mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-25 12:47:38 +00:00
Refacter add_rule to auto mode
This commit is contained in:
parent
3f43567c8f
commit
60a7eaf2bb
@ -166,42 +166,6 @@ int add_irule(int s, int t, int c, int p, int effect, int not, policydb_t* polic
|
||||
return 0;
|
||||
}
|
||||
|
||||
int add_rule(char *s, char *t, char *c, char *p, int effect, int not, policydb_t *policy) {
|
||||
type_datum_t *src, *tgt;
|
||||
class_datum_t *cls;
|
||||
perm_datum_t *perm;
|
||||
|
||||
src = hashtab_search(policy->p_types.table, s);
|
||||
if (src == NULL) {
|
||||
fprintf(stderr, "source type %s does not exist\n", s);
|
||||
return 1;
|
||||
}
|
||||
tgt = hashtab_search(policy->p_types.table, t);
|
||||
if (tgt == NULL) {
|
||||
fprintf(stderr, "target type %s does not exist\n", t);
|
||||
return 1;
|
||||
}
|
||||
cls = hashtab_search(policy->p_classes.table, c);
|
||||
if (cls == NULL) {
|
||||
fprintf(stderr, "class %s does not exist\n", c);
|
||||
return 1;
|
||||
}
|
||||
perm = hashtab_search(cls->permissions.table, p);
|
||||
if (perm == NULL) {
|
||||
if (cls->comdatum == NULL) {
|
||||
fprintf(stderr, "perm %s does not exist in class %s\n", p, c);
|
||||
return 1;
|
||||
}
|
||||
perm = hashtab_search(cls->comdatum->permissions.table, p);
|
||||
if (perm == NULL) {
|
||||
fprintf(stderr, "perm %s does not exist in class %s\n", p, c);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
return add_irule(src->s.value, tgt->s.value, cls->s.value, perm->s.value, effect, not, policy);
|
||||
}
|
||||
|
||||
int add_typerule(char *s, char *targetAttribute, char **minusses, char *c, char *p, int effect, int not, policydb_t *policy) {
|
||||
type_datum_t *src, *tgt;
|
||||
class_datum_t *cls;
|
||||
@ -433,8 +397,7 @@ int load_policy(char *filename, policydb_t *policydb, struct policy_file *pf) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int auto_allow(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, policydb_t *policy) {
|
||||
perm_datum_t *perm;
|
||||
int add_rule_auto(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, perm_datum_t *perm, int effect, int not, policydb_t *policy) {
|
||||
hashtab_t type_table, class_table, perm_table;
|
||||
hashtab_ptr_t cur;
|
||||
|
||||
@ -446,7 +409,7 @@ int auto_allow(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, policyd
|
||||
cur = type_table->htable[i];
|
||||
while (cur != NULL) {
|
||||
src = cur->datum;
|
||||
if(auto_allow(src, tgt, cls, policy))
|
||||
if(add_rule_auto(src, tgt, cls, perm, effect, not, policy))
|
||||
return 1;
|
||||
cur = cur->next;
|
||||
}
|
||||
@ -456,7 +419,7 @@ int auto_allow(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, policyd
|
||||
cur = type_table->htable[i];
|
||||
while (cur != NULL) {
|
||||
tgt = cur->datum;
|
||||
if(auto_allow(src, tgt, cls, policy))
|
||||
if(add_rule_auto(src, tgt, cls, perm, effect, not, policy))
|
||||
return 1;
|
||||
cur = cur->next;
|
||||
}
|
||||
@ -466,18 +429,18 @@ int auto_allow(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, policyd
|
||||
cur = class_table->htable[i];
|
||||
while (cur != NULL) {
|
||||
cls = cur->datum;
|
||||
if(auto_allow(src, tgt, cls, policy))
|
||||
if(add_rule_auto(src, tgt, cls, perm, effect, not, policy))
|
||||
return 1;
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
} else if (perm == NULL) {
|
||||
perm_table = cls->permissions.table;
|
||||
for (int i = 0; i < perm_table->size; ++i) {
|
||||
cur = perm_table->htable[i];
|
||||
while (cur != NULL) {
|
||||
perm = cur->datum;
|
||||
