1*2d543d20SAndroid Build Coastguard Worker /*
2*2d543d20SAndroid Build Coastguard Worker * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3*2d543d20SAndroid Build Coastguard Worker *
4*2d543d20SAndroid Build Coastguard Worker * Redistribution and use in source and binary forms, with or without
5*2d543d20SAndroid Build Coastguard Worker * modification, are permitted provided that the following conditions are met:
6*2d543d20SAndroid Build Coastguard Worker *
7*2d543d20SAndroid Build Coastguard Worker * 1. Redistributions of source code must retain the above copyright notice,
8*2d543d20SAndroid Build Coastguard Worker * this list of conditions and the following disclaimer.
9*2d543d20SAndroid Build Coastguard Worker *
10*2d543d20SAndroid Build Coastguard Worker * 2. Redistributions in binary form must reproduce the above copyright notice,
11*2d543d20SAndroid Build Coastguard Worker * this list of conditions and the following disclaimer in the documentation
12*2d543d20SAndroid Build Coastguard Worker * and/or other materials provided with the distribution.
13*2d543d20SAndroid Build Coastguard Worker *
14*2d543d20SAndroid Build Coastguard Worker * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15*2d543d20SAndroid Build Coastguard Worker * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17*2d543d20SAndroid Build Coastguard Worker * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18*2d543d20SAndroid Build Coastguard Worker * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19*2d543d20SAndroid Build Coastguard Worker * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20*2d543d20SAndroid Build Coastguard Worker * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21*2d543d20SAndroid Build Coastguard Worker * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22*2d543d20SAndroid Build Coastguard Worker * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23*2d543d20SAndroid Build Coastguard Worker * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24*2d543d20SAndroid Build Coastguard Worker *
25*2d543d20SAndroid Build Coastguard Worker * The views and conclusions contained in the software and documentation are those
26*2d543d20SAndroid Build Coastguard Worker * of the authors and should not be interpreted as representing official policies,
27*2d543d20SAndroid Build Coastguard Worker * either expressed or implied, of Tresys Technology, LLC.
28*2d543d20SAndroid Build Coastguard Worker */
29*2d543d20SAndroid Build Coastguard Worker
30*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
31*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
32*2d543d20SAndroid Build Coastguard Worker #include <stdint.h>
33*2d543d20SAndroid Build Coastguard Worker #include <string.h>
34*2d543d20SAndroid Build Coastguard Worker #include <getopt.h>
35*2d543d20SAndroid Build Coastguard Worker #include <sys/stat.h>
36*2d543d20SAndroid Build Coastguard Worker
37*2d543d20SAndroid Build Coastguard Worker #ifdef ANDROID
38*2d543d20SAndroid Build Coastguard Worker #include <cil/cil.h>
39*2d543d20SAndroid Build Coastguard Worker #else
40*2d543d20SAndroid Build Coastguard Worker #include <sepol/cil/cil.h>
41*2d543d20SAndroid Build Coastguard Worker #endif
42*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb.h>
43*2d543d20SAndroid Build Coastguard Worker
usage(const char * prog)44*2d543d20SAndroid Build Coastguard Worker static __attribute__((__noreturn__)) void usage(const char *prog)
45*2d543d20SAndroid Build Coastguard Worker {
46*2d543d20SAndroid Build Coastguard Worker printf("Usage: %s [OPTION]... FILE...\n", prog);
47*2d543d20SAndroid Build Coastguard Worker printf("\n");
