diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2009-09-30 13:41:02 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-07 06:56:44 -0400 |
commit | 8753f6bec352392b52ed9b5e290afb34379f4612 (patch) | |
tree | b5f381be9f56125309bfbfcaa73d68e08c309747 /scripts/selinux/genheaders | |
parent | c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c (diff) |
selinux: generate flask headers during kernel build
Add a simple utility (scripts/selinux/genheaders) and invoke it to
generate the kernel-private class and permission indices in flask.h
and av_permissions.h automatically during the kernel build from the
security class mapping definitions in classmap.h. Adding new kernel
classes and permissions can then be done just by adding them to classmap.h.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'scripts/selinux/genheaders')
-rw-r--r-- | scripts/selinux/genheaders/Makefile | 5 | ||||
-rw-r--r-- | scripts/selinux/genheaders/genheaders.c | 118 |
2 files changed, 123 insertions, 0 deletions
diff --git a/scripts/selinux/genheaders/Makefile b/scripts/selinux/genheaders/Makefile new file mode 100644 index 000000000000..417b165008ee --- /dev/null +++ b/scripts/selinux/genheaders/Makefile | |||
@@ -0,0 +1,5 @@ | |||
1 | hostprogs-y := genheaders | ||
2 | HOST_EXTRACFLAGS += -Isecurity/selinux/include | ||
3 | |||
4 | always := $(hostprogs-y) | ||
5 | clean-files := $(hostprogs-y) | ||
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c new file mode 100644 index 000000000000..3b16145dabe3 --- /dev/null +++ b/scripts/selinux/genheaders/genheaders.c | |||
@@ -0,0 +1,118 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <stdlib.h> | ||
3 | #include <unistd.h> | ||
4 | #include <string.h> | ||
5 | #include <errno.h> | ||
6 | #include <ctype.h> | ||
7 | |||
8 | struct security_class_mapping { | ||
9 | const char *name; | ||
10 | const char *perms[sizeof(unsigned) * 8 + 1]; | ||
11 | }; | ||
12 | |||
13 | #include "classmap.h" | ||
14 | #include "initial_sid_to_string.h" | ||
15 | |||
16 | #define max(x, y) ((x > y) ? x : y) | ||
17 | |||
18 | const char *progname; | ||
19 | |||
20 | void usage(void) | ||
21 | { | ||
22 | printf("usage: %s flask.h av_permissions.h\n", progname); | ||
23 | exit(1); | ||
24 | } | ||
25 | |||
26 | char *stoupperx(const char *s) | ||
27 | { | ||
28 | char *s2 = strdup(s); | ||
29 | char *p; | ||
30 | |||
31 | if (!s2) { | ||
32 | fprintf(stderr, "%s: out of memory\n", progname); | ||
33 | exit(3); | ||
34 | } | ||
35 | |||
36 | for (p = s2; *p; p++) | ||
37 | *p = toupper(*p); | ||
38 | return s2; | ||
39 | } | ||
40 | |||
41 | int main(int argc, char *argv[]) | ||
42 | { | ||
43 | int i, j, k; | ||
44 | int isids_len; | ||
45 | FILE *fout; | ||
46 | |||
47 | progname = argv[0]; | ||
48 | |||
49 | if (argc < 3) | ||
50 | usage(); | ||
51 | |||
52 | fout = fopen(argv[1], "w"); | ||
53 | if (!fout) { | ||
54 | fprintf(stderr, "Could not open %s for writing: %s\n", | ||
55 | argv[1], strerror(errno)); | ||
56 | exit(2); | ||
57 | } | ||
58 | |||
59 | for (i = 0; secclass_map[i].name; i++) { | ||
60 | struct security_class_mapping *map = &secclass_map[i]; | ||
61 | map->name = stoupperx(map->name); | ||
62 | for (j = 0; map->perms[j]; j++) | ||
63 | map->perms[j] = stoupperx(map->perms[j]); | ||
64 | } | ||
65 | |||
66 | isids_len = sizeof(initial_sid_to_string) / sizeof (char *); | ||
67 | for (i = 1; i < isids_len; i++) | ||
68 | initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]); | ||
69 | |||
70 | fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); | ||
71 | fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); | ||
72 | |||
73 | for (i = 0; secclass_map[i].name; i++) { | ||
74 | struct security_class_mapping *map = &secclass_map[i]; | ||
75 | fprintf(fout, "#define SECCLASS_%s", map->name); | ||
76 | for (j = 0; j < max(1, 40 - strlen(map->name)); j++) | ||
77 | fprintf(fout, " "); | ||
78 | fprintf(fout, "%2d\n", i+1); | ||
79 | } | ||
80 | |||
81 | fprintf(fout, "\n"); | ||
82 | |||
83 | for (i = 1; i < isids_len; i++) { | ||
84 | char *s = initial_sid_to_string[i]; | ||
85 | fprintf(fout, "#define SECINITSID_%s", s); | ||
86 | for (j = 0; j < max(1, 40 - strlen(s)); j++) | ||
87 | fprintf(fout, " "); | ||
88 | fprintf(fout, "%2d\n", i); | ||
89 | } | ||
90 | fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); | ||
91 | fprintf(fout, "\n#endif\n"); | ||
92 | fclose(fout); | ||
93 | |||
94 | fout = fopen(argv[2], "w"); | ||
95 | if (!fout) { | ||
96 | fprintf(stderr, "Could not open %s for writing: %s\n", | ||
97 | argv[2], strerror(errno)); | ||
98 | exit(4); | ||
99 | } | ||
100 | |||
101 | fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); | ||
102 | fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n"); | ||
103 | |||
104 | for (i = 0; secclass_map[i].name; i++) { | ||
105 | struct security_class_mapping *map = &secclass_map[i]; | ||
106 | for (j = 0; map->perms[j]; j++) { | ||
107 | fprintf(fout, "#define %s__%s", map->name, | ||
108 | map->perms[j]); | ||
109 | for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) | ||
110 | fprintf(fout, " "); | ||
111 | fprintf(fout, "0x%08xUL\n", (1<<j)); | ||
112 | } | ||
113 | } | ||
114 | |||
115 | fprintf(fout, "\n#endif\n"); | ||
116 | fclose(fout); | ||
117 | exit(0); | ||
118 | } | ||