Create domain if it doesn't exist
This commit is contained in:
parent
0fd5a277ed
commit
3394d64f6c
@ -14,8 +14,13 @@
|
|||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#include <sepol/debug.h>
|
||||||
#include <sepol/policydb/policydb.h>
|
#include <sepol/policydb/policydb.h>
|
||||||
|
#include <sepol/policydb/expand.h>
|
||||||
|
#include <sepol/policydb/link.h>
|
||||||
#include <sepol/policydb/services.h>
|
#include <sepol/policydb/services.h>
|
||||||
|
#include <sepol/policydb/avrule_block.h>
|
||||||
|
#include <sepol/policydb/conditional.h>
|
||||||
|
|
||||||
void usage(char *arg0) {
|
void usage(char *arg0) {
|
||||||
fprintf(stderr, "%s -s <source type> -t <target type> -c <class> -p <perm> -P <policy file> -o <output file>\n", arg0);
|
fprintf(stderr, "%s -s <source type> -t <target type> -c <class> -p <perm> -P <policy file> -o <output file>\n", arg0);
|
||||||
@ -32,6 +37,69 @@ void *cmalloc(size_t s) {
|
|||||||
return t;
|
return t;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void set_attr(char *type, policydb_t *policy, int value) {
|
||||||
|
type_datum_t *attr = hashtab_search(policy->p_types.table, type);
|
||||||
|
if (!attr)
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
if (attr->flavor != TYPE_ATTRIB)
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
if (ebitmap_set_bit(&attr->types, value - 1, 1))
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
void create_domain(char *d, policydb_t *policy) {
|
||||||
|
symtab_datum_t *src = hashtab_search(policy->p_types.table, d);
|
||||||
|
if(src)
|
||||||
|
return;
|
||||||
|
|
||||||
|
type_datum_t *typdatum = (type_datum_t *) malloc(sizeof(type_datum_t));
|
||||||
|
type_datum_init(typdatum);
|
||||||
|
typdatum->primary = 1;
|
||||||
|
typdatum->flavor = TYPE_TYPE;
|
||||||
|
|
||||||
|
uint32_t value = 0;
|
||||||
|
int r = symtab_insert(policy, SYM_TYPES, strdup(d), typdatum, SCOPE_DECL, 1, &value);
|
||||||
|
typdatum->s.value = value;
|
||||||
|
|
||||||
|
fprintf(stderr, "source type %s does not exist: %d,%d\n", d, r, value);
|
||||||
|
if (ebitmap_set_bit(&policy->global->branch_list->declared.scope[SYM_TYPES], value - 1, 1)) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
policy->type_attr_map = realloc(policy->type_attr_map, sizeof(ebitmap_t)*policy->p_types.nprim);
|
||||||
|
policy->attr_type_map = realloc(policy->attr_type_map, sizeof(ebitmap_t)*policy->p_types.nprim);
|
||||||
|
ebitmap_init(&policy->type_attr_map[value-1]);
|
||||||
|
ebitmap_init(&policy->attr_type_map[value-1]);
|
||||||
|
ebitmap_set_bit(&policy->type_attr_map[value-1], value-1, 1);
|
||||||
|
|
||||||
|
//Add the domain to all roles
|
||||||
|
for(unsigned i=0; i<policy->p_roles.nprim; ++i) {
|
||||||
|
//Not sure all those three calls are needed
|
||||||
|
ebitmap_set_bit(&policy->role_val_to_struct[i]->types.negset, value-1, 0);
|
||||||
|
ebitmap_set_bit(&policy->role_val_to_struct[i]->types.types, value-1, 1);
|
||||||
|
type_set_expand(&policy->role_val_to_struct[i]->types, &policy->role_val_to_struct[i]->cache, policy, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
src = hashtab_search(policy->p_types.table, d);
|
||||||
|
if(!src)
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
extern int policydb_index_decls(policydb_t * p);
|
||||||
|
if(policydb_index_decls(policy))
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
if(policydb_index_classes(policy))
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
if(policydb_index_others(NULL, policy, 1))
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
set_attr("domain", policy, value);
|
||||||
|
}
|
||||||
|
|
||||||
int add_rule(char *s, char *t, char *c, char *p, policydb_t *policy) {
|
int add_rule(char *s, char *t, char *c, char *p, policydb_t *policy) {
|
||||||
type_datum_t *src, *tgt;
|
type_datum_t *src, *tgt;
|
||||||
class_datum_t *cls;
|
class_datum_t *cls;
|
||||||
@ -208,6 +276,7 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
if (permissive) {
|
if (permissive) {
|
||||||
type_datum_t *type;
|
type_datum_t *type;
|
||||||
|
create_domain(permissive, &policydb);
|
||||||
type = hashtab_search(policydb.p_types.table, permissive);
|
type = hashtab_search(policydb.p_types.table, permissive);
|
||||||
if (type == NULL) {
|
if (type == NULL) {
|
||||||
fprintf(stderr, "type %s does not exist\n", permissive);
|
fprintf(stderr, "type %s does not exist\n", permissive);
|
||||||
@ -218,6 +287,7 @@ int main(int argc, char **argv)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
create_domain(source, policy);
|
||||||
if (add_rule(source, target, class, perm, &policydb)) {
|
if (add_rule(source, target, class, perm, &policydb)) {
|
||||||
fprintf(stderr, "Could not add rule\n");
|
fprintf(stderr, "Could not add rule\n");
|
||||||
return 1;
|
return 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user