48*2d543d20SAndroid Build Coastguard Worker printf("Options:\n");
49*2d543d20SAndroid Build Coastguard Worker printf(" -o, --output=<file> write binary policy to <file>\n");
50*2d543d20SAndroid Build Coastguard Worker printf(" (default: policy.<version>)\n");
51*2d543d20SAndroid Build Coastguard Worker printf(" -f, --filecontext=<file> write file contexts to <file>\n");
52*2d543d20SAndroid Build Coastguard Worker printf(" (default: file_contexts)\n");
53*2d543d20SAndroid Build Coastguard Worker printf(" -t, --target=<type> specify target architecture. may be selinux or\n");
54*2d543d20SAndroid Build Coastguard Worker printf(" xen. (default: selinux)\n");
55*2d543d20SAndroid Build Coastguard Worker printf(" -M, --mls true|false build an mls policy. Must be true or false.\n");
56*2d543d20SAndroid Build Coastguard Worker printf(" This will override the (mls boolean) statement\n");
57*2d543d20SAndroid Build Coastguard Worker printf(" if present in the policy\n");
58*2d543d20SAndroid Build Coastguard Worker printf(" -c, --policyvers=<version> build a binary policy with a given <version>\n");
59*2d543d20SAndroid Build Coastguard Worker printf(" (default: %i)\n", POLICYDB_VERSION_MAX);
60*2d543d20SAndroid Build Coastguard Worker printf(" -U, --handle-unknown=<action> how to handle unknown classes or permissions.\n");
61*2d543d20SAndroid Build Coastguard Worker printf(" may be deny, allow, or reject. (default: deny)\n");
62*2d543d20SAndroid Build Coastguard Worker printf(" This will override the (handleunknown action)\n");
63*2d543d20SAndroid Build Coastguard Worker printf(" statement if present in the policy\n");
64*2d543d20SAndroid Build Coastguard Worker printf(" -D, --disable-dontaudit do not add dontaudit rules to the binary policy\n");
65*2d543d20SAndroid Build Coastguard Worker printf(" -P, --preserve-tunables treat tunables as booleans\n");
66*2d543d20SAndroid Build Coastguard Worker printf(" -Q, --qualified-names Allow names containing dots (qualified names).\n");
67*2d543d20SAndroid Build Coastguard Worker printf(" Blocks, blockinherits, blockabstracts, and\n");
68*2d543d20SAndroid Build Coastguard Worker printf(" in-statements will not be allowed.\n");
69*2d543d20SAndroid Build Coastguard Worker printf(" -m, --multiple-decls allow some statements to be re-declared\n");
70*2d543d20SAndroid Build Coastguard Worker printf(" -N, --disable-neverallow do not check neverallow rules\n");
71*2d543d20SAndroid Build Coastguard Worker printf(" -G, --expand-generated Expand and remove auto-generated attributes\n");
72*2d543d20SAndroid Build Coastguard Worker printf(" -X, --expand-size <SIZE> Expand type attributes with fewer than <SIZE>\n");
73*2d543d20SAndroid Build Coastguard Worker printf(" members.\n");
74*2d543d20SAndroid Build Coastguard Worker printf(" -O, --optimize optimize final policy\n");
75*2d543d20SAndroid Build Coastguard Worker printf(" -v, --verbose increment verbosity level\n");
76*2d543d20SAndroid Build Coastguard Worker printf(" -h, --help display usage information\n");
77*2d543d20SAndroid Build Coastguard Worker exit(1);
78*2d543d20SAndroid Build Coastguard Worker }
79*2d543d20SAndroid Build Coastguard Worker
main(int argc,char * argv[])80*2d543d20SAndroid Build Coastguard Worker int main(int argc, char *argv[])
81*2d543d20SAndroid Build Coastguard Worker {
82*2d543d20SAndroid Build Coastguard Worker int rc = SEPOL_ERR;
83*2d543d20SAndroid Build Coastguard Worker sepol_policydb_t *pdb = NULL;
84*2d543d20SAndroid Build Coastguard Worker struct sepol_policy_file *pf = NULL;
85*2d543d20SAndroid Build Coastguard Worker FILE *binary = NULL;
