xref: /aosp_15_r20/external/selinux/secilc/secil2conf.c (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba) 
1*2d543d20SAndroid Build Coastguard Worker /*
2*2d543d20SAndroid Build Coastguard Worker  * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3*2d543d20SAndroid Build Coastguard Worker  *
4*2d543d20SAndroid Build Coastguard Worker  * Redistribution and use in source and binary forms, with or without
5*2d543d20SAndroid Build Coastguard Worker  * modification, are permitted provided that the following conditions are met:
6*2d543d20SAndroid Build Coastguard Worker  *
7*2d543d20SAndroid Build Coastguard Worker  *    1. Redistributions of source code must retain the above copyright notice,
8*2d543d20SAndroid Build Coastguard Worker  *       this list of conditions and the following disclaimer.
9*2d543d20SAndroid Build Coastguard Worker  *
10*2d543d20SAndroid Build Coastguard Worker  *    2. Redistributions in binary form must reproduce the above copyright notice,
11*2d543d20SAndroid Build Coastguard Worker  *       this list of conditions and the following disclaimer in the documentation
12*2d543d20SAndroid Build Coastguard Worker  *       and/or other materials provided with the distribution.
13*2d543d20SAndroid Build Coastguard Worker  *
14*2d543d20SAndroid Build Coastguard Worker  * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15*2d543d20SAndroid Build Coastguard Worker  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16*2d543d20SAndroid Build Coastguard Worker  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17*2d543d20SAndroid Build Coastguard Worker  * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18*2d543d20SAndroid Build Coastguard Worker  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19*2d543d20SAndroid Build Coastguard Worker  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20*2d543d20SAndroid Build Coastguard Worker  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21*2d543d20SAndroid Build Coastguard Worker  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22*2d543d20SAndroid Build Coastguard Worker  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23*2d543d20SAndroid Build Coastguard Worker  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24*2d543d20SAndroid Build Coastguard Worker  *
25*2d543d20SAndroid Build Coastguard Worker  * The views and conclusions contained in the software and documentation are those
26*2d543d20SAndroid Build Coastguard Worker  * of the authors and should not be interpreted as representing official policies,
27*2d543d20SAndroid Build Coastguard Worker  * either expressed or implied, of Tresys Technology, LLC.
28*2d543d20SAndroid Build Coastguard Worker  */
29*2d543d20SAndroid Build Coastguard Worker 
30*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
31*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
32*2d543d20SAndroid Build Coastguard Worker #include <stdint.h>
33*2d543d20SAndroid Build Coastguard Worker #include <string.h>
34*2d543d20SAndroid Build Coastguard Worker #include <getopt.h>
35*2d543d20SAndroid Build Coastguard Worker #include <sys/stat.h>
36*2d543d20SAndroid Build Coastguard Worker 
37*2d543d20SAndroid Build Coastguard Worker #ifdef ANDROID
38*2d543d20SAndroid Build Coastguard Worker #include <cil/cil.h>
39*2d543d20SAndroid Build Coastguard Worker #else
40*2d543d20SAndroid Build Coastguard Worker #include <sepol/cil/cil.h>
41*2d543d20SAndroid Build Coastguard Worker #endif
42*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb.h>
43*2d543d20SAndroid Build Coastguard Worker 
usage(const char * prog)44*2d543d20SAndroid Build Coastguard Worker static __attribute__((__noreturn__)) void usage(const char *prog)
45*2d543d20SAndroid Build Coastguard Worker {
