1 /* Copyright 2005,2013 Tresys Technology
2 *
3 * Some parts of this came from matchpathcon.c in libselinux
4 */
5
6 /* PURPOSE OF THIS PROGRAM
7 * The original setfiles sorting algorithm did not take into
8 * account regular expression specificity. With the current
9 * strict and targeted policies this is not an issue because
10 * the file contexts are partially hand sorted and concatenated
11 * in the right order so that the matches are generally correct.
12 * The way reference policy and loadable policy modules handle
13 * file contexts makes them come out in an unpredictable order
14 * and therefore setfiles (or this standalone tool) need to sort
15 * the regular expressions in a deterministic and stable way.
16 */
17
18 #define BUF_SIZE 4096;
19 #define _GNU_SOURCE
20
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <ctype.h>
25
26 typedef unsigned char bool_t;
27
28 /* file_context_node
29 * A node used in a linked list of file contexts.c
30 * Each node contains the regular expression, the type and
31 * the context, as well as information about the regular
32 * expression. The regular expression data (meta, stem_len
33 * and str_len) can be filled in by using the fc_fill_data
34 * function after the regular expression has been loaded.
35 * next points to the next node in the linked list.
36 */
37 typedef struct file_context_node {
38 char *path;
39 char *file_type;
40 char *context;
41 bool_t meta;
42 int stem_len;
43 int str_len;
44 struct file_context_node *next;
45 } file_context_node_t;
46
file_context_node_destroy(file_context_node_t * x)47 void file_context_node_destroy(file_context_node_t *x)
48 {
49 free(x->path);
50 free(x->file_type);
51 free(x->context);
52 }
53
54
55
56 /* file_context_bucket
57 * A node used in a linked list of buckets that contain
58 * file_context_node's.
59 * Each node contains a pointer to a file_context_node which
60 * is the header of its linked list. This linked list is the
61 * content of this bucket.
62 * next points to the next bucket in the linked list.
63 */
64 typedef struct file_context_bucket {
65 file_context_node_t *data;
66 struct file_context_bucket *next;
67 } file_context_bucket_t;
68
69
70
71 /* fc_compare
72 * Compares two file contexts' regular expressions and returns:
73 * -1 if a is less specific than b
74 * 0 if a and be are equally specific
75 * 1 if a is more specific than b
76 * The comparison is based on the following statements,
77 * in order from most important to least important, given a and b:
78 * If a is a regular expression and b is not,
79 * -> a is less specific than b.
80 * If a's stem length is shorter than b's stem length,
81 * -> a is less specific than b.
82 * If a's string length is shorter than b's string length,
83 * -> a is less specific than b.
84 * If a does not have a specified type and b does,
85 * -> a is less specific than b.
86 */
fc_compare(file_context_node_t * a,file_context_node_t * b)87 int fc_compare(file_context_node_t *a, file_context_node_t *b)
88 {
89 /* Check to see if either a or b have meta characters
90 * and the other doesn't. */
91 if (a->meta && !b->meta)
92 return -1;
93 if (b->meta && !a->meta)
94 return 1;
95
96 /* Check to see if either a or b have a shorter stem
97 * length than the other. */
98 if (a->stem_len < b->stem_len)
99 return -1;
100 if (b->stem_len < a->stem_len)
101 return 1;
102
103 /* Check to see if either a or b have a shorter string
104 * length than the other. */
105 if (a->str_len < b->str_len)
106 return -1;
107 if (b->str_len < a->str_len)
108 return 1;
109
110 /* Check to see if either a or b has a specified type
111 * and the other doesn't. */
112 if (!a->file_type && b->file_type)
113 return -1;
114 if (!b->file_type && a->file_type)
115 return 1;
116
117 /* If none of the above conditions were satisfied,
118 * then a and b are equally specific. */
119 return 0;
120 }
121
122
123
124 /* fc_merge
125 * Merges two sorted file context linked lists into one
126 * sorted one.
127 * Pass two lists a and b, and after the completion of fc_merge,
128 * the final list is contained in a, and b is empty.
