From 3c6a170138cacb1f817c65181bd6e3ef15cfca9e Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Mon, 28 Aug 2017 02:13:36 +0800 Subject: [PATCH] Minor adjustments --- Android.mk | 11 -- magiskpolicy.c | 266 +++++++++++++++++++++++++++---------------------- sepolicy.c | 6 +- 3 files changed, 148 insertions(+), 135 deletions(-) delete mode 100644 Android.mk diff --git a/Android.mk b/Android.mk deleted file mode 100644 index ded8819a5..000000000 --- a/Android.mk +++ /dev/null @@ -1,11 +0,0 @@ -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) -LOCAL_MODULE := magiskpolicy -LOCAL_STATIC_LIBRARIES := libsepol -LOCAL_SRC_FILES := magiskpolicy.c sepolicy.c rules.c api.c ../utils/vector.c -LOCAL_C_INCLUDES := jni/selinux/libsepol/include jni/utils -LOCAL_CFLAGS := -DINDEP_BINARY -include $(BUILD_EXECUTABLE) - -include jni/selinux/libsepol/Android.mk diff --git a/magiskpolicy.c b/magiskpolicy.c index 72fc282bc..17d1dd379 100644 --- a/magiskpolicy.c +++ b/magiskpolicy.c @@ -75,7 +75,7 @@ static void usage(char *arg0) { static int parse_pattern_1(int action, char* statement) { int state = 0, in_bracket = 0; char *tok, *class, *saveptr; - struct vector source, target, permission, *temp; + struct vector source, target, permission; vec_init(&source); vec_init(&target); vec_init(&permission); @@ -97,24 +97,25 @@ static int parse_pattern_1(int action, char* statement) { } } else { if (tok[0] == '*') tok = ALL; + struct vector *vec; switch (state) { - case 0: - temp = &source; - break; - case 1: - temp = ⌖ - break; - case 2: - temp = NULL; - class = tok; - break; - case 3: - temp = &permission; - break; - default: - return 1; + case 0: + vec = &source; + break; + case 1: + vec = ⌖ + break; + case 2: + vec = NULL; + class = tok; + break; + case 3: + vec = &permission; + break; + default: + return 1; } - vec_push_back(temp, tok); + vec_push_back(vec, tok); } if (!in_bracket) ++state; tok = strtok_r(NULL, " ", &saveptr); @@ -122,27 +123,33 @@ static int parse_pattern_1(int action, char* statement) { if (state != 4) return 1; for(int i = 0; i < source.size; ++i) for (int j = 0; j < target.size; ++j) - for (int k = 0; k < permission.size; ++k) + for (int k = 0; k < permission.size; ++k) { + int (*action_func)(char*, char*, char*, char*); + char *action_str; switch (action) { - case 0: - if (sepol_allow(source.data[i], target.data[j], class, permission.data[k])) - fprintf(stderr, "Error in: allow %s %s %s %s\n", source.data[i], target.data[j], class, permission.data[k]); - break; - case 1: - if (sepol_deny(source.data[i], target.data[j], class, permission.data[k])) - fprintf(stderr, "Error in: deny %s %s %s %s\n", source.data[i], target.data[j], class, permission.data[k]); - break; - case 2: - if (sepol_auditallow(source.data[i], target.data[j], class, permission.data[k])) - fprintf(stderr, "Error in: auditallow %s %s %s %s\n", source.data[i], target.data[j], class, permission.data[k]); - break; - case 3: - if (sepol_auditdeny(source.data[i], target.data[j], class, permission.data[k])) - fprintf(stderr, "Error in: auditdeny %s %s %s %s\n", source.data[i], target.data[j], class, permission.data[k]); - break; - default: - return 1; + case 0: + action_func = sepol_allow; + action_str = "allow"; + break; + case 1: + action_func = sepol_deny; + action_str = "deny"; + break; + case 2: + action_func = sepol_auditallow; + action_str = "auditallow"; + break; + case 3: + action_func = sepol_auditdeny; + action_str = "auditdeny"; + break; + default: + return 1; } + if (action_func(source.data[i], target.data[j], class, permission.data[k])) + fprintf(stderr, "Error in: %s %s %s %s %s\n", + action_str, source.data[i], target.data[j], class, permission.data[k]); + } vec_destroy(&source); vec_destroy(&target); vec_destroy(&permission); @@ -153,7 +160,7 @@ static int parse_pattern_1(int action, char* statement) { static int parse_pattern_2(int action, char* statement) { int state = 0, in_bracket = 0; char *tok, *saveptr; - struct vector class, attribute, *temp; + struct vector class, attribute; vec_init(&class); vec_init(&attribute); tok = strtok_r(statement, " ", &saveptr); @@ -174,32 +181,39 @@ static int parse_pattern_2(int action, char* statement) { } } else { if (tok[0] == '*') tok = ALL; + struct vector *vec; switch (state) { - case 0: - temp = &class; - break; - case 1: - temp = &attribute; - break; - default: - return 1; + case 0: + vec = &class; + break; + case 1: + vec = &attribute; + break; + default: + return 1; } - vec_push_back(temp, tok); + vec_push_back(vec, tok); } if (!in_bracket) ++state; tok = strtok_r(NULL, " ", &saveptr); } if (state != 2) return 1; for(int i = 0; i < class.size; ++i) - for (int j = 0; j < attribute.size; ++j) + for (int j = 0; j < attribute.size; ++j) { + int (*action_func)(char*, char*); + char *action_str; switch (action) { case 0: - if (sepol_attradd(class.data[i], attribute.data[j])) - fprintf(stderr, "Error in: attradd %s %s\n", class.data[i], attribute.data[j]); + action_func = sepol_attradd; + action_str = "attradd"; break; default: return 1; } + if (action_func(class.data[i], attribute.data[j])) + fprintf(stderr, "Error in: %s %s %s\n", + action_str, class.data[i], attribute.data[j]); + } vec_destroy(&class); vec_destroy(&attribute); return 0; @@ -217,20 +231,24 @@ static int parse_pattern_3(int action, char* statement) { tok = strtok_r(NULL, " {}", &saveptr); } for (int i = 0; i < classes.size; ++i) { + int (*action_func)(char*); + char *action_str; switch (action) { - case 0: - if (sepol_create(classes.data[i])) - fprintf(stderr, "Domain %s already exists\n", classes.data[i]); - break; - case 1: - if (sepol_permissive(classes.data[i])) - fprintf(stderr, "Error in: permissive %s\n", classes.data[i]); - break; - case 2: - if (sepol_enforce(classes.data[i])) - fprintf(stderr, "Error in: enforce %s\n", classes.data[i]); - break; + case 0: + action_func = sepol_create; + action_str = "create"; + break; + case 1: + action_func = sepol_permissive; + action_str = "permissive"; + break; + case 2: + action_func = sepol_enforce; + action_str = "enforce"; + break; } + if (action_func(classes.data[i])) + fprintf(stderr, "Error in: %s %s\n", action_str, classes.data[i]); } vec_destroy(&classes); return 0; @@ -244,23 +262,23 @@ static int parse_pattern_4(int action, char* statement) { tok = strtok_r(statement, " ", &saveptr); while (tok != NULL) { switch(state) { - case 0: - source = tok; - break; - case 1: - target = tok; - break; - case 2: - class = tok; - break; - case 3: - def = tok; - break; - case 4: - filename = tok; - break; - default: - return 1; + case 0: + source = tok; + break; + case 1: + target = tok; + break; + case 2: + class = tok; + break; + case 3: + def = tok; + break; + case 4: + filename = tok; + break; + default: + return 1; } tok = strtok_r(NULL, " ", &saveptr); ++state; @@ -275,7 +293,7 @@ static int parse_pattern_4(int action, char* statement) { static int parse_pattern_5(int action, char* statement) { int state = 0, in_bracket = 0; char *tok, *range, *saveptr; - struct vector source, target, class, *temp; + struct vector source, target, class; vec_init(&source); vec_init(&target); vec_init(&class); @@ -297,28 +315,29 @@ static int parse_pattern_5(int action, char* statement) { } } else { if (tok[0] == '*') tok = ALL; + struct vector *vec; switch (state) { - case 0: - temp = &source; - break; - case 1: - temp = ⌖ - break; - case 2: - temp = &class; - break; - case 3: - // Should always be ioctl - temp = NULL; - break; - case 4: - temp = NULL; - range = tok; - break; - default: - return 1; + case 0: + vec = &source; + break; + case 1: + vec = ⌖ + break; + case 2: + vec = &class; + break; + case 3: + // Should always be ioctl + vec = NULL; + break; + case 4: + vec = NULL; + range = tok; + break; + default: + return 1; } - vec_push_back(temp, tok); + vec_push_back(vec, tok); } if (!in_bracket) ++state; tok = strtok_r(NULL, " ", &saveptr); @@ -326,23 +345,29 @@ static int parse_pattern_5(int action, char* statement) { if (state != 5) return 1; for(int i = 0; i < source.size; ++i) for (int j = 0; j < target.size; ++j) - for (int k = 0; k < class.size; ++k) + for (int k = 0; k < class.size; ++k) { + int (*action_func)(char*, char*, char*, char*); + char *action_str; switch (action) { - case 0: - if (sepol_allowxperm(source.data[i], target.data[j], class.data[k], range)) - fprintf(stderr, "Error in: allowxperm %s %s %s %s\n", source.data[i], target.data[j], class.data[k], range); - break; - case 1: - if (sepol_auditallowxperm(source.data[i], target.data[j], class.data[k], range)) - fprintf(stderr, "Error in: auditallowxperm %s %s %s %s\n", source.data[i], target.data[j], class.data[k], range); - break; - case 2: - if (sepol_dontauditxperm(source.data[i], target.data[j], class.data[k], range)) - fprintf(stderr, "Error in: dontauditxperm %s %s %s %s\n", source.data[i], target.data[j], class.data[k], range); - break; - default: - return 1; + case 0: + action_func = sepol_allowxperm; + action_str = "allowxperm"; + break; + case 1: + action_func = sepol_auditallowxperm; + action_str = "auditallowxperm"; + break; + case 2: + action_func = sepol_dontauditxperm; + action_str = "dontauditxperm"; + break; + default: + return 1; } + if (action_func(source.data[i], target.data[j], class.data[k], range)) + fprintf(stderr, "Error in: %s %s %s %s %s\n", + action_str, source.data[i], target.data[j], class.data[k], range); + } vec_destroy(&source); vec_destroy(&target); vec_destroy(&class); @@ -387,7 +412,7 @@ int magiskpolicy_main(int argc, char *argv[]) { infile = SELINUX_POLICY; if (load_policydb(infile)) { - fprintf(stderr, "Could not load policy\n"); + fprintf(stderr, "Cannot load policy from %s\n", infile); return 1; } @@ -445,14 +470,13 @@ int magiskpolicy_main(int argc, char *argv[]) { vec_destroy(&rules); if (live) - if (dump_policydb(SELINUX_LOAD)) - return 1; + outfile = SELINUX_LOAD; - if (outfile) { - unlink(outfile); - if (dump_policydb(outfile)) + if (outfile) + if (dump_policydb(outfile)) { + fprintf(stderr, "Cannot dump policy to %s\n", outfile); return 1; - } + } destroy_policydb(); return 0; diff --git a/sepolicy.c b/sepolicy.c index 4a45a3064..691686246 100644 --- a/sepolicy.c +++ b/sepolicy.c @@ -281,7 +281,7 @@ int create_domain(char *d) { symtab_datum_t *src = hashtab_search(policydb->p_types.table, d); if(src) { fprintf(stderr, "Domain %s already exists\n", d); - return 1; + return 0; } type_datum_t *typedatum = (type_datum_t *) malloc(sizeof(type_datum_t)); @@ -349,7 +349,7 @@ int set_domain_state(char* s, int state) { return 1; } } - + return 0; } @@ -511,7 +511,7 @@ int add_rule(char *s, char *t, char *c, char *p, int effect, int not) { fprintf(stderr, "No class is specified, cannot add perm [%s] \n", p); return 1; } - + if (cls != NULL) { perm = hashtab_search(cls->permissions.table, p); if (perm == NULL && cls->comdatum != NULL) {