MarcoBuster/Magisk
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Create domain if it doesn't exist

Browse Source
This commit is contained in:
Pierre-Hugues Husson 2015-06-12 12:03:58 +02:00
parent 0fd5a277ed
commit 3394d64f6c
1 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
sepolicy-inject.c
View File

@ -14,8 +14,13 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
#include <stdio.h> #include <stdio.h>
#include <sepol/debug.h>
#include <sepol/policydb/policydb.h> #include <sepol/policydb/policydb.h>
#include <sepol/policydb/expand.h>
#include <sepol/policydb/link.h>
#include <sepol/policydb/services.h> #include <sepol/policydb/services.h>
#include <sepol/policydb/avrule_block.h>
#include <sepol/policydb/conditional.h>
void usage(char *arg0) { void usage(char *arg0) {
fprintf(stderr, "%s -s <source type> -t <target type> -c <class> -p <perm> -P <policy file> -o <output file>\n", arg0); fprintf(stderr, "%s -s <source type> -t <target type> -c <class> -p <perm> -P <policy file> -o <output file>\n", arg0);
@ -32,6 +37,69 @@ void *cmalloc(size_t s) {
return t; return t;
} }
void set_attr(char *type, policydb_t *policy, int value) {
type_datum_t *attr = hashtab_search(policy->p_types.table, type);
if (!attr)
exit(1);
if (attr->flavor != TYPE_ATTRIB)
exit(1);
if (ebitmap_set_bit(&attr->types, value - 1, 1))
exit(1);
}
void create_domain(char *d, policydb_t *policy) {
symtab_datum_t *src = hashtab_search(policy->p_types.table, d);
if(src)
return;
type_datum_t *typdatum = (type_datum_t *) malloc(sizeof(type_datum_t));
type_datum_init(typdatum);
typdatum->primary = 1;
typdatum->flavor = TYPE_TYPE;
uint32_t value = 0;
int r = symtab_insert(policy, SYM_TYPES, strdup(d), typdatum, SCOPE_DECL, 1, &value);
typdatum->s.value = value;
fprintf(stderr, "source type %s does not exist: %d,%d\n", d, r, value);
if (ebitmap_set_bit(&policy->global->branch_list->declared.scope[SYM_TYPES], value - 1, 1)) {
exit(1);
}
policy->type_attr_map = realloc(policy->type_attr_map, sizeof(ebitmap_t)*policy->p_types.nprim);
policy->attr_type_map = realloc(policy->attr_type_map, sizeof(ebitmap_t)*policy->p_types.nprim);
ebitmap_init(&policy->type_attr_map[value-1]);
ebitmap_init(&policy->attr_type_map[value-1]);
ebitmap_set_bit(&policy->type_attr_map[value-1], value-1, 1);
//Add the domain to all roles
for(unsigned i=0; i<policy->p_roles.nprim; ++i) {
//Not sure all those three calls are needed
ebitmap_set_bit(&policy->role_val_to_struct[i]->types.negset, value-1, 0);
ebitmap_set_bit(&policy->role_val_to_struct[i]->types.types, value-1, 1);
type_set_expand(&policy->role_val_to_struct[i]->types, &policy->role_val_to_struct[i]->cache, policy, 0);
}
src = hashtab_search(policy->p_types.table, d);
if(!src)
exit(1);
extern int policydb_index_decls(policydb_t * p);
if(policydb_index_decls(policy))
exit(1);
if(policydb_index_classes(policy))
exit(1);
if(policydb_index_others(NULL, policy, 1))
exit(1);
set_attr("domain", policy, value);
}
int add_rule(char *s, char *t, char *c, char *p, policydb_t *policy) { int add_rule(char *s, char *t, char *c, char *p, policydb_t *policy) {
type_datum_t *src, *tgt; type_datum_t *src, *tgt;
class_datum_t *cls; class_datum_t *cls;
@ -208,6 +276,7 @@ int main(int argc, char **argv)
if (permissive) { if (permissive) {
type_datum_t *type; type_datum_t *type;
create_domain(permissive, &policydb);
type = hashtab_search(policydb.p_types.table, permissive); type = hashtab_search(policydb.p_types.table, permissive);
if (type == NULL) { if (type == NULL) {
fprintf(stderr, "type %s does not exist\n", permissive); fprintf(stderr, "type %s does not exist\n", permissive);
@ -218,6 +287,7 @@ int main(int argc, char **argv)
return 1; return 1;
} }
} else { } else {
create_domain(source, policy);
if (add_rule(source, target, class, perm, &policydb)) { if (add_rule(source, target, class, perm, &policydb)) {
fprintf(stderr, "Could not add rule\n"); fprintf(stderr, "Could not add rule\n");
return 1; return 1;