int main(int argc, char **argv)
{
char *policy;
struct policy_file pf;
policydb_t policydb;
int rc;
int i;
if (argc < 3)
usage(argv[0]);
policy = argv[1];
if(load_policy(policy, &policydb, &pf))
exit(1);
for(i = 0; i < NUM_COMPONENTS; i++) {
if (!strcmp(analyze_components[i].key, argv[2])) {
rc = analyze_components[i].func(argc - 2, argv + 2, &policydb);
if (rc && USAGE_ERROR) {
usage(argv[0]);
}
return rc;
}
}
usage(argv[0]);
exit(0);
}
int main(int argc, char **argv)
{
char *policy = NULL;
struct policy_file pf;
policydb_t policydb;
char ch;
char equiv = 0, diff = 0, dups = 0;
struct option long_options[] = {
{"equiv", no_argument, NULL, 'e'},
{"diff", no_argument, NULL, 'd'},
{"dups", no_argument, NULL, 'D'},
{"policy", required_argument, NULL, 'P'},
{NULL, 0, NULL, 0}
};
while ((ch = getopt_long(argc, argv, "edDP:", long_options, NULL)) != -1) {
switch (ch) {
case 'e':
equiv = 1;
break;
case 'd':
diff = 1;
break;
case 'D':
dups = 1;
break;
case 'P':
policy = optarg;
break;
default:
usage(argv[0]);
}
}
if (!policy || (!equiv && !diff && !dups))
usage(argv[0]);
if (load_policy(policy, &policydb, &pf))
exit(1);
if (equiv || diff)
analyze_types(&policydb, equiv, diff);
if (dups)
find_dups(&policydb);
policydb_destroy(&policydb);
return 0;
}
static int load_file(const char *filename, struct policy_file *file)
{
GKeyFile *keyfile;
struct policy_group *group;
char **groupnames;
char *pathname;
int err = 0, i;
DBG("%s", filename);
pathname = g_strdup_printf("%s/%s", POLICYDIR, filename);
err = load_keyfile(pathname, &keyfile);
g_free(pathname);
if (err < 0)
return err;
groupnames = g_key_file_get_groups(keyfile, NULL);
for (i = 0; groupnames[i]; i++) {
group = g_new0(struct policy_group, 1);
group->config = g_new0(struct connman_session_config, 1);
err = load_policy(keyfile, groupnames[i], group);
if (err < 0) {
g_free(group->config);
g_free(group);
break;
}
if (group->selinux)
g_hash_table_replace(selinux_hash, group->selinux, group);
if (group->uid)
g_hash_table_replace(uid_hash, group->uid, group);
if (group->gid)
g_hash_table_replace(gid_hash, group->gid, group);
file->groups = g_slist_prepend(file->groups, group);
}
g_strfreev(groupnames);
if (err < 0)
g_slist_free_full(file->groups, cleanup_group);
g_key_file_free(keyfile);
return err;
}
int
main(int argc, char **argv)
{
int res=0,
run=0,
dump=0,
reset=0,
detachall=0,
detachpid=0,
all=0, /* applies to all running processes */
pid=-1, /* applies to pid, -1 means -all */
hotp_nudge_pid=0,
hotp_modes_nudge_pid=0,
hotp_nudge_all=0,
hotp_modes_nudge_all=0,
nudge=0, /* generic nudge with argument */
nudge_action_mask=0, /* generic nudge action mask */
delay_ms_all= /* delay between acting on processes */
NUDGE_NO_DELAY,
timeout_ms= /* timeout for finishing a nudge on a single process */
DETACH_RECOMMENDED_TIMEOUT,
runval=0,
canary_default=0,
canary_run = CANARY_RUN_FLAGS_DEFAULT,
canary_fault_run = 0,
exists = 0,
destroy = 0,
free_eventlog = 0;
uint64 nudge_client_arg=0; /* client nudge argument */
int verbose = 0;
char *create=NULL,
*addapp=NULL,
*appdump=NULL,
*removeapp=NULL,
*opstring=NULL,
*drdll=NULL,
*preinject=NULL,
*logdir=NULL,
*sharedcache=NULL,
*appname=NULL,
*drhome=NULL,
*modes=NULL,
*defs=NULL,
*detach_exename=NULL,
*load=NULL,
*save=NULL,
*eventlog=NULL,
