On 03/26/2015 03:30 PM, Yuli Khodorkovskiy wrote:
> Since the secilc compiler is independent of libsepol, move secilc out of
> libsepol. Linke secilc dynamically rather than statically with libsepol.
>
> - Move secilc source, test policies, docs, and secilc manpage to secilc
> directory.
> - Remove unneeded Makefile from libsepol/cil. To build secilc, run make
> in the secilc directory.
> - Add target to install the secilc binary to /usr/bin/.
> - Create an Android makefile for secilc and move secilc out of libsepol
> Android makefile.
> - Add cil_set_mls to libsepol public API as it is needed by secilc.
> - Remove policy.conf from testing since it is no longer used.
>
> Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
No longer builds with make DESTDIR=~/obj install:
cc -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute
-Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
-I/home/sds/obj/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -o
secilc secilc.o -lsepol
secilc.o: In function `main':
secilc.c:(.text+0x564): undefined reference to `cil_set_log_level'
secilc.c:(.text+0x573): undefined reference to `cil_db_init'
secilc.c:(.text+0x587): undefined reference to `cil_set_disable_dontaudit'
secilc.c:(.text+0x59b): undefined reference to `cil_set_disable_neverallow'
secilc.c:(.text+0x5af): undefined reference to `cil_set_preserve_tunables'
secilc.c:(.text+0x5c9): undefined reference to `cil_set_handle_unknown'
secilc.c:(.text+0x5eb): undefined reference to `cil_set_mls'
secilc.c:(.text+0x5ff): undefined reference to `cil_set_target_platform'
secilc.c:(.text+0x613): undefined reference to `cil_set_policy_version'
secilc.c:(.text+0x7b8): undefined reference to `cil_add_file'
secilc.c:(.text+0x82f): undefined reference to `cil_compile'
secilc.c:(.text+0x86f): undefined reference to `cil_build_policydb'
secilc.c:(.text+0xa5f): undefined reference to `cil_filecons_to_string'
secilc.c:(.text+0xba2): undefined reference to `cil_db_destroy'
collect2: error: ld returned 1 exit status
make[1]: *** [secilc] Error 1
make[1]: Leaving directory `/home/sds/selinux/secilc'
> ---
> Makefile | 2 +-
> libsepol/Android.mk | 15 ---
> libsepol/cil/Makefile | 102 ---------------
> libsepol/cil/test/policy.conf | 143 ---------------------
> libsepol/src/libsepol.map.in | 1 +
> secilc/.gitignore | 6 +
> secilc/Android.mk | 31 +++++
> {libsepol/cil => secilc}/COPYING | 0
> secilc/Makefile | 47 +++++++
> {libsepol/cil => secilc}/README | 26 ++--
> .../cil => secilc}/docs/CIL_Reference_Guide.xml | 0
> {libsepol/cil => secilc}/docs/Makefile | 17 +--
> .../docs/cil_access_vector_rules.xml | 0
> .../docs/cil_call_macro_statements.xml | 0
> .../docs/cil_class_and_permission_statements.xml | 0
> .../docs/cil_conditional_statements.xml | 0
> .../docs/cil_constraint_statements.xml | 0
> .../docs/cil_container_statements.xml | 0
> .../cil => secilc}/docs/cil_context_statement.xml | 0
> .../docs/cil_default_object_statements.xml | 0
> {libsepol/cil => secilc}/docs/cil_design.dia | Bin
> {libsepol/cil => secilc}/docs/cil_design.jpeg | Bin
> .../docs/cil_file_labeling_statements.xml | 0
> .../docs/cil_mls_labeling_statements.xml | 0
> .../docs/cil_network_labeling_statements.xml | 0
> .../docs/cil_policy_config_statements.xml | 0
> .../cil => secilc}/docs/cil_role_statements.xml | 0
> .../cil => secilc}/docs/cil_sid_statements.xml | 0
> .../cil => secilc}/docs/cil_type_statements.xml | 0
> .../cil => secilc}/docs/cil_user_statements.xml | 0
> .../cil => secilc}/docs/cil_xen_statements.xml | 0
> {libsepol/cil/docs => secilc}/secilc.8.xml | 0
> {libsepol/cil => secilc}/secilc.c | 36 +++---
> {libsepol/cil => secilc}/test/block_test.cil | 0
> {libsepol/cil => secilc}/test/in_test.cil | 0
> {libsepol/cil => secilc}/test/integration.cil | 0
