SELinux: Auto-generate security_is_socket_class (4bc6c2d5) · Commits · e / devices / android_kernel_fairphone_FP3

scripts/selinux/genheaders/genheaders.c

+20 −0

Original line number	Diff line number	Diff line
		@@ -43,6 +43,8 @@ int main(int argc, char *argv[])
		int i, j, k;
		int isids_len;
		FILE *fout;
		const char *needle = "SOCKET";
		char *substr;

		progname = argv[0];

		@@ -88,6 +90,24 @@ int main(int argc, char *argv[])
		fprintf(fout, "%2d\n", i);
		}
		fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
		fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
		fprintf(fout, "{\n");
		fprintf(fout, "\tbool sock = false;\n\n");
		fprintf(fout, "\tswitch (kern_tclass) {\n");
		for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		substr = strstr(map->name, needle);
		if (substr && strcmp(substr, needle) == 0)
		fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
		}
		fprintf(fout, "\t\tsock = true;\n");
		fprintf(fout, "\t\tbreak;\n");
		fprintf(fout, "\tdefault:\n");
		fprintf(fout, "\t\tbreak;\n");
		fprintf(fout, "\t}\n\n");
		fprintf(fout, "\treturn sock;\n");
		fprintf(fout, "}\n");

		fprintf(fout, "\n#endif\n");
		fclose(fout);

+4 −0

Original line number	Diff line number	Diff line
		@@ -12,6 +12,10 @@
		#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
		"write", "associate", "unix_read", "unix_write"

		/*
		* Note: The name for any socket class should be suffixed by "socket",
		* and doesn't contain more than one substr of "socket".
		*/
		struct security_class_mapping secclass_map[] = {
		{ "security",
		{ "compute_av", "compute_create", "compute_member",