* [PATCH] libsepol: Move secilc out of libsepol
@ 2015-03-26 19:30 Yuli Khodorkovskiy
2015-03-26 20:24 ` Stephen Smalley
2015-03-30 15:02 ` Stephen Smalley
0 siblings, 2 replies; 6+ messages in thread
From: Yuli Khodorkovskiy @ 2015-03-26 19:30 UTC (permalink / raw)
To: selinux
Since the secilc compiler is independent of libsepol, move secilc out of
libsepol. Linke secilc dynamically rather than statically with libsepol.
- Move secilc source, test policies, docs, and secilc manpage to secilc
directory.
- Remove unneeded Makefile from libsepol/cil. To build secilc, run make
in the secilc directory.
- Add target to install the secilc binary to /usr/bin/.
- Create an Android makefile for secilc and move secilc out of libsepol
Android makefile.
- Add cil_set_mls to libsepol public API as it is needed by secilc.
- Remove policy.conf from testing since it is no longer used.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
---
Makefile | 2 +-
libsepol/Android.mk | 15 ---
libsepol/cil/Makefile | 102 ---------------
libsepol/cil/test/policy.conf | 143 ---------------------
libsepol/src/libsepol.map.in | 1 +
secilc/.gitignore | 6 +
secilc/Android.mk | 31 +++++
{libsepol/cil => secilc}/COPYING | 0
secilc/Makefile | 47 +++++++
{libsepol/cil => secilc}/README | 26 ++--
.../cil => secilc}/docs/CIL_Reference_Guide.xml | 0
{libsepol/cil => secilc}/docs/Makefile | 17 +--
.../docs/cil_access_vector_rules.xml | 0
.../docs/cil_call_macro_statements.xml | 0
.../docs/cil_class_and_permission_statements.xml | 0
.../docs/cil_conditional_statements.xml | 0
.../docs/cil_constraint_statements.xml | 0
.../docs/cil_container_statements.xml | 0
.../cil => secilc}/docs/cil_context_statement.xml | 0
.../docs/cil_default_object_statements.xml | 0
{libsepol/cil => secilc}/docs/cil_design.dia | Bin
{libsepol/cil => secilc}/docs/cil_design.jpeg | Bin
.../docs/cil_file_labeling_statements.xml | 0
.../docs/cil_mls_labeling_statements.xml | 0
.../docs/cil_network_labeling_statements.xml | 0
.../docs/cil_policy_config_statements.xml | 0
.../cil => secilc}/docs/cil_role_statements.xml | 0
.../cil => secilc}/docs/cil_sid_statements.xml | 0
.../cil => secilc}/docs/cil_type_statements.xml | 0
.../cil => secilc}/docs/cil_user_statements.xml | 0
.../cil => secilc}/docs/cil_xen_statements.xml | 0
{libsepol/cil/docs => secilc}/secilc.8.xml | 0
{libsepol/cil => secilc}/secilc.c | 36 +++---
{libsepol/cil => secilc}/test/block_test.cil | 0
{libsepol/cil => secilc}/test/in_test.cil | 0
{libsepol/cil => secilc}/test/integration.cil | 0
{libsepol/cil => secilc}/test/minimum.cil | 0
.../cil => secilc}/test/name_resolution_test.cil | 0
{libsepol/cil => secilc}/test/optional_test.cil | 0
{libsepol/cil => secilc}/test/policy.cil | 0
40 files changed, 116 insertions(+), 310 deletions(-)
delete mode 100644 libsepol/cil/Makefile
delete mode 100644 libsepol/cil/test/policy.conf
create mode 100644 secilc/.gitignore
create mode 100644 secilc/Android.mk
rename {libsepol/cil => secilc}/COPYING (100%)
create mode 100644 secilc/Makefile
rename {libsepol/cil => secilc}/README (73%)
rename {libsepol/cil => secilc}/docs/CIL_Reference_Guide.xml (100%)
rename {libsepol/cil => secilc}/docs/Makefile (81%)
rename {libsepol/cil => secilc}/docs/cil_access_vector_rules.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_call_macro_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_class_and_permission_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_conditional_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_constraint_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_container_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_context_statement.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_default_object_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_design.dia (100%)
rename {libsepol/cil => secilc}/docs/cil_design.jpeg (100%)
rename {libsepol/cil => secilc}/docs/cil_file_labeling_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_mls_labeling_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_network_labeling_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_policy_config_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_role_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_sid_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_type_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_user_statements.xml (100%)
rename {libsepol/cil => secilc}/docs/cil_xen_statements.xml (100%)
rename {libsepol/cil/docs => secilc}/secilc.8.xml (100%)
rename {libsepol/cil => secilc}/secilc.c (90%)
rename {libsepol/cil => secilc}/test/block_test.cil (100%)
rename {libsepol/cil => secilc}/test/in_test.cil (100%)
rename {libsepol/cil => secilc}/test/integration.cil (100%)
rename {libsepol/cil => secilc}/test/minimum.cil (100%)
rename {libsepol/cil => secilc}/test/name_resolution_test.cil (100%)
rename {libsepol/cil => secilc}/test/optional_test.cil (100%)
rename {libsepol/cil => secilc}/test/policy.cil (100%)
diff --git a/Makefile b/Makefile
index f71faab..93e10de 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy policycoreutils # policy
+SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy secilc policycoreutils # policy
PYSUBDIRS=libselinux libsemanage
DISTCLEANSUBIDRS=libselinux libsemanage
diff --git a/libsepol/Android.mk b/libsepol/Android.mk
index ab4bcd1..3e4700b 100644
--- a/libsepol/Android.mk
+++ b/libsepol/Android.mk
@@ -135,18 +135,3 @@ LOCAL_SRC_FILES := $(common_src_files)
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
include $(BUILD_STATIC_LIBRARY)
-
-##
-# secilc
-#
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := secilc
-LOCAL_MODULE_TAGS := optional
-LOCAL_C_INCLUDES := $(common_includes)
-LOCAL_CFLAGS := $(common_cflags)
-LOCAL_SRC_FILES := cil/secilc.c
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_MODULE_CLASS := EXECUTABLES
-
-include $(BUILD_HOST_EXECUTABLE)
diff --git a/libsepol/cil/Makefile b/libsepol/cil/Makefile
deleted file mode 100644
index 9f52ee4..0000000
--- a/libsepol/cil/Makefile
+++ /dev/null
@@ -1,102 +0,0 @@
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-SRCDIR ?= ./src
-TESTDIR ?= ./test
-UNITDIR ?= $(TESTDIR)/unit
-LIBCILDIR ?= $(SRCDIR)
-
-LEX = flex
-
-DEBUG = 0
-
-SECILC = secilc
-
-UNIT = unit_tests
-
-SECILC_SRCS := secilc.c
-SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
-
-TEST_SRCS := $(wildcard $(UNITDIR)/*.c)
-TEST_OBJS := $(patsubst %.c,%.o,$(TEST_SRCS))
-
-LIBCIL_GENERATED := $(LIBCILDIR)/cil_lexer.c
-LIBCIL_SRCS := $(wildcard $(LIBCILDIR)/*.c) $(LIBCIL_GENERATED)
-LIBCIL_OBJS := $(patsubst %.c,%.o,$(LIBCIL_SRCS))
-LIBCIL_INCLUDES := $(wildcard $(LIBCILDIR)/*.h)
-
-LIBCIL_STATIC := $(SRCDIR)/libcil.a
-
-LIBSEPOL_STATIC = /usr/lib/libsepol.a
-
-LIBS =
-LDFLAGS =
-COVCFLAGS = -fprofile-arcs -ftest-coverage -O0
-
-CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
-
-ifeq ($(DEBUG),1)
- override CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -DDEBUG
- override LDFLAGS += -g
-else
- override CFLAGS += -O2
-endif
-
-override CFLAGS += -I./include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
-
-ARCH := $(patsubst i%86,i386,$(shell uname -m))
-ifneq (,$(filter i386,$(ARCH)))
- TLSFLAGS += -mno-tls-direct-seg-refs
-endif
-ifneq (,$(filter x86_64,$(ARCH)))
- override LDFLAGS += -I/usr/lib64
- override LIBSEPOL_STATIC = /usr/lib64/libsepol.a
-endif
-
-all: $(SECILC)
-
-%.o: %.c $(LIBCIL_INCLUDES)
- $(CC) $(CFLAGS) -c -o $@ $<
-
-$(LIBCIL_STATIC): $(LIBCIL_OBJS)
- $(AR) rcs $@ $^
- ranlib $@
-
-$(LIBCIL_GENERATED): $(LIBCILDIR)/cil_lexer.l
- $(LEX) -t $< > $@
-
-$(UNIT): $(TEST_OBJS) $(LIBCIL_STATIC)
- $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS)
-
-$(SECILC): $(SECILC_OBJS) $(LIBCIL_STATIC)
- $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS)
-
-unit: $(SECILC) $(UNIT)
-
-# Requires lcov 1.9+ (--ignore-errors)
-coverage: CFLAGS += $(COVCFLAGS)
-coverage: clean unit
- ./unit_tests
- test -d cov || mkdir cov
- lcov --directory src --capture --output-file cov/app.info --ignore-errors source -b src
- lcov --remove cov/app.info '/usr/include/*' --remove cov/app.info 'sepol/*' --output-file cov/app.info
- genhtml -o ./cov/html ./cov/app.info
-
-test: $(SECILC)
- ./$(SECILC) test/policy.cil
-
-clean:
- rm -f $(SECILC)
- rm -f $(LIBCIL_STATIC)
- rm -f $(TEST_OBJS) $(SECILC_OBJS)
- rm -rf cov src/*.gcda src/*.gcno *.gcda *.gcno
- rm -f $(LIBCIL_OBJS)
-
-bare: clean
- rm -f $(LIBCIL_GENERATED)
- rm -f $(UNIT)
- rm -f policy.*
- rm -f file_contexts
-
-.PHONY: all bare clean coverage test unit
diff --git a/libsepol/cil/test/policy.conf b/libsepol/cil/test/policy.conf
deleted file mode 100644
index 938af91..0000000
--- a/libsepol/cil/test/policy.conf
+++ /dev/null
@@ -1,143 +0,0 @@
-class file
-class process
-class char
-
-sid kernel
-sid security
-sid unlabeled
-
-common file {ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton }
-
-class file inherits file { execute_no_trans entrypoint execmod open audit_access }
-class char inherits file { foo transition }
-class process { open }
-
-sensitivity s0 alias sens0;
-sensitivity s1;
-
-dominance { s0 s1 }
-
-category c0 alias cat0;
-category c1;
-category c2;
-
-level s0:c0.c2;
-level s1:c0.c2;
-
-mlsconstrain file { open } (not (((l1 eq l2) and (u1 eq u2)) or (r1 eq r2)));
-mlsconstrain file { open } (((l1 eq l2) and (u1 eq u2)) or (r1 != r2));
-mlsconstrain file { open } (l1 dom h2);
-mlsconstrain file { open } (h1 domby l2);
-mlsconstrain file { open } (l1 incomp l2);
-
-mlsvalidatetrans file (h1 domby l2);
-
-attribute foo_type;
-attribute bar_type;
-attribute baz_type;
-attribute exec_type;
-
-type bin_t, bar_type, exec_type;
-type kernel_t, foo_type, exec_type, baz_type;
-type security_t, baz_type;
-type unlabeled_t, baz_type;
-
-type exec_t, baz_type;
-type console_t, baz_type;
-type auditadm_t, baz_type;
-type console_device_t, baz_type;
-type user_tty_device_t, baz_type;
-type device_t, baz_type;
-type getty_t, baz_type;
-type a_t, baz_type;
-type b_t, baz_type;
-
-typealias bin_t alias sbin_t;
-
-bool secure_mode false;
-bool console_login true;
-bool b1 false;
-
-role system_r;
-role user_r;
-role system_r types bin_t;
-role system_r types kernel_t;
-role system_r types security_t;
-role system_r types unlabeled_t;
-
-policycap open_perms;
-permissive device_t;
-
-range_transition device_t console_t : file s0:c0 - s1:c0.c1;
-
-type_transition device_t console_t : file console_device_t;
-type_member device_t bin_t : file exec_t;
-
-if console_login{
- type_change auditadm_t console_device_t : file user_tty_device_t;
-}
-
-role_transition system_r bin_t user_r;
-
-auditallow device_t auditadm_t: file { open };
-dontaudit device_t auditadm_t: file { read };
-
-allow system_r user_r;
-
-allow console_t console_device_t: char { write setattr };
-allow console_t console_device_t: file { open read getattr };
-allow foo_type self: file { execute };
-allow bin_t device_t: file { execute };
-allow bin_t exec_t: file { execute };
-allow bin_t bin_t: file { execute };
-allow a_t b_t : file { write };
-allow console_t console_device_t: file { read write getattr setattr lock append };
-allow kernel_t kernel_t : file { execute };
-
-if b1 {
- allow a_t b_t : file { read };
-}
-
-if secure_mode{
- auditallow device_t exec_t: file { read write };
-}
-
-if console_login{
- allow getty_t console_device_t: file { getattr open read write append };
-}
-else {
- dontaudit getty_t console_device_t: file { getattr open read write append };
-}
-
-if (not ((secure_mode eq console_login) xor ((secure_mode or console_login) and secure_mode))){
- allow bin_t exec_t: file { execute };
-}
-
-user system_u roles system_r level s0:c0 range s0:c0 - s1:c0,c1;
-user user_u roles user_r level s0:c0 range s0:c0 - s0:c0;
-
-validatetrans file (t1 == exec_t);
-
-constrain char transition (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
-constrain file { open } (r1 dom r2);
-constrain file { open } (r1 domby r2);
-constrain file { open } (r1 incomp r2);
-constrain file { open read getattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
-constrain char { write setattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
-
-
-sid kernel system_u:system_r:kernel_t:s0:c0 - s1:c0,c1
-sid security system_u:system_r:security_t:s0:c0 - s1:c0,c1
-sid unlabeled system_u:system_r:unlabeled_t:s0:c0 - s1:c0,c1
-
-fs_use_xattr ext3 system_u:system_r:bin_t:s0:c0 - s1:c0,c1;
-
-genfscon proc /usr/bin system_u:system_r:bin_t:s0:c0 - s1:c0,c1
-
-portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
-portcon udp 25 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
-
-netifcon eth0 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
-
-nodecon 192.25.35.200 192.168.1.1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
-nodecon 2001:db8:ac10:fe01:: 2001:de0:da88:2222:: system_u:system_r:bin_t:s0:c0 - s1:c0,c1
diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in
