From: James Carter <jwcart2@tycho.nsa.gov>
To: Caleb Case <ccase@tresys.com>
Cc: selinux@tycho.nsa.gov, csellers@tresys.com,
kmacmillan@tresys.com, jbrindle@tresys.com, sds@tycho.nsa.gov
Subject: Re: [PATCH 11/15] [src-policy] semodule: get module source
Date: Thu, 28 Jan 2010 15:52:50 -0500 [thread overview]
Message-ID: <1264711970.14722.8.camel@localhost> (raw)
In-Reply-To: <1264543701-20638-12-git-send-email-ccase@tresys.com>
On Tue, 2010-01-26 at 17:08 -0500, Caleb Case wrote:
> This adds the ability to retrieve the module source using semodule.
>
> -g,--get=MODULE_NAME [-o FILE] [-c] get module source
>
> * More than one -g is allowed per command invocation.
>
> * If output_name is “-“ then output is sent to standard out.
>
> * If output is specified multiple times with oufile_name "-", then
> append to stdout.
>
> * If -o is not specified then the module is output to
> <module name>.<language ext> in the current directory.
>
> * If there is an existing file with the output file name (with or
> without -o), then emit error and exit.
>
> * -c will output the CIL instead of the source format.
>
> Example:
>
> # semodule -g alsa
>
> This will retrieve the high level language source for the alsa module
> and save it to alsa.ref in the current directory.
> ---
> policycoreutils/semodule/semodule.8 | 3 +
> policycoreutils/semodule/semodule.c | 227 ++++++++++++++++++++++++++++++++++-
> 2 files changed, 228 insertions(+), 2 deletions(-)
>
> diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
> index 5fc10b3..bb6ae49 100644
> --- a/policycoreutils/semodule/semodule.8
> +++ b/policycoreutils/semodule/semodule.8
> @@ -55,6 +55,9 @@ enable module
> .B \-d,\-\-disable=MODULE_NAME
> disable module
> .TP
> +.B \-g,\-\-get=MODULE_NAME [-o,--output=FILE] [-c,--cil]
> +Outputs module source to MODULE_NAME.ref. If output is set to '-' outputs on stdout, otherwise, outputs to the specified FILE. If cil is specified, then outputs the cil source instead of the original source.
> +.TP
> .B \-s,\-\-store
> name of the store to operate on
> .TP
> diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
> index c6b0d3c..0e3cc76 100644
> --- a/policycoreutils/semodule/semodule.c
> +++ b/policycoreutils/semodule/semodule.c
> @@ -20,6 +20,7 @@
> #include <sys/mman.h>
> #include <sys/stat.h>
> #include <sys/types.h>
> +#include <limits.h>
>
> #include <semanage/modules.h>
>
> @@ -27,17 +28,22 @@
>
> enum client_modes {
> NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
> - LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M
> + LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M,
> + GET_M,
> };
> +
> /* list of modes in which one ought to commit afterwards */
> static const int do_commit[] = {
> 0, 1, 1, 1, 1,
> 0, 0, 0, 1, 1,
> + 0,
> };
>
> struct command {
> enum client_modes mode;
> char *arg;
> + char *output;
> + int cil;
> };
> static struct command *commands = NULL;
> static int num_commands = 0;
> @@ -61,6 +67,7 @@ static void cleanup(void)
> {
> while (--num_commands >= 0) {
> free(commands[num_commands].arg);
> + free(commands[num_commands].output);
> }
> free(commands);
> }
> @@ -117,6 +124,7 @@ static void usage(char *progname)
> printf(" -p,--priority=PRIORITY set priority for following operations (1-999)\n");
> printf(" -e,--enable=MODULE_NAME enable module\n");
> printf(" -d,--disable=MODULE_NAME disable module\n");
> + printf(" -g,--get=MODULE_NAME [-o FILE] [-c] get module source\n");
> printf("Other options:\n");
> printf(" -s,--store name of the store to operate on\n");
> printf(" -n,--noreload do not reload policy after commit\n");
> @@ -139,6 +147,8 @@ static void set_mode(enum client_modes new_mode, char *arg)
> commands = c;
> commands[num_commands].mode = new_mode;
> commands[num_commands].arg = NULL;
> + commands[num_commands].output = NULL;
> + commands[num_commands].cil = 0;
> num_commands++;
> if (arg != NULL) {
> if ((s = strdup(arg)) == NULL) {
> @@ -169,6 +179,9 @@ static void parse_command_line(int argc, char **argv)
> {"priority", required_argument, NULL, 'p'},
> {"enable", required_argument, NULL, 'e'},
> {"disable", required_argument, NULL, 'd'},