> {libsepol/cil => secilc}/test/minimum.cil | 0
> .../cil => secilc}/test/name_resolution_test.cil | 0
> {libsepol/cil => secilc}/test/optional_test.cil | 0
> {libsepol/cil => secilc}/test/policy.cil | 0
> 40 files changed, 116 insertions(+), 310 deletions(-)
> delete mode 100644 libsepol/cil/Makefile
> delete mode 100644 libsepol/cil/test/policy.conf
> create mode 100644 secilc/.gitignore
> create mode 100644 secilc/Android.mk
> rename {libsepol/cil => secilc}/COPYING (100%)
> create mode 100644 secilc/Makefile
> rename {libsepol/cil => secilc}/README (73%)
> rename {libsepol/cil => secilc}/docs/CIL_Reference_Guide.xml (100%)
> rename {libsepol/cil => secilc}/docs/Makefile (81%)
> rename {libsepol/cil => secilc}/docs/cil_access_vector_rules.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_call_macro_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_class_and_permission_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_conditional_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_constraint_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_container_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_context_statement.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_default_object_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_design.dia (100%)
> rename {libsepol/cil => secilc}/docs/cil_design.jpeg (100%)
> rename {libsepol/cil => secilc}/docs/cil_file_labeling_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_mls_labeling_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_network_labeling_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_policy_config_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_role_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_sid_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_type_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_user_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_xen_statements.xml (100%)
> rename {libsepol/cil/docs => secilc}/secilc.8.xml (100%)
> rename {libsepol/cil => secilc}/secilc.c (90%)
> rename {libsepol/cil => secilc}/test/block_test.cil (100%)
> rename {libsepol/cil => secilc}/test/in_test.cil (100%)
> rename {libsepol/cil => secilc}/test/integration.cil (100%)
> rename {libsepol/cil => secilc}/test/minimum.cil (100%)
> rename {libsepol/cil => secilc}/test/name_resolution_test.cil (100%)
> rename {libsepol/cil => secilc}/test/optional_test.cil (100%)
> rename {libsepol/cil => secilc}/test/policy.cil (100%)
>
> diff --git a/Makefile b/Makefile
> index f71faab..93e10de 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1,4 +1,4 @@
> -SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy policycoreutils # policy
> +SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy secilc policycoreutils # policy
> PYSUBDIRS=libselinux libsemanage
> DISTCLEANSUBIDRS=libselinux libsemanage
>
> diff --git a/libsepol/Android.mk b/libsepol/Android.mk
> index ab4bcd1..3e4700b 100644
> --- a/libsepol/Android.mk
> +++ b/libsepol/Android.mk
> @@ -135,18 +135,3 @@ LOCAL_SRC_FILES := $(common_src_files)
> LOCAL_MODULE_CLASS := STATIC_LIBRARIES
>
> include $(BUILD_STATIC_LIBRARY)
> -
> -##
> -# secilc
> -#
> -include $(CLEAR_VARS)
> -
> -LOCAL_MODULE := secilc
> -LOCAL_MODULE_TAGS := optional
> -LOCAL_C_INCLUDES := $(common_includes)
> -LOCAL_CFLAGS := $(common_cflags)
> -LOCAL_SRC_FILES := cil/secilc.c
> -LOCAL_STATIC_LIBRARIES := libsepol
> -LOCAL_MODULE_CLASS := EXECUTABLES
> -
> -include $(BUILD_HOST_EXECUTABLE)
> diff --git a/libsepol/cil/Makefile b/libsepol/cil/Makefile
> deleted file mode 100644
> index 9f52ee4..0000000
> --- a/libsepol/cil/Makefile
> +++ /dev/null
> @@ -1,102 +0,0 @@
> -PREFIX ?= $(DESTDIR)/usr
> -LIBDIR ?= $(PREFIX)/lib
> -SHLIBDIR ?= $(DESTDIR)/lib
