From c913f7ec748199879799e58b1e0cbad959e2b8af Mon Sep 17 00:00:00 2001 From: LoveSy Date: Sat, 1 Feb 2025 14:28:05 +0800 Subject: [PATCH] Make sepolicy a shared type between rust and cxx --- native/src/sepolicy/api.cpp | 56 ++++------ native/src/sepolicy/include/sepolicy.hpp | 62 +---------- native/src/sepolicy/lib.rs | 136 +++++++++++------------ native/src/sepolicy/main.cpp | 7 +- native/src/sepolicy/policy.hpp | 14 +-- native/src/sepolicy/policydb.cpp | 32 +++--- native/src/sepolicy/rules.rs | 11 +- native/src/sepolicy/sepolicy.cpp | 6 +- native/src/sepolicy/statement.rs | 34 +++--- 9 files changed, 137 insertions(+), 221 deletions(-) diff --git a/native/src/sepolicy/api.cpp b/native/src/sepolicy/api.cpp index a25dae883..4018c6631 100644 --- a/native/src/sepolicy/api.cpp +++ b/native/src/sepolicy/api.cpp @@ -1,8 +1,10 @@ #include -#include "policy.hpp" +#include "include/sepolicy.hpp" using Str = rust::Str; +using StrVec = rust::Vec; +using Xperms = rust::Vec; #if 0 template @@ -27,26 +29,6 @@ static void print_rule(const char *action, Args ...args) { #define print_rule(...) ((void) 0) #endif -bool sepolicy::exists(const char *type) { - return hashtab_search(impl->db->p_types.table, type) != nullptr; -} - -void sepolicy::load_rule_file(const char *file) { - rust::load_rule_file(*this, file); -} - -void sepolicy::parse_statement(const char *data) { - rust::parse_statement(*this, data); -} - -void sepolicy::magisk_rules() { - rust::magisk_rules(*this); -} - -void sepolicy::load_rules(const std::string &rules) { - rust::load_rules(*this, byte_view(rules, false)); -} - template requires(std::invocable) static inline void expand(F &&f, T &&...args) { @@ -80,70 +62,70 @@ static inline void expand(const Xperms &vec, T &&...args) { } } -void sepolicy::allow(StrVec src, StrVec tgt, StrVec cls, StrVec perm) { +void sepolicy::allow(StrVec src, StrVec tgt, StrVec cls, StrVec perm) noexcept { expand(src, tgt, cls, perm, [this](auto ...args) { print_rule("allow", args...); impl->add_rule(args..., AVTAB_ALLOWED, false); }); } -void sepolicy::deny(StrVec src, StrVec tgt, StrVec cls, StrVec perm) { +void sepolicy::deny(StrVec src, StrVec tgt, StrVec cls, StrVec perm) noexcept { expand(src, tgt, cls, perm, [this](auto ...args) { print_rule("deny", args...); impl->add_rule(args..., AVTAB_ALLOWED, true); }); } -void sepolicy::auditallow(StrVec src, StrVec tgt, StrVec cls, StrVec perm) { +void sepolicy::auditallow(StrVec src, StrVec tgt, StrVec cls, StrVec perm) noexcept { expand(src, tgt, cls, perm, [this](auto ...args) { print_rule("auditallow", args...); impl->add_rule(args..., AVTAB_AUDITALLOW, false); }); } -void sepolicy::dontaudit(StrVec src, StrVec tgt, StrVec cls, StrVec perm) { +void sepolicy::dontaudit(StrVec src, StrVec tgt, StrVec cls, StrVec perm) noexcept { expand(src, tgt, cls, perm, [this](auto ...args) { print_rule("dontaudit", args...); impl->add_rule(args..., AVTAB_AUDITDENY, true); }); } -void sepolicy::permissive(StrVec types) { +void sepolicy::permissive(StrVec types) noexcept { expand(types, [this](auto ...args) { print_rule("permissive", args...); impl->set_type_state(args..., true); }); } -void sepolicy::enforce(StrVec types) { +void sepolicy::enforce(StrVec types) noexcept { expand(types, [this](auto ...args) { print_rule("enforce", args...); impl->set_type_state(args..., false); }); } -void sepolicy::typeattribute(StrVec types, StrVec attrs) { +void