*canary_process=NULL,
*scratch_folder=NULL,
*canary_fault_ops=NULL;
dr_platform_t dr_platform = DR_PLATFORM_DEFAULT;
int argidx=1;
WCHAR wbuf[MAX_PATH];
ConfigGroup *policy = NULL, *working_group;
if (argc < 2)
usage();
while (argidx < argc) {
if (!strcmp(argv[argidx], "-help")) {
help();
}
/* ******************** actions on active processes ******************** */
else if (!strcmp(argv[argidx], "-detachall")) {
detachall=1;
}
else if (!strcmp(argv[argidx], "-detach")) {
if (++argidx >= argc)
usage();
detachpid=atoi(argv[argidx]);
}
else if (!strcmp(argv[argidx], "-detachexe")) {
if (++argidx >= argc)
usage();
detach_exename=argv[argidx];
}
else if (!strcmp(argv[argidx], "-pid") || !strcmp(argv[argidx], "-p")) {
if (++argidx >= argc)
usage();
pid=atoi(argv[argidx]);
}
else if (!strcmp(argv[argidx], "-all")) {
all=1;
}
else if (!strcmp(argv[argidx], "-delay")) {
/* in milliseconds */
if (++argidx >= argc)
usage();
delay_ms_all=atoi(argv[argidx]);
}
else if (!strcmp(argv[argidx], "-timeout")) {
/* in milliseconds */
if (++argidx >= argc)
usage();
timeout_ms=atoi(argv[argidx]);
}
else if (!strcmp(argv[argidx], "-hot_patch_nudge")) {
if (++argidx >= argc)
usage();
hotp_nudge_pid=atoi(argv[argidx]);
}
else if (!strcmp(argv[argidx], "-hot_patch_modes_nudge")) {
if (++argidx >= argc)
usage();
hotp_modes_nudge_pid=atoi(argv[argidx]);
}
else if (!strcmp(argv[argidx], "-hot_patch_nudge_all")) {
hotp_nudge_all = 1;
}
else if (!strcmp(argv[argidx], "-verbose")) {
verbose = 1;
}
else if (!strcmp(argv[argidx], "-hot_patch_modes_nudge_all")) {
hotp_modes_nudge_all = 1;
}
else if (!strcmp(argv[argidx], "-drpop")) {
nudge = 1;
/* allow composition */
nudge_action_mask |= NUDGE_GENERIC(opt) | NUDGE_GENERIC(reset);
}
else if (!strcmp(argv[argidx], "-nudge")) {
int nudge_numeric;
if (++argidx >= argc)
usage();
nudge_numeric = atoi(argv[argidx]); /* 0 if fails */
nudge_action_mask |= nudge_numeric;
/* compare against numeric new code, or against symbolic names */
/* -nudge opt -nudge reset -nudge stats -nudge 30000 */
{
int found = 0;
#define NUDGE_DEF(name, comment) if (strcmp(#name, argv[argidx]) == 0) { found = 1; nudge_action_mask |= NUDGE_GENERIC(name);}
NUDGE_DEFINITIONS();
#undef NUDGE_DEF
if (!found && nudge_numeric == 0) {
printf("unknown -nudge %s\n", argv[argidx]);
usage();
}
}
nudge=1;
}
else if (!strcmp(argv[argidx], "-client_nudge")) {
if (++argidx >= argc)
usage();
nudge_client_arg = _strtoui64(argv[argidx], NULL, 16);
nudge_action_mask |= NUDGE_GENERIC(client);
nudge = 1;
}
/* ******************** configuration actions ******************** */
else if (!strcmp(argv[argidx], "-reset")) {
reset=1;
}
else if (!strcmp(argv[argidx], "-create")) {
if (++argidx >= argc)
usage();
create = argv[argidx];
}
else if (!strcmp(argv[argidx], "-destroy")) {
destroy = 1;
}
else if (!strcmp(argv[argidx], "-exists")) {
exists = 1;
}
else if (!strcmp(argv[argidx], "-run")) {
run = 1;
if (++argidx >= argc)
usage();
runval = atoi(argv[argidx]);
}
else if (!strcmp(argv[argidx], "-app")) {
if (++argidx >= argc)
usage();
appname = argv[argidx];
}
else if (!strcmp(argv[argidx], "-add")) {
if (++argidx >= argc)
usage();
addapp = argv[argidx];
}
else if (!strcmp(argv[argidx], "-remove")) {
if (++argidx >= argc)
usage();
removeapp = argv[argidx];