> -INCLUDEDIR ?= $(PREFIX)/include
> -SRCDIR ?= ./src
> -TESTDIR ?= ./test
> -UNITDIR ?= $(TESTDIR)/unit
> -LIBCILDIR ?= $(SRCDIR)
> -
> -LEX = flex
> -
> -DEBUG = 0
> -
> -SECILC = secilc
> -
> -UNIT = unit_tests
> -
> -SECILC_SRCS := secilc.c
> -SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
> -
> -TEST_SRCS := $(wildcard $(UNITDIR)/*.c)
> -TEST_OBJS := $(patsubst %.c,%.o,$(TEST_SRCS))
> -
> -LIBCIL_GENERATED := $(LIBCILDIR)/cil_lexer.c
> -LIBCIL_SRCS := $(wildcard $(LIBCILDIR)/*.c) $(LIBCIL_GENERATED)
> -LIBCIL_OBJS := $(patsubst %.c,%.o,$(LIBCIL_SRCS))
> -LIBCIL_INCLUDES := $(wildcard $(LIBCILDIR)/*.h)
> -
> -LIBCIL_STATIC := $(SRCDIR)/libcil.a
> -
> -LIBSEPOL_STATIC = /usr/lib/libsepol.a
> -
> -LIBS =
> -LDFLAGS =
> -COVCFLAGS = -fprofile-arcs -ftest-coverage -O0
> -
> -CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
> -
> -ifeq ($(DEBUG),1)
> - override CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -DDEBUG
> - override LDFLAGS += -g
> -else
> - override CFLAGS += -O2
> -endif
> -
> -override CFLAGS += -I./include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
> -
> -ARCH := $(patsubst i%86,i386,$(shell uname -m))
> -ifneq (,$(filter i386,$(ARCH)))
> - TLSFLAGS += -mno-tls-direct-seg-refs
> -endif
> -ifneq (,$(filter x86_64,$(ARCH)))
> - override LDFLAGS += -I/usr/lib64
> - override LIBSEPOL_STATIC = /usr/lib64/libsepol.a
> -endif
> -
> -all: $(SECILC)
> -
> -%.o: %.c $(LIBCIL_INCLUDES)
> - $(CC) $(CFLAGS) -c -o $@ $<
> -
> -$(LIBCIL_STATIC): $(LIBCIL_OBJS)
> - $(AR) rcs $@ $^
> - ranlib $@
> -
> -$(LIBCIL_GENERATED): $(LIBCILDIR)/cil_lexer.l
> - $(LEX) -t $< > $@
> -
> -$(UNIT): $(TEST_OBJS) $(LIBCIL_STATIC)
> - $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS)
> -
> -$(SECILC): $(SECILC_OBJS) $(LIBCIL_STATIC)
> - $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS)
> -
> -unit: $(SECILC) $(UNIT)
> -
> -# Requires lcov 1.9+ (--ignore-errors)
> -coverage: CFLAGS += $(COVCFLAGS)
> -coverage: clean unit
> - ./unit_tests
> - test -d cov || mkdir cov
> - lcov --directory src --capture --output-file cov/app.info --ignore-errors source -b src
> - lcov --remove cov/app.info '/usr/include/*' --remove cov/app.info 'sepol/*' --output-file cov/app.info
> - genhtml -o ./cov/html ./cov/app.info
> -
> -test: $(SECILC)
> - ./$(SECILC) test/policy.cil
> -
> -clean:
> - rm -f $(SECILC)
> - rm -f $(LIBCIL_STATIC)
> - rm -f $(TEST_OBJS) $(SECILC_OBJS)
> - rm -rf cov src/*.gcda src/*.gcno *.gcda *.gcno
> - rm -f $(LIBCIL_OBJS)
> -
> -bare: clean
> - rm -f $(LIBCIL_GENERATED)
> - rm -f $(UNIT)
> - rm -f policy.*
> - rm -f file_contexts
> -
> -.PHONY: all bare clean coverage test unit
> diff --git a/libsepol/cil/test/policy.conf b/libsepol/cil/test/policy.conf
> deleted file mode 100644
> index 938af91..0000000
> --- a/libsepol/cil/test/policy.conf
> +++ /dev/null
> @@ -1,143 +0,0 @@
> -class file
> -class process
> -class char
> -
> -sid kernel
> -sid security
> -sid unlabeled
> -
> -common file {ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton }
> -
> -class file inherits file { execute_no_trans entrypoint execmod open audit_access }
> -class char inherits file { foo transition }
> -class process { open }
> -
> -sensitivity s0 alias sens0;
> -sensitivity s1;
> -
> -dominance { s0 s1 }
> -
> -category c0 alias cat0;
> -category c1;
> -category c2;
> -
> -level s0:c0.c2;
> -level s1:c0.c2;
> -
> -mlsconstrain file { open } (not (((l1 eq l2) and (u1 eq u2)) or (r1 eq r2)));
> -mlsconstrain file { open } (((l1 eq l2) and (u1 eq u2)) or (r1 != r2));
> -mlsconstrain file { open } (l1 dom h2);
> -mlsconstrain file { open } (h1 domby l2);
> -mlsconstrain file { open } (l1 incomp l2);
> -
> -mlsvalidatetrans file (h1 domby l2);
> -
> -attribute foo_type;
> -attribute bar_type;
> -attribute baz_type;
