2018-11-08 04:20:16 -05:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <limits.h>
|
|
|
|
|
2019-06-30 19:09:31 -07:00
|
|
|
#include <logging.h>
|
2019-02-10 03:57:51 -05:00
|
|
|
#include <utils.h>
|
|
|
|
#include <flags.h>
|
2019-12-09 04:14:30 -05:00
|
|
|
#include <magiskpolicy.h>
|
2019-02-10 03:57:51 -05:00
|
|
|
|
2018-11-08 04:20:16 -05:00
|
|
|
#include "sepolicy.h"
|
2018-11-29 03:46:29 -05:00
|
|
|
|
2019-12-09 04:14:30 -05:00
|
|
|
using namespace std::literals;
|
2018-11-08 04:20:16 -05:00
|
|
|
|
|
|
|
[[noreturn]] static void usage(char *arg0) {
|
|
|
|
fprintf(stderr,
|
2019-12-09 04:14:30 -05:00
|
|
|
FULL_VER(MagiskPolicy) R"EOF(
|
|
|
|
|
|
|
|
Usage: %s [--options...] [policy statements...]
|
|
|
|
|
|
|
|
Options:
|
|
|
|
--help show help message for policy statements
|
|
|
|
--load FILE load policies from FILE
|
|
|
|
--load-split load from precompiled sepolicy or compile
|
|
|
|
split policies
|
|
|
|
--compile-split compile split cil policies
|
|
|
|
--save FILE save policies to FILE
|
|
|
|
--live directly apply sepolicy live
|
|
|
|
--magisk inject built-in rules for a minimal
|
|
|
|
Magisk selinux environment
|
|
|
|
--apply FILE apply rules from FILE, read and parsed
|
|
|
|
line by line as policy statements
|
|
|
|
|
|
|
|
If neither --load or --compile-split is specified, it will load
|
|
|
|
from current live policies (/sys/fs/selinux/policy)
|
|
|
|
|
|
|
|
)EOF", arg0);
|
2018-11-08 04:20:16 -05:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
int magiskpolicy_main(int argc, char *argv[]) {
|
2018-11-08 06:43:11 -05:00
|
|
|
cmdline_logging();
|
2019-12-09 04:14:30 -05:00
|
|
|
const char *out_file = nullptr;
|
|
|
|
const char *rule_file = nullptr;
|
|
|
|
bool magisk = false;
|
|
|
|
bool live = false;
|
2018-11-08 04:20:16 -05:00
|
|
|
|
|
|
|
if (argc < 2) usage(argv[0]);
|
|
|
|
int i = 1;
|
|
|
|
for (; i < argc; ++i) {
|
|
|
|
// Parse options
|
|
|
|
if (argv[i][0] == '-' && argv[i][1] == '-') {
|
2019-12-09 04:14:30 -05:00
|
|
|
auto option = argv[i] + 2;
|
|
|
|
if (option == "live"sv)
|
2018-11-08 04:20:16 -05:00
|
|
|
live = true;
|
2019-12-09 04:14:30 -05:00
|
|
|
else if (option == "magisk"sv)
|
2018-11-08 04:20:16 -05:00
|
|
|
magisk = true;
|
2019-12-09 04:14:30 -05:00
|
|
|
else if (option == "load"sv) {
|
2018-11-08 04:20:16 -05:00
|
|
|
if (argv[i + 1] == nullptr)
|
|
|
|
usage(argv[0]);
|
|
|
|
if (load_policydb(argv[i + 1])) {
|
|
|
|
fprintf(stderr, "Cannot load policy from %s\n", argv[i + 1]);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
++i;
|
2019-12-09 04:14:30 -05:00
|
|
|
} else if (option == "load-split"sv) {
|
2019-03-15 06:17:37 -04:00
|
|
|
if (load_split_cil()) {
|
|
|
|
fprintf(stderr, "Cannot load split cil\n");
|
|
|
|
return 1;
|
|
|
|
}
|
2019-12-09 04:14:30 -05:00
|
|
|
} else if (option == "compile-split"sv) {
|
2018-11-08 04:20:16 -05:00
|
|
|
if (compile_split_cil()) {
|
|
|
|
fprintf(stderr, "Cannot compile split cil\n");
|
|
|
|
return 1;
|
|
|
|
}
|
2019-12-09 04:14:30 -05:00
|
|
|
} else if (option == "save"sv) {
|
|
|
|
if (argv[i + 1] == nullptr)
|
|
|
|
usage(argv[0]);
|
|
|
|
out_file = argv[i + 1];
|
|
|
|
++i;
|
|
|
|
} else if (option == "apply"sv) {
|
2018-11-08 04:20:16 -05:00
|
|
|
if (argv[i + 1] == nullptr)
|
|
|
|
usage(argv[0]);
|
2019-12-09 04:14:30 -05:00
|
|
|
rule_file = argv[i + 1];
|
2018-11-08 04:20:16 -05:00
|
|
|
++i;
|
2019-12-09 04:14:30 -05:00
|
|
|
} else if (option == "help"sv) {
|
|
|
|
statement_help();
|
2018-11-08 04:20:16 -05:00
|
|
|
} else {
|
|
|
|
usage(argv[0]);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Use current policy if nothing is loaded
|
2019-11-19 05:20:18 -05:00
|
|
|
if (magisk_policydb == nullptr && load_policydb(SELINUX_POLICY)) {
|
2018-11-08 04:20:16 -05:00
|
|
|
fprintf(stderr, "Cannot load policy from " SELINUX_POLICY "\n");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (magisk)
|
|
|
|
sepol_magisk_rules();
|
|
|
|
|
2019-12-09 04:14:30 -05:00
|
|
|
if (rule_file)
|
|
|
|
load_rule_file(rule_file);
|
|
|
|
|
2019-03-15 06:17:37 -04:00
|
|
|
for (; i < argc; ++i)
|
|
|
|
parse_statement(argv[i]);
|
|
|
|
|
2018-11-08 04:20:16 -05:00
|
|
|
if (live && dump_policydb(SELINUX_LOAD)) {
|
|
|
|
fprintf(stderr, "Cannot apply policy\n");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2019-12-09 04:14:30 -05:00
|
|
|
if (out_file && dump_policydb(out_file)) {
|
|
|
|
fprintf(stderr, "Cannot dump policy to %s\n", out_file);
|
2018-11-08 04:20:16 -05:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
destroy_policydb();
|
|
|
|
return 0;
|
|
|
|
}
|