mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-25 08:47:38 +00:00
Reorganize magiskpolicy source code
This commit is contained in:
parent
efb3239cbd
commit
704f91545e
@ -15,7 +15,7 @@ android {
|
|||||||
externalNativeBuild {
|
externalNativeBuild {
|
||||||
ndkBuild {
|
ndkBuild {
|
||||||
// Pass arguments to ndk-build.
|
// Pass arguments to ndk-build.
|
||||||
arguments("B_MAGISK=1", "B_INIT=1", "B_BOOT=1", "B_TEST=1",
|
arguments("B_MAGISK=1", "B_INIT=1", "B_BOOT=1", "B_TEST=1", "B_POLICY=1",
|
||||||
"MAGISK_DEBUG=1", "MAGISK_VERSION=debug", "MAGISK_VER_CODE=INT_MAX")
|
"MAGISK_DEBUG=1", "MAGISK_VERSION=debug", "MAGISK_VER_CODE=INT_MAX")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -54,7 +54,7 @@ include $(CLEAR_VARS)
|
|||||||
LOCAL_MODULE := magiskinit
|
LOCAL_MODULE := magiskinit
|
||||||
LOCAL_STATIC_LIBRARIES := \
|
LOCAL_STATIC_LIBRARIES := \
|
||||||
libutilx \
|
libutilx \
|
||||||
libsepol \
|
libpolicy \
|
||||||
libxz
|
libxz
|
||||||
|
|
||||||
LOCAL_SRC_FILES := \
|
LOCAL_SRC_FILES := \
|
||||||
@ -63,11 +63,7 @@ LOCAL_SRC_FILES := \
|
|||||||
init/rootdir.cpp \
|
init/rootdir.cpp \
|
||||||
init/getinfo.cpp \
|
init/getinfo.cpp \
|
||||||
init/twostage.cpp \
|
init/twostage.cpp \
|
||||||
init/selinux.cpp \
|
init/selinux.cpp
|
||||||
magiskpolicy/sepolicy.cpp \
|
|
||||||
magiskpolicy/rules.cpp \
|
|
||||||
magiskpolicy/policydb.cpp \
|
|
||||||
magiskpolicy/statement.cpp
|
|
||||||
|
|
||||||
LOCAL_LDFLAGS := -static
|
LOCAL_LDFLAGS := -static
|
||||||
include $(BUILD_EXECUTABLE)
|
include $(BUILD_EXECUTABLE)
|
||||||
@ -110,14 +106,9 @@ include $(CLEAR_VARS)
|
|||||||
LOCAL_MODULE := magiskpolicy
|
LOCAL_MODULE := magiskpolicy
|
||||||
LOCAL_STATIC_LIBRARIES := \
|
LOCAL_STATIC_LIBRARIES := \
|
||||||
libutils \
|
libutils \
|
||||||
libsepol
|
libpolicy
|
||||||
|
|
||||||
LOCAL_SRC_FILES := \
|
LOCAL_SRC_FILES := magiskpolicy/main.cpp
|
||||||
magiskpolicy/main.cpp \
|
|
||||||
magiskpolicy/sepolicy.cpp \
|
|
||||||
magiskpolicy/rules.cpp \
|
|
||||||
magiskpolicy/policydb.cpp \
|
|
||||||
magiskpolicy/statement.cpp
|
|
||||||
|
|
||||||
include $(BUILD_EXECUTABLE)
|
include $(BUILD_EXECUTABLE)
|
||||||
|
|
||||||
@ -158,14 +149,30 @@ include $(BUILD_EXECUTABLE)
|
|||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
########################
|
||||||
|
# Libraries
|
||||||
|
########################
|
||||||
|
|
||||||
|
include $(CLEAR_VARS)
|
||||||
|
LOCAL_MODULE:= libpolicy
|
||||||
|
LOCAL_STATIC_LIBRARIES := \
|
||||||
|
libutils \
|
||||||
|
libsepol
|
||||||
|
LOCAL_C_INCLUDES := jni/magiskpolicy jni/magiskpolicy/include
|
||||||
|
LOCAL_EXPORT_C_INCLUDES := jni/magiskpolicy/include
|
||||||
|
LOCAL_SRC_FILES := \
|
||||||
|
magiskpolicy/api.cpp \
|
||||||
|
magiskpolicy/sepolicy.cpp \
|
||||||
|
magiskpolicy/rules.cpp \
|
||||||
|
magiskpolicy/policydb.cpp \
|
||||||
|
magiskpolicy/statement.cpp
|
||||||
|
include $(BUILD_STATIC_LIBRARY)
|
||||||
|
|
||||||
|
include jni/utils/Android.mk
|
||||||
|
include jni/external/Android.mk
|
||||||
|
|
||||||
ifdef B_BB
|
ifdef B_BB
|
||||||
|
|
||||||
include jni/external/busybox/Android.mk
|
include jni/external/busybox/Android.mk
|
||||||
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
########################
|
|
||||||
# Libraries
|
|
||||||
########################
|
|
||||||
include jni/utils/Android.mk
|
|
||||||
include jni/external/Android.mk
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#include <sys/mount.h>
|
#include <sys/mount.h>
|
||||||
|
|
||||||
#include <magisk.hpp>
|
#include <magisk.hpp>
|
||||||
#include <magiskpolicy.hpp>
|
#include <sepolicy.hpp>
|
||||||
#include <utils.hpp>
|
#include <utils.hpp>
|
||||||
|
|
||||||
#include "init.hpp"