86*2d543d20SAndroid Build Coastguard Worker FILE *file_contexts;
87*2d543d20SAndroid Build Coastguard Worker FILE *file = NULL;
88*2d543d20SAndroid Build Coastguard Worker char *buffer = NULL;
89*2d543d20SAndroid Build Coastguard Worker struct stat filedata;
90*2d543d20SAndroid Build Coastguard Worker uint32_t file_size;
91*2d543d20SAndroid Build Coastguard Worker char *output = NULL;
92*2d543d20SAndroid Build Coastguard Worker char *filecontexts = NULL;
93*2d543d20SAndroid Build Coastguard Worker struct cil_db *db = NULL;
94*2d543d20SAndroid Build Coastguard Worker int target = SEPOL_TARGET_SELINUX;
95*2d543d20SAndroid Build Coastguard Worker int mls = -1;
96*2d543d20SAndroid Build Coastguard Worker int disable_dontaudit = 0;
97*2d543d20SAndroid Build Coastguard Worker int multiple_decls = 0;
98*2d543d20SAndroid Build Coastguard Worker int disable_neverallow = 0;
99*2d543d20SAndroid Build Coastguard Worker int preserve_tunables = 0;
100*2d543d20SAndroid Build Coastguard Worker int qualified_names = 0;
101*2d543d20SAndroid Build Coastguard Worker int handle_unknown = -1;
102*2d543d20SAndroid Build Coastguard Worker int policyvers = POLICYDB_VERSION_MAX;
103*2d543d20SAndroid Build Coastguard Worker int attrs_expand_generated = 0;
104*2d543d20SAndroid Build Coastguard Worker int attrs_expand_size = -1;
105*2d543d20SAndroid Build Coastguard Worker int optimize = 0;
106*2d543d20SAndroid Build Coastguard Worker int opt_char;
107*2d543d20SAndroid Build Coastguard Worker int opt_index = 0;
108*2d543d20SAndroid Build Coastguard Worker char *fc_buf = NULL;
109*2d543d20SAndroid Build Coastguard Worker size_t fc_size;
110*2d543d20SAndroid Build Coastguard Worker enum cil_log_level log_level = CIL_ERR;
111*2d543d20SAndroid Build Coastguard Worker static struct option long_opts[] = {
112*2d543d20SAndroid Build Coastguard Worker {"help", no_argument, 0, 'h'},
113*2d543d20SAndroid Build Coastguard Worker {"verbose", no_argument, 0, 'v'},
114*2d543d20SAndroid Build Coastguard Worker {"target", required_argument, 0, 't'},
115*2d543d20SAndroid Build Coastguard Worker {"mls", required_argument, 0, 'M'},
116*2d543d20SAndroid Build Coastguard Worker {"policyversion", required_argument, 0, 'c'},
117*2d543d20SAndroid Build Coastguard Worker {"handle-unknown", required_argument, 0, 'U'},
118*2d543d20SAndroid Build Coastguard Worker {"disable-dontaudit", no_argument, 0, 'D'},
119*2d543d20SAndroid Build Coastguard Worker {"multiple-decls", no_argument, 0, 'm'},
120*2d543d20SAndroid Build Coastguard Worker {"disable-neverallow", no_argument, 0, 'N'},
121*2d543d20SAndroid Build Coastguard Worker {"preserve-tunables", no_argument, 0, 'P'},
122*2d543d20SAndroid Build Coastguard Worker {"qualified-names", no_argument, 0, 'Q'},
123*2d543d20SAndroid Build Coastguard Worker {"output", required_argument, 0, 'o'},
124*2d543d20SAndroid Build Coastguard Worker {"filecontexts", required_argument, 0, 'f'},
125*2d543d20SAndroid Build Coastguard Worker {"expand-generated", no_argument, 0, 'G'},
126*2d543d20SAndroid Build Coastguard Worker {"expand-size", required_argument, 0, 'X'},
127*2d543d20SAndroid Build Coastguard Worker {"optimize", no_argument, 0, 'O'},
128*2d543d20SAndroid Build Coastguard Worker {0, 0, 0, 0}
129*2d543d20SAndroid Build Coastguard Worker };
130*2d543d20SAndroid Build Coastguard Worker int i;
131*2d543d20SAndroid Build Coastguard Worker
132*2d543d20SAndroid Build Coastguard Worker while (1) {
133*2d543d20SAndroid Build Coastguard Worker opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PQDmNOc:GX:n", long_opts, &opt_index);
134*2d543d20SAndroid Build Coastguard Worker if (opt_char == -1) {