sepolicy::typeattribute(StrVec types, StrVec attrs) noexcept { expand(types, attrs, [this](auto ...args) { print_rule("typeattribute", args...); impl->add_typeattribute(args...); }); } -void sepolicy::type(Str type, StrVec attrs) { +void sepolicy::type(Str type, StrVec attrs) noexcept { expand(type, attrs, [this](auto name, auto attr) { print_rule("type", name, attr); impl->add_type(name, TYPE_TYPE) && impl->add_typeattribute(name, attr); }); } -void sepolicy::attribute(Str name) { +void sepolicy::attribute(Str name) noexcept { expand(name, [this](auto ...args) { print_rule("attribute", args...); impl->add_type(args..., TYPE_ATTRIB); }); } -void sepolicy::type_transition(Str src, Str tgt, Str cls, Str def, Str obj) { +void sepolicy::type_transition(Str src, Str tgt, Str cls, Str def, Str obj) noexcept { expand(src, tgt, cls, def, obj, [this](auto s, auto t, auto c, auto d, auto o) { if (o) { print_rule("type_transition", s, t, c, d, o); @@ -155,42 +137,42 @@ void sepolicy::type_transition(Str src, Str tgt, Str cls, Str def, Str obj) { }); } -void sepolicy::type_change(Str src, Str tgt, Str cls, Str def) { +void sepolicy::type_change(Str src, Str tgt, Str cls, Str def) noexcept { expand(src, tgt, cls, def, [this](auto ...args) { print_rule("type_change", args...); impl->add_type_rule(args..., AVTAB_CHANGE); }); } -void sepolicy::type_member(Str src, Str tgt, Str cls, Str def) { +void sepolicy::type_member(Str src, Str tgt, Str cls, Str def) noexcept { expand(src, tgt, cls, def, [this](auto ...args) { print_rule("type_member", args...); impl->add_type_rule(args..., AVTAB_MEMBER); }); } -void sepolicy::genfscon(Str fs_name, Str path, Str ctx) { +void sepolicy::genfscon(Str fs_name, Str path, Str ctx) noexcept { expand(fs_name, path, ctx, [this](auto ...args) { print_rule("genfscon", args...); impl->add_genfscon(args...); }); } -void sepolicy::allowxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm) { +void sepolicy::allowxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm) noexcept { expand(src, tgt, cls, xperm, [this](auto ...args) { print_rule("allowxperm", args...); impl->add_xperm_rule(args..., AVTAB_XPERMS_ALLOWED); }); } -void sepolicy::auditallowxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm) { +void sepolicy::auditallowxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm) noexcept { expand(src, tgt, cls, xperm, [this](auto ...args) { print_rule("auditallowxperm", args...); impl->add_xperm_rule(args..., AVTAB_XPERMS_AUDITALLOW); }); } -void sepolicy::dontauditxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm) { +void sepolicy::dontauditxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm) noexcept { expand(src, tgt, cls, xperm, [this](auto ...args) { print_rule("dontauditxperm", args...); impl->add_xperm_rule(args..., AVTAB_XPERMS_DONTAUDIT); diff --git a/native/src/sepolicy/include/sepolicy.hpp b/native/src/sepolicy/include/sepolicy.hpp index 582d5a151..86e458feb 100644 --- a/native/src/sepolicy/include/sepolicy.hpp +++ b/native/src/sepolicy/include/sepolicy.hpp @@ -1,10 +1,11 @@ #pragma once -#include +#include #include #include +#include "../policy-rs.hpp" // sepolicy paths #define PLAT_POLICY_DIR "/system/etc/selinux/" #define VEND_POLICY_DIR "/vendor/etc/selinux/" @@ -19,62 +20,3 @@ #define SELINUX_POLICY SELINUX_MNT "/policy" #define SELINUX_LOAD SELINUX_MNT "/load" #define SELINUX_VERSION SELINUX_MNT "/policyvers" - -struct