> -attribute exec_type;
> -
> -type bin_t, bar_type, exec_type;
> -type kernel_t, foo_type, exec_type, baz_type;
> -type security_t, baz_type;
> -type unlabeled_t, baz_type;
> -
> -type exec_t, baz_type;
> -type console_t, baz_type;
> -type auditadm_t, baz_type;
> -type console_device_t, baz_type;
> -type user_tty_device_t, baz_type;
> -type device_t, baz_type;
> -type getty_t, baz_type;
> -type a_t, baz_type;
> -type b_t, baz_type;
> -
> -typealias bin_t alias sbin_t;
> -
> -bool secure_mode false;
> -bool console_login true;
> -bool b1 false;
> -
> -role system_r;
> -role user_r;
> -role system_r types bin_t;
> -role system_r types kernel_t;
> -role system_r types security_t;
> -role system_r types unlabeled_t;
> -
> -policycap open_perms;
> -permissive device_t;
> -
> -range_transition device_t console_t : file s0:c0 - s1:c0.c1;
> -
> -type_transition device_t console_t : file console_device_t;
> -type_member device_t bin_t : file exec_t;
> -
> -if console_login{
> - type_change auditadm_t console_device_t : file user_tty_device_t;
> -}
> -
> -role_transition system_r bin_t user_r;
> -
> -auditallow device_t auditadm_t: file { open };
> -dontaudit device_t auditadm_t: file { read };
> -
> -allow system_r user_r;
> -
> -allow console_t console_device_t: char { write setattr };
> -allow console_t console_device_t: file { open read getattr };
> -allow foo_type self: file { execute };
> -allow bin_t device_t: file { execute };
> -allow bin_t exec_t: file { execute };
> -allow bin_t bin_t: file { execute };
> -allow a_t b_t : file { write };
> -allow console_t console_device_t: file { read write getattr setattr lock append };
> -allow kernel_t kernel_t : file { execute };
> -
> -if b1 {
> - allow a_t b_t : file { read };
> -}
> -
> -if secure_mode{
> - auditallow device_t exec_t: file { read write };
> -}
> -
> -if console_login{
> - allow getty_t console_device_t: file { getattr open read write append };
> -}
> -else {
> - dontaudit getty_t console_device_t: file { getattr open read write append };
> -}
> -
> -if (not ((secure_mode eq console_login) xor ((secure_mode or console_login) and secure_mode))){
> - allow bin_t exec_t: file { execute };
> -}
> -
> -user system_u roles system_r level s0:c0 range s0:c0 - s1:c0,c1;
> -user user_u roles user_r level s0:c0 range s0:c0 - s0:c0;
> -
> -validatetrans file (t1 == exec_t);
> -
> -constrain char transition (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
> -constrain file { open } (r1 dom r2);
> -constrain file { open } (r1 domby r2);
> -constrain file { open } (r1 incomp r2);
> -constrain file { open read getattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
> -constrain char { write setattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
> -
> -
> -sid kernel system_u:system_r:kernel_t:s0:c0 - s1:c0,c1
> -sid security system_u:system_r:security_t:s0:c0 - s1:c0,c1
> -sid unlabeled system_u:system_r:unlabeled_t:s0:c0 - s1:c0,c1
> -
> -fs_use_xattr ext3 system_u:system_r:bin_t:s0:c0 - s1:c0,c1;
> -
> -genfscon proc /usr/bin system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -
> -portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -portcon udp 25 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -
> -netifcon eth0 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -
> -nodecon 192.25.35.200 192.168.1.1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -nodecon 2001:db8:ac10:fe01:: 2001:de0:da88:2222:: system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in
> index 1285314..0ae0f1a 100644
> --- a/libsepol/src/libsepol.map.in
> +++ b/libsepol/src/libsepol.map.in
> @@ -44,5 +44,6 @@ LIBSEPOL_1.1 {
> cil_filecons_to_string;
> cil_set_target_platform;
> cil_set_policy_version;
> + cil_set_mls;
> local: *;
> } LIBSEPOL_1.0;