index 1285314..0ae0f1a 100644
--- a/libsepol/src/libsepol.map.in
+++ b/libsepol/src/libsepol.map.in
@@ -44,5 +44,6 @@ LIBSEPOL_1.1 {
cil_filecons_to_string;
cil_set_target_platform;
cil_set_policy_version;
+ cil_set_mls;
local: *;
} LIBSEPOL_1.0;
diff --git a/secilc/.gitignore b/secilc/.gitignore
new file mode 100644
index 0000000..98c367a
--- /dev/null
+++ b/secilc/.gitignore
@@ -0,0 +1,6 @@
+secilc
+secilc.8
+policy.*
+file_contexts
+docs/html
+docs/pdf
diff --git a/secilc/Android.mk b/secilc/Android.mk
new file mode 100644
index 0000000..b80955c
--- /dev/null
+++ b/secilc/Android.mk
@@ -0,0 +1,31 @@
+LOCAL_PATH:= $(call my-dir)
+
+common_src_files := secilc.c
+
+common_cflags := \
+ -Wall -Wshadow -O2 \
+ -pipe -fno-strict-aliasing \
+ -Wno-return-type
+
+ifeq ($(HOST_OS), darwin)
+common_cflags += -DDARWIN
+endif
+
+common_includes := \
+ $(LOCAL_PATH)/../libsepol/cil/include/ \
+ $(LOCAL_PATH)/../libsepol/include/ \
+
+##
+# secilc
+#
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := secilc
+LOCAL_MODULE_TAGS := optional
+LOCAL_C_INCLUDES := $(common_includes)
+LOCAL_CFLAGS := $(common_cflags)
+LOCAL_SRC_FILES := ./secilc.c
+LOCAL_SHARED_LIRARIES := libsepol
+LOCAL_MODULE_CLASS := EXECUTABLES
+
+include $(BUILD_HOST_EXECUTABLE)
diff --git a/libsepol/cil/COPYING b/secilc/COPYING
similarity index 100%
rename from libsepol/cil/COPYING
rename to secilc/COPYING
diff --git a/secilc/Makefile b/secilc/Makefile
new file mode 100644
index 0000000..d6767fa
--- /dev/null
+++ b/secilc/Makefile
@@ -0,0 +1,47 @@
+PREFIX ?= $(DESTDIR)/usr
+BINDIR ?= $(PREFIX)/bin
+MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+TESTDIR ?= ./test
+
+LDFLAGS = -lsepol
+SECILC = secilc
+SECILC_SRCS := secilc.c
+SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
+
+# The secilc man page:
+MANPAGE = secilc.8
+XMLTO = $(shell which xmlto 2> /dev/null | grep / | head -n1)
+
+CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
+
+override CFLAGS += -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
+
+$(SECILC): $(SECILC_OBJS)
+ $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
+
+all: $(SECILC) man
+
+test: $(SECILC)
+ ./$(SECILC) test/policy.cil
+
+man: $(MANPAGE).xml
+ $(XMLTO) man $(MANPAGE).xml
+
+install: all man
+ -mkdir -p $(BINDIR)
+ -mkdir -p $(MANDIR)/man8
+ install -m 755 $(SECILC) $(BINDIR)
+ install -m 644 $(MANPAGE) $(MANDIR)/man8
+
+doc:
+ $(MAKE) -C docs
+
+clean:
+ rm -f $(SECILC)
+ rm -f $(SECILC_OBJS)
+ rm -f policy.*
+ rm -f file_contexts
+ rm -f $(MANPAGE)
+
+.PHONY: all clean test install doc
diff --git a/libsepol/cil/README b/secilc/README
similarity index 73%
rename from libsepol/cil/README
rename to secilc/README
index e25f849..14b8cc8 100644
--- a/libsepol/cil/README
+++ b/secilc/README
@@ -11,34 +11,30 @@ INTRODUCTION
DEPENDENCIES
gcc >= 4.5.1
- libsepol-static >= 2.1.4
- lcov >= 1.9
- flex >= 2.5.35
+ libsepol >= 2.4
BUILD STEPS
- Open a terminal client and execute the following command to download the source code:
-
- git clone https://github.com/SELinuxProject/cil.git
-
- Change directory into the "cil" directory.
Run "make" with one of the following targets:
make
- Build the CIL compiler (secilc)
+ Build the CIL compiler (secilc).
- make unit
- Build the unit_test application to run unit tests
+ make test
+ Pass a sample policy to test with the compiler.
- make coverage
- Build the unit test binary and create coverage reports
+ make install
+ Install the secilc compiler and man page to disk.
make clean
- Remove temporary build files
+ Remove temporary build files.
+
+ make man
+ Build the secilc man page.
make bare
- Remove temporary build files and compile binaries
+ Remove temporary build files and compile binaries.
USAGE
diff --git a/libsepol/cil/docs/CIL_Reference_Guide.xml b/secilc/docs/CIL_Reference_Guide.xml
similarity index 100%
rename from libsepol/cil/docs/CIL_Reference_Guide.xml
rename to secilc/docs/CIL_Reference_Guide.xml
diff --git a/libsepol/cil/docs/Makefile b/secilc/docs/Makefile
similarity index 81%
rename from libsepol/cil/docs/Makefile
rename to secilc/docs/Makefile
index cf18e36..1655f59 100644
--- a/libsepol/cil/docs/Makefile
+++ b/secilc/docs/Makefile
@@ -1,6 +1,5 @@
HTMLDIR ?= ./html
PDFDIR ?= ./pdf
-MAN8DIR ?= ./man8
# The CIL Reference Guide first part
CIL_REF_GUIDE = CIL_Reference_Guide.xml
@@ -9,10 +8,6 @@ FILE_LIST ?= $(CIL_REF_GUIDE) $(wildcard cil*.xml)
# xmlto generates a *.proc file that can be removed.
PROC_FILE = CIL_Reference_Guide.proc
-# The secilc man page:
-MANPAGE = secilc.8.xml
-
-
# look for xmlto and dblatex packages
XMLTO = $(shell which xmlto 2> /dev/null | grep / | head -n1)
DBLATEX = $(shell which dblatex 2> /dev/null | grep / | head -n1)
@@ -22,7 +17,7 @@ ifeq ($(XMLTO),)
$(error xmlto package not found - install package.)
endif
-all: html pdf man
+all: html pdf
html: $(FILE_LIST)
$(XMLTO) html $(CIL_REF_GUIDE)
@@ -41,10 +36,6 @@ endif
@for m in *.pdf; do if [ -f $$m ]; then mv $$m $(PDFDIR); fi; done
@rm -f $(PROC_FILE)
-
-man: $(MANPAGE)
- $(XMLTO) man $(MANPAGE)
- @mkdir -p $(MAN8DIR)
- @for m in *.8; do if [ -f $$m ]; then mv $$m $(MAN8DIR); fi; done
- @rm -f $(MANPAGE).proc
-
+clean:
+ @rm -rf html/
+ @rm -rf pdf/
diff --git a/libsepol/cil/docs/cil_access_vector_rules.xml b/secilc/docs/cil_access_vector_rules.xml
similarity index 100%
rename from libsepol/cil/docs/cil_access_vector_rules.xml
rename to secilc/docs/cil_access_vector_rules.xml
diff --git a/libsepol/cil/docs/cil_call_macro_statements.xml b/secilc/docs/cil_call_macro_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_call_macro_statements.xml
rename to secilc/docs/cil_call_macro_statements.xml
diff --git a/libsepol/cil/docs/cil_class_and_permission_statements.xml b/secilc/docs/cil_class_and_permission_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_class_and_permission_statements.xml
rename to secilc/docs/cil_class_and_permission_statements.xml
diff --git a/libsepol/cil/docs/cil_conditional_statements.xml b/secilc/docs/cil_conditional_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_conditional_statements.xml
rename to secilc/docs/cil_conditional_statements.xml
diff --git a/libsepol/cil/docs/cil_constraint_statements.xml b/secilc/docs/cil_constraint_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_constraint_statements.xml
rename to secilc/docs/cil_constraint_statements.xml
diff --git a/libsepol/cil/docs/cil_container_statements.xml b/secilc/docs/cil_container_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_container_statements.xml
rename to secilc/docs/cil_container_statements.xml
diff --git a/libsepol/cil/docs/cil_context_statement.xml b/secilc/docs/cil_context_statement.xml
similarity index 100%
rename from libsepol/cil/docs/cil_context_statement.xml
rename to secilc/docs/cil_context_statement.xml
diff --git a/libsepol/cil/docs/cil_default_object_statements.xml b/secilc/docs/cil_default_object_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_default_object_statements.xml
rename to secilc/docs/cil_default_object_statements.xml
diff --git a/libsepol/cil/docs/cil_design.dia b/secilc/docs/cil_design.dia
similarity index 100%
rename from libsepol/cil/docs/cil_design.dia
rename to secilc/docs/cil_design.dia
diff --git a/libsepol/cil/docs/cil_design.jpeg b/secilc/docs/cil_design.jpeg
similarity index 100%
rename from libsepol/cil/docs/cil_design.jpeg
rename to secilc/docs/cil_design.jpeg
diff --git a/libsepol/cil/docs/cil_file_labeling_statements.xml b/secilc/docs/cil_file_labeling_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_file_labeling_statements.xml
rename to secilc/docs/cil_file_labeling_statements.xml
diff --git a/libsepol/cil/docs/cil_mls_labeling_statements.xml b/secilc/docs/cil_mls_labeling_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_mls_labeling_statements.xml
rename to secilc/docs/cil_mls_labeling_statements.xml
diff --git a/libsepol/cil/docs/cil_network_labeling_statements.xml b/secilc/docs/cil_network_labeling_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_network_labeling_statements.xml
rename to secilc/docs/cil_network_labeling_statements.xml
diff --git a/libsepol/cil/docs/cil_policy_config_statements.xml b/secilc/docs/cil_policy_config_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_policy_config_statements.xml
rename to secilc/docs/cil_policy_config_statements.xml
diff --git a/libsepol/cil/docs/cil_role_statements.xml b/secilc/docs/cil_role_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_role_statements.xml
rename to secilc/docs/cil_role_statements.xml
diff --git a/libsepol/cil/docs/cil_sid_statements.xml b/secilc/docs/cil_sid_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_sid_statements.xml
rename to secilc/docs/cil_sid_statements.xml
diff --git a/libsepol/cil/docs/cil_type_statements.xml b/secilc/docs/cil_type_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_type_statements.xml
rename to secilc/docs/cil_type_statements.xml
diff --git a/libsepol/cil/docs/cil_user_statements.xml b/secilc/docs/cil_user_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_user_statements.xml
rename to secilc/docs/cil_user_statements.xml
diff --git a/libsepol/cil/docs/cil_xen_statements.xml b/secilc/docs/cil_xen_statements.xml
similarity index 100%
rename from libsepol/cil/docs/cil_xen_statements.xml
rename to secilc/docs/cil_xen_statements.xml
diff --git a/libsepol/cil/docs/secilc.8.xml b/secilc/secilc.8.xml
similarity index 100%
rename from libsepol/cil/docs/secilc.8.xml
rename to secilc/secilc.8.xml
diff --git a/libsepol/cil/secilc.c b/secilc/secilc.c
similarity index 90%
rename from libsepol/cil/secilc.c
rename to secilc/secilc.c
index f4e32b3..923151c 100644
--- a/libsepol/cil/secilc.c
+++ b/secilc/secilc.c
@@ -34,7 +34,7 @@
#include <getopt.h>
#include <sys/stat.h>
-#include <cil/cil.h>
+#include <sepol/cil/cil.h>
#include <sepol/policydb.h>
void usage(char *prog)
@@ -210,13 +210,13 @@ int main(int argc, char *argv[])
for (i = optind; i < argc; i++) {
file = fopen(argv[i], "r");
if (!file) {
- cil_log(CIL_ERR, "Could not open file: %s\n", argv[i]);
+ fprintf(stderr, "Could not open file: %s\n", argv[i]);
rc = SEPOL_ERR;
goto exit;
}
rc = stat(argv[i], &filedata);
if (rc == -1) {
- cil_log(CIL_ERR, "Could not stat file: %s\n", argv[i]);
+ fprintf(stderr, "Could not stat file: %s\n", argv[i]);
goto exit;
}
file_size = filedata.st_size;
@@ -224,7 +224,7 @@ int main(int argc, char *argv[])
buffer = malloc(file_size);
rc = fread(buffer, file_size, 1, file);
if (rc != 1) {
- cil_log(CIL_ERR, "Failure reading file: %s\n", argv[i]);
+ fprintf(stderr, "Failure reading file: %s\n", argv[i]);
goto exit;
}
fclose(file);
@@ -232,7 +232,7 @@ int main(int argc, char *argv[])
rc = cil_add_file(db, argv[i], buffer, file_size);
if (rc != SEPOL_OK) {
- cil_log(CIL_ERR, "Failure adding %s\n", argv[i]);
+ fprintf(stderr, "Failure adding %s\n", argv[i]);
goto exit;
}
@@ -242,13 +242,13 @@ int main(int argc, char *argv[])
rc = cil_compile(db);
if (rc != SEPOL_OK) {
- cil_log(CIL_ERR, "Failed to compile cildb: %d\n", rc);
+ fprintf(stderr, "Failed to compile cildb: %d\n", rc);
goto exit;
}
rc = cil_build_policydb(db, &pdb);
if (rc != SEPOL_OK) {
- cil_log(CIL_ERR, "Failed to build policydb\n");
+ fprintf(stderr, "Failed to build policydb\n");
goto exit;
}
@@ -256,29 +256,27 @@ int main(int argc, char *argv[])
int size = snprintf(NULL, 0, "policy.%d", policyvers);
output = malloc((size + 1) * sizeof(char));
if (output == NULL) {
- cil_log(CIL_ERR, "Failed to create output filename\n");
+ fprintf(stderr, "Failed to create output filename\n");
rc = SEPOL_ERR;
goto exit;
}
if (snprintf(output, size + 1, "policy.%d", policyvers) != size) {
- cil_log(CIL_ERR, "Failed to create output filename\n");
+ fprintf(stderr, "Failed to create output filename\n");
rc = SEPOL_ERR;
goto exit;
}
}
- cil_log(CIL_INFO, "Writing binary to %s\n", output);
-
binary = fopen(output, "w");
if (binary == NULL) {
- cil_log(CIL_ERR, "Failure opening binary file for writing\n");
+ fprintf(stderr, "Failure opening binary file for writing\n");
rc = SEPOL_ERR;
goto exit;
}
rc = sepol_policy_file_create(&pf);
if (rc != 0) {
- cil_log(CIL_ERR, "Failed to create policy file: %d\n", rc);
+ fprintf(stderr, "Failed to create policy file: %d\n", rc);
goto exit;
}
@@ -286,18 +284,16 @@ int main(int argc, char *argv[])
rc = sepol_policydb_write(pdb, pf);
if (rc != 0) {
- cil_log(CIL_ERR, "Failed to write binary policy: %d\n", rc);
+ fprintf(stderr, "Failed to write binary policy: %d\n", rc);
goto exit;
}
fclose(binary);
binary = NULL;
- cil_log(CIL_INFO, "Writing file contexts\n");
-
rc = cil_filecons_to_string(db, &fc_buf, &fc_size);
if (rc != SEPOL_OK) {
- cil_log(CIL_ERR, "Failed to get file context data\n");
+ fprintf(stderr, "Failed to get file context data\n");
goto exit;
}
@@ -308,12 +304,12 @@ int main(int argc, char *argv[])
}
if (file_contexts == NULL) {
- cil_log(CIL_ERR, "Failed to open file_contexts file\n");