}
else if (!strcmp(argv[argidx], "-options")) {
if (++argidx >= argc)
usage();
opstring = argv[argidx];
}
else if (!strcmp(argv[argidx], "-drlib")) {
if (++argidx >= argc)
usage();
drdll = argv[argidx];
}
else if (!strcmp(argv[argidx], "-preinject")) {
if (++argidx >= argc)
usage();
preinject = argv[argidx];
}
else if (!strcmp(argv[argidx], "-create_eventlog")) {
if (++argidx >= argc)
usage();
eventlog = argv[argidx];
}
else if (!strcmp(argv[argidx], "-destroy_eventlog")) {
free_eventlog = 1;
}
else if (!strcmp(argv[argidx], "-drhome")) {
if (++argidx >= argc)
usage();
drhome = argv[argidx];
}
else if (!strcmp(argv[argidx], "-modes")) {
if (++argidx >= argc)
usage();
modes = argv[argidx];
}
else if (!strcmp(argv[argidx], "-defs")) {
if (++argidx >= argc)
usage();
defs = argv[argidx];
}
else if (!strcmp(argv[argidx], "-logdir")) {
if (++argidx >= argc)
usage();
logdir = argv[argidx];
}
else if (!strcmp(argv[argidx], "-sharedcache")) {
if (++argidx >= argc)
usage();
sharedcache = argv[argidx];
}
else if (!strcmp(argv[argidx], "-load")) {
if (++argidx >= argc)
usage();
load = argv[argidx];
}
else if (!strcmp(argv[argidx], "-save")) {
if (++argidx >= argc)
usage();
save = argv[argidx];
}
else if (!strcmp(argv[argidx], "-dump")) {
dump = 1;
}
else if (!strcmp(argv[argidx], "-appdump")) {
if (++argidx >= argc)
usage();
appdump = argv[argidx];
}
else if (!strcmp(argv[argidx], "-fulldump")) {
dump = 1;
}
else if (!strcmp(argv[argidx], "-v")) {
#ifdef BUILD_NUMBER
printf("DRcontrol.exe build %d -- %s", BUILD_NUMBER, __DATE__);
#else
printf("DRcontrol.exe custom build -- %s, %s", __DATE__, __TIME__);
#endif
} else if (!strcmp(argv[argidx], "-canary_default")) {
canary_default = 1;
} else if (!strcmp(argv[argidx], "-canary")) {
if (++argidx >= argc)
usage();
canary_process=argv[argidx];
if (++argidx >= argc)
usage();
scratch_folder=argv[argidx];
} else if (!strcmp(argv[argidx], "-canary_run")) {
if (++argidx >= argc)
usage();
canary_run = strtol(argv[argidx], NULL, 0);
} else if (!strcmp(argv[argidx], "-canary_fault")) {
char *dummy;
if (++argidx >= argc)
usage();
canary_fault_run = strtol(argv[argidx], &dummy, 0);
if (++argidx >= argc)
usage();
canary_fault_ops = argv[argidx];
} else if (!strcmp(argv[argidx], "-32")) {
dr_platform = DR_PLATFORM_32BIT;
} else if (!strcmp(argv[argidx], "-64")) {
dr_platform = DR_PLATFORM_64BIT;
} else {
fprintf(stderr, "Unknown option: %s\n", argv[argidx]);
usage();
}
argidx++;
}
/* PR 244206: set the registry view before any registry access */
set_dr_platform(dr_platform);
if (canary_process != NULL || canary_default != 0) {
BOOL result = TRUE;
WCHAR canary_fault_args[MAX_PATH];
CANARY_INFO info = {0};
info.run_flags = canary_run;
info.info_flags = CANARY_INFO_FLAGS_DEFAULT;
info.fault_run = canary_fault_run;
_snwprintf(canary_fault_args, BUFFER_SIZE_ELEMENTS(canary_fault_args),
L"%S", canary_fault_ops);
NULL_TERMINATE_BUFFER(canary_fault_args);
info.canary_fault_args = canary_fault_args;
if (canary_process != NULL && *canary_process != '\0' &&
scratch_folder != NULL && *scratch_folder != '\0') {
wchar_t canary[MAX_PATH], scratch[MAX_PATH], out[MAX_PATH];
FILE *out_file;
_snwprintf(canary, BUFFER_SIZE_ELEMENTS(canary), L"%S", canary_process);
NULL_TERMINATE_BUFFER(canary);
