#include <regex>
#include <string>
#include <vector>
+#include <stdexcept>
#include <grp.h>
#include <sys/types.h>
namespace SecurityManagerTest {
+namespace {
+
+PolicyConfiguration::SmackPrivRulesMap parsePrivilegeSmackList() {
+ constexpr char PRIVILEGE[] = "~PRIVILEGE~";
+ PolicyConfiguration::SmackPrivRulesMap privilegeRules;
+
+ std::ifstream templateFile(CONF_DIR "privilege-smack.list");
+
+ if (templateFile.fail())
+ return privilegeRules;
+
+ try {
+ std::string line;
+ while (getline(templateFile, line)) {
+ if (line.empty() || line[0] == '#')
+ continue;
+
+ std::string privilege, label, rulesFileName;
+ std::istringstream stream(line);
+ stream >> privilege >> label >> rulesFileName;
+
+ if (rulesFileName == "default")
+ rulesFileName = "priv-rules-default-template.smack";
+
+ std::ifstream rulesFile(std::string(CONF_DIR) + "privilege-mapping/" + rulesFileName);
+ std::string object, subject, access;
+ while (rulesFile >> subject >> object >> access) {
+ if (object.empty() || subject.empty())
+ throw std::runtime_error("Malformed rule");
+
+ // ignore
+ if (object.front() != '~' || subject.front() != '~')
+ continue;
+
+ if (object == PRIVILEGE)
+ object = label;
+ if (subject == PRIVILEGE)
+ subject = label;
+ privilegeRules[privilege].emplace_back(std::move(subject),
+ std::move(object),
+ std::move(access));
+ }
+ }
+ } catch (const std::exception&) {
+ privilegeRules.clear();
+ }
+ return privilegeRules;
+}
+
+} // namespace anonymous
+
gid_t nameToGid(const char *name) {
struct group entry, *gresult;
char buffer[1024];
return CONF_DIR "app-rules-template.smack";
}
+const PolicyConfiguration::SmackPrivRulesMap& PolicyConfiguration::getSmackPrivRulesMap() {
+ const static auto smackPrivRulesMap = parsePrivilegeSmackList();
+ return smackPrivRulesMap;
+}
+
} // namespace SecurityManagerTest