> + {"get", required_argument, NULL, 'g'},
> + {"output", required_argument, NULL, 'o'},
> + {"cil", 0, NULL, 'c'},
> {NULL, 0, NULL, 0}
> };
> int i;
> @@ -178,7 +191,7 @@ static void parse_command_line(int argc, char **argv)
> create_store = 0;
> priority = 400;
> while ((i =
> - getopt_long(argc, argv, "s:b:hi:l::vqr:u:RnBDp:e:d:", opts,
> + getopt_long(argc, argv, "s:b:hi:l::vqr:u:RnBDp:e:d:g:o:c", opts,
> NULL)) != -1) {
> switch (i) {
> case 'b':
> @@ -227,6 +240,53 @@ static void parse_command_line(int argc, char **argv)
> case 'd':
> set_mode(DISABLE_M, optarg);
> break;
> + case 'g':
> + set_mode(GET_M, optarg);
> + break;
> + case 'o':{
> + /* no mode specified?? */
> + if (num_commands == 0) {
> + usage(argv[0]);
> + exit(1);
> + }
> +
> + struct command *last = &commands[num_commands - 1];
> +
> + /* only GET_M mode valid with -o */
> + if (last->mode != GET_M) {
> + usage(argv[0]);
> + exit(1);
> + }
> +
> + last->output = strdup(optarg);
> + if (last->output == NULL) {
> + fprintf(stderr,
> + "%s: Out of memory!\n",
> + argv[0]);
> + exit(1);
> + }
> +
> + break;
> + }
> + case 'c':{
> + /* no mode specified?? */
> + if (num_commands == 0) {
> + usage(argv[0]);
> + exit(1);
> + }
> +
> + struct command *last = &commands[num_commands - 1];
> +
> + /* only GET_M mode valid with -c */
> + if (last->mode != GET_M) {
> + usage(argv[0]);
> + exit(1);
> + }
> +
> + last->cil = 1;
> +
> + break;
> + }
> case '?':
> default:{
> usage(argv[0]);
> @@ -350,6 +410,8 @@ int main(int argc, char *argv[])
> for (i = 0; i < num_commands; i++) {
> enum client_modes mode = commands[i].mode;
> char *mode_arg = commands[i].arg;
> + char *mode_output = commands[i].output;
> + int mode_cil = commands[i].cil;
>
> switch (mode) {
> case INSTALL_M:{
> @@ -582,6 +644,167 @@ cleanup_disable:
>
> break;
> }
> + case GET_M:{
> + if (verbose) {
> + printf("Attempting to get module '%s':\n", mode_arg);
> + }
> +
> + semanage_module_key_t *modkey = NULL;
> + semanage_module_info_t *modinfo = NULL;
> + const char *lang_ext = NULL;
> + char *data = NULL;
> + size_t data_len = 0;
> +
> + int fd = -1;
> + FILE *out = NULL;
> + size_t nwrite = 0;
> +
> + result = semanage_module_key_create(sh,
> + &modkey);
> + if (result != 0) goto cleanup_get;
> +
> + result = semanage_module_key_set_priority(
> + sh,
> + modkey,
> + priority);
> + if (result != 0) goto cleanup_get;
> +
> + result = semanage_module_key_set_name(
> + sh,
> + modkey,
> + mode_arg);
> + if (result != 0) goto cleanup_get;
> +
> + if (mode_cil == 0) {
> + result = semanage_module_get(
> + sh,
> + modkey,
> + &data,
> + &data_len);
> + }
> + else {
> + result = semanage_module_get_cil(
> + sh,
> + modkey,
> + &data,
> + &data_len);
> + }
> + if (result != 0) goto cleanup_get;
> +
> + /* get language extension */
> + result = semanage_module_get_module_info(
> + sh,
> + modkey,
> + &modinfo);
> + if (result != 0) goto cleanup_get;
> +
> + if (mode_cil == 0) {
> + result = semanage_module_info_get_lang_ext(
> + sh,
> + modinfo,
> + &lang_ext);
> + if (result != 0) goto cleanup_get;
> + }
> + else {
> + /* current cil is refpol */
> + lang_ext = "ref";
> + }
> +
> + if (mode_output == NULL ||
> + strcmp(mode_output, "-") != 0) {
> + char path[PATH_MAX];
> +
> + if (mode_output == NULL) {
> + /* by default write out to <name>.<lang> */
> + /* compose path */
> +
> + result = snprintf(path,
> + sizeof(path) - 1,
> + "%s.%s",
> + mode_arg,
> + lang_ext);
> + if (result < 0 ||
> + result >= (int)sizeof(path)) {
> + fprintf(stderr,
> + "%s: Unable to compose path for output file.\n",
> + argv[0]);
> + result = -1;
> + goto cleanup_get;
> + }
> + result = 0;
> + }
> + else {
> + if (strlen(mode_output) > sizeof(path) - 1) {
> + fprintf(stderr,
> + "%s: Path too long (%d > %d): '%s'\n",
> + argv[0],
> + strlen(mode_output),
> + sizeof(path) - 1,
> + mode_output);
I get the following warnings at the fprintf line:
cc -Werror -Wall -W -I/usr/include -c -o semodule.o semodule.c
cc1: warnings being treated as errors
semodule.c: In function ‘main’:
semodule.c:772: error: format ‘%d’ expects type ‘int’, but argument 4
has type ‘size_t’