135*2d543d20SAndroid Build Coastguard Worker break;
136*2d543d20SAndroid Build Coastguard Worker }
137*2d543d20SAndroid Build Coastguard Worker switch (opt_char) {
138*2d543d20SAndroid Build Coastguard Worker case 'v':
139*2d543d20SAndroid Build Coastguard Worker log_level++;
140*2d543d20SAndroid Build Coastguard Worker break;
141*2d543d20SAndroid Build Coastguard Worker case 't':
142*2d543d20SAndroid Build Coastguard Worker if (!strcmp(optarg, "selinux")) {
143*2d543d20SAndroid Build Coastguard Worker target = SEPOL_TARGET_SELINUX;
144*2d543d20SAndroid Build Coastguard Worker } else if (!strcmp(optarg, "xen")) {
145*2d543d20SAndroid Build Coastguard Worker target = SEPOL_TARGET_XEN;
146*2d543d20SAndroid Build Coastguard Worker } else {
147*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Unknown target: %s\n", optarg);
148*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
149*2d543d20SAndroid Build Coastguard Worker }
150*2d543d20SAndroid Build Coastguard Worker break;
151*2d543d20SAndroid Build Coastguard Worker case 'M':
152*2d543d20SAndroid Build Coastguard Worker if (!strcasecmp(optarg, "true") || !strcasecmp(optarg, "1")) {
153*2d543d20SAndroid Build Coastguard Worker mls = 1;
154*2d543d20SAndroid Build Coastguard Worker } else if (!strcasecmp(optarg, "false") || !strcasecmp(optarg, "0")) {
155*2d543d20SAndroid Build Coastguard Worker mls = 0;
156*2d543d20SAndroid Build Coastguard Worker } else {
157*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
158*2d543d20SAndroid Build Coastguard Worker }
159*2d543d20SAndroid Build Coastguard Worker break;
160*2d543d20SAndroid Build Coastguard Worker case 'c': {
161*2d543d20SAndroid Build Coastguard Worker char *endptr = NULL;
162*2d543d20SAndroid Build Coastguard Worker errno = 0;
163*2d543d20SAndroid Build Coastguard Worker policyvers = strtol(optarg, &endptr, 10);
164*2d543d20SAndroid Build Coastguard Worker if (errno != 0 || endptr == optarg || *endptr != '\0') {
165*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Bad policy version: %s\n", optarg);
166*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
167*2d543d20SAndroid Build Coastguard Worker }
168*2d543d20SAndroid Build Coastguard Worker if (policyvers > POLICYDB_VERSION_MAX || policyvers < POLICYDB_VERSION_MIN) {
169*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Policy version must be between %d and %d\n",
170*2d543d20SAndroid Build Coastguard Worker POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
171*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
172*2d543d20SAndroid Build Coastguard Worker }
173*2d543d20SAndroid Build Coastguard Worker break;
174*2d543d20SAndroid Build Coastguard Worker }
175*2d543d20SAndroid Build Coastguard Worker case 'U':
176*2d543d20SAndroid Build Coastguard Worker if (!strcasecmp(optarg, "deny")) {
177*2d543d20SAndroid Build Coastguard Worker handle_unknown = SEPOL_DENY_UNKNOWN;
178*2d543d20SAndroid Build Coastguard Worker } else if (!strcasecmp(optarg, "allow")) {
179*2d543d20SAndroid Build Coastguard Worker handle_unknown = SEPOL_ALLOW_UNKNOWN;
180*2d543d20SAndroid Build Coastguard Worker } else if (!strcasecmp(optarg, "reject")) {
181*2d543d20SAndroid Build Coastguard Worker handle_unknown = SEPOL_REJECT_UNKNOWN;
182*2d543d20SAndroid Build Coastguard Worker } else {
183*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
184*2d543d20SAndroid Build Coastguard Worker }
185*2d543d20SAndroid Build Coastguard Worker break;
186*2d543d20SAndroid Build Coastguard Worker case 'D':
187*2d543d20SAndroid Build Coastguard Worker disable_dontaudit = 1;
188*2d543d20SAndroid Build Coastguard Worker break;
