On 03/25/2016 02:48 PM, Stephen Smalley wrote:
On 03/25/2016 02:04 PM, James Carter wrote:Since the usual convention is for the module name to be same as the base filename of the module, provide a warning message if they are different. Also warn if the output filename is different than the module name. Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx> --- checkpolicy/checkmodule.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c index 5957d29..5d1e219 100644 --- a/checkpolicy/checkmodule.c +++ b/checkpolicy/checkmodule.c @@ -258,6 +258,19 @@ int main(int argc, char **argv) } } + if (policy_type != POLICY_BASE) { + sepol_policydb_t *module = (sepol_policydb_t *)&modpolicydb; + if (sepol_module_check_name_matches_filename(module, file)) { + fprintf(stderr, "Module name %s does not match input file %s\n", + sepol_module_get_name(module), file); + } + if (outfile) { + if (sepol_module_check_name_matches_filename(module, outfile)) { + fprintf(stderr, "Module name %s does not match output file %s\n", sepol_module_get_name(module), outfile); + } + } + }Probably want a "Warning:" prefix here as well, and possibly some hint as to which name is preferred or will be used by the system. Do we actually care about the input file name?
I went back and forth with that myself. I don't think so, but I left in in case others cared.
Jim
+ if (modpolicydb.policy_type == POLICY_BASE && !cil) { /* Verify that we can successfully expand the base module. */ policydb_t kernpolicydb;
-- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
