int linker_test_init(void)
{
int i;
if (test_load_policy(&linkedbase, POLICY_BASE, mls, "test-linker", policies[BASEMOD]))
return -1;
if (test_load_policy(&basenomods, POLICY_BASE, mls, "test-linker", policies[BASEMOD]))
return -1;
for (i = 0; i < NUM_MODS; i++) {
modules[i] = calloc(1, sizeof(*modules[i]));
if (!modules[i]) {
fprintf(stderr, "out of memory!\n");
return -1;
}
if (test_load_policy(modules[i], POLICY_MOD, mls, "test-linker", policies[i]))
return -1;
}
if (link_modules(NULL, &linkedbase, modules, NUM_MODS, 0)) {
fprintf(stderr, "link modules failed\n");
return -1;
}
if (link_modules(NULL, &basenomods, NULL, 0, 0)) {
fprintf(stderr, "link modules failed\n");
return -1;
}
return 0;
}
/* Links the module packages into the base. Returns 0 on success, -1
* if a requirement was not met, or -2 for all other errors. */
int sepol_link_packages(sepol_handle_t *handle,
sepol_module_package_t *base,
sepol_module_package_t **modules, int num_modules,
int verbose)
{
policydb_t **mod_pols = NULL;
int i, retval;
if ((mod_pols = calloc(num_modules, sizeof(*mod_pols))) == NULL) {
ERR(handle, "Out of memory!");
return -2;
}
for (i = 0; i < num_modules; i++) {
mod_pols[i] = &modules[i]->policy->p;
}
retval = link_modules(handle, &base->policy->p, mod_pols, num_modules,
verbose);
free(mod_pols);
if (retval == -3) {
return -1;
}
else if (retval < 0) {
return -2;
}
if (link_file_contexts(base, modules, num_modules) == -1) {
ERR(handle, "Out of memory!");
return -2;
}
return 0;
}
int sepol_link_modules(sepol_handle_t * handle,
sepol_policydb_t * base,
sepol_policydb_t ** modules, size_t len, int verbose)
{
return link_modules(handle, &base->p, (policydb_t **) modules, len,
verbose);
}
/* Takes base, some number of modules, links them, and expands them
reads source from myfiles array, which has the base string followed by
each module string */
int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, const char *const *myfiles)
{
char *filename[num_modules + 1];
int i;
for (i = 0; i < num_modules + 1; i++) {
filename[i] = calloc(PATH_MAX, sizeof(char));
if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0)
return -1;
}
if (policydb_init(mybase)) {
fprintf(stderr, "out of memory!\n");
return -1;
}
for (i = 0; i < num_modules; i++) {
if (policydb_init(mymodules[i])) {
fprintf(stderr, "out of memory!\n");
return -1;
}
}
if (policydb_init(myexpanded)) {
fprintf(stderr, "out of memory!\n");
return -1;
}
mybase->policy_type = POLICY_BASE;
mybase->mls = mls;
if (read_source_policy(mybase, filename[0], myfiles[0])) {
fprintf(stderr, "read source policy failed %s\n", filename[0]);
return -1;
}
for (i = 1; i < num_modules + 1; i++) {
mymodules[i - 1]->policy_type = POLICY_MOD;
mymodules[i - 1]->mls = mls;
if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) {
fprintf(stderr, "read source policy failed %s\n", filename[i]);
return -1;
}
}
if (link_modules(NULL, mybase, mymodules, num_modules, 0)) {
fprintf(stderr, "link modules failed\n");
return -1;
}
if (expand_module(NULL, mybase, myexpanded, 0, 0)) {
fprintf(stderr, "expand modules failed\n");
return -1;
}
for (i = 0; i < num_modules + 1; i++) {
free(filename[i]);
}
return 0;
}
int cond_test_init(void)
{
if (policydb_init(&base_expanded)) {
fprintf(stderr, "out of memory!\n");
policydb_destroy(&basemod);
return -1;
}