189*2d543d20SAndroid Build Coastguard Worker case 'm':
190*2d543d20SAndroid Build Coastguard Worker multiple_decls = 1;
191*2d543d20SAndroid Build Coastguard Worker break;
192*2d543d20SAndroid Build Coastguard Worker case 'N':
193*2d543d20SAndroid Build Coastguard Worker disable_neverallow = 1;
194*2d543d20SAndroid Build Coastguard Worker break;
195*2d543d20SAndroid Build Coastguard Worker case 'P':
196*2d543d20SAndroid Build Coastguard Worker preserve_tunables = 1;
197*2d543d20SAndroid Build Coastguard Worker break;
198*2d543d20SAndroid Build Coastguard Worker case 'Q':
199*2d543d20SAndroid Build Coastguard Worker qualified_names = 1;
200*2d543d20SAndroid Build Coastguard Worker break;
201*2d543d20SAndroid Build Coastguard Worker case 'o':
202*2d543d20SAndroid Build Coastguard Worker free(output);
203*2d543d20SAndroid Build Coastguard Worker output = strdup(optarg);
204*2d543d20SAndroid Build Coastguard Worker break;
205*2d543d20SAndroid Build Coastguard Worker case 'f':
206*2d543d20SAndroid Build Coastguard Worker free(filecontexts);
207*2d543d20SAndroid Build Coastguard Worker filecontexts = strdup(optarg);
208*2d543d20SAndroid Build Coastguard Worker break;
209*2d543d20SAndroid Build Coastguard Worker case 'G':
210*2d543d20SAndroid Build Coastguard Worker attrs_expand_generated = 1;
211*2d543d20SAndroid Build Coastguard Worker break;
212*2d543d20SAndroid Build Coastguard Worker case 'X': {
213*2d543d20SAndroid Build Coastguard Worker char *endptr = NULL;
214*2d543d20SAndroid Build Coastguard Worker errno = 0;
215*2d543d20SAndroid Build Coastguard Worker attrs_expand_size = strtol(optarg, &endptr, 10);
216*2d543d20SAndroid Build Coastguard Worker if (errno != 0 || endptr == optarg || *endptr != '\0') {
217*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Bad attribute expand size: %s\n", optarg);
218*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
219*2d543d20SAndroid Build Coastguard Worker }
220*2d543d20SAndroid Build Coastguard Worker
221*2d543d20SAndroid Build Coastguard Worker if (attrs_expand_size < 0) {
222*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Attribute expand size must be > 0\n");
223*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
224*2d543d20SAndroid Build Coastguard Worker }
225*2d543d20SAndroid Build Coastguard Worker break;
226*2d543d20SAndroid Build Coastguard Worker }
227*2d543d20SAndroid Build Coastguard Worker case 'O':
228*2d543d20SAndroid Build Coastguard Worker optimize = 1;
229*2d543d20SAndroid Build Coastguard Worker break;
230*2d543d20SAndroid Build Coastguard Worker case 'h':
231*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
232*2d543d20SAndroid Build Coastguard Worker case '?':
233*2d543d20SAndroid Build Coastguard Worker break;
234*2d543d20SAndroid Build Coastguard Worker default:
235*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Unsupported option: %s\n", optarg);
236*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
237*2d543d20SAndroid Build Coastguard Worker }
238*2d543d20SAndroid Build Coastguard Worker }
239*2d543d20SAndroid Build Coastguard Worker if (optind >= argc) {
240*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "No cil files specified\n");
241*2d543d20SAndroid Build Coastguard Worker usage(argv[0]);
242*2d543d20SAndroid Build Coastguard Worker }
243*2d543d20SAndroid Build Coastguard Worker
244*2d543d20SAndroid Build Coastguard Worker cil_set_log_level(log_level);
245*2d543d20SAndroid Build Coastguard Worker
246*2d543d20SAndroid Build Coastguard Worker cil_db_init(&db);
247*2d543d20SAndroid Build Coastguard Worker cil_set_disable_dontaudit(db, disable_dontaudit);
