[PATCH 1/2] Auto-generate security_is_filedir_class().

Harry Ciao <qingtao.cao@xxxxxxxxxxxxx> · Thu, 10 Mar 2011 14:51:49 +0800

The security_is_filedir_class() is auto-generated by genheaders based
on classmap.h to reduce maintenance effort when a new class is defined
in SELinux kernel. The name for any file class should be suffixed by
"file" and doesn't contain more than one substr of "file".

Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx>
---
 scripts/selinux/genheaders/genheaders.c |   20 ++++++++++++++++++++
 security/selinux/include/classmap.h     |    3 +++
 2 files changed, 23 insertions(+), 0 deletions(-)

diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 539855f..ba7a90a 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -108,6 +108,26 @@ int main(int argc, char *argv[])
 	fprintf(fout, "\treturn sock;\n");
 	fprintf(fout, "}\n");
 
+	needle = "FILE";
+	fprintf(fout, "\nstatic inline bool security_is_filedir_class(u16 kern_tclass)\n");
+	fprintf(fout, "{\n");
+	fprintf(fout, "\tbool filedir = false;\n\n");
+	fprintf(fout, "\tswitch (kern_tclass) {\n");
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		substr = strstr(map->name, needle);
+		if (substr && strcmp(substr, needle) == 0)
+			fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
+	}
+	fprintf(fout, "\tcase SECCLASS_DIR:\n");
+	fprintf(fout, "\t\tfiledir = true;\n");
+	fprintf(fout, "\t\tbreak;\n");
+	fprintf(fout, "\tdefault:\n");
+	fprintf(fout, "\t\tbreak;\n");
+	fprintf(fout, "\t}\n\n");
+	fprintf(fout, "\treturn filedir;\n");
+	fprintf(fout, "}\n");
+
 	fprintf(fout, "\n#endif\n");
 	fclose(fout);
 
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index e1e0092..a425bbe 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -15,6 +15,9 @@
 /*
  * Note: The name for any socket class should be suffixed by "socket",
  *	 and doesn't contain more than one substr of "socket".
+ *
+ *	 The name for any file class should be suffixed by "file",
+ *	 and doesn't contain more than one substr of "file".
  */
 struct security_class_mapping secclass_map[] = {
 	{ "security",
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.