129 */
fc_merge(file_context_node_t * a,file_context_node_t * b)130 file_context_node_t *fc_merge(file_context_node_t *a,
131 file_context_node_t *b)
132 {
133 file_context_node_t *a_current;
134 file_context_node_t *b_current;
135 file_context_node_t *temp;
136 file_context_node_t *jumpto;
137
138
139
140 /* If a is a empty list, and b is not,
141 * set a as b and proceed to the end. */
142 if (!a && b)
143 a = b;
144 /* If b is an empty list, leave a as it is. */
145 else if (!b) {
146 } else {
147 /* Make it so the list a has the lesser
148 * first element always. */
149 if (fc_compare(a, b) == 1) {
150 temp = a;
151 a = b;
152 b = temp;
153 }
154 a_current = a;
155 b_current = b;
156
157 /* Merge by inserting b's nodes in between a's nodes. */
158 while (a_current->next && b_current) {
159 jumpto = a_current->next;
160
161 /* Insert b's nodes in between the current a node
162 * and the next a node.*/
163 while (b_current && a_current->next &&
164 fc_compare(a_current->next,
165 b_current) != -1) {
166
167
168 temp = a_current->next;
169 a_current->next = b_current;
170 b_current = b_current->next;
171 a_current->next->next = temp;
172 a_current = a_current->next;
173 }
174
175 /* Skip all the inserted node from b to the
176 * next node in the original a. */
177 a_current = jumpto;
178 }
179
180
181 /* if there is anything left in b to be inserted,
182 put it on the end */
183 if (b_current) {
184 a_current->next = b_current;
185 }
186 }
187
188 return a;
189 }
190
191
192
193 /* fc_merge_sort
194 * Sorts file contexts from least specific to more specific.
195 * The bucket linked list is passed and after the completion
196 * of the fc_merge_sort function, there is only one bucket
197 * (pointed to by master) that contains a linked list
198 * of all the file contexts, in sorted order.
199 * Explanation of the algorithm:
200 * The algorithm implemented in fc_merge_sort is an iterative
201 * implementation of merge sort.
202 * At first, each bucket has a linked list of file contexts
203 * that are 1 element each.
204 * Each pass, each odd numbered bucket is merged into the bucket
205 * before it. This halves the number of buckets each pass.
206 * It will continue passing over the buckets (as described above)
207 * until there is only one bucket left, containing the list of
208 * file contexts, sorted.
209 */
fc_merge_sort(file_context_bucket_t * master)210 void fc_merge_sort(file_context_bucket_t *master)
211 {
212
213
214 file_context_bucket_t *current;
215 file_context_bucket_t *temp;
216
217 /* Loop until master is the only bucket left
218 * so that this will stop when master contains
219 * the sorted list. */
220 while (master->next) {
221 current = master;
222
223 /* This loop merges buckets two-by-two. */
224 while (current) {
225
226 if (current->next) {
227
228 current->data =
229 fc_merge(current->data,
230 current->next->data);
231
232
233
234 temp = current->next;
235 current->next = current->next->next;
236
237 free(temp);
238
239 }
240
241
242 current = current->next;
243 }
244 }
245
246
247 }
248
249
250
251 /* fc_fill_data
252 * This processes a regular expression in a file context
253 * and sets the data held in file_context_node, namely
254 * meta, str_len and stem_len.
255 * The following changes are made to fc_node after the
256 * the completion of the function:
257 * fc_node->meta = 1 if path has a meta character, 0 if not.
258 * fc_node->str_len = The string length of the entire path
259 * fc_node->stem_len = The number of characters up until
260 * the first meta character.
261 */
fc_fill_data(file_context_node_t * fc_node)262 void fc_fill_data(file_context_node_t *fc_node)
263 {
264 int c = 0;
265
266 fc_node->meta = 0;
267 fc_node->stem_len = 0;
268 fc_node->str_len = 0;
269
270 /* Process until the string termination character
271 * has been reached.