if(add_irule(src->s.value, tgt->s.value, cls->s.value, perm->s.value, AVTAB_ALLOWED, 0, policy))
|
||||
if(add_irule(src->s.value, tgt->s.value, cls->s.value, perm->s.value, effect, not, policy))
|
||||
return 1;
|
||||
cur = cur->next;
|
||||
}
|
||||
@ -489,16 +452,67 @@ int auto_allow(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, policyd
|
||||
cur = perm_table->htable[i];
|
||||
while (cur != NULL) {
|
||||
perm = cur->datum;
|
||||
if(add_irule(src->s.value, tgt->s.value, cls->s.value, perm->s.value, AVTAB_ALLOWED, 0, policy))
|
||||
if(add_irule(src->s.value, tgt->s.value, cls->s.value, perm->s.value, effect, not, policy))
|
||||
return 1;
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return add_irule(src->s.value, tgt->s.value, cls->s.value, perm->s.value, effect, not, policy);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int add_rule(char *s, char *t, char *c, char *p, int effect, int not, policydb_t *policy) {
|
||||
type_datum_t *src = NULL, *tgt = NULL;
|
||||
class_datum_t *cls = NULL;
|
||||
perm_datum_t *perm = NULL;
|
||||
|
||||
if (s) {
|
||||
src = hashtab_search(policy->p_types.table, s);
|
||||
if (src == NULL) {
|
||||
fprintf(stderr, "source type %s does not exist\n", s);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (t) {
|
||||
tgt = hashtab_search(policy->p_types.table, t);
|
||||
if (tgt == NULL) {
|
||||
fprintf(stderr, "target type %s does not exist\n", t);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (c) {
|
||||
cls = hashtab_search(policy->p_classes.table, c);
|
||||
if (cls == NULL) {
|
||||
fprintf(stderr, "class %s does not exist\n", c);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (p) {
|
||||
if (c == NULL) {
|
||||
fprintf(stderr, "No class is specified, cannot add perm [%s] \n", p);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (cls != NULL) {
|
||||
perm = hashtab_search(cls->permissions.table, p);
|
||||
if (perm == NULL && cls->comdatum != NULL) {
|
||||
perm = hashtab_search(cls->comdatum->permissions.table, p);
|
||||
}
|
||||
if (perm == NULL) {
|
||||
fprintf(stderr, "perm %s does not exist in class %s\n", p, c);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
return add_rule_auto(src, tgt, cls, perm, effect, not, policy);
|
||||
}
|
||||
|
||||
int live_patch(policydb_t *policydb) {
|
||||
char *filename = "/sys/fs/selinux/load";
|
||||
int fd, ret;
|
||||
@ -506,6 +520,7 @@ int live_patch(policydb_t *policydb) {
|
||||
size_t len;
|
||||
|
||||
policydb_to_image(NULL, policydb, &data, &len);
|
||||
if (data == NULL) fprintf(stderr, "Error!");
|
||||
|
||||
// based on libselinux security_load_policy()
|
||||
fd = open(filename, O_RDWR);
|
||||
@ -528,7 +543,7 @@ int main(int argc, char **argv)
|
||||
{
|
||||
char *policy = NULL, *source = NULL, *target = NULL, *class = NULL, *perm = NULL;
|
||||
char *fcon = NULL, *outfile = NULL, *permissive = NULL, *attr = NULL, *filetrans = NULL;
|
||||
int exists = 0, not = 0, autoAllow = 0, live = 0;
|
||||
int exists = 0, not = 0, live = 0, builtin = 0;
|
||||
policydb_t policydb;
|
||||
struct policy_file pf, outpf;
|
||||
sidtab_t sidtab;
|
||||
@ -546,12 +561,11 @@ int main(int argc, char **argv)
|
||||
{"fcon", required_argument, NULL, 'f'},
|
||||
{"filetransition", required_argument, NULL, 'g'},
|
||||
{"noaudit", no_argument, NULL, 'n'},
|
||||
{"policy", required_argument, NULL, 'P'},
|
||||
{"file", required_argument, NULL, 'P'},
|
||||
{"output", required_argument, NULL, 'o'},
|
||||
{"permissive", required_argument, NULL, 'Z'},
|
||||
{"not-permissive", required_argument, NULL, 'z'},
|
||||
{"not", no_argument, NULL, 0},
|
||||
{"auto", no_argument, NULL, 0},
|
||||
{"live", no_argument, NULL, 0},
|
||||
{NULL, 0, NULL, 0}
|
||||
};
|
||||
@ -562,8 +576,6 @@ int main(int argc, char **argv)
|
||||
case 0:
|
||||
if(strcmp(long_options[option_index].name, "not") == 0)
|
||||
not = 1;
|
||||
else if(strcmp(long_options[option_index].name, "auto") == 0)
|
||||
autoAllow = 1;
|
||||
else if(strcmp(long_options[option_index].name, "live") == 0)
|
||||
live = 1;
|
||||
else
|
||||
@ -615,12 +627,15 @@ int main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
if ((!source || !target || !class || !perm) && !permissive && !fcon && !attr &&!filetrans && !exists && !auto_allow )
|
||||
usage(argv[0]);
|
||||
// Use builtin rules if nothing specified
|
||||
if (!source && !target && !class && !perm && !permissive && !fcon && !attr &&!filetrans && !exists)
|
||||
builtin = 1;
|
||||
|
||||
// Overwrite original if not specified
|
||||
if(!outfile)
|
||||
outfile = policy;
|
||||
|
||||
// Use current policy if not specified
|
||||
if(!policy)
|
||||
policy = "/sys/fs/selinux/policy";
|
||||
|
||||
@ -635,18 +650,11 @@ int main(int argc, char **argv)
|
||||
if (policydb_load_isids(&policydb, &sidtab))
|
||||
return 1;
|
||||
|
||||
if (autoAllow) {
|
||||
type_datum_t *src = NULL, *tgt = NULL;
|
||||
class_datum_t *cls = NULL;
|
||||
if (source)
|
||||
src = hashtab_search(policydb.p_types.table, source);
|
||||
if (target)
|
||||
tgt = hashtab_search(policydb.p_types.table, target);
|
||||
if (class)
|
||||
cls = hashtab_search(policydb.p_classes.table, class);
|
||||
if (auto_allow(src, tgt, cls, &policydb))
|
||||
return 1;
|
||||
} else if (permissive) {
|
||||
if (builtin) {
|
||||
// TODO: Create builtin rules
|
||||
// builtin(&policydb);
|
||||
}
|
||||
else if (permissive) {
|
||||
type_datum_t *type;
|
||||
create_domain(permissive, &policydb);
|
||||
type = hashtab_search(policydb.p_types.table, permissive);
|
||||
@ -688,23 +696,26 @@ int main(int argc, char **argv)
|
||||
return 1;
|
||||
} else {
|
||||
//Add a rule to a whole set of typeattribute, not just a type
|
||||
if(*target == '=') {
|
||||
char *saveptr = NULL;
|
||||
if (target != NULL) {
|
||||
if(*target == '=') {
|
||||
char *saveptr = NULL;
|
||||
|
||||
char *targetAttribute = strtok_r(target, "-", &saveptr);
|
||||
char *targetAttribute = strtok_r(target, "-", &saveptr);
|
||||
|
||||
char *vals[64];
|
||||
int i = 0;
|
||||
char *vals[64];
|
||||
int i = 0;
|
||||
|
||||
char *m = NULL;
|
||||
while( (m = strtok_r(NULL, "-", &saveptr)) != NULL) {
|
||||
vals[i++] = m;
|
||||
char *m = NULL;
|
||||
while( (m = strtok_r(NULL, "-", &saveptr)) != NULL) {
|
||||
vals[i++] = m;
|
||||
}
|
||||
vals[i] = NULL;
|
||||
|
||||
if(add_typerule(source, targetAttribute+1, vals, class, perm, AVTAB_ALLOWED, not, &policydb))
|
||||
return 1;
|
||||
}
|
||||
vals[i] = NULL;
|
||||
|
||||
if(add_typerule(source, targetAttribute+1, vals, class, perm, AVTAB_ALLOWED, not, &policydb))
|
||||
return 1;
|
||||
} else {
|
||||
}
|
||||
if (perm != NULL) {
|
||||
char *saveptr = NULL;
|
||||
|
||||
char *p = strtok_r(perm, ",", &saveptr);
|
||||
@ -714,6 +725,11 @@ int main(int argc, char **argv)
|
||||
return 1;
|
||||
}
|
||||
} while( (p = strtok_r(NULL, ",", &saveptr)) != NULL);
|
||||
} else {
|
||||
if (add_rule(source, target, class, perm, AVTAB_ALLOWED, not, &policydb)) {
|
||||
fprintf(stderr, "Could not add rule\n");
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user