_snwprintf(scratch, BUFFER_SIZE_ELEMENTS(scratch), L"%S\\canary_test",
scratch_folder);
NULL_TERMINATE_BUFFER(scratch);
CreateDirectory(scratch, NULL);
_snwprintf(out, BUFFER_SIZE_ELEMENTS(out), L"%S\\canary_report.crep",
scratch_folder);
out_file = _wfopen(out, L"wb");
/* FIXME - check directory, out_file, and canary proc exist */
result = run_canary_test_ex(out_file, &info, scratch, canary);
} else if (canary_default != 0) {
result = run_canary_test(&info, L_EXPAND_LEVEL(STRINGIFY(BUILD_NUMBER)));
printf("See report file \"%S\"\n", info.report);
}
printf("Canary test - %s enable protection - code 0x%08x\n"
" msg=\"%S\"\n url=\"%S\"\n", result ? "do" : "don\'t",
info.canary_code, info.msg, info.url);
return info.canary_code;
}
if (exists) {
if (get_dynamorio_home() != NULL) {
printf("Registry setup exists\n");
return 0;
}
printf("Registry setup doesn't exist\n");
return 1;
}
if (save) {
_snwprintf(wbuf, MAX_PATH, L"%S", save);
NULL_TERMINATE_BUFFER(wbuf);
checked_operation("save policy", save_policy(wbuf));
}
if (destroy) {
checked_operation("delete product key", destroy_root_key());
if (!load && create == NULL)
return 0;
}
if (load) {
_snwprintf(wbuf, MAX_PATH, L"%S", load);
NULL_TERMINATE_BUFFER(wbuf);
checked_operation("load policy", load_policy(wbuf, FALSE, NULL));
}
if (create != NULL) {
_snwprintf(wbuf, MAX_PATH, L"%S", create);
NULL_TERMINATE_BUFFER(wbuf);
/* FALSE: do not overwrite (preserves old behavior) */
checked_operation("create registry", setup_installation(wbuf, FALSE));
}
/* ensure we init dynamorio_home, case 4009 */
get_dynamorio_home(); /* ignore return value */
if (nudge) {
if (verbose)
printf("-nudge %d -pid %d %s\n", nudge_action_mask, pid, all ? "all" : "");
if (pid == -1) /* explicitly set */
all = 1;
if (all)
checked_operation("nudge all",
generic_nudge_all(nudge_action_mask, nudge_client_arg,
timeout_ms, delay_ms_all));
else
checked_operation("nudge",
generic_nudge(pid, TRUE,
nudge_action_mask,
0, /* client ID (ignored here) */
nudge_client_arg,
timeout_ms));
goto finished;
}
if (detachall) {
checked_operation("detach all",
detach_all(timeout_ms));
goto finished;
}
if (detachpid) {
checked_operation("detach",
detach(detachpid, TRUE, timeout_ms));
goto finished;
}
if (detach_exename) {
_snwprintf(wbuf, MAX_PATH, L"%S", detach_exename);
NULL_TERMINATE_BUFFER(wbuf);
checked_operation("detach-exe",
detach_exe(wbuf, timeout_ms));
goto finished;
}
if (hotp_nudge_pid) {
checked_operation("hot patch update",
hotp_notify_defs_update(hotp_nudge_pid, TRUE,
timeout_ms));
goto finished;
}
if (hotp_modes_nudge_pid) {
checked_operation("hot patch modes update",
hotp_notify_modes_update(hotp_modes_nudge_pid, TRUE,
timeout_ms));
goto finished;
}
if (hotp_nudge_all) {
checked_operation("hot patch nudge all",
hotp_notify_all_defs_update(timeout_ms));
goto finished;
}
if (hotp_modes_nudge_all) {
checked_operation("hot patch modes nudge all",
hotp_notify_all_modes_update(timeout_ms));
goto finished;
}
checked_operation("read config",
read_config_group(&policy, L_PRODUCT_NAME, TRUE));
if (reset) {
remove_children(policy);
policy->should_clear = TRUE;
checked_operation("write registry", write_config_group(policy));
}
working_group = policy;
if (dump || appdump)
goto dumponly;
if (preinject) {
if (0 == strcmp(preinject, "OFF")) {