46*2d543d20SAndroid Build Coastguard Worker 	printf("Usage: %s [OPTION]... FILE...\n", prog);
47*2d543d20SAndroid Build Coastguard Worker 	printf("\n");
48*2d543d20SAndroid Build Coastguard Worker 	printf("Options:\n");
49*2d543d20SAndroid Build Coastguard Worker 	printf("  -o, --output=<file>            write policy.conf to <file>\n");
50*2d543d20SAndroid Build Coastguard Worker 	printf("                                 (default: policy.conf)\n");
51*2d543d20SAndroid Build Coastguard Worker 	printf("  -M, --mls true|false           write an mls policy. Must be true or false.\n");
52*2d543d20SAndroid Build Coastguard Worker 	printf("                                 This will override the (mls boolean) statement\n");
53*2d543d20SAndroid Build Coastguard Worker 	printf("                                 if present in the policy\n");
54*2d543d20SAndroid Build Coastguard Worker 	printf("  -P, --preserve-tunables        treat tunables as booleans\n");
55*2d543d20SAndroid Build Coastguard Worker 	printf("  -Q, --qualified-names          Allow names containing dots (qualified names).\n");
56*2d543d20SAndroid Build Coastguard Worker 	printf("                                 Blocks, blockinherits, blockabstracts, and\n");
57*2d543d20SAndroid Build Coastguard Worker 	printf("                                 in-statements will not be allowed.\n");
58*2d543d20SAndroid Build Coastguard Worker 	printf("  -v, --verbose                  increment verbosity level\n");
59*2d543d20SAndroid Build Coastguard Worker 	printf("  -h, --help                     display usage information\n");
60*2d543d20SAndroid Build Coastguard Worker 	exit(1);
61*2d543d20SAndroid Build Coastguard Worker }
62*2d543d20SAndroid Build Coastguard Worker 
main(int argc,char * argv[])63*2d543d20SAndroid Build Coastguard Worker int main(int argc, char *argv[])
64*2d543d20SAndroid Build Coastguard Worker {
65*2d543d20SAndroid Build Coastguard Worker 	int rc = SEPOL_ERR;
66*2d543d20SAndroid Build Coastguard Worker 	FILE *file = NULL;
67*2d543d20SAndroid Build Coastguard Worker 	char *buffer = NULL;
68*2d543d20SAndroid Build Coastguard Worker 	struct stat filedata;
69*2d543d20SAndroid Build Coastguard Worker 	uint32_t file_size;
70*2d543d20SAndroid Build Coastguard Worker 	char *output = NULL;
71*2d543d20SAndroid Build Coastguard Worker 	struct cil_db *db = NULL;
72*2d543d20SAndroid Build Coastguard Worker 	int mls = -1;
73*2d543d20SAndroid Build Coastguard Worker 	int preserve_tunables = 0;
74*2d543d20SAndroid Build Coastguard Worker 	int qualified_names = 0;
75*2d543d20SAndroid Build Coastguard Worker 	int opt_char;
76*2d543d20SAndroid Build Coastguard Worker 	int opt_index = 0;
77*2d543d20SAndroid Build Coastguard Worker 	enum cil_log_level log_level = CIL_ERR;
78*2d543d20SAndroid Build Coastguard Worker 	static struct option long_opts[] = {
79*2d543d20SAndroid Build Coastguard Worker 		{"help", no_argument, 0, 'h'},
80*2d543d20SAndroid Build Coastguard Worker 		{"verbose", no_argument, 0, 'v'},
81*2d543d20SAndroid Build Coastguard Worker 		{"mls", required_argument, 0, 'M'},
82*2d543d20SAndroid Build Coastguard Worker 		{"preserve-tunables", no_argument, 0, 'P'},
83*2d543d20SAndroid Build Coastguard Worker 		{"qualified-names", no_argument, 0, 'Q'},
84*2d543d20SAndroid Build Coastguard Worker 		{"output", required_argument, 0, 'o'},
85*2d543d20SAndroid Build Coastguard Worker 		{0, 0, 0, 0}
86*2d543d20SAndroid Build Coastguard Worker 	};
87*2d543d20SAndroid Build Coastguard Worker 	int i;
88*2d543d20SAndroid Build Coastguard Worker 
89*2d543d20SAndroid Build Coastguard Worker 	while (1) {
90*2d543d20SAndroid Build Coastguard Worker 		opt_char = getopt_long(argc, argv, "o:hvM:PQ", long_opts, &opt_index);
91*2d543d20SAndroid Build Coastguard Worker 		if (opt_char == -1) {
92*2d543d20SAndroid Build Coastguard Worker 			break;
