android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: add prefix for functions in sepolicy (#49)

Browse Source 
* kernel: add prefix for functions in sepolicy

* ci: fix 5.15 compile error
This commit is contained in:
Ylarod
2023-01-13 20:05:52 +08:00
committed by GitHub
parent dd905a1852
commit 177d6dba15
4 changed files with 115 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/selinux/Makefile
View File

@@ -4,6 +4,6 @@ obj-y += rules.o
ccflags-y += -Wno-implicit-function-declaration -Wno-strict-prototypes -Wno-int-conversion ccflags-y += -Wno-implicit-function-declaration -Wno-strict-prototypes -Wno-int-conversion
ccflags-y += -Wno-macro-redefined -Wno-declaration-after-statement ccflags-y += -Wno-macro-redefined -Wno-declaration-after-statement -Wno-unused-function
ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
ccflags-y += -I$(objtree)/security/selinux ccflags-y += -I$(objtree)/security/selinux

66
kernel/selinux/rules.c
View File

@@ -31,61 +31,61 @@ void apply_kernelsu_rules()
db = &ss->policydb; db = &ss->policydb;
#endif #endif
permissive(db, KERNEL_SU_DOMAIN); ksu_permissive(db, KERNEL_SU_DOMAIN);
typeattribute(db, KERNEL_SU_DOMAIN, "mlstrustedsubject"); ksu_typeattribute(db, KERNEL_SU_DOMAIN, "mlstrustedsubject");
typeattribute(db, KERNEL_SU_DOMAIN, "netdomain"); ksu_typeattribute(db, KERNEL_SU_DOMAIN, "netdomain");
typeattribute(db, KERNEL_SU_DOMAIN, "bluetoothdomain"); ksu_typeattribute(db, KERNEL_SU_DOMAIN, "bluetoothdomain");
// allow all! // allow all!
allow(db, KERNEL_SU_DOMAIN, ALL, ALL, ALL); ksu_allow(db, KERNEL_SU_DOMAIN, ALL, ALL, ALL);
// allow us do any ioctl // allow us do any ioctl
if (db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) { if (db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
allowxperm(db, KERNEL_SU_DOMAIN, ALL, "blk_file", ALL); ksu_allowxperm(db, KERNEL_SU_DOMAIN, ALL, "blk_file", ALL);
allowxperm(db, KERNEL_SU_DOMAIN, ALL, "fifo_file", ALL); ksu_allowxperm(db, KERNEL_SU_DOMAIN, ALL, "fifo_file", ALL);
allowxperm(db, KERNEL_SU_DOMAIN, ALL, "chr_file", ALL); ksu_allowxperm(db, KERNEL_SU_DOMAIN, ALL, "chr_file", ALL);
} }
// we need to save allowlist in /data/adb // we need to save allowlist in /data/adb
allow(db, "kernel", "adb_data_file", "dir", ALL); ksu_allow(db, "kernel", "adb_data_file", "dir", ALL);
allow(db, "kernel", "adb_data_file", "file", ALL); ksu_allow(db, "kernel", "adb_data_file", "file", ALL);
// we may need to do mount on shell // we may need to do mount on shell
allow(db, "kernel", "shell_data_file", "file", ALL); ksu_allow(db, "kernel", "shell_data_file", "file", ALL);
// our ksud triggered by init // our ksud triggered by init
allow(db, "init", "adb_data_file", "file", "execute"); ksu_allow(db, "init", "adb_data_file", "file", "execute");
allow(db, "init", KERNEL_SU_DOMAIN, ALL, ALL); ksu_allow(db, "init", KERNEL_SU_DOMAIN, ALL, ALL);
// copied from Magisk rules // copied from Magisk rules
// suRights // suRights
allow(db, "servicemanager", KERNEL_SU_DOMAIN, "dir", "search"); ksu_allow(db, "servicemanager", KERNEL_SU_DOMAIN, "dir", "search");
allow(db, "servicemanager", KERNEL_SU_DOMAIN, "dir", "read"); ksu_allow(db, "servicemanager", KERNEL_SU_DOMAIN, "dir", "read");
allow(db, "servicemanager", KERNEL_SU_DOMAIN, "file", "open"); ksu_allow(db, "servicemanager", KERNEL_SU_DOMAIN, "file", "open");
allow(db, "servicemanager", KERNEL_SU_DOMAIN, "file", "read"); ksu_allow(db, "servicemanager", KERNEL_SU_DOMAIN, "file", "read");
allow(db, "servicemanager", KERNEL_SU_DOMAIN, "process", "getattr"); ksu_allow(db, "servicemanager", KERNEL_SU_DOMAIN, "process", "getattr");
allow(db, ALL, KERNEL_SU_DOMAIN, "process", "sigchld"); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "process", "sigchld");
// allowLog // allowLog
allow(db, "logd", KERNEL_SU_DOMAIN, "dir", "search"); ksu_allow(db, "logd", KERNEL_SU_DOMAIN, "dir", "search");
allow(db, "logd", KERNEL_SU_DOMAIN, "file", "read"); ksu_allow(db, "logd", KERNEL_SU_DOMAIN, "file", "read");
allow(db, "logd", KERNEL_SU_DOMAIN, "file", "open"); ksu_allow(db, "logd", KERNEL_SU_DOMAIN, "file", "open");
allow(db, "logd", KERNEL_SU_DOMAIN, "file", "getattr"); ksu_allow(db, "logd", KERNEL_SU_DOMAIN, "file", "getattr");
// dumpsys // dumpsys
allow(db, ALL, KERNEL_SU_DOMAIN, "fd", "use"); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "fd", "use");
allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "write"); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "write");
allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "read"); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "read");
allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "open"); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "open");
allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "getattr"); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "fifo_file", "getattr");
// bootctl // bootctl
allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "dir", "search"); ksu_allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "dir", "search");
allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "file", "read"); ksu_allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "file", "read");
allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "file", "open"); ksu_allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "file", "open");
allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "process", "getattr"); ksu_allow(db, "hwservicemanager", KERNEL_SU_DOMAIN, "process", "getattr");
// Allow all binder transactions // Allow all binder transactions
allow(db, ALL, KERNEL_SU_DOMAIN, "binder", ALL); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "binder", ALL);
rcu_read_unlock(); rcu_read_unlock();
} }

