* [ RESEND ] [ SEMANAGE ] Debugging system
@ 2005-10-12 8:13 Ivan Gyurdiev
2005-10-12 15:52 ` Stephen Smalley
0 siblings, 1 reply; 10+ messages in thread
From: Ivan Gyurdiev @ 2005-10-12 8:13 UTC (permalink / raw)
To: selinux; +Cc: Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 918 bytes --]
Okay, here's version 2. I'm not sure if I like this very much, but I've
done all the changes you requested:
- variadic list passed to callback **
- message structure dropped
- message structure fields embedded in the handle
(ugh.. I had to do this, because of circular dependencies)
- handle passed to callback
- msg_write is a macro
- also fixed extra newline
- also added newlines to every single Tresys error message
- libsemanage.map is modified this time
Because of (**) I now can't submit the sepol patch, because my compat
handler is broken .... Do we need compatibility with
sepol_enable/disable_debug ? Have we released an official libsepol with
those functions? I know Dan's been building that library, but I'm pretty
sure no one is using those functions yet, and that's rawhide. It would
be nice if those could be removed, so I don't have to support two
callback systems simultaneously.
[-- Attachment #2: libsemanage.msg.diff --]
[-- Type: text/x-patch, Size: 43289 bytes --]
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/include/semanage/debug.h libsemanage.new/include/semanage/debug.h
--- libsemanage/include/semanage/debug.h 1969-12-31 19:00:00.000000000 -0500
+++ libsemanage.new/include/semanage/debug.h 2005-10-12 03:44:05.000000000 -0400
@@ -0,0 +1,58 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Ivan Gyurdiev <ivg2@cornell.edu>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_DEBUG_H_
+#define _SEMANAGE_DEBUG_H_
+
+#include <semanage/handle.h>
+
+#define SEMANAGE_MSG_ERR 1
+#define SEMANAGE_MSG_WARN 2
+#define SEMANAGE_MSG_INFO 3
+
+extern int semanage_msg_get_level(
+ semanage_handle_t* handle);
+
+extern const char* semanage_msg_get_channel(
+ semanage_handle_t* handle);
+
+extern const char* semanage_msg_get_fname(
+ semanage_handle_t* handle);
+
+/* Set the messaging callback.
+ * By the default, the callback will print
+ * the message on standard output, in a
+ * particular format. Passing NULL here
+ * indicates that messaging should be suppressed */
+extern void semanage_msg_set_callback(
+ semanage_handle_t* handle,
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 3, 4)))
+#endif
+ void (*msg_callback) (
+ void* varg,
+ semanage_handle_t* handle,
+ const char* fmt,
+ ...),
+ void* msg_callback_arg);
+
+#endif
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/include/semanage/handle.h libsemanage.new/include/semanage/handle.h
--- libsemanage/include/semanage/handle.h 2005-09-28 15:56:00.000000000 -0400
+++ libsemanage.new/include/semanage/handle.h 2005-10-11 01:59:36.000000000 -0400
@@ -51,14 +51,6 @@
* error. */
int semanage_disconnect(semanage_handle_t *);
-/* Return a string describing the most recently encountered error
- * associated with a semanage_handle_t. The returned string must not
- * be modified by the caller. Be aware that this string is not
- * persistent; future calls to this library may alter the buffer
- * contents, so make a copy of it if necessary.
- */
-const char *semanage_strerror(semanage_handle_t *);
-
/* Attempt to obtain a transaction lock on the manager. If another
* process has the lock then this function may block, depending upon
* the timeout value in the handle.
@@ -75,18 +67,4 @@
*/
int semanage_commit(semanage_handle_t *);
-/* META NOTES
- *
- * All of the other interfaces expect a semanage_handle as its first
- * parameter. If an error occurs then the function returns a negative
- * value. Call semanage_strerror() to retrieve a string that fully
- * describes the error.
- *
- * For all functions a non-negative number indicates success. For query
- * fucntions a >=0 returned value is the "policy sequence number". This
- * number keeps tracks of policy revisions and is used to detect if
- * one semanage client has committed policy changes while another is
- * still connected.
- */
-
#endif
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/include/semanage/semanage.h libsemanage.new/include/semanage/semanage.h
--- libsemanage/include/semanage/semanage.h 2005-09-28 15:56:00.000000000 -0400
+++ libsemanage.new/include/semanage/semanage.h 2005-10-11 01:59:45.000000000 -0400
@@ -23,6 +23,7 @@
#include <semanage/handle.h>
#include <semanage/modules.h>
+#include <semanage/debug.h>
/*
* Explicit libsemanage initialization.
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/database_file.c libsemanage.new/src/database_file.c
--- libsemanage/src/database_file.c 2005-10-07 18:37:59.000000000 -0400
+++ libsemanage.new/src/database_file.c 2005-10-11 09:56:58.000000000 -0400
@@ -170,6 +170,7 @@
}
dbase->cached = 0;
+ dbase->modified = 0;
handle = NULL;
}
@@ -199,6 +200,7 @@
goto err;
}
+ dbase->modified = 0;
fclose(str);
free(fname);
return STATUS_SUCCESS;
@@ -237,7 +239,6 @@
dbase_file_drop_cache(handle, dbase);
}
-
static int enter_rw(
semanage_handle_t* handle,
dbase_file_t* dbase) {
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/debug.c libsemanage.new/src/debug.c
--- libsemanage/src/debug.c 2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/debug.c 2005-10-12 03:40:08.000000000 -0400
@@ -1,7 +1,9 @@
/* Author: Joshua Brindle <jbrindle@tresys.co
* Jason Tang <jtang@tresys.com>
+ * Ivan Gyurdiev <ivg2@cornell.edu>
*
* Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -19,20 +21,70 @@
*/
#include <stdarg.h>
+#include <stdlib.h>
#include <stdio.h>
#include "handle.h"
#include "debug.h"
-/* FIXME: redesign with callbacks ? */
+int semanage_msg_get_level(semanage_handle_t* handle) {
+ return handle->msg_level;
+}
+
+const char* semanage_msg_get_channel(semanage_handle_t* handle) {
+ return handle->msg_channel;
+}
+
+const char* semanage_msg_get_fname(semanage_handle_t* handle) {
+ return handle->msg_fname;
+}
-/* Write an error message to the current error buffer, up to the
- * buffer's specified size. */
#ifdef __GNUC__
-__attribute__ ((format (printf, 2, 3)))
+__attribute__ ((format (printf, 3, 4)))
#endif
-void semanage_write_error(semanage_handle_t *sh, char *fmt, ...) {
+void semanage_msg_default_handler(
+ void* varg,
+ semanage_handle_t* handle,
+ const char* fmt,
+ ...) {
+
+ FILE* stream = NULL;
+
+ switch(semanage_msg_get_level(handle)) {
+
+ case SEMANAGE_MSG_ERR:
+ case SEMANAGE_MSG_WARN:
+ stream = stderr;
+ break;
+ case SEMANAGE_MSG_INFO:
+ default:
+ stream = stdout;
+ break;
+ }
+
+ fprintf(stream, "%s.%s: ",
+ semanage_msg_get_channel(handle),
+ semanage_msg_get_fname(handle));
+
va_list ap;
- va_start(ap, fmt);
- vsnprintf(sh->err_buf, SEMANAGE_ERRBUFSZ, fmt, ap);
+ va_start(ap,fmt);
+ vfprintf(stream, fmt, ap);
va_end(ap);
+
+ varg = NULL;
+}
+
+extern void semanage_msg_set_callback(
+ semanage_handle_t* handle,
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 3, 4)))
+#endif
+ void (*msg_callback) (
+ void* varg,
+ semanage_handle_t* handle,
+ const char* fmt,
+ ...),
+ void* msg_callback_arg) {
+
+ handle->msg_callback = msg_callback;
+ handle->msg_callback_arg = msg_callback_arg;
}
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/debug.h libsemanage.new/src/debug.h
--- libsemanage/src/debug.h 2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/debug.h 2005-10-12 03:40:56.000000000 -0400
@@ -20,20 +20,50 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#ifndef _SEPOL_INTERNAL_DEBUG_H_
-#define _SEPOL_INTERNAL_DEBUG_H_
+#ifndef _SEMANAGE_INTERNAL_DEBUG_H_
+#define _SEMANAGE_INTERNAL_DEBUG_H_
+#include <stdio.h>
+#include <semanage/debug.h>
#include "handle.h"
#define STATUS_SUCCESS 0
#define STATUS_ERR -1
#define STATUS_NODATA 1
-/* FIXME: redesign with level argument ? */
+#define msg_write(handle_arg, level_arg, \
+ channel_arg, func_arg, ...) { \
+ \
+ if (handle_arg->msg_callback) { \
+ handle_arg->msg_fname = func_arg; \
+ handle_arg->msg_channel = channel_arg; \
+ handle_arg->msg_level = level_arg; \
+ \
+ handle_arg->msg_callback( \
+ handle_arg->msg_callback_arg, \
+ handle_arg, __VA_ARGS__); \
+ } \
+}
+
+#define ERR(handle, ...) \
+ msg_write(handle, SEMANAGE_MSG_ERR, "libsemanage", \
+ __FUNCTION__, __VA_ARGS__)
+
+#define INFO(handle, ...) \
+ msg_write(handle, SEMANAGE_MSG_INFO, "libsemanage", \
+ __FUNCTION__, __VA_ARGS__)
+
+#define WARN(handle, ...) \
+ msg_write(handle, SEMANAGE_MSG_WARN, "libsemanage", \
+ __FUNCTION__, __VA_ARGS__)
#ifdef __GNUC__
-__attribute__ ((format (printf, 2, 3)))
+__attribute__ ((format (printf, 3, 4)))
#endif
-extern void semanage_write_error(semanage_handle_t *sh, char *fmt, ...);
+extern void semanage_msg_default_handler(
+ void* varg,
+ semanage_handle_t* handle,
+ const char* fmt,
+ ...);
#endif
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/direct_api.c libsemanage.new/src/direct_api.c
--- libsemanage/src/direct_api.c 2005-10-07 18:37:59.000000000 -0400
+++ libsemanage.new/src/direct_api.c 2005-10-12 03:48:24.000000000 -0400
@@ -33,7 +33,7 @@
#include "modules.h"
#include "direct_api.h"
#include "semanage_store.h"
-#include "policy_connection.h"
+#include "policy.h"
static void semanage_direct_destroy(semanage_handle_t *sh);
static int semanage_direct_disconnect(semanage_handle_t *sh);
@@ -89,7 +89,7 @@
if (sh->is_in_transaction) {
/* destroy sandbox */
if (semanage_remove_directory(semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)) < 0) {
- semanage_write_error(sh, "Could not cleanly remove sandbox %s.", semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
+ ERR(sh, "Could not cleanly remove sandbox %s.\n", semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
return -1;
}
semanage_release_trans_lock(sh);
@@ -129,7 +129,7 @@
*module_name = *version = *filename = NULL;
if (sepol_policy_file_create(&pf)) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
return -1;
}
sepol_policy_file_set_mem(pf, module_data, data_len);
@@ -138,19 +138,19 @@
sepol_module_package_info(pf, &file_type, module_name,
version) == -1) {
sepol_policy_file_free(pf);
- semanage_write_error(sh, "Could not parse module data.");
+ ERR(sh, "Could not parse module data.\n");
return -2;
}
sepol_policy_file_free(pf);
if (file_type != SEPOL_POLICY_MOD) {
- semanage_write_error(sh, "Data did not represent a module.");
+ ERR(sh, "Data did not represent a module.\n");
return -2;
}
if ((module_path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES)) == NULL) {
return -1;
}
if (asprintf(filename, "%s/%s.pp", module_path, *module_name) == -1) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
return -1;
}
return 0;
@@ -167,7 +167,7 @@
int file_type;
if (sepol_policy_file_create(&pf)) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
return -1;
}
sepol_policy_file_set_mem(pf, module_data, data_len);
@@ -176,14 +176,14 @@
sepol_module_package_info(pf, &file_type,
&module_name, &version) == -1) {
sepol_policy_file_free(pf);
- semanage_write_error(sh, "Could not parse base module data.");
+ ERR(sh, "Could not parse base module data.\n");
return -2;
}
sepol_policy_file_free(pf);
free(module_name);
free(version);
if (file_type != SEPOL_POLICY_BASE) {
- semanage_write_error(sh, "Data did not represent a module.");
+ ERR(sh, "Data did not represent a module.\n");
return -2;
}
return 0;
@@ -195,11 +195,11 @@
const char *filename, char *data, size_t num_bytes) {
int out;
if ((out = open(filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) == -1) {
- semanage_write_error(sh, "Could not open %s for writing.", filename);
+ ERR(sh, "Could not open %s for writing.\n", filename);
return -1;
}
if (write(out, data, num_bytes) == -1) {
- semanage_write_error(sh, "Error while writing to %s.", filename);
+ ERR(sh, "Error while writing to %s.\n", filename);
close(out);
return -1;
}
@@ -217,19 +217,19 @@
FILE *outfile;
int retval;
if (sepol_policy_file_create(&pf)) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
return -1;
}
if ((outfile = fopen(filename, "wb")) == NULL) {
sepol_policy_file_free(pf);
- semanage_write_error(sh, "Could not open %s for writing.", filename);
+ ERR(sh, "Could not open %s for writing.\n", filename);
return -1;
}
sepol_policy_file_set_fp(pf, outfile);
retval = sepol_module_package_write(package, pf);
fclose(outfile);
if (retval == -1) {
- semanage_write_error(sh, "Error while writing module to %s.", filename);
+ ERR(sh, "Error while writing module to %s.\n", filename);
return -1;
}
return 0;
@@ -268,11 +268,23 @@
goto cleanup;
}
- /* expand and verify the resulting policy */
- if (semanage_expand_sandbox(sh, base) < 0 ||
- semanage_verify_kernel(sh) != 0) {
+ /* Expand the resulting policy */
+ if (semanage_expand_sandbox(sh, base) < 0)
+ goto cleanup;
+
+#if 0
+ /* Link components into base policy */
+ if (semanage_base_merge_components(sh, NULL /* FIXME */) < 0)
+ goto cleanup;
+
+ /* Commit changes to components */
+ if (semanage_commit_components(sh) < 0)
+ goto cleanup;
+#endif
+
+ /* Verify policy */
+ if (semanage_verify_kernel(sh) != 0)