93*2d543d20SAndroid Build Coastguard Worker 		}
94*2d543d20SAndroid Build Coastguard Worker 		switch (opt_char) {
95*2d543d20SAndroid Build Coastguard Worker 			case 'v':
96*2d543d20SAndroid Build Coastguard Worker 				log_level++;
97*2d543d20SAndroid Build Coastguard Worker 				break;
98*2d543d20SAndroid Build Coastguard Worker 			case 'M':
99*2d543d20SAndroid Build Coastguard Worker 				if (!strcasecmp(optarg, "true") || !strcasecmp(optarg, "1")) {
100*2d543d20SAndroid Build Coastguard Worker 					mls = 1;
101*2d543d20SAndroid Build Coastguard Worker 				} else if (!strcasecmp(optarg, "false") || !strcasecmp(optarg, "0")) {
102*2d543d20SAndroid Build Coastguard Worker 					mls = 0;
103*2d543d20SAndroid Build Coastguard Worker 				} else {
104*2d543d20SAndroid Build Coastguard Worker 					usage(argv[0]);
105*2d543d20SAndroid Build Coastguard Worker 				}
106*2d543d20SAndroid Build Coastguard Worker 				break;
107*2d543d20SAndroid Build Coastguard Worker 			case 'P':
108*2d543d20SAndroid Build Coastguard Worker 				preserve_tunables = 1;
109*2d543d20SAndroid Build Coastguard Worker 				break;
110*2d543d20SAndroid Build Coastguard Worker 			case 'Q':
111*2d543d20SAndroid Build Coastguard Worker 				qualified_names = 1;
112*2d543d20SAndroid Build Coastguard Worker 				break;
113*2d543d20SAndroid Build Coastguard Worker 			case 'o':
114*2d543d20SAndroid Build Coastguard Worker 				free(output);
115*2d543d20SAndroid Build Coastguard Worker 				output = strdup(optarg);
116*2d543d20SAndroid Build Coastguard Worker 				break;
117*2d543d20SAndroid Build Coastguard Worker 			case 'h':
118*2d543d20SAndroid Build Coastguard Worker 				usage(argv[0]);
119*2d543d20SAndroid Build Coastguard Worker 			case '?':
120*2d543d20SAndroid Build Coastguard Worker 				break;
121*2d543d20SAndroid Build Coastguard Worker 			default:
122*2d543d20SAndroid Build Coastguard Worker 					fprintf(stderr, "Unsupported option: %s\n", optarg);
123*2d543d20SAndroid Build Coastguard Worker 				usage(argv[0]);
124*2d543d20SAndroid Build Coastguard Worker 		}
125*2d543d20SAndroid Build Coastguard Worker 	}
126*2d543d20SAndroid Build Coastguard Worker 	if (optind >= argc) {
127*2d543d20SAndroid Build Coastguard Worker 		fprintf(stderr, "No cil files specified\n");
128*2d543d20SAndroid Build Coastguard Worker 		usage(argv[0]);
129*2d543d20SAndroid Build Coastguard Worker 	}
130*2d543d20SAndroid Build Coastguard Worker 
131*2d543d20SAndroid Build Coastguard Worker 	cil_set_log_level(log_level);
132*2d543d20SAndroid Build Coastguard Worker 
133*2d543d20SAndroid Build Coastguard Worker 	cil_db_init(&db);
134*2d543d20SAndroid Build Coastguard Worker 	cil_set_preserve_tunables(db, preserve_tunables);
135*2d543d20SAndroid Build Coastguard Worker 	cil_set_qualified_names(db, qualified_names);
136*2d543d20SAndroid Build Coastguard Worker 	cil_set_mls(db, mls);
137*2d543d20SAndroid Build Coastguard Worker 	cil_set_attrs_expand_generated(db, 0);
138*2d543d20SAndroid Build Coastguard Worker 	cil_set_attrs_expand_size(db, 0);
139*2d543d20SAndroid Build Coastguard Worker 
140*2d543d20SAndroid Build Coastguard Worker 	for (i = optind; i < argc; i++) {
141*2d543d20SAndroid Build Coastguard Worker 		file = fopen(argv[i], "r");
142*2d543d20SAndroid Build Coastguard Worker 		if (!file) {
143*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "Could not open file: %s\n", argv[i]);
144*2d543d20SAndroid Build Coastguard Worker 			rc = SEPOL_ERR;
145*2d543d20SAndroid Build Coastguard Worker 			goto exit;
146*2d543d20SAndroid Build Coastguard Worker 		}
147*2d543d20SAndroid Build Coastguard Worker 		rc = stat(argv[i], &filedata);
148*2d543d20SAndroid Build Coastguard Worker 		if (rc == -1) {
149*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "Could not stat file: %s\n", argv[i]);
