2019-07-01 02:09:31 +00:00
|
|
|
#pragma once
|
2017-11-28 22:09:35 +00:00
|
|
|
|
|
|
|
#include <stdlib.h>
|
2020-03-09 08:50:30 +00:00
|
|
|
#include <selinux.hpp>
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 07:31:53 +00:00
|
|
|
#include <string>
|
2017-11-28 22:09:35 +00:00
|
|
|
|
2020-05-21 13:48:02 +00:00
|
|
|
#define ALL nullptr
|
|
|
|
|
2022-03-30 05:26:38 +00:00
|
|
|
struct sepolicy {
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 07:31:53 +00:00
|
|
|
using c_str = const char *;
|
2020-12-31 06:11:24 +00:00
|
|
|
|
|
|
|
// Public static factory functions
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 07:31:53 +00:00
|
|
|
static sepolicy *from_data(char *data, size_t len);
|
2020-12-31 06:11:24 +00:00
|
|
|
static sepolicy *from_file(c_str file);
|
|
|
|
static sepolicy *from_split();
|
|
|
|
static sepolicy *compile_split();
|
|
|
|
|
|
|
|
// External APIs
|
|
|
|
bool to_file(c_str file);
|
|
|
|
void parse_statement(c_str stmt);
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 07:31:53 +00:00
|
|
|
void load_rules(const std::string &rules);
|
2020-12-31 06:11:24 +00:00
|
|
|
void load_rule_file(c_str file);
|
|
|
|
|
|
|
|
// Operation on types
|
|
|
|
bool type(c_str name, c_str attr);
|
|
|
|
bool attribute(c_str name);
|
|
|
|
bool permissive(c_str type);
|
|
|
|
bool enforce(c_str type);
|
|
|
|
bool typeattribute(c_str type, c_str attr);
|
|
|
|
bool exists(c_str type);
|
|
|
|
|
|
|
|
// Access vector rules
|
|
|
|
bool allow(c_str src, c_str tgt, c_str cls, c_str perm);
|
|
|
|
bool deny(c_str src, c_str tgt, c_str cls, c_str perm);
|
|
|
|
bool auditallow(c_str src, c_str tgt, c_str cls, c_str perm);
|
|
|
|
bool dontaudit(c_str src, c_str tgt, c_str cls, c_str perm);
|
|
|
|
|
|
|
|
// Extended permissions access vector rules
|
|
|
|
bool allowxperm(c_str src, c_str tgt, c_str cls, c_str range);
|
|
|
|
bool auditallowxperm(c_str src, c_str tgt, c_str cls, c_str range);
|
|
|
|
bool dontauditxperm(c_str src, c_str tgt, c_str cls, c_str range);
|
|
|
|
|
|
|
|
// Type rules
|
|
|
|
bool type_transition(c_str src, c_str tgt, c_str cls, c_str def, c_str obj = nullptr);
|
|
|
|
bool type_change(c_str src, c_str tgt, c_str cls, c_str def);
|
|
|
|
bool type_member(c_str src, c_str tgt, c_str cls, c_str def);
|
|
|
|
|
|
|
|
// File system labeling
|
|
|
|
bool genfscon(c_str fs_name, c_str path, c_str ctx);
|
|
|
|
|
|
|
|
// Magisk
|
|
|
|
void magisk_rules();
|
|
|
|
|
|
|
|
// Deprecate
|
|
|
|
bool create(c_str name) { return type(name, "domain"); }
|
2020-05-25 09:09:43 +00:00
|
|
|
|
2020-05-23 07:18:25 +00:00
|
|
|
protected:
|
2022-03-30 05:26:38 +00:00
|
|
|
// Prevent anyone from accidentally creating an instance
|
|
|
|
sepolicy() = default;
|
2020-05-21 13:48:02 +00:00
|
|
|
};
|