security/selinux/genheaders.c
Source file repositories/reference/linux-study-clean/security/selinux/genheaders.c
File Facts
- System
- Linux kernel
- Corpus path
security/selinux/genheaders.c- Extension
.c- Size
- 3517 bytes
- Lines
- 155
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
stdio.hstdlib.hunistd.hstring.herrno.hctype.hclassmap.hinitial_sid_to_string.h
Detected Declarations
struct security_class_mappingfunction usagefunction main
Annotated Snippet
struct security_class_mapping {
const char *name;
const char *perms[sizeof(unsigned) * 8 + 1];
};
#include "classmap.h"
#include "initial_sid_to_string.h"
const char *progname;
static void usage(void)
{
printf("usage: %s flask.h av_permissions.h\n", progname);
exit(1);
}
static char *stoupperx(const char *s)
{
char *s2 = strdup(s);
char *p;
if (!s2) {
fprintf(stderr, "%s: out of memory\n", progname);
exit(3);
}
for (p = s2; *p; p++)
*p = toupper(*p);
return s2;
}
int main(int argc, char *argv[])
{
int i, j;
int isids_len;
FILE *fout;
progname = argv[0];
if (argc < 3)
usage();
fout = fopen(argv[1], "w");
if (!fout) {
fprintf(stderr, "Could not open %s for writing: %s\n",
argv[1], strerror(errno));
exit(2);
}
fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
for (i = 0; secclass_map[i].name; i++) {
char *name = stoupperx(secclass_map[i].name);
fprintf(fout, "#define SECCLASS_%-39s %2d\n", name, i+1);
free(name);
}
fprintf(fout, "\n");
isids_len = sizeof(initial_sid_to_string) / sizeof(char *);
for (i = 1; i < isids_len; i++) {
const char *s = initial_sid_to_string[i];
if (s) {
char *sidname = stoupperx(s);
fprintf(fout, "#define SECINITSID_%-39s %2d\n", sidname, i);
free(sidname);
}
}
fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
fprintf(fout, "{\n");
fprintf(fout, "\tbool sock = false;\n\n");
fprintf(fout, "\tswitch (kern_tclass) {\n");
for (i = 0; secclass_map[i].name; i++) {
static char s[] = "SOCKET";
int len, l;
char *name = stoupperx(secclass_map[i].name);
len = strlen(name);
l = sizeof(s) - 1;
if (len >= l && memcmp(name + len - l, s, l) == 0)
fprintf(fout, "\tcase SECCLASS_%s:\n", name);
free(name);
}
fprintf(fout, "\t\tsock = true;\n");
fprintf(fout, "\t\tbreak;\n");
fprintf(fout, "\tdefault:\n");
Annotation
- Immediate include surface: `stdio.h`, `stdlib.h`, `unistd.h`, `string.h`, `errno.h`, `ctype.h`, `classmap.h`, `initial_sid_to_string.h`.
- Detected declarations: `struct security_class_mapping`, `function usage`, `function main`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.