On 04/07/2016 12:41 PM, Thomas Hurd wrote:
On Thu, Apr 7, 2016 at 11:06 AM, James Carter <jwcart2@xxxxxxxxxxxxx> wrote:Since CIL treats files as modules and does not have a separate module statement it can cause confusion when a Refpolicy module has a name that is not the same as its base filename because older SELinux userspaces will refer to the module by its module name while a CIL-based userspace will refer to it by its filename. Because of this, provide a warning message when converting a policy package to CIL and the output filename is different than the module name. Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx> --- policycoreutils/hll/pp/pp.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c index 866734f..8621b50 100644 --- a/policycoreutils/hll/pp/pp.c +++ b/policycoreutils/hll/pp/pp.c @@ -28,6 +28,7 @@ #include <sepol/module.h> #include <sepol/module_to_cil.h> +#include <sepol/policydb/module.h> char *progname; @@ -68,6 +69,8 @@ int main(int argc, char **argv) { NULL, 0, NULL, 0 } }; struct sepol_module_package *mod_pkg = NULL; + char *ifile = NULL; + char *ofile = NULL; FILE *in = NULL; FILE *out = NULL; int outfd = -1; @@ -89,20 +92,23 @@ int main(int argc, char **argv) } if (argc >= optind + 1 && strcmp(argv[1], "-") != 0) { - in = fopen(argv[1], "rb"); + ifile = argv[1]; + in = fopen(ifile, "rb"); if (in == NULL) { - log_err("Failed to open %s: %s", argv[1], strerror(errno)); + log_err("Failed to open %s: %s", ifile, strerror(errno)); rc = -1; goto exit; } } else { + ifile = "stdin"; in = stdin; } if (argc >= optind + 2 && strcmp(argv[2], "-") != 0) { - out = fopen(argv[2], "w"); + ofile = argv[2]; + out = fopen(ofile, "w"); if (out == NULL) { - log_err("Failed to open %s: %s", argv[2], strerror(errno)); + log_err("Failed to open %s: %s", ofile, strerror(errno)); rc = -1; goto exit; } @@ -122,6 +128,20 @@ int main(int argc, char **argv) fclose(in); in = NULL; + if (ofile) { + char *mod_name = mod_pkg->policy->p.name; + char *cil_path = strdup(ofile);Check if strdup fails here and also in the checkmodule patch?
Yes, I do need to do that. Thanks. Jim
+ char *cil_name = basename(cil_path); + char *separator = strrchr(cil_name, '.'); + if (separator) { + *separator = '\0'; + } + if (strcmp(mod_name, cil_name) != 0) { + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, cil_name, mod_name); + } + free(cil_path); + } + rc = sepol_module_package_to_cil(out, mod_pkg); if (rc != 0) { goto exit; -- 2.5.5 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
-- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
