android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ksud: support sepolicy check

Browse Source
This commit is contained in:
tiann
2023-02-03 13:16:17 +08:00
parent 430c2e709f
commit 70b8b43b48
3 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
userspace/ksud/src/cli.rs
View File

@@ -89,6 +89,12 @@ enum Sepolicy {
/// sepolicy file path /// sepolicy file path
file: String, file: String,
}, },
/// Check if sepolicy statement is supported/valid
Check {
/// sepolicy statements
sepolicy: String,
},
} }
#[derive(clap::Subcommand, Debug)] #[derive(clap::Subcommand, Debug)]
@@ -152,6 +158,7 @@ pub fn run() -> Result<()> {
Commands::Sepolicy { command } => match command { Commands::Sepolicy { command } => match command {
Sepolicy::Patch { sepolicy } => crate::sepolicy::live_patch(&sepolicy), Sepolicy::Patch { sepolicy } => crate::sepolicy::live_patch(&sepolicy),
Sepolicy::Apply { file } => crate::sepolicy::apply_file(file), Sepolicy::Apply { file } => crate::sepolicy::apply_file(file),
Sepolicy::Check { sepolicy } => crate::sepolicy::check_rule(&sepolicy),
}, },
Commands::Services => event::on_services(), Commands::Services => event::on_services(),

2
userspace/ksud/src/module.rs
View File

@@ -529,7 +529,7 @@ where
let result = func(id, update_dir); let result = func(id, update_dir);
if let Err(e) = std::fs::rename(modules_update_tmp_img, defs::MODULE_UPDATE_IMG) { if let Err(e) = std::fs::rename(modules_update_tmp_img, defs::MODULE_UPDATE_IMG) {
warn!("Rename image failed, try copy it."); warn!("Rename image failed: {e}, try copy it.");
std::fs::copy(modules_update_tmp_img, defs::MODULE_UPDATE_IMG) std::fs::copy(modules_update_tmp_img, defs::MODULE_UPDATE_IMG)
.with_context(|| "Failed to copy image.".to_string())?; .with_context(|| "Failed to copy image.".to_string())?;
let _ = std::fs::remove_file(modules_update_tmp_img); let _ = std::fs::remove_file(modules_update_tmp_img);

19
userspace/ksud/src/sepolicy.rs
View File

@@ -692,7 +692,7 @@ impl From<AtomicStatement> for FfiPolicy {
} }
#[cfg(unix)] #[cfg(unix)]
fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>) -> Result<()> { fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>, strict: bool) -> Result<()> {
let policies: Vec<AtomicStatement> = statement.try_into()?; let policies: Vec<AtomicStatement> = statement.try_into()?;
for policy in policies { for policy in policies {
@@ -710,7 +710,10 @@ fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>) -> Result<()> {
} }
if result != crate::ksu::KERNEL_SU_OPTION { if result != crate::ksu::KERNEL_SU_OPTION {
log::warn!("apply rule failed: {result}"); log::warn!("apply rule: {:?} failed.", statement);
if strict {
return Err(anyhow::anyhow!("apply rule {:?} failed.", statement));
}
} }
} }
@@ -718,7 +721,7 @@ fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>) -> Result<()> {
} }
#[cfg(not(unix))] #[cfg(not(unix))]
fn apply_one_rule<'a>(_statement: &'a PolicyStatement<'a>) -> Result<()> { fn apply_one_rule<'a>(_statement: &'a PolicyStatement<'a>, _strict: bool) -> Result<()> {
unimplemented!() unimplemented!()
} }
@@ -726,7 +729,7 @@ pub fn live_patch(policy: &str) -> Result<()> {
let result = parse_sepolicy(policy.trim()); let result = parse_sepolicy(policy.trim());
for statement in result { for statement in result {
println!("{statement:?}"); println!("{statement:?}");
apply_one_rule(&statement)?; apply_one_rule(&statement, false)?;
} }
Ok(()) Ok(())
} }
@@ -735,3 +738,11 @@ pub fn apply_file<P: AsRef<Path>>(path: P) -> Result<()> {
let input = std::fs::read_to_string(path)?; let input = std::fs::read_to_string(path)?;
live_patch(&input) live_patch(&input)
} }
pub fn check_rule(policy: &str) -> Result<()> {
let result = parse_sepolicy(policy.trim());
for statement in result {
apply_one_rule(&statement, true)?;
}
Ok(())
}