aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rw-r--r--scripts/Kbuild.include4
-rw-r--r--scripts/Makefile3
-rwxr-xr-xscripts/checkstack.pl5
-rw-r--r--scripts/kconfig/conf.c123
-rw-r--r--scripts/kconfig/confdata.c8
-rwxr-xr-xscripts/kernel-doc4
-rw-r--r--scripts/mod/modpost.c6
-rw-r--r--scripts/selinux/Makefile2
-rw-r--r--scripts/selinux/README2
-rw-r--r--scripts/selinux/install_policy.sh69
-rw-r--r--scripts/selinux/mdp/.gitignore2
-rw-r--r--scripts/selinux/mdp/Makefile5
-rw-r--r--scripts/selinux/mdp/dbus_contexts6
-rw-r--r--scripts/selinux/mdp/mdp.c242
14 files changed, 407 insertions, 74 deletions
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
index d64e6badc942..982dcae7bbe2 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
@@ -105,12 +105,12 @@ as-instr = $(call try-run,\
105# Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586) 105# Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)
106 106
107cc-option = $(call try-run,\ 107cc-option = $(call try-run,\
108 $(CC) $(KBUILD_CFLAGS) $(1) -S -xc /dev/null -o "$$TMP",$(1),$(2)) 108 $(CC) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",$(1),$(2))
109 109
110# cc-option-yn 110# cc-option-yn
111# Usage: flag := $(call cc-option-yn,-march=winchip-c6) 111# Usage: flag := $(call cc-option-yn,-march=winchip-c6)
112cc-option-yn = $(call try-run,\ 112cc-option-yn = $(call try-run,\
113 $(CC) $(KBUILD_CFLAGS) $(1) -S -xc /dev/null -o "$$TMP",y,n) 113 $(CC) $(KBUILD_CFLAGS) $(1) -c -xc /dev/null -o "$$TMP",y,n)
114 114
115# cc-option-align 115# cc-option-align
116# Prefix align with either -falign or -malign 116# Prefix align with either -falign or -malign
diff --git a/scripts/Makefile b/scripts/Makefile
index 1c73c5aea66b..aafdf064feef 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -20,6 +20,7 @@ hostprogs-y += unifdef
20 20
21subdir-$(CONFIG_MODVERSIONS) += genksyms 21subdir-$(CONFIG_MODVERSIONS) += genksyms
22subdir-y += mod 22subdir-y += mod
23subdir-$(CONFIG_SECURITY_SELINUX) += selinux
23 24
24# Let clean descend into subdirs 25# Let clean descend into subdirs
25subdir- += basic kconfig package 26subdir- += basic kconfig package selinux
diff --git a/scripts/checkstack.pl b/scripts/checkstack.pl
index 3eca62566d6b..f7e8e93ff30d 100755
--- a/scripts/checkstack.pl
+++ b/scripts/checkstack.pl
@@ -81,7 +81,10 @@ my (@stack, $re, $dre, $x, $xs);
81 $re = qr/.*st[dw]u.*r1,-($x{1,8})\(r1\)/o; 81 $re = qr/.*st[dw]u.*r1,-($x{1,8})\(r1\)/o;
82 } elsif ($arch =~ /^s390x?$/) { 82 } elsif ($arch =~ /^s390x?$/) {
83 # 11160: a7 fb ff 60 aghi %r15,-160 83 # 11160: a7 fb ff 60 aghi %r15,-160
84 $re = qr/.*ag?hi.*\%r15,-(([0-9]{2}|[3-9])[0-9]{2})/o; 84 # or
85 # 100092: e3 f0 ff c8 ff 71 lay %r15,-56(%r15)
86 $re = qr/.*(?:lay|ag?hi).*\%r15,-(([0-9]{2}|[3-9])[0-9]{2})
87 (?:\(\%r15\))?$/ox;
85 } elsif ($arch =~ /^sh64$/) { 88 } elsif ($arch =~ /^sh64$/) {
86 #XXX: we only check for the immediate case presently, 89 #XXX: we only check for the immediate case presently,
87 # though we will want to check for the movi/sub 90 # though we will want to check for the movi/sub
diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
index 36b5eedcdc75..3e1057f885c6 100644
--- a/scripts/kconfig/conf.c
+++ b/scripts/kconfig/conf.c
@@ -32,6 +32,7 @@ char *defconfig_file;
32 32
33static int indent = 1; 33static int indent = 1;
34static int valid_stdin = 1; 34static int valid_stdin = 1;
35static int sync_kconfig;
