dispol command requires interaction. It not suitable for using
in a script. This change introduces -b that is for running
dispol in non-interactively.
An example:
$ ./dispol -b 1 /sys/fs/selinux/policy
allow deltacloudd_log_t tmp_t : filesystem { associate };
allow kern_unconfined sysctl_type : lnk_file { ioctl read ...
...
Signed-off-by: Masatake YAMATO <yamato@xxxxxxxxxx>
---
checkpolicy/test/dispol.c | 49 ++++++++++++++++++++++++++++++---------
1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
index 26bbba7a..0eaa830a 100644
--- a/checkpolicy/test/dispol.c
+++ b/checkpolicy/test/dispol.c
@@ -39,7 +39,7 @@ static policydb_t policydb;
static __attribute__((__noreturn__)) void usage(const char *progname,
int status)
{
- printf("usage: %s [-h] binary_pol_file\n\n", progname);
+ printf("usage: %s [-h] [-b cmds] binary_pol_file\n\n", progname);
exit(status);
}
@@ -395,14 +395,21 @@ int main(int argc, char **argv)
int state;
struct policy_file pf;
char *pf_name;
+ char *cmds = NULL;
if (argc <= 1)
usage(argv[0], 1);
else if (strcmp(argv[1], "-h") == 0)
usage(argv[0], 0);
- else if (argc != 2)
+ else if (strcmp(argv[1], "-b") == 0) {
+ if (argc != 4)
+ usage(argv[0], 1);
+ cmds = argv[2];
+ pf_name = argv[3];
+ } else if (argc == 2)
+ pf_name = argv[1];
+ else
usage(argv[0], 1);
- pf_name = argv[1];
fd = open(pf_name, O_RDONLY);
if (fd < 0) {
@@ -424,7 +431,8 @@ int main(int argc, char **argv)
}
/* read the binary policy */
- fprintf(out_fp, "Reading policy...\n");
+ if (!cmds)
+ fprintf(out_fp, "Reading policy...\n");
policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = map;
@@ -433,7 +441,7 @@ int main(int argc, char **argv)
fprintf(stderr, "%s: Out of memory!\n", argv[0]);
exit(1);
}
- ret = policydb_read(&policydb, &pf, 1);
+ ret = policydb_read(&policydb, &pf, cmds == NULL);
if (ret) {
fprintf(stderr,
"%s: error(s) encountered while parsing configuration\n",
@@ -441,16 +449,30 @@ int main(int argc, char **argv)
exit(1);
}
- fprintf(stdout, "binary policy file loaded\n\n");
+ if (!cmds)
+ fprintf(stdout, "binary policy file loaded\n\n");
close(fd);
- menu();
+ if (!cmds)
+ menu();
for (;;) {
- printf("\nCommand (\'m\' for menu): ");
- if (fgets(ans, sizeof(ans), stdin) == NULL) {
- fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
+ if (cmds) {
+ ans[0] = *cmds++;
+ if (ans[0] == '\0')
+ ans[0] = 'q';
+ else if (strchr("7fm", ans[0])) {
+ fprintf(stderr,
+ "Unacceptable command in batch mode: %c\n",
+ ans[0]);
+ exit(1);
+ }
+ } else {
+ printf("\nCommand (\'m\' for menu): ");
+ if (fgets(ans, sizeof(ans), stdin) == NULL) {
+ fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
strerror(errno));
- continue;
+ continue;
+ }
}
switch (ans[0]) {
@@ -551,6 +573,11 @@ int main(int argc, char **argv)
menu();
break;
default:
+ if (cmds) {
+ fprintf(stderr,
+ "Invalid command: %c\n", ans[0]);
+ exit(1);
+ }
printf("\nInvalid choice\n");
menu();
break;
--
2.21.0
