Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/scripts/selinux/mdp/mdp.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  * mdp - make dummy policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * When pointed at a kernel tree, builds a dummy policy for that kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * with exactly one type with full rights to itself.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  * Copyright (C) IBM Corporation, 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  * Authors: Serge E. Hallyn <serue@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) /* NOTE: we really do want to use the kernel headers here */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #define __EXPORTED_HEADERS__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <stdio.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <stdlib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include <unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #include <string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #include <linux/kconfig.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) static void usage(char *name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 	printf("usage: %s [-m] policy_file context_file\n", name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	exit(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) /* Class/perm mapping support */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) struct security_class_mapping {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 	const char *name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	const char *perms[sizeof(unsigned) * 8 + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) #include "classmap.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) #include "initial_sid_to_string.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) #include "policycap_names.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) int main(int argc, char *argv[])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	int i, j, mls = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	int initial_sid_to_string_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	char **arg, *polout, *ctxout;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 	FILE *fout;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	if (argc < 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 		usage(argv[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	arg = argv+1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	if (argc==4 && strcmp(argv[1], "-m") == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 		mls = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 		arg++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	polout = *arg++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	ctxout = *arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	fout = fopen(polout, "w");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 	if (!fout) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 		printf("Could not open %s for writing\n", polout);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 		usage(argv[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	/* print out the classes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	for (i = 0; secclass_map[i].name; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 		fprintf(fout, "class %s\n", secclass_map[i].name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 	fprintf(fout, "\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	/* print out the sids */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	for (i = 1; i < initial_sid_to_string_len; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 		const char *name = initial_sid_to_string[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 		if (name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 			fprintf(fout, "sid %s\n", name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 			fprintf(fout, "sid unused%d\n", i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	fprintf(fout, "\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	/* print out the class permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	for (i = 0; secclass_map[i].name; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 		struct security_class_mapping *map = &secclass_map[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 		fprintf(fout, "class %s\n", map->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 		fprintf(fout, "{\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 		for (j = 0; map->perms[j]; j++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 			fprintf(fout, "\t%s\n", map->perms[j]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 		fprintf(fout, "}\n\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	fprintf(fout, "\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	/* print out mls declarations and constraints */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	if (mls) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 		fprintf(fout, "sensitivity s0;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		fprintf(fout, "sensitivity s1;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		fprintf(fout, "dominance { s0 s1 }\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		fprintf(fout, "category c0;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 		fprintf(fout, "category c1;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		fprintf(fout, "level s0:c0.c1;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 		fprintf(fout, "level s1:c0.c1;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) #define SYSTEMLOW "s0"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) #define SYSTEMHIGH "s1:c0.c1"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 		for (i = 0; secclass_map[i].name; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 			struct security_class_mapping *map = &secclass_map[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 			fprintf(fout, "mlsconstrain %s {\n", map->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 			for (j = 0; map->perms[j]; j++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 				fprintf(fout, "\t%s\n", map->perms[j]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 			/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 			 * This requires all subjects and objects to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 			 * single-level (l2 eq h2), and that the subject
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 			 * level dominate the object level (h1 dom h2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 			 * in order to have any permissions to it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 			 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 			fprintf(fout, "} (l2 eq h2 and h1 dom h2);\n\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	/* enable all policy capabilities */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 		fprintf(fout, "policycap %s;\n", selinux_policycap_names[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	/* types, roles, and allows */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	fprintf(fout, "type base_t;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 	fprintf(fout, "role base_r;\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	fprintf(fout, "role base_r types { base_t };\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	for (i = 0; secclass_map[i].name; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 		fprintf(fout, "allow base_t base_t:%s *;\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 			secclass_map[i].name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	fprintf(fout, "user user_u roles { base_r }");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	