On Mon, Apr 19, 2021 at 5:28 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> secil2tree is the SELinux CIL AST writer. It calls the cil functions
> cil_write_parse_ast(), cil_write_build_ast(), or cil_write_resolve_ast()
> to write out the parse tree, the CIL AST after the build phase, or the
> CIL AST after the resolve phase.
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> secilc/.gitignore | 2 +
> secilc/Makefile | 20 +++-
> secilc/secil2tree.8.xml | 81 ++++++++++++++++
> secilc/secil2tree.c | 206 ++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 307 insertions(+), 2 deletions(-)
> create mode 100644 secilc/secil2tree.8.xml
> create mode 100644 secilc/secil2tree.c
>
> [...]
> diff --git a/secilc/secil2tree.c b/secilc/secil2tree.c
> new file mode 100644
> index 00000000..1f55d08a
> --- /dev/null
> +++ b/secilc/secil2tree.c
> @@ -0,0 +1,206 @@
> +/*
> + * Copyright 2011 Tresys Technology, LLC. All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions are met:
> + *
> + * 1. Redistributions of source code must retain the above copyright notice,
> + * this list of conditions and the following disclaimer.
> + *
> + * 2. Redistributions in binary form must reproduce the above copyright notice,
> + * this list of conditions and the following disclaimer in the documentation
> + * and/or other materials provided with the distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
> + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
> + * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
> + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
> + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
> + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
> + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + *
> + * The views and conclusions contained in the software and documentation are those
> + * of the authors and should not be interpreted as representing official policies,
> + * either expressed or implied, of Tresys Technology, LLC.
> + */
> +
> +#include <stdlib.h>
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <string.h>
> +#include <getopt.h>
> +#include <sys/stat.h>
> +
> +#ifdef ANDROID
> +#include <cil/cil.h>
> +#else
> +#include <sepol/cil/cil.h>
> +#endif
> +#include <sepol/policydb.h>
> +
> +enum write_ast_phase {
> + WRITE_AST_PHASE_PARSE = 0,
> + WRITE_AST_PHASE_BUILD,
> + WRITE_AST_PHASE_RESOLVE,
> +};
> +
> +static __attribute__((__noreturn__)) void usage(const char *prog)
> +{
> + printf("Usage: %s [OPTION]... FILE...\n", prog);
> + printf("\n");
> + printf("Options:\n");
> + printf(" -o, --output=<file> write AST to <file>. (default: stdout)\n");
> + printf(" -P, --preserve-tunables treat tunables as booleans\n");
> + printf(" -A, --ast-phase <phase> write AST of phase <phase>. Phase must be parse, \n");
> + printf(" build, or resolve. (default: resolve)\n");
> + printf(" -v, --verbose increment verbosity level\n");
> + printf(" -h, --help display usage information\n");
> + exit(1);
Small thing: --output is documented with an equal sign
("--output=<file>") while --ast-phase is with a space ("--ast-phase
<phase>"), both in the usage function and in the man page. Is this
inconsistency intentional?
The rest of this patch looks good to me. I have other comments on the
series, that I will send.
Thanks,
Nicolas