35static int conf_cnt; 36static int conf_cnt;
36static char line[128]; 37static char line[128];
37static struct menu *rootEntry; 38static struct menu *rootEntry;
@@ -65,7 +66,7 @@ static void strip(char *str)
65 66
66static void check_stdin(void) 67static void check_stdin(void)
67{ 68{
68 if (!valid_stdin && input_mode == ask_silent) { 69 if (!valid_stdin) {
69 printf(_("aborted!\n\n")); 70 printf(_("aborted!\n\n"));
70 printf(_("Console input/output is redirected. ")); 71 printf(_("Console input/output is redirected. "));
71 printf(_("Run 'make oldconfig' to update configuration.\n\n")); 72 printf(_("Run 'make oldconfig' to update configuration.\n\n"));
@@ -427,43 +428,6 @@ static void check_conf(struct menu *menu)
427 check_conf(child); 428 check_conf(child);
428} 429}
429 430
430static void conf_do_update(void)
431{
432 /* Update until a loop caused no more changes */
433 do {
434 conf_cnt = 0;
435 check_conf(&rootmenu);
436 } while (conf_cnt);
437}
438
439static int conf_silent_update(void)
440{
441 const char *name;
442
443 if (conf_get_changed()) {
444 name = getenv("KCONFIG_NOSILENTUPDATE");
445 if (name && *name) {
446 fprintf(stderr,
447 _("\n*** Kernel configuration requires explicit update.\n\n"));
448 return 1;
449 }
450 conf_do_update();
451 }
452 return 0;
453}
454
455static int conf_update(void)
456{
457 rootEntry = &rootmenu;
458 conf(&rootmenu);
459 if (input_mode == ask_all) {
460 input_mode = ask_silent;
461 valid_stdin = 1;
462 }
463 conf_do_update();
464 return 0;
465}
466
467int main(int ac, char **av) 431int main(int ac, char **av)
468{ 432{
469 int opt; 433 int opt;
@@ -477,11 +441,11 @@ int main(int ac, char **av)
477 while ((opt = getopt(ac, av, "osdD:nmyrh")) != -1) { 441 while ((opt = getopt(ac, av, "osdD:nmyrh")) != -1) {
478 switch (opt) { 442 switch (opt) {
479 case 'o': 443 case 'o':
480 input_mode = ask_new; 444 input_mode = ask_silent;
481 break; 445 break;
482 case 's': 446 case 's':
483 input_mode = ask_silent; 447 input_mode = ask_silent;
484 valid_stdin = isatty(0) && isatty(1) && isatty(2); 448 sync_kconfig = 1;
485 break; 449 break;
486 case 'd': 450 case 'd':
487 input_mode = set_default; 451 input_mode = set_default;
@@ -519,6 +483,19 @@ int main(int ac, char **av)
519 name = av[optind]; 483 name = av[optind];
520 conf_parse(name); 484 conf_parse(name);
521 //zconfdump(stdout); 485 //zconfdump(stdout);
486 if (sync_kconfig) {
487 if (stat(".config", &tmpstat)) {
488 fprintf(stderr, _("***\n"
489 "*** You have not yet configured your kernel!\n"
490 "*** (missing kernel .config file)\n"
491 "***\n"
492 "*** Please run some configurator (e.g. \"make oldconfig\" or\n"
493 "*** \"make menuconfig\" or \"make xconfig\").\n"
494 "***\n"));
495 exit(1);
496 }
497 }
498
522 switch (input_mode) { 499 switch (input_mode) {
523 case set_default: 500 case set_default:
524 if (!defconfig_file) 501 if (!defconfig_file)
@@ -531,16 +508,6 @@ int main(int ac, char **av)
531 } 508 }
532 break; 509 break;
533 case ask_silent: 510 case ask_silent:
534 if (stat(".config", &tmpstat)) {
535 printf(_("***\n"
536 "*** You have not yet configured your kernel!\n"
537 "*** (missing kernel .config file)\n"
538 "***\n"
539 "*** Please run some configurator (e.g. \"make oldconfig\" or\n"
540 "*** \"make menuconfig\" or \"make xconfig\").\n"
541 "***\n"));
542 exit(1);
543 }
544 case ask_all: 511 case ask_all:
545 case ask_new: 512 case ask_new:
546 conf_read(NULL); 513 conf_read(NULL);
