From d98d26ef3c1fe9b44497ed4e2a1fcf66505092ba Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Wed, 23 Jan 2013 14:04:50 -0500
Subject: [PATCH] property_contexts checks added to checkfc.
Change-Id: If361ea93fabd343728196eed2663fd572ecaa70b
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
---
Android.mk | 11 ++++++----
tools/checkfc.c | 55 ++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 52 insertions(+), 14 deletions(-)
diff --git a/Android.mk b/Android.mk
index e145bb28b..647a7dc29 100644
--- a/Android.mk
+++ b/Android.mk
@@ -122,7 +122,6 @@ $(LOCAL_BUILT_MODULE) : $(seapp_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECU
$(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $<
seapp_contexts.tmp :=
-built_sepolicy :=
##################################
include $(CLEAR_VARS)
@@ -133,12 +132,16 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
include $(BUILD_SYSTEM)/base_rules.mk
-property_contexts := $(intermediates)/property_contexts
-$(property_contexts): $(call build_policy, property_contexts)
+ALL_PC_FILES := $(call build_policy, property_contexts)
+
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): $(ALL_PC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
@mkdir -p $(dir $@)
- $(hide) m4 -s $^ > $@
+ $(hide) m4 -s $(ALL_PC_FILES) > $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
property_contexts :=
+built_sepolicy :=
##################################
##################################
diff --git a/tools/checkfc.c b/tools/checkfc.c
index 4be32163f..eb256a304 100644
--- a/tools/checkfc.c
+++ b/tools/checkfc.c
@@ -1,3 +1,4 @@
+#include <getopt.h>
#include <stdio.h>
#include <stdlib.h>
#include <sepol/sepol.h>
@@ -16,43 +17,77 @@ static int validate(char **contextp)
return 0;
}
+static void usage(char *name) {
+ fprintf(stderr, "usage: %s [OPTIONS] sepolicy context_file\n\n", name);
+ fprintf(stderr, "Parses a context file and checks for syntax errors.\n");
+ fprintf(stderr, "The context_file is assumed to be a file_contexts file\n");
+ fprintf(stderr, "unless explicitly switched by an option.\n\n");
+ fprintf(stderr, " OPTIONS:\n");
+ fprintf(stderr, " -p : context file represents a property_context file.\n");
+ fprintf(stderr, "\n");
+ exit(1);
+}
+
int main(int argc, char **argv)
{
struct selinux_opt opts[] = {
{ SELABEL_OPT_VALIDATE, (void*)1 },
{ SELABEL_OPT_PATH, NULL }
};
+
+ // Default backend unless changed by input argument.
+ unsigned int backend = SELABEL_CTX_FILE;
+
FILE *fp;
struct selabel_handle *sehnd;
+ char c;
- if (argc != 3) {
- fprintf(stderr, "usage: %s policy file_contexts\n", argv[0]);
- exit(1);
+ while ((c = getopt(argc, argv, "ph")) != -1) {
+ switch (c) {
+ case 'p':
+ backend = SELABEL_CTX_ANDROID_PROP;
+ break;
+ case 'h':
+ default:
+ usage(argv[0]);
+ break;
+ }
+ }
+
+ int index = optind;
+ if (argc - optind != 2) {
+ fprintf(stderr, "Expected sepolicy file and context file as arguments.\n");
+ usage(argv[0]);
}
- fp = fopen(argv[1], "r");
+ // remaining args are sepolicy file and context file
+ char *sepolicyFile = argv[index];
+ char *contextFile = argv[index + 1];
+
+ fp = fopen(sepolicyFile, "r");
if (!fp) {
- perror(argv[1]);
+ perror(sepolicyFile);
exit(2);
}
if (sepol_set_policydb_from_file(fp) < 0) {
- fprintf(stderr, "Error loading policy from %s\n", argv[1]);
+ fprintf(stderr, "Error loading policy from %s\n", sepolicyFile);
exit(3);
}
selinux_set_callback(SELINUX_CB_VALIDATE,
(union selinux_callback)&validate);
+ opts[1].value = contextFile;
- opts[1].value = argv[2];
- sehnd = selabel_open(SELABEL_CTX_FILE, opts, 2);
+ sehnd = selabel_open(backend, opts, 2);
if (!sehnd) {
- fprintf(stderr, "Error loading file contexts from %s\n", argv[2]);
+ fprintf(stderr, "Error loading context file from %s\n", contextFile);
exit(4);
}
if (nerr) {
- fprintf(stderr, "Invalid file contexts found in %s\n", argv[2]);
+ fprintf(stderr, "Invalid context file found in %s\n", contextFile);
exit(5);
}
+
exit(0);
}
--
GitLab