On Fri, Feb 18, 2022 at 4:15 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > On Wed, Feb 16, 2022 at 2:27 AM Thiébaud Weksteen <tweek@xxxxxxxxxx> wrote: > > > > When an assertion fails, the error message refers to a generic > > "policy.conf" file. When parsing a policy in checkpolicy, populate its > > name using the original filename (source_filename is still build using > > the #line directives within the policy). > > > > Signed-off-by: Thiébaud Weksteen <tweek@xxxxxxxxxx> > > Acked-by: James Carter <jwcart2@xxxxxxxxx> > Merged. Thanks, Jim > > --- > > v1 -> v2: Fix leak reported by Christian Göttsche > > > > checkpolicy/module_compiler.c | 1 + > > checkpolicy/parse_util.c | 1 + > > libsepol/src/assertion.c | 20 ++++++++++++++------ > > libsepol/src/expand.c | 3 +++ > > 4 files changed, 19 insertions(+), 6 deletions(-) > > > > diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c > > index 5f5b0b19..129650fa 100644 > > --- a/checkpolicy/module_compiler.c > > +++ b/checkpolicy/module_compiler.c > > @@ -99,6 +99,7 @@ int define_policy(int pass, int module_header_given) > > yyerror("no module name"); > > return -1; > > } > > + free(policydbp->name); > > policydbp->name = id; > > if ((policydbp->version = > > queue_remove(id_queue)) == NULL) { > > diff --git a/checkpolicy/parse_util.c b/checkpolicy/parse_util.c > > index 8c1f393c..f2d1e04d 100644 > > --- a/checkpolicy/parse_util.c > > +++ b/checkpolicy/parse_util.c > > @@ -47,6 +47,7 @@ int read_source_policy(policydb_t * p, const char *file, const char *progname) > > } > > > > policydbp = p; > > + policydbp->name = strdup(file); > > mlspol = p->mls; > > > > init_parser(1); > > diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c > > index dd2749a0..74f6d9c0 100644 > > --- a/libsepol/src/assertion.c > > +++ b/libsepol/src/assertion.c > > @@ -36,13 +36,21 @@ struct avtab_match_args { > > unsigned long errors; > > }; > > > > +static const char* policy_name(policydb_t *p) { > > + const char *policy_file = "policy.conf"; > > + if (p->name) { > > + policy_file = p->name; > > + } > > + return policy_file; > > +} > > + > > static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule, > > unsigned int stype, unsigned int ttype, > > const class_perm_node_t *curperm, uint32_t perms) > > { > > if (avrule->source_filename) { > > - ERR(handle, "neverallow on line %lu of %s (or line %lu of policy.conf) violated by allow %s %s:%s {%s };", > > - avrule->source_line, avrule->source_filename, avrule->line, > > + ERR(handle, "neverallow on line %lu of %s (or line %lu of %s) violated by allow %s %s:%s {%s };", > > + avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), > > p->p_type_val_to_name[stype], > > p->p_type_val_to_name[ttype], > > p->p_class_val_to_name[curperm->tclass - 1], > > @@ -173,9 +181,9 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle, > > /* failure on the extended permission check_extended_permissions */ > > if (rc) { > > extended_permissions_violated(&error, avrule->xperms, xperms); > > - ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of policy.conf) violated by\n" > > + ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n" > > "allowxperm %s %s:%s %s;", > > - avrule->source_line, avrule->source_filename, avrule->line, > > + avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), > > p->p_type_val_to_name[i], > > p->p_type_val_to_name[j], > > p->p_class_val_to_name[curperm->tclass - 1], > > @@ -190,9 +198,9 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle, > > > > /* failure on the regular permissions */ > > if (rc) { > > - ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of policy.conf) violated by\n" > > + ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n" > > "allow %s %s:%s {%s };", > > - avrule->source_line, avrule->source_filename, avrule->line, > > + avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), > > p->p_type_val_to_name[stype], > > p->p_type_val_to_name[ttype], > > p->p_class_val_to_name[curperm->tclass - 1], > > diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c > > index 8667f2ed..7da51a40 100644 > > --- a/libsepol/src/expand.c > > +++ b/libsepol/src/expand.c > > @@ -2970,6 +2970,9 @@ int expand_module(sepol_handle_t * handle, > > > > state.out->policy_type = POLICY_KERN; > > state.out->policyvers = POLICYDB_VERSION_MAX; > > + if (state.base->name) { > > + state.out->name = strdup(state.base->name); > > + } > > > > /* Copy mls state from base to out */ > > out->mls = base->mls; > > -- > > 2.35.1.265.g69c8d7142f-goog > >