if (mls)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		fprintf(fout, " level %s range %s - %s", SYSTEMLOW,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 			SYSTEMLOW, SYSTEMHIGH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	fprintf(fout, ";\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) #define SUBJUSERROLETYPE "user_u:base_r:base_t"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) #define OBJUSERROLETYPE "user_u:object_r:base_t"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	/* default sids */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	for (i = 1; i < initial_sid_to_string_len; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 		const char *name = initial_sid_to_string[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		if (name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 			fprintf(fout, "sid %s ", name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 			fprintf(fout, "sid unused%d\n", i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 		fprintf(fout, SUBJUSERROLETYPE "%s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 			mls ? ":" SYSTEMLOW : "");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	fprintf(fout, "\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) #define FS_USE(behavior, fstype)			    \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	fprintf(fout, "fs_use_%s %s " OBJUSERROLETYPE "%s;\n", \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 		behavior, fstype, mls ? ":" SYSTEMLOW : "")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	 * Filesystems whose inode labels can be fetched via getxattr.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) #ifdef CONFIG_EXT2_FS_SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	FS_USE("xattr", "ext2");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) #ifdef CONFIG_EXT4_FS_SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) #ifdef CONFIG_EXT4_USE_FOR_EXT2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	FS_USE("xattr", "ext2");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	FS_USE("xattr", "ext3");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	FS_USE("xattr", "ext4");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) #ifdef CONFIG_JFS_SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	FS_USE("xattr", "jfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) #ifdef CONFIG_REISERFS_FS_SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	FS_USE("xattr", "reiserfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) #ifdef CONFIG_JFFS2_FS_SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	FS_USE("xattr", "jffs2");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) #ifdef CONFIG_XFS_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	FS_USE("xattr", "xfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) #ifdef CONFIG_GFS2_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	FS_USE("xattr", "gfs2");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) #ifdef CONFIG_BTRFS_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	FS_USE("xattr", "btrfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) #ifdef CONFIG_F2FS_FS_SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	FS_USE("xattr", "f2fs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) #ifdef CONFIG_OCFS2_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 	FS_USE("xattr", "ocsfs2");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) #ifdef CONFIG_OVERLAY_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	FS_USE("xattr", "overlay");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) #ifdef CONFIG_SQUASHFS_XATTR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 	FS_USE("xattr", "squashfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	 * Filesystems whose inodes are labeled from allocating task.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	FS_USE("task", "pipefs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	FS_USE("task", "sockfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	 * Filesystems whose inode labels are computed from both
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	 * the allocating task and the superblock label.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) #ifdef CONFIG_UNIX98_PTYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 	FS_USE("trans", "devpts");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) #ifdef CONFIG_HUGETLBFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	FS_USE("trans", "hugetlbfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) #ifdef CONFIG_TMPFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	FS_USE("trans", "tmpfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) #ifdef CONFIG_DEVTMPFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	FS_USE("trans", "devtmpfs");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) #ifdef CONFIG_POSIX_MQUEUE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	FS_USE("trans", "mqueue");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) #define GENFSCON(fstype, prefix)			     \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	fprintf(fout, "genfscon %s %s " OBJUSERROLETYPE "%s\n", \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 		fstype, prefix, mls ? ":" SYSTEMLOW : "")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	 * Filesystems whose inodes are labeled from path prefix match
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	 * relative to the filesystem root.  Depending on the filesystem,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	 * only a single label for all inodes may be supported.  Here
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	 * we list the filesystem types for which per-file labeling is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	 * supported using genfscon; any other filesystem type can also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	 * be added by only with a single entry for all of its inodes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) #ifdef CONFIG_PROC_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	GENFSCON("proc", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) #ifdef CONFIG_SECURITY_SELINUX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	GENFSCON("selinuxfs", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) #ifdef CONFIG_SYSFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	GENFSCON("sysfs", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) #ifdef CONFIG_DEBUG_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	GENFSCON("debugfs", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) #ifdef CONFIG_TRACING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	GENFSCON("tracefs", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) #ifdef CONFIG_PSTORE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 	GENFSCON("pstore", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 	GENFSCON("cgroup", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 	GENFSCON("cgroup2", "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 	fclose(fout);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 	fout = fopen(ctxout, "w");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 	if (!fout) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 		printf("Wrote policy, but cannot open %s for writing\n", ctxout);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 		usage(argv[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 	fprintf(fout, "/ " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : "");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	fprintf(fout, "/.* " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : "");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 	fclose(fout);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.