Xperm; - -using StrVec = rust::Vec; -using Xperms = rust::Vec; - -struct sepolicy { - using c_str = const char *; - using Str = rust::Str; - - // Public static factory functions - static sepolicy *from_data(char *data, size_t len); - static sepolicy *from_file(c_str file); - static sepolicy *from_split(); - static sepolicy *compile_split(); - - // External APIs - bool to_file(c_str file); - void load_rules(const std::string &rules); - void load_rule_file(c_str file); - void print_rules(); - void parse_statement(c_str statement); - - // Operation on types - void type(Str type, StrVec attrs); - void attribute(Str names); - void permissive(StrVec types); - void enforce(StrVec types); - void typeattribute(StrVec types, StrVec attrs); - bool exists(c_str type); - - // Access vector rules - void allow(StrVec src, StrVec tgt, StrVec cls, StrVec perm); - void deny(StrVec src, StrVec tgt, StrVec cls, StrVec perm); - void auditallow(StrVec src, StrVec tgt, StrVec cls, StrVec perm); - void dontaudit(StrVec src, StrVec tgt, StrVec cls, StrVec perm); - - // Extended permissions access vector rules - void allowxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm); - void auditallowxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm); - void dontauditxperm(StrVec src, StrVec tgt, StrVec cls, Xperms xperm); - - // Type rules - void type_transition(Str src, Str tgt, Str cls, Str def, Str obj); - void type_change(Str src, Str tgt, Str cls, Str def); - void type_member(Str src, Str tgt, Str cls, Str def); - - // File system labeling - void genfscon(Str fs_name, Str path, Str ctx); - - // Magisk - void magisk_rules(); - - void strip_dontaudit(); - -protected: - // Prevent anyone from accidentally creating an instance - sepolicy() = default; -}; diff --git a/native/src/sepolicy/lib.rs b/native/src/sepolicy/lib.rs index a2680c705..037c1a72c 100644 --- a/native/src/sepolicy/lib.rs +++ b/native/src/sepolicy/lib.rs @@ -1,16 +1,12 @@ #![feature(format_args_nl)] #![feature(try_blocks)] -use io::Cursor; use std::fmt::Write; -use std::io; -use std::io::{BufRead, BufReader}; -use std::pin::Pin; - +use std::io::{BufRead, BufReader, Cursor}; +use cxx::CxxString; pub use base; use base::libc::{O_CLOEXEC, O_RDONLY}; use base::{BufReadExt, FsPath, LoggedResult, Utf8CStr}; -use statement::{parse_statement, print_statement_help}; use crate::ffi::sepolicy; @@ -18,96 +14,110 @@ mod rules; mod statement; #[cxx::bridge] -mod ffi { +pub mod ffi { struct Xperm { low: u16, high: u16, reset: bool, } + pub struct sepolicy { + #[cxx_name = "impl"] + _impl: UniquePtr, + } + unsafe extern "C++" { + include!("policy.hpp"); + include!("../base/include/base.hpp"); + #[namespace = "rust"] #[cxx_name = "Utf8CStr"] type Utf8CStrRef<'a> = base::ffi::Utf8CStrRef<'a>; - include!("include/sepolicy.hpp"); + type sepol_impl; - type sepolicy; - fn allow(self: Pin<&mut sepolicy>, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec<&str>); - fn deny(self: Pin<&mut sepolicy>, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec<&str>); + fn allow(self: &mut sepolicy, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec<&str>); + fn deny(self: &mut sepolicy, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec<&str>); fn auditallow( - self: Pin<&mut sepolicy>, + self: &mut sepolicy, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec<&str>, ); fn dontaudit( - self: Pin<&mut sepolicy>, + self: &mut