248*2d543d20SAndroid Build Coastguard Worker cil_set_multiple_decls(db, multiple_decls);
249*2d543d20SAndroid Build Coastguard Worker cil_set_disable_neverallow(db, disable_neverallow);
250*2d543d20SAndroid Build Coastguard Worker cil_set_preserve_tunables(db, preserve_tunables);
251*2d543d20SAndroid Build Coastguard Worker cil_set_qualified_names(db, qualified_names);
252*2d543d20SAndroid Build Coastguard Worker if (handle_unknown != -1) {
253*2d543d20SAndroid Build Coastguard Worker rc = cil_set_handle_unknown(db, handle_unknown);
254*2d543d20SAndroid Build Coastguard Worker if (rc != SEPOL_OK) {
255*2d543d20SAndroid Build Coastguard Worker goto exit;
256*2d543d20SAndroid Build Coastguard Worker }
257*2d543d20SAndroid Build Coastguard Worker }
258*2d543d20SAndroid Build Coastguard Worker
259*2d543d20SAndroid Build Coastguard Worker cil_set_mls(db, mls);
260*2d543d20SAndroid Build Coastguard Worker cil_set_target_platform(db, target);
261*2d543d20SAndroid Build Coastguard Worker cil_set_policy_version(db, policyvers);
262*2d543d20SAndroid Build Coastguard Worker cil_set_attrs_expand_generated(db, attrs_expand_generated);
263*2d543d20SAndroid Build Coastguard Worker if (attrs_expand_size >= 0) {
264*2d543d20SAndroid Build Coastguard Worker cil_set_attrs_expand_size(db, (unsigned)attrs_expand_size);
265*2d543d20SAndroid Build Coastguard Worker }
266*2d543d20SAndroid Build Coastguard Worker
267*2d543d20SAndroid Build Coastguard Worker for (i = optind; i < argc; i++) {
268*2d543d20SAndroid Build Coastguard Worker file = fopen(argv[i], "r");
269*2d543d20SAndroid Build Coastguard Worker if (!file) {
270*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Could not open file: %s\n", argv[i]);
271*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
272*2d543d20SAndroid Build Coastguard Worker goto exit;
273*2d543d20SAndroid Build Coastguard Worker }
274*2d543d20SAndroid Build Coastguard Worker rc = stat(argv[i], &filedata);
275*2d543d20SAndroid Build Coastguard Worker if (rc == -1) {
276*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Could not stat file: %s\n", argv[i]);
277*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
278*2d543d20SAndroid Build Coastguard Worker goto exit;
279*2d543d20SAndroid Build Coastguard Worker }
280*2d543d20SAndroid Build Coastguard Worker file_size = filedata.st_size;
281*2d543d20SAndroid Build Coastguard Worker
282*2d543d20SAndroid Build Coastguard Worker if (!file_size) {
283*2d543d20SAndroid Build Coastguard Worker fclose(file);
284*2d543d20SAndroid Build Coastguard Worker file = NULL;
285*2d543d20SAndroid Build Coastguard Worker continue;
286*2d543d20SAndroid Build Coastguard Worker }
287*2d543d20SAndroid Build Coastguard Worker
288*2d543d20SAndroid Build Coastguard Worker buffer = malloc(file_size);
289*2d543d20SAndroid Build Coastguard Worker if (!buffer) {
290*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Out of memory\n");
291*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
292*2d543d20SAndroid Build Coastguard Worker goto exit;
293*2d543d20SAndroid Build Coastguard Worker }
294*2d543d20SAndroid Build Coastguard Worker
295*2d543d20SAndroid Build Coastguard Worker rc = fread(buffer, file_size, 1, file);
296*2d543d20SAndroid Build Coastguard Worker if (rc != 1) {
297*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failure reading file: %s\n", argv[i]);
298*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
299*2d543d20SAndroid Build Coastguard Worker goto exit;
300*2d543d20SAndroid Build Coastguard Worker }
301*2d543d20SAndroid Build Coastguard Worker fclose(file);
302*2d543d20SAndroid Build Coastguard Worker file = NULL;