goto cleanup;
- }
retval = semanage_install_sandbox(sh);
@@ -346,14 +358,14 @@
break;
}
else {
- semanage_write_error(sh, "Previous module %s is same or newer.", module_name);
+ ERR(sh, "Previous module %s is same or newer.\n", module_name);
retval = -4;
goto cleanup;
}
}
}
if (retval == -4) {
- semanage_write_error(sh, "There does not already exist a module named %s.", module_name);
+ ERR(sh, "There does not already exist a module named %s.\n", module_name);
goto cleanup;
}
if (write_file(sh, filename, data, data_len) == -1) {
@@ -409,7 +421,7 @@
for (i = 0; i < num_mod_files; i++) {
char *base = strrchr(module_filenames[i], '/');
if (base == NULL) {
- semanage_write_error(sh, "Could not read module names.");
+ ERR(sh, "Could not read module names.\n");
retval = -2;
goto cleanup;
}
@@ -417,14 +429,14 @@
if (memcmp(module_name, base, name_len) == 0 &&
strcmp(base + name_len, ".pp") == 0) {
if (unlink(module_filenames[i]) == -1) {
- semanage_write_error(sh, "Could not remove module file %s.", module_filenames[i]);
+ ERR(sh, "Could not remove module file %s.\n", module_filenames[i]);
retval = -2;
}
retval = 0;
goto cleanup;
}
}
- semanage_write_error(sh, "Module %s was not found.", module_name);
+ ERR(sh, "Module %s was not found.\n", module_name);
retval = -2; /* module not found */
cleanup:
for (i = 0; module_filenames != NULL && i < num_mod_files; i++) {
@@ -463,12 +475,12 @@
}
if (sepol_policy_file_create(&pf)) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
goto cleanup;
}
if ((*modinfo = calloc(num_mod_files, sizeof(**modinfo))) == NULL) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
goto cleanup;
}
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/handle.c libsemanage.new/src/handle.c
--- libsemanage/src/handle.c 2005-10-06 16:43:33.000000000 -0400
+++ libsemanage.new/src/handle.c 2005-10-12 03:34:49.000000000 -0400
@@ -41,11 +41,11 @@
#define SEMANAGE_COMMIT_READ_WAIT 5
semanage_handle_t *semanage_handle_create(void) {
- semanage_handle_t *sh;
- const char *conf_name;
+ semanage_handle_t *sh = NULL;
+ const char *conf_name = NULL;
/* Allocate handle */
- if ((sh = calloc(1, sizeof(*sh))) == NULL)
+ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
goto omem;
/* Policy root */
@@ -66,6 +66,10 @@
/* Set timeout: some default value for now, later use config */
sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
+ /* Set callback */
+ sh->msg_callback = semanage_msg_default_handler;
+ sh->msg_callback_arg = NULL;
+
/* Configure object databases
* Hardcore DATA FILE backend for now */
if (user_file_dbase_init(&sh->dbase[DBASE_USERS]) < 0)
@@ -130,19 +134,12 @@
free(sh);
}
-const char *semanage_strerror(semanage_handle_t *sh) {
- if (sh == NULL) {
- return "Could not parse semange.conf or out of memory.";
- }
- return sh->err_buf;
-}
-
/********************* public transaction functions *********************/
int semanage_begin_transaction(semanage_handle_t *sh) {
assert(sh != NULL && sh->funcs != NULL && sh->funcs->begin_trans != NULL);
if (!sh->is_connected) {
- semanage_write_error(sh, "Not connected.");
+ ERR(sh, "Not connected.\n");
return -1;
}
if (sh->is_in_transaction) {
@@ -160,7 +157,7 @@
int retval;
assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL);
if (!sh->is_in_transaction) {
- semanage_write_error(sh, "Will not commit because caller does not have a tranaction lock yet.");
+ ERR(sh, "Will not commit because caller does not have a tranaction lock yet.\n");
return -1;
}
retval = sh->funcs->commit(sh);
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/handle.h libsemanage.new/src/handle.h
--- libsemanage/src/handle.h 2005-10-04 10:51:22.000000000 -0400
+++ libsemanage.new/src/handle.h 2005-10-12 03:38:42.000000000 -0400
@@ -27,17 +27,27 @@
#include <semanage/handle.h>
#include "modules.h"
#include "semanage_conf.h"
-#include "policy_connection.h"
+#include "policy.h"
#include "database.h"
struct semanage_handle {
int con_id; /* Connection ID */
int policy_serial; /* Policy serial number at connect time */
- /* Error management */
- /* FIXME: re-design error system using callbacks (?) */
-#define SEMANAGE_ERRBUFSZ 1024
- char err_buf[SEMANAGE_ERRBUFSZ];
+ /* Error handling */
+ int msg_level;
+ const char* msg_channel;
+ const char* msg_fname;
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 3, 4)))
+#endif
+ void (*msg_callback) (
+ void* varg,
+ semanage_handle_t* handle,
+ const char* fmt,
+ ...);
+ void* msg_callback_arg;
+ /* ================ */
/* one of these connections will actually be used while
* working with the module store -- the particular one if
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/libsemanage.map libsemanage.new/src/libsemanage.map
--- libsemanage/src/libsemanage.map 2005-10-07 23:50:41.000000000 -0400
+++ libsemanage.new/src/libsemanage.map 2005-10-11 14:00:14.000000000 -0400
@@ -1,7 +1,7 @@
LIBSEMANAGE_1.0 {
global: semanage_handle_create; semanage_handle_destroy;
semanage_connect; semanage_disconnect;
- semanage_strerror;
+ semanage_msg_*;
semanage_begin_transaction; semanage_commit;
semanage_module_install; semanage_module_upgrade;
semanage_module_install_base; semanage_module_remove;
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/modules.c libsemanage.new/src/modules.c
--- libsemanage/src/modules.c 2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/modules.c 2005-10-12 02:56:29.000000000 -0400
@@ -37,11 +37,11 @@
int semanage_module_install(semanage_handle_t *sh,
char *module_data, size_t data_len) {
if (sh->funcs->install == NULL) {
- semanage_write_error(sh, "No install function defined for this connection type.");
+ ERR(sh, "No install function defined for this connection type.\n");
return -1;
}
else if (!sh->is_connected) {
- semanage_write_error(sh, "Not connected.");
+ ERR(sh, "Not connected.\n");
return -1;
}
else if (!sh->is_in_transaction) {
@@ -55,11 +55,11 @@
int semanage_module_upgrade(semanage_handle_t *sh,
char *module_data, size_t data_len) {
if (sh->funcs->upgrade == NULL) {
- semanage_write_error(sh, "No upgrade function defined for this connection type.");
+ ERR(sh, "No upgrade function defined for this connection type.\n");
return -1;
}
else if (!sh->is_connected) {
- semanage_write_error(sh, "Not connected.");
+ ERR(sh, "Not connected.\n");
return -1;
}
else if (!sh->is_in_transaction) {
@@ -73,11 +73,11 @@
int semanage_module_install_base(semanage_handle_t *sh,
char *module_data, size_t data_len) {
if (sh->funcs->install_base == NULL) {
- semanage_write_error(sh, "No install base function defined for this connection type.");
+ ERR(sh, "No install base function defined for this connection type.\n");
return -1;
}
else if (!sh->is_connected) {
- semanage_write_error(sh, "Not connected.");
+ ERR(sh, "Not connected.\n");
return -1;
}
else if (!sh->is_in_transaction) {
@@ -91,11 +91,11 @@
int semanage_module_remove(semanage_handle_t *sh,
char *module_name) {
if (sh->funcs->remove == NULL) {
- semanage_write_error(sh, "No remove function defined for this connection type.");
+ ERR(sh, "No remove function defined for this connection type.\n");
return -1;
}
else if (!sh->is_connected) {
- semanage_write_error(sh, "Not connected.");
+ ERR(sh, "Not connected.\n");
return -1;
}
else if (!sh->is_in_transaction) {
@@ -109,11 +109,11 @@
int semanage_module_list(semanage_handle_t *sh,
semanage_module_info_t **modinfo, int *num_modules) {
if (sh->funcs->list == NULL) {
- semanage_write_error(sh, "No list function defined for this connection type.");
+ ERR(sh, "No list function defined for this connection type.\n");
return -1;
}
else if (!sh->is_connected) {
- semanage_write_error(sh, "Not connected.");
+ ERR(sh, "Not connected.\n");
return -1;
}
return sh->funcs->list(sh, modinfo, num_modules);
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/modules.h libsemanage.new/src/modules.h
--- libsemanage/src/modules.h 2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/modules.h 2005-10-11 02:43:10.000000000 -0400
@@ -23,11 +23,6 @@
#include <semanage/modules.h>
-struct semanage_module_conn {
- int translock_file_fd;
- int readlock_file_fd;
-};
-
struct semanage_module_info {
char *name; /* Key */
char *version;
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/policy_connection.h libsemanage.new/src/policy_connection.h
--- libsemanage/src/policy_connection.h 2005-10-04 10:51:22.000000000 -0400
+++ libsemanage.new/src/policy_connection.h 1969-12-31 19:00:00.000000000 -0500
@@ -1,55 +0,0 @@
-/* Author: Joshua Brindle <jbrindle@tresys.com>
- * Jason Tang <jtang@tresys.com>
- *
- * Copyright (C) 2005 Tresys Technology, LLC
- * Copyright (C) 2005 Red Hat Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef _SEMANAGE_POLICY_CONNECTION_INTERNAL_H_
-#define _SEMANAGE_POLICY_CONNECTION_INTERNAL_H_
-
-struct semanage_policy_table {
-
- /* Destroy a connection */
- void (*destroy)(semanage_handle_t *);
-
- /* Disconnect from policy */
- int (*disconnect)(semanage_handle_t *);
-
- /* Begin a policy transaction */
- int (*begin_trans)(semanage_handle_t *);
-
- /* Commit a policy transaction */
- int (*commit)(semanage_handle_t *);
-
- /* Install a policy module */
- int (*install)(semanage_handle_t *, char *, size_t);
-
- /* Upgrade a policy module */
- int (*upgrade)(semanage_handle_t *, char *, size_t);
-
- /* Remove a policy module */
- int (*remove)(semanage_handle_t *, char *);
-
- /* List policy modules */
- int (*list)(semanage_handle_t *, semanage_module_info_t **, int *);
-
- /* Install base policy */
- int (*install_base)(semanage_handle_t *, char *, size_t);
-};
-
-#endif
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/policy.h libsemanage.new/src/policy.h
--- libsemanage/src/policy.h 1969-12-31 19:00:00.000000000 -0500
+++ libsemanage.new/src/policy.h 2005-10-11 02:46:00.000000000 -0400
@@ -0,0 +1,77 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_POLICY_INTERNAL_H_
+#define _SEMANAGE_POLICY_INTERNAL_H_
+
+#include "modules.h"
+
+/* Circular dependency */
+struct semanage_handle;
+
+/* Connection Locking */
+struct semanage_module_conn {
+ int translock_file_fd;
+ int readlock_file_fd;
+};
+
+/* Backend dependent portion */
+struct semanage_policy_table {
+
+ /* Destroy a connection */
+ void (*destroy)(struct semanage_handle*);
+
+ /* Disconnect from policy */
+ int (*disconnect)(struct semanage_handle*);
+
+ /* Begin a policy transaction */
+ int (*begin_trans)(struct semanage_handle*);
+
+ /* Commit a policy transaction */
+ int (*commit)(struct semanage_handle*);
+
+ /* Install a policy module */
+ int (*install)(struct semanage_handle*, char *, size_t);
+
+ /* Upgrade a policy module */
+ int (*upgrade)(struct semanage_handle*, char *, size_t);
+
+ /* Remove a policy module */
+ int (*remove)(struct semanage_handle*, char *);
+
+ /* List policy modules */
+ int (*list)(struct semanage_handle*, semanage_module_info_t **, int *);
+
+ /* Install base policy */
+ int (*install_base)(struct semanage_handle*, char *, size_t);
+};
+
+#if 0
+/* Should be backend independent */
+extern int semanage_base_merge_components(
+ struct semanage_handle* handle,
+ semanage_module_info_t* base);
+
+extern int semanage_commit_components(
+ struct semanage_handle* handle);
+#endif
+
+#endif
diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog --exclude database_direct.c --exclude database_direct.h --exclude policy_components.c libsemanage/src/semanage_store.c libsemanage.new/src/semanage_store.c
--- libsemanage/src/semanage_store.c 2005-10-07 18:38:00.000000000 -0400
+++ libsemanage.new/src/semanage_store.c 2005-10-12 03:49:08.000000000 -0400
@@ -205,18 +205,18 @@
if (stat(path, &sb) == -1) {
if (errno == ENOENT && create) {
if (mkdir(path, S_IRWXU) == -1) {
- semanage_write_error(sh, "Could not create module store at %s.", path);
+ ERR(sh, "Could not create module store at %s.\n", path);
return -2;
}
}
else {
- semanage_write_error(sh, "Could not read from module store at %s.", path);
+ ERR(sh, "Could not read from module store at %s.\n", path);
return -1;
}
}
else {
if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
- semanage_write_error(sh, "Could not access module store at %s, or it is not a directory.", path);
+ ERR(sh, "Could not access module store at %s, or it is not a directory.\n", path);
return -1;
}
}
@@ -224,18 +224,18 @@
if (stat(path, &sb) == -1) {
if (errno == ENOENT && create) {
if (mkdir(path, S_IRWXU) == -1) {
- semanage_write_error(sh, "Could not create module store, active subdirectory at %s.", path);
+ ERR(sh, "Could not create module store, active subdirectory at %s.\n", path);
return -2;
}
}
else {
- semanage_write_error(sh, "Could not read from module store, active subdirectory at %s.", path);
+ ERR(sh, "Could not read from module store, active subdirectory at %s.\n", path);
return -1;
}
}
else {
if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
- semanage_write_error(sh, "Could not access module store active subdirectory at %s, or it is not a directory.", path);
+ ERR(sh, "Could not access module store active subdirectory at %s, or it is not a directory.\n", path);