semodule.c:772: error: format ‘%d’ expects type ‘int’, but argument 5
has type ‘long unsigned int’
make[2]: *** [semodule.o] Error 1
> + result = -1;
> + goto cleanup_get;
> + }
> + strcpy(path, mode_output);
> + }
> +
> + /* open file iff it doesn't exist */
> + fd = open(path,
> + O_WRONLY | O_CREAT | O_EXCL,
> + S_IRUSR | S_IWUSR);
> + if (fd < 0) {
> + fprintf(stderr,
> + "%s: Unable to open output '%s'. (%s)\n",
> + argv[0],
> + path,
> + strerror(errno));
> + result = -1;
> + goto cleanup_get;
> + }
> +
> + out = fdopen(fd, "w");
> + if (out == NULL) {
> + fprintf(stderr,
> + "%s: Unable to open output '%s'. (%s)\n",
> + argv[0],
> + path,
> + strerror(errno));
> + result = -1;
> + goto cleanup_get;
> + }
> + }
> + else {
> + /* otherwise we must be special '-' */
> + out = stdout;
> + }
> +
> + nwrite = fwrite(data,
> + data_len,
> + 1,
> + out);
> + if (nwrite != 1) {
> + fprintf(stderr,
> + "%s: Failed to write module to output.\n",
> + argv[0]);
> + result = -1;
> + goto cleanup_get;
> + }
> +
> +cleanup_get:
> + if (out != NULL && out != stdout) {
> + fclose(out);
> + fd = -1;
> + }
> + if (fd >= 0) close(fd);
> + free(data);
> +
> + semanage_module_info_destroy(sh, modinfo);
> + free(modinfo);
> +
> + semanage_module_key_destroy(sh, modkey);
> + free(modkey);
> +
> + break;
> + }
> default:{
> fprintf(stderr,
> "%s: Unknown mode specified.\n",
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2010-01-28 20:52 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-26 22:08 [PATCH 00/15] RFC Source Policy Support Caleb Case
2010-01-26 22:08 ` [PATCH 01/15] [src-policy] refpol language and tools Caleb Case
2010-01-26 22:08 ` [PATCH 02/15] [src-policy] corenet " Caleb Case
2010-01-26 22:08 ` [PATCH 03/15] [src-policy] Reference Policy to refpol conversion tool Caleb Case
2010-01-26 22:08 ` [PATCH 04/15] [src-policy] refpol intermediate language compiler (refpol_ilc) Caleb Case
2010-01-26 22:08 ` [PATCH 05/15] [src-policy] language.d and language.conf parser Caleb Case
2010-01-26 22:08 ` [PATCH 06/15] [src-policy] libsemanage: compile hll module Caleb Case
2010-01-26 22:08 ` [PATCH 07/15] [src-policy] libsemanage: compile common intermediary language Caleb Case
2010-01-26 22:08 ` [PATCH 08/15] [src-policy] libsemanage: remove binary interfaces Caleb Case
2010-01-26 22:08 ` [PATCH 09/15] [src-policy] semodule: remove base module support Caleb Case
2010-01-26 22:08 ` [PATCH 10/15] [src-policy] libsemanage: get source module Caleb Case
2010-01-26 22:08 ` [PATCH 11/15] [src-policy] semodule: get module source Caleb Case
2010-01-26 22:08 ` [PATCH 12/15] [src-policy] semodule: edit module Caleb Case
2010-01-26 22:08 ` [PATCH 13/15] [src-policy] libsemanage: ChangeLog support Caleb Case
2010-01-26 22:08 ` [PATCH 14/15] [src-policy] semodule: user message support Caleb Case
2010-01-26 22:08 ` [PATCH 15/15] [src-policy] semanage: source permissive module Caleb Case
2010-02-01 15:11 ` [PATCH 14/15] [src-policy] semodule: user message support James Carter
2010-02-01 17:00 ` Caleb Case
2010-02-01 17:06 ` James Carter
2010-01-27 20:21 ` [PATCH 12/15] [src-policy] semodule: edit module Stephen Smalley
2010-01-28 20:52 ` James Carter [this message]
2010-01-29 20:32 ` [PATCH 08/15] [src-policy] libsemanage: remove binary interfaces James Carter
2010-01-27 20:18 ` [PATCH 06/15] [src-policy] libsemanage: compile hll module Stephen Smalley
2010-01-27 20:42 ` Caleb Case
2010-01-27 20:46 ` Caleb Case
2010-01-28 21:03 ` [PATCH 04/15] [src-policy] refpol intermediate language compiler (refpol_ilc) James Carter
2010-02-01 17:43 ` Caleb Case
2010-01-27 19:39 ` [PATCH 01/15] [src-policy] refpol language and tools Stephen Smalley
2010-01-27 19:54 ` Caleb Case
2010-01-26 22:41 ` [PATCH 00/15] RFC Source Policy Support Xavier Toth
2010-01-27 1:17 ` Caleb Case
2010-01-27 15:10 ` Xavier Toth
2010-01-27 20:00 ` Stephen Smalley
2010-01-27 20:18 ` Caleb Case
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1264711970.14722.8.camel@localhost \
--to=jwcart2@tycho.nsa.gov \
--cc=ccase@tresys.com \
--cc=csellers@tresys.com \
--cc=jbrindle@tresys.com \
--cc=kmacmillan@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.