linux/scripts/selinux/genheaders/genheaders.c

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <ctype.h>

struct security_class_mapping {
	const char *name;
	const char *perms[sizeof(unsigned) * 8 + 1];
};

#include "classmap.h"
#include "initial_sid_to_string.h"

#define max(x, y) (((int)(x) > (int)(y)) ? x : y)

const char *progname;

static void usage(void)
{
	printf("usage: %s flask.h av_permissions.h\n", progname);
	exit(1);
}

static char *stoupperx(const char *s)
{
	char *s2 = strdup(s);
	char *p;

	if (!s2) {
		fprintf(stderr, "%s:  out of memory\n", progname);
		exit(3);
	}

	for (p = s2; *p; p++)
		*p = toupper(*p);
	return s2;
}

int main(int argc, char *argv[])
{
	int i, j, k;
	int isids_len;
	FILE *fout;
	const char *needle = "SOCKET";
	char *substr;

	progname = argv[0];

	if (argc < 3)
		usage();

	fout = fopen(argv[1], "w");
	if (!fout) {
		fprintf(stderr, "Could not open %s for writing:  %s\n",
			argv[1], strerror(errno));
		exit(2);
	}

	for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		map->name = stoupperx(map->name);
		for (j = 0; map->perms[j]; j++)
			map->perms[j] = stoupperx(map->perms[j]);
	}

	isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
	for (i = 1; i < isids_len; i++)
		initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);

	fprintf(fout, "/* This file is automatically generated.  Do not edit. */\n");
	fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");

	for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		fprintf(fout, "#define SECCLASS_%s", map->name);
		for (j = 0; j < max(1, 40 - strlen(map->name)); j++)
			fprintf(fout, " ");
		fprintf(fout, "%2d\n", i+1);
	}

	fprintf(fout, "\n");

	for (i = 1; i < isids_len; i++) {
		const char *s = initial_sid_to_string[i];
		fprintf(fout, "#define SECINITSID_%s", s);
		for (j = 0; j < max(1, 40 - strlen(s)); j++)
			fprintf(fout, " ");
		fprintf(fout, "%2d\n", i);
	}
	fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
	fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
	fprintf(fout, "{\n");
	fprintf(fout, "\tbool sock = false;\n\n");
	fprintf(fout, "\tswitch (kern_tclass) {\n");
	for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		substr = strstr(map->name, needle);
		if (substr && strcmp(substr, needle) == 0)
			fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
	}
	fprintf(fout, "\t\tsock = true;\n");
	fprintf(fout, "\t\tbreak;\n");
	fprintf(fout, "\tdefault:\n");
	fprintf(fout, "\t\tbreak;\n");
	fprintf(fout, "\t}\n\n");
	fprintf(fout, "\treturn sock;\n");
	fprintf(fout, "}\n");

	fprintf(fout, "\n#endif\n");
	fclose(fout);

	fout = fopen(argv[2], "w");
	if (!fout) {
		fprintf(stderr, "Could not open %s for writing:  %s\n",
			argv[2], strerror(errno));
		exit(4);
	}

	fprintf(fout, "/* This file is automatically generated.  Do not edit. */\n");
	fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");

	for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		for (j = 0; map->perms[j]; j++) {
			fprintf(fout, "#define %s__%s", map->name,
				map->perms[j]);
			for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
				fprintf(fout, " ");
			fprintf(fout, "0x%08xUL\n", (1<<j));
		}
	}

	fprintf(fout, "\n#endif\n");
	fclose(fout);
	exit(0);
}
selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2009-09-30 13:41:02 -04:00			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <unistd.h>`
			`#include <string.h>`
			`#include <errno.h>`
			`#include <ctype.h>`

			`struct security_class_mapping {`
			`const char *name;`
			`const char perms[sizeof(unsigned) 8 + 1];`
			`};`

			`#include "classmap.h"`
			`#include "initial_sid_to_string.h"`

SELinux: header generation may hit infinite loop If a permission name is long enough the selinux class definition generation tool will go into a infinite loop. This is because it's macro max() is fooled into thinking it is dealing with unsigned numbers. This patch makes sure the macro always uses signed number so 1 > -1. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-11-20 11:00:12 -05:00			`#define max(x, y) (((int)(x) > (int)(y)) ? x : y)`
selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2009-09-30 13:41:02 -04:00
			`const char *progname;`

selinux: Fix warnings scripts/selinux/genheaders/genheaders.c:20: warning: no previous prototype for ?usage? scripts/selinux/genheaders/genheaders.c:26: warning: no previous prototype for ?stoupperx? Signed-off-by: Alan Cox <alan@linux.intel.com> Acked-by: WANG Cong <xiyou.wangcong@gmail.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-11-18 14:39:51 +00:00			`static void usage(void)`
selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2009-09-30 13:41:02 -04:00			`{`
			`printf("usage: %s flask.h av_permissions.h\n", progname);`
			`exit(1);`
			`}`

selinux: Fix warnings scripts/selinux/genheaders/genheaders.c:20: warning: no previous prototype for ?usage? scripts/selinux/genheaders/genheaders.c:26: warning: no previous prototype for ?stoupperx? Signed-off-by: Alan Cox <alan@linux.intel.com> Acked-by: WANG Cong <xiyou.wangcong@gmail.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-11-18 14:39:51 +00:00			`static char stoupperx(const char s)`
selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2009-09-30 13:41:02 -04:00			`{`
			`char *s2 = strdup(s);`
			`char *p;`