303*2d543d20SAndroid Build Coastguard Worker
304*2d543d20SAndroid Build Coastguard Worker rc = cil_add_file(db, argv[i], buffer, file_size);
305*2d543d20SAndroid Build Coastguard Worker if (rc != SEPOL_OK) {
306*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failure adding %s\n", argv[i]);
307*2d543d20SAndroid Build Coastguard Worker goto exit;
308*2d543d20SAndroid Build Coastguard Worker }
309*2d543d20SAndroid Build Coastguard Worker
310*2d543d20SAndroid Build Coastguard Worker free(buffer);
311*2d543d20SAndroid Build Coastguard Worker buffer = NULL;
312*2d543d20SAndroid Build Coastguard Worker }
313*2d543d20SAndroid Build Coastguard Worker
314*2d543d20SAndroid Build Coastguard Worker rc = cil_compile(db);
315*2d543d20SAndroid Build Coastguard Worker if (rc != SEPOL_OK) {
316*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to compile cildb: %d\n", rc);
317*2d543d20SAndroid Build Coastguard Worker goto exit;
318*2d543d20SAndroid Build Coastguard Worker }
319*2d543d20SAndroid Build Coastguard Worker
320*2d543d20SAndroid Build Coastguard Worker rc = cil_build_policydb(db, &pdb);
321*2d543d20SAndroid Build Coastguard Worker if (rc != SEPOL_OK) {
322*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to build policydb\n");
323*2d543d20SAndroid Build Coastguard Worker goto exit;
324*2d543d20SAndroid Build Coastguard Worker }
325*2d543d20SAndroid Build Coastguard Worker
326*2d543d20SAndroid Build Coastguard Worker if (optimize) {
327*2d543d20SAndroid Build Coastguard Worker rc = sepol_policydb_optimize(pdb);
328*2d543d20SAndroid Build Coastguard Worker if (rc != SEPOL_OK) {
329*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to optimize policydb\n");
330*2d543d20SAndroid Build Coastguard Worker goto exit;
331*2d543d20SAndroid Build Coastguard Worker }
332*2d543d20SAndroid Build Coastguard Worker }
333*2d543d20SAndroid Build Coastguard Worker
334*2d543d20SAndroid Build Coastguard Worker if (output == NULL) {
335*2d543d20SAndroid Build Coastguard Worker int size = snprintf(NULL, 0, "policy.%d", policyvers);
336*2d543d20SAndroid Build Coastguard Worker output = malloc((size + 1) * sizeof(char));
337*2d543d20SAndroid Build Coastguard Worker if (output == NULL) {
338*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to create output filename\n");
339*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
340*2d543d20SAndroid Build Coastguard Worker goto exit;
341*2d543d20SAndroid Build Coastguard Worker }
342*2d543d20SAndroid Build Coastguard Worker if (snprintf(output, size + 1, "policy.%d", policyvers) != size) {
343*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to create output filename\n");
344*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
345*2d543d20SAndroid Build Coastguard Worker goto exit;
346*2d543d20SAndroid Build Coastguard Worker }
347*2d543d20SAndroid Build Coastguard Worker }
348*2d543d20SAndroid Build Coastguard Worker
349*2d543d20SAndroid Build Coastguard Worker binary = fopen(output, "w");
350*2d543d20SAndroid Build Coastguard Worker if (binary == NULL) {
351*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failure opening binary file for writing\n");
352*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
353*2d543d20SAndroid Build Coastguard Worker goto exit;
354*2d543d20SAndroid Build Coastguard Worker }
355*2d543d20SAndroid Build Coastguard Worker
356*2d543d20SAndroid Build Coastguard Worker rc = sepol_policy_file_create(&pf);
357*2d543d20SAndroid Build Coastguard Worker if (rc != 0) {
358*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to create policy file: %d\n", rc);