@@ -569,6 +536,19 @@ int main(int ac, char **av)
569 default: 536 default:
570 break; 537 break;
571 } 538 }
539
540 if (sync_kconfig) {
541 if (conf_get_changed()) {
542 name = getenv("KCONFIG_NOSILENTUPDATE");
543 if (name && *name) {
544 fprintf(stderr,
545 _("\n*** Kernel configuration requires explicit update.\n\n"));
546 return 1;
547 }
548 }
549 valid_stdin = isatty(0) && isatty(1) && isatty(2);
550 }
551
572 switch (input_mode) { 552 switch (input_mode) {
573 case set_no: 553 case set_no:
574 conf_set_all_new_symbols(def_no); 554 conf_set_all_new_symbols(def_no);
@@ -585,27 +565,38 @@ int main(int ac, char **av)
585 case set_default: 565 case set_default:
586 conf_set_all_new_symbols(def_default); 566 conf_set_all_new_symbols(def_default);
587 break; 567 break;
588 case ask_silent:
589 case ask_new: 568 case ask_new:
590 if (conf_silent_update())
591 exit(1);
592 break;
593 case ask_all: 569 case ask_all:
594 if (conf_update()) 570 rootEntry = &rootmenu;
595 exit(1); 571 conf(&rootmenu);
572 input_mode = ask_silent;
573 /* fall through */
574 case ask_silent:
575 /* Update until a loop caused no more changes */
576 do {
577 conf_cnt = 0;
578 check_conf(&rootmenu);
579 } while (conf_cnt);
596 break; 580 break;
597 } 581 }
598 582
599 if (conf_write(NULL)) { 583 if (sync_kconfig) {
600 fprintf(stderr, _("\n*** Error during writing of the kernel configuration.\n\n")); 584 /* silentoldconfig is used during the build so we shall update autoconf.
601 exit(1); 585 * All other commands are only used to generate a config.
602 } 586 */
603 /* ask_silent is used during the build so we shall update autoconf. 587 if (conf_get_changed() && conf_write(NULL)) {
604 * All other commands are only used to generate a config. 588 fprintf(stderr, _("\n*** Error during writing of the kernel configuration.\n\n"));
605 */ 589 exit(1);
606 if (input_mode == ask_silent && conf_write_autoconf()) { 590 }
607 fprintf(stderr, _("\n*** Error during writing of the kernel configuration.\n\n")); 591 if (conf_write_autoconf()) {
608 return 1; 592 fprintf(stderr, _("\n*** Error during update of the kernel configuration.\n\n"));
593 return 1;
594 }
595 } else {
596 if (conf_write(NULL)) {
597 fprintf(stderr, _("\n*** Error during writing of the kernel configuration.\n\n"));
598 exit(1);
599 }
609 } 600 }
610 return 0; 601 return 0;
611} 602}
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index df6a188b9930..b91cf241a539 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -222,8 +222,10 @@ load:
222 continue; 222 continue;
223 if (def == S_DEF_USER) { 223 if (def == S_DEF_USER) {
224 sym = sym_find(line + 9); 224 sym = sym_find(line + 9);
225 if (!sym) 225 if (!sym) {
226 sym_add_change_count(1);
226 break; 227 break;
228 }
227 } else { 229 } else {
228 sym = sym_lookup(line + 9, 0); 230 sym = sym_lookup(line + 9, 0);
229 if (sym->type == S_UNKNOWN) 231 if (sym->type == S_UNKNOWN)
@@ -259,8 +261,10 @@ load:
259 } 261 }
260 if (def == S_DEF_USER) { 262 if (def == S_DEF_USER) {
261 sym = sym_find(line + 7); 263 sym = sym_find(line + 7);
262 if (!sym) 264 if (!sym) {
265 sym_add_change_count(1);
263 break; 266 break;
267 }
264 } else { 268 } else {
265 sym = sym_lookup(line + 7, 0); 269 sym = sym_lookup(line + 7, 0);
266 if (sym->type == S_UNKNOWN) 270 if (sym->type == S_UNKNOWN)
diff --git a/scripts/kernel-doc b/scripts/kernel-doc
index ff787e6ff8ed..44ee94d2ab76 100755
--- a/scripts/kernel-doc
+++ b/scripts/kernel-doc