92
kernel/selinux/sepolicy.c
View File

@@ -2,6 +2,38 @@
#include "sepolicy.h" #include "sepolicy.h"
#include "../klog.h" #include "../klog.h"
//////////////////////////////////////////////////////
// Declaration
//////////////////////////////////////////////////////
static struct avtab_node* get_avtab_node(struct policydb* db, struct avtab_key *key, struct avtab_extended_perms *xperms);
static bool add_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *p, int effect, bool invert);
static void add_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum *tgt, struct class_datum *cls, struct perm_datum *perm, int effect, bool invert);
static void add_xperm_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum *tgt,
struct class_datum *cls, uint16_t low, uint16_t high, int effect, bool invert);
static bool add_xperm_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *range, int effect, bool invert);
static bool add_type_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *d, int effect);
static bool add_filename_trans(const char *s, const char *t, const char *c, const char *d, const char *o);
static bool add_genfscon(const char *fs_name, const char *path, const char *context);
static bool add_type(struct policydb* db, const char *type_name, bool attr);
static bool set_type_state(struct policydb* db, const char *type_name, bool permissive);
static void add_typeattribute_raw(struct policydb* db, struct type_datum *type, struct type_datum *attr);
static bool add_typeattribute(struct policydb* db, const char *type, const char *attr);
//////////////////////////////////////////////////////
// Implementation
//////////////////////////////////////////////////////
// Invert is adding rules for auditdeny; in other cases, invert is removing rules // Invert is adding rules for auditdeny; in other cases, invert is removing rules
#define strip_av(effect, invert) ((effect == AVTAB_AUDITDENY) == !invert) #define strip_av(effect, invert) ((effect == AVTAB_AUDITDENY) == !invert)
@@ -27,7 +59,7 @@
hash_for_each (avtab.htable, avtab.nslot, cur) \ hash_for_each (avtab.htable, avtab.nslot, cur) \
; ;
struct avtab_node *get_avtab_node(struct policydb *db, struct avtab_key *key, static struct avtab_node *get_avtab_node(struct policydb *db, struct avtab_key *key,
struct avtab_extended_perms *xperms) struct avtab_extended_perms *xperms)
{ {
struct avtab_node *node; struct avtab_node *node;
@@ -81,7 +113,7 @@ struct avtab_node *get_avtab_node(struct policydb *db, struct avtab_key *key,
return node; return node;
} }
bool add_rule(struct policydb *db, const char *s, const char *t, const char *c, static bool add_rule(struct policydb *db, const char *s, const char *t, const char *c,
const char *p, int effect, bool invert) const char *p, int effect, bool invert)
{ {
struct type_datum *src = NULL, *tgt = NULL; struct type_datum *src = NULL, *tgt = NULL;
@@ -132,7 +164,7 @@ bool add_rule(struct policydb *db, const char *s, const char *t, const char *c,
return true; return true;
} }
void add_rule_raw(struct policydb *db, struct type_datum *src, static void add_rule_raw(struct policydb *db, struct type_datum *src,
struct type_datum *tgt, struct class_datum *cls, struct type_datum *tgt, struct class_datum *cls,
struct perm_datum *perm, int effect, bool invert) struct perm_datum *perm, int effect, bool invert)
{ {
@@ -214,7 +246,7 @@ void add_rule_raw(struct policydb *db, struct type_datum *src,
#define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f))) #define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f)))
#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f))) #define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f)))
void add_xperm_rule_raw(struct policydb *db, struct type_datum *src, static void add_xperm_rule_raw(struct policydb *db, struct type_datum *src,
struct type_datum *tgt, struct class_datum *cls, struct type_datum *tgt, struct class_datum *cls,
uint16_t low, uint16_t high, int effect, bool invert) uint16_t low, uint16_t high, int effect, bool invert)
{ {
@@ -306,7 +338,7 @@ void add_xperm_rule_raw(struct policydb *db, struct type_datum *src,
} }
} }
bool add_xperm_rule(struct policydb *db, const char *s, const char *t, static bool add_xperm_rule(struct policydb *db, const char *s, const char *t,
const char *c, const char *range, int effect, bool invert) const char *c, const char *range, int effect, bool invert)
{ {
struct type_datum *src = NULL, *tgt = NULL; struct type_datum *src = NULL, *tgt = NULL;
@@ -354,7 +386,7 @@ bool add_xperm_rule(struct policydb *db, const char *s, const char *t,
return true; return true;
} }
bool add_type_rule(struct policydb *db, const char *s, const char *t, static bool add_type_rule(struct policydb *db, const char *s, const char *t,
const char *c, const char *d, int effect) const char *c, const char *d, int effect)
{ {
struct type_datum *src, *tgt, *def; struct type_datum *src, *tgt, *def;
@@ -393,23 +425,23 @@ bool add_type_rule(struct policydb *db, const char *s, const char *t,
return true; return true;
} }
bool add_filename_trans(const char *s, const char *t, const char *c, static bool add_filename_trans(const char *s, const char *t, const char *c,
const char *d, const char *o) const char *d, const char *o)
{ {
return false; return false;
} }
bool add_genfscon(const char *fs_name, const char *path, const char *context) static bool add_genfscon(const char *fs_name, const char *path, const char *context)
{ {
return false; return false;
} }
bool add_type(struct policydb *db, const char *type_name, bool attr) static bool add_type(struct policydb *db, const char *type_name, bool attr)
{ {
return false; return false;
} }
bool set_type_state(struct policydb *db, const char *type_name, bool permissive) static bool set_type_state(struct policydb *db, const char *type_name, bool permissive)
{ {
struct type_datum *type; struct type_datum *type;
if (type_name == NULL) { if (type_name == NULL) {
@@ -437,7 +469,7 @@ bool set_type_state(struct policydb *db, const char *type_name, bool permissive)
return true; return true;
} }
void add_typeattribute_raw(struct policydb *db, struct type_datum *type, static void add_typeattribute_raw(struct policydb *db, struct type_datum *type,
struct type_datum *attr) struct type_datum *attr)
{ {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
@@ -466,7 +498,7 @@ void add_typeattribute_raw(struct policydb *db, struct type_datum *type,
}; };
} }
bool add_typeattribute(struct policydb *db, const char *type, const char *attr) static bool add_typeattribute(struct policydb *db, const char *type, const char *attr)
{ {
struct type_datum *type_d = symtab_search(&db->p_types, type); struct type_datum *type_d = symtab_search(&db->p_types, type);
if (type_d == NULL) { if (type_d == NULL) {
@@ -490,77 +522,79 @@ bool add_typeattribute(struct policydb *db, const char *type, const char *attr)
return true; return true;
} }
//////////////////////////////////////////////////////////////////////////
// Operation on types // Operation on types
bool type(struct policydb *db, const char *name, const char *attr) bool ksu_type(struct policydb *db, const char *name, const char *attr)
{ {
return add_type(db, name, false) && add_typeattribute(db, name, attr); return add_type(db, name, false) && add_typeattribute(db, name, attr);
} }
bool attribute(struct policydb *db, const char *name) bool ksu_attribute(struct policydb *db, const char *name)
{ {
return add_type(db, name, true); return add_type(db, name, true);
} }
bool permissive(struct policydb *db, const char *type) bool ksu_permissive(struct policydb *db, const char *type)
{ {
return set_type_state(db, type, true); return set_type_state(db, type, true);
} }
bool enforce(struct policydb *db, const char *type) bool ksu_enforce(struct policydb *db, const char *type)
{ {
return set_type_state(db, type, false); return set_type_state(db, type, false);
} }
bool typeattribute(struct policydb *db, const char *type, const char *attr) bool ksu_typeattribute(struct policydb *db, const char *type, const char *attr)