checked_operation("unset autoinject", unset_autoinjection());
}
else if (0 == strcmp(preinject, "ON")) {
checked_operation("set autoinject", set_autoinjection());
}
else if (0 == strcmp(preinject, "CLEAR")) {
checked_operation("clear autoinject",
set_autoinjection_ex(FALSE,
APPINIT_USE_WHITELIST,
NULL,
L"",
NULL,
NULL,
NULL,
0));
}
else if (0 == strcmp(preinject, "LIST")) {
WCHAR list[MAX_PARAM_LEN];
checked_operation("read appinit",
get_config_parameter(INJECT_ALL_KEY_L,
TRUE,
INJECT_ALL_SUBKEY_L,
list,
MAX_PARAM_LEN));
printf("%S\n", list);
if (is_vista()) {
printf("LoadAppInit is %s\n",
is_loadappinit_set() ? "on" : "off");
}
}
else if (0 == strcmp(preinject, "REPORT")) {
WCHAR list[MAX_PARAM_LEN], *entry, *sep;
checked_operation("read appinit",
get_config_parameter(INJECT_ALL_KEY_L,
TRUE,
INJECT_ALL_SUBKEY_L,
list,
MAX_PARAM_LEN));
entry = get_entry_location(list, L_EXPAND_LEVEL(INJECT_DLL_8_3_NAME),
APPINIT_SEPARATOR_CHAR);
if (NULL != entry) {
sep = wcschr(entry, APPINIT_SEPARATOR_CHAR);
if (NULL != sep)
*sep = L'\0';
printf("%S\n", entry);
if (is_vista()) {
printf("LoadAppInit is %s\n",
is_loadappinit_set() ? "on" : "off");
}
}
}
else if (0 == strcmp(preinject, "LOAD_OFF")) {
checked_operation("unset load autoinject", unset_loadappinit());
}
else if (0 == strcmp(preinject, "LOAD_ON")) {
checked_operation("set load autoinject", set_loadappinit());
}
else {
_snwprintf(wbuf, MAX_PATH, L"%S", preinject);
NULL_TERMINATE_BUFFER(wbuf);
checked_operation("set custom autoinject",
set_autoinjection_ex(TRUE, APPINIT_OVERWRITE,
NULL, NULL, NULL, wbuf,
NULL, 0));
}
if (0 != strcmp(preinject, "LIST") &&
0 != strcmp(preinject, "REPORT") &&
using_system32_for_preinject(NULL)) {
DWORD platform;
if (get_platform(&platform) == ERROR_SUCCESS &&
platform == PLATFORM_WIN_NT_4) {
fprintf(stderr, "Warning! On NT4, new AppInit_DLLs setting will not take effect until reboot!\n");
}
}
}
if (free_eventlog) {
checked_operation("free eventlog", destroy_eventlog());
}
if (eventlog) {
_snwprintf(wbuf, BUFFER_SIZE_ELEMENTS(wbuf), L"%S", eventlog);
NULL_TERMINATE_BUFFER(wbuf);
checked_operation("create eventlog", create_eventlog(wbuf));
}
/* configuration */
if (addapp) {
_snwprintf(wbuf, MAX_PATH, L"%S", addapp);
NULL_TERMINATE_BUFFER(wbuf);
if (NULL == get_child(wbuf, policy)) {
add_config_group(policy, new_config_group(wbuf));
}
}
if (removeapp) {
_snwprintf(wbuf, MAX_PATH, L"%S", removeapp);
NULL_TERMINATE_BUFFER(wbuf);
remove_child(wbuf, policy);
policy->should_clear = TRUE;
}
if (appname) {
_snwprintf(wbuf, MAX_PATH, L"%S", appname);
NULL_TERMINATE_BUFFER(wbuf);
working_group = get_child(wbuf, policy);
if (NULL == working_group) {
working_group = new_config_group(wbuf);
add_config_group(policy, working_group);
}
}
if (run) {
_snwprintf(wbuf, MAX_PATH, L"%d", runval);
NULL_TERMINATE_BUFFER(wbuf);
set_config_group_parameter(working_group,
L_DYNAMORIO_VAR_RUNUNDER, wbuf);
}
if (opstring) {
_snwprintf(wbuf, MAX_PATH, L"%S", opstring);
NULL_TERMINATE_BUFFER(wbuf);
set_config_group_parameter(working_group,
L_DYNAMORIO_VAR_OPTIONS, wbuf);
}
if (drdll) {
_snwprintf(wbuf, MAX_PATH, L"%S", drdll);
NULL_TERMINATE_BUFFER(wbuf);
set_config_group_parameter(working_group,
L_DYNAMORIO_VAR_AUTOINJECT, wbuf);
}
if (drhome) {