if (test_load_policy(&basemod, POLICY_BASE, 1, "test-cond", "refpolicy-base.conf"))
goto cleanup;
if (link_modules(NULL, &basemod, NULL, 0, 0)) {
fprintf(stderr, "link modules failed\n");
goto cleanup;
}
if (expand_module(NULL, &basemod, &base_expanded, 0, 1)) {
fprintf(stderr, "expand module failed\n");
goto cleanup;
}
return 0;
cleanup:
policydb_destroy(&basemod);
policydb_destroy(&base_expanded);
return -1;
}
int main(int argc, char **argv)
{
char *file = txtfile, *outfile = NULL;
unsigned int binary = 0;
int ch;
int show_version = 0;
policydb_t modpolicydb;
struct option long_options[] = {
{"help", no_argument, NULL, 'h'},
{"output", required_argument, NULL, 'o'},
{"binary", no_argument, NULL, 'b'},
{"version", no_argument, NULL, 'V'},
{"handle-unknown", optional_argument, NULL, 'U'},
{"mls", no_argument, NULL, 'M'},
{NULL, 0, NULL, 0}
};
while ((ch = getopt_long(argc, argv, "ho:bVU:mM", long_options, NULL)) != -1) {
switch (ch) {
case 'h':
usage(argv[0]);
break;
case 'o':
outfile = optarg;
break;
case 'b':
binary = 1;
file = binfile;
break;
case 'V':
show_version = 1;
break;
case 'U':
if (!strcasecmp(optarg, "deny")) {
handle_unknown = DENY_UNKNOWN;
break;
}
if (!strcasecmp(optarg, "reject")) {
handle_unknown = REJECT_UNKNOWN;
break;
}
if (!strcasecmp(optarg, "allow")) {
handle_unknown = ALLOW_UNKNOWN;
break;
}
usage(argv[0]);
case 'm':
policy_type = POLICY_MOD;
policyvers = MOD_POLICYDB_VERSION_MAX;
break;
case 'M':
mlspol = 1;
break;
default:
usage(argv[0]);
}
}
if (show_version) {
printf("Module versions %d-%d\n",
MOD_POLICYDB_VERSION_MIN, MOD_POLICYDB_VERSION_MAX);
exit(0);
}
if (handle_unknown && (policy_type != POLICY_BASE)) {
printf("Handling of unknown classes and permissions is only ");
printf("valid in the base module\n");
exit(1);
}
if (optind != argc) {
file = argv[optind++];
if (optind != argc)
usage(argv[0]);
}
printf("%s: loading policy configuration from %s\n", argv[0], file);
/* Set policydb and sidtab used by libsepol service functions
to my structures, so that I can directly populate and
manipulate them. */
sepol_set_policydb(&modpolicydb);
sepol_set_sidtab(&sidtab);
if (binary) {
if (read_binary_policy(&modpolicydb, file, argv[0]) == -1) {
exit(1);
}
} else {
if (policydb_init(&modpolicydb)) {
fprintf(stderr, "%s: out of memory!\n", argv[0]);
return -1;
}
modpolicydb.policy_type = policy_type;
modpolicydb.mls = mlspol;
modpolicydb.handle_unknown = handle_unknown;
if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {
exit(1);
}
if (hierarchy_check_constraints(NULL, &modpolicydb)) {
return -1;
}
}
if (modpolicydb.policy_type == POLICY_BASE) {
/* Verify that we can successfully expand the base module. */
policydb_t kernpolicydb;
if (policydb_init(&kernpolicydb)) {
fprintf(stderr, "%s: policydb_init failed\n", argv[0]);
exit(1);
}
if (link_modules(NULL, &modpolicydb, NULL, 0, 0)) {
fprintf(stderr, "%s: link modules failed\n", argv[0]);
exit(1);
}
if (expand_module(NULL, &modpolicydb, &kernpolicydb, 0, 1)) {
fprintf(stderr, "%s: expand module failed\n", argv[0]);
exit(1);
}
policydb_destroy(&kernpolicydb);
}
if (policydb_load_isids(&modpolicydb, &sidtab))
exit(1);
sepol_sidtab_destroy(&sidtab);
printf("%s: policy configuration loaded\n", argv[0]);
if (outfile &&
write_binary_policy(&modpolicydb, outfile, argv[0]) == -1) {
exit(1);
}
policydb_destroy(&modpolicydb);
return 0;
}