diff --git a/userspace/ksud/src/installer.sh b/userspace/ksud/src/installer.sh index 62e34405..f75d2902 100644 --- a/userspace/ksud/src/installer.sh +++ b/userspace/ksud/src/installer.sh @@ -71,6 +71,11 @@ print_title() { ui_print "$bar" } +check_sepolicy() { + /data/adb/ksud sepolicy check "$1" + return $? +} + ###################### # Environment Related ###################### diff --git a/userspace/ksud/src/sepolicy.rs b/userspace/ksud/src/sepolicy.rs index c8eec1a9..6d266207 100644 --- a/userspace/ksud/src/sepolicy.rs +++ b/userspace/ksud/src/sepolicy.rs @@ -1,4 +1,4 @@ -use anyhow::Result; +use anyhow::{Result, bail}; use derive_new::new; use nom::{ branch::alt, @@ -345,7 +345,7 @@ impl<'a> PolicyStatement<'a> { } } -fn parse_sepolicy<'a, 'b>(input: &'b str) -> Vec> +fn parse_sepolicy<'a, 'b>(input: &'b str, strict: bool) -> Result>> where 'b: 'a, { @@ -354,9 +354,11 @@ where for line in input.split(['\n', ';']) { if let Ok((_, statement)) = PolicyStatement::parse(line.trim()) { statements.push(statement); + } else if strict { + bail!("Failed to parse policy statement: {}", line) } } - statements + Ok(statements) } const SEPOLICY_MAX_LEN: usize = 128; @@ -726,7 +728,7 @@ fn apply_one_rule<'a>(_statement: &'a PolicyStatement<'a>, _strict: bool) -> Res } pub fn live_patch(policy: &str) -> Result<()> { - let result = parse_sepolicy(policy.trim()); + let result = parse_sepolicy(policy.trim(), false)?; for statement in result { println!("{statement:?}"); apply_one_rule(&statement, false)?; @@ -740,7 +742,13 @@ pub fn apply_file>(path: P) -> Result<()> { } pub fn check_rule(policy: &str) -> Result<()> { - let result = parse_sepolicy(policy.trim()); + let path = Path::new(policy); + let policy = if path.exists() { + std::fs::read_to_string(path)? + } else { + policy.to_string() + }; + let result = parse_sepolicy(policy.trim(), true)?; for statement in result { apply_one_rule(&statement, true)?; }