@@ -781,6 +781,7 @@ sub output_struct_xml(%) {
781 print " <refsect1>\n"; 781 print " <refsect1>\n";
782 print " <title>Members</title>\n"; 782 print " <title>Members</title>\n";
783 783
784 if ($#{$args{'parameterlist'}} >= 0) {
784 print " <variablelist>\n"; 785 print " <variablelist>\n";
785 foreach $parameter (@{$args{'parameterlist'}}) { 786 foreach $parameter (@{$args{'parameterlist'}}) {
786 ($parameter =~ /^#/) && next; 787 ($parameter =~ /^#/) && next;
@@ -798,6 +799,9 @@ sub output_struct_xml(%) {
798 print " </varlistentry>\n"; 799 print " </varlistentry>\n";
799 } 800 }
800 print " </variablelist>\n"; 801 print " </variablelist>\n";
802 } else {
803 print " <para>\n None\n </para>\n";
804 }
801 print " </refsect1>\n"; 805 print " </refsect1>\n";
802 806
803 output_section_xml(@_); 807 output_section_xml(@_);
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 418cd7dbbc93..8e0de6a5e18a 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1986,11 +1986,13 @@ static void read_markers(const char *fname)
1986 1986
1987 mod = find_module(modname); 1987 mod = find_module(modname);
1988 if (!mod) { 1988 if (!mod) {
1989 if (is_vmlinux(modname))
1990 have_vmlinux = 1;
1991 mod = new_module(NOFAIL(strdup(modname))); 1989 mod = new_module(NOFAIL(strdup(modname)));
1992 mod->skip = 1; 1990 mod->skip = 1;
1993 } 1991 }
1992 if (is_vmlinux(modname)) {
1993 have_vmlinux = 1;
1994 mod->skip = 0;
1995 }
1994 1996
1995 if (!mod->skip) 1997 if (!mod->skip)
1996 add_marker(mod, marker, fmt); 1998 add_marker(mod, marker, fmt);
diff --git a/scripts/selinux/Makefile b/scripts/selinux/Makefile
new file mode 100644
index 000000000000..ca4b1ec01822
--- /dev/null
+++ b/scripts/selinux/Makefile
@@ -0,0 +1,2 @@
1subdir-y := mdp
2subdir- += mdp
diff --git a/scripts/selinux/README b/scripts/selinux/README
new file mode 100644
index 000000000000..a936315ba2c8
--- /dev/null
+++ b/scripts/selinux/README
@@ -0,0 +1,2 @@
1Please see Documentation/SELinux.txt for information on
2installing a dummy SELinux policy.
diff --git a/scripts/selinux/install_policy.sh b/scripts/selinux/install_policy.sh
new file mode 100644
index 000000000000..7b9ccf61f8f9
--- /dev/null
+++ b/scripts/selinux/install_policy.sh
@@ -0,0 +1,69 @@
1#!/bin/sh
2if [ `id -u` -ne 0 ]; then
3 echo "$0: must be root to install the selinux policy"
4 exit 1
5fi
6SF=`which setfiles`
7if [ $? -eq 1 ]; then
8 if [ -f /sbin/setfiles ]; then
9 SF="/usr/setfiles"
10 else
11 echo "no selinux tools installed: setfiles"
12 exit 1
13 fi
14fi
15
16cd mdp
17
18CP=`which checkpolicy`
19VERS=`$CP -V | awk '{print $1}'`
20
21./mdp policy.conf file_contexts
22$CP -o policy.$VERS policy.conf
23
24mkdir -p /etc/selinux/dummy/policy
25mkdir -p /etc/selinux/dummy/contexts/files
26
27cp file_contexts /etc/selinux/dummy/contexts/files
28cp dbus_contexts /etc/selinux/dummy/contexts
29cp policy.$VERS /etc/selinux/dummy/policy
30FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
31
32if [ ! -d /etc/selinux ]; then
33 mkdir -p /etc/selinux
34fi
35if [ ! -f /etc/selinux/config ]; then
36 cat > /etc/selinux/config << EOF
37SELINUX=enforcing
38SELINUXTYPE=dummy
39EOF
40else
41 TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}`
42 if [ "eq$TYPE" != "eqdummy" ]; then
43 selinuxenabled
44 if [ $? -eq 0 ]; then
45 echo "SELinux already enabled with a non-dummy policy."
46 echo "Exiting. Please install policy by hand if that"
47 echo "is what you REALLY want."