|
#include "init.hpp"
|
||||||
|
105
native/jni/magiskpolicy/api.cpp
Normal file
105
native/jni/magiskpolicy/api.cpp
Normal file
@ -0,0 +1,105 @@
|
|||||||
|
#include <utils.hpp>
|
||||||
|
|
||||||
|
#include "policy.hpp"
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
// Print out all rules going through public API for debugging
|
||||||
|
template <typename ...Args>
|
||||||
|
static void dprint(const char *action, Args ...args) {
|
||||||
|
std::string s(action);
|
||||||
|
for (int i = 0; i < sizeof...(args); ++i) s += " %s";
|
||||||
|
s += "\n";
|
||||||
|
LOGD(s.data(), (args ? args : "*")...);
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
#define dprint(...)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
bool sepolicy::allow(const char *s, const char *t, const char *c, const char *p) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, p);
|
||||||
|
return impl->add_rule(s, t, c, p, AVTAB_ALLOWED, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::deny(const char *s, const char *t, const char *c, const char *p) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, p);
|
||||||
|
return impl->add_rule(s, t, c, p, AVTAB_ALLOWED, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::auditallow(const char *s, const char *t, const char *c, const char *p) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, p);
|
||||||
|
return impl->add_rule(s, t, c, p, AVTAB_AUDITALLOW, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::dontaudit(const char *s, const char *t, const char *c, const char *p) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, p);
|
||||||
|
return impl->add_rule(s, t, c, p, AVTAB_AUDITDENY, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::allowxperm(const char *s, const char *t, const char *c, const char *range) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, "ioctl", range);
|
||||||
|
return impl->add_xperm_rule(s, t, c, range, AVTAB_XPERMS_ALLOWED, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::auditallowxperm(const char *s, const char *t, const char *c, const char *range) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, "ioctl", range);
|
||||||
|
return impl->add_xperm_rule(s, t, c, range, AVTAB_XPERMS_AUDITALLOW, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::dontauditxperm(const char *s, const char *t, const char *c, const char *range) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, "ioctl", range);
|
||||||
|
return impl->add_xperm_rule(s, t, c, range, AVTAB_XPERMS_DONTAUDIT, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::type_change(const char *s, const char *t, const char *c, const char *d) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, d);
|
||||||
|
return impl->add_type_rule(s, t, c, d, AVTAB_CHANGE);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::type_member(const char *s, const char *t, const char *c, const char *d) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, d);
|
||||||
|
return impl->add_type_rule(s, t, c, d, AVTAB_MEMBER);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::type_transition(const char *s, const char *t, const char *c, const char *d, const char *o) {
|
||||||
|
if (o) {
|
||||||
|
dprint(__FUNCTION__, s, t, c, d, o);
|
||||||
|
return impl->add_filename_trans(s, t, c, d, o);
|
||||||
|
} else {
|
||||||
|
dprint(__FUNCTION__, s, t, c, d);
|
||||||
|
return impl->add_type_rule(s, t, c, d, AVTAB_TRANSITION);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::permissive(const char *s) {
|
||||||
|
dprint(__FUNCTION__, s);
|
||||||
|
return impl->set_type_state(s, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::enforce(const char *s) {
|
||||||
|
dprint(__FUNCTION__, s);
|
||||||
|