_snwprintf(wbuf, MAX_PATH, L"%S", drhome);
NULL_TERMINATE_BUFFER(wbuf);
set_config_group_parameter(working_group,
L_DYNAMORIO_VAR_HOME, wbuf);
}
if (modes) {
_snwprintf(wbuf, MAX_PATH, L"%S", modes);
NULL_TERMINATE_BUFFER(wbuf);
set_config_group_parameter(working_group,
L_DYNAMORIO_VAR_HOT_PATCH_MODES, wbuf);
}
if (defs) {
_snwprintf(wbuf, MAX_PATH, L"%S", defs);
NULL_TERMINATE_BUFFER(wbuf);
set_config_group_parameter(working_group,
L_DYNAMORIO_VAR_HOT_PATCH_POLICIES, wbuf);
}
if (logdir) {
_snwprintf(wbuf, MAX_PATH, L"%S", logdir);
NULL_TERMINATE_BUFFER(wbuf);
set_config_group_parameter(working_group,
L_DYNAMORIO_VAR_LOGDIR, wbuf);
}
if (sharedcache) {
/* note if the sharedcache root directory doesn't exist it should be
* created before calling this function */
_snwprintf(wbuf, MAX_PATH, L"%S", sharedcache);
NULL_TERMINATE_BUFFER(wbuf);
res = setup_cache_shared_directories(wbuf);
if (res != ERROR_SUCCESS) {
fprintf(stderr, "error %d creating directories!\n", res);
}
setup_cache_shared_registry(wbuf, working_group);
}
checked_operation("write policy", write_config_group(policy));
dumponly:
if (appdump) {
_snwprintf(wbuf, MAX_PATH, L"%S", appdump);
NULL_TERMINATE_BUFFER(wbuf);
working_group = get_child(wbuf, policy);
}
else {
working_group = policy;
}
if (dump || appdump) {
if (NULL == working_group)
fprintf(stderr, "No Configuration Exists!\n");
else
dump_config_group(""," ",working_group,FALSE);
}
finished:
if (policy != NULL)
free_config_group(policy);
return 0;
}
int main_seinject(int argc, char **argv) {
char *policy = NULL, *source = NULL, *target = NULL, *clazz = NULL, *perm = NULL, *perm_token = NULL, *perm_saveptr = NULL, *outfile = NULL, *permissive = NULL;
policydb_t policydb;
struct policy_file pf, outpf;
sidtab_t sidtab;
int ret_add_rule;
int load = 0;
int quiet = 0;
FILE *fp;
int i;
for (i=1; i<argc; i++) {
if (argv[i][0] == '-') {
if (argv[i][1] == 's') {
i++;
source = argv[i];
continue;
}
if (argv[i][1] == 't') {
i++;
target = argv[i];
continue;
}
if (argv[i][1] == 'c') {
i++;
clazz = argv[i];
continue;
}
if (argv[i][1] == 'p') {
i++;
perm = argv[i];
continue;
}
if (argv[i][1] == 'P') {
i++;
policy = argv[i];
continue;
}
if (argv[i][1] == 'o') {
i++;
outfile = argv[i];
continue;
}
if (argv[i][1] == 'Z') {
i++;
permissive = argv[i];
continue;
}
if (argv[i][1] == 'l') {
load = 1;
continue;
}
if (argv[i][1] == 'q') {
quiet = 1;
continue;
}
break;
}
}
if (i < argc || argc == 1 || ((!source || !target || !clazz || !perm) && !permissive)) {
fprintf(stderr, "%s -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]\n", argv[0]);
fprintf(stderr, "%s -Z permissive_type [-P <policy file>] [-o <output file>] [-l|--load]\n", argv[0]);
exit(1);
}
if (!policy)
policy = "/sys/fs/selinux/policy";
sepol_set_policydb(&policydb);
sepol_set_sidtab(&sidtab);
if (load_policy(policy, &policydb, &pf)) {
fprintf(stderr, "Could not load policy\n");
return 1;
}
if (policydb_load_isids(&policydb, &sidtab))
return 1;
if (permissive) {
type_datum_t *type;
type = hashtab_search(policydb.p_types.table, permissive);
if (type == NULL) {
fprintf(stderr, "type %s does not exist\n", permissive);
return 2;
}
if (ebitmap_set_bit(&policydb.permissive_map, type->s.value, 1)) {
fprintf(stderr, "Could not set bit in permissive map\n");
return 1;