sepolicy, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec<&str>, ); fn allowxperm( - self: Pin<&mut sepolicy>, + self: &mut sepolicy, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec, ); fn auditallowxperm( - self: Pin<&mut sepolicy>, + self: &mut sepolicy, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec, ); fn dontauditxperm( - self: Pin<&mut sepolicy>, + self: &mut sepolicy, s: Vec<&str>, t: Vec<&str>, c: Vec<&str>, p: Vec, ); - fn permissive(self: Pin<&mut sepolicy>, t: Vec<&str>); - fn enforce(self: Pin<&mut sepolicy>, t: Vec<&str>); - fn typeattribute(self: Pin<&mut sepolicy>, t: Vec<&str>, a: Vec<&str>); + fn permissive(self: &mut sepolicy, t: Vec<&str>); + fn enforce(self: &mut sepolicy, t: Vec<&str>); + fn typeattribute(self: &mut sepolicy, t: Vec<&str>, a: Vec<&str>); #[cxx_name = "type"] - fn type_(self: Pin<&mut sepolicy>, t: &str, a: Vec<&str>); - fn attribute(self: Pin<&mut sepolicy>, t: &str); - fn type_transition(self: Pin<&mut sepolicy>, s: &str, t: &str, c: &str, d: &str, o: &str); - fn type_change(self: Pin<&mut sepolicy>, s: &str, t: &str, c: &str, d: &str); - fn type_member(self: Pin<&mut sepolicy>, s: &str, t: &str, c: &str, d: &str); - fn genfscon(self: Pin<&mut sepolicy>, s: &str, t: &str, c: &str); + fn type_(self: &mut sepolicy, t: &str, a: Vec<&str>); + fn attribute(self: &mut sepolicy, t: &str); + fn type_transition(self: &mut sepolicy, s: &str, t: &str, c: &str, d: &str, o: &str); + fn type_change(self: &mut sepolicy, s: &str, t: &str, c: &str, d: &str); + fn type_member(self: &mut sepolicy, s: &str, t: &str, c: &str, d: &str); + fn genfscon(self: &mut sepolicy, s: &str, t: &str, c: &str); #[allow(dead_code)] - fn strip_dontaudit(self: Pin<&mut sepolicy>); + fn strip_dontaudit(self: &mut sepolicy); + + fn print_rules(self: &sepolicy); + fn to_file(self: &sepolicy, file: Utf8CStrRef) -> bool; + + #[Self = sepolicy] + fn from_file(file: Utf8CStrRef) -> UniquePtr; + #[Self = sepolicy] + fn from_split() -> UniquePtr; + #[Self = sepolicy] + fn compile_split() -> UniquePtr; + #[Self = sepolicy] + unsafe fn from_data(data: *mut c_char, len: usize) -> UniquePtr; } - #[namespace = "rust"] extern "Rust" { - fn load_rules(sepol: Pin<&mut sepolicy>, rules: &[u8]); - fn load_rule_file(sepol: Pin<&mut sepolicy>, filename: Utf8CStrRef); - fn parse_statement(sepol: Pin<&mut sepolicy>, statement: Utf8CStrRef); - fn magisk_rules(sepol: Pin<&mut sepolicy>); + fn parse_statement(self: &mut sepolicy, statement: Utf8CStrRef); + fn magisk_rules(self: &mut sepolicy); + fn load_rule_file(self: &mut sepolicy, filename: Utf8CStrRef); + fn load_rules(self: &mut sepolicy, rules: &CxxString); + #[Self = sepolicy] fn xperm_to_string(perm: &Xperm) -> String; + #[Self = sepolicy] fn print_statement_help(); } } -trait SepolicyExt { - fn load_rules(self: Pin<&mut Self>, rules: &[u8]); - fn load_rule_file(self: Pin<&mut Self>, filename: &Utf8CStr); - fn load_rules_from_reader(self: Pin<&mut Self>, reader: &mut T); -} - -impl SepolicyExt for sepolicy { - fn load_rules(self: Pin<&mut sepolicy>, rules: &[u8]) { - let mut cursor = Cursor::new(rules); +impl sepolicy { + fn load_rules(self: &mut sepolicy, rules: &CxxString) { + let mut cursor = Cursor::new(rules.as_bytes()); self.load_rules_from_reader(&mut cursor); } - fn load_rule_file(self: Pin<&mut sepolicy>, filename: &Utf8CStr) { + pub fn load_rule_file(self: &mut sepolicy, filename: &Utf8CStr) { let