48 exit 1
49 fi
50 mv /etc/selinux/config /etc/selinux/config.mdpbak
51 grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config
52 echo "SELINUXTYPE=dummy" >> /etc/selinux/config
53 fi
54fi
55
56cd /etc/selinux/dummy/contexts/files
57$SF file_contexts /
58
59mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}`
60$SF file_contexts $mounts
61
62
63dodev=`cat /proc/$$/mounts | grep "/dev "`
64if [ "eq$dodev" != "eq" ]; then
65 mount --move /dev /mnt
66 $SF file_contexts /dev
67 mount --move /mnt /dev
68fi
69
diff --git a/scripts/selinux/mdp/.gitignore b/scripts/selinux/mdp/.gitignore
new file mode 100644
index 000000000000..654546d8dffd
--- /dev/null
+++ b/scripts/selinux/mdp/.gitignore
@@ -0,0 +1,2 @@
1# Generated file
2mdp
diff --git a/scripts/selinux/mdp/Makefile b/scripts/selinux/mdp/Makefile
new file mode 100644
index 000000000000..eb365b333441
--- /dev/null
+++ b/scripts/selinux/mdp/Makefile
@@ -0,0 +1,5 @@
1hostprogs-y := mdp
2HOST_EXTRACFLAGS += -Isecurity/selinux/include
3
4always := $(hostprogs-y)
5clean-files := $(hostprogs-y) policy.* file_contexts
diff --git a/scripts/selinux/mdp/dbus_contexts b/scripts/selinux/mdp/dbus_contexts
new file mode 100644
index 000000000000..116e684f9fc1
--- /dev/null
+++ b/scripts/selinux/mdp/dbus_contexts
@@ -0,0 +1,6 @@
1<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
2 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
3<busconfig>
4 <selinux>
5 </selinux>
6</busconfig>
diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
new file mode 100644
index 000000000000..ca757d486187
--- /dev/null
+++ b/scripts/selinux/mdp/mdp.c
@@ -0,0 +1,242 @@
1/*
2 *
3 * mdp - make dummy policy
4 *
5 * When pointed at a kernel tree, builds a dummy policy for that kernel
6 * with exactly one type with full rights to itself.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 *
22 * Copyright (C) IBM Corporation, 2006
23 *
24 * Authors: Serge E. Hallyn <serue@us.ibm.com>
25 */
26
27#include <stdio.h>
28#include <stdlib.h>
29#include <unistd.h>
30#include <string.h>
31
32#include "flask.h"
33
34void usage(char *name)
35{
36 printf("usage: %s [-m] policy_file context_file\n", name);
37 exit(1);
38}
39
40void find_common_name(char *cname, char *dest, int len)
41{
42 char *start, *end;
43
44 start = strchr(cname, '_')+1;
45 end = strchr(start, '_');
46 if (!start || !end || start-cname > len || end-start > len) {
47 printf("Error with commons defines\n");
48 exit(1);
49 }
50 strncpy(dest, start, end-start);
51 dest[end-start] = '\0';
52}
53
54#define S_(x) x,
55static char *classlist[] = {
56#include "class_to_string.h"
57 NULL
58};
59#undef S_
60
61#include "initial_sid_to_string.h"
62
63#define TB_(x) char *x[] = {
64#define TE_(x) NULL };
65#define S_(x) x,
66#include "common_perm_to_string.h"
67#undef TB_
68#undef TE_
69#undef S_
70
71struct common {
72 char *cname;
73 char **perms;
74};
75struct common common[] = {
76#define TB_(x) { #x, x },
77#define S_(x)
78#define TE_(x)
79#include "common_perm_to_string.h"
80#undef TB_
81#undef TE_
82#undef S_
83};
84
85#define S_(x, y, z) {x, #y},
86struct av_inherit {
87 int class;
88 char *common;
89};
90struct av_inherit av_inherit[] = {
91#include "av_inherit.h"
92};
93#undef S_
94
95#include "av_permissions.h"
96#define S_(x, y, z) {x, y, z},
97struct av_perms {
98 int class;
99 int perm_i;
100 char *perm_s;
101};
102struct av_perms av_perms[] = {
103#include "av_perm_to_string.h"
104};
105#undef S_
106
107int main(int argc, char *argv[])
108{
109 int i, j, mls = 0;
110 char **arg, *polout, *ctxout;
111 int classlist_len, initial_sid_to_string_len;
112 FILE *fout;
113
114 if (argc < 3)
115 usage(argv[0]);
116 arg = argv+1;
117 if (argc==4 && strcmp(argv[1], "-m") == 0) {