return -1;
}
}
@@ -243,18 +243,18 @@
if (stat (path, &sb) == -1) {
if (errno == ENOENT && create) {
if (mkdir(path, S_IRWXU) == -1) {
- semanage_write_error(sh, "Could not create module store, active modules subdirectory at %s.", path);
+ ERR(sh, "Could not create module store, active modules subdirectory at %s.\n", path);
return -2;
}
}
else {
- semanage_write_error(sh, "Could not read from module store, active modules subdirectory at %s.", path);
+ ERR(sh, "Could not read from module store, active modules subdirectory at %s.\n", path);
return -1;
}
}
else {
if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
- semanage_write_error(sh, "Could not access module store active modules subdirectory at %s, or it is not a directory.", path);
+ ERR(sh, "Could not access module store active modules subdirectory at %s, or it is not a directory.\n", path);
return -1;
}
}
@@ -395,21 +395,21 @@
if (stat(sandbox, &buf) == -1) {
if (errno != ENOENT) {
- semanage_write_error(sh, "Error scanning directory %s.", sandbox);
+ ERR(sh, "Error scanning directory %s.\n", sandbox);
return -1;
}
}
else {
/* remove the old sandbox */
if (semanage_remove_directory(sandbox) != 0) {
- semanage_write_error(sh, "Error removing old sandbox directory %s.", sandbox);
+ ERR(sh, "Error removing old sandbox directory %s.\n", sandbox);
return -1;
}
}
if (mkdir(sandbox, S_IRWXU) == -1 ||
semanage_copy_dir(semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL), sandbox) == -1) {
- semanage_write_error(sh, "Could not copy files to sandbox %s.", sandbox);
+ ERR(sh, "Could not copy files to sandbox %s.\n", sandbox);
goto cleanup;
}
return 0;
@@ -441,7 +441,7 @@
*len = 0;
if ((num_files = scandir(modules_path, &namelist,
semanage_filename_select, alphasort)) == -1) {
- semanage_write_error(sh, "Error while scanning directory %s.", modules_path);
+ ERR(sh, "Error while scanning directory %s.\n", modules_path);
goto cleanup;
}
if (num_files == 0) {
@@ -449,7 +449,7 @@
goto cleanup;
}
if ((*filenames = (char **) calloc(num_files, sizeof(**filenames))) == NULL) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
goto cleanup;
}
for (i = 0; i < num_files; i++) {
@@ -459,7 +459,7 @@
snprintf(path, PATH_MAX, "%s/%s", modules_path, namelist[i]->d_name);
if ((filename = strdup(path)) == NULL) {
int j;
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
for (j = 0; j < i; j++) {
free((*filenames)[j]);
}
@@ -502,12 +502,12 @@
memset(write_buf, 0, sizeof(write_buf));
snprintf(write_buf, sizeof(write_buf), "%d", commit_number);
if ((fd = open(commit_filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) == -1) {
- semanage_write_error(sh, "Could not open commit number file %s for writing.", commit_filename);
+ ERR(sh, "Could not open commit number file %s for writing.\n", commit_filename);
return -1;
}
amount_written = write(fd, write_buf, sizeof(write_buf));
if (amount_written == -1) {
- semanage_write_error(sh, "Error while writing commit number to %s.", commit_filename);
+ ERR(sh, "Error while writing commit number to %s.\n", commit_filename);
close(fd);
return -1;
}
@@ -517,21 +517,21 @@
if (stat(backup, &buf) == 0) {
if (S_ISDIR(buf.st_mode) &&
semanage_remove_directory(backup) != 0) {
- semanage_write_error(sh, "Could not remove previous backup %s.", backup);
+ ERR(sh, "Could not remove previous backup %s.\n", backup);
return -1;
}
}
else if (errno != ENOENT) {
- semanage_write_error(sh, "Could not stat directory %s.", backup);
+ ERR(sh, "Could not stat directory %s.\n", backup);
return -1;
}
if (rename(active, backup) == -1) {
- semanage_write_error(sh, "Error while renaming %s to %s.", active, backup);
+ ERR(sh, "Error while renaming %s to %s.\n", active, backup);
return -1;
}
if (rename(sandbox, active) == -1) {
- semanage_write_error(sh, "Error while renaming %s to %s.", sandbox, active);
+ ERR(sh, "Error while renaming %s to %s.\n", sandbox, active);
/* note that if an error occurs during the next
* function then the store will be left in an
* inconsistent state */
@@ -788,14 +788,14 @@
pid_t forkval;
if ((argv = split_args(e->path, e->args, new_name, old_name)) == NULL) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
return -1;
}
/* no need to use pthread_atfork() -- child will not be using
* any mutexes. */
if ((forkval = fork()) == -1) {
- semanage_write_error(sh, "Error while forking process.");
+ ERR(sh, "Error while forking process.\n");
return -1;
}
else if (forkval == 0) {
@@ -809,7 +809,7 @@
int status = 0;
free_argv(argv);
if (waitpid(forkval, &status, 0) == -1 || !WIFEXITED(status)) {
- semanage_write_error(sh, "Child process %s did not exit cleanly.", e->path);
+ ERR(sh, "Child process %s did not exit cleanly.\n", e->path);
return -1;
}
return WEXITSTATUS(status);
@@ -829,20 +829,20 @@
snprintf(running_policy, PATH_MAX, "%s.%d",
selinux_binary_policy_path(), security_policyvers());
if (semanage_copy_file(active_kernel, running_policy) == -1) {
- semanage_write_error(sh, "Could not copy %s to %s.", active_kernel, running_policy);
+ ERR(sh, "Could not copy %s to %s.\n", active_kernel, running_policy);
goto cleanup;
}
if (semanage_copy_file(active_fc, running_fc) == -1) {
- semanage_write_error(sh, "Could not copy %s to %s.", active_fc, running_fc);
+ ERR(sh, "Could not copy %s to %s.\n", active_fc, running_fc);
goto cleanup;
}
if ((r = semanage_exec_prog(sh, sh->conf->load_policy, running_policy, "")) != 0) {
- semanage_write_error(sh, "load_policy returned error code %d.", r);
+ ERR(sh, "load_policy returned error code %d.\n", r);
goto cleanup;
}
if ((r = semanage_exec_prog(sh, sh->conf->setfiles, running_policy, running_fc)) != 0) {
- semanage_write_error(sh, "setfiles returned error code %d.", r);
+ ERR(sh, "setfiles returned error code %d.\n", r);
goto cleanup;
}
retval = 0;
@@ -861,11 +861,11 @@
int retval = -1, new_commit_number;
if (sh->conf->load_policy == NULL) {
- semanage_write_error(sh, "No load_policy program specified in configuration file.");
+ ERR(sh, "No load_policy program specified in configuration file.\n");
goto cleanup;
}
if (sh->conf->setfiles == NULL) {
- semanage_write_error(sh, "No setfiles program specified in configuration file.");
+ ERR(sh, "No setfiles program specified in configuration file.\n");
goto cleanup;
}
@@ -904,7 +904,7 @@
int got_lock = 0;
if ((fd = open(lock_file, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR)) == -1) {
- semanage_write_error(sh, "Could not open direct %s at %s.", lock_name, lock_file);
+ ERR(sh, "Could not open direct %s at %s.\n", lock_name, lock_file);
return -1;
}
if (sh->timeout == 0) {
@@ -923,7 +923,7 @@
break;
}
else if (errno != EAGAIN) {
- semanage_write_error(sh, "Error obtaining direct %s at %s.", lock_name, lock_file);
+ ERR(sh, "Error obtaining direct %s at %s.\n", lock_name, lock_file);
close(fd);
return -1;
}
@@ -932,7 +932,7 @@
if (errno == EINTR) {
continue;
}
- semanage_write_error(sh, "Error while waiting to get direct %s at %s.", lock_name, lock_file);
+ ERR(sh, "Error while waiting to get direct %s at %s.\n", lock_name, lock_file);
close(fd);
return -1;
}
@@ -940,7 +940,7 @@
}
} while (origtime.tv_sec > 0 || sh->timeout == -1);
if (!got_lock) {
- semanage_write_error(sh, "Could not get direct %s at %s.", lock_name, lock_file);
+ ERR(sh, "Could not get direct %s at %s.\n", lock_name, lock_file);
close(fd);
return -1;
}
@@ -1030,14 +1030,14 @@
return 0;
}
else {
- semanage_write_error(sh, "Could not open commit number file %s.", commit_filename);
+ ERR(sh, "Could not open commit number file %s.\n", commit_filename);
return -1;
}
}
amount_read = read(fd, buf, sizeof(buf));
if (amount_read == -1) {
- semanage_write_error(sh, "Error while reading commit number from %s.", commit_filename);
+ ERR(sh, "Error while reading commit number from %s.\n", commit_filename);
commit_number = -1;
}
else if (sscanf(buf, "%d", &commit_number) != 1) {
@@ -1046,7 +1046,7 @@
}
else if (commit_number < 0) {
/* read file ought never have negative values */
- semanage_write_error(sh, "Commit number file %s is corrupted; it should only contain a non-negative integer.", commit_filename);
+ ERR(sh, "Commit number file %s is corrupted; it should only contain a non-negative integer.\n", commit_filename);
commit_number = -1;
}
@@ -1068,22 +1068,22 @@
*package = NULL;
if (sepol_module_package_create(package) == -1) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
return -1;
}
if (sepol_policy_file_create(&pf)) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
goto cleanup;
}
if ((fp = fopen(filename, "rb")) == NULL) {
- semanage_write_error(sh, "Could not open module file %s for reading.", filename);
+ ERR(sh, "Could not open module file %s for reading.\n", filename);
goto cleanup;
}
sepol_policy_file_set_fp(pf, fp);
if (sepol_module_package_read(*package, pf, 0) == -1) {
- semanage_write_error(sh, "Error while reading from module file %s.", filename);
+ ERR(sh, "Error while reading from module file %s.\n", filename);
fclose(fp);
goto cleanup;
}
@@ -1113,6 +1113,12 @@
int retval = -1, i;
int num_modules = 0;
sepol_module_package_t **mods = NULL;
+
+ /* FIXME: deprecated - replace with callback debugging
+ * through a sepol state object */
+ char buffer[1024];
+ buffer[0] = '\0';
+
*base = NULL;
/* first make sure that base module is readable */
@@ -1120,7 +1126,7 @@
goto cleanup;
}
if (access(base_filename, R_OK) == -1) {
- semanage_write_error(sh, "Could not access sandbox base file %s.", base_filename);
+ ERR(sh, "Could not access sandbox base file %s.\n", base_filename);
goto cleanup;
}
@@ -1135,7 +1141,7 @@
goto cleanup;
}
if ((mods = calloc(num_modules, sizeof(*mods))) == NULL) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
num_modules = 0;
goto cleanup;
}
@@ -1145,10 +1151,15 @@
}
}
- if (sepol_link_packages(*base, mods, num_modules, 0, sh->err_buf,
- SEMANAGE_ERRBUFSZ) != 0) {
+ if (sepol_link_packages(*base, mods, num_modules,
+ 0, buffer, 1024) != 0) {
+ if (*buffer != '\0')
+ ERR(sh, "%s", buffer);
goto cleanup;
}
+ if (*buffer != '\0')
+ WARN(sh, "%s", buffer);
+
retval = 0;
cleanup:
@@ -1175,6 +1186,11 @@
int policyvers = security_policyvers();
FILE *outfile = NULL;
+ /* FIXME: deprecated - replace with callback debugging
+ * through a sepol state object */
+ char buffer[1024];
+ buffer[0] = '\0';
+
if (policyvers < sepol_policy_kern_vers_min() ||
policyvers > sepol_policy_kern_vers_max())
policyvers = sh->conf->policyvers;
@@ -1183,27 +1199,32 @@
return -1;
}
if (sepol_expand_module(base->policy, out, 0,
- sh->err_buf, SEMANAGE_ERRBUFSZ) == -1) {
+ buffer, 1024) != -1) {
+ if (*buffer != '\0')
+ ERR(sh, "%s", buffer);
goto cleanup;
}
+ if (*buffer != '\0')
+ WARN(sh, "%s", buffer);
+
if (sepol_policydb_set_vers(out, policyvers)) {
- semanage_write_error(sh, "Unknown/Invalid policy version %d.", sh->conf->policyvers);
+ ERR(sh, "Unknown/Invalid policy version %d.\n", sh->conf->policyvers);
goto cleanup;
}
if ((kernel_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_KERNEL)) == NULL) {
goto cleanup;
}
if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
- semanage_write_error(sh, "Could not open kernel policy %s for writing.", kernel_filename);
+ ERR(sh, "Could not open kernel policy %s for writing.\n", kernel_filename);
goto cleanup;
}
if (sepol_policy_file_create(&pf)) {
- semanage_write_error(sh, "Out of memory!");
+ ERR(sh, "Out of memory!\n");
goto cleanup;
}
sepol_policy_file_set_fp(pf, outfile);
if (sepol_policydb_write(out, pf) == -1) {
- semanage_write_error(sh, "Error while writing kernel policy to %s.", kernel_filename);
+ ERR(sh, "Error while writing kernel policy to %s.\n", kernel_filename);
goto cleanup;
}
retval = 0;
