On Fri, Dec 8, 2023 at 10:17 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Thu, Dec 7, 2023 at 11:53 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > * add option to display users
> > * drop duplicate option to display booleans
> > * show number of entries before listing them
> > * drop global variable
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > v2:
> > drop 'b' instead of '5' of duplicated boolean option
> > ---
> > checkpolicy/test/dispol.c | 57 ++++++++++++++++++++-------------------
> > 1 file changed, 30 insertions(+), 27 deletions(-)
> >
> > diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
> > index 944ef7ec..18829c97 100644
> > --- a/checkpolicy/test/dispol.c
> > +++ b/checkpolicy/test/dispol.c
> > @@ -33,9 +33,7 @@
> > #include <stdio.h>
> > #include <fcntl.h>
> >
> > -static policydb_t policydb;
> > -
> > -static struct command {
> > +static const struct command {
> > enum {
> > EOL = 0,
> > HEADER = 1,
> > @@ -50,19 +48,19 @@ static struct command {
> > {CMD, '2', "display conditional AVTAB (entirely)"},
> > {CMD, '3', "display conditional AVTAB (only ENABLED rules)"},
> > {CMD, '4', "display conditional AVTAB (only DISABLED rules)"},
> > - {CMD, '5', "display conditional bools"},
> > + {CMD, '5', "display booleans"},
> > {CMD, '6', "display conditional expressions"},
> > {CMD|NOOPT, '7', "change a boolean value"},
> > {CMD, '8', "display role transitions"},
> > {HEADER, 0, ""},
> > {CMD, 'c', "display policy capabilities"},
> > - {CMD, 'b', "display booleans"},
> > {CMD, 'C', "display classes"},
> > + {CMD, 'u', "display users"},
> > {CMD, 'r', "display roles"},
> > {CMD, 't', "display types"},
> > {CMD, 'a', "display type attributes"},
> > {CMD, 'p', "display the list of permissive types"},
> > - {CMD, 'u', "display unknown handling setting"},
> > + {CMD, 'U', "display unknown handling setting"},
> > {CMD, 'F', "display filename_trans rules"},
> > {HEADER, 0, ""},
> > {CMD|NOOPT, 'f', "set output file"},
> > @@ -234,17 +232,6 @@ static int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
> > return 0;
> > }
> >
> > -static int display_bools(policydb_t * p, FILE * fp)
> > -{
> > - unsigned int i;
> > -
> > - for (i = 0; i < p->p_bools.nprim; i++) {
> > - fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
> > - p->bool_val_to_struct[i]->state);
> > - }
> > - return 0;
> > -}
> > -
> > static void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
> > {
> >
> > @@ -313,6 +300,8 @@ static int display_handle_unknown(policydb_t * p, FILE * out_fp)
> > fprintf(out_fp, "Deny unknown classes and permissions\n");
> > else if (p->handle_unknown == REJECT_UNKNOWN)
> > fprintf(out_fp, "Reject unknown classes and permissions\n");
> > + else
> > + fprintf(out_fp, "<INVALID SETTING!>\n");
> > return 0;
> > }
> >
> > @@ -334,7 +323,7 @@ static int display_booleans(policydb_t * p, FILE *fp)
> > {
> > uint32_t i;
> >
> > - fprintf(fp, "booleans:\n");
> > + fprintf(fp, "booleans (#%u):\n", p->p_bools.table->nel);
> > for (i = 0; i < p->p_bools.nprim; i++) {
> > fprintf(fp, "\t%s : %d\n", p->p_bool_val_to_name[i],
> > p->bool_val_to_struct[i]->state);
> > @@ -364,7 +353,7 @@ static int display_classes(policydb_t * p, FILE *fp)
> > {
> > uint32_t i;
> >
> > - fprintf(fp, "classes:\n");
> > + fprintf(fp, "classes (#%u):\n", p->p_classes.table->nel);
> > for (i = 0; i < p->p_classes.nprim; i++) {
> > if (!p->p_class_val_to_name[i])
> > continue;
> > @@ -386,7 +375,7 @@ static void display_permissive(policydb_t *p, FILE *fp)
> > ebitmap_node_t *node;
> > unsigned int i;
> >
> > - fprintf(fp, "permissive sids:\n");
> > + fprintf(fp, "permissive sids (#%u):\n", ebitmap_cardinality(&p->permissive_map));
> > ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
> > fprintf(fp, "\t");
> > display_id(p, fp, SYM_TYPES, i - 1, "");
> > @@ -394,11 +383,25 @@ static void display_permissive(policydb_t *p, FILE *fp)
> > }
> > }
> >
> > +static int display_users(policydb_t * p, FILE *fp)
> > +{
> > + uint32_t i;
> > +
> > + fprintf(fp, "users (#%u):\n", p->p_users.table->nel);
> > + for (i = 0; i < p->p_users.nprim; i++) {
> > + if (!p->p_user_val_to_name[i])
> > + continue;
> > +
> > + fprintf(fp, "\t%s\n", p->p_user_val_to_name[i]);
> > + }
> > + return 0;
> > +}
> > +
> > static int display_roles(policydb_t * p, FILE *fp)
> > {
> > uint32_t i;
> >
> > - fprintf(fp, "roles:\n");
> > + fprintf(fp, "roles (#%u):\n", p->p_roles.table->nel);
> > for (i = 0; i < p->p_roles.nprim; i++) {
> > if (!p->p_role_val_to_name[i])
> > continue;
> > @@ -412,7 +415,7 @@ static int display_types(policydb_t * p, FILE *fp)
> > {
> > uint32_t i;
> >
> > - fprintf(fp, "types:\n");
> > + fprintf(fp, "types (out of #%u):\n", p->p_types.table->nel);
> > for (i = 0; i < p->p_types.nprim; i++) {
> > if (!p->p_type_val_to_name[i])
> > continue;
> > @@ -429,7 +432,7 @@ static int display_attributes(policydb_t * p, FILE *fp)
> > {
> > uint32_t i;
> >
> > - fprintf(fp, "attributes:\n");
> > + fprintf(fp, "attributes (out of #%u):\n", p->p_types.table->nel);
> > for (i = 0; i < p->p_types.nprim; i++) {
> > if (!p->p_type_val_to_name[i])
> > continue;
> > @@ -522,6 +525,7 @@ int main(int argc, char **argv)
> > char *name;
> > int state;
> > struct policy_file pf;
> > + policydb_t policydb;
> >
> > if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
> > usage(argv[0]);
> > @@ -617,7 +621,7 @@ int main(int argc, char **argv)
> > &policydb, out_fp);
> > break;
> > case '5':
> > - display_bools(&policydb, out_fp);
> > + display_booleans(&policydb, out_fp);
> > break;
> > case '6':
> > display_cond_expressions(&policydb, out_fp);
> > @@ -659,9 +663,6 @@ int main(int argc, char **argv)
> > case 'a':
> > display_attributes(&policydb, out_fp);
> > break;
> > - case 'b':
> > - display_booleans(&policydb, out_fp);
> > - break;
> > case 'c':
> > display_policycaps(&policydb, out_fp);
> > break;
> > @@ -678,6 +679,8 @@ int main(int argc, char **argv)
> > display_types(&policydb, out_fp);
> > break;
> > case 'u':
> > + display_users(&policydb, out_fp);
> > + break;
> > case 'U':
> > display_handle_unknown(&policydb, out_fp);
> > break;
> > --
> > 2.43.0
> >
> >