+ fprintf(stderr, "Failed to open file_contexts file\n");
goto exit;
}
if (fwrite(fc_buf, sizeof(char), fc_size, file_contexts) != fc_size) {
- cil_log(CIL_ERR, "Failed to write file_contexts file\n");
+ fprintf(stderr, "Failed to write file_contexts file\n");
goto exit;
}
@@ -323,8 +319,6 @@ int main(int argc, char *argv[])
rc = SEPOL_OK;
exit:
- cil_log(CIL_INFO,"Exiting\n");
-
if (binary != NULL) {
fclose(binary);
}
diff --git a/libsepol/cil/test/block_test.cil b/secilc/test/block_test.cil
similarity index 100%
rename from libsepol/cil/test/block_test.cil
rename to secilc/test/block_test.cil
diff --git a/libsepol/cil/test/in_test.cil b/secilc/test/in_test.cil
similarity index 100%
rename from libsepol/cil/test/in_test.cil
rename to secilc/test/in_test.cil
diff --git a/libsepol/cil/test/integration.cil b/secilc/test/integration.cil
similarity index 100%
rename from libsepol/cil/test/integration.cil
rename to secilc/test/integration.cil
diff --git a/libsepol/cil/test/minimum.cil b/secilc/test/minimum.cil
similarity index 100%
rename from libsepol/cil/test/minimum.cil
rename to secilc/test/minimum.cil
diff --git a/libsepol/cil/test/name_resolution_test.cil b/secilc/test/name_resolution_test.cil
similarity index 100%
rename from libsepol/cil/test/name_resolution_test.cil
rename to secilc/test/name_resolution_test.cil
diff --git a/libsepol/cil/test/optional_test.cil b/secilc/test/optional_test.cil
similarity index 100%
rename from libsepol/cil/test/optional_test.cil
rename to secilc/test/optional_test.cil
diff --git a/libsepol/cil/test/policy.cil b/secilc/test/policy.cil
similarity index 100%
rename from libsepol/cil/test/policy.cil
rename to secilc/test/policy.cil
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] libsepol: Move secilc out of libsepol
2015-03-26 19:30 [PATCH] libsepol: Move secilc out of libsepol Yuli Khodorkovskiy
@ 2015-03-26 20:24 ` Stephen Smalley
2015-03-26 23:40 ` Nick Kralevich
2015-03-30 15:02 ` Stephen Smalley
1 sibling, 1 reply; 6+ messages in thread
From: Stephen Smalley @ 2015-03-26 20:24 UTC (permalink / raw)
To: Yuli Khodorkovskiy, selinux
On 03/26/2015 03:30 PM, Yuli Khodorkovskiy wrote:
> Since the secilc compiler is independent of libsepol, move secilc out of
> libsepol. Linke secilc dynamically rather than statically with libsepol.
>
> - Move secilc source, test policies, docs, and secilc manpage to secilc
> directory.
> - Remove unneeded Makefile from libsepol/cil. To build secilc, run make
> in the secilc directory.
> - Add target to install the secilc binary to /usr/bin/.
> - Create an Android makefile for secilc and move secilc out of libsepol
> Android makefile.
> - Add cil_set_mls to libsepol public API as it is needed by secilc.
> - Remove policy.conf from testing since it is no longer used.
>
> Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Hmmm...will have to think about how we want to handle this in future
releases and in Android. Presently we generate separate tar releases
for each component, not the entire tree, so it introduces a new
component that distributions will need to add, and Android would have to
introduce an external/secilc project or just keep stuffing it under
libsepol for convenience.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] libsepol: Move secilc out of libsepol
2015-03-26 20:24 ` Stephen Smalley
@ 2015-03-26 23:40 ` Nick Kralevich
2015-03-27 12:23 ` Stephen Smalley
0 siblings, 1 reply; 6+ messages in thread
From: Nick Kralevich @ 2015-03-26 23:40 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
On Thu, Mar 26, 2015 at 1:24 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>
> On 03/26/2015 03:30 PM, Yuli Khodorkovskiy wrote:
> > Since the secilc compiler is independent of libsepol, move secilc out of
> > libsepol. Linke secilc dynamically rather than statically with libsepol.
> >
> > - Move secilc source, test policies, docs, and secilc manpage to secilc
> > directory.
> > - Remove unneeded Makefile from libsepol/cil. To build secilc, run make
> > in the secilc directory.
> > - Add target to install the secilc binary to /usr/bin/.
> > - Create an Android makefile for secilc and move secilc out of libsepol
> > Android makefile.
> > - Add cil_set_mls to libsepol public API as it is needed by secilc.
> > - Remove policy.conf from testing since it is no longer used.
> >
> > Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
>
> Hmmm...will have to think about how we want to handle this in future
> releases and in Android. Presently we generate separate tar releases
> for each component, not the entire tree, so it introduces a new
> component that distributions will need to add, and Android would have to
> introduce an external/secilc project or just keep stuffing it under
> libsepol for convenience.
For Android, we could create a new external/selinux project for
storing a mirror of https://github.com/SELinuxProject/selinux . Having
separate repositories for libselinux and libsepol has always struck me
as odd.
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
--
Nick Kralevich | Android Security | nnk@google.com | 650.214.4037
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] libsepol: Move secilc out of libsepol
2015-03-26 23:40 ` Nick Kralevich
@ 2015-03-27 12:23 ` Stephen Smalley
0 siblings, 0 replies; 6+ messages in thread
From: Stephen Smalley @ 2015-03-27 12:23 UTC (permalink / raw)
To: Nick Kralevich; +Cc: SELinux
On 03/26/2015 07:40 PM, Nick Kralevich wrote:
> On Thu, Mar 26, 2015 at 1:24 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>
>> On 03/26/2015 03:30 PM, Yuli Khodorkovskiy wrote:
>>> Since the secilc compiler is independent of libsepol, move secilc out of
>>> libsepol. Linke secilc dynamically rather than statically with libsepol.
>>>
>>> - Move secilc source, test policies, docs, and secilc manpage to secilc
>>> directory.
>>> - Remove unneeded Makefile from libsepol/cil. To build secilc, run make
>>> in the secilc directory.
>>> - Add target to install the secilc binary to /usr/bin/.
>>> - Create an Android makefile for secilc and move secilc out of libsepol
>>> Android makefile.
>>> - Add cil_set_mls to libsepol public API as it is needed by secilc.
>>> - Remove policy.conf from testing since it is no longer used.
>>>
>>> Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
>>
>> Hmmm...will have to think about how we want to handle this in future
>> releases and in Android. Presently we generate separate tar releases
>> for each component, not the entire tree, so it introduces a new
>> component that distributions will need to add, and Android would have to
>> introduce an external/secilc project or just keep stuffing it under
>> libsepol for convenience.
>
> For Android, we could create a new external/selinux project for
> storing a mirror of https://github.com/SELinuxProject/selinux . Having
> separate repositories for libselinux and libsepol has always struck me
> as odd.
Yes, that would likely be helpful for the components that we use
unmodified (libsepol, checkpolicy) and to ease future use of other
components like secilc and audit2allow. libselinux however is truly a
fork with significant modifications.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] libsepol: Move secilc out of libsepol
2015-03-26 19:30 [PATCH] libsepol: Move secilc out of libsepol Yuli Khodorkovskiy
2015-03-26 20:24 ` Stephen Smalley
@ 2015-03-30 15:02 ` Stephen Smalley
2015-03-31 14:05 ` Yuli Khodorkovskiy
1 sibling, 1 reply; 6+ messages in thread
From: Stephen Smalley @ 2015-03-30 15:02 UTC (permalink / raw)
To: Yuli Khodorkovskiy, selinux
On 03/26/2015 03:30 PM, Yuli Khodorkovskiy wrote:
> Since the secilc compiler is independent of libsepol, move secilc out of
> libsepol. Linke secilc dynamically rather than statically with libsepol.
>
> - Move secilc source, test policies, docs, and secilc manpage to secilc
> directory.
> - Remove unneeded Makefile from libsepol/cil. To build secilc, run make
> in the secilc directory.
> - Add target to install the secilc binary to /usr/bin/.
> - Create an Android makefile for secilc and move secilc out of libsepol
> Android makefile.
> - Add cil_set_mls to libsepol public API as it is needed by secilc.
> - Remove policy.conf from testing since it is no longer used.
>
> Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
No longer builds with make DESTDIR=~/obj install:
cc -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute
-Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
-I/home/sds/obj/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -o
secilc secilc.o -lsepol
secilc.o: In function `main':
secilc.c:(.text+0x564): undefined reference to `cil_set_log_level'
secilc.c:(.text+0x573): undefined reference to `cil_db_init'
secilc.c:(.text+0x587): undefined reference to `cil_set_disable_dontaudit'
secilc.c:(.text+0x59b): undefined reference to `cil_set_disable_neverallow'
secilc.c:(.text+0x5af): undefined reference to `cil_set_preserve_tunables'
secilc.c:(.text+0x5c9): undefined reference to `cil_set_handle_unknown'
secilc.c:(.text+0x5eb): undefined reference to `cil_set_mls'
secilc.c:(.text+0x5ff): undefined reference to `cil_set_target_platform'
secilc.c:(.text+0x613): undefined reference to `cil_set_policy_version'
secilc.c:(.text+0x7b8): undefined reference to `cil_add_file'
secilc.c:(.text+0x82f): undefined reference to `cil_compile'
secilc.c:(.text+0x86f): undefined reference to `cil_build_policydb'
secilc.c:(.text+0xa5f): undefined reference to `cil_filecons_to_string'
secilc.c:(.text+0xba2): undefined reference to `cil_db_destroy'
collect2: error: ld returned 1 exit status
make[1]: *** [secilc] Error 1
make[1]: Leaving directory `/home/sds/selinux/secilc'
> ---
> Makefile | 2 +-
> libsepol/Android.mk | 15 ---
> libsepol/cil/Makefile | 102 ---------------
> libsepol/cil/test/policy.conf | 143 ---------------------
> libsepol/src/libsepol.map.in | 1 +
> secilc/.gitignore | 6 +
> secilc/Android.mk | 31 +++++
> {libsepol/cil => secilc}/COPYING | 0
> secilc/Makefile | 47 +++++++
> {libsepol/cil => secilc}/README | 26 ++--
> .../cil => secilc}/docs/CIL_Reference_Guide.xml | 0
> {libsepol/cil => secilc}/docs/Makefile | 17 +--
> .../docs/cil_access_vector_rules.xml | 0
> .../docs/cil_call_macro_statements.xml | 0
> .../docs/cil_class_and_permission_statements.xml | 0
> .../docs/cil_conditional_statements.xml | 0
> .../docs/cil_constraint_statements.xml | 0
> .../docs/cil_container_statements.xml | 0
> .../cil => secilc}/docs/cil_context_statement.xml | 0
> .../docs/cil_default_object_statements.xml | 0
> {libsepol/cil => secilc}/docs/cil_design.dia | Bin
> {libsepol/cil => secilc}/docs/cil_design.jpeg | Bin
> .../docs/cil_file_labeling_statements.xml | 0
> .../docs/cil_mls_labeling_statements.xml | 0
> .../docs/cil_network_labeling_statements.xml | 0
> .../docs/cil_policy_config_statements.xml | 0
> .../cil => secilc}/docs/cil_role_statements.xml | 0
> .../cil => secilc}/docs/cil_sid_statements.xml | 0
> .../cil => secilc}/docs/cil_type_statements.xml | 0
> .../cil => secilc}/docs/cil_user_statements.xml | 0
> .../cil => secilc}/docs/cil_xen_statements.xml | 0
> {libsepol/cil/docs => secilc}/secilc.8.xml | 0
> {libsepol/cil => secilc}/secilc.c | 36 +++---
> {libsepol/cil => secilc}/test/block_test.cil | 0
> {libsepol/cil => secilc}/test/in_test.cil | 0
> {libsepol/cil => secilc}/test/integration.cil | 0
> {libsepol/cil => secilc}/test/minimum.cil | 0
> .../cil => secilc}/test/name_resolution_test.cil | 0
> {libsepol/cil => secilc}/test/optional_test.cil | 0
> {libsepol/cil => secilc}/test/policy.cil | 0
> 40 files changed, 116 insertions(+), 310 deletions(-)
> delete mode 100644 libsepol/cil/Makefile
> delete mode 100644 libsepol/cil/test/policy.conf
> create mode 100644 secilc/.gitignore
> create mode 100644 secilc/Android.mk
> rename {libsepol/cil => secilc}/COPYING (100%)
> create mode 100644 secilc/Makefile
> rename {libsepol/cil => secilc}/README (73%)
> rename {libsepol/cil => secilc}/docs/CIL_Reference_Guide.xml (100%)
> rename {libsepol/cil => secilc}/docs/Makefile (81%)
> rename {libsepol/cil => secilc}/docs/cil_access_vector_rules.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_call_macro_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_class_and_permission_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_conditional_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_constraint_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_container_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_context_statement.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_default_object_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_design.dia (100%)
> rename {libsepol/cil => secilc}/docs/cil_design.jpeg (100%)