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [ RESEND ] [ SEMANAGE ] Debugging system 2005-10-12 8:13 [ RESEND ] [ SEMANAGE ] Debugging system Ivan Gyurdiev @ 2005-10-12 15:52 ` Stephen Smalley 2005-10-12 16:11 ` Ivan Gyurdiev 0 siblings, 1 reply; 10+ messages in thread From: Stephen Smalley @ 2005-10-12 15:52 UTC (permalink / raw) To: Ivan Gyurdiev; +Cc: selinux On Wed, 2005-10-12 at 04:13 -0400, Ivan Gyurdiev wrote: > Okay, here's version 2. I'm not sure if I like this very much, but I've > done all the changes you requested: What don't you like? Or what did you like better about the prior version? > > - variadic list passed to callback ** > - message structure dropped > - message structure fields embedded in the handle > (ugh.. I had to do this, because of circular dependencies) > - handle passed to callback > - msg_write is a macro > - also fixed extra newline > - also added newlines to every single Tresys error message Why require the newline in the individual error messages? > - libsemanage.map is modified this time > > Because of (**) I now can't submit the sepol patch, because my compat > handler is broken .... Do we need compatibility with > sepol_enable/disable_debug ? Have we released an official libsepol with > those functions? I know Dan's been building that library, but I'm pretty > sure no one is using those functions yet, and that's rawhide. It would > be nice if those could be removed, so I don't have to support two > callback systems simultaneously. If there are no users, it can still change, and I don't see any. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ RESEND ] [ SEMANAGE ] Debugging system 2005-10-12 15:52 ` Stephen Smalley @ 2005-10-12 16:11 ` Ivan Gyurdiev 2005-10-12 16:04 ` Stephen Smalley 0 siblings, 1 reply; 10+ messages in thread From: Ivan Gyurdiev @ 2005-10-12 16:11 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux Stephen Smalley wrote: > On Wed, 2005-10-12 at 04:13 -0400, Ivan Gyurdiev wrote: > >> Okay, here's version 2. I'm not sure if I like this very much, but I've >> done all the changes you requested: >> > > What don't you like? Or what did you like better about the prior > version? > It looks more complicated now.... and more disorganized. I guess it's fine, as long as it's easy to use. >> - variadic list passed to callback ** >> - message structure dropped >> - message structure fields embedded in the handle >> (ugh.. I had to do this, because of circular dependencies) >> - handle passed to callback >> - msg_write is a macro >> - also fixed extra newline >> - also added newlines to every single Tresys error message >> > > Why require the newline in the individual error messages? > The newline is part of the message - it's not a good idea to push it into the messaging system. Eventually we will run into a case where we don't want a newline printed, and the messaging system wouldn't be able to handle that....happens every time I try to do this. >> - libsemanage.map is modified this time >> >> Because of (**) I now can't submit the sepol patch, because my compat >> handler is broken .... Do we need compatibility with >> sepol_enable/disable_debug ? Have we released an official libsepol with >> those functions? I know Dan's been building that library, but I'm pretty >> sure no one is using those functions yet, and that's rawhide. It would >> be nice if those could be removed, so I don't have to support two >> callback systems simultaneously. >> > > If there are no users, it can still change, and I don't see any. > Okay, in that case I will remove those functions... -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ RESEND ] [ SEMANAGE ] Debugging system 2005-10-12 16:11 ` Ivan Gyurdiev @ 2005-10-12 16:04 ` Stephen Smalley 2005-10-12 16:43 ` Ivan Gyurdiev 0 siblings, 1 reply; 10+ messages in thread From: Stephen Smalley @ 2005-10-12 16:04 UTC (permalink / raw) To: Ivan Gyurdiev; +Cc: selinux On Wed, 2005-10-12 at 12:11 -0400, Ivan Gyurdiev wrote: > It looks more complicated now.... and more disorganized. > I guess it's fine, as long as it's easy to use. Ok, from my POV, it is nicer, because: a) No extraneous abstractions introduced, just using the handle as designed, b) Direct pass through to the callback with no internal buffering and no new failure cases (memory allocation) introduced. > The newline is part of the message - it's not a good idea to push it > into the messaging system. Eventually we will run into a case where we > don't want a newline printed, and the messaging system wouldn't be able > to handle that....happens every time I try to do this. Hmm...I was thinking that the callback could add it as desired. Each invocation of the callback constitutes a separate message, and the callback is free to introduce message separators as desired. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ RESEND ] [ SEMANAGE ] Debugging system 2005-10-12 16:04 ` Stephen Smalley @ 2005-10-12 16:43 ` Ivan Gyurdiev 2005-10-13 10:36 ` [ SEPOL ] [ SEMANAGE ] Debug v3, some database things Ivan Gyurdiev 0 siblings, 1 reply; 10+ messages in thread From: Ivan Gyurdiev @ 2005-10-12 16:43 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux > Hmm...I was thinking that the callback could add it as desired. Each > invocation of the callback constitutes a separate message, and the > callback is free to introduce message separators as desired > I guess we are already chopping up the info stream into messages, so pushing the separator into the messaging system might make sense... argh... I guess I'll redo the patch again, and next time I'll package up sepol as well, and drop enable_debug/disable_debug. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ SEPOL ] [ SEMANAGE ] Debug v3, some database things 2005-10-12 16:43 ` Ivan Gyurdiev @ 2005-10-13 10:36 ` Ivan Gyurdiev 2005-10-13 10:56 ` Ivan Gyurdiev 2005-10-13 17:11 ` Stephen Smalley 0 siblings, 2 replies; 10+ messages in thread From: Ivan Gyurdiev @ 2005-10-13 10:36 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux [-- Attachment #1: Type: text/plain, Size: 1537 bytes --] ...resending patch again... Everything from before, plus: - newline removed from all ERR calls (justification is that info stream is already logically chopped into messages) - callback can write separator of choice. - newline added to default semanage handler - newline _not_ added to sepol handler, until DEBUG is eradicated - sepol_enable_debug and sepol_disable debug dropped, and removed from the interface. sepol_debug is kept, since it has been around for a while during official releases, and has users (plus it's trivial to implement using new system) - added my policy_components.c file - kind of work in progress, but it might give you an idea of what I plan to do. Those NULL arguments should probably be calling the functions in [users/ports]_policy.c, that are currently if-deff'ed out (or at least calling handlers that call those functions). Things that are in this file, should, ideally, be backend independent, so I don't want to see them being copied in 5 places depending on whether we use files, policy servers, LDAP, or whatever - that's why we use interfaces, and not implementations. You can also see I've put modules in there (commented out), since I hope I can make the list of modules appear as a database someday.... - added some database fixes for modified parameter - added a couple of functions to attach/detach direct database from a policydb object for sharing (those are specific to direct backend, and not added to the database interface). - draw in all sepol headers into sepol.h [-- Attachment #2: resync.diff --] [-- Type: text/x-patch, Size: 58980 bytes --] diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/include/semanage/debug.h new/libsemanage/include/semanage/debug.h --- old/libsemanage/include/semanage/debug.h 1969-12-31 19:00:00.000000000 -0500 +++ new/libsemanage/include/semanage/debug.h 2005-10-12 03:44:05.000000000 -0400 @@ -0,0 +1,58 @@ +/* Author: Joshua Brindle <jbrindle@tresys.com> + * Jason Tang <jtang@tresys.com> + * Ivan Gyurdiev <ivg2@cornell.edu> + * + * Copyright (C) 2005 Tresys Technology, LLC + * Copyright (C) 2005 Red Hat Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef _SEMANAGE_DEBUG_H_ +#define _SEMANAGE_DEBUG_H_ + +#include <semanage/handle.h> + +#define SEMANAGE_MSG_ERR 1 +#define SEMANAGE_MSG_WARN 2 +#define SEMANAGE_MSG_INFO 3 + +extern int semanage_msg_get_level( + semanage_handle_t* handle); + +extern const char* semanage_msg_get_channel( + semanage_handle_t* handle); + +extern const char* semanage_msg_get_fname( + semanage_handle_t* handle); + +/* Set the messaging callback. + * By the default, the callback will print + * the message on standard output, in a + * particular format. Passing NULL here + * indicates that messaging should be suppressed */ +extern void semanage_msg_set_callback( + semanage_handle_t* handle, +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))) +#endif + void (*msg_callback) ( + void* varg, + semanage_handle_t* handle, + const char* fmt, + ...), + void* msg_callback_arg); + +#endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/include/semanage/handle.h new/libsemanage/include/semanage/handle.h --- old/libsemanage/include/semanage/handle.h 2005-09-28 15:56:00.000000000 -0400 +++ new/libsemanage/include/semanage/handle.h 2005-10-11 01:59:36.000000000 -0400 @@ -51,14 +51,6 @@ * error. */ int semanage_disconnect(semanage_handle_t *); -/* Return a string describing the most recently encountered error - * associated with a semanage_handle_t. The returned string must not - * be modified by the caller. Be aware that this string is not - * persistent; future calls to this library may alter the buffer - * contents, so make a copy of it if necessary. - */ -const char *semanage_strerror(semanage_handle_t *); - /* Attempt to obtain a transaction lock on the manager. If another * process has the lock then this function may block, depending upon * the timeout value in the handle. @@ -75,18 +67,4 @@ */ int semanage_commit(semanage_handle_t *); -/* META NOTES - * - * All of the other interfaces expect a semanage_handle as its first - * parameter. If an error occurs then the function returns a negative - * value. Call semanage_strerror() to retrieve a string that fully - * describes the error. - * - * For all functions a non-negative number indicates success. For query - * fucntions a >=0 returned value is the "policy sequence number". This - * number keeps tracks of policy revisions and is used to detect if - * one semanage client has committed policy changes while another is - * still connected. - */ - #endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/include/semanage/semanage.h new/libsemanage/include/semanage/semanage.h --- old/libsemanage/include/semanage/semanage.h 2005-09-28 15:56:00.000000000 -0400 +++ new/libsemanage/include/semanage/semanage.h 2005-10-11 01:59:45.000000000 -0400 @@ -23,6 +23,7 @@ #include <semanage/handle.h> #include <semanage/modules.h> +#include <semanage/debug.h> /* * Explicit libsemanage initialization. diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/database_direct.c new/libsemanage/src/database_direct.c --- old/libsemanage/src/database_direct.c 2005-10-07 23:43:17.000000000 -0400 +++ new/libsemanage/src/database_direct.c 2005-10-12 02:38:15.000000000 -0400 @@ -3,6 +3,7 @@ #define DBASE_DEFINED #include <stdlib.h> +#include <string.h> #include <stdio.h> #include <fcntl.h> #include <sys/types.h> @@ -31,6 +32,7 @@ sepol_policydb_t* policy; int cached; int modified; + int attached; }; static int construct_filename( @@ -66,7 +68,7 @@ char* fname = NULL; /* Already cached */ - if (dbase->cached) + if (dbase->cached || dbase->attached) return STATUS_SUCCESS; if (construct_filename(handle, dbase, &fname) < 0) @@ -128,11 +130,10 @@ if (!dbase->modified || !dbase->cached) return STATUS_SUCCESS; - /* FIXME: sepol_policydb_to_image always writes a KERN policy */ + dbase->modified = 0; /* Stub */ handle = NULL; - dbase = NULL; return STATUS_SUCCESS; } @@ -144,6 +145,7 @@ if (dbase->cached) { sepol_policydb_free(dbase->policy); dbase->cached = 0; + dbase->modified = 0; } handle = NULL; @@ -219,6 +221,7 @@ tmp_dbase->policy = NULL; tmp_dbase->cached = 0; tmp_dbase->modified = 0; + tmp_dbase->attached = 0; *dbase = tmp_dbase; return STATUS_SUCCESS; @@ -239,6 +242,29 @@ free(dbase); } +/* Attach to a shared policydb. + * This implies drop_cache(), + * and prevents flush() and drop_cache() + * until detached. */ +void dbase_direct_attach( + semanage_handle_t* handle, + dbase_direct_t* dbase, + sepol_policydb_t* policydb) { + + dbase->attached = 1; + dbase_direct_drop_cache(handle, dbase); + dbase->policy = policydb; +} + +/* Detach from a shared policdb. + * This implies drop_cache. */ +void dbase_direct_detach( + semanage_handle_t* handle, + dbase_direct_t* dbase) { + + dbase->attached = 0; +} + static int dbase_direct_add ( semanage_handle_t* handle, dbase_direct_t* dbase, diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/database_direct.h new/libsemanage/src/database_direct.h --- old/libsemanage/src/database_direct.h 2005-10-07 18:37:59.000000000 -0400 +++ new/libsemanage/src/database_direct.h 2005-10-12 02:38:27.000000000 -0400 @@ -12,7 +12,7 @@ typedef struct record_direct_table { /* Add record into the policy database */ - int (*add) (sepol_policydb_t* policy, record_t* record); + int (*add) (sepol_policydb_t* policydb, record_t* record); /* Modify record into the policy database */ int (*modify) (sepol_policydb_t* policydb, record_t* record); @@ -32,6 +32,21 @@ record_direct_table_t* rptable, dbase_direct_t** dbase); +/* Attach to a shared policydb. + * This implies drop_cache(). + * and prevents flush() and drop_cache() + * until detached. */ +extern void dbase_direct_attach( + semanage_handle_t* handle, + dbase_direct_t* dbase, + sepol_policydb_t* policydb); + +/* Detach from a shared policdb. + * This implies drop_cache. */ +extern void dbase_direct_detach( + semanage_handle_t* handle, + dbase_direct_t* dbase); + /* Release allocated resources */ extern void dbase_direct_release( semanage_handle_t* handle, diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/database_file.c new/libsemanage/src/database_file.c --- old/libsemanage/src/database_file.c 2005-10-07 18:37:59.000000000 -0400 +++ new/libsemanage/src/database_file.c 2005-10-11 09:56:58.000000000 -0400 @@ -170,6 +170,7 @@ } dbase->cached = 0; + dbase->modified = 0; handle = NULL; } @@ -199,6 +200,7 @@ goto err; } + dbase->modified = 0; fclose(str); free(fname); return STATUS_SUCCESS; @@ -237,7 +239,6 @@ dbase_file_drop_cache(handle, dbase); } - static int enter_rw( semanage_handle_t* handle, dbase_file_t* dbase) { diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/debug.c new/libsemanage/src/debug.c --- old/libsemanage/src/debug.c 2005-09-30 16:19:07.000000000 -0400 +++ new/libsemanage/src/debug.c 2005-10-13 05:46:40.000000000 -0400 @@ -1,7 +1,9 @@ /* Author: Joshua Brindle <jbrindle@tresys.co * Jason Tang <jtang@tresys.com> + * Ivan Gyurdiev <ivg2@cornell.edu> * * Copyright (C) 2004-2005 Tresys Technology, LLC + * Copyright (C) 2005 Red Hat Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -19,20 +21,72 @@ */ #include <stdarg.h> +#include <stdlib.h> #include <stdio.h> #include "handle.h" #include "debug.h" -/* FIXME: redesign with callbacks ? */ +int semanage_msg_get_level(semanage_handle_t* handle) { + return handle->msg_level; +} + +const char* semanage_msg_get_channel(semanage_handle_t* handle) { + return handle->msg_channel; +} + +const char* semanage_msg_get_fname(semanage_handle_t* handle) { + return handle->msg_fname; +} -/* Write an error message to the current error buffer, up to the - * buffer's specified size. */ #ifdef __GNUC__ -__attribute__ ((format (printf, 2, 3))) +__attribute__ ((format (printf, 3, 4))) #endif -void semanage_write_error(semanage_handle_t *sh, char *fmt, ...) { +void semanage_msg_default_handler( + void* varg, + semanage_handle_t* handle, + const char* fmt, + ...) { + + FILE* stream = NULL; + + switch(semanage_msg_get_level(handle)) { + + case SEMANAGE_MSG_ERR: + case SEMANAGE_MSG_WARN: + stream = stderr; + break; + case SEMANAGE_MSG_INFO: + default: + stream = stdout; + break; + } + + fprintf(stream, "%s.