Magisk/native/jni/magiskpolicy/api.cpp

#include <magiskpolicy.hpp>

#include "sepolicy.h"

//#define vprint(fmt, ...) printf(fmt, __VA_ARGS__)
#define vprint(...)

int sepolicy::allow(const char *s, const char *t, const char *c, const char *p) {
	vprint("allow %s %s %s %s\n", s, t, c, p);
	return add_rule(db, s, t, c, p, AVTAB_ALLOWED, 0);
}

int sepolicy::deny(const char *s, const char *t, const char *c, const char *p) {
	vprint("deny %s %s %s %s\n", s, t, c, p);
	return add_rule(db, s, t, c, p, AVTAB_ALLOWED, 1);
}

int sepolicy::auditallow(const char *s, const char *t, const char *c, const char *p) {
	vprint("auditallow %s %s %s %s\n", s, t, c, p);
	return add_rule(db, s, t, c, p, AVTAB_AUDITALLOW, 0);
}

int sepolicy::dontaudit(const char *s, const char *t, const char *c, const char *p) {
	vprint("dontaudit %s %s %s %s\n", s, t, c, p);
	return add_rule(db, s, t, c, p, AVTAB_AUDITDENY, 1);
}

int sepolicy::allowxperm(const char *s, const char *t, const char *c, const char *range) {
	vprint("allowxperm %s %s %s %s\n", s, t, c, range);
	return add_xperm_rule(db, s, t, c, range, AVTAB_XPERMS_ALLOWED, 0);
}

int sepolicy::auditallowxperm(const char *s, const char *t, const char *c, const char *range) {
	vprint("auditallowxperm %s %s %s %s\n", s, t, c, range);
	return add_xperm_rule(db, s, t, c, range, AVTAB_XPERMS_AUDITALLOW, 0);
}

int sepolicy::dontauditxperm(const char *s, const char *t, const char *c, const char *range) {
	vprint("dontauditxperm %s %s %s %s\n", s, t, c, range);
	return add_xperm_rule(db, s, t, c, range, AVTAB_XPERMS_DONTAUDIT, 0);
}

int sepolicy::type_change(const char *s, const char *t, const char *c, const char *d) {
	vprint("type_change %s %s %s %s\n", s, t, c, d);
	return add_type_rule(db, s, t, c, d, AVTAB_CHANGE);
}

int sepolicy::type_member(const char *s, const char *t, const char *c, const char *d) {
	vprint("type_member %s %s %s %s\n", s, t, c, d);
	return add_type_rule(db, s, t, c, d, AVTAB_MEMBER);
}

int sepolicy::type_transition(const char *src, const char *tgt, const char *cls, const char *def, const char *obj) {
	if (obj) {
		vprint("type_transition %s %s %s %s\n", src, tgt, cls, def);
		return add_type_rule(db, src, tgt, cls, def, AVTAB_TRANSITION);
	} else {
		vprint("type_transition %s %s %s %s %s\n", src, tgt, cls, def, obj);
		return add_filename_trans(db, src, tgt, cls, def, obj);
	}
}

int sepolicy::permissive(const char *s) {
	vprint("permissive %s\n", s);
	return set_domain_state(db, s, 1);
}

int sepolicy::enforce(const char *s) {
	vprint("enforce %s\n", s);
	return set_domain_state(db, s, 0);
}

int sepolicy::create(const char *s) {
	vprint("create %s\n", s);
	return create_domain(db, s);
}

int sepolicy::typeattribute(const char *type, const char *attr) {
	vprint("typeattribute %s %s\n", type, attr);
	return add_typeattribute(db, type, attr);
}

int sepolicy::genfscon(const char *fs_name, const char *path, const char *ctx) {
	vprint("genfscon %s %s %s\n", fs_name, path, ctx);
	return add_genfscon(db, fs_name, path, ctx);
}