> rename {libsepol/cil => secilc}/docs/cil_file_labeling_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_mls_labeling_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_network_labeling_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_policy_config_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_role_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_sid_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_type_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_user_statements.xml (100%)
> rename {libsepol/cil => secilc}/docs/cil_xen_statements.xml (100%)
> rename {libsepol/cil/docs => secilc}/secilc.8.xml (100%)
> rename {libsepol/cil => secilc}/secilc.c (90%)
> rename {libsepol/cil => secilc}/test/block_test.cil (100%)
> rename {libsepol/cil => secilc}/test/in_test.cil (100%)
> rename {libsepol/cil => secilc}/test/integration.cil (100%)
> rename {libsepol/cil => secilc}/test/minimum.cil (100%)
> rename {libsepol/cil => secilc}/test/name_resolution_test.cil (100%)
> rename {libsepol/cil => secilc}/test/optional_test.cil (100%)
> rename {libsepol/cil => secilc}/test/policy.cil (100%)
>
> diff --git a/Makefile b/Makefile
> index f71faab..93e10de 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1,4 +1,4 @@
> -SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy policycoreutils # policy
> +SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy secilc policycoreutils # policy
> PYSUBDIRS=libselinux libsemanage
> DISTCLEANSUBIDRS=libselinux libsemanage
>
> diff --git a/libsepol/Android.mk b/libsepol/Android.mk
> index ab4bcd1..3e4700b 100644
> --- a/libsepol/Android.mk
> +++ b/libsepol/Android.mk
> @@ -135,18 +135,3 @@ LOCAL_SRC_FILES := $(common_src_files)
> LOCAL_MODULE_CLASS := STATIC_LIBRARIES
>
> include $(BUILD_STATIC_LIBRARY)
> -
> -##
> -# secilc
> -#
> -include $(CLEAR_VARS)
> -
> -LOCAL_MODULE := secilc
> -LOCAL_MODULE_TAGS := optional
> -LOCAL_C_INCLUDES := $(common_includes)
> -LOCAL_CFLAGS := $(common_cflags)
> -LOCAL_SRC_FILES := cil/secilc.c
> -LOCAL_STATIC_LIBRARIES := libsepol
> -LOCAL_MODULE_CLASS := EXECUTABLES
> -
> -include $(BUILD_HOST_EXECUTABLE)
> diff --git a/libsepol/cil/Makefile b/libsepol/cil/Makefile
> deleted file mode 100644
> index 9f52ee4..0000000
> --- a/libsepol/cil/Makefile
> +++ /dev/null
> @@ -1,102 +0,0 @@
> -PREFIX ?= $(DESTDIR)/usr
> -LIBDIR ?= $(PREFIX)/lib
> -SHLIBDIR ?= $(DESTDIR)/lib
> -INCLUDEDIR ?= $(PREFIX)/include
> -SRCDIR ?= ./src
> -TESTDIR ?= ./test
> -UNITDIR ?= $(TESTDIR)/unit
> -LIBCILDIR ?= $(SRCDIR)
> -
> -LEX = flex
> -
> -DEBUG = 0
> -
> -SECILC = secilc
> -
> -UNIT = unit_tests
> -
> -SECILC_SRCS := secilc.c
> -SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
> -
> -TEST_SRCS := $(wildcard $(UNITDIR)/*.c)
> -TEST_OBJS := $(patsubst %.c,%.o,$(TEST_SRCS))
> -
> -LIBCIL_GENERATED := $(LIBCILDIR)/cil_lexer.c
> -LIBCIL_SRCS := $(wildcard $(LIBCILDIR)/*.c) $(LIBCIL_GENERATED)
> -LIBCIL_OBJS := $(patsubst %.c,%.o,$(LIBCIL_SRCS))
> -LIBCIL_INCLUDES := $(wildcard $(LIBCILDIR)/*.h)
> -
> -LIBCIL_STATIC := $(SRCDIR)/libcil.a
> -
> -LIBSEPOL_STATIC = /usr/lib/libsepol.a
> -
> -LIBS =
> -LDFLAGS =
> -COVCFLAGS = -fprofile-arcs -ftest-coverage -O0
> -
> -CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
> -
> -ifeq ($(DEBUG),1)
> - override CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -DDEBUG
> - override LDFLAGS += -g
> -else
> - override CFLAGS += -O2
> -endif
> -
> -override CFLAGS += -I./include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
> -
> -ARCH := $(patsubst i%86,i386,$(shell uname -m))
> -ifneq (,$(filter i386,$(ARCH)))
> - TLSFLAGS += -mno-tls-direct-seg-refs
> -endif
> -ifneq (,$(filter x86_64,$(ARCH)))
> - override LDFLAGS += -I/usr/lib64
> - override LIBSEPOL_STATIC = /usr/lib64/libsepol.a
> -endif
> -
> -all: $(SECILC)
> -
> -%.o: %.c $(LIBCIL_INCLUDES)
> - $(CC) $(CFLAGS) -c -o $@ $<
> -
> -$(LIBCIL_STATIC): $(LIBCIL_OBJS)
> - $(AR) rcs $@ $^
> - ranlib $@
> -
> -$(LIBCIL_GENERATED): $(LIBCILDIR)/cil_lexer.l
> - $(LEX) -t $< > $@
> -
> -$(UNIT): $(TEST_OBJS) $(LIBCIL_STATIC)
> - $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS)
> -
> -$(SECILC): $(SECILC_OBJS) $(LIBCIL_STATIC)
> - $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS)
> -
> -unit: $(SECILC) $(UNIT)
> -
> -# Requires lcov 1.9+ (--ignore-errors)
> -coverage: CFLAGS += $(COVCFLAGS)
> -coverage: clean unit
> - ./unit_tests
> - test -d cov || mkdir cov
> - lcov --directory src --capture --output-file cov/app.info --ignore-errors source -b src
> - lcov --remove cov/app.info '/usr/include/*' --remove cov/app.info 'sepol/*' --output-file cov/app.info
> - genhtml -o ./cov/html ./cov/app.info
> -
> -test: $(SECILC)
> - ./$(SECILC) test/policy.cil
> -
> -clean:
> - rm -f $(SECILC)
> - rm -f $(LIBCIL_STATIC)
> - rm -f $(TEST_OBJS) $(SECILC_OBJS)
> - rm -rf cov src/*.gcda src/*.gcno *.gcda *.gcno
> - rm -f $(LIBCIL_OBJS)
> -
> -bare: clean
> - rm -f $(LIBCIL_GENERATED)
> - rm -f $(UNIT)
> - rm -f policy.*
> - rm -f file_contexts
> -
> -.PHONY: all bare clean coverage test unit
> diff --git a/libsepol/cil/test/policy.conf b/libsepol/cil/test/policy.conf
> deleted file mode 100644
> index 938af91..0000000
> --- a/libsepol/cil/test/policy.conf
> +++ /dev/null
> @@ -1,143 +0,0 @@
> -class file
> -class process
> -class char
> -
> -sid kernel
> -sid security
> -sid unlabeled
> -
> -common file {ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton }
> -
> -class file inherits file { execute_no_trans entrypoint execmod open audit_access }
> -class char inherits file { foo transition }
> -class process { open }
> -
> -sensitivity s0 alias sens0;
> -sensitivity s1;
> -
> -dominance { s0 s1 }
> -
> -category c0 alias cat0;
> -category c1;
> -category c2;
> -
> -level s0:c0.c2;
> -level s1:c0.c2;
> -
> -mlsconstrain file { open } (not (((l1 eq l2) and (u1 eq u2)) or (r1 eq r2)));
> -mlsconstrain file { open } (((l1 eq l2) and (u1 eq u2)) or (r1 != r2));
> -mlsconstrain file { open } (l1 dom h2);
> -mlsconstrain file { open } (h1 domby l2);
> -mlsconstrain file { open } (l1 incomp l2);
> -
> -mlsvalidatetrans file (h1 domby l2);
> -
> -attribute foo_type;
> -attribute bar_type;
> -attribute baz_type;
> -attribute exec_type;
> -
> -type bin_t, bar_type, exec_type;
> -type kernel_t, foo_type, exec_type, baz_type;
> -type security_t, baz_type;
> -type unlabeled_t, baz_type;
> -
> -type exec_t, baz_type;
> -type console_t, baz_type;
> -type auditadm_t, baz_type;
> -type console_device_t, baz_type;
> -type user_tty_device_t, baz_type;
> -type device_t, baz_type;
> -type getty_t, baz_type;
> -type a_t, baz_type;
> -type b_t, baz_type;
> -
> -typealias bin_t alias sbin_t;
> -
> -bool secure_mode false;
> -bool console_login true;
> -bool b1 false;
> -
> -role system_r;
> -role user_r;
> -role system_r types bin_t;
> -role system_r types kernel_t;
> -role system_r types security_t;
> -role system_r types unlabeled_t;
> -
> -policycap open_perms;
> -permissive device_t;
> -
> -range_transition device_t console_t : file s0:c0 - s1:c0.c1;
> -
> -type_transition device_t console_t : file console_device_t;
> -type_member device_t bin_t : file exec_t;
> -
> -if console_login{
> - type_change auditadm_t console_device_t : file user_tty_device_t;
> -}
> -
> -role_transition system_r bin_t user_r;
> -
> -auditallow device_t auditadm_t: file { open };
> -dontaudit device_t auditadm_t: file { read };
> -
> -allow system_r user_r;
> -
> -allow console_t console_device_t: char { write setattr };
> -allow console_t console_device_t: file { open read getattr };
> -allow foo_type self: file { execute };
> -allow bin_t device_t: file { execute };
> -allow bin_t exec_t: file { execute };
> -allow bin_t bin_t: file { execute };
> -allow a_t b_t : file { write };
> -allow console_t console_device_t: file { read write getattr setattr lock append };
> -allow kernel_t kernel_t : file { execute };
> -
> -if b1 {
> - allow a_t b_t : file { read };
> -}
> -
> -if secure_mode{
> - auditallow device_t exec_t: file { read write };
> -}
> -
> -if console_login{
> - allow getty_t console_device_t: file { getattr open read write append };
> -}
> -else {
> - dontaudit getty_t console_device_t: file { getattr open read write append };
> -}
> -
> -if (not ((secure_mode eq console_login) xor ((secure_mode or console_login) and secure_mode))){
> - allow bin_t exec_t: file { execute };
> -}
> -
> -user system_u roles system_r level s0:c0 range s0:c0 - s1:c0,c1;
> -user user_u roles user_r level s0:c0 range s0:c0 - s0:c0;
> -
> -validatetrans file (t1 == exec_t);
> -
> -constrain char transition (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
> -constrain file { open } (r1 dom r2);
> -constrain file { open } (r1 domby r2);
> -constrain file { open } (r1 incomp r2);
> -constrain file { open read getattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
> -constrain char { write setattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
> -
> -
> -sid kernel system_u:system_r:kernel_t:s0:c0 - s1:c0,c1
> -sid security system_u:system_r:security_t:s0:c0 - s1:c0,c1
> -sid unlabeled system_u:system_r:unlabeled_t:s0:c0 - s1:c0,c1
> -
> -fs_use_xattr ext3 system_u:system_r:bin_t:s0:c0 - s1:c0,c1;
> -
> -genfscon proc /usr/bin system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -
> -portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -portcon udp 25 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -
> -netifcon eth0 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -
> -nodecon 192.25.35.200 192.168.1.1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> -nodecon 2001:db8:ac10:fe01:: 2001:de0:da88:2222:: system_u:system_r:bin_t:s0:c0 - s1:c0,c1
> diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in
> index 1285314..0ae0f1a 100644
> --- a/libsepol/src/libsepol.map.in
> +++ b/libsepol/src/libsepol.map.in
> @@ -44,5 +44,6 @@ LIBSEPOL_1.1 {
> cil_filecons_to_string;
> cil_set_target_platform;
> cil_set_policy_version;
> + cil_set_mls;
> local: *;
> } LIBSEPOL_1.0;
> diff --git a/secilc/.gitignore b/secilc/.gitignore
> new file mode 100644
> index 0000000..98c367a
> --- /dev/null
> +++ b/secilc/.gitignore
> @@ -0,0 +1,6 @@
> +secilc
> +secilc.8
> +policy.*
> +file_contexts
> +docs/html
> +docs/pdf
> diff --git a/secilc/Android.mk b/secilc/Android.mk
> new file mode 100644
> index 0000000..b80955c
> --- /dev/null
> +++ b/secilc/Android.mk
> @@ -0,0 +1,31 @@
> +LOCAL_PATH:= $(call my-dir)
> +
> +common_src_files := secilc.c
> +
> +common_cflags := \
> + -Wall -Wshadow -O2 \
> + -pipe -fno-strict-aliasing \
> + -Wno-return-type
> +
> +ifeq ($(HOST_OS), darwin)
> +common_cflags += -DDARWIN
> +endif
> +
> +common_includes := \
> + $(LOCAL_PATH)/../libsepol/cil/include/ \
> + $(LOCAL_PATH)/../libsepol/include/ \
> +
> +##
> +# secilc
> +#
> +include $(CLEAR_VARS)
> +
> +LOCAL_MODULE := secilc
> +LOCAL_MODULE_TAGS := optional
> +LOCAL_C_INCLUDES := $(common_includes)
> +LOCAL_CFLAGS := $(common_cflags)
> +LOCAL_SRC_FILES := ./secilc.c
> +LOCAL_SHARED_LIRARIES := libsepol
> +LOCAL_MODULE_CLASS := EXECUTABLES
> +
> +include $(BUILD_HOST_EXECUTABLE)
> diff --git a/libsepol/cil/COPYING b/secilc/COPYING
> similarity index 100%
> rename from libsepol/cil/COPYING
> rename to secilc/COPYING
> diff --git a/secilc/Makefile b/secilc/Makefile
> new file mode 100644
> index 0000000..d6767fa
> --- /dev/null
> +++ b/secilc/Makefile
> @@ -0,0 +1,47 @@
> +PREFIX ?= $(DESTDIR)/usr
> +BINDIR ?= $(PREFIX)/bin
> +MANDIR ?= $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +TESTDIR ?= ./test
> +
> +LDFLAGS = -lsepol
> +SECILC = secilc
> +SECILC_SRCS := secilc.c
> +SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
> +
> +# The secilc man page:
> +MANPAGE = secilc.8
> +XMLTO = $(shell which xmlto 2> /dev/null | grep / | head -n1)
> +
> +CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
> +
> +override CFLAGS += -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
> +
> +$(SECILC): $(SECILC_OBJS)
> + $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
> +
> +all: $(SECILC) man
> +
> +test: $(SECILC)
> + ./$(SECILC) test/policy.cil
> +
> +man: $(MANPAGE).xml
> + $(XMLTO) man $(MANPAGE).xml
> +
> +install: all man
> + -mkdir -p $(BINDIR)
> + -mkdir -p $(MANDIR)/man8
> + install -m 755 $(SECILC) $(BINDIR)
> + install -m 644 $(MANPAGE) $(MANDIR)/man8
> +
> +doc:
> + $(MAKE) -C docs
> +
> +clean:
> + rm -f $(SECILC)
> + rm -f $(SECILC_OBJS)
> + rm -f policy.*
> + rm -f file_contexts
> + rm -f $(MANPAGE)
> +
> +.PHONY: all clean test install doc
> diff --git a/libsepol/cil/README b/secilc/README
> similarity index 73%
> rename from libsepol/cil/README
> rename to secilc/README
> index e25f849..14b8cc8 100644
> --- a/libsepol/cil/README
> +++ b/secilc/README
> @@ -11,34 +11,30 @@ INTRODUCTION
> DEPENDENCIES
>
> gcc >= 4.5.1
> - libsepol-static >= 2.1.4
> - lcov >= 1.9
> - flex >= 2.5.35
> + libsepol >= 2.4
>
>
> BUILD STEPS
>
> - Open a terminal client and execute the following command to download the source code:
> -
> - git clone https://github.com/SELinuxProject/cil.git
> -
> - Change directory into the "cil" directory.