%s: ", + semanage_msg_get_channel(handle), + semanage_msg_get_fname(handle)); + va_list ap; - va_start(ap, fmt); - vsnprintf(sh->err_buf, SEMANAGE_ERRBUFSZ, fmt, ap); + va_start(ap,fmt); + vfprintf(stream, fmt, ap); va_end(ap); + + fprintf(stream, "\n"); + + varg = NULL; +} + +extern void semanage_msg_set_callback( + semanage_handle_t* handle, +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))) +#endif + void (*msg_callback) ( + void* varg, + semanage_handle_t* handle, + const char* fmt, + ...), + void* msg_callback_arg) { + + handle->msg_callback = msg_callback; + handle->msg_callback_arg = msg_callback_arg; } diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/debug.h new/libsemanage/src/debug.h --- old/libsemanage/src/debug.h 2005-09-30 16:19:07.000000000 -0400 +++ new/libsemanage/src/debug.h 2005-10-12 03:40:56.000000000 -0400 @@ -20,20 +20,50 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -#ifndef _SEPOL_INTERNAL_DEBUG_H_ -#define _SEPOL_INTERNAL_DEBUG_H_ +#ifndef _SEMANAGE_INTERNAL_DEBUG_H_ +#define _SEMANAGE_INTERNAL_DEBUG_H_ +#include <stdio.h> +#include <semanage/debug.h> #include "handle.h" #define STATUS_SUCCESS 0 #define STATUS_ERR -1 #define STATUS_NODATA 1 -/* FIXME: redesign with level argument ? */ +#define msg_write(handle_arg, level_arg, \ + channel_arg, func_arg, ...) { \ + \ + if (handle_arg->msg_callback) { \ + handle_arg->msg_fname = func_arg; \ + handle_arg->msg_channel = channel_arg; \ + handle_arg->msg_level = level_arg; \ + \ + handle_arg->msg_callback( \ + handle_arg->msg_callback_arg, \ + handle_arg, __VA_ARGS__); \ + } \ +} + +#define ERR(handle, ...) \ + msg_write(handle, SEMANAGE_MSG_ERR, "libsemanage", \ + __FUNCTION__, __VA_ARGS__) + +#define INFO(handle, ...) \ + msg_write(handle, SEMANAGE_MSG_INFO, "libsemanage", \ + __FUNCTION__, __VA_ARGS__) + +#define WARN(handle, ...) \ + msg_write(handle, SEMANAGE_MSG_WARN, "libsemanage", \ + __FUNCTION__, __VA_ARGS__) #ifdef __GNUC__ -__attribute__ ((format (printf, 2, 3))) +__attribute__ ((format (printf, 3, 4))) #endif -extern void semanage_write_error(semanage_handle_t *sh, char *fmt, ...); +extern void semanage_msg_default_handler( + void* varg, + semanage_handle_t* handle, + const char* fmt, + ...); #endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/direct_api.c new/libsemanage/src/direct_api.c --- old/libsemanage/src/direct_api.c 2005-10-07 18:37:59.000000000 -0400 +++ new/libsemanage/src/direct_api.c 2005-10-13 06:08:23.000000000 -0400 @@ -33,7 +33,7 @@ #include "modules.h" #include "direct_api.h" #include "semanage_store.h" -#include "policy_connection.h" +#include "policy.h" static void semanage_direct_destroy(semanage_handle_t *sh); static int semanage_direct_disconnect(semanage_handle_t *sh); @@ -89,7 +89,7 @@ if (sh->is_in_transaction) { /* destroy sandbox */ if (semanage_remove_directory(semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)) < 0) { - semanage_write_error(sh, "Could not cleanly remove sandbox %s.", semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)); + ERR(sh, "Could not cleanly remove sandbox %s.", semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)); return -1; } semanage_release_trans_lock(sh); @@ -129,7 +129,7 @@ *module_name = *version = *filename = NULL; if (sepol_policy_file_create(&pf)) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); return -1; } sepol_policy_file_set_mem(pf, module_data, data_len); @@ -138,19 +138,19 @@ sepol_module_package_info(pf, &file_type, module_name, version) == -1) { sepol_policy_file_free(pf); - semanage_write_error(sh, "Could not parse module data."); + ERR(sh, "Could not parse module data."); return -2; } sepol_policy_file_free(pf); if (file_type != SEPOL_POLICY_MOD) { - semanage_write_error(sh, "Data did not represent a module."); + ERR(sh, "Data did not represent a module."); return -2; } if ((module_path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES)) == NULL) { return -1; } if (asprintf(filename, "%s/%s.pp", module_path, *module_name) == -1) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); return -1; } return 0; @@ -167,7 +167,7 @@ int file_type; if (sepol_policy_file_create(&pf)) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); return -1; } sepol_policy_file_set_mem(pf, module_data, data_len); @@ -176,14 +176,14 @@ sepol_module_package_info(pf, &file_type, &module_name, &version) == -1) { sepol_policy_file_free(pf); - semanage_write_error(sh, "Could not parse base module data."); + ERR(sh, "Could not parse base module data."); return -2; } sepol_policy_file_free(pf); free(module_name); free(version); if (file_type != SEPOL_POLICY_BASE) { - semanage_write_error(sh, "Data did not represent a module."); + ERR(sh, "Data did not represent a module."); return -2; } return 0; @@ -195,11 +195,11 @@ const char *filename, char *data, size_t num_bytes) { int out; if ((out = open(filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) == -1) { - semanage_write_error(sh, "Could not open %s for writing.", filename); + ERR(sh, "Could not open %s for writing.", filename); return -1; } if (write(out, data, num_bytes) == -1) { - semanage_write_error(sh, "Error while writing to %s.", filename); + ERR(sh, "Error while writing to %s.", filename); close(out); return -1; } @@ -217,19 +217,19 @@ FILE *outfile; int retval; if (sepol_policy_file_create(&pf)) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); return -1; } if ((outfile = fopen(filename, "wb")) == NULL) { sepol_policy_file_free(pf); - semanage_write_error(sh, "Could not open %s for writing.", filename); + ERR(sh, "Could not open %s for writing.", filename); return -1; } sepol_policy_file_set_fp(pf, outfile); retval = sepol_module_package_write(package, pf); fclose(outfile); if (retval == -1) { - semanage_write_error(sh, "Error while writing module to %s.", filename); + ERR(sh, "Error while writing module to %s.", filename); return -1; } return 0; @@ -253,8 +253,6 @@ goto cleanup; } - /* FIXME: write object databases into base */ - /* write the linked base */ if ((linked_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED)) == NULL || semanage_write_module(sh, linked_filename, base) == -1 || @@ -268,11 +266,23 @@ goto cleanup; } - /* expand and verify the resulting policy */ - if (semanage_expand_sandbox(sh, base) < 0 || - semanage_verify_kernel(sh) != 0) { + /* Expand the resulting policy */ + if (semanage_expand_sandbox(sh, base) < 0) + goto cleanup; + +#if 0 + /* Link components into base policy */ + if (semanage_base_merge_components(sh, NULL /* FIXME */) < 0) + goto cleanup; + + /* Commit changes to components */ + if (semanage_commit_components(sh) < 0) + goto cleanup; +#endif + + /* Verify policy */ + if (semanage_verify_kernel(sh) != 0) goto cleanup; - } retval = semanage_install_sandbox(sh); @@ -346,14 +356,14 @@ break; } else { - semanage_write_error(sh, "Previous module %s is same or newer.", module_name); + ERR(sh, "Previous module %s is same or newer.", module_name); retval = -4; goto cleanup; } } } if (retval == -4) { - semanage_write_error(sh, "There does not already exist a module named %s.", module_name); + ERR(sh, "There does not already exist a module named %s.", module_name); goto cleanup; } if (write_file(sh, filename, data, data_len) == -1) { @@ -409,7 +419,7 @@ for (i = 0; i < num_mod_files; i++) { char *base = strrchr(module_filenames[i], '/'); if (base == NULL) { - semanage_write_error(sh, "Could not read module names."); + ERR(sh, "Could not read module names."); retval = -2; goto cleanup; } @@ -417,14 +427,14 @@ if (memcmp(module_name, base, name_len) == 0 && strcmp(base + name_len, ".pp") == 0) { if (unlink(module_filenames[i]) == -1) { - semanage_write_error(sh, "Could not remove module file %s.", module_filenames[i]); + ERR(sh, "Could not remove module file %s.", module_filenames[i]); retval = -2; } retval = 0; goto cleanup; } } - semanage_write_error(sh, "Module %s was not found.", module_name); + ERR(sh, "Module %s was not found.", module_name); retval = -2; /* module not found */ cleanup: for (i = 0; module_filenames != NULL && i < num_mod_files; i++) { @@ -463,12 +473,12 @@ } if (sepol_policy_file_create(&pf)) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); goto cleanup; } if ((*modinfo = calloc(num_mod_files, sizeof(**modinfo))) == NULL) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); goto cleanup; } diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/handle.c new/libsemanage/src/handle.c --- old/libsemanage/src/handle.c 2005-10-06 16:43:33.000000000 -0400 +++ new/libsemanage/src/handle.c 2005-10-13 05:45:39.000000000 -0400 @@ -41,11 +41,11 @@ #define SEMANAGE_COMMIT_READ_WAIT 5 semanage_handle_t *semanage_handle_create(void) { - semanage_handle_t *sh; - const char *conf_name; + semanage_handle_t *sh = NULL; + const char *conf_name = NULL; /* Allocate handle */ - if ((sh = calloc(1, sizeof(*sh))) == NULL) + if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) goto omem; /* Policy root */ @@ -66,6 +66,10 @@ /* Set timeout: some default value for now, later use config */ sh->timeout = SEMANAGE_COMMIT_READ_WAIT; + /* Set callback */ + sh->msg_callback = semanage_msg_default_handler; + sh->msg_callback_arg = NULL; + /* Configure object databases * Hardcore DATA FILE backend for now */ if (user_file_dbase_init(&sh->dbase[DBASE_USERS]) < 0) @@ -130,19 +134,12 @@ free(sh); } -const char *semanage_strerror(semanage_handle_t *sh) { - if (sh == NULL) { - return "Could not parse semange.conf or out of memory."; - } - return sh->err_buf; -} - /********************* public transaction functions *********************/ int semanage_begin_transaction(semanage_handle_t *sh) { assert(sh != NULL && sh->funcs != NULL && sh->funcs->begin_trans != NULL); if (!sh->is_connected) { - semanage_write_error(sh, "Not connected."); + ERR(sh, "Not connected."); return -1; } if (sh->is_in_transaction) { @@ -160,7 +157,7 @@ int retval; assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL); if (!sh->is_in_transaction) { - semanage_write_error(sh, "Will not commit because caller does not have a tranaction lock yet."); + ERR(sh, "Will not commit because caller does not have a tranaction lock yet."); return -1; } retval = sh->funcs->commit(sh); diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/handle.h new/libsemanage/src/handle.h --- old/libsemanage/src/handle.h 2005-10-04 10:51:22.000000000 -0400 +++ new/libsemanage/src/handle.h 2005-10-12 03:38:42.000000000 -0400 @@ -27,17 +27,27 @@ #include <semanage/handle.h> #include "modules.h" #include "semanage_conf.h" -#include "policy_connection.h" +#include "policy.h" #include "database.h" struct semanage_handle { int con_id; /* Connection ID */ int policy_serial; /* Policy serial number at connect time */ - /* Error management */ - /* FIXME: re-design error system using callbacks (?) */ -#define SEMANAGE_ERRBUFSZ 1024 - char err_buf[SEMANAGE_ERRBUFSZ]; + /* Error handling */ + int msg_level; + const char* msg_channel; + const char* msg_fname; +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))) +#endif + void (*msg_callback) ( + void* varg, + semanage_handle_t* handle, + const