return impl->set_type_state(s, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::type(const char *name, const char *attr) {
|
||||||
|
dprint(__FUNCTION__, name, attr);
|
||||||
|
return impl->add_type(name, TYPE_TYPE) && impl->add_typeattribute(name, attr);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::attribute(const char *name) {
|
||||||
|
dprint(__FUNCTION__, name);
|
||||||
|
return impl->add_type(name, TYPE_ATTRIB);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::typeattribute(const char *type, const char *attr) {
|
||||||
|
dprint(__FUNCTION__, type, attr);
|
||||||
|
return impl->add_typeattribute(type, attr);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::genfscon(const char *fs_name, const char *path, const char *ctx) {
|
||||||
|
dprint(__FUNCTION__, fs_name, path, ctx);
|
||||||
|
return impl->add_genfscon(fs_name, path, ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool sepolicy::exists(const char *type) {
|
||||||
|
return hashtab_search(impl->db->p_types.table, type) != nullptr;
|
||||||
|
}
|
@ -6,12 +6,8 @@
|
|||||||
|
|
||||||
#define ALL nullptr
|
#define ALL nullptr
|
||||||
|
|
||||||
struct policydb;
|
struct sepolicy {
|
||||||
|
|
||||||
class sepolicy {
|
|
||||||
public:
|
|
||||||
using c_str = const char *;
|
using c_str = const char *;
|
||||||
~sepolicy();
|
|
||||||
|
|
||||||
// Public static factory functions
|
// Public static factory functions
|
||||||
static sepolicy *from_data(char *data, size_t len);
|
static sepolicy *from_data(char *data, size_t len);
|
||||||
@ -59,5 +55,6 @@ public:
|
|||||||
bool create(c_str name) { return type(name, "domain"); }
|
bool create(c_str name) { return type(name, "domain"); }
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
policydb *db;
|
// Prevent anyone from accidentally creating an instance
|
||||||
|
sepolicy() = default;
|
||||||
};
|
};
|
@ -1,8 +1,7 @@
|
|||||||
#include <utils.hpp>
|
#include <utils.hpp>
|
||||||
#include <vector>
|
#include <vector>
|
||||||
#include <magiskpolicy.hpp>
|
|
||||||
|
|
||||||
#include "sepolicy.hpp"
|
#include "policy.hpp"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#include <sepol/policydb/policydb.h>
|
// libse internal APIs, do not use directly
|
||||||
#include <magiskpolicy.hpp>
|
|
||||||
|
#include <sepol/policydb/policydb.h>
|
||||||
|
#include <sepolicy.hpp>
|
||||||
|
|
||||||
// Internal APIs, do not use directly
|
|
||||||
struct sepol_impl : public sepolicy {
|
struct sepol_impl : public sepolicy {
|
||||||
void check_avtab_node(avtab_ptr_t node);
|
|
||||||
avtab_ptr_t get_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xperms);
|
avtab_ptr_t get_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xperms);
|
||||||
bool add_rule(const char *s, const char *t, const char *c, const char *p, int effect, bool invert);
|
bool add_rule(const char *s, const char *t, const char *c, const char *p, int effect, bool invert);
|
||||||
void add_rule(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, perm_datum_t *perm, int effect, bool invert);
|
void add_rule(type_datum_t *src, type_datum_t *tgt, class_datum_t *cls, perm_datum_t *perm, int effect, bool invert);
|
||||||
@ -20,8 +20,13 @@ struct sepol_impl : public sepolicy {
|
|||||||
void add_typeattribute(type_datum_t *type, type_datum_t *attr);
|
void add_typeattribute(type_datum_t *type, type_datum_t *attr);
|
||||||
bool add_typeattribute(const char *type, const char *attr);
|
bool add_typeattribute(const char *type, const char *attr);
|
||||||
void strip_dontaudit();
|
void strip_dontaudit();
|
||||||
|
|
||||||
|
sepol_impl(policydb *db) : db(db) {}
|
||||||
|
~sepol_impl();
|
||||||
|
|
||||||
|
policydb *db;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define impl static_cast<sepol_impl *>(this)
