1 #include <getopt.h> 2 #include <stdbool.h> 3 #include <stdio.h> 4 #include <stdlib.h> 5 #include <string.h> 6 #include <unistd.h> 7 #include <sepol/module.h> 8 #include <sepol/policydb/policydb.h> 9 #include <sepol/sepol.h> 10 #include <selinux/selinux.h> 11 #include <selinux/label.h> 12 #include <sys/stat.h> 13 #include <sys/types.h> 14 15 static const char * const CHECK_FC_ASSERT_ATTRS[] = { "fs_type", "dev_type", "file_type", NULL }; 16 static const char * const CHECK_PC_ASSERT_ATTRS[] = { "property_type", NULL }; 17 static const char * const CHECK_SC_ASSERT_ATTRS[] = { "service_manager_type", NULL }; 18 19 typedef enum filemode filemode; 20 enum filemode { 21 filemode_file_contexts = 0, 22 filemode_property_contexts, 23 filemode_service_contexts 24 }; 25 26 static struct { 27 /* policy */ 28 struct { 29 union { 30 /* Union these so we don't have to cast */ 31 sepol_policydb_t *sdb; 32 policydb_t *pdb; 33 }; 34 sepol_policy_file_t *pf; 35 sepol_handle_t *handle; 36 FILE *file; 37 #define SEHANDLE_CNT 2 38 struct selabel_handle *sehnd[SEHANDLE_CNT]; 39 } sepolicy; 40 41 /* assertions */ 42 struct { 43 const char * const *attrs; /* for the original set to print on error */ 44 ebitmap_t set; /* the ebitmap representation of the attrs */ 45 } assert; 46 47 } global_state; 48 49 static const char * const *filemode_to_assert_attrs(filemode mode) 50 { 51 switch (mode) { 52 case filemode_file_contexts: 53 return CHECK_FC_ASSERT_ATTRS; 54 case filemode_property_contexts: 55 return CHECK_PC_ASSERT_ATTRS; 56 case filemode_service_contexts: 57 return CHECK_SC_ASSERT_ATTRS; 58 } 59 /* die on invalid parameters */ 60 fprintf(stderr, "Error: Invalid mode of operation: %d\n", mode); 61 exit(1); 62 } 63 64 static int get_attr_bit(policydb_t *policydb, const char *attr_name) 65 { 66 struct type_datum *attr = hashtab_search(policydb->p_types.table, (char *)attr_name); 67 if (!attr) { 68 fprintf(stderr, "Error: \"%s\" is not defined in this policy.\n", attr_name); 69 return -1; 70 } 71 72 if (attr->flavor != TYPE_ATTRIB) { 73 fprintf(stderr, "Error: \"%s\" is not an attribute in this policy.\n", attr_name); 74 return -1; 75 } 76 77 return attr->s.value - 1; 78 } 79 80 static bool ebitmap_attribute_assertion_init(ebitmap_t *assertions, const char * const attributes[]) 81 { 82 83 while (*attributes) { 84 85 int bit_pos = get_attr_bit(global_state.sepolicy.pdb, *attributes); 86 if (bit_pos < 0) { 87 /* get_attr_bit() logs error */ 88 return false; 89 } 90 91 int err = ebitmap_set_bit(assertions, bit_pos, 1); 92 if (err) { 93 fprintf(stderr, "Error: setting bit on assertion ebitmap!\n"); 94 return false; 95 } 96 attributes++; 97 } 98 return true; 99 } 100 101 static bool is_type_of_attribute_set(policydb_t *policydb, const char *type_name, 102 ebitmap_t *attr_set) 103 { 104 struct type_datum *type = hashtab_search(policydb->p_types.table, (char *)type_name); 105 if (!type) { 106 fprintf(stderr, "Error: \"%s\" is not defined in this policy.\n", type_name); 107 return false; 108 } 109 110 if (type->flavor != TYPE_TYPE) { 111 fprintf(stderr, "Error: \"%s\" is not a type in this policy.