On 03/31/2015 03:20 PM, Steve Lawrence wrote:
On 03/31/2015 01:18 PM, James Carter wrote:
Add support to checkpolicy and checkmodule for generating CIL as their
output.
Add new options "-C" and "--cil" to specify CIL as the output format.
Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
---
checkpolicy/checkmodule.c | 59 +++++++++++++++++++++--------------
checkpolicy/checkpolicy.c | 79 ++++++++++++++++++++++++++++++-----------------
2 files changed, 86 insertions(+), 52 deletions(-)
diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
index 0255928..b1be640 100644
--- a/checkpolicy/checkmodule.c
+++ b/checkpolicy/checkmodule.c
[snip]
@@ -295,10 +283,33 @@ int main(int argc, char **argv)
printf("%s: policy configuration loaded\n", argv[0]);
- if (outfile &&
- write_binary_policy(&modpolicydb, outfile, argv[0]) == -1) {
+ if (outfile) {
+ FILE *outfp = fopen(outfile, "w");
+
+ if (!outfp) {
+ perror(outfile);
+ exit(1);
+ }
+
+ if (!cil) {
+ printf("%s: writing binary representation (version %d) to %s\n",
+ argv[0], policyvers, file);
+
+ if (write_binary_policy(&modpolicydb, outfp) != 0) {
+ fprintf(stderr, "%s: error writing %s\n", argv[0], outfile);
+ exit(1);
+ }
+ } else {
+ printf("%s: writing CIL to %s\n",argv[0], outfile);
+ sepol_module_policydb_to_cil(outfp, &modpolicydb, 0);
Maybe add a check for the return code of sepol_module_policydb_to_cil
and fprintf an error message, like above with write_binary_policy?
+ }
+
+ fclose(outfp);
+ } else if (cil) {
+ fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]);
exit(1);
}
+
policydb_destroy(&modpolicydb);
return 0;
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 61a2e89..d96399d 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
[snip]
@@ -602,29 +612,42 @@ int main(int argc, char **argv)
printf("%s: policy configuration loaded\n", argv[0]);
if (outfile) {
- printf
- ("%s: writing binary representation (version %d) to %s\n",
- argv[0], policyvers, outfile);
outfp = fopen(outfile, "w");
if (!outfp) {
perror(outfile);
exit(1);
}
- policydb.policy_type = POLICY_KERN;
policydb.policyvers = policyvers;
- policy_file_init(&pf);
- pf.type = PF_USE_STDIO;
- pf.fp = outfp;
- ret = policydb_write(&policydb, &pf);
- if (ret) {
- fprintf(stderr, "%s: error writing %s\n",
- argv[0], outfile);
- exit(1);
+ if (!cil) {
+ printf
+ ("%s: writing binary representation (version %d) to %s\n",
+ argv[0], policyvers, outfile);
+ policydb.policy_type = POLICY_KERN;
+
+ policy_file_init(&pf);
+ pf.type = PF_USE_STDIO;
+ pf.fp = outfp;
+ ret = policydb_write(&policydb, &pf);
+ if (ret) {
+ fprintf(stderr, "%s: error writing %s\n",
+ argv[0], outfile);
+ exit(1);
+ }
+ } else {
+ printf("%s: writing CIL to %s\n",argv[0], outfile);
+ sepol_module_policydb_to_cil(outfp, policydbp, 1);
Same issue here. Add error checking/message?
Yes, both of these should be checking for an error and printing an error message.
Jim
+ }
+
+ if (outfile) {
+ fclose(outfp);
}
- fclose(outfp);
+ } else if (cil) {
+ fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]);
+ exit(1);
}
+
if (!debug) {
policydb_destroy(&policydb);
exit(0);
--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