> Run "make" with one of the following targets:
>
> make
> - Build the CIL compiler (secilc)
> + Build the CIL compiler (secilc).
>
> - make unit
> - Build the unit_test application to run unit tests
> + make test
> + Pass a sample policy to test with the compiler.
>
> - make coverage
> - Build the unit test binary and create coverage reports
> + make install
> + Install the secilc compiler and man page to disk.
>
> make clean
> - Remove temporary build files
> + Remove temporary build files.
> +
> + make man
> + Build the secilc man page.
>
> make bare
> - Remove temporary build files and compile binaries
> + Remove temporary build files and compile binaries.
>
>
> USAGE
> diff --git a/libsepol/cil/docs/CIL_Reference_Guide.xml b/secilc/docs/CIL_Reference_Guide.xml
> similarity index 100%
> rename from libsepol/cil/docs/CIL_Reference_Guide.xml
> rename to secilc/docs/CIL_Reference_Guide.xml
> diff --git a/libsepol/cil/docs/Makefile b/secilc/docs/Makefile
> similarity index 81%
> rename from libsepol/cil/docs/Makefile
> rename to secilc/docs/Makefile
> index cf18e36..1655f59 100644
> --- a/libsepol/cil/docs/Makefile
> +++ b/secilc/docs/Makefile
> @@ -1,6 +1,5 @@
> HTMLDIR ?= ./html
> PDFDIR ?= ./pdf
> -MAN8DIR ?= ./man8
>
> # The CIL Reference Guide first part
> CIL_REF_GUIDE = CIL_Reference_Guide.xml
> @@ -9,10 +8,6 @@ FILE_LIST ?= $(CIL_REF_GUIDE) $(wildcard cil*.xml)
> # xmlto generates a *.proc file that can be removed.
> PROC_FILE = CIL_Reference_Guide.proc
>
> -# The secilc man page:
> -MANPAGE = secilc.8.xml
> -
> -
> # look for xmlto and dblatex packages
> XMLTO = $(shell which xmlto 2> /dev/null | grep / | head -n1)
> DBLATEX = $(shell which dblatex 2> /dev/null | grep / | head -n1)
> @@ -22,7 +17,7 @@ ifeq ($(XMLTO),)
> $(error xmlto package not found - install package.)
> endif
>
> -all: html pdf man
> +all: html pdf
>
> html: $(FILE_LIST)
> $(XMLTO) html $(CIL_REF_GUIDE)
> @@ -41,10 +36,6 @@ endif
> @for m in *.pdf; do if [ -f $$m ]; then mv $$m $(PDFDIR); fi; done
> @rm -f $(PROC_FILE)
>
> -
> -man: $(MANPAGE)
> - $(XMLTO) man $(MANPAGE)
> - @mkdir -p $(MAN8DIR)
> - @for m in *.8; do if [ -f $$m ]; then mv $$m $(MAN8DIR); fi; done
> - @rm -f $(MANPAGE).proc
> -
> +clean:
> + @rm -rf html/
> + @rm -rf pdf/
> diff --git a/libsepol/cil/docs/cil_access_vector_rules.xml b/secilc/docs/cil_access_vector_rules.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_access_vector_rules.xml
> rename to secilc/docs/cil_access_vector_rules.xml
> diff --git a/libsepol/cil/docs/cil_call_macro_statements.xml b/secilc/docs/cil_call_macro_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_call_macro_statements.xml
> rename to secilc/docs/cil_call_macro_statements.xml
> diff --git a/libsepol/cil/docs/cil_class_and_permission_statements.xml b/secilc/docs/cil_class_and_permission_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_class_and_permission_statements.xml
> rename to secilc/docs/cil_class_and_permission_statements.xml
> diff --git a/libsepol/cil/docs/cil_conditional_statements.xml b/secilc/docs/cil_conditional_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_conditional_statements.xml
> rename to secilc/docs/cil_conditional_statements.xml
> diff --git a/libsepol/cil/docs/cil_constraint_statements.xml b/secilc/docs/cil_constraint_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_constraint_statements.xml
> rename to secilc/docs/cil_constraint_statements.xml
> diff --git a/libsepol/cil/docs/cil_container_statements.xml b/secilc/docs/cil_container_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_container_statements.xml
> rename to secilc/docs/cil_container_statements.xml
> diff --git a/libsepol/cil/docs/cil_context_statement.xml b/secilc/docs/cil_context_statement.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_context_statement.xml
> rename to secilc/docs/cil_context_statement.xml
> diff --git a/libsepol/cil/docs/cil_default_object_statements.xml b/secilc/docs/cil_default_object_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_default_object_statements.xml
> rename to secilc/docs/cil_default_object_statements.xml
> diff --git a/libsepol/cil/docs/cil_design.dia b/secilc/docs/cil_design.dia
> similarity index 100%
> rename from libsepol/cil/docs/cil_design.dia
> rename to secilc/docs/cil_design.dia
> diff --git a/libsepol/cil/docs/cil_design.jpeg b/secilc/docs/cil_design.jpeg
> similarity index 100%
> rename from libsepol/cil/docs/cil_design.jpeg
> rename to secilc/docs/cil_design.jpeg
> diff --git a/libsepol/cil/docs/cil_file_labeling_statements.xml b/secilc/docs/cil_file_labeling_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_file_labeling_statements.xml
> rename to secilc/docs/cil_file_labeling_statements.xml
> diff --git a/libsepol/cil/docs/cil_mls_labeling_statements.xml b/secilc/docs/cil_mls_labeling_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_mls_labeling_statements.xml
> rename to secilc/docs/cil_mls_labeling_statements.xml
> diff --git a/libsepol/cil/docs/cil_network_labeling_statements.xml b/secilc/docs/cil_network_labeling_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_network_labeling_statements.xml
> rename to secilc/docs/cil_network_labeling_statements.xml
> diff --git a/libsepol/cil/docs/cil_policy_config_statements.xml b/secilc/docs/cil_policy_config_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_policy_config_statements.xml
> rename to secilc/docs/cil_policy_config_statements.xml
> diff --git a/libsepol/cil/docs/cil_role_statements.xml b/secilc/docs/cil_role_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_role_statements.xml
> rename to secilc/docs/cil_role_statements.xml
> diff --git a/libsepol/cil/docs/cil_sid_statements.xml b/secilc/docs/cil_sid_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_sid_statements.xml
> rename to secilc/docs/cil_sid_statements.xml
> diff --git a/libsepol/cil/docs/cil_type_statements.xml b/secilc/docs/cil_type_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_type_statements.xml
> rename to secilc/docs/cil_type_statements.xml
> diff --git a/libsepol/cil/docs/cil_user_statements.xml b/secilc/docs/cil_user_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_user_statements.xml
> rename to secilc/docs/cil_user_statements.xml
> diff --git a/libsepol/cil/docs/cil_xen_statements.xml b/secilc/docs/cil_xen_statements.xml
> similarity index 100%
> rename from libsepol/cil/docs/cil_xen_statements.xml
> rename to secilc/docs/cil_xen_statements.xml
> diff --git a/libsepol/cil/docs/secilc.8.xml b/secilc/secilc.8.xml
> similarity index 100%
> rename from libsepol/cil/docs/secilc.8.xml
> rename to secilc/secilc.8.xml
> diff --git a/libsepol/cil/secilc.c b/secilc/secilc.c
> similarity index 90%
> rename from libsepol/cil/secilc.c
> rename to secilc/secilc.c
> index f4e32b3..923151c 100644
> --- a/libsepol/cil/secilc.c
> +++ b/secilc/secilc.c
> @@ -34,7 +34,7 @@
> #include <getopt.h>
> #include <sys/stat.h>
>
> -#include <cil/cil.h>
> +#include <sepol/cil/cil.h>
> #include <sepol/policydb.h>
>
> void usage(char *prog)
> @@ -210,13 +210,13 @@ int main(int argc, char *argv[])
> for (i = optind; i < argc; i++) {
> file = fopen(argv[i], "r");
> if (!file) {
> - cil_log(CIL_ERR, "Could not open file: %s\n", argv[i]);
> + fprintf(stderr, "Could not open file: %s\n", argv[i]);
> rc = SEPOL_ERR;
> goto exit;
> }
> rc = stat(argv[i], &filedata);
> if (rc == -1) {
> - cil_log(CIL_ERR, "Could not stat file: %s\n", argv[i]);
> + fprintf(stderr, "Could not stat file: %s\n", argv[i]);
> goto exit;
> }
> file_size = filedata.st_size;
> @@ -224,7 +224,7 @@ int main(int argc, char *argv[])
> buffer = malloc(file_size);
> rc = fread(buffer, file_size, 1, file);
> if (rc != 1) {
> - cil_log(CIL_ERR, "Failure reading file: %s\n", argv[i]);
> + fprintf(stderr, "Failure reading file: %s\n", argv[i]);
> goto exit;
> }
> fclose(file);
> @@ -232,7 +232,7 @@ int main(int argc, char *argv[])
>
> rc = cil_add_file(db, argv[i], buffer, file_size);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failure adding %s\n", argv[i]);
> + fprintf(stderr, "Failure adding %s\n", argv[i]);
> goto exit;
> }
>
> @@ -242,13 +242,13 @@ int main(int argc, char *argv[])
>
> rc = cil_compile(db);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failed to compile cildb: %d\n", rc);
> + fprintf(stderr, "Failed to compile cildb: %d\n", rc);
> goto exit;
> }
>
> rc = cil_build_policydb(db, &pdb);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failed to build policydb\n");
> + fprintf(stderr, "Failed to build policydb\n");
> goto exit;
> }
>
> @@ -256,29 +256,27 @@ int main(int argc, char *argv[])
> int size = snprintf(NULL, 0, "policy.%d", policyvers);
> output = malloc((size + 1) * sizeof(char));
> if (output == NULL) {
> - cil_log(CIL_ERR, "Failed to create output filename\n");
> + fprintf(stderr, "Failed to create output filename\n");
> rc = SEPOL_ERR;
> goto exit;
> }
> if (snprintf(output, size + 1, "policy.%d", policyvers) != size) {
> - cil_log(CIL_ERR, "Failed to create output filename\n");
> + fprintf(stderr, "Failed to create output filename\n");
> rc = SEPOL_ERR;
> goto exit;
> }
> }
>
> - cil_log(CIL_INFO, "Writing binary to %s\n", output);
> -
> binary = fopen(output, "w");
> if (binary == NULL) {
> - cil_log(CIL_ERR, "Failure opening binary file for writing\n");
> + fprintf(stderr, "Failure opening binary file for writing\n");
> rc = SEPOL_ERR;
> goto exit;
> }
>
> rc = sepol_policy_file_create(&pf);
> if (rc != 0) {
> - cil_log(CIL_ERR, "Failed to create policy file: %d\n", rc);
> + fprintf(stderr, "Failed to create policy file: %d\n", rc);
> goto exit;
> }
>
> @@ -286,18 +284,16 @@ int main(int argc, char *argv[])
>
> rc = sepol_policydb_write(pdb, pf);
> if (rc != 0) {
> - cil_log(CIL_ERR, "Failed to write binary policy: %d\n", rc);
> + fprintf(stderr, "Failed to write binary policy: %d\n", rc);
> goto exit;
> }
>
> fclose(binary);
> binary = NULL;
>
> - cil_log(CIL_INFO, "Writing file contexts\n");
> -
> rc = cil_filecons_to_string(db, &fc_buf, &fc_size);
> if (rc != SEPOL_OK) {
> - cil_log(CIL_ERR, "Failed to get file context data\n");
> + fprintf(stderr, "Failed to get file context data\n");
> goto exit;
> }
>
> @@ -308,12 +304,12 @@ int main(int argc, char *argv[])
> }
>
> if (file_contexts == NULL) {
> - cil_log(CIL_ERR, "Failed to open file_contexts file\n");
> + fprintf(stderr, "Failed to open file_contexts file\n");
> goto exit;
> }
>
> if (fwrite(fc_buf, sizeof(char), fc_size, file_contexts) != fc_size) {
> - cil_log(CIL_ERR, "Failed to write file_contexts file\n");
> + fprintf(stderr, "Failed to write file_contexts file\n");
> goto exit;
> }
>
> @@ -323,8 +319,6 @@ int main(int argc, char *argv[])
> rc = SEPOL_OK;
>
> exit:
> - cil_log(CIL_INFO,"Exiting\n");
> -
> if (binary != NULL) {
> fclose(binary);
> }
> diff --git a/libsepol/cil/test/block_test.cil b/secilc/test/block_test.cil
> similarity index 100%
> rename from libsepol/cil/test/block_test.cil
> rename to secilc/test/block_test.cil
> diff --git a/libsepol/cil/test/in_test.cil b/secilc/test/in_test.cil
> similarity index 100%
> rename from libsepol/cil/test/in_test.cil
> rename to secilc/test/in_test.cil
> diff --git a/libsepol/cil/test/integration.cil b/secilc/test/integration.cil
> similarity index 100%
> rename from libsepol/cil/test/integration.cil
> rename to secilc/test/integration.cil
> diff --git a/libsepol/cil/test/minimum.cil b/secilc/test/minimum.cil
> similarity index 100%
> rename from libsepol/cil/test/minimum.cil
> rename to secilc/test/minimum.cil
> diff --git a/libsepol/cil/test/name_resolution_test.cil b/secilc/test/name_resolution_test.cil
> similarity index 100%
> rename from libsepol/cil/test/name_resolution_test.cil
> rename to secilc/test/name_resolution_test.cil
> diff --git a/libsepol/cil/test/optional_test.cil b/secilc/test/optional_test.cil
> similarity index 100%
> rename from libsepol/cil/test/optional_test.cil
> rename to secilc/test/optional_test.cil
> diff --git a/libsepol/cil/test/policy.cil b/secilc/test/policy.cil
> similarity index 100%
> rename from libsepol/cil/test/policy.cil
> rename to secilc/test/policy.cil
>
^ permalink raw reply [flat|nested] 6+ messages in thread* RE: [PATCH] libsepol: Move secilc out of libsepol
2015-03-30 15:02 ` Stephen Smalley
@ 2015-03-31 14:05 ` Yuli Khodorkovskiy
0 siblings, 0 replies; 6+ messages in thread
From: Yuli Khodorkovskiy @ 2015-03-31 14:05 UTC (permalink / raw)
To: Stephen Smalley, selinux
I forgot to set LIBDIR in the original patch. I'll send version two momentarily.
