[PATCH 02/92] checkpolicy: dispol: print role transition rules

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Tue, 02 Aug 2011 11:20:47 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk44Fc4ACgkQrlYvE4MpobPJuwCeJ73IYSpqFiw+Q56390PY0Eyg
lqEAoJfP/Ubndc8m77dHOsWh8M3WfKak
=cLh3
-----END PGP SIGNATURE-----
>From a747d74b45570ef01217ba8936c6e019043748c7 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Wed, 20 Apr 2011 15:52:53 -0400
Subject: [PATCH 02/92] checkpolicy: dispol: print role transition rules

There was no way to print all of the role transition rules in dispol.
Add that support.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 checkpolicy/test/dispol.c |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
index 4153191..fdf2d92 100644
--- a/checkpolicy/test/dispol.c
+++ b/checkpolicy/test/dispol.c
@@ -341,6 +341,20 @@ static void display_permissive(policydb_t *p, FILE *fp)
 	}
 }
 
+static void display_role_trans(policydb_t *p, FILE *fp)
+{
+	role_trans_t *rt;
+
+	fprintf(fp, "role_trans rules:\n");
+	for (rt = p->role_tr; rt; rt = rt->next) {
+		display_id(p, fp, SYM_ROLES, rt->role - 1, "");
+		display_id(p, fp, SYM_TYPES, rt->type - 1, "");
+		display_id(p, fp, SYM_CLASSES, rt->tclass - 1, ":");
+		display_id(p, fp, SYM_ROLES, rt->new_role - 1, "");
+		fprintf(fp, "\n");
+	}
+}
+
 static void display_filename_trans(policydb_t *p, FILE *fp)
 {
 	filename_trans_t *ft;
@@ -365,6 +379,7 @@ int menu()
 	printf("5)  display conditional bools\n");
 	printf("6)  display conditional expressions\n");
 	printf("7)  change a boolean value\n");
+	printf("8)  display role transitions\n");
 	printf("\n");
 	printf("c)  display policy capabilities\n");
 	printf("p)  display the list of permissive types\n");
@@ -483,6 +498,9 @@ int main(int argc, char **argv)
 			change_bool(name, state, &policydb, out_fp);
 			free(name);
 			break;
+		case '8':
+			display_role_trans(&policydb, out_fp);
+			break;
 		case 'c':
 			display_policycaps(&policydb, out_fp);
 			break;
-- 
1.7.6

Attachment:
0002-checkpolicy-dispol-print-role-transition-rules.patch.sig

Description: PGP signature