char* fmt, + ...); + void* msg_callback_arg; + /* ================ */ /* one of these connections will actually be used while * working with the module store -- the particular one if diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/libsemanage.map new/libsemanage/src/libsemanage.map --- old/libsemanage/src/libsemanage.map 2005-10-07 23:50:41.000000000 -0400 +++ new/libsemanage/src/libsemanage.map 2005-10-11 14:00:14.000000000 -0400 @@ -1,7 +1,7 @@ LIBSEMANAGE_1.0 { global: semanage_handle_create; semanage_handle_destroy; semanage_connect; semanage_disconnect; - semanage_strerror; + semanage_msg_*; semanage_begin_transaction; semanage_commit; semanage_module_install; semanage_module_upgrade; semanage_module_install_base; semanage_module_remove; diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/modules.c new/libsemanage/src/modules.c --- old/libsemanage/src/modules.c 2005-09-30 16:19:07.000000000 -0400 +++ new/libsemanage/src/modules.c 2005-10-13 05:45:22.000000000 -0400 @@ -37,11 +37,11 @@ int semanage_module_install(semanage_handle_t *sh, char *module_data, size_t data_len) { if (sh->funcs->install == NULL) { - semanage_write_error(sh, "No install function defined for this connection type."); + ERR(sh, "No install function defined for this connection type."); return -1; } else if (!sh->is_connected) { - semanage_write_error(sh, "Not connected."); + ERR(sh, "Not connected."); return -1; } else if (!sh->is_in_transaction) { @@ -55,11 +55,11 @@ int semanage_module_upgrade(semanage_handle_t *sh, char *module_data, size_t data_len) { if (sh->funcs->upgrade == NULL) { - semanage_write_error(sh, "No upgrade function defined for this connection type."); + ERR(sh, "No upgrade function defined for this connection type."); return -1; } else if (!sh->is_connected) { - semanage_write_error(sh, "Not connected."); + ERR(sh, "Not connected."); return -1; } else if (!sh->is_in_transaction) { @@ -73,11 +73,11 @@ int semanage_module_install_base(semanage_handle_t *sh, char *module_data, size_t data_len) { if (sh->funcs->install_base == NULL) { - semanage_write_error(sh, "No install base function defined for this connection type."); + ERR(sh, "No install base function defined for this connection type."); return -1; } else if (!sh->is_connected) { - semanage_write_error(sh, "Not connected."); + ERR(sh, "Not connected."); return -1; } else if (!sh->is_in_transaction) { @@ -91,11 +91,11 @@ int semanage_module_remove(semanage_handle_t *sh, char *module_name) { if (sh->funcs->remove == NULL) { - semanage_write_error(sh, "No remove function defined for this connection type."); + ERR(sh, "No remove function defined for this connection type."); return -1; } else if (!sh->is_connected) { - semanage_write_error(sh, "Not connected."); + ERR(sh, "Not connected."); return -1; } else if (!sh->is_in_transaction) { @@ -109,11 +109,11 @@ int semanage_module_list(semanage_handle_t *sh, semanage_module_info_t **modinfo, int *num_modules) { if (sh->funcs->list == NULL) { - semanage_write_error(sh, "No list function defined for this connection type."); + ERR(sh, "No list function defined for this connection type."); return -1; } else if (!sh->is_connected) { - semanage_write_error(sh, "Not connected."); + ERR(sh, "Not connected."); return -1; } return sh->funcs->list(sh, modinfo, num_modules); diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/modules.h new/libsemanage/src/modules.h --- old/libsemanage/src/modules.h 2005-09-30 16:19:07.000000000 -0400 +++ new/libsemanage/src/modules.h 2005-10-11 02:43:10.000000000 -0400 @@ -23,11 +23,6 @@ #include <semanage/modules.h> -struct semanage_module_conn { - int translock_file_fd; - int readlock_file_fd; -}; - struct semanage_module_info { char *name; /* Key */ char *version; diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/policy_components.c new/libsemanage/src/policy_components.c --- old/libsemanage/src/policy_components.c 1969-12-31 19:00:00.000000000 -0500 +++ new/libsemanage/src/policy_components.c 2005-10-13 06:06:05.000000000 -0400 @@ -0,0 +1,86 @@ +#include "policy.h" +#include "handle.h" +#include "database.h" +#include "modules.h" +#include "debug.h" + +int semanage_base_merge_components( + semanage_handle_t* handle, + semanage_module_info_t* base) { + + //dbase_config_t* modules = dbase_modules_dbase(handle); + //dbase_config_t* interfaces = semanage_iface_dbase(handle); + //dbase_config_t* booleans = semanage_bool_dbase(handle); + dbase_config_t* users = semanage_user_dbase(handle); + dbase_config_t* ports = semanage_port_dbase(handle); + +#if 0 + if (modules->dtable->iterate(handle, + modules->dbase, NULL, NULL, /* FIXME */) < 0) + goto err; + + if (interfaces->dtable->iterate(handle, + interfaces->dbase, NULL, NULL, /* FIXME */) < 0) + goto err; + + if (booleans->dtable->iterate(handle, + booleans->dbase, NULL, NULL, /* FIXME */) < 0) + goto err; +#endif + + if (users->dtable->iterate(handle, + users->dbase, NULL, NULL /* FIXME */) < 0) + goto err; + + if (ports->dtable->iterate(handle, + ports->dbase, NULL, NULL /* FIXME */) < 0) + goto err; + + base = NULL; + return STATUS_SUCCESS; + + err: + /* FIXME: handle error */ + return STATUS_SUCCESS; +} + +int semanage_commit_components( + semanage_handle_t* handle) { + + //dbase_config_t* modules = semanage_modules_dbase(handle); + //dbase_config_t* interfaces = semanage_iface_dbase(handle); + //dbase_config_t* booleans = semanage_bool_dbase(handle); + dbase_config_t* users = semanage_user_dbase(handle); + dbase_config_t* ports = semanage_port_dbase(handle); + +#if 0 + if (modules->dtable->flush(handle, modules->dbase) < 0) + goto err; + + if (interfaces->dtable->flush(handle, interfaces->dbase) < 0) + goto err; + + if (booleans->dtable->flush(handle, booleans->dbase) < 0) + goto err; +#endif + + if (users->dtable->flush(handle, users->dbase) < 0) + goto err; + + if (ports->dtable->flush(handle, ports->dbase) < 0) + goto err; + + return STATUS_SUCCESS; + + err: + /* FIXME: handle error */ +#if 0 + modules->dtable->drop_cache(handle, modules->dbase); + interfaces->dtable->drop_cache(handle, interfaces->dbase); + booleans->dtable->drop_cache(handle, booleans->dbase); +#endif + + users->dtable->drop_cache(handle, users->dbase); + ports->dtable->drop_cache(handle, ports->dbase); + return STATUS_ERR; +} diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/policy_connection.h new/libsemanage/src/policy_connection.h --- old/libsemanage/src/policy_connection.h 2005-10-04 10:51:22.000000000 -0400 +++ new/libsemanage/src/policy_connection.h 1969-12-31 19:00:00.000000000 -0500 @@ -1,55 +0,0 @@ -/* Author: Joshua Brindle <jbrindle@tresys.com> - * Jason Tang <jtang@tresys.com> - * - * Copyright (C) 2005 Tresys Technology, LLC - * Copyright (C) 2005 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - -#ifndef _SEMANAGE_POLICY_CONNECTION_INTERNAL_H_ -#define _SEMANAGE_POLICY_CONNECTION_INTERNAL_H_ - -struct semanage_policy_table { - - /* Destroy a connection */ - void (*destroy)(semanage_handle_t *); - - /* Disconnect from policy */ - int (*disconnect)(semanage_handle_t *); - - /* Begin a policy transaction */ - int (*begin_trans)(semanage_handle_t *); - - /* Commit a policy transaction */ - int (*commit)(semanage_handle_t *); - - /* Install a policy module */ - int (*install)(semanage_handle_t *, char *, size_t); - - /* Upgrade a policy module */ - int (*upgrade)(semanage_handle_t *, char *, size_t); - - /* Remove a policy module */ - int (*remove)(semanage_handle_t *, char *); - - /* List policy modules */ - int (*list)(semanage_handle_t *, semanage_module_info_t **, int *); - - /* Install base policy */ - int (*install_base)(semanage_handle_t *, char *, size_t); -}; - -#endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/policy.h new/libsemanage/src/policy.h --- old/libsemanage/src/policy.h 1969-12-31 19:00:00.000000000 -0500 +++ new/libsemanage/src/policy.h 2005-10-13 06:02:47.000000000 -0400 @@ -0,0 +1,75 @@ +/* Author: Joshua Brindle <jbrindle@tresys.com> + * Jason Tang <jtang@tresys.com> + * + * Copyright (C) 2005 Tresys Technology, LLC + * Copyright (C) 2005 Red Hat Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef _SEMANAGE_POLICY_INTERNAL_H_ +#define _SEMANAGE_POLICY_INTERNAL_H_ + +#include "modules.h" + +/* Circular dependency */ +struct semanage_handle; + +/* Connection Locking */ +struct semanage_module_conn { + int translock_file_fd; + int readlock_file_fd; +}; + +/* Backend dependent portion */ +struct semanage_policy_table { + + /* Destroy a connection */ + void (*destroy)(struct semanage_handle*); + + /* Disconnect from policy */ + int (*disconnect)(struct semanage_handle*); + + /* Begin a policy transaction */ + int (*begin_trans)(struct semanage_handle*); + + /* Commit a policy transaction */ + int (*commit)(struct semanage_handle*); + + /* Install a policy module */ + int (*install)(struct semanage_handle*, char *, size_t); + + /* Upgrade a policy module */ + int (*upgrade)(struct semanage_handle*, char *, size_t); + + /* Remove a policy module */ + int (*remove)(struct semanage_handle*, char *); + + /* List policy modules */ + int (*list)(struct semanage_handle*, semanage_module_info_t **, int *); + + /* Install base policy */ + int (*install_base)(struct semanage_handle*, char *, size_t); +}; + +/* Should be backend independent */ +extern int semanage_base_merge_components( + struct semanage_handle* handle, + semanage_module_info_t* base); + +extern int semanage_commit_components( + struct semanage_handle* handle); + +#endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/semanage_store.c new/libsemanage/src/semanage_store.c --- old/libsemanage/src/semanage_store.c 2005-10-07 18:38:00.000000000 -0400 +++ new/libsemanage/src/semanage_store.c 2005-10-13 05:43:21.000000000 -0400 @@ -205,18 +205,18 @@ if (stat(path, &sb) == -1) { if (errno == ENOENT && create) { if (mkdir(path, S_IRWXU) == -1) { - semanage_write_error(sh, "Could not create module store at %s.", path); + ERR(sh, "Could not create module store at %s.", path); return -2; } } else { - semanage_write_error(sh, "Could not read from module store at %s.", path); + ERR(sh, "Could not read from module store at %s.", path); return -1; } } else { if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) { - semanage_write_error(sh, "Could not access module store at %s, or it is not a directory.", path); + ERR(sh, "Could not access module store at %s, or it is not a directory.", path); return -1; } } @@ -224,18 +224,18 @@ if (stat(path, &sb) == -1) { if (errno == ENOENT && create) { if (mkdir(path, S_IRWXU) == -1) { - semanage_write_error(sh, "Could not create module store, active subdirectory at %s.", path); + ERR(sh, "Could not create module store, active subdirectory at %s.", path); return -2; } } else { - semanage_write_error(sh, "Could not read from module store, active subdirectory at %s.", path); + ERR(sh, "Could not read from module store, active subdirectory at %s.", path); return -1; } } else { if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) { - semanage_write_error(sh, "Could not access module store active subdirectory at %s, or it is not a directory.", path); + ERR(sh, "Could not access module store active subdirectory at %s, or it is not a directory.", path); return -1; } } @@ -243,18 +243,18 @@ if (stat (path, &sb) == -1) { if (errno == ENOENT && create) { if (mkdir(path, S_IRWXU) == -1) { - semanage_write_error(sh, "Could not create module store, active modules subdirectory at %s.", path); + ERR(sh, "Could not create module store, active modules subdirectory at %s.", path); return -2; } } else { - semanage_write_error(sh, "Could not read from module store, active modules subdirectory at %s.", path); + ERR(sh, "Could not read from module store, active modules subdirectory at %s.", path); return -1; } } else { if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) { - semanage_write_error(sh, "Could not access module store active modules subdirectory at %s, or it is not a directory.", path); + ERR(sh, "Could not access module store active modules subdirectory at %s, or it is not a directory.", path); return -1; } } @@ -395,21 +395,21 @@ if (stat(sandbox, &buf) == -1) { if (errno != ENOENT) { - semanage_write_error(sh, "Error scanning directory %s.", sandbox); + ERR(sh, "Error scanning directory %s.", sandbox); return -1; } } else { /* remove the old sandbox */ if (semanage_remove_directory(sandbox) != 0) { - semanage_write_error(sh, "Error removing old sandbox directory %s.", sandbox); + ERR(sh, "Error removing old sandbox directory %s.", sandbox); return -1; } } if (mkdir(sandbox, S_IRWXU) == -1 || semanage_copy_dir(semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL), sandbox) == -1) { - semanage_write_error(sh, "Could not copy files to sandbox %s.", sandbox); + ERR(sh, "Could not copy files to sandbox %s.", sandbox); goto cleanup; } return 0; @@ -441,7 +441,7 @@ *len = 0; if ((num_files = scandir(modules_path, &namelist, semanage_filename_select, alphasort)) == -1) { - semanage_write_error(sh, "Error while