TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-10-16 11:59:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Modernize magiskpolicy

Browse Source
This commit is contained in:
topjohnwu
2020-05-21 06:48:02 -07:00
parent e02e46d0fc
commit d4baae411b
9 changed files with 583 additions and 739 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
native/jni/include/magiskpolicy.hpp
View File

@@ -3,38 +3,55 @@
#include <stdlib.h>
#include <selinux.hpp>
#define ALL NULL
#define ALL nullptr
// policydb functions
int load_policydb(const char *file);
int load_split_cil();
int compile_split_cil();
int dump_policydb(const char *file);
void destroy_policydb();
struct policydb;
// Handy functions
int sepol_allow(const char *s, const char *t, const char *c, const char *p);
int sepol_deny(const char *s, const char *t, const char *c, const char *p);
int sepol_auditallow(const char *s, const char *t, const char *c, const char *p);
int sepol_dontaudit(const char *s, const char *t, const char *c, const char *p);
int sepol_typetrans(const char *s, const char *t, const char *c, const char *d);
int sepol_typechange(const char *s, const char *t, const char *c, const char *d);
int sepol_typemember(const char *s, const char *t, const char *c, const char *d);
int sepol_nametrans(const char *s, const char *t, const char *c, const char *d, const char *o);
int sepol_allowxperm(const char *s, const char *t, const char *c, const char *range);
int sepol_auditallowxperm(const char *s, const char *t, const char *c, const char *range);
int sepol_dontauditxperm(const char *s, const char *t, const char *c, const char *range);
int sepol_create(const char *s);
int sepol_permissive(const char *s);
int sepol_enforce(const char *s);
int sepol_attradd(const char *s, const char *a);
int sepol_genfscon(const char *name, const char *path, const char *context);
int sepol_exists(const char *source);
class sepolicy {
public:
typedef const char * c_str;
~sepolicy();
// Built in rules
void sepol_magisk_rules();
// Public static factory functions
static sepolicy *from_file(c_str file);
static sepolicy *from_split();
static sepolicy *compile_split();
// Statement parsing
void parse_statement(const char *statement);
void load_rule_file(const char *file);
void statement_help();
// External APIs
int to_file(c_str file);
void parse_statement(c_str stmt);
void load_rule_file(c_str file);
// Operation on types
int create(c_str type);
int permissive(c_str type);
int enforce(c_str type);
int typeattribute(c_str type, c_str attr);
int exists(c_str type);
// Access vector rules
int allow(c_str src, c_str tgt, c_str cls, c_str perm);
int deny(c_str src, c_str tgt, c_str cls, c_str perm);
int auditallow(c_str src, c_str tgt, c_str cls, c_str perm);
int dontaudit(c_str src, c_str tgt, c_str cls, c_str perm);
// Extended permissions access vector rules
int allowxperm(c_str src, c_str tgt, c_str cls, c_str range);
int auditallowxperm(c_str src, c_str tgt, c_str cls, c_str range);
int dontauditxperm(c_str src, c_str tgt, c_str cls, c_str range);
// Type rules
int type_transition(c_str src, c_str tgt, c_str cls, c_str def, c_str obj = nullptr);
int type_change(c_str src, c_str tgt, c_str cls, c_str def);
int type_member(c_str src, c_str tgt, c_str cls, c_str def);
// File system labeling
int genfscon(c_str fs_name, c_str path, c_str ctx);
// Magisk
void magisk_rules();
void allow_su_client(c_str type);
private:
policydb *db;
};