worker f = open(options.output, "w") 100*2d543d20SAndroid Build Coastguard Worker except IOError as e: 101*2d543d20SAndroid Build Coastguard Worker sys.stderr.write("could not open output file [%s]\n" % options.output) 102*2d543d20SAndroid Build Coastguard Worker return 1 103*2d543d20SAndroid Build Coastguard Worker 104*2d543d20SAndroid Build Coastguard Worker if options.verbose: 105*2d543d20SAndroid Build Coastguard Worker log = sys.stdout 106*2d543d20SAndroid Build Coastguard Worker else: 107*2d543d20SAndroid Build Coastguard Worker log = None 108*2d543d20SAndroid Build Coastguard Worker 109*2d543d20SAndroid Build Coastguard Worker # Get the attributes from the binary 110*2d543d20SAndroid Build Coastguard Worker attrs = None 111*2d543d20SAndroid Build Coastguard Worker if not options.no_attrs: 112*2d543d20SAndroid Build Coastguard Worker attrs = get_attrs(options.policy_path, options.attr_helper) 113*2d543d20SAndroid Build Coastguard Worker if attrs is None: 114*2d543d20SAndroid Build Coastguard Worker return 1 115*2d543d20SAndroid Build Coastguard Worker 116*2d543d20SAndroid Build Coastguard Worker # Parse the headers 117*2d543d20SAndroid Build Coastguard Worker try: 118*2d543d20SAndroid Build Coastguard Worker headers = refparser.parse_headers(options.headers, output=log, debug=options.debug) 119*2d543d20SAndroid Build Coastguard Worker except ValueError as e: 120*2d543d20SAndroid Build Coastguard Worker sys.stderr.write("error parsing headers: %s\n" % e) 121*2d543d20SAndroid Build Coastguard Worker return 1 122*2d543d20SAndroid Build Coastguard Worker 123*2d543d20SAndroid Build Coastguard Worker if_set = interfaces.InterfaceSet(output=log) 124*2d543d20SAndroid Build Coastguard Worker if_set.add_headers(headers, attributes=attrs) 125*2d543d20SAndroid Build Coastguard Worker if_set.to_file(f) 126*2d543d20SAndroid Build Coastguard Worker f.close() 127*2d543d20SAndroid Build Coastguard Worker 128*2d543d20SAndroid Build Coastguard Worker if refparser.success: 129*2d543d20SAndroid Build Coastguard Worker return 0 130*2d543d20SAndroid Build Coastguard Worker else: 131*2d543d20SAndroid Build Coastguard Worker return 1 132*2d543d20SAndroid Build Coastguard Worker 133*2d543d20SAndroid Build Coastguard Workerif __name__ == "__main__": 134*2d543d20SAndroid Build Coastguard Worker sys.exit(main()) 135