Re: [PATCH 4/7] checkpolicy/dispol: misc updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 28, 2023 at 1:23 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> * add option to display users
> * drop duplicate option to display booleans
> * show number of entries before listing them
> * drop global variable
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
>  checkpolicy/test/dispol.c | 53 +++++++++++++++++++++------------------
>  1 file changed, 28 insertions(+), 25 deletions(-)
>
> diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
> index 944ef7ec..02cb9499 100644
> --- a/checkpolicy/test/dispol.c
> +++ b/checkpolicy/test/dispol.c
> @@ -33,9 +33,7 @@
>  #include <stdio.h>
>  #include <fcntl.h>
>
> -static policydb_t policydb;
> -
> -static struct command {
> +static const struct command {
>         enum {
>                 EOL    = 0,
>                 HEADER = 1,
> @@ -50,7 +48,6 @@ static struct command {
>         {CMD,       '2',  "display conditional AVTAB (entirely)"},
>         {CMD,       '3',  "display conditional AVTAB (only ENABLED rules)"},
>         {CMD,       '4',  "display conditional AVTAB (only DISABLED rules)"},
> -       {CMD,       '5',  "display conditional bools"},

This command is older than 'b'.
I would like to keep it, but with it saying "display booleans" like
below and calling the display_booleans() function like below.
If there is something else that would use '5', that would be fine. It
just seems weird to skip a number.

Thanks,
Jim

>         {CMD,       '6',  "display conditional expressions"},
>         {CMD|NOOPT, '7',  "change a boolean value"},
>         {CMD,       '8',  "display role transitions"},
> @@ -58,11 +55,12 @@ static struct command {
>         {CMD,       'c',  "display policy capabilities"},
>         {CMD,       'b',  "display booleans"},
>         {CMD,       'C',  "display classes"},
> +       {CMD,       'u',  "display users"},
>         {CMD,       'r',  "display roles"},
>         {CMD,       't',  "display types"},
>         {CMD,       'a',  "display type attributes"},
>         {CMD,       'p',  "display the list of permissive types"},
> -       {CMD,       'u',  "display unknown handling setting"},
> +       {CMD,       'U',  "display unknown handling setting"},
>         {CMD,       'F',  "display filename_trans rules"},
>         {HEADER, 0, ""},
>         {CMD|NOOPT, 'f',  "set output file"},
> @@ -234,17 +232,6 @@ static int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
>         return 0;
>  }
>
> -static int display_bools(policydb_t * p, FILE * fp)
> -{
> -       unsigned int i;
> -
> -       for (i = 0; i < p->p_bools.nprim; i++) {
> -               fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
> -                       p->bool_val_to_struct[i]->state);
> -       }
> -       return 0;
> -}
> -
>  static void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
>  {
>
> @@ -313,6 +300,8 @@ static int display_handle_unknown(policydb_t * p, FILE * out_fp)
>                 fprintf(out_fp, "Deny unknown classes and permissions\n");
>         else if (p->handle_unknown == REJECT_UNKNOWN)
>                 fprintf(out_fp, "Reject unknown classes and permissions\n");
> +       else
> +               fprintf(out_fp, "<INVALID SETTING!>\n");
>         return 0;
>  }
>
> @@ -334,7 +323,7 @@ static int display_booleans(policydb_t * p, FILE *fp)
>  {
>         uint32_t i;
>
> -       fprintf(fp, "booleans:\n");
> +       fprintf(fp, "booleans (#%u):\n", p->p_bools.table->nel);
>         for (i = 0; i < p->p_bools.nprim; i++) {
>                 fprintf(fp, "\t%s : %d\n", p->p_bool_val_to_name[i],
>                         p->bool_val_to_struct[i]->state);
> @@ -364,7 +353,7 @@ static int display_classes(policydb_t * p, FILE *fp)
>  {
>         uint32_t i;
>
> -       fprintf(fp, "classes:\n");
> +       fprintf(fp, "classes (#%u):\n", p->p_classes.table->nel);
>         for (i = 0; i < p->p_classes.nprim; i++) {
>                 if (!p->p_class_val_to_name[i])
>                         continue;
> @@ -386,7 +375,7 @@ static void display_permissive(policydb_t *p, FILE *fp)
>         ebitmap_node_t *node;
>         unsigned int i;
>
> -       fprintf(fp, "permissive sids:\n");
> +       fprintf(fp, "permissive sids (#%u):\n", ebitmap_cardinality(&p->permissive_map));
>         ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
>                 fprintf(fp, "\t");
>                 display_id(p, fp, SYM_TYPES, i - 1, "");
> @@ -394,11 +383,25 @@ static void display_permissive(policydb_t *p, FILE *fp)
>         }
>  }
>
> +static int display_users(policydb_t * p, FILE *fp)
> +{
> +       uint32_t i;
> +
> +       fprintf(fp, "users (#%u):\n", p->p_users.table->nel);
> +       for (i = 0; i < p->p_users.nprim; i++) {
> +               if (!p->p_user_val_to_name[i])
> +                       continue;
> +
> +               fprintf(fp, "\t%s\n", p->p_user_val_to_name[i]);
> +       }
> +       return 0;
> +}
> +
>  static int display_roles(policydb_t * p, FILE *fp)
>  {
>         uint32_t i;
>
> -       fprintf(fp, "roles:\n");
> +       fprintf(fp, "roles (#%u):\n", p->p_roles.table->nel);
>         for (i = 0; i < p->p_roles.nprim; i++) {
>                 if (!p->p_role_val_to_name[i])
>                         continue;
> @@ -412,7 +415,7 @@ static int display_types(policydb_t * p, FILE *fp)
>  {
>         uint32_t i;
>
> -       fprintf(fp, "types:\n");
> +       fprintf(fp, "types (out of #%u):\n", p->p_types.table->nel);
>         for (i = 0; i < p->p_types.nprim; i++) {
>                 if (!p->p_type_val_to_name[i])
>                         continue;
> @@ -429,7 +432,7 @@ static int display_attributes(policydb_t * p, FILE *fp)
>  {
>         uint32_t i;
>
> -       fprintf(fp, "attributes:\n");
> +       fprintf(fp, "attributes (out of #%u):\n", p->p_types.table->nel);
>         for (i = 0; i < p->p_types.nprim; i++) {
>                 if (!p->p_type_val_to_name[i])
>                         continue;
> @@ -522,6 +525,7 @@ int main(int argc, char **argv)
>         char *name;
>         int state;
>         struct policy_file pf;
> +       policydb_t policydb;
>
>         if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
>                 usage(argv[0]);
> @@ -616,9 +620,6 @@ int main(int argc, char **argv)
>                         display_avtab(&policydb.te_cond_avtab, RENDER_DISABLED,
>                                       &policydb, out_fp);
>                         break;
> -               case '5':
> -                       display_bools(&policydb, out_fp);
> -                       break;
>                 case '6':
>                         display_cond_expressions(&policydb, out_fp);
>                         break;
> @@ -678,6 +679,8 @@ int main(int argc, char **argv)
>                         display_types(&policydb, out_fp);
>                         break;
>                 case 'u':
> +                       display_users(&policydb, out_fp);
> +                       break;
>                 case 'U':
>                         display_handle_unknown(&policydb, out_fp);
>                         break;
> --
> 2.43.0
>
>





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux