ksud: support root profile's sepolicy

2023-07-01 16:34:43 +08:00
parent 90407986be
commit 2bb73a2a92
4 changed files with 102 additions and 0 deletions
--- a/userspace/ksud/src/cli.rs
+++ b/userspace/ksud/src/cli.rs
@@ -42,6 +42,12 @@ enum Commands {
        command: Sepolicy,
    },

+    /// Manage App Profiles
+    Profile {
+        #[command(subcommand)]
+        command: Profile,
+    },
+
    /// For developers
    Debug {
        #[command(subcommand)]
@@ -126,6 +132,40 @@ enum Module {
    List,
 }

+#[derive(clap::Subcommand, Debug)]
+enum Profile {
+    /// get root profile's selinux policy of <package-name>
+    GetSepolicy {
+        /// package name
+        package: String,
+    },
+
+    /// set root profile's selinux policy of <package-name> to <profile>
+    SetSepolicy {
+        /// package name
+        package: String,
+        /// policy statements
+        policy: String,
+    },
+
+    /// get template of <package-name>
+    GetTemplate {
+        /// package name
+        package: String,
+    },
+
+    /// set template of <package-name> to <template>
+    SetTemplate {
+        /// package name
+        package: String,
+        /// template
+        template: String,
+    },
+
+    /// list all templates
+    ListTemplates,
+}
+
 pub fn run() -> Result<()> {
    #[cfg(target_os = "android")]
    android_logger::init_once(
@@ -172,6 +212,17 @@ pub fn run() -> Result<()> {
            Sepolicy::Check { sepolicy } => crate::sepolicy::check_rule(&sepolicy),
        },
        Commands::Services => event::on_services(),
+        Commands::Profile { command } => match command {
+            Profile::GetSepolicy { package } => crate::profile::get_sepolicy(package),
+            Profile::SetSepolicy { package, policy } => {
+                crate::profile::set_sepolicy(package, policy)
+            }
+            Profile::GetTemplate { package } => crate::profile::get_template(package),
+            Profile::SetTemplate { package, template } => {
+                crate::profile::set_template(package, template)
+            }
+            Profile::ListTemplates => crate::profile::list_templates(),
+        },

        Commands::Debug { command } => match command {
            Debug::SetManager { apk } => debug::set_manager(&apk),
--- a/userspace/ksud/src/defs.rs
+++ b/userspace/ksud/src/defs.rs
@@ -5,6 +5,10 @@ pub const WORKING_DIR: &str = concatcp!(ADB_DIR, "ksu/");
 pub const BINARY_DIR: &str = concatcp!(WORKING_DIR, "bin/");
 pub const LOG_DIR: &str = concatcp!(WORKING_DIR, "log/");

+pub const PROFILE_DIR: &str = concatcp!(WORKING_DIR, "profile/");
+pub const PROFILE_SELINUX_DIR: &str = concatcp!(PROFILE_DIR, "selinux/");
+pub const PROFILE_TEMPLATE_DIR: &str = concatcp!(PROFILE_DIR, "templates/");
+
 pub const KSURC_PATH: &str = concatcp!(WORKING_DIR, ".ksurc");
 pub const KSU_OVERLAY_SOURCE: &str = "KSU";
 pub const DAEMON_PATH: &str = concatcp!(ADB_DIR, "ksud");
--- a/userspace/ksud/src/main.rs
+++ b/userspace/ksud/src/main.rs
@@ -7,6 +7,7 @@ mod event;
 mod ksu;
 mod module;
 mod mount;
+mod profile;
 mod restorecon;
 mod sepolicy;
 mod utils;
--- a/userspace/ksud/src/profile.rs
+++ b/userspace/ksud/src/profile.rs
@@ -0,0 +1,46 @@
+use crate::defs;
+use crate::utils::ensure_dir_exists;
+use anyhow::Result;
+use std::path::Path;
+
+pub fn set_sepolicy(pkg: String, policy: String) -> Result<()> {
+    ensure_dir_exists(defs::PROFILE_SELINUX_DIR)?;
+    let policy_file = Path::new(defs::PROFILE_SELINUX_DIR).join(pkg);
+    std::fs::write(policy_file, policy)?;
+    Ok(())
+}
+
+pub fn get_sepolicy(pkg: String) -> Result<()> {
+    ensure_dir_exists(defs::PROFILE_SELINUX_DIR)?;
+    let policy_file = Path::new(defs::PROFILE_SELINUX_DIR).join(pkg);
+    let policy = std::fs::read_to_string(policy_file)?;
+    println!("{policy}");
+    Ok(())
+}
+
+pub fn set_template(name: String, template: String) -> Result<()> {
+    ensure_dir_exists(defs::PROFILE_TEMPLATE_DIR)?;
+    let template_file = Path::new(defs::PROFILE_TEMPLATE_DIR).join(name);
+    std::fs::write(template_file, template)?;
+    Ok(())
+}
+
+pub fn get_template(name: String) -> Result<()> {
+    ensure_dir_exists(defs::PROFILE_TEMPLATE_DIR)?;
+    let template_file = Path::new(defs::PROFILE_TEMPLATE_DIR).join(name);
+    let template = std::fs::read_to_string(template_file)?;
+    println!("{template}");
+    Ok(())
+}
+
+pub fn list_templates() -> Result<()> {
+    let templates = std::fs::read_dir(defs::PROFILE_TEMPLATE_DIR)?;
+    for template in templates {
+        let template = template?;
+        let template = template.file_name();
+        if let Some(template) = template.to_str() {
+            println!("{template}");
+        };
+    }
+    Ok(())
+}