Support compiling split cils via magiskpolicy CLI

2025-10-18 07:01:52 +00:00 · 2018-07-21 05:12:22 +08:00
parent 6263d684d9
commit 91818cfa1a
8 changed files with 151 additions and 130 deletions
--- a/native/jni/magiskpolicy/sepolicy.c
+++ b/native/jni/magiskpolicy/sepolicy.c
@@ -1,7 +1,31 @@
+#include <dirent.h>
+#include <getopt.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <limits.h>
+#include <string.h>
+#include <cil/cil.h>
+#include <sepol/debug.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/avrule_block.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/constraint.h>
+
+#include "utils.h"
 #include "magiskpolicy.h"
 #include "sepolicy.h"
+#include "vector.h"

 policydb_t *policydb = NULL;
+extern int policydb_index_decls(sepol_handle_t * handle, policydb_t * p);

 static void *cmalloc(size_t s) {
 	void *t = calloc(s, 1);
@@ -245,6 +269,69 @@ int load_policydb(const char *filename) {
 	return 0;
 }

+int compile_split_cil() {
+	DIR *dir;
+	struct dirent *entry;
+	char path[128];
+
+	struct cil_db *db = NULL;
+	sepol_policydb_t *pdb = NULL;
+	void *addr;
+	size_t size;
+
+	cil_db_init(&db);
+	cil_set_mls(db, 1);
+	cil_set_multiple_decls(db, 1);
+	cil_set_disable_neverallow(db, 1);
+	cil_set_target_platform(db, SEPOL_TARGET_SELINUX);
+	cil_set_policy_version(db, POLICYDB_VERSION_XPERMS_IOCTL);
+	cil_set_attrs_expand_generated(db, 0);
+
+	// plat
+	mmap_ro(SPLIT_PLAT_CIL, &addr, &size);
+	if (cil_add_file(db, SPLIT_PLAT_CIL, addr, size))
+		return 1;
+	fprintf(stderr, "cil_add[%s]\n", SPLIT_PLAT_CIL);
+	munmap(addr, size);
+
+	// mapping
+	char plat[10];
+	int fd = open(SPLIT_NONPLAT_VER, O_RDONLY | O_CLOEXEC);
+	plat[read(fd, plat, sizeof(plat)) - 1] = '\0';
+	sprintf(path, SPLIT_PLAT_MAPPING, plat);
+	mmap_ro(path, &addr, &size);
+	if (cil_add_file(db, path, addr, size))
+		return 1;
+	fprintf(stderr, "cil_add[%s]\n", path);
+	munmap(addr, size);
+	close(fd);
+
+	// nonplat
+	dir = opendir(NONPLAT_POLICY_DIR);
+	while ((entry = readdir(dir))) {
+		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+			continue;
+		if (strend(entry->d_name, ".cil") == 0) {
+			sprintf(path, NONPLAT_POLICY_DIR "%s", entry->d_name);
+			mmap_ro(path, &addr, &size);
+			if (cil_add_file(db, path, addr, size))
+				return 1;
+			fprintf(stderr, "cil_add[%s]\n", path);
+			munmap(addr, size);
+		}
+	}
+	closedir(dir);
+
+	if (cil_compile(db))
+		return 1;
+	if (cil_build_policydb(db, &pdb))
+		return 1;
+
+	cil_db_destroy(&db);
+	policydb = &pdb->p;
+	return 0;
+}
+
 int dump_policydb(const char *filename) {
 	int fd, ret;
 	void *data = NULL;