As an example of how it can be used, I have been using secil2tree recently to make secilc fuzzing test cases readable. Running: secil2tree -A build -o fuzz_613136.cil clusterfuzz-testcase-minimized-secilc-fuzzer-6131368317812736 The attached files shows the original and the output of secil2tree. Jim On Mon, Apr 19, 2021 at 11:27 AM James Carter <jwcart2@xxxxxxxxx> wrote: > > For debugging purposes it would be useful to be able to write out > the CIL AST at various points in the build process. > > This patch set creates secil2tree which can write the CIL parse tree, > the CIL AST after the build phase, or the CIL AST after the resolve > phase (with names fully-qualified). > > Within CIL the function cil_print_tree() has existed from early in > CIL's development, but it was not exported in libsepol and there was no > way to use it except by adding a call to it where you wanted to print > out the CIL AST and then recompiling everything. It also used cil_log() > as its output, so other messages could be mixed in with the output. This > patch set moves all of this code to its own file, updates it, renames it > as cil_write_ast(), and adds libsepol functions that can be used to call > it after each one of the phases mentioned above. > > Both the parse and build CIL AST are valid CIL policies that can be > compiled with secilc, but the resolve CIL AST is not always a valid CIL > policy. The biggest problem is that fully-qualified names can contain > dots and CIL does not allow dots in declaration names. There are other > problems as well. It would be nice to get to the point where the output > for all of the trees are valid CIL, but that is a goal for the future. > > v2: > - Remove whitespace errors in cil_write_ast.h > - Use "const char*" instead of just "char*" when dealing with string > literals to satisfy clang. > > James Carter (3): > libsepol/cil: Create functions to write the CIL AST > libsepol/cil: Add functions to make use of cil_write_ast() > secilc: Create the new program called secil2tree to write out CIL AST > > libsepol/cil/include/cil/cil.h | 3 + > libsepol/cil/src/cil.c | 92 ++ > libsepol/cil/src/cil_tree.c | 1471 ---------------------------- > libsepol/cil/src/cil_tree.h | 2 - > libsepol/cil/src/cil_write_ast.c | 1573 ++++++++++++++++++++++++++++++ > libsepol/cil/src/cil_write_ast.h | 46 + > libsepol/src/libsepol.map.in | 3 + > secilc/.gitignore | 2 + > secilc/Makefile | 20 +- > secilc/secil2tree.8.xml | 81 ++ > secilc/secil2tree.c | 206 ++++ > 11 files changed, 2024 insertions(+), 1475 deletions(-) > create mode 100644 libsepol/cil/src/cil_write_ast.c > create mode 100644 libsepol/cil/src/cil_write_ast.h > create mode 100644 secilc/secil2tree.8.xml > create mode 100644 secilc/secil2tree.c > > -- > 2.26.3 >
Attachment:
clusterfuzz-testcase-minimized-secilc-fuzzer-6131368317812736
Description: Binary data
Attachment:
fuzz_613136.cil
Description: application/vnd.ms-artgalry
