On Tue, Apr 20, 2021 at 7:08 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> As an example of how it can be used, I have been using secil2tree
> recently to make secilc fuzzing test cases readable.
>
> Running:
> secil2tree -A build -o fuzz_613136.cil
> clusterfuzz-testcase-minimized-secilc-fuzzer-6131368317812736
>
> The attached files shows the original and the output of secil2tree.
>
> Jim
>
> On Mon, Apr 19, 2021 at 11:27 AM James Carter <jwcart2@xxxxxxxxx> wrote:
> >
> > For debugging purposes it would be useful to be able to write out
> > the CIL AST at various points in the build process.
> >
> > This patch set creates secil2tree which can write the CIL parse tree,
> > the CIL AST after the build phase, or the CIL AST after the resolve
> > phase (with names fully-qualified).
> >
> > Within CIL the function cil_print_tree() has existed from early in
> > CIL's development, but it was not exported in libsepol and there was no
> > way to use it except by adding a call to it where you wanted to print
> > out the CIL AST and then recompiling everything. It also used cil_log()
> > as its output, so other messages could be mixed in with the output. This
> > patch set moves all of this code to its own file, updates it, renames it
> > as cil_write_ast(), and adds libsepol functions that can be used to call
> > it after each one of the phases mentioned above.
> >
> > Both the parse and build CIL AST are valid CIL policies that can be
> > compiled with secilc, but the resolve CIL AST is not always a valid CIL
> > policy. The biggest problem is that fully-qualified names can contain
> > dots and CIL does not allow dots in declaration names. There are other
> > problems as well. It would be nice to get to the point where the output
> > for all of the trees are valid CIL, but that is a goal for the future.
> >
> > v2:
> > - Remove whitespace errors in cil_write_ast.h
> > - Use "const char*" instead of just "char*" when dealing with string
> > literals to satisfy clang.
> >
> > James Carter (3):
> > libsepol/cil: Create functions to write the CIL AST
> > libsepol/cil: Add functions to make use of cil_write_ast()
> > secilc: Create the new program called secil2tree to write out CIL AST
> >
> > libsepol/cil/include/cil/cil.h | 3 +
> > libsepol/cil/src/cil.c | 92 ++
> > libsepol/cil/src/cil_tree.c | 1471 ----------------------------
> > libsepol/cil/src/cil_tree.h | 2 -
> > libsepol/cil/src/cil_write_ast.c | 1573 ++++++++++++++++++++++++++++++
> > libsepol/cil/src/cil_write_ast.h | 46 +
> > libsepol/src/libsepol.map.in | 3 +
> > secilc/.gitignore | 2 +
> > secilc/Makefile | 20 +-
> > secilc/secil2tree.8.xml | 81 ++
> > secilc/secil2tree.c | 206 ++++
> > 11 files changed, 2024 insertions(+), 1475 deletions(-)
> > create mode 100644 libsepol/cil/src/cil_write_ast.c
> > create mode 100644 libsepol/cil/src/cil_write_ast.h
> > create mode 100644 secilc/secil2tree.8.xml
> > create mode 100644 secilc/secil2tree.c
> >
> > --
> > 2.26.3
> >
Hello,
Thanks for this tool! It looks great and it seems to work quite well.
Anyway, while building with some warning flags, gcc reported issues
about using non-const pointers to hold literal strings. For example:
../cil/src/cil_write_ast.c: In function ‘datum_to_str’:
../cil/src/cil_write_ast.c:51:28: error: return discards ‘const’
qualifier from pointer target type [-Werror=discarded-qualifiers]
51 | return datum ? datum->fqn : "<?DATUM>";
| ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
../cil/src/cil_write_ast.c: In function ‘write_expr’:
../cil/src/cil_write_ast.c:122:12: error: assignment discards ‘const’
qualifier from pointer target type [-Werror=discarded-qualifiers]
122 | op_str = "<?OP>";
| ^
With the attached patch, the code compiles fine. Feel free to directly
modify the first patch with these fixes.
Thanks,
Nicolas
From 509affa0373b784a726f51ef1f1846f1efa2327e Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Date: Tue, 20 Apr 2021 16:33:01 +0200
Subject: [PATCH] Fix -Wdiscarded-qualifiers issues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Buils with 'gcc -Wdiscarded-qualifiers' leads to errors such as:
../cil/src/cil_write_ast.c: In function ‘datum_to_str’:
../cil/src/cil_write_ast.c:51:28: error: return discards ‘const’
qualifier from pointer target type [-Werror=discarded-qualifiers]
51 | return datum ? datum->fqn : "<?DATUM>";
| ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
../cil/src/cil_write_ast.c: In function ‘write_expr’:
../cil/src/cil_write_ast.c:122:12: error: assignment discards
‘const’ qualifier from pointer target type
[-Werror=discarded-qualifiers]
122 | op_str = "<?OP>";
| ^
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/cil/src/cil_write_ast.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libsepol/cil/src/cil_write_ast.c b/libsepol/cil/src/cil_write_ast.c
index 6cb567a69d5b..62faefe31dee 100644
--- a/libsepol/cil/src/cil_write_ast.c
+++ b/libsepol/cil/src/cil_write_ast.c
@@ -41,12 +41,12 @@
#include "cil_write_ast.h"
-static inline char *datum_or_str(struct cil_symtab_datum *datum, char *str)
+static inline const char *datum_or_str(struct cil_symtab_datum *datum, const char *str)
{
return datum ? datum->fqn : str;
}
-static inline char *datum_to_str(struct cil_symtab_datum *datum)
+static inline const char *datum_to_str(struct cil_symtab_datum *datum)
{
return datum ? datum->fqn : "<?DATUM>";
}
@@ -82,7 +82,7 @@ static void write_expr(FILE *out, struct cil_list *expr)
fprintf(out, "%s", datum_to_str(curr->data));
break;
case CIL_OP: {
- char *op_str = NULL;
+ const char *op_str = NULL;
enum cil_flavor op_flavor = (enum cil_flavor)curr->data;
switch (op_flavor) {
case CIL_AND:
@@ -126,7 +126,7 @@ static void write_expr(FILE *out, struct cil_list *expr)
break;
}
case CIL_CONS_OPERAND: {
- char *operand_str = NULL;
+ const char *operand_str = NULL;
enum cil_flavor operand_flavor = (enum cil_flavor)curr->data;
switch (operand_flavor) {
case CIL_CONS_U1:
@@ -490,9 +490,9 @@ static void write_call_args_tree(FILE *out, struct cil_tree_node *arg_node)
}
}
-static char *__macro_param_flavor_to_string(enum cil_flavor flavor)
+static const char *__macro_param_flavor_to_string(enum cil_flavor flavor)
{
- char *str = NULL;
+ const char *str = NULL;
switch(flavor) {
case CIL_TYPE:
str = CIL_KEY_TYPE;
--
2.31.0