>-----Original Message-----
>From: Stephen Smalley [mailto:sds@tycho.nsa.gov]
>Sent: Monday, March 30, 2015 11:03 AM
>To: Yuli Khodorkovskiy; selinux@tycho.nsa.gov
>Subject: Re: [PATCH] libsepol: Move secilc out of libsepol
>
>On 03/26/2015 03:30 PM, Yuli Khodorkovskiy wrote:
>> Since the secilc compiler is independent of libsepol, move secilc out
>> of libsepol. Linke secilc dynamically rather than statically with libsepol.
>>
>> - Move secilc source, test policies, docs, and secilc manpage to secilc
>> directory.
>> - Remove unneeded Makefile from libsepol/cil. To build secilc, run make
>> in the secilc directory.
>> - Add target to install the secilc binary to /usr/bin/.
>> - Create an Android makefile for secilc and move secilc out of libsepol
>> Android makefile.
>> - Add cil_set_mls to libsepol public API as it is needed by secilc.
>> - Remove policy.conf from testing since it is no longer used.
>>
>> Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
>
>No longer builds with make DESTDIR=~/obj install:
>cc -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-
>align -Wstrict-prototypes -Wpointer-arith -Wunused -
>I/home/sds/obj/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -o
>secilc secilc.o -lsepol
>secilc.o: In function `main':
>secilc.c:(.text+0x564): undefined reference to `cil_set_log_level'
>secilc.c:(.text+0x573): undefined reference to `cil_db_init'
>secilc.c:(.text+0x587): undefined reference to `cil_set_disable_dontaudit'
>secilc.c:(.text+0x59b): undefined reference to `cil_set_disable_neverallow'
>secilc.c:(.text+0x5af): undefined reference to `cil_set_preserve_tunables'
>secilc.c:(.text+0x5c9): undefined reference to `cil_set_handle_unknown'
>secilc.c:(.text+0x5eb): undefined reference to `cil_set_mls'
>secilc.c:(.text+0x5ff): undefined reference to `cil_set_target_platform'
>secilc.c:(.text+0x613): undefined reference to `cil_set_policy_version'
>secilc.c:(.text+0x7b8): undefined reference to `cil_add_file'
>secilc.c:(.text+0x82f): undefined reference to `cil_compile'
>secilc.c:(.text+0x86f): undefined reference to `cil_build_policydb'
>secilc.c:(.text+0xa5f): undefined reference to `cil_filecons_to_string'
>secilc.c:(.text+0xba2): undefined reference to `cil_db_destroy'
>collect2: error: ld returned 1 exit status
>make[1]: *** [secilc] Error 1
>make[1]: Leaving directory `/home/sds/selinux/secilc'
>
>> ---
>> Makefile | 2 +-
>> libsepol/Android.mk | 15 ---
>> libsepol/cil/Makefile | 102 ---------------
>> libsepol/cil/test/policy.conf | 143 ---------------------
>> libsepol/src/libsepol.map.in | 1 +
>> secilc/.gitignore | 6 +
>> secilc/Android.mk | 31 +++++
>> {libsepol/cil => secilc}/COPYING | 0
>> secilc/Makefile | 47 +++++++
>> {libsepol/cil => secilc}/README | 26 ++--
>> .../cil => secilc}/docs/CIL_Reference_Guide.xml | 0
>> {libsepol/cil => secilc}/docs/Makefile | 17 +--
>> .../docs/cil_access_vector_rules.xml | 0
>> .../docs/cil_call_macro_statements.xml | 0
>> .../docs/cil_class_and_permission_statements.xml | 0
>> .../docs/cil_conditional_statements.xml | 0
>> .../docs/cil_constraint_statements.xml | 0
>> .../docs/cil_container_statements.xml | 0
>> .../cil => secilc}/docs/cil_context_statement.xml | 0
>> .../docs/cil_default_object_statements.xml | 0
>> {libsepol/cil => secilc}/docs/cil_design.dia | Bin
>> {libsepol/cil => secilc}/docs/cil_design.jpeg | Bin
>> .../docs/cil_file_labeling_statements.xml | 0
>> .../docs/cil_mls_labeling_statements.xml | 0
>> .../docs/cil_network_labeling_statements.xml | 0
>> .../docs/cil_policy_config_statements.xml | 0
>> .../cil => secilc}/docs/cil_role_statements.xml | 0
>> .../cil => secilc}/docs/cil_sid_statements.xml | 0
>> .../cil => secilc}/docs/cil_type_statements.xml | 0
>> .../cil => secilc}/docs/cil_user_statements.xml | 0
>> .../cil => secilc}/docs/cil_xen_statements.xml | 0
>> {libsepol/cil/docs => secilc}/secilc.8.xml | 0
>> {libsepol/cil => secilc}/secilc.c | 36 +++---
>> {libsepol/cil => secilc}/test/block_test.cil | 0
>> {libsepol/cil => secilc}/test/in_test.cil | 0
>> {libsepol/cil => secilc}/test/integration.cil | 0
>> {libsepol/cil => secilc}/test/minimum.cil | 0
>> .../cil => secilc}/test/name_resolution_test.cil | 0
>> {libsepol/cil => secilc}/test/optional_test.cil | 0
>> {libsepol/cil => secilc}/test/policy.cil | 0
>> 40 files changed, 116 insertions(+), 310 deletions(-) delete mode
>> 100644 libsepol/cil/Makefile delete mode 100644
>> libsepol/cil/test/policy.conf create mode 100644 secilc/.gitignore
>> create mode 100644 secilc/Android.mk rename {libsepol/cil =>
>> secilc}/COPYING (100%) create mode 100644 secilc/Makefile rename
>> {libsepol/cil => secilc}/README (73%) rename {libsepol/cil =>
>> secilc}/docs/CIL_Reference_Guide.xml (100%) rename {libsepol/cil =>
>> secilc}/docs/Makefile (81%) rename {libsepol/cil =>
>> secilc}/docs/cil_access_vector_rules.xml (100%) rename {libsepol/cil
>> => secilc}/docs/cil_call_macro_statements.xml (100%) rename
>> {libsepol/cil => secilc}/docs/cil_class_and_permission_statements.xml
>> (100%) rename {libsepol/cil =>
>> secilc}/docs/cil_conditional_statements.xml (100%) rename
>> {libsepol/cil => secilc}/docs/cil_constraint_statements.xml (100%)
>> rename {libsepol/cil => secilc}/docs/cil_container_statements.xml
>> (100%) rename {libsepol/cil => secilc}/docs/cil_context_statement.xml
>> (100%) rename {libsepol/cil =>
>> secilc}/docs/cil_default_object_statements.xml (100%) rename
>> {libsepol/cil => secilc}/docs/cil_design.dia (100%) rename
>> {libsepol/cil => secilc}/docs/cil_design.jpeg (100%) rename
>> {libsepol/cil => secilc}/docs/cil_file_labeling_statements.xml (100%)
>> rename {libsepol/cil => secilc}/docs/cil_mls_labeling_statements.xml
>> (100%) rename {libsepol/cil =>
>> secilc}/docs/cil_network_labeling_statements.xml (100%) rename
>> {libsepol/cil => secilc}/docs/cil_policy_config_statements.xml (100%)
>> rename {libsepol/cil => secilc}/docs/cil_role_statements.xml (100%)
>> rename {libsepol/cil => secilc}/docs/cil_sid_statements.xml (100%)
>> rename {libsepol/cil => secilc}/docs/cil_type_statements.xml (100%)
>> rename {libsepol/cil => secilc}/docs/cil_user_statements.xml (100%)
>> rename {libsepol/cil => secilc}/docs/cil_xen_statements.xml (100%)
>> rename {libsepol/cil/docs => secilc}/secilc.8.xml (100%) rename
>> {libsepol/cil => secilc}/secilc.c (90%) rename {libsepol/cil =>
>> secilc}/test/block_test.cil (100%) rename {libsepol/cil =>
>> secilc}/test/in_test.cil (100%) rename {libsepol/cil =>
>> secilc}/test/integration.cil (100%) rename {libsepol/cil =>
>> secilc}/test/minimum.cil (100%) rename {libsepol/cil =>
>> secilc}/test/name_resolution_test.cil (100%) rename {libsepol/cil =>
>> secilc}/test/optional_test.cil (100%) rename {libsepol/cil =>
>> secilc}/test/policy.cil (100%)
>>
>> diff --git a/Makefile b/Makefile
>> index f71faab..93e10de 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -1,4 +1,4 @@
>> -SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy
>> policycoreutils # policy
>> +SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy secilc
>> +policycoreutils # policy
>> PYSUBDIRS=libselinux libsemanage
>> DISTCLEANSUBIDRS=libselinux libsemanage
>>
>> diff --git a/libsepol/Android.mk b/libsepol/Android.mk index
>> ab4bcd1..3e4700b 100644
>> --- a/libsepol/Android.mk
>> +++ b/libsepol/Android.mk
>> @@ -135,18 +135,3 @@ LOCAL_SRC_FILES := $(common_src_files)
>> LOCAL_MODULE_CLASS := STATIC_LIBRARIES
>>
>> include $(BUILD_STATIC_LIBRARY)
>> -
>> -##
>> -# secilc
>> -#
>> -include $(CLEAR_VARS)
>> -
>> -LOCAL_MODULE := secilc
>> -LOCAL_MODULE_TAGS := optional
>> -LOCAL_C_INCLUDES := $(common_includes) -LOCAL_CFLAGS :=
>> $(common_cflags) -LOCAL_SRC_FILES := cil/secilc.c
>> -LOCAL_STATIC_LIBRARIES := libsepol -LOCAL_MODULE_CLASS :=
>EXECUTABLES
>> -
>> -include $(BUILD_HOST_EXECUTABLE)
>> diff --git a/libsepol/cil/Makefile b/libsepol/cil/Makefile deleted
>> file mode 100644 index 9f52ee4..0000000
>> --- a/libsepol/cil/Makefile
>> +++ /dev/null
>> @@ -1,102 +0,0 @@
>> -PREFIX ?= $(DESTDIR)/usr
>> -LIBDIR ?= $(PREFIX)/lib
>> -SHLIBDIR ?= $(DESTDIR)/lib
>> -INCLUDEDIR ?= $(PREFIX)/include
>> -SRCDIR ?= ./src
>> -TESTDIR ?= ./test
>> -UNITDIR ?= $(TESTDIR)/unit
>> -LIBCILDIR ?= $(SRCDIR)
>> -
>> -LEX = flex
>> -
>> -DEBUG = 0
>> -
>> -SECILC = secilc
>> -
>> -UNIT = unit_tests
>> -
>> -SECILC_SRCS := secilc.c
>> -SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
>> -
>> -TEST_SRCS := $(wildcard $(UNITDIR)/*.c) -TEST_OBJS := $(patsubst
>> %.c,%.o,$(TEST_SRCS))
>> -
>> -LIBCIL_GENERATED := $(LIBCILDIR)/cil_lexer.c -LIBCIL_SRCS :=
>> $(wildcard $(LIBCILDIR)/*.c) $(LIBCIL_GENERATED) -LIBCIL_OBJS :=
>> $(patsubst %.c,%.o,$(LIBCIL_SRCS)) -LIBCIL_INCLUDES := $(wildcard
>> $(LIBCILDIR)/*.h)
>> -
>> -LIBCIL_STATIC := $(SRCDIR)/libcil.a
>> -
>> -LIBSEPOL_STATIC = /usr/lib/libsepol.a
>> -
>> -LIBS =
>> -LDFLAGS =
>> -COVCFLAGS = -fprofile-arcs -ftest-coverage -O0
>> -
>> -CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-
>attribute
>> -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
>> -
>> -ifeq ($(DEBUG),1)
>> - override CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -DDEBUG
>> - override LDFLAGS += -g
>> -else
>> - override CFLAGS += -O2
>> -endif
>> -
>> -override CFLAGS += -I./include -I$(INCLUDEDIR) -D_GNU_SOURCE
>> -D_FILE_OFFSET_BITS=64
>> -
>> -ARCH := $(patsubst i%86,i386,$(shell uname -m)) -ifneq (,$(filter
>> i386,$(ARCH)))
>> - TLSFLAGS += -mno-tls-direct-seg-refs
>> -endif
>> -ifneq (,$(filter x86_64,$(ARCH)))
>> - override LDFLAGS += -I/usr/lib64
>> - override LIBSEPOL_STATIC = /usr/lib64/libsepol.a
>> -endif
>> -
>> -all: $(SECILC)
>> -
>> -%.o: %.c $(LIBCIL_INCLUDES)
>> - $(CC) $(CFLAGS) -c -o $@ $<
>> -
>> -$(LIBCIL_STATIC): $(LIBCIL_OBJS)
>> - $(AR) rcs $@ $^
>> - ranlib $@
>> -
>> -$(LIBCIL_GENERATED): $(LIBCILDIR)/cil_lexer.l
>> - $(LEX) -t $< > $@
>> -
>> -$(UNIT): $(TEST_OBJS) $(LIBCIL_STATIC)
>> - $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC)
>$(LDFLAGS)
>> -
>> -$(SECILC): $(SECILC_OBJS) $(LIBCIL_STATIC)
>> - $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC)
