1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <ctype.h>
4 #include <errno.h>
5
6 #include <sepol/policydb/policydb.h>
7 #include <sepol/policydb/conditional.h>
8
9 #include "debug.h"
10 #include "private.h"
11 #include "dso.h"
12
13 /* -- Deprecated -- */
14
strtrim(char * dest,char * source,int size)15 static char *strtrim(char *dest, char *source, int size)
16 {
17 int i = 0;
18 char *ptr = source;
19 i = 0;
20 while (isspace(*ptr) && i < size) {
21 ptr++;
22 i++;
23 }
24 strncpy(dest, ptr, size);
25 for (i = strlen(dest) - 1; i > 0; i--) {
26 if (!isspace(dest[i]))
27 break;
28 }
29 dest[i + 1] = '\0';
30 return dest;
31 }
32
process_boolean(char * buffer,char * name,int namesize,int * val)33 static int process_boolean(char *buffer, char *name, int namesize, int *val)
34 {
35 char name1[BUFSIZ];
36 char *ptr;
37 char *tok = strtok_r(buffer, "=", &ptr);
38 if (tok) {
39 strncpy(name1, tok, BUFSIZ - 1);
40 strtrim(name, name1, namesize - 1);
41 if (name[0] == '#')
42 return 0;
43 tok = strtok_r(NULL, "\0", &ptr);
44 if (tok) {
45 while (isspace(*tok))
46 tok++;
47 *val = -1;
48 if (isdigit(tok[0]))
49 *val = atoi(tok);
50 else if (!strncasecmp(tok, "true", sizeof("true") - 1))
51 *val = 1;
52 else if (!strncasecmp
53 (tok, "false", sizeof("false") - 1))
54 *val = 0;
55 if (*val != 0 && *val != 1) {
56 ERR(NULL, "illegal value for boolean "
57 "%s=%s", name, tok);
58 return -1;
59 }
60
61 }
62 }
63 return 1;
64 }
65
load_booleans(struct policydb * policydb,const char * path,int * changesp)66 static int load_booleans(struct policydb *policydb, const char *path,
67 int *changesp)
68 {
69 FILE *boolf;
70 char *buffer = NULL;
71 size_t size = 0;
72 char localbools[BUFSIZ];
73 char name[BUFSIZ];
74 int val;
75 int errors = 0, changes = 0;
76 struct cond_bool_datum *datum;
77
78 boolf = fopen(path, "r");
79 if (boolf == NULL)
80 goto localbool;
81
82 #ifdef DARWIN
83 if ((buffer = (char *)malloc(255 * sizeof(char))) == NULL) {
84 ERR(NULL, "out of memory");
85 return -1;
86 }
87
88 while(fgets(buffer, 255, boolf) != NULL) {
89 #else
90 while (getline(&buffer, &size, boolf) > 0) {
91 #endif
92 int ret = process_boolean(buffer, name, sizeof(name), &val);
93 if (ret == -1)
94 errors++;
95 if (ret == 1) {
96 datum = hashtab_search(policydb->p_bools.table, name);
97 if (!datum) {
98 ERR(NULL, "unknown boolean %s", name);
99 errors++;
100 continue;
101 }
102 if (datum->state != val) {
103 datum->state = val;
104 changes++;
105 }
106 }
107 }
108 fclose(boolf);
109 localbool:
110 snprintf(localbools, sizeof(localbools), "%s.local", path);
111 boolf = fopen(localbools, "r");
112 if (boolf != NULL) {
113
114 #ifdef DARWIN
115
116 while(fgets(buffer, 255, boolf) != NULL) {
117 #else
118
119 while (getline(&buffer, &size, boolf) > 0) {
120 #endif
121 int ret =
122 process_boolean(buffer, name, sizeof(name), &val);
123 if (ret == -1)
124 errors++;
125 if (ret == 1) {
126 datum =
127 hashtab_search(policydb->p_bools.table,
128 name);
129 if (!datum) {
130 ERR(NULL, "unknown boolean %s", name);
131 errors++;
132 continue;
133 }
134 if (datum->state != val) {
135 datum->state = val;
136 changes++;
137 }
138 }
139 }
140 fclose(boolf);
141 }
142 free(buffer);
143 if (errors)
144 errno = EINVAL;
145 *changesp = changes;
146 return errors ? -1 : 0;
147 }
148
149 int sepol_genbools(void *data, size_t len, char *booleans)
150 {
151 struct policydb policydb;
152 struct policy_file pf;
153 int rc, changes = 0;
154
155 if (policydb_init(&policydb))
156 goto err;
157 if (policydb_from_image(NULL, data, len, &policydb) < 0)
158 goto err;
159
160 if (load_booleans(&policydb, booleans, &changes) < 0) {
161 WARN(NULL, "error while reading %s", booleans);
162 }
163
164 if (!changes)
165 goto out;
166
167 if (evaluate_conds(&policydb) < 0) {
168 ERR(NULL, "error while re-evaluating conditionals");
169 errno = EINVAL;
170 goto err_destroy;
171 }
172
173 policy_file_init(&pf);
174 pf.type = PF_USE_MEMORY;
175 pf.data = data;
176 pf.len = len;
177 rc = policydb_write(&policydb, &pf);
178 if (rc) {
179 ERR(NULL, "unable to write new binary policy image");
180 errno = EINVAL;
181 goto err_destroy;
182 }
183
184 out:
185 policydb_destroy(&policydb);
186 return 0;
187
188 err_destroy:
189 policydb_destroy(&policydb);
190
191 err:
192 return -1;
193 }
194
195 int hidden sepol_genbools_policydb(policydb_t * policydb, const char *booleans)
196 {
197 int rc, changes = 0;
198
199 rc = load_booleans(policydb, booleans, &changes);
200 if (!rc && changes)
201 rc = evaluate_conds(policydb);
202 if (rc)
203 errno = EINVAL;
204 return rc;
205 }
206
207 /* -- End Deprecated -- */
208
209 int sepol_genbools_array(void *data, size_t len, char **names, int *values,
210 int nel)
211 {
212 struct policydb policydb;
213 struct policy_file pf;
214 int rc, i, errors = 0;
215 struct cond_bool_datum *datum;
216
217 /* Create policy database from image */
218 if (policydb_init(&policydb))
219 goto err;
220 if (policydb_from_image(NULL, data, len, &policydb) < 0)
221 goto err;
222
223 for (i = 0; i < nel; i++) {
224 datum = hashtab_search(policydb.p_bools.table, names[i]);
225 if (!datum) {
226 ERR(NULL, "boolean %s no longer in policy", names[i]);
227 errors++;
228 continue;
229 }
230 if (values[i] != 0 && values[i] != 1) {
231 ERR(NULL, "illegal value %d for boolean %s",
232 values[i], names[i]);
233 errors++;
234 continue;
235 }
236 datum->state = values[i];
237 }
238
239 if (evaluate_conds(&policydb) < 0) {
240 ERR(NULL, "error while re-evaluating conditionals");
241 errno = EINVAL;
242 goto err_destroy;
243 }
244
245 policy_file_init(&pf);
246 pf.type = PF_USE_MEMORY;
247 pf.data = data;
248 pf.len = len;
249 rc = policydb_write(&policydb, &pf);
250 if (rc) {
251 ERR(NULL, "unable to write binary policy");
252 errno = EINVAL;
253 goto err_destroy;
254 }
255 if (errors) {
256 errno = EINVAL;
257 goto err_destroy;
258 }
259
260 policydb_destroy(&policydb);
261 return 0;
262
263 err_destroy:
264 policydb_destroy(&policydb);
265
266 err:
267 return -1;
268 }
269