			`if (!s2) {`
			`fprintf(stderr, "%s: out of memory\n", progname);`
			`exit(3);`
			`}`

			`for (p = s2; *p; p++)`
			`p = toupper(p);`
			`return s2;`
			`}`

			`int main(int argc, char *argv[])`
			`{`
			`int i, j, k;`
			`int isids_len;`
			`FILE *fout;`
SELinux: Auto-generate security_is_socket_class The security_is_socket_class() is auto-generated by genheaders based on classmap.h to reduce maintenance effort when a new class is defined in SELinux kernel. The name for any socket class should be suffixed by "socket" and doesn't contain more than one substr of "socket". Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> 2011-03-02 13:46:08 +08:00			`const char *needle = "SOCKET";`
			`char *substr;`
selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2009-09-30 13:41:02 -04:00
			`progname = argv[0];`

			`if (argc < 3)`
			`usage();`

			`fout = fopen(argv[1], "w");`
			`if (!fout) {`
			`fprintf(stderr, "Could not open %s for writing: %s\n",`
			`argv[1], strerror(errno));`
			`exit(2);`
			`}`

			`for (i = 0; secclass_map[i].name; i++) {`
			`struct security_class_mapping *map = &secclass_map[i];`
			`map->name = stoupperx(map->name);`
			`for (j = 0; map->perms[j]; j++)`
			`map->perms[j] = stoupperx(map->perms[j]);`
			`}`

			`isids_len = sizeof(initial_sid_to_string) / sizeof (char *);`
			`for (i = 1; i < isids_len; i++)`
			`initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);`

			`fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");`
			`fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");`

			`for (i = 0; secclass_map[i].name; i++) {`
			`struct security_class_mapping *map = &secclass_map[i];`
			`fprintf(fout, "#define SECCLASS_%s", map->name);`
			`for (j = 0; j < max(1, 40 - strlen(map->name)); j++)`
			`fprintf(fout, " ");`
			`fprintf(fout, "%2d\n", i+1);`
			`}`

			`fprintf(fout, "\n");`

			`for (i = 1; i < isids_len; i++) {`
selinux: fix warning in genheaders Fix const warning in the genheaders script as a result of changes to the headers, as noted here: http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-03/msg03977.html Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: James Morris <jmorris@namei.org> 2010-03-16 08:47:36 +11:00			`const char *s = initial_sid_to_string[i];`
selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2009-09-30 13:41:02 -04:00			`fprintf(fout, "#define SECINITSID_%s", s);`
			`for (j = 0; j < max(1, 40 - strlen(s)); j++)`
			`fprintf(fout, " ");`
			`fprintf(fout, "%2d\n", i);`
			`}`
			`fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);`
SELinux: Auto-generate security_is_socket_class The security_is_socket_class() is auto-generated by genheaders based on classmap.h to reduce maintenance effort when a new class is defined in SELinux kernel. The name for any socket class should be suffixed by "socket" and doesn't contain more than one substr of "socket". Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> 2011-03-02 13:46:08 +08:00			`fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");`
			`fprintf(fout, "{\n");`
			`fprintf(fout, "\tbool sock = false;\n\n");`
			`fprintf(fout, "\tswitch (kern_tclass) {\n");`
			`for (i = 0; secclass_map[i].name; i++) {`
			`struct security_class_mapping *map = &secclass_map[i];`
			`substr = strstr(map->name, needle);`
			`if (substr && strcmp(substr, needle) == 0)`
			`fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);`
			`}`
			`fprintf(fout, "\t\tsock = true;\n");`
			`fprintf(fout, "\t\tbreak;\n");`
			`fprintf(fout, "\tdefault:\n");`
			`fprintf(fout, "\t\tbreak;\n");`
			`fprintf(fout, "\t}\n\n");`
			`fprintf(fout, "\treturn sock;\n");`
			`fprintf(fout, "}\n");`

selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> 2009-09-30 13:41:02 -04:00			`fprintf(fout, "\n#endif\n");`
			`fclose(fout);`

			`fout = fopen(argv[2], "w");`
			`if (!fout) {`
			`fprintf(stderr, "Could not open %s for writing: %s\n",`
			`argv[2], strerror(errno));`
			`exit(4);`
			`}`

			`fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");`
			`fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");`

			`for (i = 0; secclass_map[i].name; i++) {`
			`struct security_class_mapping *map = &secclass_map[i];`
			`for (j = 0; map->perms[j]; j++) {`
			`fprintf(fout, "#define %s__%s", map->name,`
			`map->perms[j]);`
			`for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)`
			`fprintf(fout, " ");`
			`fprintf(fout, "0x%08xUL\n", (1<<j));`
			`}`
			`}`

			`fprintf(fout, "\n#endif\n");`
			`fclose(fout);`
			`exit(0);`
			`}`