scanning directory %s.", modules_path); + ERR(sh, "Error while scanning directory %s.", modules_path); goto cleanup; } if (num_files == 0) { @@ -449,7 +449,7 @@ goto cleanup; } if ((*filenames = (char **) calloc(num_files, sizeof(**filenames))) == NULL) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); goto cleanup; } for (i = 0; i < num_files; i++) { @@ -459,7 +459,7 @@ snprintf(path, PATH_MAX, "%s/%s", modules_path, namelist[i]->d_name); if ((filename = strdup(path)) == NULL) { int j; - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); for (j = 0; j < i; j++) { free((*filenames)[j]); } @@ -502,12 +502,12 @@ memset(write_buf, 0, sizeof(write_buf)); snprintf(write_buf, sizeof(write_buf), "%d", commit_number); if ((fd = open(commit_filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) == -1) { - semanage_write_error(sh, "Could not open commit number file %s for writing.", commit_filename); + ERR(sh, "Could not open commit number file %s for writing.", commit_filename); return -1; } amount_written = write(fd, write_buf, sizeof(write_buf)); if (amount_written == -1) { - semanage_write_error(sh, "Error while writing commit number to %s.", commit_filename); + ERR(sh, "Error while writing commit number to %s.", commit_filename); close(fd); return -1; } @@ -517,21 +517,21 @@ if (stat(backup, &buf) == 0) { if (S_ISDIR(buf.st_mode) && semanage_remove_directory(backup) != 0) { - semanage_write_error(sh, "Could not remove previous backup %s.", backup); + ERR(sh, "Could not remove previous backup %s.", backup); return -1; } } else if (errno != ENOENT) { - semanage_write_error(sh, "Could not stat directory %s.", backup); + ERR(sh, "Could not stat directory %s.", backup); return -1; } if (rename(active, backup) == -1) { - semanage_write_error(sh, "Error while renaming %s to %s.", active, backup); + ERR(sh, "Error while renaming %s to %s.", active, backup); return -1; } if (rename(sandbox, active) == -1) { - semanage_write_error(sh, "Error while renaming %s to %s.", sandbox, active); + ERR(sh, "Error while renaming %s to %s.", sandbox, active); /* note that if an error occurs during the next * function then the store will be left in an * inconsistent state */ @@ -788,14 +788,14 @@ pid_t forkval; if ((argv = split_args(e->path, e->args, new_name, old_name)) == NULL) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); return -1; } /* no need to use pthread_atfork() -- child will not be using * any mutexes. */ if ((forkval = fork()) == -1) { - semanage_write_error(sh, "Error while forking process."); + ERR(sh, "Error while forking process."); return -1; } else if (forkval == 0) { @@ -809,7 +809,7 @@ int status = 0; free_argv(argv); if (waitpid(forkval, &status, 0) == -1 || !WIFEXITED(status)) { - semanage_write_error(sh, "Child process %s did not exit cleanly.", e->path); + ERR(sh, "Child process %s did not exit cleanly.", e->path); return -1; } return WEXITSTATUS(status); @@ -829,20 +829,20 @@ snprintf(running_policy, PATH_MAX, "%s.%d", selinux_binary_policy_path(), security_policyvers()); if (semanage_copy_file(active_kernel, running_policy) == -1) { - semanage_write_error(sh, "Could not copy %s to %s.", active_kernel, running_policy); + ERR(sh, "Could not copy %s to %s.", active_kernel, running_policy); goto cleanup; } if (semanage_copy_file(active_fc, running_fc) == -1) { - semanage_write_error(sh, "Could not copy %s to %s.", active_fc, running_fc); + ERR(sh, "Could not copy %s to %s.", active_fc, running_fc); goto cleanup; } if ((r = semanage_exec_prog(sh, sh->conf->load_policy, running_policy, "")) != 0) { - semanage_write_error(sh, "load_policy returned error code %d.", r); + ERR(sh, "load_policy returned error code %d.", r); goto cleanup; } if ((r = semanage_exec_prog(sh, sh->conf->setfiles, running_policy, running_fc)) != 0) { - semanage_write_error(sh, "setfiles returned error code %d.", r); + ERR(sh, "setfiles returned error code %d.", r); goto cleanup; } retval = 0; @@ -861,11 +861,11 @@ int retval = -1, new_commit_number; if (sh->conf->load_policy == NULL) { - semanage_write_error(sh, "No load_policy program specified in configuration file."); + ERR(sh, "No load_policy program specified in configuration file."); goto cleanup; } if (sh->conf->setfiles == NULL) { - semanage_write_error(sh, "No setfiles program specified in configuration file."); + ERR(sh, "No setfiles program specified in configuration file."); goto cleanup; } @@ -904,7 +904,7 @@ int got_lock = 0; if ((fd = open(lock_file, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR)) == -1) { - semanage_write_error(sh, "Could not open direct %s at %s.", lock_name, lock_file); + ERR(sh, "Could not open direct %s at %s.", lock_name, lock_file); return -1; } if (sh->timeout == 0) { @@ -923,7 +923,7 @@ break; } else if (errno != EAGAIN) { - semanage_write_error(sh, "Error obtaining direct %s at %s.", lock_name, lock_file); + ERR(sh, "Error obtaining direct %s at %s.", lock_name, lock_file); close(fd); return -1; } @@ -932,7 +932,7 @@ if (errno == EINTR) { continue; } - semanage_write_error(sh, "Error while waiting to get direct %s at %s.", lock_name, lock_file); + ERR(sh, "Error while waiting to get direct %s at %s.", lock_name, lock_file); close(fd); return -1; } @@ -940,7 +940,7 @@ } } while (origtime.tv_sec > 0 || sh->timeout == -1); if (!got_lock) { - semanage_write_error(sh, "Could not get direct %s at %s.", lock_name, lock_file); + ERR(sh, "Could not get direct %s at %s.", lock_name, lock_file); close(fd); return -1; } @@ -1030,14 +1030,14 @@ return 0; } else { - semanage_write_error(sh, "Could not open commit number file %s.", commit_filename); + ERR(sh, "Could not open commit number file %s.", commit_filename); return -1; } } amount_read = read(fd, buf, sizeof(buf)); if (amount_read == -1) { - semanage_write_error(sh, "Error while reading commit number from %s.", commit_filename); + ERR(sh, "Error while reading commit number from %s.", commit_filename); commit_number = -1; } else if (sscanf(buf, "%d", &commit_number) != 1) { @@ -1046,7 +1046,7 @@ } else if (commit_number < 0) { /* read file ought never have negative values */ - semanage_write_error(sh, "Commit number file %s is corrupted; it should only contain a non-negative integer.", commit_filename); + ERR(sh, "Commit number file %s is corrupted; it should only contain a non-negative integer.", commit_filename); commit_number = -1; } @@ -1068,22 +1068,22 @@ *package = NULL; if (sepol_module_package_create(package) == -1) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); return -1; } if (sepol_policy_file_create(&pf)) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); goto cleanup; } if ((fp = fopen(filename, "rb")) == NULL) { - semanage_write_error(sh, "Could not open module file %s for reading.", filename); + ERR(sh, "Could not open module file %s for reading.", filename); goto cleanup; } sepol_policy_file_set_fp(pf, fp); if (sepol_module_package_read(*package, pf, 0) == -1) { - semanage_write_error(sh, "Error while reading from module file %s.", filename); + ERR(sh, "Error while reading from module file %s.", filename); fclose(fp); goto cleanup; } @@ -1113,6 +1113,12 @@ int retval = -1, i; int num_modules = 0; sepol_module_package_t **mods = NULL; + + /* FIXME: deprecated - replace with callback debugging + * through a sepol state object */ + char buffer[1024]; + buffer[0] = '\0'; + *base = NULL; /* first make sure that base module is readable */ @@ -1120,7 +1126,7 @@ goto cleanup; } if (access(base_filename, R_OK) == -1) { - semanage_write_error(sh, "Could not access sandbox base file %s.", base_filename); + ERR(sh, "Could not access sandbox base file %s.", base_filename); goto cleanup; } @@ -1135,7 +1141,7 @@ goto cleanup; } if ((mods = calloc(num_modules, sizeof(*mods))) == NULL) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); num_modules = 0; goto cleanup; } @@ -1145,10 +1151,15 @@ } } - if (sepol_link_packages(*base, mods, num_modules, 0, sh->err_buf, - SEMANAGE_ERRBUFSZ) != 0) { + if (sepol_link_packages(*base, mods, num_modules, + 0, buffer, 1024) != 0) { + if (*buffer != '\0') + ERR(sh, "%s", buffer); goto cleanup; } + if (*buffer != '\0') + WARN(sh, "%s", buffer); + retval = 0; cleanup: @@ -1175,6 +1186,11 @@ int policyvers = security_policyvers(); FILE *outfile = NULL; + /* FIXME: deprecated - replace with callback debugging + * through a sepol state object */ + char buffer[1024]; + buffer[0] = '\0'; + if (policyvers < sepol_policy_kern_vers_min() || policyvers > sepol_policy_kern_vers_max()) policyvers = sh->conf->policyvers; @@ -1183,27 +1199,32 @@ return -1; } if (sepol_expand_module(base->policy, out, 0, - sh->err_buf, SEMANAGE_ERRBUFSZ) == -1) { + buffer, 1024) != -1) { + if (*buffer != '\0') + ERR(sh, "%s", buffer); goto cleanup; } + if (*buffer != '\0') + WARN(sh, "%s", buffer); + if (sepol_policydb_set_vers(out, policyvers)) { - semanage_write_error(sh, "Unknown/Invalid policy version %d.", sh->conf->policyvers); + ERR(sh, "Unknown/Invalid policy version %d.", sh->conf->policyvers); goto cleanup; } if ((kernel_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_KERNEL)) == NULL) { goto cleanup; } if ((outfile = fopen(kernel_filename, "wb")) == NULL) { - semanage_write_error(sh, "Could not open kernel policy %s for writing.", kernel_filename); + ERR(sh, "Could not open kernel policy %s for writing.", kernel_filename); goto cleanup; } if (sepol_policy_file_create(&pf)) { - semanage_write_error(sh, "Out of memory!"); + ERR(sh, "Out of memory!"); goto cleanup; } sepol_policy_file_set_fp(pf, outfile); if (sepol_policydb_write(out, pf) == -1) { - semanage_write_error(sh, "Error while writing kernel policy to %s.", kernel_filename); + ERR(sh, "Error while writing kernel policy to %s.", kernel_filename); goto cleanup; } retval = 0; diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/include/sepol/debug.h new/libsepol/include/sepol/debug.h --- old/libsepol/include/sepol/debug.h 2005-07-18 10:28:43.000000000 -0400 +++ new/libsepol/include/sepol/debug.h 2005-10-13 06:14:48.000000000 -0400 @@ -1,9 +1,39 @@ #ifndef _SEPOL_DEBUG_H_ #define _SEPOL_DEBUG_H_ -extern void sepol_enable_debug( - void (*fn)(const char* fname, const char *fmt, ...)); +#include <sepol/handle.h> -extern void sepol_disable_debug(); +/* Deprecated */ +extern void sepol_debug(int on); +/* End deprecated */ -#endif /* _SEPOL_DEBUG_H_ */ +#define SEPOL_MSG_ERR 1 +#define SEPOL_MSG_WARN 2 +#define SEPOL_MSG_INFO 3 + +extern int sepol_msg_get_level( + sepol_handle_t* handle); + +extern const char* sepol_msg_get_channel( + sepol_handle_t* handle); + +extern const char* sepol_msg_get_fname( + sepol_handle_t* handle); + +/* Set the messaging callback. + * By the default, the callback will print + * the message on standard output, in a + * particular format. Passing NULL here + * indicates that messaging should be suppressed */ +extern void sepol_msg_set_callback( + sepol_handle_t* handle, +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))) +#endif + void (*msg_callback) ( + void* varg, + sepol_handle_t* handle, + const char* fmt, + ...), + void* msg_callback_arg); +#endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/include/sepol/handle.h new/libsepol/include/sepol/handle.h --- old/libsepol/include/sepol/handle.h 1969-12-31 19:00:00.000000000 -0500 +++ new/libsepol/include/sepol/handle.h 2005-10-11 03:41:51.000000000 -0400 @@ -0,0 +1,13 @@ +#ifndef _SEPOL_HANDLE_H_ +#define _SEPOL_HANDLE_H_ + +struct sepol_handle; +typedef struct sepol_handle sepol_handle_t; + +/* Create and return a sepol handle. */ +sepol_handle_t *sepol_handle_create(void); + +/* Destroy a sepol handle. */ +void sepol_handle_destroy(sepol_handle_t *); + +#endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/include/sepol/sepol.h new/libsepol/include/sepol/sepol.h --- old/libsepol/include/sepol/sepol.h 2005-09-14 11:44:44.000000000 -0400 +++ new/libsepol/include/sepol/sepol.h 2005-10-13 06:14:44.000000000 -0400 @@ -4,6 +4,21 @@ #include <stddef.h> #include <stdio.h> +#include <sepol/user_record.h> +#include <sepol/context_record.h> +#include <sepol/iface_record.h> +#include <sepol/port_record.h> +#include <sepol/boolean_record.h> + +#include <sepol/booleans.h> +#include <sepol/interfaces.h> +#include <sepol/ports.h> +#include <sepol/users.h> +#include <sepol/handle.h> +#include <sepol/debug.h> +#include <sepol/policydb.h> +#include <sepol/module.h> + /* Given an existing binary policy (starting at 'data', with length 'len') and a boolean configuration file named by 'boolpath', rewrite the binary policy for the boolean settings in the boolean configuration file. @@ -37,6 +52,4 @@ /* Check context validity against currently set binary policy. */ extern int sepol_check_context(char *context); -/* Turn on or off sepol error messages. */ -extern void sepol_debug(int on); #endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/src/context.c new/libsepol/src/context.c --- old/libsepol/src/context.c 2005-10-07 18:38:02.000000000 -0400 +++ new/libsepol/src/context.c 2005-10-13 05:56:52.000000000 -0400 @@ -191,14 +191,16 @@ /* Validity check */ if (!sepol_ctx_struct_is_valid(policydb, scontext)) { - if (mls) + if (mls) { DEBUG(__FUNCTION__, "invalid security context: %s:%s:%s:%s\n", user, role, type, mls); - else + } + else { DEBUG(__FUNCTION__, "invalid security context: %s:%s:%s\n", user, role, type); + } goto err_destroy; } diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/src/debug.c new/libsepol/src/debug.c --- old/libsepol/src/debug.c 2005-10-11 14:07:39.000000000 -0400 +++ new/libsepol/src/debug.c 2005-10-13 05:57:50.000000000 -0400 @@ -1,50 +1,85 @@ #include <stdarg.h> +#include <stdlib.h> #include <stdio.h> - -#include <sepol/sepol.h> -#include <sepol/debug.h> +#include "handle.h" #include "debug.h" -#ifdef __GNUC__ -__attribute__ ((format (printf, 2, 3))) -#endif -static void default_printf( - const char* fname, - const char *fmt, ...) { +/* Deprecated */ +struct sepol_handle sepol_compat_handle = { + .msg_callback = sepol_msg_default_handler, + .msg_callback_arg = NULL, +}; - va_list ap; - va_start(ap, fmt); - fprintf(stderr, "libsepol.