> diff --git a/secilc/.gitignore b/secilc/.gitignore
> new file mode 100644
> index 0000000..98c367a
> --- /dev/null
> +++ b/secilc/.gitignore
> @@ -0,0 +1,6 @@
> +secilc
> +secilc.8
> +policy.*
> +file_contexts
> +docs/html
> +docs/pdf
> diff --git a/secilc/Android.mk b/secilc/Android.mk
> new file mode 100644
> index 0000000..b80955c
> --- /dev/null
> +++ b/secilc/Android.mk
> @@ -0,0 +1,31 @@
> +LOCAL_PATH:= $(call my-dir)
> +
> +common_src_files := secilc.c
> +
> +common_cflags := \
> + -Wall -Wshadow -O2 \
> + -pipe -fno-strict-aliasing \
> + -Wno-return-type
> +
> +ifeq ($(HOST_OS), darwin)
> +common_cflags += -DDARWIN
> +endif
> +
> +common_includes := \
> + $(LOCAL_PATH)/../libsepol/cil/include/ \
> + $(LOCAL_PATH)/../libsepol/include/ \
> +
> +##
> +# secilc
> +#
> +include $(CLEAR_VARS)
> +
> +LOCAL_MODULE := secilc
> +LOCAL_MODULE_TAGS := optional
> +LOCAL_C_INCLUDES := $(common_includes)
> +LOCAL_CFLAGS := $(common_cflags)
> +LOCAL_SRC_FILES := ./secilc.c
> +LOCAL_SHARED_LIRARIES := libsepol
> +LOCAL_MODULE_CLASS := EXECUTABLES
> +
> +include $(BUILD_HOST_EXECUTABLE)
> diff --git a/libsepol/cil/COPYING b/secilc/COPYING
> similarity index 100%
> rename from libsepol/cil/COPYING
> rename to secilc/COPYING
> diff --git a/secilc/Makefile b/secilc/Makefile
> new file mode 100644
> index 0000000..d6767fa
> --- /dev/null
> +++ b/secilc/Makefile
> @@ -0,0 +1,47 @@
> +PREFIX ?= $(DESTDIR)/usr
> +BINDIR ?= $(PREFIX)/bin
> +MANDIR ?= $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +TESTDIR ?= ./test
> +
> +LDFLAGS = -lsepol
> +SECILC = secilc
> +SECILC_SRCS := secilc.c
> +SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
> +
> +# The secilc man page:
> +MANPAGE = secilc.8
> +XMLTO = $(shell which xmlto 2> /dev/null | grep / | head -n1)
> +
> +CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
> +
> +override CFLAGS += -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
> +
> +$(SECILC): $(SECILC_OBJS)
> + $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
> +
> +all: $(SECILC) man
> +
> +test: $(SECILC)
> + ./$(SECILC) test/policy.cil
> +
> +man: $(MANPAGE).xml
> + $(XMLTO) man $(MANPAGE).xml
> +
> +install: all man
> + -mkdir -p $(BINDIR)
> + -mkdir -p $(MANDIR)/man8
> + install -m 755 $(SECILC) $(BINDIR)
> + install -m 644 $(MANPAGE) $(MANDIR)/man8
> +
> +doc:
> + $(MAKE) -C docs
> +
> +clean:
> + rm -f $(SECILC)
> + rm -f $(SECILC_OBJS)
> + rm -f policy.*
> + rm -f file_contexts
> + rm -f $(MANPAGE)
> +
> +.PHONY: all clean test install doc
> diff --git a/libsepol/cil/README b/secilc/README
> similarity index 73%
> rename from libsepol/cil/README
> rename to secilc/README
> index e25f849..14b8cc8 100644
> --- a/libsepol/cil/README
> +++ b/secilc/README
> @@ -11,34 +11,30 @@ INTRODUCTION
> DEPENDENCIES
>
> gcc >= 4.5.1
> - libsepol-static >= 2.1.4
> - lcov >= 1.9
> - flex >= 2.5.35
> + libsepol >= 2.4
>
>
> BUILD STEPS
>
> - Open a terminal client and execute the following command to download the source code:
> -
> - git clone https://github.com/SELinuxProject/cil.git
> -
> - Change directory into the "cil" directory.
> Run "make" with one of the following targets:
>
> make
> - Build the CIL compiler (secilc)
> + Build the CIL compiler (secilc).
>
> - make unit
> - Build the unit_test application to run unit tests
> + make test
> + Pass a sample policy to test with the compiler.
>
> - make coverage
> - Build the unit test binary and create coverage reports
> + make install
> + Install the secilc compiler and man page to disk.
>
> make clean
> - Remove temporary build files
> + Remove temporary build files.
> +
> + make man
> + Build the secilc man page.
>
> make bare
> - Remove temporary build files and compile binaries
> + Remove temporary build files and compile binaries.
