SELinux: Auto-generate security_is_socket_class

[~andy/linux] / scripts / selinux / genheaders / genheaders.c

diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 58a12c27870638d522cca54bef07e5f176b38748..539855ff31f977f32a1afbc16b35c9bfc2df6387 100644 (file)
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -43,6 +43,8 @@ int main(int argc, char *argv[])
        int i, j, k;
        int isids_len;
        FILE *fout;
+       const char *needle = "SOCKET";
+       char *substr;
 
        progname = argv[0];
 
@@ -88,6 +90,24 @@ int main(int argc, char *argv[])
                fprintf(fout, "%2d\n", i);
        }
        fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
+       fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
+       fprintf(fout, "{\n");
+       fprintf(fout, "\tbool sock = false;\n\n");
+       fprintf(fout, "\tswitch (kern_tclass) {\n");
+       for (i = 0; secclass_map[i].name; i++) {
+               struct security_class_mapping *map = &secclass_map[i];
+               substr = strstr(map->name, needle);
+               if (substr && strcmp(substr, needle) == 0)
+                       fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
+       }
+       fprintf(fout, "\t\tsock = true;\n");
+       fprintf(fout, "\t\tbreak;\n");
+       fprintf(fout, "\tdefault:\n");
+       fprintf(fout, "\t\tbreak;\n");
+       fprintf(fout, "\t}\n\n");
+       fprintf(fout, "\treturn sock;\n");
+       fprintf(fout, "}\n");
+
        fprintf(fout, "\n#endif\n");
        fclose(fout);