summaryrefslogtreecommitdiff
path: root/src/stringrep.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/stringrep.c')
-rw-r--r--src/stringrep.c277
1 files changed, 0 insertions, 277 deletions
diff --git a/src/stringrep.c b/src/stringrep.c
deleted file mode 100644
index c867222..0000000
--- a/src/stringrep.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * String representation support for classes and permissions.
- */
-#include <sys/stat.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <unistd.h>
-#include <errno.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdint.h>
-#include <ctype.h>
-#include "selinux_internal.h"
-#include "policy.h"
-#include "mapping.h"
-
-#define MAXVECTORS 8*sizeof(access_vector_t)
-
-struct discover_class_node {
- char *name;
- security_class_t value;
- char **perms;
-
- struct discover_class_node *next;
-};
-
-static struct discover_class_node *discover_class_cache = NULL;
-
-static struct discover_class_node * get_class_cache_entry_name(const char *s)
-{
- struct discover_class_node *node = discover_class_cache;
-
- for (; node != NULL && strcmp(s,node->name) != 0; node = node->next);
-
- return node;
-}
-
-static struct discover_class_node * get_class_cache_entry_value(security_class_t c)
-{
- struct discover_class_node *node = discover_class_cache;
-
- for (; node != NULL && c != node->value; node = node->next);
-
- return node;
-}
-
-static struct discover_class_node * discover_class(const char *s)
-{
- int fd, ret;
- char path[PATH_MAX];
- char buf[20];
- DIR *dir;
- struct dirent *dentry;
- size_t i;
-
- struct discover_class_node *node;
-
- if (!selinux_mnt) {
- errno = ENOENT;
- return NULL;
- }
-
- /* allocate a node */
- node = malloc(sizeof(struct discover_class_node));
- if (node == NULL)
- return NULL;
-
- /* allocate array for perms */
- node->perms = calloc(MAXVECTORS,sizeof(char*));
- if (node->perms == NULL)
- goto err1;
-
- /* load up the name */
- node->name = strdup(s);
- if (node->name == NULL)
- goto err2;
-
- /* load up class index */
- snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s);
- fd = open(path, O_RDONLY);
- if (fd < 0)
- goto err3;
-
- memset(buf, 0, sizeof(buf));
- ret = read(fd, buf, sizeof(buf) - 1);
- close(fd);
- if (ret < 0)
- goto err3;
-
- if (sscanf(buf, "%hu", &node->value) != 1)
- goto err3;
-
- /* load up permission indicies */
- snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s);
- dir = opendir(path);
- if (dir == NULL)
- goto err3;
-
- dentry = readdir(dir);
- while (dentry != NULL) {
- unsigned int value;
- struct stat m;
-
- snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
- fd = open(path, O_RDONLY | O_CLOEXEC);
- if (fd < 0)
- goto err4;
-
- if (fstat(fd, &m) < 0) {
- close(fd);
- goto err4;
- }
-
- if (m.st_mode & S_IFDIR) {
- close(fd);
- dentry = readdir(dir);
- continue;
- }
-
- memset(buf, 0, sizeof(buf));
- ret = read(fd, buf, sizeof(buf) - 1);
- close(fd);
- if (ret < 0)
- goto err4;
-
- if (sscanf(buf, "%u", &value) != 1)
- goto err4;
-
- if (value == 0 || value > MAXVECTORS)
- goto err4;
-
- node->perms[value-1] = strdup(dentry->d_name);
- if (node->perms[value-1] == NULL)
- goto err4;
-
- dentry = readdir(dir);
- }
- closedir(dir);
-
- node->next = discover_class_cache;
- discover_class_cache = node;
-
- return node;
-
-err4:
- closedir(dir);
- for (i=0; i<MAXVECTORS; i++)
- free(node->perms[i]);
-err3:
- free(node->name);
-err2:
- free(node->perms);
-err1:
- free(node);
- return NULL;
-}
-
-security_class_t string_to_security_class(const char *s)
-{
- struct discover_class_node *node;
-
- node = get_class_cache_entry_name(s);
- if (node == NULL) {
- node = discover_class(s);
-
- if (node == NULL) {
- errno = EINVAL;
- return 0;
- }
- }
-
- return map_class(node->value);
-}
-
-access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
-{
- struct discover_class_node *node;
- security_class_t kclass = unmap_class(tclass);
-
- node = get_class_cache_entry_value(kclass);
- if (node != NULL) {
- size_t i;
- for (i=0; i<MAXVECTORS && node->perms[i] != NULL; i++)
- if (strcmp(node->perms[i],s) == 0)
- return map_perm(tclass, 1<<i);
- }
-
- errno = EINVAL;
- return 0;
-}
-
-const char *security_class_to_string(security_class_t tclass)
-{
- struct discover_class_node *node;
-
- tclass = unmap_class(tclass);
-
- node = get_class_cache_entry_value(tclass);
- if (node)
- return node->name;
- return NULL;
-}
-
-const char *security_av_perm_to_string(security_class_t tclass,
- access_vector_t av)
-{
- struct discover_class_node *node;
- size_t i;
-
- av = unmap_perm(tclass, av);
- tclass = unmap_class(tclass);
-
- node = get_class_cache_entry_value(tclass);
- if (av && node)
- for (i = 0; i<MAXVECTORS; i++)
- if ((1<<i) & av)
- return node->perms[i];
-
- return NULL;
-}
-
-int security_av_string(security_class_t tclass, access_vector_t av, char **res)
-{
- unsigned int i = 0;
- size_t len = 5;
- access_vector_t tmp = av;
- int rc = 0;
- const char *str;
- char *ptr;
-
- /* first pass computes the required length */
- while (tmp) {
- if (tmp & 1) {
- str = security_av_perm_to_string(tclass, av & (1<<i));
- if (str)
- len += strlen(str) + 1;
- else {
- rc = -1;
- errno = EINVAL;
- goto out;
- }
- }
- tmp >>= 1;
- i++;
- }
-
- *res = malloc(len);
- if (!*res) {
- rc = -1;
- goto out;
- }
-
- /* second pass constructs the string */
- i = 0;
- tmp = av;
- ptr = *res;
-
- if (!av) {
- sprintf(ptr, "null");
- goto out;
- }
-
- ptr += sprintf(ptr, "{ ");
- while (tmp) {
- if (tmp & 1)
- ptr += sprintf(ptr, "%s ", security_av_perm_to_string(
- tclass, av & (1<<i)));
- tmp >>= 1;
- i++;
- }
- sprintf(ptr, "}");
-out:
- return rc;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 23:07:56 +0000