150*2d543d20SAndroid Build Coastguard Worker 			goto exit;
151*2d543d20SAndroid Build Coastguard Worker 		}
152*2d543d20SAndroid Build Coastguard Worker 		file_size = filedata.st_size;
153*2d543d20SAndroid Build Coastguard Worker 
154*2d543d20SAndroid Build Coastguard Worker 		buffer = malloc(file_size);
155*2d543d20SAndroid Build Coastguard Worker 		if (!buffer) {
156*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "Out of memory\n");
157*2d543d20SAndroid Build Coastguard Worker 			rc = SEPOL_ERR;
158*2d543d20SAndroid Build Coastguard Worker 			goto exit;
159*2d543d20SAndroid Build Coastguard Worker 		}
160*2d543d20SAndroid Build Coastguard Worker 
161*2d543d20SAndroid Build Coastguard Worker 		rc = fread(buffer, file_size, 1, file);
162*2d543d20SAndroid Build Coastguard Worker 		if (rc != 1) {
163*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "Failure reading file: %s\n", argv[i]);
164*2d543d20SAndroid Build Coastguard Worker 			goto exit;
165*2d543d20SAndroid Build Coastguard Worker 		}
166*2d543d20SAndroid Build Coastguard Worker 		fclose(file);
167*2d543d20SAndroid Build Coastguard Worker 		file = NULL;
168*2d543d20SAndroid Build Coastguard Worker 
169*2d543d20SAndroid Build Coastguard Worker 		rc = cil_add_file(db, argv[i], buffer, file_size);
170*2d543d20SAndroid Build Coastguard Worker 		if (rc != SEPOL_OK) {
171*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "Failure adding %s\n", argv[i]);
172*2d543d20SAndroid Build Coastguard Worker 			goto exit;
173*2d543d20SAndroid Build Coastguard Worker 		}
174*2d543d20SAndroid Build Coastguard Worker 
175*2d543d20SAndroid Build Coastguard Worker 		free(buffer);
176*2d543d20SAndroid Build Coastguard Worker 		buffer = NULL;
177*2d543d20SAndroid Build Coastguard Worker 	}
178*2d543d20SAndroid Build Coastguard Worker 
179*2d543d20SAndroid Build Coastguard Worker 	rc = cil_compile(db);
180*2d543d20SAndroid Build Coastguard Worker 	if (rc != SEPOL_OK) {
181*2d543d20SAndroid Build Coastguard Worker 		fprintf(stderr, "Failed to compile cildb: %d\n", rc);
182*2d543d20SAndroid Build Coastguard Worker 		goto exit;
183*2d543d20SAndroid Build Coastguard Worker 	}
184*2d543d20SAndroid Build Coastguard Worker 
185*2d543d20SAndroid Build Coastguard Worker 	if (output == NULL) {
186*2d543d20SAndroid Build Coastguard Worker 		file = fopen("policy.conf", "w");
187*2d543d20SAndroid Build Coastguard Worker 	} else {
188*2d543d20SAndroid Build Coastguard Worker 		file = fopen(output, "w");
189*2d543d20SAndroid Build Coastguard Worker 	}
190*2d543d20SAndroid Build Coastguard Worker 	if (file == NULL) {
191*2d543d20SAndroid Build Coastguard Worker 		fprintf(stderr, "Failure opening policy.conf file for writing\n");
192*2d543d20SAndroid Build Coastguard Worker 		rc = SEPOL_ERR;
193*2d543d20SAndroid Build Coastguard Worker 		goto exit;
194*2d543d20SAndroid Build Coastguard Worker 	}
195*2d543d20SAndroid Build Coastguard Worker 
196*2d543d20SAndroid Build Coastguard Worker 	cil_write_policy_conf(file, db);
197*2d543d20SAndroid Build Coastguard Worker 
198*2d543d20SAndroid Build Coastguard Worker 	fclose(file);
199*2d543d20SAndroid Build Coastguard Worker 	file = NULL;
200*2d543d20SAndroid Build Coastguard Worker 	rc = SEPOL_OK;
201*2d543d20SAndroid Build Coastguard Worker 
202*2d543d20SAndroid Build Coastguard Worker exit:
203*2d543d20SAndroid Build Coastguard Worker 	if (file != NULL) {
204*2d543d20SAndroid Build Coastguard Worker 		fclose(file);
205*2d543d20SAndroid Build Coastguard Worker 	}
206*2d543d20SAndroid Build Coastguard Worker 	free(buffer);
207*2d543d20SAndroid Build Coastguard Worker 	free(output);
208*2d543d20SAndroid Build Coastguard Worker 	cil_db_destroy(&db);
209*2d543d20SAndroid Build Coastguard Worker 	return rc;
210*2d543d20SAndroid Build Coastguard Worker }
211