>
>
> USAGE
> diff --git a/libsepol/cil/docs/CIL_Reference_Guide.xml b/secilc/docs/CIL_Reference_Guide.xml
> similarity index 100%
> rename from libsepol/cil/docs/CIL_Reference_Guide.xml
> rename to secilc/docs/CIL_Reference_Guide.xml
> diff --git a/libsepol/cil/docs/Makefile b/secilc/docs/Makefile
> similarity index 81%
> rename from libsepol/cil/docs/Makefile
> rename to secilc/docs/Makefile
> index cf18e36..1655f59 100644
> --- a/libsepol/cil/docs/Makefile
> +++ b/secilc/docs/Makefile
> @@ -1,6 +1,5 @@
> HTMLDIR ?= ./html
> PDFDIR ?= ./pdf
> -MAN8DIR ?= ./man8
>
> # The CIL Reference Guide first part
> CIL_REF_GUIDE = CIL_Reference_Guide.xml
> @@ -9,10 +8,6 @@ FILE_LIST ?= $(CIL_REF_GUIDE) $(wildcard cil*.xml)
> # xmlto generates a *.proc file that can be removed.
> PROC_FILE = CIL_Reference_Guide.proc
>
> -# The secilc man page:
> -MANPAGE = secilc.8.xml
> -
> -
> # look for xmlto and dblatex packages
> XMLTO = $(shell which xmlto 2> /dev/null | grep / | head -n1)
> DBLATEX = $(shell which dblatex 2> /dev/null | grep / | head -n1)
> @@ -22,7 +17,7 @@ ifeq ($(XMLTO),)
> $(error xmlto package not found - install package.)
> endif
>
> -all: html pdf man
> +all: html pdf
>
> html: $(FILE_LIST)
> $(XMLTO) html $(CIL_REF_GUIDE)
> @@ -41,10 +36,6 @@ endif
> @for m in *.pdf; do if [ -f $$m ]; then mv $$m $(PDFDIR); fi; done
> @rm -f $(PROC_FILE)
>
> -
> -man: $(MANPAGE)
> - $(XMLTO) man $(MANPAGE)
> - @mkdir -p $(MAN8DIR)
> - @for m in *.8; do if [ -f $$m ]; then mv $$m $(MAN8DIR); fi; done
> - @rm -f $(MANPAGE).proc
> -
> +clean:
> + @rm -rf html/
> + @rm -rf pdf/
> diff --git a/libsepol/cil/docs/cil_access_vector_rules.xml b/secilc/docs/cil_access_vector_rules.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_access_vector_rules.xml
> rename to secilc/docs/cil_access_vector_rules.xml
> diff --git a/libsepol/cil/docs/cil_call_macro_statements.xml b/secilc/docs/cil_call_macro_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_call_macro_statements.xml
> rename to secilc/docs/cil_call_macro_statements.xml
> diff --git a/libsepol/cil/docs/cil_class_and_permission_statements.xml b/secilc/docs/cil_class_and_permission_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_class_and_permission_statements.xml
> rename to secilc/docs/cil_class_and_permission_statements.xml
> diff --git a/libsepol/cil/docs/cil_conditional_statements.xml b/secilc/docs/cil_conditional_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_conditional_statements.xml
> rename to secilc/docs/cil_conditional_statements.xml
> diff --git a/libsepol/cil/docs/cil_constraint_statements.xml b/secilc/docs/cil_constraint_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_constraint_statements.xml
> rename to secilc/docs/cil_constraint_statements.xml
> diff --git a/libsepol/cil/docs/cil_container_statements.xml b/secilc/docs/cil_container_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_container_statements.xml
> rename to secilc/docs/cil_container_statements.xml
> diff --git a/libsepol/cil/docs/cil_context_statement.xml b/secilc/docs/cil_context_statement.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_context_statement.xml
> rename to secilc/docs/cil_context_statement.xml
> diff --git a/libsepol/cil/docs/cil_default_object_statements.xml b/secilc/docs/cil_default_object_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_default_object_statements.xml
> rename to secilc/docs/cil_default_object_statements.xml
> diff --git a/libsepol/cil/docs/cil_design.dia b/secilc/docs/cil_design.dia
> similarity index 100%
> rename from libsepol/cil/docs/cil_design.dia
> rename to secilc/docs/cil_design.dia
> diff --git a/libsepol/cil/docs/cil_design.jpeg b/secilc/docs/cil_design.jpeg
> similarity index 100%
> rename from libsepol/cil/docs/cil_design.jpeg
> rename to secilc/docs/cil_design.jpeg