{ {
return add_typeattribute(db, type, attr); return add_typeattribute(db, type, attr);
} }
bool exists(struct policydb *db, const char *type) bool ksu_exists(struct policydb *db, const char *type)
{ {
return symtab_search(&db->p_types, type) != NULL; return symtab_search(&db->p_types, type) != NULL;
} }
// Access vector rules // Access vector rules
bool allow(struct policydb *db, const char *src, const char *tgt, bool ksu_allow(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *perm) const char *cls, const char *perm)
{ {
return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, false); return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, false);
} }
bool deny(struct policydb *db, const char *src, const char *tgt, bool ksu_deny(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *perm) const char *cls, const char *perm)
{ {
return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, true); return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, true);
} }
bool auditallow(struct policydb *db, const char *src, const char *tgt, bool ksu_auditallow(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *perm) const char *cls, const char *perm)
{ {
return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITALLOW, false); return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITALLOW, false);
} }
bool dontaudit(struct policydb *db, const char *src, const char *tgt, bool ksu_dontaudit(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *perm) const char *cls, const char *perm)
{ {
return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITDENY, true); return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITDENY, true);
} }
// Extended permissions access vector rules // Extended permissions access vector rules
bool allowxperm(struct policydb *db, const char *src, const char *tgt, bool ksu_allowxperm(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *range) const char *cls, const char *range)
{ {
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_ALLOWED, return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_ALLOWED,
false); false);
} }
bool auditallowxperm(struct policydb *db, const char *src, const char *tgt, bool ksu_auditallowxperm(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *range) const char *cls, const char *range)
{ {
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_AUDITALLOW, return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_AUDITALLOW,
false); false);
} }
bool dontauditxperm(struct policydb *db, const char *src, const char *tgt, bool ksu_dontauditxperm(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *range) const char *cls, const char *range)
{ {
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_DONTAUDIT, return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_DONTAUDIT,
@@ -568,25 +602,25 @@ bool dontauditxperm(struct policydb *db, const char *src, const char *tgt,
} }
// Type rules // Type rules
bool type_transition(struct policydb *db, const char *src, const char *tgt, bool ksu_type_transition(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *def, const char *obj) const char *cls, const char *def, const char *obj)
{ {
return false; return false;
} }
bool type_change(struct policydb *db, const char *src, const char *tgt, bool ksu_type_change(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *def) const char *cls, const char *def)
{ {
return false; return false;
} }
bool type_member(struct policydb *db, const char *src, const char *tgt, bool ksu_type_member(struct policydb *db, const char *src, const char *tgt,
const char *cls, const char *def) const char *cls, const char *def)
{ {
return false; return false;
} }
// File system labeling // File system labeling
bool genfscon(struct policydb *db, const char *fs_name, const char *path, bool ksu_genfscon(struct policydb *db, const char *fs_name, const char *path,
const char *ctx) const char *ctx)
{ {
return false; return false;

