1*2d543d20SAndroid Build Coastguard Worker /* Copyright (C) 2005 Red Hat, Inc. */
2*2d543d20SAndroid Build Coastguard Worker
3*2d543d20SAndroid Build Coastguard Worker struct semanage_fcontext;
4*2d543d20SAndroid Build Coastguard Worker struct semanage_fcontext_key;
5*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_fcontext record_t;
6*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_fcontext_key record_key_t;
7*2d543d20SAndroid Build Coastguard Worker #define DBASE_RECORD_DEFINED
8*2d543d20SAndroid Build Coastguard Worker
9*2d543d20SAndroid Build Coastguard Worker struct dbase_file;
10*2d543d20SAndroid Build Coastguard Worker typedef struct dbase_file dbase_t;
11*2d543d20SAndroid Build Coastguard Worker #define DBASE_DEFINED
12*2d543d20SAndroid Build Coastguard Worker
13*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
14*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
15*2d543d20SAndroid Build Coastguard Worker #include <strings.h>
16*2d543d20SAndroid Build Coastguard Worker #include <semanage/handle.h>
17*2d543d20SAndroid Build Coastguard Worker #include "fcontext_internal.h"
18*2d543d20SAndroid Build Coastguard Worker #include "database_file.h"
19*2d543d20SAndroid Build Coastguard Worker #include "parse_utils.h"
20*2d543d20SAndroid Build Coastguard Worker #include "debug.h"
21*2d543d20SAndroid Build Coastguard Worker
type_str(int type)22*2d543d20SAndroid Build Coastguard Worker static const char *type_str(int type)
23*2d543d20SAndroid Build Coastguard Worker {
24*2d543d20SAndroid Build Coastguard Worker switch (type) {
25*2d543d20SAndroid Build Coastguard Worker default:
26*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_ALL:
27*2d543d20SAndroid Build Coastguard Worker return " ";
28*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_REG:
29*2d543d20SAndroid Build Coastguard Worker return "--";
30*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_DIR:
31*2d543d20SAndroid Build Coastguard Worker return "-d";
32*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_CHAR:
33*2d543d20SAndroid Build Coastguard Worker return "-c";
34*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_BLOCK:
35*2d543d20SAndroid Build Coastguard Worker return "-b";
36*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_SOCK:
37*2d543d20SAndroid Build Coastguard Worker return "-s";
38*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_LINK:
39*2d543d20SAndroid Build Coastguard Worker return "-l";
40*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_FCONTEXT_PIPE:
41*2d543d20SAndroid Build Coastguard Worker return "-p";
42*2d543d20SAndroid Build Coastguard Worker }
43*2d543d20SAndroid Build Coastguard Worker }
44*2d543d20SAndroid Build Coastguard Worker
fcontext_print(semanage_handle_t * handle,semanage_fcontext_t * fcontext,FILE * str)45*2d543d20SAndroid Build Coastguard Worker static int fcontext_print(semanage_handle_t * handle,
46*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_t * fcontext, FILE * str)
47*2d543d20SAndroid Build Coastguard Worker {
48*2d543d20SAndroid Build Coastguard Worker
49*2d543d20SAndroid Build Coastguard Worker char *con_str = NULL;
50*2d543d20SAndroid Build Coastguard Worker
51*2d543d20SAndroid Build Coastguard Worker const char *expr = semanage_fcontext_get_expr(fcontext);
52*2d543d20SAndroid Build Coastguard Worker int type = semanage_fcontext_get_type(fcontext);
53*2d543d20SAndroid Build Coastguard Worker const char *print_str = type_str(type);
54*2d543d20SAndroid Build Coastguard Worker const char *tstr = semanage_fcontext_get_type_str(type);
55*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = semanage_fcontext_get_con(fcontext);
56*2d543d20SAndroid Build Coastguard Worker
57*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%s %s ", expr, print_str) < 0)
58*2d543d20SAndroid Build Coastguard Worker goto err;
59*2d543d20SAndroid Build Coastguard Worker
60*2d543d20SAndroid Build Coastguard Worker if (con != NULL) {
61*2d543d20SAndroid Build Coastguard Worker if (semanage_context_to_string(handle, con, &con_str) < 0)