272 * Note: this while loop has been adapted from
273 * spec_hasMetaChars in matchpathcon.c from
274 * libselinux-1.22. */
275 while (fc_node->path[c] != '\0') {
276 switch (fc_node->path[c]) {
277 case '.':
278 case '^':
279 case '$':
280 case '?':
281 case '*':
282 case '+':
283 case '|':
284 case '[':
285 case '(':
286 case '{':
287 /* If a meta character is found,
288 * set meta to one */
289 fc_node->meta = 1;
290 break;
291 case '\\':
292 /* If a escape character is found,
293 * skip the next character. */
294 c++;
295 default:
296 /* If no meta character has been found yet,
297 * add one to the stem length. */
298 if (!fc_node->meta)
299 fc_node->stem_len++;
300 break;
301 }
302
303 fc_node->str_len++;
304 c++;
305 }
306 }
307
308 /* main
309 * This program takes in two arguments, the input filename and the
310 * output filename. The input file should be syntactically correct.
311 * Overall what is done in the main is read in the file and store each
312 * line of code, sort it, then output it to the output file.
313 */
main(int argc,char * argv[])314 int main(int argc, char *argv[])
315 {
316 int lines;
317 size_t start, finish, regex_len, context_len;
318 size_t line_len, buf_len, i;
319 char *input_name, *output_name, *line_buf;
320
321 file_context_node_t *temp;
322 file_context_node_t *head;
323 file_context_node_t *current;
324 file_context_bucket_t *master;
325 file_context_bucket_t *bcurrent;
326
327 FILE *in_file, *out_file;
328
329
330 /* Check for the correct number of command line arguments. */
331 if (argc < 2 || argc > 3) {
332 fprintf(stderr, "Usage: %s <infile> [<outfile>]\n",argv[0]);
333 return 1;
334 }
335
336 input_name = argv[1];
337 output_name = (argc >= 3) ? argv[2] : NULL;
338
339 lines = 0;
340
341 /* Open the input file. */
342 if (!(in_file = fopen(input_name, "r"))) {
343 fprintf(stderr, "Error: failure opening input file for read.\n");
344 return 1;
345 }
346
347 /* Initialize the head of the linked list. */
348 head = current = (file_context_node_t*)malloc(sizeof(file_context_node_t));
349 head->next = NULL;
350
351 /* Parse the file into a file_context linked list. */
352 line_buf = NULL;
353
354 while ( getline(&line_buf, &buf_len, in_file) != -1 ){
355 line_len = strlen(line_buf);
356 if( line_len == 0 || line_len == 1)
357 continue;
358 /* Get rid of whitespace from the front of the line. */
359 for (i = 0; i < line_len; i++) {
360 if (!isspace(line_buf[i]))
361 break;
362 }
363
364
365 if (i >= line_len)
366 continue;
367 /* Check if the line isn't empty and isn't a comment */
368 if (line_buf[i] == '#')
369 continue;
370
371 /* We have a valid line - allocate a new node. */
372 temp = (file_context_node_t *)malloc(sizeof(file_context_node_t));
373 if (!temp) {
374 fprintf(stderr, "Error: failure allocating memory.\n");
375 return 1;
376 }
377 temp->next = NULL;
378 memset(temp, 0, sizeof(file_context_node_t));
379
380 /* Parse out the regular expression from the line. */
381 start = i;
382
383
384 while (i < line_len && (!isspace(line_buf[i])))
385 i++;
386 finish = i;
387
388
389 regex_len = finish - start;
390
391 if (regex_len == 0) {
392 file_context_node_destroy(temp);
393 free(temp);
394
395
396 continue;
397 }
398
399 temp->path = (char*)strndup(&line_buf[start], regex_len);
400 if (!temp->path) {
401 file_context_node_destroy(temp);
402 free(temp);
403 fprintf(stderr, "Error: failure allocating memory.\n");
404 return 1;
405 }
406
407 /* Get rid of whitespace after the regular expression. */
408 for (; i < line_len; i++) {
409
410 if (!isspace(line_buf[i]))
411 break;