result: LoggedResult<()> = try { let file = FsPath::from(filename).open(O_RDONLY | O_CLOEXEC)?; let mut reader = BufReader::new(file); @@ -116,40 +126,24 @@ impl SepolicyExt for sepolicy { result.ok(); } - fn load_rules_from_reader(mut self: Pin<&mut sepolicy>, reader: &mut T) { + fn load_rules_from_reader(self: &mut sepolicy, reader: &mut T) { reader.foreach_lines(|line| { - parse_statement(self.as_mut(), line); + self.parse_statement(line); true }); } -} -fn load_rule_file(sepol: Pin<&mut sepolicy>, filename: &Utf8CStr) { - sepol.load_rule_file(filename); -} - -fn load_rules(sepol: Pin<&mut sepolicy>, rules: &[u8]) { - sepol.load_rules(rules); -} - -trait SepolicyMagisk { - fn magisk_rules(self: Pin<&mut Self>); -} - -fn magisk_rules(sepol: Pin<&mut sepolicy>) { - sepol.magisk_rules(); -} - -fn xperm_to_string(perm: &ffi::Xperm) -> String { - let mut s = String::new(); - if perm.reset { - s.push('~'); + fn xperm_to_string(perm: &ffi::Xperm) -> String { + let mut s = String::new(); + if perm.reset { + s.push('~'); + } + if perm.low == perm.high { + s.write_fmt(format_args!("{{ {:#06X} }}", perm.low)).ok(); + } else { + s.write_fmt(format_args!("{{ {:#06X}-{:#06X} }}", perm.low, perm.high)) + .ok(); + } + s } - if perm.low == perm.high { - s.write_fmt(format_args!("{{ {:#06X} }}", perm.low)).ok(); - } else { - s.write_fmt(format_args!("{{ {:#06X}-{:#06X} }}", perm.low, perm.high)) - .ok(); - } - s } diff --git a/native/src/sepolicy/main.cpp b/native/src/sepolicy/main.cpp index 1c30da377..56aa36c57 100644 --- a/native/src/sepolicy/main.cpp +++ b/native/src/sepolicy/main.cpp @@ -1,7 +1,7 @@ #include #include -#include "policy.hpp" +#include "include/sepolicy.hpp" using namespace std; @@ -36,7 +36,7 @@ int main(int argc, char *argv[]) { cmdline_logging(); const char *out_file = nullptr; vector rule_files; - sepolicy *sepol = nullptr; + std::unique_ptr sepol; bool magisk = false; bool live = false; bool print = false; @@ -85,7 +85,7 @@ int main(int argc, char *argv[]) { rule_files.emplace_back(argv[i + 1]); ++i; } else if (option == "help"sv) { - rust::print_statement_help(); + sepolicy::print_statement_help(); exit(0); } else { usage(argv[0]); @@ -126,6 +126,5 @@ int main(int argc, char *argv[]) { return 1; } - delete sepol; return 0; } diff --git a/native/src/sepolicy/policy.hpp b/native/src/sepolicy/policy.hpp index ea082ed06..1b9622169 100644 --- a/native/src/sepolicy/policy.hpp +++ b/native/src/sepolicy/policy.hpp @@ -6,11 +6,10 @@ #include #include -#include -#include "policy-rs.hpp" +struct Xperm; -struct sepol_impl : public sepolicy { +class sepol_impl { avtab_ptr_t find_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xperms); avtab_ptr_t insert_avtab_node(avtab_key_t *key); avtab_ptr_t get_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xperms); @@ -31,12 +30,13 @@ struct sepol_impl : public sepolicy { bool add_typeattribute(const char *type, const char *attr); sepol_impl(policydb *db) : db(db) {} - ~sepol_impl(); policydb *db; -private: std::map> class_perm_names; -}; -#define impl reinterpret_cast(this) + friend struct sepolicy; + +public: + ~sepol_impl(); +}; diff --git a/native/src/sepolicy/policydb.cpp b/native/src/sepolicy/policydb.cpp index c23b387c2..b3bbc8512 100644 --- a/native/src/sepolicy/policydb.cpp +++ b/native/src/sepolicy/policydb.cpp @@ -1,3 +1,5 @@ +#include "include/sepolicy.hpp" + #include #include #include @@ -8,7 +10,6 @@ #include #include -#include "policy.hpp" #define SHALEN 64 static bool cmp_sha256(const char *a, const char *b) { @@ -78,7 +79,7 @@ static void load_cil(struct cil_db *db, const char *file) { LOGD("cil_add [%s]\n", file); } -sepolicy *sepolicy::from_data(char *data, size_t len) { +std::unique_ptr sepolicy::from_data(char *data, size_t len) noexcept { LOGD("Load policy from data\n"); policy_file_t pf; @@ -93,32 +94,29 @@ sepolicy *sepolicy::from_data(char *data, size_t len) { free(db); return nullptr; } - - auto sepol = new sepol_impl(db); - return sepol; + return std::make_unique(sepolicy{.impl{new sepol_impl(db)}}); } -sepolicy *sepolicy::from_file(const char *file) { - LOGD("Load policy from: %s\n", file); +std::unique_ptr sepolicy::from_file(::rust::Utf8CStr file) noexcept { + LOGD("Load policy from: %.*s\n", static_cast(file.size()), file.data()); policy_file_t pf; policy_file_init(&pf); - auto fp = xopen_file(file, "re"); + auto fp = xopen_file(file.data(), "re"); pf.fp = fp.get(); pf.type = PF_USE_STDIO; auto db = static_cast(malloc(sizeof(policydb_t))); if (policydb_init(db) || policydb_read(db, &pf, 0)) { - LOGE("Fail to load policy from %s\n", file); + LOGE("Fail to load policy from %.*s\n", static_cast(file.size()), file.data()); free(db); return nullptr; } - auto sepol = new sepol_impl(db); - return sepol; + return std::make_unique(sepolicy{.impl{new sepol_impl(db)}}); } -sepolicy *sepolicy::compile_split() { +std::unique_ptr sepolicy::compile_split() noexcept { char path[128], plat_ver[10]; cil_db_t *db = nullptr; sepol_policydb_t *pdb = nullptr; @@ -212,12 +210,10 @@ sepolicy *sepolicy::compile_split() { return nullptr; if (cil_build_policydb(db, &pdb)) return nullptr; - - auto sepol = new sepol_impl(&pdb->p); - return sepol; + return std::make_unique(sepolicy{.impl{new sepol_impl(&pdb->p)}}); } -sepolicy *sepolicy::from_split() { +std::unique_ptr sepolicy::from_split() noexcept { const char *odm_pre = ODM_POLICY_DIR "precompiled_sepolicy"; const char *vend_pre = VEND_POLICY_DIR "precompiled_sepolicy"; if (access(odm_pre, R_OK) == 0 && check_precompiled(odm_pre)) @@ -233,7 +229,7 @@ sepol_impl::~sepol_impl() { free(db); } -bool sepolicy::to_file(const char *file) { +bool sepolicy::to_file(::rust::Utf8CStr file) const noexcept { // No partial writes are allowed to /sys/fs/selinux/load, thus the reason why we // first dump everything into memory, then directly call write system call heap_data data; @@ -248,7 +244,7 @@ bool sepolicy::to_file(const char *file) { return false; } - int fd = xopen(file, O_WRONLY | O_CREAT | O_CLOEXEC, 0644); + int fd = xopen(file.data(), O_WRONLY | O_CREAT | O_CLOEXEC, 0644); if (fd < 0) return false; if (struct stat st{}; xfstat(fd, &st) == 0 && st.st_size > 0) { diff --git a/native/src/sepolicy/rules.rs b/native/src/sepolicy/rules.rs index c4007a197..281c419da 100644 --- a/native/src/sepolicy/rules.rs +++ b/native/src/sepolicy/rules.rs @@ -1,6 +1,5 @@ -use crate::{ffi::Xperm, sepolicy, SepolicyMagisk}; +use crate::{ffi::Xperm, sepolicy}; use base::{set_log_level_state, LogLevel}; -use std::pin::Pin; macro_rules! rules { (@args all) => { @@ -38,7 +37,7 @@ macro_rules! rules { }; (@stmt $self:ident) => {}; (@stmt $self:ident $action:ident($($args:tt),*); $($res:tt)*) => { - $self.as_mut().$action($(rules!(@args $args)),*); + $self.$action($(rules!(@args $args)),*); rules!