> diff --git a/libsepol/cil/docs/cil_file_labeling_statements.xml b/secilc/docs/cil_file_labeling_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_file_labeling_statements.xml
> rename to secilc/docs/cil_file_labeling_statements.xml
> diff --git a/libsepol/cil/docs/cil_mls_labeling_statements.xml b/secilc/docs/cil_mls_labeling_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_mls_labeling_statements.xml
> rename to secilc/docs/cil_mls_labeling_statements.xml
> diff --git a/libsepol/cil/docs/cil_network_labeling_statements.xml b/secilc/docs/cil_network_labeling_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_network_labeling_statements.xml
> rename to secilc/docs/cil_network_labeling_statements.xml
> diff --git a/libsepol/cil/docs/cil_policy_config_statements.xml b/secilc/docs/cil_policy_config_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_policy_config_statements.xml
> rename to secilc/docs/cil_policy_config_statements.xml
> diff --git a/libsepol/cil/docs/cil_role_statements.xml b/secilc/docs/cil_role_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_role_statements.xml
> rename to secilc/docs/cil_role_statements.xml
> diff --git a/libsepol/cil/docs/cil_sid_statements.xml b/secilc/docs/cil_sid_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_sid_statements.xml
> rename to secilc/docs/cil_sid_statements.xml
> diff --git a/libsepol/cil/docs/cil_type_statements.xml b/secilc/docs/cil_type_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_type_statements.xml
> rename to secilc/docs/cil_type_statements.xml
> diff --git a/libsepol/cil/docs/cil_user_statements.xml b/secilc/docs/cil_user_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_user_statements.xml
> rename to secilc/docs/cil_user_statements.xml
> diff --git a/libsepol/cil/docs/cil_xen_statements.xml b/secilc/docs/cil_xen_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_xen_statements.xml
> rename to secilc/docs/cil_xen_statements.xml
> diff --git a/libsepol/cil/docs/secilc.8.xml b/secilc/secilc.8.xml
> similarity index 100%
> rename from libsepol/cil/docs/secilc.8.xml
> rename to secilc/secilc.8.xml
> diff --git a/libsepol/cil/secilc.c b/secilc/secilc.c
> similarity index 90%
> rename from libsepol/cil/secilc.c
> rename to secilc/secilc.c
> index f4e32b3..923151c 100644
> --- a/libsepol/cil/secilc.c
> +++ b/secilc/secilc.c
> @@ -34,7 +34,7 @@
> #include <getopt.h>
> #include <sys/stat.h>
>
> -#include <cil/cil.h>
> +#include <sepol/cil/cil.h>
> #include <sepol/policydb.h>
>
> void usage(char *prog)
> @@ -210,13 +210,13 @@ int main(int argc, char *argv[])
> for (i = optind; i < argc; i++) {
> file = fopen(argv[i], "r");
> if (!file) {
> - cil_log(CIL_ERR, "Could not open file: %s\n", argv[i]);
> + fprintf(stderr, "Could not open file: %s\n", argv[i]);
> rc = SEPOL_ERR;
> goto exit;
> }
> rc = stat(argv[i], &filedata);
> if (rc == -1) {
> - cil_log(CIL_ERR, "Could not stat file: %s\n", argv[i]);
> + fprintf(stderr, "Could not stat file: %s\n", argv[i]);
> goto exit;
> }
> file_size = filedata.st_size;
> @@ -224,7 +224,7 @@ int main(int argc, char *argv[])
> buffer = malloc(file_size);
> rc = fread(buffer, file_size, 1, file);
> if (rc != 1) {
> - cil_log(CIL_ERR, "Failure reading file: %s\n", argv[i]);
> + fprintf(stderr, "Failure reading file: %s\n", argv[i]);
> goto exit;
> }
> fclose(file);
> @@ -232,7 +232,7 @@ int main(int argc, char *argv[])
>
> rc = cil_add_file(db, argv[i], buffer, file_size);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failure adding %s\n", argv[i]);
> + fprintf(stderr, "Failure adding %s\n", argv[i]);
> goto exit;
> }
>
> @@ -242,13 +242,13 @@ int main(int argc, char *argv[])
>
> rc = cil_compile(db);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failed to compile cildb: %d\n", rc);
> + fprintf(stderr, "Failed to compile cildb: %d\n", rc);
