1 /*
2 * Copyright 2011 Tresys Technology, LLC. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17 * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
22 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 * The views and conclusions contained in the software and documentation are those
26 * of the authors and should not be interpreted as representing official policies,
27 * either expressed or implied, of Tresys Technology, LLC.
28 */
29
30 #include <stdlib.h>
31 #include <stdio.h>
32 #include <stdint.h>
33 #include <string.h>
34 #include <getopt.h>
35 #include <sys/stat.h>
36
37 #ifdef ANDROID
38 #include <cil/cil.h>
39 #else
40 #include <sepol/cil/cil.h>
41 #endif
42 #include <sepol/policydb.h>
43
usage(const char * prog)44 static __attribute__((__noreturn__)) void usage(const char *prog)
45 {
46 printf("Usage: %s [OPTION]... FILE...\n", prog);
47 printf("\n");
48 printf("Options:\n");
49 printf(" -o, --output=<file> write policy.conf to <file>\n");
50 printf(" (default: policy.conf)\n");
51 printf(" -M, --mls true|false write an mls policy. Must be true or false.\n");
52 printf(" This will override the (mls boolean) statement\n");
53 printf(" if present in the policy\n");
54 printf(" -P, --preserve-tunables treat tunables as booleans\n");
55 printf(" -Q, --qualified-names Allow names containing dots (qualified names).\n");
56 printf(" Blocks, blockinherits, blockabstracts, and\n");
57 printf(" in-statements will not be allowed.\n");
58 printf(" -v, --verbose increment verbosity level\n");
59 printf(" -h, --help display usage information\n");
60 exit(1);
61 }
62
main(int argc,char * argv[])63 int main(int argc, char *argv[])
64 {
65 int rc = SEPOL_ERR;
66 FILE *file = NULL;
67 char *buffer = NULL;
68 struct stat filedata;
69 uint32_t file_size;
70 char *output = NULL;
71 struct cil_db *db = NULL;
72 int mls = -1;
73 int preserve_tunables = 0;
74 int qualified_names = 0;
75 int opt_char;
76 int opt_index = 0;
77 enum cil_log_level log_level = CIL_ERR;
78 static struct option long_opts[] = {
79 {"help", no_argument, 0, 'h'},
80 {"verbose", no_argument, 0, 'v'},
81 {"mls", required_argument, 0, 'M'},
82 {"preserve-tunables", no_argument, 0, 'P'},
83 {"qualified-names", no_argument, 0, 'Q'},
84 {"output", required_argument, 0, 'o'},
85 {0, 0, 0, 0}
86 };
87 int i;
88
89 while (1) {
90 opt_char = getopt_long(argc, argv, "o:hvM:PQ", long_opts, &opt_index);
91 if (opt_char == -1) {
92 break;
93 }
94 switch (opt_char) {
95 case 'v':
96 log_level++;
97 break;
98 case 'M':
99 if (!strcasecmp(optarg, "true") || !strcasecmp(optarg, "1")) {
100 mls = 1;
101 } else if (!strcasecmp(optarg, "false") || !strcasecmp(optarg, "0")) {
102 mls = 0;
103 } else {
104 usage(argv[0]);
105 }
106 break;
107 case 'P':
108 preserve_tunables = 1;
109 break;
110 case 'Q':
111 qualified_names = 1;
112 break;
113 case 'o':
114 free(output);
115 output = strdup(optarg);
116 break;
117 case 'h':
118 usage(argv[0]);
119 case '?':
120 break;
121 default:
122 fprintf(stderr, "Unsupported option: %s\n", optarg);
123 usage(argv[0]);
124 }
125 }
126 if (optind >= argc) {
127 fprintf(stderr, "No cil files specified\n");
128 usage(argv[0]);
129 }
130
131 cil_set_log_level(log_level);
132
133 cil_db_init(&db);
134 cil_set_preserve_tunables(db, preserve_tunables);
135 cil_set_qualified_names(db, qualified_names);
136 cil_set_mls(db, mls);
137 cil_set_attrs_expand_generated(db, 0);
138 cil_set_attrs_expand_size(db, 0);
139
140 for (i = optind; i < argc; i++) {
141 file = fopen(argv[i], "r");
142 if (!file) {
143 fprintf(stderr, "Could not open file: %s\n", argv[i]);
144 rc = SEPOL_ERR;
145 goto exit;
146 }
147 rc = stat(argv[i], &filedata);
148 if (rc == -1) {
149 fprintf(stderr, "Could not stat file: %s\n", argv[i]);
150 goto exit;
151 }
152 file_size = filedata.st_size;
153
154 buffer = malloc(file_size);
155 rc = fread(buffer, file_size, 1, file);
156 if (rc != 1) {
157 fprintf(stderr, "Failure reading file: %s\n", argv[i]);
158 goto exit;
159 }
160 fclose(file);
161 file = NULL;
162
163 rc = cil_add_file(db, argv[i], buffer, file_size);
164 if (rc != SEPOL_OK) {
165 fprintf(stderr, "Failure adding %s\n", argv[i]);
166 goto exit;
167 }
168
169 free(buffer);
170 buffer = NULL;
171 }
172
173 rc = cil_compile(db);
174 if (rc != SEPOL_OK) {
175 fprintf(stderr, "Failed to compile cildb: %d\n", rc);
176 goto exit;
177 }
178
179 if (output == NULL) {
180 file = fopen("policy.conf", "w");
181 } else {
182 file = fopen(output, "w");
183 }
184 if (file == NULL) {
185 fprintf(stderr, "Failure opening policy.conf file for writing\n");
186 rc = SEPOL_ERR;
187 goto exit;
188 }
189
190 cil_write_policy_conf(file, db);
191
192 fclose(file);
193 file = NULL;
194 rc = SEPOL_OK;
195
196 exit:
197 if (file != NULL) {
198 fclose(file);
199 }
200 free(buffer);
201 free(output);
202 cil_db_destroy(&db);
203 return rc;
204 }
205