412 }
413
414 if (i == line_len) {
415 file_context_node_destroy(temp);
416 free(temp);
417 continue;
418 }
419
420 /* Parse out the type from the line (if it
421 * is there). */
422 if (line_buf[i] == '-') {
423 temp->file_type = (char *)malloc(sizeof(char) * 3);
424 if (!(temp->file_type)) {
425 fprintf(stderr, "Error: failure allocating memory.\n");
426 return 1;
427 }
428
429 if( i + 2 >= line_len ) {
430 file_context_node_destroy(temp);
431 free(temp);
432
433 continue;
434 }
435
436 /* Fill the type into the array. */
437 temp->file_type[0] = line_buf[i];
438 temp->file_type[1] = line_buf[i + 1];
439 i += 2;
440 temp->file_type[2] = 0;
441
442 /* Get rid of whitespace after the type. */
443 for (; i < line_len; i++) {
444 if (!isspace(line_buf[i]))
445 break;
446 }
447
448 if (i == line_len) {
449
450 file_context_node_destroy(temp);
451 free(temp);
452 continue;
453 }
454 }
455
456 /* Parse out the context from the line. */
457 start = i;
458 while (i < line_len && (!isspace(line_buf[i])))
459 i++;
460 finish = i;
461
462 context_len = finish - start;
463
464 temp->context = (char*)strndup(&line_buf[start], context_len);
465 if (!temp->context) {
466 file_context_node_destroy(temp);
467 free(temp);
468 fprintf(stderr, "Error: failure allocating memory.\n");
469 return 1;
470 }
471
472 /* Set all the data about the regular
473 * expression. */
474 fc_fill_data(temp);
475
476 /* Link this line of code at the end of
477 * the linked list. */
478 current->next = temp;
479 current = current->next;
480 lines++;
481
482
483 free(line_buf);
484 line_buf = NULL;
485 }
486 fclose(in_file);
487
488 /* Create the bucket linked list from the earlier linked list. */
489 current = head->next;
490 bcurrent = master =
491 (file_context_bucket_t *)
492 malloc(sizeof(file_context_bucket_t));
493 bcurrent->next = NULL;
494 bcurrent->data = NULL;
495
496 /* Go until all the nodes have been put in individual buckets. */
497 while (current) {
498 /* Copy over the file context line into the bucket. */
499 bcurrent->data = current;
500 current = current->next;
501
502 /* Detach the node in the bucket from the old list. */
503 bcurrent->data->next = NULL;
504
505 /* If there should be another bucket, put one at the end. */
506 if (current) {
507 bcurrent->next =
508 (file_context_bucket_t *)
509 malloc(sizeof(file_context_bucket_t));
510 if (!(bcurrent->next)) {
511 printf
512 ("Error: failure allocating memory.\n");
513 return -1;
514 }
515
516 /* Make sure the new bucket thinks it's the end of the
517 * list. */
518 bcurrent->next->next = NULL;
519
520 bcurrent = bcurrent->next;
521 }
522
523 }
524
525 /* Sort the bucket list. */
526 fc_merge_sort(master);
527
528 /* Open the output file. */
529 if (output_name) {
530 if (!(out_file = fopen(output_name, "w"))) {
531 printf("Error: failure opening output file for write.\n");
532 return -1;
533 }
534 } else {
535 out_file = stdout;
536 }
537
538 /* Output the sorted file_context linked list to the output file. */
539 current = master->data;
540 while (current) {
541 /* Output the path. */
542 fprintf(out_file, "%s\t\t", current->path);
543
544 /* Output the type, if there is one. */
545 if (current->file_type) {
546 fprintf(out_file, "%s\t", current->file_type);
547 }
548
549 /* Output the context. */
550 fprintf(out_file, "%s\n", current->context);
551
552 /* Remove the node. */
553 temp = current;
554 current = current->next;
555
556 file_context_node_destroy(temp);
557 free(temp);
558
559 }
560 free(master);
561
562 if (output_name) {
563 fclose(out_file);
564 }
565
566 return 0;
567 }
568