> goto exit;
> }
>
> rc = cil_build_policydb(db, &pdb);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failed to build policydb\n");
> + fprintf(stderr, "Failed to build policydb\n");
> goto exit;
> }
>
> @@ -256,29 +256,27 @@ int main(int argc, char *argv[])
> int size = snprintf(NULL, 0, "policy.%d", policyvers);
> output = malloc((size + 1) * sizeof(char));
> if (output == NULL) {
> - cil_log(CIL_ERR, "Failed to create output filename\n");
> + fprintf(stderr, "Failed to create output filename\n");
> rc = SEPOL_ERR;
> goto exit;
> }
> if (snprintf(output, size + 1, "policy.%d", policyvers) != size) {
> - cil_log(CIL_ERR, "Failed to create output filename\n");
> + fprintf(stderr, "Failed to create output filename\n");
> rc = SEPOL_ERR;
> goto exit;
> }
> }
>
> - cil_log(CIL_INFO, "Writing binary to %s\n", output);
> -
> binary = fopen(output, "w");
> if (binary == NULL) {
> - cil_log(CIL_ERR, "Failure opening binary file for writing\n");
> + fprintf(stderr, "Failure opening binary file for writing\n");
> rc = SEPOL_ERR;
> goto exit;
> }
>
> rc = sepol_policy_file_create(&pf);
> if (rc != 0) {
> - cil_log(CIL_ERR, "Failed to create policy file: %d\n", rc);
> + fprintf(stderr, "Failed to create policy file: %d\n", rc);
> goto exit;
> }
>
> @@ -286,18 +284,16 @@ int main(int argc, char *argv[])
>
> rc = sepol_policydb_write(pdb, pf);
> if (rc != 0) {
> - cil_log(CIL_ERR, "Failed to write binary policy: %d\n", rc);
> + fprintf(stderr, "Failed to write binary policy: %d\n", rc);
> goto exit;
> }
>
> fclose(binary);
> binary = NULL;
>
> - cil_log(CIL_INFO, "Writing file contexts\n");
> -
> rc = cil_filecons_to_string(db, &fc_buf, &fc_size);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failed to get file context data\n");
> + fprintf(stderr, "Failed to get file context data\n");
> goto exit;
> }
>
> @@ -308,12 +304,12 @@ int main(int argc, char *argv[])
> }
>
> if (file_contexts == NULL) {
> - cil_log(CIL_ERR, "Failed to open file_contexts file\n");
> + fprintf(stderr, "Failed to open file_contexts file\n");
> goto exit;
> }
>
> if (fwrite(fc_buf, sizeof(char), fc_size, file_contexts) != fc_size) {
> - cil_log(CIL_ERR, "Failed to write file_contexts file\n");
> + fprintf(stderr, "Failed to write file_contexts file\n");
> goto exit;
> }
>
> @@ -323,8 +319,6 @@ int main(int argc, char *argv[])
> rc = SEPOL_OK;
>
> exit:
> - cil_log(CIL_INFO,"Exiting\n");
> -
> if (binary != NULL) {
> fclose(binary);
> }
> diff --git a/libsepol/cil/test/block_test.cil b/secilc/test/block_test.cil
> similarity index 100%
> rename from libsepol/cil/test/block_test.cil
> rename to secilc/test/block_test.cil
> diff --git a/libsepol/cil/test/in_test.cil b/secilc/test/in_test.cil
> similarity index 100%
> rename from libsepol/cil/test/in_test.cil
> rename to secilc/test/in_test.cil
> diff --git a/libsepol/cil/test/integration.cil b/secilc/test/integration.cil
> similarity index 100%
> rename from libsepol/cil/test/integration.cil
> rename to secilc/test/integration.cil
> diff --git a/libsepol/cil/test/minimum.cil b/secilc/test/minimum.cil
> similarity index 100%
> rename from libsepol/cil/test/minimum.cil
> rename to secilc/test/minimum.cil
> diff --git a/libsepol/cil/test/name_resolution_test.cil b/secilc/test/name_resolution_test.cil
> similarity index 100%
> rename from libsepol/cil/test/name_resolution_test.cil
> rename to secilc/test/name_resolution_test.cil
> diff --git a/libsepol/cil/test/optional_test.cil b/secilc/test/optional_test.cil
> similarity index 100%
> rename from libsepol/cil/test/optional_test.cil
> rename to secilc/test/optional_test.cil
> diff --git a/libsepol/cil/test/policy.cil b/secilc/test/policy.cil
> similarity index 100%
> rename from libsepol/cil/test/policy.cil
> rename to secilc/test/policy.cil
>
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