{@stmt $self $($res)* } }; (use $self:ident; $($res:tt)*) => {{ @@ -46,8 +45,8 @@ macro_rules! rules { }}; } -impl SepolicyMagisk for sepolicy { - fn magisk_rules(mut self: Pin<&mut Self>) { +impl sepolicy { + pub fn magisk_rules(&mut self) { // Temp suppress warnings set_log_level_state(LogLevel::Warn, false); rules! { @@ -138,7 +137,7 @@ impl SepolicyMagisk for sepolicy { } #[cfg(any())] - self.as_mut().strip_dontaudit(); + self.strip_dontaudit(); set_log_level_state(LogLevel::Warn, true); } diff --git a/native/src/sepolicy/sepolicy.cpp b/native/src/sepolicy/sepolicy.cpp index 523f9763e..eaae6a5ef 100644 --- a/native/src/sepolicy/sepolicy.cpp +++ b/native/src/sepolicy/sepolicy.cpp @@ -1,6 +1,6 @@ #include -#include "policy.hpp" +#include "include/sepolicy.hpp" using namespace std; @@ -653,14 +653,14 @@ bool sepol_impl::add_typeattribute(const char *type, const char *attr) { return true; } -void sepolicy::strip_dontaudit() { +void sepolicy::strip_dontaudit() noexcept { avtab_for_each(&impl->db->te_avtab, [=, this](avtab_ptr_t node) { if (node->key.specified == AVTAB_AUDITDENY || node->key.specified == AVTAB_XPERMS_DONTAUDIT) avtab_remove_node(&impl->db->te_avtab, node); }); } -void sepolicy::print_rules() { +void sepolicy::print_rules() const noexcept { hashtab_for_each(impl->db->p_types.table, [&](hashtab_ptr_t node) { type_datum_t *type = auto_cast(node->datum); if (type->flavor == TYPE_ATTRIB) { diff --git a/native/src/sepolicy/statement.rs b/native/src/sepolicy/statement.rs index 6c2dd2223..f8b8467e5 100644 --- a/native/src/sepolicy/statement.rs +++ b/native/src/sepolicy/statement.rs @@ -1,6 +1,6 @@ use std::fmt::{Display, Formatter, Write}; use std::io::stderr; -use std::{iter::Peekable, pin::Pin, vec::IntoIter}; +use std::{iter::Peekable, vec::IntoIter}; use crate::ffi::Xperm; use crate::sepolicy; @@ -228,7 +228,7 @@ fn match_string<'a>(tokens: &mut Tokens<'a>, pattern: &str) -> ParseResult<'a, ( // statement ::= TM ID(s) ID(t) ID(c) ID(d) { sepolicy.type_member(s, t, c, d);}; // statement ::= GF ID(s) ID(t) ID(c) { sepolicy.genfscon(s, t, c); }; fn exec_statement<'a>( - sepolicy: Pin<&mut sepolicy>, + sepolicy: &mut sepolicy, tokens: &mut Tokens<'a>, ) -> ParseResult<'a, ()> { let action = match tokens.next() { @@ -444,16 +444,18 @@ fn tokenize_statement(statement: &str) -> Vec { tokens } -pub fn parse_statement(sepolicy: Pin<&mut sepolicy>, statement: &str) { - let statement = statement.trim(); - if statement.is_empty() || statement.starts_with('#') { - return; - } - let mut tokens = tokenize_statement(statement).into_iter().peekable(); - let result = exec_statement(sepolicy, &mut tokens); - if let Err(e) = result { - warn!("Syntax error in: \"{}\"", statement); - error!("Hint: {}", e); +impl sepolicy { + pub fn parse_statement(self: &mut sepolicy, statement: &str) { + let statement = statement.trim(); + if statement.is_empty() || statement.starts_with('#') { + return; + } + let mut tokens = tokenize_statement(statement).into_iter().peekable(); + let result = exec_statement(self, &mut tokens); + if let Err(e) = result { + warn!("Syntax error in: \"{}\"", statement); + error!("Hint: {}", e); + } } } @@ -598,7 +600,9 @@ allowxperm source target class ioctl * ) } -pub fn print_statement_help() { - format_statement_help(&mut FmtAdaptor(&mut stderr())).ok(); - eprintln!(); +impl sepolicy { + pub fn print_statement_help() { + format_statement_help(&mut FmtAdaptor(&mut stderr())).ok(); + eprintln!(); + } }