James Carter <jwcart2@xxxxxxxxx> writes:
> On Fri, May 12, 2023 at 6:12 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
>>
>> * fix minus self formatting in neverallow rules, avoiding `~ - self`
>>
>> * show neverallow and neverallowxperm rules
>>
>> * whitespace improvements in output
>> - avoid duplicate whitespaces before permission list, since
>> sepol_av_to_string() already adds a trailing one
>> - avoid duplicate whitespace after wildcard type
>> - unify indentation for xperm rules
>>
>> * drop unused global variables
>>
>> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
merged, thanks
>> ---
>> v2:
>> drop extra whitespace in between ~ and { for type sets
>> (there are still some minor spacing issues like
>> neverallow test1_t ~ self : file { read };
>> but they would need an overhaul of the common display_id() function)
>> ---
>> checkpolicy/test/dismod.c | 33 +++++++++++++++++++--------------
>> 1 file changed, 19 insertions(+), 14 deletions(-)
>>
>> diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
>> index 929ee308..5ec33860 100644
>> --- a/checkpolicy/test/dismod.c
>> +++ b/checkpolicy/test/dismod.c
>> @@ -54,11 +54,8 @@
>> #define DISPLAY_AVBLOCK_FILENAME_TRANS 7
>>
>> static policydb_t policydb;
>> -extern unsigned int ss_initialized;
>>
>> -int policyvers = MOD_POLICYDB_VERSION_BASE;
>> -
>> -static const char *symbol_labels[9] = {
>> +static const char *const symbol_labels[9] = {
>> "commons",
>> "classes", "roles ", "types ", "users ", "bools ",
>> "levels ", "cats ", "attribs"
>> @@ -86,12 +83,12 @@ static void render_access_bitmap(ebitmap_t * map, uint32_t class,
>> {
>> unsigned int i;
>> char *perm;
>> - fprintf(fp, "{");
>> + fprintf(fp, " {");
>> for (i = ebitmap_startbit(map); i < ebitmap_length(map); i++) {
>> if (ebitmap_get_bit(map, i)) {
>> perm = sepol_av_to_string(p, class, UINT32_C(1) << i);
>> if (perm)
>> - fprintf(fp, " %s", perm);
>> + fprintf(fp, "%s", perm);
>> }
>> }
>> fprintf(fp, " }");
>> @@ -117,10 +114,12 @@ static int display_type_set(type_set_t * set, uint32_t flags, policydb_t * polic
>> unsigned int i, num_types;
>>
>> if (set->flags & TYPE_STAR) {
>> - fprintf(fp, " * ");
>> + fprintf(fp, " *");
>> return 0;
>> } else if (set->flags & TYPE_COMP) {
>> fprintf(fp, " ~");
>> + } else {
>> + fprintf(fp, " ");
>> }
>>
>> num_types = 0;
>> @@ -170,7 +169,10 @@ static int display_type_set(type_set_t * set, uint32_t flags, policydb_t * polic
>> }
>>
>> if (flags & RULE_NOTSELF) {
>> - fprintf(fp, " -self");
>> + if (set->flags & TYPE_COMP)
>> + fprintf(fp, " self");
>> + else
>> + fprintf(fp, " -self");
>> }
>>
>> if (num_types > 1)
>> @@ -234,6 +236,9 @@ static int display_avrule(avrule_t * avrule, policydb_t * policy,
>> if (avrule->specified & AVRULE_DONTAUDIT) {
>> fprintf(fp, " dontaudit");
>> }
>> + if (avrule->specified & AVRULE_NEVERALLOW) {
>> + fprintf(fp, " neverallow");
>> + }
>> } else if (avrule->specified & AVRULE_TYPE) {
>> if (avrule->specified & AVRULE_TRANSITION) {
>> fprintf(fp, " type_transition");
>> @@ -244,15 +249,15 @@ static int display_avrule(avrule_t * avrule, policydb_t * policy,
>> if (avrule->specified & AVRULE_CHANGE) {
>> fprintf(fp, " type_change");
>> }
>> - } else if (avrule->specified & AVRULE_NEVERALLOW) {
>> - fprintf(fp, " neverallow");
>> } else if (avrule->specified & AVRULE_XPERMS) {
>> if (avrule->specified & AVRULE_XPERMS_ALLOWED)
>> - fprintf(fp, "allowxperm ");
>> + fprintf(fp, " allowxperm");
>> else if (avrule->specified & AVRULE_XPERMS_AUDITALLOW)
>> - fprintf(fp, "auditallowxperm ");
>> + fprintf(fp, " auditallowxperm");
>> else if (avrule->specified & AVRULE_XPERMS_DONTAUDIT)
>> - fprintf(fp, "dontauditxperm ");
>> + fprintf(fp, " dontauditxperm");
>> + else if (avrule->specified & AVRULE_XPERMS_NEVERALLOW)
>> + fprintf(fp, " neverallowxperm");
>> } else {
>> fprintf(fp, " ERROR: no valid rule type specified\n");
>> return -1;
>> @@ -560,7 +565,7 @@ static int display_scope_index(scope_index_t * indices, policydb_t * p,
>> p, out_fp);
>> } else {
>> fprintf(out_fp,
>> - "<no perms known>");
>> + " <no perms known>");
>> }
>> }
>> }
>> --
>> 2.40.1
>>
