* Recovering .te and .fc files from modules @ 2006-11-29 20:38 Karl MacMillan 2006-11-29 21:05 ` Stephen Smalley 0 siblings, 1 reply; 4+ messages in thread From: Karl MacMillan @ 2006-11-29 20:38 UTC (permalink / raw) To: SELinux Mail List We've been getting requests for a tool to extract the .te and .fc files from modules. Red Hat bugzilla for this at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217761. I think this is a good idea and the dismod tool (located in checkpolicy/test in the sources) is a good start at this. I'm mentioning it here in case anyone has time or interest in creating this tool. Thanks, Karl -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Recovering .te and .fc files from modules 2006-11-29 20:38 Recovering .te and .fc files from modules Karl MacMillan @ 2006-11-29 21:05 ` Stephen Smalley 2006-11-29 21:33 ` Karl MacMillan 0 siblings, 1 reply; 4+ messages in thread From: Stephen Smalley @ 2006-11-29 21:05 UTC (permalink / raw) To: Karl MacMillan; +Cc: SELinux Mail List On Wed, 2006-11-29 at 15:38 -0500, Karl MacMillan wrote: > We've been getting requests for a tool to extract the .te and .fc files > from modules. Red Hat bugzilla for this at > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217761. > > I think this is a good idea and the dismod tool (located in > checkpolicy/test in the sources) is a good start at this. I'm mentioning > it here in case anyone has time or interest in creating this tool. You might want to separate the disassembling of a binary module to source policy from unpackaging a policy package, e.g. a semodule_unpackage utility could easily write out the individual components (binary module, file contexts, netfilter contexts), and then a nicer version of dismod could disassemble the binary module to textual representation. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Recovering .te and .fc files from modules 2006-11-29 21:05 ` Stephen Smalley @ 2006-11-29 21:33 ` Karl MacMillan 2006-11-30 13:51 ` Stephen Smalley 0 siblings, 1 reply; 4+ messages in thread From: Karl MacMillan @ 2006-11-29 21:33 UTC (permalink / raw) To: Stephen Smalley; +Cc: SELinux Mail List Stephen Smalley wrote: > On Wed, 2006-11-29 at 15:38 -0500, Karl MacMillan wrote: >> We've been getting requests for a tool to extract the .te and .fc files >> from modules. Red Hat bugzilla for this at >> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217761. >> >> I think this is a good idea and the dismod tool (located in >> checkpolicy/test in the sources) is a good start at this. I'm mentioning >> it here in case anyone has time or interest in creating this tool. > > You might want to separate the disassembling of a binary module to > source policy from unpackaging a policy package, e.g. a > semodule_unpackage utility could easily write out the individual > components (binary module, file contexts, netfilter contexts), and then > a nicer version of dismod could disassemble the binary module to textual > representation. > Good point - added a note to the bugzilla. Karl -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Recovering .te and .fc files from modules 2006-11-29 21:33 ` Karl MacMillan @ 2006-11-30 13:51 ` Stephen Smalley 0 siblings, 0 replies; 4+ messages in thread From: Stephen Smalley @ 2006-11-30 13:51 UTC (permalink / raw) To: Karl MacMillan; +Cc: SELinux Mail List [-- Attachment #1: Type: text/plain, Size: 1315 bytes --] On Wed, 2006-11-29 at 16:33 -0500, Karl MacMillan wrote: > Stephen Smalley wrote: > > On Wed, 2006-11-29 at 15:38 -0500, Karl MacMillan wrote: > >> We've been getting requests for a tool to extract the .te and .fc files > >> from modules. Red Hat bugzilla for this at > >> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217761. > >> > >> I think this is a good idea and the dismod tool (located in > >> checkpolicy/test in the sources) is a good start at this. I'm mentioning > >> it here in case anyone has time or interest in creating this tool. > > > > You might want to separate the disassembling of a binary module to > > source policy from unpackaging a policy package, e.g. a > > semodule_unpackage utility could easily write out the individual > > components (binary module, file contexts, netfilter contexts), and then > > a nicer version of dismod could disassemble the binary module to textual > > representation. > > > > Good point - added a note to the bugzilla. Here is a trivial starting point for semodule_unpackage that I created from semodule_package a long time ago when I needed to extract a .mod file from a .pp file. I also attached it to the bugzilla. It only extracts the .mod file right now, not the rest of the .pp contents. -- Stephen Smalley National Security Agency [-- Attachment #2: semodule_unpackage.c --] [-- Type: text/x-csrc, Size: 2039 bytes --] /* Authors: Karl MacMillan <kmacmillan@tresys.com> * * Copyright (C) 2004 Tresys Technology, LLC * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. */ #include <sepol/module.h> #include <getopt.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/mman.h> #include <fcntl.h> #include <errno.h> char *progname = NULL; extern char *optarg; static void usage(char *progname) { printf("usage: %s ppfile modfile\n", progname); exit(1); } static int file_to_policy_file(char *filename, struct sepol_policy_file **pf, char *mode) { FILE *f; if (sepol_policy_file_create(pf)) { fprintf(stderr, "%s: Out of memory\n", progname); return -1; } f = fopen(filename, mode); if (!f) { fprintf(stderr, "%s: Could not open file %s: %s\n", progname, strerror(errno), filename); return -1; } sepol_policy_file_set_fp(*pf, f); return 0; } int main(int argc, char **argv) { struct sepol_module_package *pkg; struct sepol_policy_file *in, *out; progname = argv[0]; if (argc != 3) { usage(argv[0]); exit(1); } if (file_to_policy_file(argv[1], &in, "r")) exit(1); if (sepol_module_package_create(&pkg)) { fprintf(stderr, "%s: Out of memory\n", argv[0]); exit(1); } if (sepol_module_package_read(pkg, in, 0) == -1) { fprintf(stderr, "%s: Error while reading policy module from %s\n", argv[0], argv[1]); exit(1); } if (file_to_policy_file(argv[2], &out, "w")) exit(1); if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) { fprintf(stderr, "%s: Error while writing module to %s\n", argv[0], argv[2]); exit(1); } sepol_policy_file_free(in); sepol_policy_file_free(out); sepol_module_package_free(pkg); exit(0); } ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-11-30 13:51 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-11-29 20:38 Recovering .te and .fc files from modules Karl MacMillan 2006-11-29 21:05 ` Stephen Smalley 2006-11-29 21:33 ` Karl MacMillan 2006-11-30 13:51 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.