Instead of referencing sys.argv everywhere, use named variables to make the code easier to understand. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- scripts/selinux-compile-policy.py | 57 +++++++++++++++++-------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-policy.py index 3890b4e55a..4550f3e7cb 100755 --- a/scripts/selinux-compile-policy.py +++ b/scripts/selinux-compile-policy.py @@ -31,20 +31,27 @@ if len(sys.argv) != 10: .format(sys.argv[0]), file=sys.stderr) exit(os.EX_USAGE) -module_name = os.path.splitext(os.path.basename(sys.argv[1]))[0] +policy_te = sys.argv[1] +policy_if = sys.argv[2] +policy_fc = sys.argv[3] +policy_mod = sys.argv[4] +tmpdir = sys.argv[5] +policy_type = sys.argv[6] +checkmod_path = sys.argv[7] +semod_path = sys.argv[8] +policy_includes = sys.argv[9] + +module_name = os.path.splitext(os.path.basename(policy_te))[0] m4param = ["-D", "distro_redhat", "-D", "hide_broken_symptoms", "-D", "mls_num_sens=16", "-D", "mls_num_cats=1024", "-D", "mcs_num_cats=1024"] -if sys.argv[6] == "mls": +if policy_type == "mls": m4param = ["-D", "enable_mls"] + m4param else: m4param = ["-D", "enable_mcs"] + m4param -checkmod_path = sys.argv[7] -semod_path = sys.argv[8] -policy_includes = sys.argv[9] m4support = sorted(glob.glob("{}/support/*.spt".format(policy_includes))) header_layers = glob.glob("{}/*/".format(policy_includes)) @@ -58,7 +65,7 @@ header_interfaces.sort() # prepare temp folder try: - os.makedirs(sys.argv[5]) + os.makedirs(tmpdir) except Exception: pass @@ -67,25 +74,25 @@ tmpfiles = ["{}.{}".format(module_name, ext) for ext in ["mod", "mod.fc", "tmp"]] for name in ["iferror.m4", "all_interfaces.conf"] + tmpfiles: try: - os.remove(os.path.join(sys.argv[5], name)) + os.remove(os.path.join(tmpdir, name)) except Exception: pass # tmp/all_interfaces.conf # echo "ifdef(\`__if_error',\`m4exit(1)')" > $5/iferror.m4 -with open(os.path.join(sys.argv[5], "iferror.m4"), "w") as file: +with open(os.path.join(tmpdir, "iferror.m4"), "w") as file: file.write("ifdef(`__if_error',`m4exit(1)')\n") # echo "divert(-1)" > $5/all_interfaces.conf -with open(os.path.join(sys.argv[5], "all_interfaces.conf"), "w") as int_file: +with open(os.path.join(tmpdir, "all_interfaces.conf"), "w") as int_file: int_file.write("divert(-1)\n") # m4 $M4SUPPORT $HEADER_INTERFACES $2 $5/iferror.m4 # | sed -e s/dollarsstar/\$\$\*/g >> $5/all_interfaces.conf m4_run = subprocess.run(r"m4 {} | sed -e s/dollarsstar/\$\$\*/g >> {}".format( - " ".join([*m4support, *header_interfaces, sys.argv[2], - os.path.join(sys.argv[5], "iferror.m4")]), - os.path.join(sys.argv[5], "all_interfaces.conf")), + " ".join([*m4support, *header_interfaces, policy_if, + os.path.join(tmpdir, "iferror.m4")]), + os.path.join(tmpdir, "all_interfaces.conf")), shell=True, check=True, stderr=subprocess.PIPE, universal_newlines=True) @@ -98,40 +105,40 @@ for line in m4_run.stderr.split('\n'): print(line, file=sys.stderr) # doesn't work properly without "shell=True" -# m4_process = Popen(["m4", *m4support, *header_interfaces, sys.argv[2], -# os.path.join(sys.argv[5], "iferror.m4")], +# m4_process = Popen(["m4", *m4support, *header_interfaces, policy_if, +# os.path.join(tmpdir, "iferror.m4")], # stdout=PIPE, stderr=PIPE) # sed_process = Popen(["sed", "-e", "s/dollarsstar/\$\$\*/g"], # stdin=m4_process.stdout, stdout=int_file) # outs, errs = m4_process.communicate() # echo "divert" >> $5/all_interfaces.conf -with open(os.path.join(sys.argv[5], "all_interfaces.conf"), "a") as file: +with open(os.path.join(tmpdir, "all_interfaces.conf"), "a") as file: file.write("divert\n") # tmp/%.mod # m4 $M4PARAM -s $M4SUPPORT $5/all_interfaces.conf $1 > $5/$MODULE_NAME.tmp -with open(os.path.join(sys.argv[5], "{}.tmp".format(module_name)), +with open(os.path.join(tmpdir, "{}.tmp".format(module_name)), "w") as tmp_file: subprocess.run(["m4", *m4param, "-s", *m4support, - os.path.join(sys.argv[5], "all_interfaces.conf"), - sys.argv[1]], stdout=tmp_file, check=True) + os.path.join(tmpdir, "all_interfaces.conf"), + policy_te], stdout=tmp_file, check=True) # checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod subprocess.run([checkmod_path, "-M", "-m", - os.path.join(sys.argv[5], "{}.tmp".format(module_name)), + os.path.join(tmpdir, "{}.tmp".format(module_name)), "-o", - os.path.join(sys.argv[5], "{}.mod".format(module_name))], + os.path.join(tmpdir, "{}.mod".format(module_name))], check=True) # tmp/%.mod.fc # m4 $M4PARAM $M4SUPPORT $3 > $5/$MODULE_NAME.mod.fc -with open(os.path.join(sys.argv[5], +with open(os.path.join(tmpdir, "{}.mod.fc".format(module_name)), "w") as mod_fc_file: - subprocess.run(["m4", *m4param, *m4support, sys.argv[3]], + subprocess.run(["m4", *m4param, *m4support, policy_fc], stdout=mod_fc_file, check=True) # %.pp @@ -139,9 +146,9 @@ with open(os.path.join(sys.argv[5], # -f $5/$MODULE_NAME.mod.fc subprocess.run([semod_path, "-o", - sys.argv[4], + policy_mod, "-m", - os.path.join(sys.argv[5], "{}.mod".format(module_name)), + os.path.join(tmpdir, "{}.mod".format(module_name)), "-f", - os.path.join(sys.argv[5], "{}.mod.fc".format(module_name))], + os.path.join(tmpdir, "{}.mod.fc".format(module_name))], check=True) -- 2.31.1