ksud: support module sepolicy.rule

2023-01-31 21:58:55 +08:00
parent 62be9eb589
commit b7ff6b1a51
3 changed files with 33 additions and 3 deletions
--- a/userspace/ksud/src/module.rs
+++ b/userspace/ksud/src/module.rs
@@ -1,4 +1,4 @@
-use crate::{defs, restorecon};
+use crate::{defs, restorecon, sepolicy};
 use crate::{restorecon::setsyscon, utils::*};

 use const_format::concatcp;
@@ -171,6 +171,31 @@ fn is_executable(path: &Path) -> bool {
        )
 }

+pub fn load_sepolicy_rule() -> Result<()> {
+    let modules_dir = Path::new(defs::MODULE_DIR);
+    let dir = std::fs::read_dir(modules_dir)?;
+    for entry in dir.flatten() {
+        let path = entry.path();
+        let disabled = path.join(defs::DISABLE_FILE_NAME);
+        if disabled.exists() {
+            println!("{} is disabled, skip", path.display());
+            continue;
+        }
+
+        let rule_file = path.join("sepolicy.rule");
+        if !rule_file.exists() {
+            continue;
+        }
+        println!("load policy: {}", &rule_file.display());
+
+        if sepolicy::apply_file(&rule_file).is_err() {
+            println!("Failed to load sepolicy.rule for {}", &rule_file.display());
+        }
+    }
+
+    Ok(())
+}
+
 /// execute every modules' post-fs-data.sh
 pub fn exec_post_fs_data() -> Result<()> {
    let modules_dir = Path::new(defs::MODULE_DIR);