62*2d543d20SAndroid Build Coastguard Worker goto err;
63*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%s\n", con_str) < 0)
64*2d543d20SAndroid Build Coastguard Worker goto err;
65*2d543d20SAndroid Build Coastguard Worker free(con_str);
66*2d543d20SAndroid Build Coastguard Worker con_str = NULL;
67*2d543d20SAndroid Build Coastguard Worker } else {
68*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "<<none>>\n") < 0)
69*2d543d20SAndroid Build Coastguard Worker goto err;
70*2d543d20SAndroid Build Coastguard Worker }
71*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
72*2d543d20SAndroid Build Coastguard Worker
73*2d543d20SAndroid Build Coastguard Worker err:
74*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not print file context for "
75*2d543d20SAndroid Build Coastguard Worker "%s (%s) to stream", expr, tstr);
76*2d543d20SAndroid Build Coastguard Worker free(con_str);
77*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
78*2d543d20SAndroid Build Coastguard Worker }
79*2d543d20SAndroid Build Coastguard Worker
fcontext_parse(semanage_handle_t * handle,parse_info_t * info,semanage_fcontext_t * fcontext)80*2d543d20SAndroid Build Coastguard Worker static int fcontext_parse(semanage_handle_t * handle,
81*2d543d20SAndroid Build Coastguard Worker parse_info_t * info, semanage_fcontext_t * fcontext)
82*2d543d20SAndroid Build Coastguard Worker {
83*2d543d20SAndroid Build Coastguard Worker
84*2d543d20SAndroid Build Coastguard Worker char *str = NULL;
85*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = NULL;
86*2d543d20SAndroid Build Coastguard Worker
87*2d543d20SAndroid Build Coastguard Worker if (parse_skip_space(handle, info) < 0)
88*2d543d20SAndroid Build Coastguard Worker goto err;
89*2d543d20SAndroid Build Coastguard Worker if (!info->ptr)
90*2d543d20SAndroid Build Coastguard Worker goto last;
91*2d543d20SAndroid Build Coastguard Worker
92*2d543d20SAndroid Build Coastguard Worker /* Regexp */
93*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
94*2d543d20SAndroid Build Coastguard Worker goto err;
95*2d543d20SAndroid Build Coastguard Worker if (semanage_fcontext_set_expr(handle, fcontext, str) < 0)
96*2d543d20SAndroid Build Coastguard Worker goto err;
97*2d543d20SAndroid Build Coastguard Worker free(str);
98*2d543d20SAndroid Build Coastguard Worker str = NULL;
99*2d543d20SAndroid Build Coastguard Worker
100*2d543d20SAndroid Build Coastguard Worker /* Type */
101*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
102*2d543d20SAndroid Build Coastguard Worker goto err;
103*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
104*2d543d20SAndroid Build Coastguard Worker goto err;
105*2d543d20SAndroid Build Coastguard Worker if (!strcasecmp(str, "-s"))
106*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_SOCK);
107*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "-p"))
108*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_PIPE);
109*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "-b"))
110*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_BLOCK);
111*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "-l"))
112*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_LINK);
113*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "-c"))
114*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_CHAR);
115*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "-d"))
116*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_DIR);
117*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "--"))
118*2d543d20SAndroid Build Coastguard Worker semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_REG);
119*2d543d20SAndroid Build Coastguard Worker else
120*2d543d20SAndroid Build Coastguard Worker goto process_context;
121*2d543d20SAndroid Build Coastguard Worker free(str);
122*2d543d20SAndroid Build Coastguard Worker str = NULL;
123*2d543d20SAndroid Build Coastguard Worker
124*2d543d20SAndroid Build Coastguard Worker /* Context */
125*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
126*2d543d20SAndroid Build Coastguard Worker goto err;