63
kernel/selinux/sepolicy.h
View File

@@ -6,59 +6,32 @@
#include <ss/services.h> #include <ss/services.h>
#include <objsec.h> #include <objsec.h>
// Operation on types // Operation on types
bool type(struct policydb* db, const char* name, const char* attr); bool ksu_type(struct policydb* db, const char* name, const char* attr);
bool attribute(struct policydb* db, const char* name); bool ksu_attribute(struct policydb* db, const char* name);
bool permissive(struct policydb* db, const char* type); bool ksu_permissive(struct policydb* db, const char* type);
bool enforce(struct policydb* db, const char* type); bool ksu_enforce(struct policydb* db, const char* type);
bool typeattribute(struct policydb* db, const char* type, const char* attr); bool ksu_typeattribute(struct policydb* db, const char* type, const char* attr);
bool exists(struct policydb* db, const char* type); bool ksu_exists(struct policydb* db, const char* type);
// Access vector rules // Access vector rules
bool allow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm); bool ksu_allow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
bool deny(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm); bool ksu_deny(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
bool auditallow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm); bool ksu_auditallow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
bool dontaudit(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm); bool ksu_dontaudit(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
// Extended permissions access vector rules // Extended permissions access vector rules
bool allowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range); bool ksu_allowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range);
bool auditallowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range); bool ksu_auditallowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range);
bool dontauditxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range); bool ksu_dontauditxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range);
// Type rules // Type rules
bool type_transition(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def, const char* obj); bool ksu_type_transition(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def, const char* obj);
bool type_change(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def); bool ksu_type_change(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def);
bool type_member(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def); bool ksu_type_member(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def);
// File system labeling // File system labeling
bool genfscon(struct policydb* db, const char* fs_name, const char* path, const char* ctx); bool ksu_genfscon(struct policydb* db, const char* fs_name, const char* path, const char* ctx);
//////////////////////////////////////////////////////
// Internal use
//////////////////////////////////////////////////////
struct avtab_node* get_avtab_node(struct policydb* db, struct avtab_key *key, struct avtab_extended_perms *xperms);
bool add_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *p, int effect, bool invert);
void add_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum *tgt, struct class_datum *cls, struct perm_datum *perm, int effect, bool invert);
void add_xperm_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum *tgt,
struct class_datum *cls, uint16_t low, uint16_t high, int effect, bool invert);
bool add_xperm_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *range, int effect, bool invert);
bool add_type_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *d, int effect);
bool add_filename_trans(const char *s, const char *t, const char *c, const char *d, const char *o);
bool add_genfscon(const char *fs_name, const char *path, const char *context);
bool add_type(struct policydb* db, const char *type_name, bool attr);
bool set_type_state(struct policydb* db, const char *type_name, bool permissive);
void add_typeattribute_raw(struct policydb* db, struct type_datum *type, struct type_datum *attr);
bool add_typeattribute(struct policydb* db, const char *type, const char *attr);
#endif #endif