From 9ca8dbcc65cfc63d6f5ef3312a33184e1d726e00 Mon Sep 17 00:00:00 2001
From: Yunhong Jiang <yunhong.jiang@intel.com>
Date: Tue, 4 Aug 2015 12:17:53 -0700
Subject: Add the rt linux 4.1.3-rt3 as base

Import the rt linux 4.1.3-rt3 as OPNFV kvm base.

It's from git://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-rt-devel.git linux-4.1.y-rt and
the base is:

commit 0917f823c59692d751951bf5ea699a2d1e2f26a2
Author: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Date:   Sat Jul 25 12:13:34 2015 +0200

    Prepare v4.1.3-rt3

    Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

We lose all the git history this way and it's not good. We
should apply another opnfv project repo in future.

Change-Id: I87543d81c9df70d99c5001fbdf646b202c19f423
Signed-off-by: Yunhong Jiang <yunhong.jiang@intel.com>
---
 kernel/scripts/selinux/genheaders/.gitignore   |   1 +
 kernel/scripts/selinux/genheaders/Makefile     |   4 +
 kernel/scripts/selinux/genheaders/genheaders.c | 138 +++++++++++++++++++++++++
 3 files changed, 143 insertions(+)
 create mode 100644 kernel/scripts/selinux/genheaders/.gitignore
 create mode 100644 kernel/scripts/selinux/genheaders/Makefile
 create mode 100644 kernel/scripts/selinux/genheaders/genheaders.c

(limited to 'kernel/scripts/selinux/genheaders')

diff --git a/kernel/scripts/selinux/genheaders/.gitignore b/kernel/scripts/selinux/genheaders/.gitignore
new file mode 100644
index 000000000..4c0b646ff
--- /dev/null
+++ b/kernel/scripts/selinux/genheaders/.gitignore
@@ -0,0 +1 @@
+genheaders
diff --git a/kernel/scripts/selinux/genheaders/Makefile b/kernel/scripts/selinux/genheaders/Makefile
new file mode 100644
index 000000000..1d1ac5135
--- /dev/null
+++ b/kernel/scripts/selinux/genheaders/Makefile
@@ -0,0 +1,4 @@
+hostprogs-y	:= genheaders
+HOST_EXTRACFLAGS += -Isecurity/selinux/include
+
+always		:= $(hostprogs-y)
diff --git a/kernel/scripts/selinux/genheaders/genheaders.c b/kernel/scripts/selinux/genheaders/genheaders.c
new file mode 100644
index 000000000..539855ff3
--- /dev/null
+++ b/kernel/scripts/selinux/genheaders/genheaders.c
@@ -0,0 +1,138 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+
+struct security_class_mapping {
+	const char *name;
+	const char *perms[sizeof(unsigned) * 8 + 1];
+};
+
+#include "classmap.h"
+#include "initial_sid_to_string.h"
+
+#define max(x, y) (((int)(x) > (int)(y)) ? x : y)
+
+const char *progname;
+
+static void usage(void)
+{
+	printf("usage: %s flask.h av_permissions.h\n", progname);
+	exit(1);
+}
+
+static char *stoupperx(const char *s)
+{
+	char *s2 = strdup(s);
+	char *p;
+
+	if (!s2) {
+		fprintf(stderr, "%s:  out of memory\n", progname);
+		exit(3);
+	}
+
+	for (p = s2; *p; p++)
+		*p = toupper(*p);
+	return s2;
+}
+
+int main(int argc, char *argv[])
+{
+	int i, j, k;
+	int isids_len;
+	FILE *fout;
+	const char *needle = "SOCKET";
+	char *substr;
+
+	progname = argv[0];
+
+	if (argc < 3)
+		usage();
+
+	fout = fopen(argv[1], "w");
+	if (!fout) {
+		fprintf(stderr, "Could not open %s for writing:  %s\n",
+			argv[1], strerror(errno));
+		exit(2);
+	}
+
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		map->name = stoupperx(map->name);
+		for (j = 0; map->perms[j]; j++)
+			map->perms[j] = stoupperx(map->perms[j]);
+	}
+
+	isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
+	for (i = 1; i < isids_len; i++)
+		initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);
+
+	fprintf(fout, "/* This file is automatically generated.  Do not edit. */\n");
+	fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
+
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		fprintf(fout, "#define SECCLASS_%s", map->name);
+		for (j = 0; j < max(1, 40 - strlen(map->name)); j++)
+			fprintf(fout, " ");
+		fprintf(fout, "%2d\n", i+1);
+	}
+
+	fprintf(fout, "\n");
+
+	for (i = 1; i < isids_len; i++) {
+		const char *s = initial_sid_to_string[i];
+		fprintf(fout, "#define SECINITSID_%s", s);
+		for (j = 0; j < max(1, 40 - strlen(s)); j++)
+			fprintf(fout, " ");
+		fprintf(fout, "%2d\n", i);
+	}
+	fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
+	fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
+	fprintf(fout, "{\n");
+	fprintf(fout, "\tbool sock = false;\n\n");
+	fprintf(fout, "\tswitch (kern_tclass) {\n");
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		substr = strstr(map->name, needle);
+		if (substr && strcmp(substr, needle) == 0)
+			fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
+	}
+	fprintf(fout, "\t\tsock = true;\n");
+	fprintf(fout, "\t\tbreak;\n");
+	fprintf(fout, "\tdefault:\n");
+	fprintf(fout, "\t\tbreak;\n");
+	fprintf(fout, "\t}\n\n");
+	fprintf(fout, "\treturn sock;\n");
+	fprintf(fout, "}\n");
+
+	fprintf(fout, "\n#endif\n");
+	fclose(fout);
+
+	fout = fopen(argv[2], "w");
+	if (!fout) {
+		fprintf(stderr, "Could not open %s for writing:  %s\n",
+			argv[2], strerror(errno));
+		exit(4);
+	}
+
+	fprintf(fout, "/* This file is automatically generated.  Do not edit. */\n");
+	fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
+
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		for (j = 0; map->perms[j]; j++) {
+			fprintf(fout, "#define %s__%s", map->name,
+				map->perms[j]);
+			for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
+				fprintf(fout, " ");
+			fprintf(fout, "0x%08xUL\n", (1<<j));
+		}
+	}
+
+	fprintf(fout, "\n#endif\n");
+	fclose(fout);
+	exit(0);
+}
-- 
cgit 1.2.3-korg