Magisk/native/jni/magiskpolicy/magiskpolicy.cpp

122 lines
2.9 KiB
C++
Raw Normal View History

2018-11-08 10:20:16 +01:00
#include <stdio.h>
#include <limits.h>
2019-07-01 04:09:31 +02:00
#include <logging.h>
2019-02-10 09:57:51 +01:00
#include <utils.h>
#include <flags.h>
2019-12-09 10:14:30 +01:00
#include <magiskpolicy.h>
2019-02-10 09:57:51 +01:00
2018-11-08 10:20:16 +01:00
#include "sepolicy.h"
2019-12-09 10:14:30 +01:00
using namespace std::literals;
2018-11-08 10:20:16 +01:00
[[noreturn]] static void usage(char *arg0) {
fprintf(stderr,
2019-12-09 10:14:30 +01:00
FULL_VER(MagiskPolicy) R"EOF(
Usage: %s [--options...] [policy statements...]
Options:
--help show help message for policy statements
--load FILE load policies from FILE
--load-split load from precompiled sepolicy or compile
split policies
--compile-split compile split cil policies
--save FILE save policies to FILE
--live directly apply sepolicy live
--magisk inject built-in rules for a minimal
Magisk selinux environment
--apply FILE apply rules from FILE, read and parsed
line by line as policy statements
If neither --load or --compile-split is specified, it will load
from current live policies (/sys/fs/selinux/policy)
)EOF", arg0);
2018-11-08 10:20:16 +01:00
exit(1);
}
int magiskpolicy_main(int argc, char *argv[]) {
2018-11-08 12:43:11 +01:00
cmdline_logging();
2019-12-09 10:14:30 +01:00
const char *out_file = nullptr;
const char *rule_file = nullptr;
bool magisk = false;
bool live = false;
2018-11-08 10:20:16 +01:00
if (argc < 2) usage(argv[0]);
int i = 1;
for (; i < argc; ++i) {
// Parse options
if (argv[i][0] == '-' && argv[i][1] == '-') {
2019-12-09 10:14:30 +01:00
auto option = argv[i] + 2;
if (option == "live"sv)
2018-11-08 10:20:16 +01:00
live = true;
2019-12-09 10:14:30 +01:00
else if (option == "magisk"sv)
2018-11-08 10:20:16 +01:00
magisk = true;
2019-12-09 10:14:30 +01:00
else if (option == "load"sv) {
2018-11-08 10:20:16 +01:00
if (argv[i + 1] == nullptr)
usage(argv[0]);
if (load_policydb(argv[i + 1])) {
fprintf(stderr, "Cannot load policy from %s\n", argv[i + 1]);
return 1;
}
++i;
2019-12-09 10:14:30 +01:00
} else if (option == "load-split"sv) {
if (load_split_cil()) {
fprintf(stderr, "Cannot load split cil\n");
return 1;
}
2019-12-09 10:14:30 +01:00
} else if (option == "compile-split"sv) {
2018-11-08 10:20:16 +01:00
if (compile_split_cil()) {
fprintf(stderr, "Cannot compile split cil\n");
return 1;
}
2019-12-09 10:14:30 +01:00
} else if (option == "save"sv) {
if (argv[i + 1] == nullptr)
usage(argv[0]);
out_file = argv[i + 1];
++i;
} else if (option == "apply"sv) {
2018-11-08 10:20:16 +01:00
if (argv[i + 1] == nullptr)
usage(argv[0]);
2019-12-09 10:14:30 +01:00
rule_file = argv[i + 1];
2018-11-08 10:20:16 +01:00
++i;
2019-12-09 10:14:30 +01:00
} else if (option == "help"sv) {
statement_help();
2018-11-08 10:20:16 +01:00
} else {
usage(argv[0]);
}
} else {
break;
}
}
// Use current policy if nothing is loaded
2019-11-19 11:20:18 +01:00
if (magisk_policydb == nullptr && load_policydb(SELINUX_POLICY)) {
2018-11-08 10:20:16 +01:00
fprintf(stderr, "Cannot load policy from " SELINUX_POLICY "\n");
return 1;
}
if (magisk)
sepol_magisk_rules();
2019-12-09 10:14:30 +01:00
if (rule_file)
load_rule_file(rule_file);
for (; i < argc; ++i)
parse_statement(argv[i]);
2018-11-08 10:20:16 +01:00
if (live && dump_policydb(SELINUX_LOAD)) {
fprintf(stderr, "Cannot apply policy\n");
return 1;
}
2019-12-09 10:14:30 +01:00
if (out_file && dump_policydb(out_file)) {
fprintf(stderr, "Cannot dump policy to %s\n", out_file);
2018-11-08 10:20:16 +01:00
return 1;
}
destroy_policydb();
return 0;
}