android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ksud: support root profile's sepolicy

Browse Source
This commit is contained in:
weishu
2023-07-01 16:34:43 +08:00
parent 90407986be
commit 2bb73a2a92
4 changed files with 102 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
userspace/ksud/src/cli.rs
View File

@@ -42,6 +42,12 @@ enum Commands {
command: Sepolicy, command: Sepolicy,
}, },
/// Manage App Profiles
Profile {
#[command(subcommand)]
command: Profile,
},
/// For developers /// For developers
Debug { Debug {
#[command(subcommand)] #[command(subcommand)]
@@ -126,6 +132,40 @@ enum Module {
List, List,
} }
#[derive(clap::Subcommand, Debug)]
enum Profile {
/// get root profile's selinux policy of <package-name>
GetSepolicy {
/// package name
package: String,
},
/// set root profile's selinux policy of <package-name> to <profile>
SetSepolicy {
/// package name
package: String,
/// policy statements
policy: String,
},
/// get template of <package-name>
GetTemplate {
/// package name
package: String,
},
/// set template of <package-name> to <template>
SetTemplate {
/// package name
package: String,
/// template
template: String,
},
/// list all templates
ListTemplates,
}
pub fn run() -> Result<()> { pub fn run() -> Result<()> {
#[cfg(target_os = "android")] #[cfg(target_os = "android")]
android_logger::init_once( android_logger::init_once(
@@ -172,6 +212,17 @@ pub fn run() -> Result<()> {
Sepolicy::Check { sepolicy } => crate::sepolicy::check_rule(&sepolicy), Sepolicy::Check { sepolicy } => crate::sepolicy::check_rule(&sepolicy),
}, },
Commands::Services => event::on_services(), Commands::Services => event::on_services(),
Commands::Profile { command } => match command {
Profile::GetSepolicy { package } => crate::profile::get_sepolicy(package),
Profile::SetSepolicy { package, policy } => {
crate::profile::set_sepolicy(package, policy)
}
Profile::GetTemplate { package } => crate::profile::get_template(package),
Profile::SetTemplate { package, template } => {
crate::profile::set_template(package, template)
}
Profile::ListTemplates => crate::profile::list_templates(),
},
Commands::Debug { command } => match command { Commands::Debug { command } => match command {
Debug::SetManager { apk } => debug::set_manager(&apk), Debug::SetManager { apk } => debug::set_manager(&apk),

4
userspace/ksud/src/defs.rs
View File

@@ -5,6 +5,10 @@ pub const WORKING_DIR: &str = concatcp!(ADB_DIR, "ksu/");
pub const BINARY_DIR: &str = concatcp!(WORKING_DIR, "bin/"); pub const BINARY_DIR: &str = concatcp!(WORKING_DIR, "bin/");
pub const LOG_DIR: &str = concatcp!(WORKING_DIR, "log/"); pub const LOG_DIR: &str = concatcp!(WORKING_DIR, "log/");
pub const PROFILE_DIR: &str = concatcp!(WORKING_DIR, "profile/");
pub const PROFILE_SELINUX_DIR: &str = concatcp!(PROFILE_DIR, "selinux/");
pub const PROFILE_TEMPLATE_DIR: &str = concatcp!(PROFILE_DIR, "templates/");
pub const KSURC_PATH: &str = concatcp!(WORKING_DIR, ".ksurc"); pub const KSURC_PATH: &str = concatcp!(WORKING_DIR, ".ksurc");
pub const KSU_OVERLAY_SOURCE: &str = "KSU"; pub const KSU_OVERLAY_SOURCE: &str = "KSU";
pub const DAEMON_PATH: &str = concatcp!(ADB_DIR, "ksud"); pub const DAEMON_PATH: &str = concatcp!(ADB_DIR, "ksud");

1
userspace/ksud/src/main.rs
View File

@@ -7,6 +7,7 @@ mod event;
mod ksu; mod ksu;
mod module; mod module;
mod mount; mod mount;
mod profile;
mod restorecon; mod restorecon;
mod sepolicy; mod sepolicy;
mod utils; mod utils;

46
userspace/ksud/src/profile.rs Normal file
View File

@@ -0,0 +1,46 @@
use crate::defs;
use crate::utils::ensure_dir_exists;
use anyhow::Result;
use std::path::Path;
pub fn set_sepolicy(pkg: String, policy: String) -> Result<()> {
ensure_dir_exists(defs::PROFILE_SELINUX_DIR)?;
let policy_file = Path::new(defs::PROFILE_SELINUX_DIR).join(pkg);
std::fs::write(policy_file, policy)?;
Ok(())
}
pub fn get_sepolicy(pkg: String) -> Result<()> {
ensure_dir_exists(defs::PROFILE_SELINUX_DIR)?;
let policy_file = Path::new(defs::PROFILE_SELINUX_DIR).join(pkg);
let policy = std::fs::read_to_string(policy_file)?;
println!("{policy}");
Ok(())
}
pub fn set_template(name: String, template: String) -> Result<()> {
ensure_dir_exists(defs::PROFILE_TEMPLATE_DIR)?;
let template_file = Path::new(defs::PROFILE_TEMPLATE_DIR).join(name);
std::fs::write(template_file, template)?;
Ok(())
}
pub fn get_template(name: String) -> Result<()> {
ensure_dir_exists(defs::PROFILE_TEMPLATE_DIR)?;
let template_file = Path::new(defs::PROFILE_TEMPLATE_DIR).join(name);
let template = std::fs::read_to_string(template_file)?;
println!("{template}");
Ok(())
}
pub fn list_templates() -> Result<()> {
let templates = std::fs::read_dir(defs::PROFILE_TEMPLATE_DIR)?;
for template in templates {
let template = template?;
let template = template.file_name();
if let Some(template) = template.to_str() {
println!("{template}");
};
}
Ok(())
}