diff --git a/native/src/sepolicy/cli.rs b/native/src/sepolicy/cli.rs index 3e3b46353..2d54c04e2 100644 --- a/native/src/sepolicy/cli.rs +++ b/native/src/sepolicy/cli.rs @@ -3,7 +3,7 @@ use argh::FromArgs; use base::{ EarlyExitExt, LoggedResult, Utf8CStr, cmdline_logging, cstr, libc::umask, log_err, map_args, }; -use std::{ffi::c_char, io::Cursor}; +use std::ffi::c_char; #[derive(FromArgs)] struct Cli { @@ -116,7 +116,7 @@ pub unsafe extern "C" fn main( } for statement in &cli.polices { - sepol.load_rules_from_reader(&mut Cursor::new(statement)); + sepol.load_rules(statement); } if cli.live && !sepol.to_file(cstr!("/sys/fs/selinux/load")) { diff --git a/native/src/sepolicy/include/sepolicy.hpp b/native/src/sepolicy/include/sepolicy.hpp index 3fc7f7e65..1211c62c5 100644 --- a/native/src/sepolicy/include/sepolicy.hpp +++ b/native/src/sepolicy/include/sepolicy.hpp @@ -17,8 +17,4 @@ // selinuxfs paths #define SELINUX_MNT "/sys/fs/selinux" -#define SELINUX_ENFORCE SELINUX_MNT "/enforce" -#define SELINUX_POLICY SELINUX_MNT "/policy" -#define SELINUX_LOAD SELINUX_MNT "/load" #define SELINUX_VERSION SELINUX_MNT "/policyvers" -#define SELINUX_REQPROT SELINUX_MNT "/checkreqprot" diff --git a/native/src/sepolicy/lib.rs b/native/src/sepolicy/lib.rs index 4db32aa1e..c24ec5b6a 100644 --- a/native/src/sepolicy/lib.rs +++ b/native/src/sepolicy/lib.rs @@ -4,7 +4,6 @@ pub use base; use base::libc::{O_CLOEXEC, O_RDONLY}; use base::{BufReadExt, FsPath, LoggedResult, Utf8CStr}; -use cxx::CxxString; use std::fmt::Write; use std::io::{BufRead, BufReader, Cursor}; @@ -84,43 +83,12 @@ pub mod ffi { } extern "Rust" { - fn parse_statement(self: &mut SePolicy, statement: Utf8CStrRef); - fn magisk_rules(self: &mut SePolicy); - fn load_rule_file(self: &mut SePolicy, filename: Utf8CStrRef); - #[cxx_name = "load_rules"] - fn load_rules_for_cxx(self: &mut SePolicy, rules: &CxxString); #[Self = SePolicy] fn xperm_to_string(perm: &Xperm) -> String; } } impl SePolicy { - fn load_rules_for_cxx(self: &mut SePolicy, rules: &CxxString) { - let mut cursor = Cursor::new(rules.as_bytes()); - self.load_rules_from_reader(&mut cursor); - } - - pub fn load_rules(self: &mut SePolicy, rules: &str) { - let mut cursor = Cursor::new(rules.as_bytes()); - self.load_rules_from_reader(&mut cursor); - } - - pub fn load_rule_file(self: &mut SePolicy, filename: &Utf8CStr) { - let result: LoggedResult<()> = try { - let file = FsPath::from(filename).open(O_RDONLY | O_CLOEXEC)?; - let mut reader = BufReader::new(file); - self.load_rules_from_reader(&mut reader); - }; - result.ok(); - } - - fn load_rules_from_reader(self: &mut SePolicy, reader: &mut T) { - reader.foreach_lines(|line| { - self.parse_statement(line); - true - }); - } - fn xperm_to_string(perm: &ffi::Xperm) -> String { let mut s = String::new(); if perm.reset { diff --git a/native/src/sepolicy/statement.rs b/native/src/sepolicy/statement.rs index cffbcab4a..ae03b6e9d 100644 --- a/native/src/sepolicy/statement.rs +++ b/native/src/sepolicy/statement.rs @@ -1,10 +1,11 @@ use std::fmt::{Display, Formatter, Write}; -use std::io::stderr; +use std::io::{BufRead, BufReader, Cursor, stderr}; use std::{iter::Peekable, vec::IntoIter}; -use crate::ffi::Xperm; use crate::SePolicy; -use base::{error, warn, FmtAdaptor}; +use crate::ffi::Xperm; +use base::libc::{O_CLOEXEC, O_RDONLY}; +use base::{BufReadExt, FmtAdaptor, FsPath, LoggedResult, Utf8CStr, error, warn}; pub enum Token<'a> { AL, @@ -442,7 +443,28 @@ fn tokenize_statement(statement: &str) -> Vec { } impl SePolicy { - pub fn parse_statement(self: &mut SePolicy, statement: &str) { + pub fn load_rules(self: &mut SePolicy, rules: &str) { + let mut cursor = Cursor::new(rules.as_bytes()); + self.load_rules_from_reader(&mut cursor); + } + + pub fn load_rule_file(self: &mut SePolicy, filename: &Utf8CStr) { + let result: LoggedResult<()> = try { + let file = FsPath::from(filename).open(O_RDONLY | O_CLOEXEC)?; + let mut reader = BufReader::new(file); + self.load_rules_from_reader(&mut reader); + }; + result.ok(); + } + + fn load_rules_from_reader(self: &mut SePolicy, reader: &mut T) { + reader.foreach_lines(|line| { + self.parse_statement(line); + true + }); + } + + fn parse_statement(self: &mut SePolicy, statement: &str) { let statement = statement.trim(); if statement.is_empty() || statement.starts_with('#') { return;