diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2009-10-23 10:05:15 +0100 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2009-10-23 10:05:15 +0100 |
commit | 0dba100da61528c1d36844a00ba2676b4712aa67 (patch) | |
tree | 82a83ca3db2728185d0c1636d04cba3e47bf261b /tools/flask | |
parent | 545a227dfc099af8b17b6842e097196192658c3e (diff) | |
download | xen-0dba100da61528c1d36844a00ba2676b4712aa67.tar.gz xen-0dba100da61528c1d36844a00ba2676b4712aa67.tar.bz2 xen-0dba100da61528c1d36844a00ba2676b4712aa67.zip |
xsm: Add getenforce and setenforce functionality to tools
This patch exposes the getenforce and setenforce functionality for the
Flask XSM module.
Signed-off-by : Machon Gregory <mbgrego@tycho.ncsc.mil>
Signed-off-by : George S. Coker, II <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'tools/flask')
-rw-r--r-- | tools/flask/Makefile | 2 | ||||
-rw-r--r-- | tools/flask/libflask/flask_op.c | 39 | ||||
-rw-r--r-- | tools/flask/libflask/include/flask.h | 2 | ||||
-rw-r--r-- | tools/flask/utils/Makefile (renamed from tools/flask/loadpolicy/Makefile) | 7 | ||||
-rw-r--r-- | tools/flask/utils/getenforce.c | 66 | ||||
-rw-r--r-- | tools/flask/utils/loadpolicy.c (renamed from tools/flask/loadpolicy/loadpolicy.c) | 0 | ||||
-rw-r--r-- | tools/flask/utils/setenforce.c | 73 |
7 files changed, 183 insertions, 6 deletions
diff --git a/tools/flask/Makefile b/tools/flask/Makefile index e78f5785db..08961cf810 100644 --- a/tools/flask/Makefile +++ b/tools/flask/Makefile @@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/Rules.mk SUBDIRS := SUBDIRS += libflask -SUBDIRS += loadpolicy +SUBDIRS += utils .PHONY: all clean install all clean install: %: subdirs-% diff --git a/tools/flask/libflask/flask_op.c b/tools/flask/libflask/flask_op.c index 396c0814a8..579be20d96 100644 --- a/tools/flask/libflask/flask_op.c +++ b/tools/flask/libflask/flask_op.c @@ -70,3 +70,42 @@ int flask_sid_to_context(int xc_handle, int sid, char *buf, uint32_t size) return 0; } + +int flask_getenforce(int xc_handle) +{ + int err; + flask_op_t op; + char buf[20]; + int size = 20; + int mode; + + op.cmd = FLASK_GETENFORCE; + op.buf = buf; + op.size = size; + + if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) + return err; + + sscanf(buf, "%i", &mode); + + return mode; +} + +int flask_setenforce(int xc_handle, int mode) +{ + int err; + flask_op_t op; + char buf[20]; + int size = 20; + + op.cmd = FLASK_SETENFORCE; + op.buf = buf; + op.size = size; + + snprintf(buf, size, "%i", mode); + + if ( (err = xc_flask_op(xc_handle, &op)) != 0 ) + return err; + + return 0; +} diff --git a/tools/flask/libflask/include/flask.h b/tools/flask/libflask/include/flask.h index 5241f7a2a0..31f6263404 100644 --- a/tools/flask/libflask/include/flask.h +++ b/tools/flask/libflask/include/flask.h @@ -18,5 +18,7 @@ int flask_load(int xc_handle, char *buf, uint32_t size); int flask_context_to_sid(int xc_handle, char *buf, uint32_t size, uint32_t *sid); int flask_sid_to_context(int xc_handle, int sid, char *buf, uint32_t size); +int flask_getenforce(int xc_handle); +int flask_setenforce(int xc_handle, int mode); #endif /* __FLASK_H__ */ diff --git a/tools/flask/loadpolicy/Makefile b/tools/flask/utils/Makefile index 8b404214c2..0908f51443 100644 --- a/tools/flask/loadpolicy/Makefile +++ b/tools/flask/utils/Makefile @@ -19,7 +19,7 @@ TESTDIR = testsuite/tmp TESTFLAGS= -DTESTING TESTENV = XENSTORED_ROOTDIR=$(TESTDIR) XENSTORED_RUNDIR=$(TESTDIR) -CLIENTS := flask-loadpolicy +CLIENTS := flask-loadpolicy flask-setenforce flask-getenforce CLIENTS_SRCS := $(patsubst flask-%,%.c,$(CLIENTS)) CLIENTS_OBJS := $(patsubst flask-%,%.o,$(CLIENTS)) @@ -29,9 +29,6 @@ all: $(CLIENTS) $(CLIENTS): flask-%: %.o $(CC) $(CFLAGS) $(LDFLAGS) $< $(LOADLIBES) $(LDLIBS) -L. -lflask $(LDFLAGS_libxenctrl) -o $@ -$(CLIENTS_OBJS): $(CLIENTS_SRCS) - $(COMPILE.c) -o $@ $< - .PHONY: clean clean: rm -f *.o *.opic *.so @@ -40,7 +37,7 @@ clean: .PHONY: print-dir print-dir: - @echo -n tools/flask/loadpolicy: + @echo -n tools/flask/utils: .PHONY: print-end print-end: diff --git a/tools/flask/utils/getenforce.c b/tools/flask/utils/getenforce.c new file mode 100644 index 0000000000..9960434ac8 --- /dev/null +++ b/tools/flask/utils/getenforce.c @@ -0,0 +1,66 @@ +/* + * + * Author: Machon Gregory, <mbgrego@tycho.ncsc.mil> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + */ + +#include <stdlib.h> +#include <errno.h> +#include <stdio.h> +#include <xenctrl.h> +#include <fcntl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <string.h> +#include <unistd.h> +#include <flask.h> + +static void usage (int argCnt, const char *args[]) +{ + fprintf(stderr, "Usage: %s\n", args[0]); + exit(1); +} + +int main (int argCnt, const char *args[]) +{ + int ret; + int xch = 0; + + if (argCnt != 1) + usage(argCnt, args); + + xch = xc_interface_open(); + if ( xch < 0 ) + { + fprintf(stderr, "Unable to create interface to xenctrl: %s\n", + strerror(errno)); + ret = -1; + goto done; + } + + ret = flask_getenforce(xch); + if ( ret < 0 ) + { + errno = -ret; + fprintf(stderr, "Unable to get enforcing mode: %s\n", + strerror(errno)); + ret = -1; + goto done; + } + else + { + if(ret) + printf("Enforcing\n"); + else + printf("Permissive\n"); + } + +done: + if ( xch ) + xc_interface_close(xch); + + return ret; +} diff --git a/tools/flask/loadpolicy/loadpolicy.c b/tools/flask/utils/loadpolicy.c index bb6eeb8de5..bb6eeb8de5 100644 --- a/tools/flask/loadpolicy/loadpolicy.c +++ b/tools/flask/utils/loadpolicy.c diff --git a/tools/flask/utils/setenforce.c b/tools/flask/utils/setenforce.c new file mode 100644 index 0000000000..91fb3594aa --- /dev/null +++ b/tools/flask/utils/setenforce.c @@ -0,0 +1,73 @@ +/* + * + * Authors: Machon Gregory, <mbgrego@tycho.ncsc.mil> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + */ + +#include <stdlib.h> +#include <errno.h> +#include <stdio.h> +#include <xenctrl.h> +#include <fcntl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <string.h> +#include <unistd.h> +#include <flask.h> + +static void usage (int argCnt, const char *args[]) +{ + fprintf(stderr, "Usage: %s [ (Enforcing|1) | (Permissive|0) ]\n", args[0]); + exit(1); +} + +int main (int argCnt, const char *args[]) +{ + int ret = 0; + int xch = 0; + long mode = 0; + char *end; + + if (argCnt != 2) + usage(argCnt, args); + + xch = xc_interface_open(); + if ( xch < 0 ) + { + fprintf(stderr, "Unable to create interface to xenctrl: %s\n", + strerror(errno)); + ret = -1; + goto done; + } + + if( strlen(args[1]) == 1 && (args[1][0] == '0' || args[1][0] == '1')){ + mode = strtol(args[1], &end, 10); + ret = flask_setenforce(xch, mode); + } else { + if( strcasecmp(args[1], "enforcing") == 0 ){ + ret = flask_setenforce(xch, 1); + } else if( strcasecmp(args[1], "permissive") == 0 ){ + ret = flask_setenforce(xch, 0); + } else { + usage(argCnt, args); + } + } + + if ( ret < 0 ) + { + errno = -ret; + fprintf(stderr, "Unable to get enforcing mode: %s\n", + strerror(errno)); + ret = -1; + goto done; + } + +done: + if ( xch ) + xc_interface_close(xch); + + return ret; +} |