\n", type_name); 112 return false; 113 } 114 115 ebitmap_t dst; 116 ebitmap_init(&dst); 117 118 /* Take the intersection, if the set is empty, then its a failure */ 119 int rc = ebitmap_and(&dst, attr_set, &policydb->type_attr_map[type->s.value - 1]); 120 if (rc) { 121 fprintf(stderr, "Error: Could not perform ebitmap_and: %d\n", rc); 122 exit(1); 123 } 124 125 bool res = (bool)ebitmap_length(&dst); 126 127 ebitmap_destroy(&dst); 128 return res; 129 } 130 131 static void dump_char_array(FILE *stream, const char * const *strings) 132 { 133 134 const char * const *p = strings; 135 136 fprintf(stream, "\""); 137 138 while (*p) { 139 const char *s = *p++; 140 const char *fmt = *p ? "%s, " : "%s\""; 141 fprintf(stream, fmt, s); 142 } 143 } 144 145 static int validate(char **contextp) 146 { 147 bool res; 148 char *context = *contextp; 149 150 sepol_context_t *ctx; 151 int rc = sepol_context_from_string(global_state.sepolicy.handle, context, 152 &ctx); 153 if (rc < 0) { 154 fprintf(stderr, "Error: Could not allocate context from string"); 155 exit(1); 156 } 157 158 rc = sepol_context_check(global_state.sepolicy.handle, 159 global_state.sepolicy.sdb, ctx); 160 if (rc < 0) { 161 goto out; 162 } 163 164 const char *type_name = sepol_context_get_type(ctx); 165 166 uint32_t len = ebitmap_length(&global_state.assert.set); 167 if (len > 0) { 168 res = !is_type_of_attribute_set(global_state.sepolicy.pdb, type_name, 169 &global_state.assert.set); 170 if (res) { 171 fprintf(stderr, "Error: type \"%s\" is not of set: ", type_name); 172 dump_char_array(stderr, global_state.assert.attrs); 173 fprintf(stderr, "\n"); 174 /* The calls above did not affect rc, so set error before going to out */ 175 rc = -1; 176 goto out; 177 } 178 } 179 /* Success: Although it should be 0, we explicitly set rc to 0 for clarity */ 180 rc = 0; 181 182 out: 183 sepol_context_free(ctx); 184 return rc; 185 } 186 187 static void usage(char *name) { 188 fprintf(stderr, "usage1: %s [-p|-s] [-e] sepolicy context_file\n\n" 189 "Parses a context file and checks for syntax errors.\n" 190 "The context_file is assumed to be a file_contexts file\n" 191 "unless the -p or -s option is used to indicate the property or service backend respectively.\n" 192 "If -e is specified, then the context_file is allowed to be empty.\n\n" 193 194 "usage2: %s -c file_contexts1 file_contexts2\n\n" 195 "Compares two file contexts files and reports one of subset, equal, superset, or incomparable.\n\n", 196 name, name); 197 exit(1); 198 } 199 200 static void cleanup(void) { 201 202 if (global_state.sepolicy.file) { 203 fclose(global_state.sepolicy.file); 204 } 205 206 if (global_state.sepolicy.sdb) { 207 sepol_policydb_free(global_state.sepolicy.sdb); 208 } 209 210 if (global_state.sepolicy.pf) { 211 sepol_policy_file_free(global_state.sepolicy.pf); 212 } 213 214 if (global_state.sepolicy.handle) { 215 sepol_handle_destroy(global_state.sepolicy.handle); 216 } 217 218 ebitmap_destroy(&global_state.assert.set); 219 220 int i; 221 for (i = 0; i < SEHANDLE_CNT; i++) { 222 struct selabel_handle *sehnd = global_state.sepolicy.sehnd[i]; 223 if (sehnd) { 224 selabel_close(sehnd); 225 } 226 } 227 } 228 229 static void do_compare_and_die_on_error(struct selinux_opt opts[], unsigned int backend, char *paths[]) 230 { 231 enum selabel_cmp_result result; 232 char *result_str[] = { "subset", "equal", "superset", "incomparable" }; 233 int i; 234 235 opts[0].value = NULL; /* not validating against a policy when comparing */ 236 237 for (i = 0; i < SEHANDLE_CNT; i++) { 238 opts[1].value = paths[i]; 239 global_state.sepolicy.sehnd[i] = selabel_open(backend, opts, 2); 240 if (!global_state.sepolicy.sehnd[i]) { 241 fprintf(stderr, "Error: could not load context file from %s\n", paths[i]); 242 exit(1); 243 } 244 } 245 246 result = selabel_cmp(global_state.sepolicy.sehnd[0], global_state.sepolicy.sehnd[1]); 247 printf("%s\n", result_str[result]); 248 } 249 250 static void do_fc_check_and_die_on_error(struct