>$(LDFLAGS)
>> -
>> -unit: $(SECILC) $(UNIT)
>> -
>> -# Requires lcov 1.9+ (--ignore-errors)
>> -coverage: CFLAGS += $(COVCFLAGS)
>> -coverage: clean unit
>> - ./unit_tests
>> - test -d cov || mkdir cov
>> - lcov --directory src --capture --output-file cov/app.info --ignore-
>errors source -b src
>> - lcov --remove cov/app.info '/usr/include/*' --remove cov/app.info
>'sepol/*' --output-file cov/app.info
>> - genhtml -o ./cov/html ./cov/app.info
>> -
>> -test: $(SECILC)
>> - ./$(SECILC) test/policy.cil
>> -
>> -clean:
>> - rm -f $(SECILC)
>> - rm -f $(LIBCIL_STATIC)
>> - rm -f $(TEST_OBJS) $(SECILC_OBJS)
>> - rm -rf cov src/*.gcda src/*.gcno *.gcda *.gcno
>> - rm -f $(LIBCIL_OBJS)
>> -
>> -bare: clean
>> - rm -f $(LIBCIL_GENERATED)
>> - rm -f $(UNIT)
>> - rm -f policy.*
>> - rm -f file_contexts
>> -
>> -.PHONY: all bare clean coverage test unit diff --git
>> a/libsepol/cil/test/policy.conf b/libsepol/cil/test/policy.conf
>> deleted file mode 100644 index 938af91..0000000
>> --- a/libsepol/cil/test/policy.conf
>> +++ /dev/null
>> @@ -1,143 +0,0 @@
>> -class file
>> -class process
>> -class char
>> -
>> -sid kernel
>> -sid security
>> -sid unlabeled
>> -
>> -common file {ioctl read write create getattr setattr lock relabelfrom
>> relabelto append unlink link rename execute swapon quotaon mounton
>}
>> -
>> -class file inherits file { execute_no_trans entrypoint execmod open
>> audit_access } -class char inherits file { foo transition } -class
>> process { open }
>> -
>> -sensitivity s0 alias sens0;
>> -sensitivity s1;
>> -
>> -dominance { s0 s1 }
>> -
>> -category c0 alias cat0;
>> -category c1;
>> -category c2;
>> -
>> -level s0:c0.c2;
>> -level s1:c0.c2;
>> -
>> -mlsconstrain file { open } (not (((l1 eq l2) and (u1 eq u2)) or (r1
>> eq r2))); -mlsconstrain file { open } (((l1 eq l2) and (u1 eq u2)) or
>> (r1 != r2)); -mlsconstrain file { open } (l1 dom h2); -mlsconstrain
>> file { open } (h1 domby l2); -mlsconstrain file { open } (l1 incomp
>> l2);
>> -
>> -mlsvalidatetrans file (h1 domby l2);
>> -
>> -attribute foo_type;
>> -attribute bar_type;
>> -attribute baz_type;
>> -attribute exec_type;
>> -
>> -type bin_t, bar_type, exec_type;
>> -type kernel_t, foo_type, exec_type, baz_type; -type security_t,
>> baz_type; -type unlabeled_t, baz_type;
>> -
>> -type exec_t, baz_type;
>> -type console_t, baz_type;
>> -type auditadm_t, baz_type;
>> -type console_device_t, baz_type;
>> -type user_tty_device_t, baz_type;
>> -type device_t, baz_type;
>> -type getty_t, baz_type;
>> -type a_t, baz_type;
>> -type b_t, baz_type;
>> -
>> -typealias bin_t alias sbin_t;
>> -
>> -bool secure_mode false;
>> -bool console_login true;
>> -bool b1 false;
>> -
>> -role system_r;
>> -role user_r;
>> -role system_r types bin_t;
>> -role system_r types kernel_t;
>> -role system_r types security_t;
>> -role system_r types unlabeled_t;
>> -
>> -policycap open_perms;
>> -permissive device_t;
>> -
>> -range_transition device_t console_t : file s0:c0 - s1:c0.c1;
>> -
>> -type_transition device_t console_t : file console_device_t;
>> -type_member device_t bin_t : file exec_t;
>> -
>> -if console_login{
>> - type_change auditadm_t console_device_t : file user_tty_device_t;
>> -}
>> -
>> -role_transition system_r bin_t user_r;
>> -
>> -auditallow device_t auditadm_t: file { open }; -dontaudit device_t
>> auditadm_t: file { read };
>> -
>> -allow system_r user_r;
>> -
>> -allow console_t console_device_t: char { write setattr }; -allow
>> console_t console_device_t: file { open read getattr }; -allow
>> foo_type self: file { execute }; -allow bin_t device_t: file { execute
>> }; -allow bin_t exec_t: file { execute }; -allow bin_t bin_t: file {
>> execute }; -allow a_t b_t : file { write }; -allow console_t
>> console_device_t: file { read write getattr setattr lock append };
>> -allow kernel_t kernel_t : file { execute };
>> -
>> -if b1 {
>> - allow a_t b_t : file { read };
>> -}
>> -
>> -if secure_mode{
>> - auditallow device_t exec_t: file { read write };
>> -}
>> -
>> -if console_login{
>> - allow getty_t console_device_t: file { getattr open read write
>append };
>> -}
>> -else {
>> - dontaudit getty_t console_device_t: file { getattr open read write
>append };
>> -}
>> -
>> -if (not ((secure_mode eq console_login) xor ((secure_mode or
>console_login) and secure_mode))){
>> - allow bin_t exec_t: file { execute };
>> -}
>> -
>> -user system_u roles system_r level s0:c0 range s0:c0 - s1:c0,c1;
>> -user user_u roles user_r level s0:c0 range s0:c0 - s0:c0;
>> -
>> -validatetrans file (t1 == exec_t);
>> -
>> -constrain char transition (not (((t1 eq exec_t) and (t2 eq bin_t)) or
>> (r1 eq r2))); -constrain file { open } (r1 dom r2);
>> -constrain file { open } (r1 domby r2);
>> -constrain file { open } (r1 incomp r2);
>> -constrain file { open read getattr } (not (((t1 eq exec_t) and (t2 eq
>> bin_t)) or (r1 eq r2))); -constrain char { write setattr } (not (((t1
>> eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
>> -
>> -
>> -sid kernel system_u:system_r:kernel_t:s0:c0 - s1:c0,c1 -sid security
>> system_u:system_r:security_t:s0:c0 - s1:c0,c1 -sid unlabeled
>> system_u:system_r:unlabeled_t:s0:c0 - s1:c0,c1
>> -
>> -fs_use_xattr ext3 system_u:system_r:bin_t:s0:c0 - s1:c0,c1;
>> -
>> -genfscon proc /usr/bin system_u:system_r:bin_t:s0:c0 - s1:c0,c1
>> -
>> -portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 -portcon udp
>> 25 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
>> -
>> -netifcon eth0 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
>> system_u:system_r:bin_t:s0:c0 - s1:c0,c1
>> -
>> -nodecon 192.25.35.200 192.168.1.1 system_u:system_r:bin_t:s0:c0 -
>> s1:c0,c1 -nodecon 2001:db8:ac10:fe01:: 2001:de0:da88:2222::
>> system_u:system_r:bin_t:s0:c0 - s1:c0,c1 diff --git
>> a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in index
>> 1285314..0ae0f1a 100644
>> --- a/libsepol/src/libsepol.map.in
>> +++ b/libsepol/src/libsepol.map.in
>> @@ -44,5 +44,6 @@ LIBSEPOL_1.1 {
>> cil_filecons_to_string;
>> cil_set_target_platform;
>> cil_set_policy_version;
>> + cil_set_mls;
>> local: *;
>> } LIBSEPOL_1.0;
>> diff --git a/secilc/.gitignore b/secilc/.gitignore new file mode
>> 100644 index 0000000..98c367a
>> --- /dev/null
>> +++ b/secilc/.gitignore
>> @@ -0,0 +1,6 @@
>> +secilc
>> +secilc.8
>> +policy.*
>> +file_contexts
>> +docs/html
>> +docs/pdf
>> diff --git a/secilc/Android.mk b/secilc/Android.mk new file mode
>> 100644 index 0000000..b80955c
>> --- /dev/null
>> +++ b/secilc/Android.mk
>> @@ -0,0 +1,31 @@
>> +LOCAL_PATH:= $(call my-dir)
>> +
>> +common_src_files := secilc.c
>> +
>> +common_cflags := \
>> + -Wall -Wshadow -O2 \
>> + -pipe -fno-strict-aliasing \
>> + -Wno-return-type
>> +
>> +ifeq ($(HOST_OS), darwin)
>> +common_cflags += -DDARWIN
>> +endif
>> +
>> +common_includes := \
>> + $(LOCAL_PATH)/../libsepol/cil/include/ \
>> + $(LOCAL_PATH)/../libsepol/include/ \
>> +
>> +##
>> +# secilc
>> +#
>> +include $(CLEAR_VARS)
>> +
>> +LOCAL_MODULE := secilc
>> +LOCAL_MODULE_TAGS := optional
>> +LOCAL_C_INCLUDES := $(common_includes) LOCAL_CFLAGS :=
>> +$(common_cflags) LOCAL_SRC_FILES := ./secilc.c
>LOCAL_SHARED_LIRARIES
>> +:= libsepol LOCAL_MODULE_CLASS := EXECUTABLES
>> +
>> +include $(BUILD_HOST_EXECUTABLE)
>> diff --git a/libsepol/cil/COPYING b/secilc/COPYING similarity index
>> 100% rename from libsepol/cil/COPYING rename to secilc/COPYING diff
>> --git a/secilc/Makefile b/secilc/Makefile new file mode 100644 index
>> 0000000..d6767fa
>> --- /dev/null
>> +++ b/secilc/Makefile
>> @@ -0,0 +1,47 @@
>> +PREFIX ?= $(DESTDIR)/usr
>> +BINDIR ?= $(PREFIX)/bin
>> +MANDIR ?= $(PREFIX)/share/man
>> +INCLUDEDIR ?= $(PREFIX)/include
>> +TESTDIR ?= ./test
>> +
>> +LDFLAGS = -lsepol
>> +SECILC = secilc
>> +SECILC_SRCS := secilc.c
>> +SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS))
>> +
>> +# The secilc man page:
>> +MANPAGE = secilc.8
>> +XMLTO = $(shell which xmlto 2> /dev/null | grep / | head -n1)
>> +
>> +CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-
>attribute
>> +-Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
>> +
>> +override CFLAGS += -I$(INCLUDEDIR) -D_GNU_SOURCE
>> +-D_FILE_OFFSET_BITS=64
>> +
>> +$(SECILC): $(SECILC_OBJS)
>> + $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
>> +
>> +all: $(SECILC) man
>> +
>> +test: $(SECILC)
>> + ./$(SECILC) test/policy.cil
>> +
>> +man: $(MANPAGE).xml
>> + $(XMLTO) man $(MANPAGE).xml
>> +
>> +install: all man
>> + -mkdir -p $(BINDIR)
>> + -mkdir -p $(MANDIR)/man8
>> + install -m 755 $(SECILC) $(BINDIR)
>> + install -m 644 $(MANPAGE) $(MANDIR)/man8
>> +
>> +doc:
>> + $(MAKE) -C docs
>> +
>> +clean:
>> + rm -f $(SECILC)
>> + rm -f $(SECILC_OBJS)
>> + rm -f policy.*
>> + rm -f file_contexts
>> + rm -f $(MANPAGE)
>> +
>> +.PHONY: all clean test install doc
>> diff --git a/libsepol/cil/README b/secilc/README similarity index 73%
>> rename from libsepol/cil/README rename to secilc/README index
>> e25f849..14b8cc8 100644
>> --- a/libsepol/cil/README
>> +++ b/secilc/README
>> @@ -11,34 +11,30 @@ INTRODUCTION
>> DEPENDENCIES
>>
>> gcc >= 4.5.1
>> - libsepol-static >= 2.1.4
>> - lcov >= 1.9
>> - flex >= 2.5.35
>> + libsepol >= 2.4
>>
>>
>> BUILD STEPS
>>
>> - Open a terminal client and execute the following command to
>download the source code:
>> -
>> - git clone https://github.com/SELinuxProject/cil.git
>> -
>> - Change directory into the "cil" directory.
>> Run "make" with one of the following targets:
>>
>> make
>> - Build the CIL compiler (secilc)
>> + Build the CIL compiler (secilc).
>>
>> - make unit
>> - Build the unit_test application to run unit tests
>> + make test
>> + Pass a sample policy to test with the compiler.
>>
>> - make coverage
>> - Build the unit test binary and create coverage reports
>> + make install
>> + Install the secilc compiler and man page to disk.
>>
>> make clean
>> - Remove temporary build files
>> + Remove temporary build files.
>> +
>> + make man
>> + Build the secilc man page.
>>
>> make bare
>> - Remove temporary build files and compile binaries
>> + Remove temporary build files and compile binaries.