127*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
128*2d543d20SAndroid Build Coastguard Worker goto err;
129*2d543d20SAndroid Build Coastguard Worker
130*2d543d20SAndroid Build Coastguard Worker process_context:
131*2d543d20SAndroid Build Coastguard Worker if (semanage_context_from_string(handle, str, &con) < 0) {
132*2d543d20SAndroid Build Coastguard Worker ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
133*2d543d20SAndroid Build Coastguard Worker str, info->filename, info->lineno, info->orig_line);
134*2d543d20SAndroid Build Coastguard Worker goto err;
135*2d543d20SAndroid Build Coastguard Worker }
136*2d543d20SAndroid Build Coastguard Worker free(str);
137*2d543d20SAndroid Build Coastguard Worker str = NULL;
138*2d543d20SAndroid Build Coastguard Worker
139*2d543d20SAndroid Build Coastguard Worker if (con && semanage_fcontext_set_con(handle, fcontext, con) < 0)
140*2d543d20SAndroid Build Coastguard Worker goto err;
141*2d543d20SAndroid Build Coastguard Worker
142*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
143*2d543d20SAndroid Build Coastguard Worker goto err;
144*2d543d20SAndroid Build Coastguard Worker
145*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
146*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
147*2d543d20SAndroid Build Coastguard Worker
148*2d543d20SAndroid Build Coastguard Worker last:
149*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
150*2d543d20SAndroid Build Coastguard Worker return STATUS_NODATA;
151*2d543d20SAndroid Build Coastguard Worker
152*2d543d20SAndroid Build Coastguard Worker err:
153*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not parse file context record");
154*2d543d20SAndroid Build Coastguard Worker free(str);
155*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
156*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
157*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
158*2d543d20SAndroid Build Coastguard Worker }
159*2d543d20SAndroid Build Coastguard Worker
160*2d543d20SAndroid Build Coastguard Worker /* FCONTEXT RECORD: FILE extension: method table */
161*2d543d20SAndroid Build Coastguard Worker record_file_table_t SEMANAGE_FCONTEXT_FILE_RTABLE = {
162*2d543d20SAndroid Build Coastguard Worker .parse = fcontext_parse,
163*2d543d20SAndroid Build Coastguard Worker .print = fcontext_print,
164*2d543d20SAndroid Build Coastguard Worker };
165*2d543d20SAndroid Build Coastguard Worker
fcontext_file_dbase_init(semanage_handle_t * handle,const char * path_ro,const char * path_rw,dbase_config_t * dconfig)166*2d543d20SAndroid Build Coastguard Worker int fcontext_file_dbase_init(semanage_handle_t * handle,
167*2d543d20SAndroid Build Coastguard Worker const char *path_ro,
168*2d543d20SAndroid Build Coastguard Worker const char *path_rw,
169*2d543d20SAndroid Build Coastguard Worker dbase_config_t * dconfig)
170*2d543d20SAndroid Build Coastguard Worker {
171*2d543d20SAndroid Build Coastguard Worker
172*2d543d20SAndroid Build Coastguard Worker if (dbase_file_init(handle,
173*2d543d20SAndroid Build Coastguard Worker path_ro,
174*2d543d20SAndroid Build Coastguard Worker path_rw,
175*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_FCONTEXT_RTABLE,
176*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_FCONTEXT_FILE_RTABLE,
177*2d543d20SAndroid Build Coastguard Worker &dconfig->dbase) < 0)
178*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
179*2d543d20SAndroid Build Coastguard Worker
180*2d543d20SAndroid Build Coastguard Worker dconfig->dtable = &SEMANAGE_FILE_DTABLE;
181*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
182*2d543d20SAndroid Build Coastguard Worker }
183*2d543d20SAndroid Build Coastguard Worker
fcontext_file_dbase_release(dbase_config_t * dconfig)184*2d543d20SAndroid Build Coastguard Worker void fcontext_file_dbase_release(dbase_config_t * dconfig)
185*2d543d20SAndroid Build Coastguard Worker {
186*2d543d20SAndroid Build Coastguard Worker
187*2d543d20SAndroid Build Coastguard Worker dbase_file_release(dconfig->dbase);
188*2d543d20SAndroid Build Coastguard Worker }
189