selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Masatake YAMATO <yamato@redhat.com>
To: selinux@vger.kernel.org
Cc: yamato@redhat.com
Subject: [PATCH 4/5] dispol: introduce -b option to run commands in batch
Date: Tue,  8 Oct 2019 15:44:59 +0900	[thread overview]
Message-ID: <20191008064500.8651-6-yamato@redhat.com> (raw)
In-Reply-To: <20191008064500.8651-1-yamato@redhat.com>

dispol command requires interaction. It not suitable for using
in a script. This change introduces -b that is for running
dispol in non-interactively.

An example:

    $ ./dispol -b 1 /sys/fs/selinux/policy
    allow deltacloudd_log_t tmp_t : filesystem { associate };
    allow kern_unconfined sysctl_type : lnk_file { ioctl read ...
    ...

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
 checkpolicy/test/dispol.c | 49 ++++++++++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 11 deletions(-)

diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
index 26bbba7a..0eaa830a 100644
--- a/checkpolicy/test/dispol.c
+++ b/checkpolicy/test/dispol.c
@@ -39,7 +39,7 @@ static policydb_t policydb;
 static __attribute__((__noreturn__)) void usage(const char *progname,
 						int status)
 {
-	printf("usage:  %s [-h] binary_pol_file\n\n", progname);
+	printf("usage:  %s [-h] [-b cmds] binary_pol_file\n\n", progname);
 	exit(status);
 }
 
@@ -395,14 +395,21 @@ int main(int argc, char **argv)
 	int state;
 	struct policy_file pf;
 	char *pf_name;
+	char *cmds = NULL;
 
 	if (argc <= 1)
 		usage(argv[0], 1);
 	else if (strcmp(argv[1], "-h") == 0)
 		usage(argv[0], 0);
-	else if (argc != 2)
+	else if (strcmp(argv[1], "-b") == 0) {
+		if (argc != 4)
+			usage(argv[0], 1);
+		cmds = argv[2];
+		pf_name = argv[3];
+	} else if (argc == 2)
+		pf_name = argv[1];
+	else
 		usage(argv[0], 1);
-	pf_name = argv[1];
 
 	fd = open(pf_name, O_RDONLY);
 	if (fd < 0) {
@@ -424,7 +431,8 @@ int main(int argc, char **argv)
 	}
 
 	/* read the binary policy */
-	fprintf(out_fp, "Reading policy...\n");
+	if (!cmds)
+		fprintf(out_fp, "Reading policy...\n");
 	policy_file_init(&pf);
 	pf.type = PF_USE_MEMORY;
 	pf.data = map;
@@ -433,7 +441,7 @@ int main(int argc, char **argv)
 		fprintf(stderr, "%s:  Out of memory!\n", argv[0]);
 		exit(1);
 	}
-	ret = policydb_read(&policydb, &pf, 1);
+	ret = policydb_read(&policydb, &pf, cmds == NULL);
 	if (ret) {
 		fprintf(stderr,
 			"%s:  error(s) encountered while parsing configuration\n",
@@ -441,16 +449,30 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
-	fprintf(stdout, "binary policy file loaded\n\n");
+	if (!cmds)
+		fprintf(stdout, "binary policy file loaded\n\n");
 	close(fd);
 
-	menu();
+	if (!cmds)
+		menu();
 	for (;;) {
-		printf("\nCommand (\'m\' for menu):  ");
-		if (fgets(ans, sizeof(ans), stdin) == NULL) {
-			fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
+		if (cmds) {
+			ans[0] = *cmds++;
+			if (ans[0] == '\0')
+				ans[0] = 'q';
+			else if (strchr("7fm", ans[0])) {
+				fprintf(stderr,
+					"Unacceptable command in batch mode: %c\n",
+					ans[0]);
+				exit(1);
+			}
+		} else {
+			printf("\nCommand (\'m\' for menu):  ");
+			if (fgets(ans, sizeof(ans), stdin) == NULL) {
+				fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
 					strerror(errno));
-			continue;
+				continue;
+			}
 		}
 		switch (ans[0]) {
 
@@ -551,6 +573,11 @@ int main(int argc, char **argv)
 			menu();
 			break;
 		default:
+			if (cmds) {
+				fprintf(stderr,
+					"Invalid command: %c\n", ans[0]);
+				exit(1);
+			}
 			printf("\nInvalid choice\n");
 			menu();
 			break;
-- 
2.21.0


  parent reply	other threads:[~2019-10-08  6:54 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-08  6:44 [PATCH 0/5] dispol: add batch execution mode Masatake YAMATO
2019-10-08  6:44 ` [PATCH 1/5] dispol: extend usage() to take error code as an argument Masatake YAMATO
2019-10-08  6:44 ` [PATCH 1/5] dispol: extend usage() to take exit status Masatake YAMATO
2019-10-08 14:03   ` Stephen Smalley
2019-10-08  6:44 ` [PATCH 2/5] dispol: add an option for printing the command usage Masatake YAMATO
2019-10-09 14:41   ` [Non-DoD Source] " Stephen Smalley
2019-10-08  6:44 ` [PATCH 3/5] dispol: introduce a local variable representing the input file Masatake YAMATO
2019-10-08  6:44 ` Masatake YAMATO [this message]
2019-10-08  6:45 ` [PATCH 5/5] dispol: add the list of commands for batch mode to help message Masatake YAMATO
2019-10-08 12:48 ` [PATCH 0/5] dispol: add batch execution mode Stephen Smalley
2019-10-08 14:31   ` Stephen Smalley
2019-10-17  7:12     ` Masatake YAMATO

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191008064500.8651-6-yamato@redhat.com \
    --to=yamato@redhat.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).