359*2d543d20SAndroid Build Coastguard Worker goto exit;
360*2d543d20SAndroid Build Coastguard Worker }
361*2d543d20SAndroid Build Coastguard Worker
362*2d543d20SAndroid Build Coastguard Worker sepol_policy_file_set_fp(pf, binary);
363*2d543d20SAndroid Build Coastguard Worker
364*2d543d20SAndroid Build Coastguard Worker rc = sepol_policydb_write(pdb, pf);
365*2d543d20SAndroid Build Coastguard Worker if (rc != 0) {
366*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to write binary policy: %d\n", rc);
367*2d543d20SAndroid Build Coastguard Worker goto exit;
368*2d543d20SAndroid Build Coastguard Worker }
369*2d543d20SAndroid Build Coastguard Worker
370*2d543d20SAndroid Build Coastguard Worker fclose(binary);
371*2d543d20SAndroid Build Coastguard Worker binary = NULL;
372*2d543d20SAndroid Build Coastguard Worker
373*2d543d20SAndroid Build Coastguard Worker rc = cil_filecons_to_string(db, &fc_buf, &fc_size);
374*2d543d20SAndroid Build Coastguard Worker if (rc != SEPOL_OK) {
375*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to get file context data\n");
376*2d543d20SAndroid Build Coastguard Worker goto exit;
377*2d543d20SAndroid Build Coastguard Worker }
378*2d543d20SAndroid Build Coastguard Worker
379*2d543d20SAndroid Build Coastguard Worker if (filecontexts == NULL) {
380*2d543d20SAndroid Build Coastguard Worker file_contexts = fopen("file_contexts", "w+");
381*2d543d20SAndroid Build Coastguard Worker } else {
382*2d543d20SAndroid Build Coastguard Worker file_contexts = fopen(filecontexts, "w+");
383*2d543d20SAndroid Build Coastguard Worker }
384*2d543d20SAndroid Build Coastguard Worker
385*2d543d20SAndroid Build Coastguard Worker if (file_contexts == NULL) {
386*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to open file_contexts file\n");
387*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
388*2d543d20SAndroid Build Coastguard Worker goto exit;
389*2d543d20SAndroid Build Coastguard Worker }
390*2d543d20SAndroid Build Coastguard Worker
391*2d543d20SAndroid Build Coastguard Worker if (fwrite(fc_buf, sizeof(char), fc_size, file_contexts) != fc_size) {
392*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "Failed to write file_contexts file\n");
393*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_ERR;
394*2d543d20SAndroid Build Coastguard Worker goto exit;
395*2d543d20SAndroid Build Coastguard Worker }
396*2d543d20SAndroid Build Coastguard Worker
397*2d543d20SAndroid Build Coastguard Worker fclose(file_contexts);
398*2d543d20SAndroid Build Coastguard Worker file_contexts = NULL;
399*2d543d20SAndroid Build Coastguard Worker
400*2d543d20SAndroid Build Coastguard Worker rc = SEPOL_OK;
401*2d543d20SAndroid Build Coastguard Worker
402*2d543d20SAndroid Build Coastguard Worker exit:
403*2d543d20SAndroid Build Coastguard Worker if (binary != NULL) {
404*2d543d20SAndroid Build Coastguard Worker fclose(binary);
405*2d543d20SAndroid Build Coastguard Worker }
406*2d543d20SAndroid Build Coastguard Worker if (file != NULL) {
407*2d543d20SAndroid Build Coastguard Worker fclose(file);
408*2d543d20SAndroid Build Coastguard Worker }
409*2d543d20SAndroid Build Coastguard Worker free(buffer);
410*2d543d20SAndroid Build Coastguard Worker free(output);
411*2d543d20SAndroid Build Coastguard Worker free(filecontexts);
412*2d543d20SAndroid Build Coastguard Worker cil_db_destroy(&db);
413*2d543d20SAndroid Build Coastguard Worker sepol_policydb_free(pdb);
414*2d543d20SAndroid Build Coastguard Worker sepol_policy_file_free(pf);
415*2d543d20SAndroid Build Coastguard Worker free(fc_buf);
416*2d543d20SAndroid Build Coastguard Worker return rc;
417*2d543d20SAndroid Build Coastguard Worker }
418