|
#define impl reinterpret_cast<sepol_impl *>(this)
|
||||||
|
|
||||||
void statement_help();
|
void statement_help();
|
@ -7,9 +7,8 @@
|
|||||||
|
|
||||||
#include <utils.hpp>
|
#include <utils.hpp>
|
||||||
#include <stream.hpp>
|
#include <stream.hpp>
|
||||||
#include <magiskpolicy.hpp>
|
|
||||||
|
|
||||||
#include "sepolicy.hpp"
|
#include "policy.hpp"
|
||||||
|
|
||||||
#define SHALEN 64
|
#define SHALEN 64
|
||||||
static bool cmp_sha256(const char *a, const char *b) {
|
static bool cmp_sha256(const char *a, const char *b) {
|
||||||
@ -95,8 +94,7 @@ sepolicy *sepolicy::from_data(char *data, size_t len) {
|
|||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
auto sepol = new sepolicy();
|
auto sepol = new sepol_impl(db);
|
||||||
sepol->db = db;
|
|
||||||
return sepol;
|
return sepol;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -116,8 +114,7 @@ sepolicy *sepolicy::from_file(const char *file) {
|
|||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
auto sepol = new sepolicy();
|
auto sepol = new sepol_impl(db);
|
||||||
sepol->db = db;
|
|
||||||
return sepol;
|
return sepol;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -216,8 +213,7 @@ sepolicy *sepolicy::compile_split() {
|
|||||||
if (cil_build_policydb(db, &pdb))
|
if (cil_build_policydb(db, &pdb))
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
||||||
auto sepol = new sepolicy();
|
auto sepol = new sepol_impl(&pdb->p);
|
||||||
sepol->db = &pdb->p;
|
|
||||||
return sepol;
|
return sepol;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -232,7 +228,7 @@ sepolicy *sepolicy::from_split() {
|
|||||||
return sepolicy::compile_split();
|
return sepolicy::compile_split();
|
||||||
}
|
}
|
||||||
|
|
||||||
sepolicy::~sepolicy() {
|
sepol_impl::~sepol_impl() {
|
||||||
policydb_destroy(db);
|
policydb_destroy(db);
|
||||||
free(db);
|
free(db);
|
||||||
}
|
}
|
||||||
@ -241,8 +237,8 @@ bool sepolicy::to_file(const char *file) {
|
|||||||
uint8_t *data;
|
uint8_t *data;
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
/* No partial writes are allowed to /sys/fs/selinux/load, thus the reason why we
|
// No partial writes are allowed to /sys/fs/selinux/load, thus the reason why we
|
||||||
* first dump everything into memory, then directly call write system call */
|
// first dump everything into memory, then directly call write system call
|
||||||
|
|
||||||
auto fp = make_stream_fp<byte_stream>(data, len);
|
auto fp = make_stream_fp<byte_stream>(data, len);
|
||||||
run_finally fin([=]{ free(data); });
|
run_finally fin([=]{ free(data); });
|
||||||
@ -251,7 +247,7 @@ bool sepolicy::to_file(const char *file) {
|
|||||||
policy_file_init(&pf);
|
policy_file_init(&pf);
|
||||||
pf.type = PF_USE_STDIO;
|
pf.type = PF_USE_STDIO;
|
||||||
pf.fp = fp.get();
|
pf.fp = fp.get();
|
||||||
if (policydb_write(db, &pf)) {
|
if (policydb_write(impl->db, &pf)) {
|
||||||
LOGE("Fail to create policy image\n");
|
LOGE("Fail to create policy image\n");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
#include <utils.hpp>
|
#include <utils.hpp>
|
||||||
#include <magiskpolicy.hpp>
|
|
||||||
|
|
||||||
#include "sepolicy.hpp"
|
#include "policy.hpp"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
@ -27,7 +26,7 @@ void sepolicy::magisk_rules() {
|
|||||||
// Make our root domain unconstrained
|
// Make our root domain unconstrained
|
||||||
allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
|
allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
|
||||||
// Allow us to do any ioctl
|
// Allow us to do any ioctl
|
||||||
if (db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
|
if (impl->db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
