On Wed, Apr 21, 2021 at 4:52 AM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote:
>
> On Mon, Apr 19, 2021 at 5:28 PM James Carter <jwcart2@xxxxxxxxx> wrote:
> >
> > secil2tree is the SELinux CIL AST writer. It calls the cil functions
> > cil_write_parse_ast(), cil_write_build_ast(), or cil_write_resolve_ast()
> > to write out the parse tree, the CIL AST after the build phase, or the
> > CIL AST after the resolve phase.
> >
> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> > ---
> > secilc/.gitignore | 2 +
> > secilc/Makefile | 20 +++-
> > secilc/secil2tree.8.xml | 81 ++++++++++++++++
> > secilc/secil2tree.c | 206 ++++++++++++++++++++++++++++++++++++++++
> > 4 files changed, 307 insertions(+), 2 deletions(-)
> > create mode 100644 secilc/secil2tree.8.xml
> > create mode 100644 secilc/secil2tree.c
> >
> > [...]
> > diff --git a/secilc/secil2tree.c b/secilc/secil2tree.c
> > new file mode 100644
> > index 00000000..1f55d08a
> > --- /dev/null
> > +++ b/secilc/secil2tree.c
> > @@ -0,0 +1,206 @@
> > +/*
> > + * Copyright 2011 Tresys Technology, LLC. All rights reserved.
> > + *
> > + * Redistribution and use in source and binary forms, with or without
> > + * modification, are permitted provided that the following conditions are met:
> > + *
> > + * 1. Redistributions of source code must retain the above copyright notice,
> > + * this list of conditions and the following disclaimer.
> > + *
> > + * 2. Redistributions in binary form must reproduce the above copyright notice,
> > + * this list of conditions and the following disclaimer in the documentation
> > + * and/or other materials provided with the distribution.
> > + *
> > + * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
> > + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
> > + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
> > + * EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
> > + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
> > + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
> > + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
> > + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> > + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> > + *
> > + * The views and conclusions contained in the software and documentation are those
> > + * of the authors and should not be interpreted as representing official policies,
> > + * either expressed or implied, of Tresys Technology, LLC.
> > + */
> > +
> > +#include <stdlib.h>
> > +#include <stdio.h>
> > +#include <stdint.h>
> > +#include <string.h>
> > +#include <getopt.h>
> > +#include <sys/stat.h>
> > +
> > +#ifdef ANDROID
> > +#include <cil/cil.h>
> > +#else
> > +#include <sepol/cil/cil.h>
> > +#endif
> > +#include <sepol/policydb.h>
> > +
> > +enum write_ast_phase {
> > + WRITE_AST_PHASE_PARSE = 0,
> > + WRITE_AST_PHASE_BUILD,
> > + WRITE_AST_PHASE_RESOLVE,
> > +};
> > +
> > +static __attribute__((__noreturn__)) void usage(const char *prog)
> > +{
> > + printf("Usage: %s [OPTION]... FILE...\n", prog);
> > + printf("\n");
> > + printf("Options:\n");
> > + printf(" -o, --output=<file> write AST to <file>. (default: stdout)\n");
> > + printf(" -P, --preserve-tunables treat tunables as booleans\n");
> > + printf(" -A, --ast-phase <phase> write AST of phase <phase>. Phase must be parse, \n");
> > + printf(" build, or resolve. (default: resolve)\n");
> > + printf(" -v, --verbose increment verbosity level\n");
> > + printf(" -h, --help display usage information\n");
> > + exit(1);
>
> Small thing: --output is documented with an equal sign
> ("--output=<file>") while --ast-phase is with a space ("--ast-phase
> <phase>"), both in the usage function and in the man page. Is this
> inconsistency intentional?
>
No, I think for consistency the "=" should be used.
Thanks,
Jim
> The rest of this patch looks good to me. I have other comments on the
> series, that I will send.
> Thanks,
> Nicolas
>