}
} else {
perm_token = strtok_r(perm, ",", &perm_saveptr);
while (perm_token) {
ret_add_rule = add_rule(source, target, clazz, perm_token, &policydb);
if (ret_add_rule) {
fprintf(stderr, "Could not add rule for perm: %s\n", perm_token);
return ret_add_rule;
}
perm_token = strtok_r(NULL, ",", &perm_saveptr);
}
}
if (outfile) {
fp = fopen(outfile, "wb");
if (!fp) {
fprintf(stderr, "Could not open outfile\n");
return 1;
}
policy_file_init(&outpf);
outpf.type = PF_USE_STDIO;
outpf.fp = fp;
if (policydb_write(&policydb, &outpf)) {
fprintf(stderr, "Could not write policy\n");
return 1;
}
fclose(fp);
}
if (load) {
if (load_policy_into_kernel(&policydb)) {
fprintf(stderr, "Could not load new policy into kernel\n");
return 1;
}
}
policydb_destroy(&policydb);
if (quiet == 0)
fprintf(stdout, "Success\n");
return 0;
}
/**
* Create a new ndnr instance
* @param progname - name of program binary, used for locating helpers
* @param logger - logger function
* @param loggerdata - data to pass to logger function
*/
PUBLIC struct ndnr_handle *
r_init_create(const char *progname, ndnr_logger logger, void *loggerdata)
{
char *sockname = NULL;
const char *portstr = NULL;
const char *listen_on = NULL;
const char *d = NULL;
struct ndnr_handle *h = NULL;
struct hashtb_param param = {0};
struct ndn_charbuf *config = NULL;
int res;
h = calloc(1, sizeof(*h));
if (h == NULL)
return(h);
h->notify_after = 0; //NDNR_MAX_ACCESSION;
h->logger = logger;
h->loggerdata = loggerdata;
h->logpid = (int)getpid();
h->progname = progname;
h->debug = -1;
config = r_init_read_config(h);
if (config == NULL)
goto Bail;
r_init_parse_config(h, config, 0); /* silent pass to pick up NDNR_DEBUG */
h->debug = 1; /* so that we see any complaints */
h->debug = r_init_debug_getenv(h, "NDNR_DEBUG");
res = r_init_parse_config(h, config, 1);
if (res < 0) {
h->running = -1;
goto Bail;
}
r_init_parse_config(h, config, 2);
sockname = r_net_get_local_sockname();
h->skiplinks = ndn_indexbuf_create();
h->face_limit = 10; /* soft limit */
h->fdholder_by_fd = calloc(h->face_limit, sizeof(h->fdholder_by_fd[0]));
param.finalize_data = h;
param.finalize = &r_fwd_finalize_nameprefix;
h->nameprefix_tab = hashtb_create(sizeof(struct nameprefix_entry), ¶m);
param.finalize = 0; // PRUNED &r_fwd_finalize_propagating;
h->propagating_tab = hashtb_create(sizeof(struct propagating_entry), ¶m);
param.finalize = &r_proto_finalize_enum_state;
h->enum_state_tab = hashtb_create(sizeof(struct enum_state), ¶m);
h->min_stale = ~0;
h->max_stale = 0;
h->unsol = ndn_indexbuf_create();
h->ticktock.descr[0] = 'C';
h->ticktock.micros_per_base = 1000000;
h->ticktock.gettime = &r_util_gettime;
h->ticktock.data = h;
h->sched = ndn_schedule_create(h, &h->ticktock);
h->starttime = h->sec;
h->starttime_usec = h->usec;
h->oldformatcontentgrumble = 1;
h->oldformatinterestgrumble = 1;
h->cob_limit = 4201;
h->start_write_scope_limit = r_init_confval(h, "NDNR_START_WRITE_SCOPE_LIMIT", 0, 3, 3);
h->debug = 1; /* so that we see any complaints */
h->debug = r_init_debug_getenv(h, "NDNR_DEBUG");
h->syncdebug = r_init_debug_getenv(h, "NDNS_DEBUG");
portstr = getenv("NDNR_STATUS_PORT");
if (portstr == NULL || portstr[0] == 0 || strlen(portstr) > 10)
portstr = "";
h->portstr = portstr;