|
||||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "blk_file", ALL);
|
allowxperm(SEPOL_PROC_DOMAIN, ALL, "blk_file", ALL);
|
||||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "fifo_file", ALL);
|
allowxperm(SEPOL_PROC_DOMAIN, ALL, "fifo_file", ALL);
|
||||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "chr_file", ALL);
|
allowxperm(SEPOL_PROC_DOMAIN, ALL, "chr_file", ALL);
|
||||||
|
@ -1,22 +1,6 @@
|
|||||||
#include <sepol/policydb/policydb.h>
|
|
||||||
|
|
||||||
#include <magiskpolicy.hpp>
|
|
||||||
#include <utils.hpp>
|
#include <utils.hpp>
|
||||||
|
|
||||||
#include "sepolicy.hpp"
|
#include "policy.hpp"
|
||||||
|
|
||||||
#if 0
|
|
||||||
// Print out all rules going through public API for debugging
|
|
||||||
template <typename ...Args>
|
|
||||||
static void dprint(const char *action, Args ...args) {
|
|
||||||
std::string s(action);
|
|
||||||
for (int i = 0; i < sizeof...(args); ++i) s += " %s";
|
|
||||||
s += "\n";
|
|
||||||
LOGD(s.data(), (args ? args : "*")...);
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
#define dprint(...)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// Invert is adding rules for auditdeny; in other cases, invert is removing rules
|
// Invert is adding rules for auditdeny; in other cases, invert is removing rules
|
||||||
#define strip_av(effect, invert) ((effect == AVTAB_AUDITDENY) == !invert)
|
#define strip_av(effect, invert) ((effect == AVTAB_AUDITDENY) == !invert)
|
||||||
@ -106,16 +90,15 @@ static int avtab_remove_node(avtab_t *h, avtab_ptr_t node) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void sepol_impl::check_avtab_node(avtab_ptr_t node) {
|
static bool is_redundant(avtab_ptr_t node) {
|
||||||
bool redundant;
|
switch (node->key.specified) {
|
||||||
if (node->key.specified == AVTAB_AUDITDENY)
|
case AVTAB_AUDITDENY:
|
||||||
redundant = node->datum.data == ~0U;
|
return node->datum.data == ~0U;
|
||||||
else if (node->key.specified & AVTAB_XPERMS)
|
case AVTAB_XPERMS:
|
||||||
redundant = node->datum.xperms == nullptr;
|
return node->datum.xperms == nullptr;
|
||||||
else
|
default:
|
||||||
redundant = node->datum.data == 0U;
|
return node->datum.data == 0U;
|
||||||
if (redundant)
|
}
|
||||||
avtab_remove_node(&db->te_avtab, node);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
avtab_ptr_t sepol_impl::get_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xperms) {
|
avtab_ptr_t sepol_impl::get_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xperms) {
|
||||||
@ -199,7 +182,9 @@ void sepol_impl::add_rule(type_datum_t *src, type_datum_t *tgt, class_datum_t *c
|
|||||||
else
|
else
|
||||||
node->datum.data = ~0U;
|
node->datum.data = ~0U;
|
||||||
}
|
}
|
||||||
check_avtab_node(node);
|
|
||||||
|
if (is_redundant(node))
|
||||||
|
avtab_remove_node(&db->te_avtab, node);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -622,92 +607,3 @@ void sepol_impl::strip_dontaudit() {
|
|||||||
avtab_remove_node(&db->te_avtab, node);
|
avtab_remove_node(&db->te_avtab, node);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
bool sepolicy::allow(const char *s, const char *t, const char *c, const char *p) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, p);
|
|
||||||
return impl->add_rule(s, t, c, p, AVTAB_ALLOWED, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::deny(const char *s, const char *t, const char *c, const char *p) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, p);
|
|
||||||
return impl->add_rule(s, t, c, p, AVTAB_ALLOWED, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::auditallow(const char *s, const char *t, const char *c, const char *p) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, p);