int sepolicy::exists(const char *source) {
	return hashtab_search(db->p_types.table, source) != nullptr;
}
Small native code reorganization 2020-03-09 08:50:30 +00:00			`#include <magiskpolicy.hpp>`
Add new API to load sepolicy rule file 2019-12-09 09:14:30 +00:00
Separate public and private APIs 2017-04-15 11:26:29 +00:00			`#include "sepolicy.h"`
Project restructure 2017-01-31 16:51:45 +00:00
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`//#define vprint(fmt, ...) printf(fmt, __VA_ARGS__)`
			`#define vprint(...)`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::allow(const char s, const char t, const char c, const char p) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("allow %s %s %s %s\n", s, t, c, p);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_rule(db, s, t, c, p, AVTAB_ALLOWED, 0);`
Project restructure 2017-01-31 16:51:45 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::deny(const char s, const char t, const char c, const char p) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("deny %s %s %s %s\n", s, t, c, p);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_rule(db, s, t, c, p, AVTAB_ALLOWED, 1);`
Project restructure 2017-01-31 16:51:45 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::auditallow(const char s, const char t, const char c, const char p) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("auditallow %s %s %s %s\n", s, t, c, p);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_rule(db, s, t, c, p, AVTAB_AUDITALLOW, 0);`
Project restructure 2017-01-31 16:51:45 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::dontaudit(const char s, const char t, const char c, const char p) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("dontaudit %s %s %s %s\n", s, t, c, p);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_rule(db, s, t, c, p, AVTAB_AUDITDENY, 1);`
Project restructure 2017-01-31 16:51:45 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::allowxperm(const char s, const char t, const char c, const char range) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("allowxperm %s %s %s %s\n", s, t, c, range);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_xperm_rule(db, s, t, c, range, AVTAB_XPERMS_ALLOWED, 0);`
Add extended permission support 2017-04-19 20:04:09 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::auditallowxperm(const char s, const char t, const char c, const char range) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("auditallowxperm %s %s %s %s\n", s, t, c, range);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_xperm_rule(db, s, t, c, range, AVTAB_XPERMS_AUDITALLOW, 0);`
Add extended permission support 2017-04-19 20:04:09 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::dontauditxperm(const char s, const char t, const char c, const char range) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("dontauditxperm %s %s %s %s\n", s, t, c, range);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_xperm_rule(db, s, t, c, range, AVTAB_XPERMS_DONTAUDIT, 0);`
Add extended permission support 2017-04-19 20:04:09 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::type_change(const char s, const char t, const char c, const char d) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("type_change %s %s %s %s\n", s, t, c, d);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_type_rule(db, s, t, c, d, AVTAB_CHANGE);`
Update magiskpolicy - Generalize avtab node extraction and insertion - Add new supported rules: type_change, type_member - Update help message with official policy language 2018-11-29 08:46:29 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::type_member(const char s, const char t, const char c, const char d) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("type_member %s %s %s %s\n", s, t, c, d);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return add_type_rule(db, s, t, c, d, AVTAB_MEMBER);`
Update magiskpolicy - Generalize avtab node extraction and insertion - Add new supported rules: type_change, type_member - Update help message with official policy language 2018-11-29 08:46:29 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::type_transition(const char src, const char tgt, const char cls, const char def, const char *obj) {`
			`if (obj) {`
			`vprint("type_transition %s %s %s %s\n", src, tgt, cls, def);`
			`return add_type_rule(db, src, tgt, cls, def, AVTAB_TRANSITION);`
			`} else {`
			`vprint("type_transition %s %s %s %s %s\n", src, tgt, cls, def, obj);`
			`return add_filename_trans(db, src, tgt, cls, def, obj);`
			`}`
Cleanup headers 2019-11-19 07:04:47 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::permissive(const char *s) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("permissive %s\n", s);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return set_domain_state(db, s, 1);`
Project restructure 2017-01-31 16:51:45 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::enforce(const char *s) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("enforce %s\n", s);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return set_domain_state(db, s, 0);`
Add parser for all commands and complete usage 2017-02-03 22:36:15 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::create(const char *s) {`
Small sepolicy refactor and fixes 2019-11-19 10:20:18 +00:00			`vprint("create %s\n", s);`
Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`return create_domain(db, s);`
Add parser for all commands and complete usage 2017-02-03 22:36:15 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::typeattribute(const char type, const char attr) {`
			`vprint("typeattribute %s %s\n", type, attr);`
			`return add_typeattribute(db, type, attr);`
Project restructure 2017-01-31 16:51:45 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::genfscon(const char fs_name, const char path, const char *ctx) {`
			`vprint("genfscon %s %s %s\n", fs_name, path, ctx);`
			`return add_genfscon(db, fs_name, path, ctx);`
Add support for genfscon sepolicy rules Close #2367 2020-02-01 17:16:42 +00:00			`}`

Modernize magiskpolicy 2020-05-21 13:48:02 +00:00			`int sepolicy::exists(const char *source) {`
			`return hashtab_search(db->p_types.table, source) != nullptr;`
Project restructure 2017-01-31 16:51:45 +00:00			`}`