From: James Carter <jwcart2@tycho.nsa.gov>
To: Thomas Hurd <toml.hurd@gmail.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: [PATCH 1/2 v2] policycoreutils/hll/pp: Warn if module name different than output filename
Date: Thu, 7 Apr 2016 14:04:29 -0400 [thread overview]
Message-ID: <5706A12D.3080105@tycho.nsa.gov> (raw)
In-Reply-To: <CAHut7+0yD-cGAEMAkYMuiHqG4wT0-EX5b9iJzEWnSnAasyDPzw@mail.gmail.com>
On 04/07/2016 12:41 PM, Thomas Hurd wrote:
> On Thu, Apr 7, 2016 at 11:06 AM, James Carter <jwcart2@tycho.nsa.gov> wrote:
>>
>> Since CIL treats files as modules and does not have a separate
>> module statement it can cause confusion when a Refpolicy module
>> has a name that is not the same as its base filename because older
>> SELinux userspaces will refer to the module by its module name while
>> a CIL-based userspace will refer to it by its filename.
>>
>> Because of this, provide a warning message when converting a policy
>> package to CIL and the output filename is different than the module
>> name.
>>
>> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
>> ---
>> policycoreutils/hll/pp/pp.c | 28 ++++++++++++++++++++++++----
>> 1 file changed, 24 insertions(+), 4 deletions(-)
>>
>> diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c
>> index 866734f..8621b50 100644
>> --- a/policycoreutils/hll/pp/pp.c
>> +++ b/policycoreutils/hll/pp/pp.c
>> @@ -28,6 +28,7 @@
>>
>> #include <sepol/module.h>
>> #include <sepol/module_to_cil.h>
>> +#include <sepol/policydb/module.h>
>>
>> char *progname;
>>
>> @@ -68,6 +69,8 @@ int main(int argc, char **argv)
>> { NULL, 0, NULL, 0 }
>> };
>> struct sepol_module_package *mod_pkg = NULL;
>> + char *ifile = NULL;
>> + char *ofile = NULL;
>> FILE *in = NULL;
>> FILE *out = NULL;
>> int outfd = -1;
>> @@ -89,20 +92,23 @@ int main(int argc, char **argv)
>> }
>>
>> if (argc >= optind + 1 && strcmp(argv[1], "-") != 0) {
>> - in = fopen(argv[1], "rb");
>> + ifile = argv[1];
>> + in = fopen(ifile, "rb");
>> if (in == NULL) {
>> - log_err("Failed to open %s: %s", argv[1], strerror(errno));
>> + log_err("Failed to open %s: %s", ifile, strerror(errno));
>> rc = -1;
>> goto exit;
>> }
>> } else {
>> + ifile = "stdin";
>> in = stdin;
>> }
>>
>> if (argc >= optind + 2 && strcmp(argv[2], "-") != 0) {
>> - out = fopen(argv[2], "w");
>> + ofile = argv[2];
>> + out = fopen(ofile, "w");
>> if (out == NULL) {
>> - log_err("Failed to open %s: %s", argv[2], strerror(errno));
>> + log_err("Failed to open %s: %s", ofile, strerror(errno));
>> rc = -1;
>> goto exit;
>> }
>> @@ -122,6 +128,20 @@ int main(int argc, char **argv)
>> fclose(in);
>> in = NULL;
>>
>> + if (ofile) {
>> + char *mod_name = mod_pkg->policy->p.name;
>> + char *cil_path = strdup(ofile);
>
> Check if strdup fails here and also in the checkmodule patch?
Yes, I do need to do that. Thanks.
Jim
>
>> + char *cil_name = basename(cil_path);
>> + char *separator = strrchr(cil_name, '.');
>> + if (separator) {
>> + *separator = '\0';
>> + }
>> + if (strcmp(mod_name, cil_name) != 0) {
>> + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, cil_name, mod_name);
>> + }
>> + free(cil_path);
>> + }
>> +
>> rc = sepol_module_package_to_cil(out, mod_pkg);
>> if (rc != 0) {
>> goto exit;
>> --
>> 2.5.5
>>
>> _______________________________________________
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
next prev parent reply other threads:[~2016-04-07 18:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-07 15:06 [PATCH 0/2 v2] Warn if module name different than output filename James Carter
2016-04-07 15:06 ` [PATCH 1/2 v2] policycoreutils/hll/pp: " James Carter
2016-04-07 16:41 ` Thomas Hurd
2016-04-07 18:04 ` James Carter [this message]
2016-04-07 15:06 ` [PATCH 2/2 v2] checkpolicy: " James Carter
2016-04-07 15:28 ` Daniel J Walsh
2016-04-07 19:34 ` James Carter
2016-04-07 19:45 ` Daniel J Walsh
2016-04-08 8:25 ` [PATCH 0/2 v2] " Petr Lautrbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5706A12D.3080105@tycho.nsa.gov \
--to=jwcart2@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=toml.hurd@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.