118 mls = 1;
119 arg++;
120 }
121 polout = *arg++;
122 ctxout = *arg;
123
124 fout = fopen(polout, "w");
125 if (!fout) {
126 printf("Could not open %s for writing\n", polout);
127 usage(argv[0]);
128 }
129
130 classlist_len = sizeof(classlist) / sizeof(char *);
131 /* print out the classes */
132 for (i=1; i < classlist_len; i++) {
133 if(classlist[i])
134 fprintf(fout, "class %s\n", classlist[i]);
135 else
136 fprintf(fout, "class user%d\n", i);
137 }
138 fprintf(fout, "\n");
139
140 initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *);
141 /* print out the sids */
142 for (i=1; i < initial_sid_to_string_len; i++)
143 fprintf(fout, "sid %s\n", initial_sid_to_string[i]);
144 fprintf(fout, "\n");
145
146 /* print out the commons */
147 for (i=0; i< sizeof(common)/sizeof(struct common); i++) {
148 char cname[101];
149 find_common_name(common[i].cname, cname, 100);
150 cname[100] = '\0';
151 fprintf(fout, "common %s\n{\n", cname);
152 for (j=0; common[i].perms[j]; j++)
153 fprintf(fout, "\t%s\n", common[i].perms[j]);
154 fprintf(fout, "}\n\n");
155 }
156 fprintf(fout, "\n");
157
158 /* print out the class permissions */
159 for (i=1; i < classlist_len; i++) {
160 if (classlist[i]) {
161 int firstperm = -1, numperms = 0;
162
163 fprintf(fout, "class %s\n", classlist[i]);
164 /* does it inherit from a common? */
165 for (j=0; j < sizeof(av_inherit)/sizeof(struct av_inherit); j++)
166 if (av_inherit[j].class == i)
167 fprintf(fout, "inherits %s\n", av_inherit[j].common);
168
169 for (j=0; j < sizeof(av_perms)/sizeof(struct av_perms); j++) {
170 if (av_perms[j].class == i) {
171 if (firstperm == -1)
172 firstperm = j;
173 numperms++;
174 }
175 }
176 if (!numperms) {
177 fprintf(fout, "\n");
178 continue;
179 }
180
181 fprintf(fout, "{\n");
182 /* print out the av_perms */
183 for (j=0; j < numperms; j++) {
184 fprintf(fout, "\t%s\n", av_perms[firstperm+j].perm_s);
185 }
186 fprintf(fout, "}\n\n");
187 }
188 }
189 fprintf(fout, "\n");
190
191 /* NOW PRINT OUT MLS STUFF */
192 if (mls) {
193 printf("MLS not yet implemented\n");
194 exit(1);
195 }
196
197 /* types, roles, and allows */
198 fprintf(fout, "type base_t;\n");
199 fprintf(fout, "role base_r types { base_t };\n");
200 for (i=1; i < classlist_len; i++) {
201 if (classlist[i])
202 fprintf(fout, "allow base_t base_t:%s *;\n", classlist[i]);
203 else
204 fprintf(fout, "allow base_t base_t:user%d *;\n", i);
205 }
206 fprintf(fout, "user user_u roles { base_r };\n");
207 fprintf(fout, "\n");
208
209 /* default sids */
210 for (i=1; i < initial_sid_to_string_len; i++)
211 fprintf(fout, "sid %s user_u:base_r:base_t\n", initial_sid_to_string[i]);
212 fprintf(fout, "\n");
213
214
215 fprintf(fout, "fs_use_xattr ext2 user_u:base_r:base_t;\n");
216 fprintf(fout, "fs_use_xattr ext3 user_u:base_r:base_t;\n");
217 fprintf(fout, "fs_use_xattr jfs user_u:base_r:base_t;\n");
218 fprintf(fout, "fs_use_xattr xfs user_u:base_r:base_t;\n");
219 fprintf(fout, "fs_use_xattr reiserfs user_u:base_r:base_t;\n");
220
221 fprintf(fout, "fs_use_task pipefs user_u:base_r:base_t;\n");
222 fprintf(fout, "fs_use_task sockfs user_u:base_r:base_t;\n");
223
224 fprintf(fout, "fs_use_trans devpts user_u:base_r:base_t;\n");
225 fprintf(fout, "fs_use_trans tmpfs user_u:base_r:base_t;\n");
226 fprintf(fout, "fs_use_trans shm user_u:base_r:base_t;\n");
227
228 fprintf(fout, "genfscon proc / user_u:base_r:base_t\n");
229
230 fclose(fout);
231
232 fout = fopen(ctxout, "w");
233 if (!fout) {
234 printf("Wrote policy, but cannot open %s for writing\n", ctxout);
235 usage(argv[0]);
236 }
237 fprintf(fout, "/ user_u:base_r:base_t\n");
238 fprintf(fout, "/.* user_u:base_r:base_t\n");
239 fclose(fout);
240
241 return 0;
242}