1/*
  2 *
  3 * mdp - make dummy policy
  4 *
  5 * When pointed at a kernel tree, builds a dummy policy for that kernel
  6 * with exactly one type with full rights to itself.
  7 *
  8 * This program is free software; you can redistribute it and/or modify
  9 * it under the terms of the GNU General Public License as published by
 10 * the Free Software Foundation; either version 2 of the License, or
 11 * (at your option) any later version.
 12 *
 13 * This program is distributed in the hope that it will be useful,
 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 16 * GNU General Public License for more details.
 17 *
 18 * You should have received a copy of the GNU General Public License
 19 * along with this program; if not, write to the Free Software
 20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 21 *
 22 * Copyright (C) IBM Corporation, 2006
 23 *
 24 * Authors: Serge E. Hallyn <serue@us.ibm.com>
 25 */
 26
 27#include <stdio.h>
 28#include <stdlib.h>
 29#include <unistd.h>
 30#include <string.h>
 31
 32static void usage(char *name)
 33{
 34	printf("usage: %s [-m] policy_file context_file\n", name);
 35	exit(1);
 36}
 37
 38/* Class/perm mapping support */
 39struct security_class_mapping {
 40	const char *name;
 41	const char *perms[sizeof(unsigned) * 8 + 1];
 42};
 43
 44#include "classmap.h"
 45#include "initial_sid_to_string.h"
 46
 47int main(int argc, char *argv[])
 48{
 49	int i, j, mls = 0;
 50	int initial_sid_to_string_len;
 51	char **arg, *polout, *ctxout;
 52
 53	FILE *fout;
 54
 55	if (argc < 3)
 56		usage(argv[0]);
 57	arg = argv+1;
 58	if (argc==4 && strcmp(argv[1], "-m") == 0) {
 59		mls = 1;
 60		arg++;
 61	}
 62	polout = *arg++;
 63	ctxout = *arg;
 64
 65	fout = fopen(polout, "w");
 66	if (!fout) {
 67		printf("Could not open %s for writing\n", polout);
 68		usage(argv[0]);
 69	}
 70
 71	/* print out the classes */
 72	for (i = 0; secclass_map[i].name; i++)
 73		fprintf(fout, "class %s\n", secclass_map[i].name);
 74	fprintf(fout, "\n");
 75
 76	initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *);
 77	/* print out the sids */
 78	for (i = 1; i < initial_sid_to_string_len; i++)
 79		fprintf(fout, "sid %s\n", initial_sid_to_string[i]);
 80	fprintf(fout, "\n");
 81
 82	/* print out the class permissions */
 83	for (i = 0; secclass_map[i].name; i++) {
 84		struct security_class_mapping *map = &secclass_map[i];
 85		fprintf(fout, "class %s\n", map->name);
 86		fprintf(fout, "{\n");
 87		for (j = 0; map->perms[j]; j++)
 88			fprintf(fout, "\t%s\n", map->perms[j]);
 89		fprintf(fout, "}\n\n");
 90	}
 91	fprintf(fout, "\n");
 92
 93	/* NOW PRINT OUT MLS STUFF */
 94	if (mls) {
 95		printf("MLS not yet implemented\n");
 96		exit(1);
 97	}
 98
 99	/* types, roles, and allows */
100	fprintf(fout, "type base_t;\n");
101	fprintf(fout, "role base_r types { base_t };\n");
102	for (i = 0; secclass_map[i].name; i++)
103		fprintf(fout, "allow base_t base_t:%s *;\n",
104			secclass_map[i].name);
105	fprintf(fout, "user user_u roles { base_r };\n");
106	fprintf(fout, "\n");
107
108	/* default sids */
109	for (i = 1; i < initial_sid_to_string_len; i++)
110		fprintf(fout, "sid %s user_u:base_r:base_t\n", initial_sid_to_string[i]);
111	fprintf(fout, "\n");
112
113	fprintf(fout, "fs_use_xattr ext2 user_u:base_r:base_t;\n");
114	fprintf(fout, "fs_use_xattr ext3 user_u:base_r:base_t;\n");
115	fprintf(fout, "fs_use_xattr ext4 user_u:base_r:base_t;\n");
116	fprintf(fout, "fs_use_xattr jfs user_u:base_r:base_t;\n");
117	fprintf(fout, "fs_use_xattr xfs user_u:base_r:base_t;\n");
118	fprintf(fout, "fs_use_xattr reiserfs user_u:base_r:base_t;\n");
119	fprintf(fout, "fs_use_xattr jffs2 user_u:base_r:base_t;\n");
120	fprintf(fout, "fs_use_xattr gfs2 user_u:base_r:base_t;\n");
121	fprintf(fout, "fs_use_xattr lustre user_u:base_r:base_t;\n");
122
123	fprintf(fout, "fs_use_task eventpollfs user_u:base_r:base_t;\n");
124	fprintf(fout, "fs_use_task pipefs user_u:base_r:base_t;\n");
125	fprintf(fout, "fs_use_task sockfs user_u:base_r:base_t;\n");
126
127	fprintf(fout, "fs_use_trans mqueue user_u:base_r:base_t;\n");
128	fprintf(fout, "fs_use_trans devpts user_u:base_r:base_t;\n");
129	fprintf(fout, "fs_use_trans hugetlbfs user_u:base_r:base_t;\n");
130	fprintf(fout, "fs_use_trans tmpfs user_u:base_r:base_t;\n");
131	fprintf(fout, "fs_use_trans shm user_u:base_r:base_t;\n");
132
133	fprintf(fout, "genfscon proc / user_u:base_r:base_t\n");
134
135	fclose(fout);
136
137	fout = fopen(ctxout, "w");
138	if (!fout) {
139		printf("Wrote policy, but cannot open %s for writing\n", ctxout);
140		usage(argv[0]);
141	}
142	fprintf(fout, "/ user_u:base_r:base_t\n");
143	fprintf(fout, "/.* user_u:base_r:base_t\n");
144	fclose(fout);
145
146	return 0;
147}