>>
>>
>> USAGE
>> diff --git a/libsepol/cil/docs/CIL_Reference_Guide.xml
>> b/secilc/docs/CIL_Reference_Guide.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/CIL_Reference_Guide.xml
>> rename to secilc/docs/CIL_Reference_Guide.xml
>> diff --git a/libsepol/cil/docs/Makefile b/secilc/docs/Makefile
>> similarity index 81% rename from libsepol/cil/docs/Makefile rename to
>> secilc/docs/Makefile index cf18e36..1655f59 100644
>> --- a/libsepol/cil/docs/Makefile
>> +++ b/secilc/docs/Makefile
>> @@ -1,6 +1,5 @@
>> HTMLDIR ?= ./html
>> PDFDIR ?= ./pdf
>> -MAN8DIR ?= ./man8
>>
>> # The CIL Reference Guide first part
>> CIL_REF_GUIDE = CIL_Reference_Guide.xml @@ -9,10 +8,6 @@ FILE_LIST
>?=
>> $(CIL_REF_GUIDE) $(wildcard cil*.xml) # xmlto generates a *.proc file
>> that can be removed.
>> PROC_FILE = CIL_Reference_Guide.proc
>>
>> -# The secilc man page:
>> -MANPAGE = secilc.8.xml
>> -
>> -
>> # look for xmlto and dblatex packages XMLTO = $(shell which xmlto 2>
>> /dev/null | grep / | head -n1) DBLATEX = $(shell which dblatex 2>
>> /dev/null | grep / | head -n1) @@ -22,7 +17,7 @@ ifeq ($(XMLTO),)
>> $(error xmlto package not found - install package.) endif
>>
>> -all: html pdf man
>> +all: html pdf
>>
>> html: $(FILE_LIST)
>> $(XMLTO) html $(CIL_REF_GUIDE)
>> @@ -41,10 +36,6 @@ endif
>> @for m in *.pdf; do if [ -f $$m ]; then mv $$m $(PDFDIR); fi; done
>> @rm -f $(PROC_FILE)
>>
>> -
>> -man: $(MANPAGE)
>> - $(XMLTO) man $(MANPAGE)
>> - @mkdir -p $(MAN8DIR)
>> - @for m in *.8; do if [ -f $$m ]; then mv $$m $(MAN8DIR); fi; done
>> - @rm -f $(MANPAGE).proc
>> -
>> +clean:
>> + @rm -rf html/
>> + @rm -rf pdf/
>> diff --git a/libsepol/cil/docs/cil_access_vector_rules.xml
>> b/secilc/docs/cil_access_vector_rules.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_access_vector_rules.xml
>> rename to secilc/docs/cil_access_vector_rules.xml
>> diff --git a/libsepol/cil/docs/cil_call_macro_statements.xml
>> b/secilc/docs/cil_call_macro_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_call_macro_statements.xml
>> rename to secilc/docs/cil_call_macro_statements.xml
>> diff --git a/libsepol/cil/docs/cil_class_and_permission_statements.xml
>> b/secilc/docs/cil_class_and_permission_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_class_and_permission_statements.xml
>> rename to secilc/docs/cil_class_and_permission_statements.xml
>> diff --git a/libsepol/cil/docs/cil_conditional_statements.xml
>> b/secilc/docs/cil_conditional_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_conditional_statements.xml
>> rename to secilc/docs/cil_conditional_statements.xml
>> diff --git a/libsepol/cil/docs/cil_constraint_statements.xml
>> b/secilc/docs/cil_constraint_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_constraint_statements.xml
>> rename to secilc/docs/cil_constraint_statements.xml
>> diff --git a/libsepol/cil/docs/cil_container_statements.xml
>> b/secilc/docs/cil_container_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_container_statements.xml
>> rename to secilc/docs/cil_container_statements.xml
>> diff --git a/libsepol/cil/docs/cil_context_statement.xml
>> b/secilc/docs/cil_context_statement.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_context_statement.xml
>> rename to secilc/docs/cil_context_statement.xml
>> diff --git a/libsepol/cil/docs/cil_default_object_statements.xml
>> b/secilc/docs/cil_default_object_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_default_object_statements.xml
>> rename to secilc/docs/cil_default_object_statements.xml
>> diff --git a/libsepol/cil/docs/cil_design.dia
>> b/secilc/docs/cil_design.dia similarity index 100% rename from
>> libsepol/cil/docs/cil_design.dia rename to secilc/docs/cil_design.dia
>> diff --git a/libsepol/cil/docs/cil_design.jpeg
>> b/secilc/docs/cil_design.jpeg similarity index 100% rename from
>> libsepol/cil/docs/cil_design.jpeg rename to
>> secilc/docs/cil_design.jpeg diff --git
>> a/libsepol/cil/docs/cil_file_labeling_statements.xml
>> b/secilc/docs/cil_file_labeling_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_file_labeling_statements.xml
>> rename to secilc/docs/cil_file_labeling_statements.xml
>> diff --git a/libsepol/cil/docs/cil_mls_labeling_statements.xml
>> b/secilc/docs/cil_mls_labeling_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_mls_labeling_statements.xml
>> rename to secilc/docs/cil_mls_labeling_statements.xml
>> diff --git a/libsepol/cil/docs/cil_network_labeling_statements.xml
>> b/secilc/docs/cil_network_labeling_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_network_labeling_statements.xml
>> rename to secilc/docs/cil_network_labeling_statements.xml
>> diff --git a/libsepol/cil/docs/cil_policy_config_statements.xml
>> b/secilc/docs/cil_policy_config_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_policy_config_statements.xml
>> rename to secilc/docs/cil_policy_config_statements.xml
>> diff --git a/libsepol/cil/docs/cil_role_statements.xml
>> b/secilc/docs/cil_role_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_role_statements.xml
>> rename to secilc/docs/cil_role_statements.xml
>> diff --git a/libsepol/cil/docs/cil_sid_statements.xml
>> b/secilc/docs/cil_sid_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_sid_statements.xml
>> rename to secilc/docs/cil_sid_statements.xml
>> diff --git a/libsepol/cil/docs/cil_type_statements.xml
>> b/secilc/docs/cil_type_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_type_statements.xml
>> rename to secilc/docs/cil_type_statements.xml
>> diff --git a/libsepol/cil/docs/cil_user_statements.xml
>> b/secilc/docs/cil_user_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_user_statements.xml
>> rename to secilc/docs/cil_user_statements.xml
>> diff --git a/libsepol/cil/docs/cil_xen_statements.xml
>> b/secilc/docs/cil_xen_statements.xml
>> similarity index 100%
>> rename from libsepol/cil/docs/cil_xen_statements.xml
>> rename to secilc/docs/cil_xen_statements.xml
>> diff --git a/libsepol/cil/docs/secilc.8.xml b/secilc/secilc.8.xml
>> similarity index 100% rename from libsepol/cil/docs/secilc.8.xml
>> rename to secilc/secilc.8.xml diff --git a/libsepol/cil/secilc.c
>> b/secilc/secilc.c similarity index 90% rename from
>> libsepol/cil/secilc.c rename to secilc/secilc.c index f4e32b3..923151c
>> 100644
>> --- a/libsepol/cil/secilc.c
>> +++ b/secilc/secilc.c
>> @@ -34,7 +34,7 @@
>> #include <getopt.h>
>> #include <sys/stat.h>
>>
>> -#include <cil/cil.h>
>> +#include <sepol/cil/cil.h>
>> #include <sepol/policydb.h>
>>
>> void usage(char *prog)
>> @@ -210,13 +210,13 @@ int main(int argc, char *argv[])
>> for (i = optind; i < argc; i++) {
>> file = fopen(argv[i], "r");
>> if (!file) {
>> - cil_log(CIL_ERR, "Could not open file: %s\n",
>argv[i]);
>> + fprintf(stderr, "Could not open file: %s\n", argv[i]);
>> rc = SEPOL_ERR;
>> goto exit;
>> }
>> rc = stat(argv[i], &filedata);
>> if (rc == -1) {
>> - cil_log(CIL_ERR, "Could not stat file: %s\n", argv[i]);
>> + fprintf(stderr, "Could not stat file: %s\n", argv[i]);
>> goto exit;
>> }
>> file_size = filedata.st_size;
>> @@ -224,7 +224,7 @@ int main(int argc, char *argv[])
>> buffer = malloc(file_size);
>> rc = fread(buffer, file_size, 1, file);
>> if (rc != 1) {
>> - cil_log(CIL_ERR, "Failure reading file: %s\n",
>argv[i]);
>> + fprintf(stderr, "Failure reading file: %s\n", argv[i]);
>> goto exit;
>> }
>> fclose(file);
>> @@ -232,7 +232,7 @@ int main(int argc, char *argv[])
>>
>> rc = cil_add_file(db, argv[i], buffer, file_size);
>> if (rc != SEPOL_OK) {
>> - cil_log(CIL_ERR, "Failure adding %s\n", argv[i]);
>> + fprintf(stderr, "Failure adding %s\n", argv[i]);
>> goto exit;
>> }
>>
>> @@ -242,13 +242,13 @@ int main(int argc, char *argv[])
>>
>> rc = cil_compile(db);
>> if (rc != SEPOL_OK) {
>> - cil_log(CIL_ERR, "Failed to compile cildb: %d\n", rc);
>> + fprintf(stderr, "Failed to compile cildb: %d\n", rc);
>> goto exit;
>> }
>>
>> rc = cil_build_policydb(db, &pdb);
>> if (rc != SEPOL_OK) {
>> - cil_log(CIL_ERR, "Failed to build policydb\n");
>> + fprintf(stderr, "Failed to build policydb\n");
>> goto exit;
>> }
>>
>> @@ -256,29 +256,27 @@ int main(int argc, char *argv[])
>> int size = snprintf(NULL, 0, "policy.%d", policyvers);
>> output = malloc((size + 1) * sizeof(char));
>> if (output == NULL) {
>> - cil_log(CIL_ERR, "Failed to create output
>filename\n");
>> + fprintf(stderr, "Failed to create output
>filename\n");
>> rc = SEPOL_ERR;
>> goto exit;
>> }
>> if (snprintf(output, size + 1, "policy.%d", policyvers) != size)
>{
>> - cil_log(CIL_ERR, "Failed to create output
>filename\n");
>> + fprintf(stderr, "Failed to create output
>filename\n");
>> rc = SEPOL_ERR;
>> goto exit;
>> }
>> }
>>
>> - cil_log(CIL_INFO, "Writing binary to %s\n", output);
>> -
>> binary = fopen(output, "w");
>> if (binary == NULL) {
>> - cil_log(CIL_ERR, "Failure opening binary file for writing\n");
>> + fprintf(stderr, "Failure opening binary file for writing\n");
>> rc = SEPOL_ERR;
>> goto exit;
>> }
>>
>> rc = sepol_policy_file_create(&pf);
>> if (rc != 0) {
>> - cil_log(CIL_ERR, "Failed to create policy file: %d\n", rc);
>> + fprintf(stderr, "Failed to create policy file: %d\n", rc);
>> goto exit;
>> }
>>
>> @@ -286,18 +284,16 @@ int main(int argc, char *argv[])
>>
>> rc = sepol_policydb_write(pdb, pf);
>> if (rc != 0) {
>> - cil_log(CIL_ERR, "Failed to write binary policy: %d\n", rc);
>> + fprintf(stderr, "Failed to write binary policy: %d\n", rc);
>> goto exit;
>> }
>>
>> fclose(binary);
>> binary = NULL;
>>
>> - cil_log(CIL_INFO, "Writing file contexts\n");
>> -
>> rc = cil_filecons_to_string(db, &fc_buf, &fc_size);
>> if (rc != SEPOL_OK) {
>> - cil_log(CIL_ERR, "Failed to get file context data\n");
>> + fprintf(stderr, "Failed to get file context data\n");
>> goto exit;
>> }
>>
>> @@ -308,12 +304,12 @@ int main(int argc, char *argv[])
>> }
>>
>> if (file_contexts == NULL) {
>> - cil_log(CIL_ERR, "Failed to open file_contexts file\n");
>> + fprintf(stderr, "Failed to open file_contexts file\n");
>> goto exit;
>> }
>>
>> if (fwrite(fc_buf, sizeof(char), fc_size, file_contexts) != fc_size) {
>> - cil_log(CIL_ERR, "Failed to write file_contexts file\n");
>> + fprintf(stderr, "Failed to write file_contexts file\n");
>> goto exit;
>> }
>>
>> @@ -323,8 +319,6 @@ int main(int argc, char *argv[])
>> rc = SEPOL_OK;
>>
>> exit:
>> - cil_log(CIL_INFO,"Exiting\n");
>> -
>> if (binary != NULL) {
>> fclose(binary);
>> }
>> diff --git a/libsepol/cil/test/block_test.cil
>> b/secilc/test/block_test.cil similarity index 100% rename from
>> libsepol/cil/test/block_test.cil rename to secilc/test/block_test.cil
>> diff --git a/libsepol/cil/test/in_test.cil b/secilc/test/in_test.cil
>> similarity index 100% rename from libsepol/cil/test/in_test.cil rename
>> to secilc/test/in_test.cil diff --git
>> a/libsepol/cil/test/integration.cil b/secilc/test/integration.cil
>> similarity index 100% rename from libsepol/cil/test/integration.cil
>> rename to secilc/test/integration.cil diff --git
>> a/libsepol/cil/test/minimum.cil b/secilc/test/minimum.cil similarity
>> index 100% rename from libsepol/cil/test/minimum.cil rename to
>> secilc/test/minimum.cil diff --git
>> a/libsepol/cil/test/name_resolution_test.cil
>> b/secilc/test/name_resolution_test.cil
>> similarity index 100%
>> rename from libsepol/cil/test/name_resolution_test.cil
>> rename to secilc/test/name_resolution_test.cil
>> diff --git a/libsepol/cil/test/optional_test.cil
>> b/secilc/test/optional_test.cil similarity index 100% rename from
>> libsepol/cil/test/optional_test.cil
>> rename to secilc/test/optional_test.cil diff --git
>> a/libsepol/cil/test/policy.cil b/secilc/test/policy.cil similarity
>> index 100% rename from libsepol/cil/test/policy.cil rename to
>> secilc/test/policy.cil
>>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-03-31 14:05 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-26 19:30 [PATCH] libsepol: Move secilc out of libsepol Yuli Khodorkovskiy
2015-03-26 20:24 ` Stephen Smalley
2015-03-26 23:40 ` Nick Kralevich
2015-03-27 12:23 ` Stephen Smalley
2015-03-30 15:02 ` Stephen Smalley
2015-03-31 14:05 ` Yuli Khodorkovskiy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.