|
|
||||||
return impl->add_rule(s, t, c, p, AVTAB_AUDITALLOW, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::dontaudit(const char *s, const char *t, const char *c, const char *p) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, p);
|
|
||||||
return impl->add_rule(s, t, c, p, AVTAB_AUDITDENY, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::allowxperm(const char *s, const char *t, const char *c, const char *range) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, "ioctl", range);
|
|
||||||
return impl->add_xperm_rule(s, t, c, range, AVTAB_XPERMS_ALLOWED, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::auditallowxperm(const char *s, const char *t, const char *c, const char *range) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, "ioctl", range);
|
|
||||||
return impl->add_xperm_rule(s, t, c, range, AVTAB_XPERMS_AUDITALLOW, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::dontauditxperm(const char *s, const char *t, const char *c, const char *range) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, "ioctl", range);
|
|
||||||
return impl->add_xperm_rule(s, t, c, range, AVTAB_XPERMS_DONTAUDIT, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::type_change(const char *s, const char *t, const char *c, const char *d) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, d);
|
|
||||||
return impl->add_type_rule(s, t, c, d, AVTAB_CHANGE);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::type_member(const char *s, const char *t, const char *c, const char *d) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, d);
|
|
||||||
return impl->add_type_rule(s, t, c, d, AVTAB_MEMBER);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::type_transition(const char *s, const char *t, const char *c, const char *d, const char *o) {
|
|
||||||
if (o) {
|
|
||||||
dprint(__FUNCTION__, s, t, c, d, o);
|
|
||||||
return impl->add_filename_trans(s, t, c, d, o);
|
|
||||||
} else {
|
|
||||||
dprint(__FUNCTION__, s, t, c, d);
|
|
||||||
return impl->add_type_rule(s, t, c, d, AVTAB_TRANSITION);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::permissive(const char *s) {
|
|
||||||
dprint(__FUNCTION__, s);
|
|
||||||
return impl->set_type_state(s, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::enforce(const char *s) {
|
|
||||||
dprint(__FUNCTION__, s);
|
|
||||||
return impl->set_type_state(s, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::type(const char *name, const char *attr) {
|
|
||||||
dprint(__FUNCTION__, name, attr);
|
|
||||||
return impl->add_type(name, TYPE_TYPE) && impl->add_typeattribute(name, attr);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::attribute(const char *name) {
|
|
||||||
dprint(__FUNCTION__, name);
|
|
||||||
return impl->add_type(name, TYPE_ATTRIB);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::typeattribute(const char *type, const char *attr) {
|
|
||||||
dprint(__FUNCTION__, type, attr);
|
|
||||||
return impl->add_typeattribute(type, attr);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::genfscon(const char *fs_name, const char *path, const char *ctx) {
|
|
||||||
dprint(__FUNCTION__, fs_name, path, ctx);
|
|
||||||
return impl->add_genfscon(fs_name, path, ctx);
|
|
||||||
}
|
|
||||||
|
|
||||||
bool sepolicy::exists(const char *source) {
|
|
||||||
return hashtab_search(db->p_types.table, source) != nullptr;
|
|
||||||
}
|
|
||||||
|
@ -2,10 +2,9 @@
|
|||||||
#include <vector>
|
#include <vector>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
#include <magiskpolicy.hpp>
|
|
||||||
#include <utils.hpp>
|
#include <utils.hpp>
|
||||||
|
|
||||||
#include "sepolicy.hpp"
|
#include "policy.hpp"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user