2
* Copyright (c) 2010 - 2012
3
* Canonical Ltd. (All rights reserved)
5
* This program is free software; you can redistribute it and/or
6
* modify it under the terms of version 2 of the GNU General Public
7
* License published by the Free Software Foundation.
9
* This program is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
* GNU General Public License for more details.
14
* You should have received a copy of the GNU General Public License
15
* along with this program; if not, contact Novell, Inc. or Canonical,
23
/* Policy versioning is determined by a combination of 3 values:
24
* policy_version: version of txt policy
25
* parser_abi_version: version of abi revision of policy generated by parser
26
* kernel_abi_version: version of abi revision for the kernel
28
* The version info is stored in a single 32 bit version field in the
29
* header portion of each binary policy file.
32
* a gross revision number indicating what features and semantics are
33
* expected by the text policy. This does not necessarily map directly
34
* to a feature set as a kernel may not have all the supported features
37
* policy_version is not supported by kernels that only support v5
38
* kernel abi, so it will not be written when creating policy for
42
* should be set to the highest version supported by both the parser and
44
* This allows new kernels to detect old userspaces, and new parsers
45
* to support old kernels and policies semantics.
48
* should be bumped when a compiler error or some other event happens
49
* and policy cache needs to be forced to be recomputed, when the
50
* policy_version or kernel version has not changed.
52
* parser_abi_version is not supported by kernels that only support
53
* v5 kernel abi so it will not be written when creating policy for those
56
* Default values set to v5 kernel abi before the different versioning
57
* numbers where supported.
59
uint32_t policy_version = 2;
60
uint32_t parser_abi_version = 2;
61
uint32_t kernel_abi_version = 5;
63
int force_complain = 0;
64
int perms_create = 0; /* perms contain create flag */
65
int net_af_max_override = -1; /* use kernel to determine af_max */
67
int kernel_supports_setload = 0; /* kernel supports atomic set loads */
68
int kernel_supports_network = 0; /* kernel supports network rules */
69
int kernel_supports_unix = 0; /* kernel supports unix socket rules */
70
int kernel_supports_policydb = 0; /* kernel supports new policydb */
71
int kernel_supports_mount = 0; /* kernel supports mount rules */
72
int kernel_supports_dbus = 0; /* kernel supports dbus rules */
73
int kernel_supports_diff_encode = 0; /* kernel supports diff_encode */
74
int kernel_supports_signal = 0; /* kernel supports signal rules */
75
int kernel_supports_ptrace = 0; /* kernel supports ptrace rules */
76
int kernel_supports_stacking = 0; /* kernel supports stacking */
80
int current_lineno = 1;
81
int option = OPTION_ADD;
83
dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_DIFF_ENCODE);
84
dfaflags_t warnflags = 0;
86
const char *progname = __FILE__;
87
char *profile_ns = NULL;
88
char *profilename = NULL;
89
char *current_filename = NULL;
93
#ifdef FORCE_READ_IMPLIES_EXEC
94
int read_implies_exec = 1;
96
int read_implies_exec = 0;
99
void pwarn(const char *fmt, ...)
104
if (conf_quiet || names_only || option == OPTION_REMOVE)
107
if (asprintf(&newfmt, _("Warning from %s (%s%sline %d): %s"),
108
profilename ? profilename : "stdin",
109
current_filename ? current_filename : "",
110
current_filename ? " " : "",
116
vfprintf(stderr, newfmt, arg);