ndnr_msg(h, "NDNR_DEBUG=%d NDNR_DIRECTORY=%s NDNR_STATUS_PORT=%s", h->debug, h->directory, h->portstr);
listen_on = getenv("NDNR_LISTEN_ON");
if (listen_on != NULL && listen_on[0] != 0)
ndnr_msg(h, "NDNR_LISTEN_ON=%s", listen_on);
if (ndnr_init_repo_keystore(h, NULL) < 0) {
h->running = -1;
goto Bail;
}
r_util_reseed(h);
r_store_init(h);
if (h->running == -1) goto Bail;
while (h->active_in_fd >= 0) {
r_dispatch_process_input(h, h->active_in_fd);
r_store_trim(h, h->cob_limit);
ndn_schedule_run(h->sched);
}
ndnr_msg(h, "Repository file is indexed");
if (h->face0 == NULL) {
struct fdholder *fdholder;
fdholder = calloc(1, sizeof(*fdholder));
if (dup2(open("/dev/null", O_RDONLY), 0) == -1)
ndnr_msg(h, "stdin: %s", strerror(errno));
fdholder->filedesc = 0;
fdholder->flags = (NDNR_FACE_GG | NDNR_FACE_NORECV);
r_io_enroll_face(h, fdholder);
}
ndnr_direct_client_start(h);
d = getenv("NDNR_SKIP_VERIFY");
#if (NDN_API_VERSION >= 4004)
if (d != NULL && strcmp(d, "1") == 0) {
ndnr_msg(h, "NDNR_SKIP_VERIFY=%s", d);
ndn_defer_verification(h->direct_client, 1);
}
#endif
if (ndn_connect(h->direct_client, NULL) != -1) {
int af = 0;
int bufsize;
int flags;
int fd;
struct fdholder *fdholder;
fd = ndn_get_connection_fd(h->direct_client);
// Play a dirty trick here - if this wins, we can fix it right in the c lib later on...
af = try_tcp_instead(fd);
flags = NDNR_FACE_NDND;
if (af == AF_INET)
flags |= NDNR_FACE_INET;
else if (af == AF_INET6)
flags |= NDNR_FACE_INET6;
else
flags |= NDNR_FACE_LOCAL;
fdholder = r_io_record_fd(h, fd, "NDND", 5, flags);
if (fdholder == NULL) abort();
ndnr_uri_listen(h, h->direct_client, "ndn:/%C1.M.S.localhost/%C1.M.SRV/repository",
&ndnr_answer_req, OP_SERVICE);
ndnr_uri_listen(h, h->direct_client, "ndn:/%C1.M.S.neighborhood/%C1.M.SRV/repository",
&ndnr_answer_req, OP_SERVICE);
bufsize = r_init_confval(h, "NDNR_MIN_SEND_BUFSIZE", 1, 2097152, 16384);
establish_min_send_bufsize(h, fd, bufsize);
}
else
ndn_disconnect(h->direct_client); // Apparently ndn_connect error case needs work.
if (1 == r_init_confval(h, "NDNS_ENABLE", 0, 1, 1)) {
h->sync_plumbing = calloc(1, sizeof(struct sync_plumbing));
h->sync_plumbing->ndn = h->direct_client;
h->sync_plumbing->sched = h->sched;
h->sync_plumbing->client_methods = &sync_client_methods;
h->sync_plumbing->client_data = h;
h->sync_base = SyncNewBaseForActions(h->sync_plumbing);
}
if (-1 == load_policy(h))
goto Bail;
r_net_listen_on(h, listen_on);
ndnr_internal_client_start(h);
r_proto_init(h);
r_proto_activate_policy(h, h->parsed_policy);
if (merge_files(h) == -1)
r_init_fail(h, __LINE__, "Unable to merge additional repository data files.", errno);
if (h->running == -1) goto Bail;
if (h->sync_plumbing) {
// Start sync running
// returns < 0 if a failure occurred
// returns 0 if the name updates should fully restart
// returns > 0 if the name updates should restart at last fence
res = h->sync_plumbing->sync_methods->sync_start(h->sync_plumbing, NULL);
if (res < 0) {
r_init_fail(h, __LINE__, "starting sync", res);
abort();
}
else if (res > 0) {
// XXX: need to work out details of starting from last fence.
// By examination of code, SyncActions won't take this path
}
}
Bail:
if (sockname)
free(sockname);
sockname = NULL;
ndn_charbuf_destroy(&config);
if (h->running == -1)
r_init_destroy(&h);
return(h);
}