selinux_opt opts[], unsigned int backend, filemode mode, 251 const char *sepolicy_file, const char *context_file, bool allow_empty) 252 { 253 struct stat sb; 254 if (stat(context_file, &sb) < 0) { 255 perror("Error: could not get stat on file contexts file"); 256 exit(1); 257 } 258 259 if (sb.st_size == 0) { 260 /* Nothing to check on empty file_contexts file if allowed*/ 261 if (allow_empty) { 262 return; 263 } 264 /* else: We could throw the error here, but libselinux backend will catch it */ 265 } 266 267 global_state.sepolicy.file = fopen(sepolicy_file, "r"); 268 if (!global_state.sepolicy.file) { 269 perror("Error: could not open policy file"); 270 exit(1); 271 } 272 273 global_state.sepolicy.handle = sepol_handle_create(); 274 if (!global_state.sepolicy.handle) { 275 fprintf(stderr, "Error: could not create policy handle: %s\n", strerror(errno)); 276 exit(1); 277 } 278 279 if (sepol_policy_file_create(&global_state.sepolicy.pf) < 0) { 280 perror("Error: could not create policy handle"); 281 exit(1); 282 } 283 284 sepol_policy_file_set_fp(global_state.sepolicy.pf, global_state.sepolicy.file); 285 sepol_policy_file_set_handle(global_state.sepolicy.pf, global_state.sepolicy.handle); 286 287 int rc = sepol_policydb_create(&global_state.sepolicy.sdb); 288 if (rc < 0) { 289 perror("Error: could not create policy db"); 290 exit(1); 291 } 292 293 rc = sepol_policydb_read(global_state.sepolicy.sdb, global_state.sepolicy.pf); 294 if (rc < 0) { 295 perror("Error: could not read file into policy db"); 296 exit(1); 297 } 298 299 global_state.assert.attrs = filemode_to_assert_attrs(mode); 300 301 bool ret = ebitmap_attribute_assertion_init(&global_state.assert.set, global_state.assert.attrs); 302 if (!ret) { 303 /* error messages logged by ebitmap_attribute_assertion_init() */ 304 exit(1); 305 } 306 307 selinux_set_callback(SELINUX_CB_VALIDATE, 308 (union selinux_callback)&validate); 309 310 opts[1].value = context_file; 311 312 global_state.sepolicy.sehnd[0] = selabel_open(backend, opts, 2); 313 if (!global_state.sepolicy.sehnd[0]) { 314 fprintf(stderr, "Error: could not load context file from %s\n", context_file); 315 exit(1); 316 } 317 } 318 319 int main(int argc, char **argv) 320 { 321 struct selinux_opt opts[] = { 322 { SELABEL_OPT_VALIDATE, (void*)1 }, 323 { SELABEL_OPT_PATH, NULL } 324 }; 325 326 // Default backend unless changed by input argument. 327 unsigned int backend = SELABEL_CTX_FILE; 328 329 bool allow_empty = false; 330 bool compare = false; 331 char c; 332 333 filemode mode = filemode_file_contexts; 334 335 while ((c = getopt(argc, argv, "cpse")) != -1) { 336 switch (c) { 337 case 'c': 338 compare = true; 339 break; 340 case 'e': 341 allow_empty = true; 342 break; 343 case 'p': 344 mode = filemode_property_contexts; 345 backend = SELABEL_CTX_ANDROID_PROP; 346 break; 347 case 's': 348 mode = filemode_service_contexts; 349 backend = SELABEL_CTX_ANDROID_PROP; 350 break; 351 case 'h': 352 default: 353 usage(argv[0]); 354 break; 355 } 356 } 357 358 int index = optind; 359 if (argc - optind != 2) { 360 usage(argv[0]); 361 } 362 363 if (compare && backend != SELABEL_CTX_FILE) { 364 usage(argv[0]); 365 } 366 367 atexit(cleanup); 368 369 if (compare) { 370 do_compare_and_die_on_error(opts, backend, &(argv[index])); 371 } else { 372 /* remaining args are sepolicy file and context file */ 373 char *sepolicy_file = argv[index]; 374 char *context_file = argv[index + 1]; 375 376 do_fc_check_and_die_on_error(opts, backend, mode, sepolicy_file, context_file, allow_empty); 377 } 378 exit(0); 379 } 380