%s: ", fname); - vfprintf (stderr, fmt, ap); - va_end(ap); +void sepol_debug(int on) { + sepol_compat_handle.msg_callback = (on)? + sepol_msg_default_handler : NULL; +} + +/* End deprecated */ + +int sepol_msg_get_level(sepol_handle_t* handle) { + return handle->msg_level; +} + +const char* sepol_msg_get_channel(sepol_handle_t* handle) { + return handle->msg_channel; +} + +const char* sepol_msg_get_fname(sepol_handle_t* handle) { + return handle->msg_fname; } #ifdef __GNUC__ -__attribute__ ((format (printf, 2, 3))) +__attribute__ ((format (printf, 3, 4))) #endif -static void suppress_printf( - const char* unused1, - const char* unused2, ...) { - unused1 = NULL; - unused2 = NULL; -} +void sepol_msg_default_handler( + void* varg, + sepol_handle_t* handle, + const char* fmt, + ...) { + + FILE* stream = NULL; + + switch(sepol_msg_get_level(handle)) { + + case SEPOL_MSG_ERR: + case SEPOL_MSG_WARN: + stream = stderr; + break; + case SEPOL_MSG_INFO: + default: + stream = stdout; + break; + } + + fprintf(stream, "%s.%s: ", + sepol_msg_get_channel(handle), + sepol_msg_get_fname(handle)); -void (*DEBUG) (const char* fname, const char* fmt, ...) = default_printf; + va_list ap; + va_start(ap,fmt); + vfprintf(stream, fmt, ap); + va_end(ap); -/* Compatibility */ -void sepol_debug(int on) { - sepol_debug_compat(on); -}; + /* FIXME: print newline here, when DEBUG + * calls are no longer using this handler */ + /* fprintf(stream, "\n"); */ -void sepol_debug_compat(int on) { - DEBUG = (on)? default_printf : suppress_printf; + varg = NULL; } -void sepol_enable_debug( - void (*fn)(const char* fname, const char *fmt, ...)) { - DEBUG = (fn)? fn: default_printf; -} +extern void sepol_msg_set_callback( + sepol_handle_t* handle, +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))) +#endif + void (*msg_callback) ( + void* varg, + sepol_handle_t* handle, + const char* fmt, + ...), + void* msg_callback_arg) { -void sepol_disable_debug() { - DEBUG = suppress_printf; + handle->msg_callback = msg_callback; + handle->msg_callback_arg = msg_callback_arg; } diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/src/debug.h new/libsepol/src/debug.h --- old/libsepol/src/debug.h 2005-07-18 10:28:43.000000000 -0400 +++ new/libsepol/src/debug.h 2005-10-13 05:54:58.000000000 -0400 @@ -1,17 +1,55 @@ #ifndef _SEPOL_INTERNAL_DEBUG_H_ #define _SEPOL_INTERNAL_DEBUG_H_ +#include <stdio.h> +#include <sepol/debug.h> +#include "handle.h" + #define STATUS_SUCCESS 0 #define STATUS_ERR -1 #define STATUS_NODATA 1 -extern void sepol_debug_compat(int on); +#define msg_write(handle_arg, level_arg, \ + channel_arg, func_arg, ...) { \ + \ + if (handle_arg->msg_callback) { \ + handle_arg->msg_fname = func_arg; \ + handle_arg->msg_channel = channel_arg; \ + handle_arg->msg_level = level_arg; \ + \ + handle_arg->msg_callback( \ + handle_arg->msg_callback_arg, \ + handle_arg, __VA_ARGS__); \ + } \ +} + +#define ERR(handle, ...) \ + msg_write(handle, SEPOL_MSG_ERR, "libsepol", \ + __FUNCTION__, __VA_ARGS__) + +#define INFO(handle, ...) \ + msg_write(handle, SEPOL_MSG_INFO, "libsepol", \ + __FUNCTION__, __VA_ARGS__) + +#define WARN(handle, ...) \ + msg_write(handle, SEPOL_MSG_WARN, "libsepol", \ + __FUNCTION__, __VA_ARGS__) #ifdef __GNUC__ -__attribute__ ((format (printf, 2, 3))) +__attribute__ ((format (printf, 3, 4))) #endif -extern void (*DEBUG) ( - const char* fname, - const char* fmt, ...); +extern void sepol_msg_default_handler( + void* varg, + sepol_handle_t* msg, + const char* fmt, + ...); + +/* Deprecated */ +extern struct sepol_handle sepol_compat_handle; + +#define DEBUG(fname, ...) \ + msg_write((&sepol_compat_handle), SEPOL_MSG_ERR, "libsepol", \ + fname, __VA_ARGS__) +/* End deprecated */ -#endif /* _SEPOL_INTERNAL_DEBUG_H_ */ +#endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/src/handle.c new/libsepol/src/handle.c --- old/libsepol/src/handle.c 1969-12-31 19:00:00.000000000 -0500 +++ new/libsepol/src/handle.c 2005-10-12 03:42:42.000000000 -0400 @@ -0,0 +1,21 @@ +#include <stdlib.h> +#include "handle.h" +#include "debug.h" + +sepol_handle_t *sepol_handle_create(void) { + + sepol_handle_t *sh = malloc(sizeof(sepol_handle_t)); + if (sh == NULL) + return NULL; + + /* Set callback */ + sh->msg_callback = sepol_msg_default_handler; + sh->msg_callback_arg = NULL; + + return sh; +} + +void sepol_handle_destroy(sepol_handle_t *sh) { + free(sh); +} + diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/src/handle.h new/libsepol/src/handle.h --- old/libsepol/src/handle.h 1969-12-31 19:00:00.000000000 -0500 +++ new/libsepol/src/handle.h 2005-10-13 05:57:29.000000000 -0400 @@ -0,0 +1,22 @@ +#ifndef _SEPOL_INTERNAL_HANDLE_H_ +#define _SEPOL_INTERNAL_HANDLE_H_ + +#include <sepol/handle.h> + +struct sepol_handle { + /* Error handling */ + int msg_level; + const char* msg_channel; + const char* msg_fname; +#ifdef __GNUC__ + __attribute__ ((format (printf, 3, 4))) +#endif + void (*msg_callback) ( + void* varg, + sepol_handle_t* handle, + const char* fmt, + ...); + void* msg_callback_arg; +}; + +#endif diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/src/libsepol.map new/libsepol/src/libsepol.map --- old/libsepol/src/libsepol.map 2005-10-13 06:11:47.000000000 -0400 +++ new/libsepol/src/libsepol.map 2005-10-13 06:12:12.000000000 -0400 @@ -14,8 +14,9 @@ sepol_module_package_read; sepol_module_package_info; sepol_module_package_write; sepol_module_package_create_file; sepol_link_modules; sepol_expand_module; - sepol_bool*; sepol_context*; sepol_enable_debug; sepol_disable_debug; + sepol_bool*; sepol_context*; sepol_iface*; sepol_port*; sepol_user*; sepol_clear_unused_users; sepol_role_is_valid; sepol_set_delusers; + sepol_msg_*; sepol_handle_*; local: *; }; ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ SEPOL ] [ SEMANAGE ] Debug v3, some database things 2005-10-13 10:36 ` [ SEPOL ] [ SEMANAGE ] Debug v3, some database things Ivan Gyurdiev @ 2005-10-13 10:56 ` Ivan Gyurdiev 2005-10-13 12:34 ` Stephen Smalley 2005-10-13 17:11 ` Stephen Smalley 1 sibling, 1 reply; 10+ messages in thread From: Ivan Gyurdiev @ 2005-10-13 10:56 UTC (permalink / raw) To: Ivan Gyurdiev; +Cc: Stephen Smalley, selinux Bugfix: Can you please add ( ) around every dereference of handle_arg in msg_write (for both semanage and sepol) I can send a followup patch if you prefer. Macros are evil... Warning: The following code is no longer valid - this is now a syntax error. if (blah) DEBUG(a); else .. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ SEPOL ] [ SEMANAGE ] Debug v3, some database things 2005-10-13 10:56 ` Ivan Gyurdiev @ 2005-10-13 12:34 ` Stephen Smalley 2005-10-13 14:12 ` Ivan Gyurdiev 0 siblings, 1 reply; 10+ messages in thread From: Stephen Smalley @ 2005-10-13 12:34 UTC (permalink / raw) To: Ivan Gyurdiev; +Cc: selinux On Thu, 2005-10-13 at 06:56 -0400, Ivan Gyurdiev wrote: > Bugfix: > Can you please add ( ) around every dereference of handle_arg in > msg_write (for both semanage and sepol) > I can send a followup patch if you prefer. Macros are evil... > > Warning: > The following code is no longer valid - this is now a syntax error. > if (blah) DEBUG(a); else .. Wrap the definition with do { } while (0) and you'll be fine. That's a widely used trick in the kernel. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ SEPOL ] [ SEMANAGE ] Debug v3, some database things 2005-10-13 12:34 ` Stephen Smalley @ 2005-10-13 14:12 ` Ivan Gyurdiev 0 siblings, 0 replies; 10+ messages in thread From: Ivan Gyurdiev @ 2005-10-13 14:12 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux [-- Attachment #1: Type: text/plain, Size: 191 bytes --] > Wrap the definition with > do { > > } while (0) > > and you'll be fine. > > That's a widely used trick in the kernel. > Allright, attached fix patch applies on top of the other one. [-- Attachment #2: resync.fix.diff --] [-- Type: text/x-patch, Size: 3847 bytes --] diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/database_direct.c new/libsemanage/src/database_direct.c --- old/libsemanage/src/database_direct.c 2005-10-13 10:05:46.000000000 -0400 +++ new/libsemanage/src/database_direct.c 2005-10-13 10:08:32.000000000 -0400 @@ -263,6 +263,7 @@ dbase_direct_t* dbase) { dbase->attached = 0; + handle = NULL; } static int dbase_direct_add ( diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsemanage/src/debug.h new/libsemanage/src/debug.h --- old/libsemanage/src/debug.h 2005-10-13 10:05:46.000000000 -0400 +++ new/libsemanage/src/debug.h 2005-10-13 10:08:07.000000000 -0400 @@ -32,18 +32,18 @@ #define STATUS_NODATA 1 #define msg_write(handle_arg, level_arg, \ - channel_arg, func_arg, ...) { \ + channel_arg, func_arg, ...) do { \ + \ + if ((handle_arg)->msg_callback) { \ + (handle_arg)->msg_fname = func_arg; \ + (handle_arg)->msg_channel = channel_arg; \ + (handle_arg)->msg_level = level_arg; \ \ - if (handle_arg->msg_callback) { \ - handle_arg->msg_fname = func_arg; \ - handle_arg->msg_channel = channel_arg; \ - handle_arg->msg_level = level_arg; \ - \ - handle_arg->msg_callback( \ - handle_arg->msg_callback_arg, \ + (handle_arg)->msg_callback( \ + (handle_arg)->msg_callback_arg, \ handle_arg, __VA_ARGS__); \ } \ -} +} while(0) #define ERR(handle, ...) \ msg_write(handle, SEMANAGE_MSG_ERR, "libsemanage", \ diff -Naur --exclude CVS --exclude VERSION --exclude ChangeLog old/libsepol/src/debug.h new/libsepol/src/debug.h --- old/libsepol/src/debug.h 2005-10-13 10:05:46.000000000 -0400 +++ new/libsepol/src/debug.h 2005-10-13 10:09:55.000000000 -0400 @@ -10,18 +10,18 @@ #define STATUS_NODATA 1 #define msg_write(handle_arg, level_arg, \ - channel_arg, func_arg, ...) { \ + channel_arg, func_arg, ...) do { \ \ - if (handle_arg->msg_callback) { \ - handle_arg->msg_fname = func_arg; \ - handle_arg->msg_channel = channel_arg; \ - handle_arg->msg_level = level_arg; \ + if ((handle_arg)->msg_callback) { \ + (handle_arg)->msg_fname = func_arg; \ + (handle_arg)->msg_channel = channel_arg; \ + (handle_arg)->msg_level = level_arg; \ \ - handle_arg->msg_callback( \ - handle_arg->msg_callback_arg, \ + (handle_arg)->msg_callback( \ + (handle_arg)->msg_callback_arg, \ handle_arg, __VA_ARGS__); \ } \ -} +} while(0) #define ERR(handle, ...) \ msg_write(handle, SEPOL_MSG_ERR, "libsepol", \ @@ -48,7 +48,7 @@ extern struct sepol_handle sepol_compat_handle; #define DEBUG(fname, ...) \ - msg_write((&sepol_compat_handle), SEPOL_MSG_ERR, "libsepol", \ + msg_write(&sepol_compat_handle, SEPOL_MSG_ERR, "libsepol", \ fname, __VA_ARGS__) /* End deprecated */ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ SEPOL ] [ SEMANAGE ] Debug v3, some database things 2005-10-13 10:36 ` [ SEPOL ] [ SEMANAGE ] Debug v3, some database things Ivan Gyurdiev 2005-10-13 10:56 ` Ivan Gyurdiev @ 2005-10-13 17:11 ` Stephen Smalley 1 sibling, 0 replies; 10+ messages in thread From: Stephen Smalley @ 2005-10-13 17:11 UTC (permalink / raw) To: Ivan Gyurdiev; +Cc: selinux On Thu, 2005-10-13 at 06:36 -0400, Ivan Gyurdiev wrote: > ...resending patch again... Ok, merged along with fix patch and corresponding update to policycoreutils (semodule) for the removal of semanage_strerror. I left the remaining portion of the meta note comment in handle.h intact, only pruning the part about strerror. There were two rejects against the current tree, but I merged by hand. Merged as of libsepol 1.9.16, libsemanage 1.3.12, policycoreutils 1.27.8. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2005-10-13 17:11 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-10-12 8:13 [ RESEND ] [ SEMANAGE ] Debugging system Ivan Gyurdiev 2005-10-12 15:52 ` Stephen Smalley 2005-10-12 16:11 ` Ivan Gyurdiev 2005-10-12 16:04 ` Stephen Smalley 2005-10-12 16:43 ` Ivan Gyurdiev 2005-10-13 10:36 ` [ SEPOL ] [ SEMANAGE ] Debug v3, some database things Ivan Gyurdiev 2005-10-13 10:56 ` Ivan Gyurdiev 2005-10-13 12:34 ` Stephen Smalley 2005-10-13 14:12 ` Ivan Gyurdiev 2005-10-13 17:11 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.