* [PATCH 1/4] dismod: add --help option
@ 2023-05-31 1:32 Masatake YAMATO
2023-05-31 1:32 ` [PATCH 2/4] dismod: delete an unnecessary empty line Masatake YAMATO
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Masatake YAMATO @ 2023-05-31 1:32 UTC (permalink / raw)
To: selinux; +Cc: yamato
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/test/dismod.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
index 929ee308..eb090a36 100644
--- a/checkpolicy/test/dismod.c
+++ b/checkpolicy/test/dismod.c
@@ -66,7 +66,11 @@ static const char *symbol_labels[9] = {
static __attribute__((__noreturn__)) void usage(const char *progname)
{
- printf("usage: %s binary_pol_file\n\n", progname);
+ puts("Usage:");
+ printf(" %s [OPTIONS] binary_pol_file\n\n", progname);
+ puts("Options:");
+ puts(" -h, --help print this help message");
+ puts("\n");
exit(1);
}
@@ -872,7 +876,7 @@ int main(int argc, char **argv)
FILE *out_fp = stdout;
char ans[81], OutfileName[121];
- if (argc != 2)
+ if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
usage(argv[0]);
/* read the binary policy */
--
2.40.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/4] dismod: delete an unnecessary empty line
2023-05-31 1:32 [PATCH 1/4] dismod: add --help option Masatake YAMATO
@ 2023-05-31 1:32 ` Masatake YAMATO
2023-05-31 1:32 ` [PATCH 3/4] dismod: handle EOF in user interaction Masatake YAMATO
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Masatake YAMATO @ 2023-05-31 1:32 UTC (permalink / raw)
To: selinux; +Cc: yamato
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/test/dismod.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
index eb090a36..f1b879b0 100644
--- a/checkpolicy/test/dismod.c
+++ b/checkpolicy/test/dismod.c
@@ -1,4 +1,3 @@
-
/* Authors: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
*
* Copyright (C) 2003,2004,2005 Tresys Technology, LLC
--
2.40.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/4] dismod: handle EOF in user interaction
2023-05-31 1:32 [PATCH 1/4] dismod: add --help option Masatake YAMATO
2023-05-31 1:32 ` [PATCH 2/4] dismod: delete an unnecessary empty line Masatake YAMATO
@ 2023-05-31 1:32 ` Masatake YAMATO
2023-05-31 1:32 ` [PATCH 4/4] dismod: add --actions option for non-interactive use Masatake YAMATO
2023-06-07 13:22 ` [PATCH 1/4] dismod: add --help option James Carter
3 siblings, 0 replies; 7+ messages in thread
From: Masatake YAMATO @ 2023-05-31 1:32 UTC (permalink / raw)
To: selinux; +Cc: yamato
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/test/dismod.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
index f1b879b0..3b81b1ce 100644
--- a/checkpolicy/test/dismod.c
+++ b/checkpolicy/test/dismod.c
@@ -921,6 +921,8 @@ int main(int argc, char **argv)
for (;;) {
printf("\nCommand (\'m\' for menu): ");
if (fgets(ans, sizeof(ans), stdin) == NULL) {
+ if (feof(stdin))
+ break;
fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
strerror(errno));
continue;
--
2.40.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 4/4] dismod: add --actions option for non-interactive use
2023-05-31 1:32 [PATCH 1/4] dismod: add --help option Masatake YAMATO
2023-05-31 1:32 ` [PATCH 2/4] dismod: delete an unnecessary empty line Masatake YAMATO
2023-05-31 1:32 ` [PATCH 3/4] dismod: handle EOF in user interaction Masatake YAMATO
@ 2023-05-31 1:32 ` Masatake YAMATO
2023-06-07 13:22 ` [PATCH 1/4] dismod: add --help option James Carter
3 siblings, 0 replies; 7+ messages in thread
From: Masatake YAMATO @ 2023-05-31 1:32 UTC (permalink / raw)
To: selinux; +Cc: yamato
Example session:
$ ./dismod --help
Usage:
./dismod [OPTIONS] binary_pol_file
Options:
-h, --help print this help message
-a, --actions ACTIONS run non-interactively
Actions:
1 display unconditional AVTAB
2 display conditional AVTAB
3 display users
4 display bools
5 display roles
6 display types, attributes, and aliases
7 display role transitions
8 display role allows
9 Display policycon
0 Display initial SIDs
a Display avrule requirements
b Display avrule declarations
c Display policy capabilities
u Display the unknown handling setting
F Display filename_trans rules
$ ./dismod --actions 16 input.mod
Reading policy...
libsepol.policydb_index_others: security: 0 users, 1 roles, 2 types, 0 bools
libsepol.policydb_index_others: security: 0 sens, 0 cats
libsepol.policydb_index_others: security: 1 classes, 0 rules, 0 cond rules
libsepol.policydb_index_others: security: 0 users, 1 roles, 2 types, 0 bools
libsepol.policydb_index_others: security: 0 sens, 0 cats
libsepol.policydb_index_others: security: 1 classes, 0 rules, 0 cond rules
Binary policy module file loaded.
Module name: input
Module version: 1.0.0
Policy version: 21
unconditional avtab:
--- begin avrule block ---
decl 1:
allow [httpd_t] [http_port_t] : [tcp_socket] { name_bind };
[http_port_t] [2]: type flags:0
[httpd_t] [1]: type flags:0
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/test/dismod.c | 115 +++++++++++++++++++++++++++-----------
1 file changed, 83 insertions(+), 32 deletions(-)
diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
index 3b81b1ce..515fc9a5 100644
--- a/checkpolicy/test/dismod.c
+++ b/checkpolicy/test/dismod.c
@@ -63,13 +63,57 @@ static const char *symbol_labels[9] = {
"levels ", "cats ", "attribs"
};
+static struct command {
+ enum {
+ EOL = 0,
+ HEADER = 1,
+ CMD = 1 << 1,
+ NOOPT = 1 << 2,
+ } meta;
+ char cmd;
+ const char *desc;
+} commands[] = {
+ {HEADER, 0, "\nSelect a command:"},
+ {CMD, '1', "display unconditional AVTAB" },
+ {CMD, '2', "display conditional AVTAB" },
+ {CMD, '3', "display users" },
+ {CMD, '4', "display bools" },
+ {CMD, '5', "display roles" },
+ {CMD, '6', "display types, attributes, and aliases" },
+ {CMD, '7', "display role transitions" },
+ {CMD, '8', "display role allows" },
+ {CMD, '9', "Display policycon" },
+ {CMD, '0', "Display initial SIDs" },
+ {HEADER, 0, ""},
+ {CMD, 'a', "Display avrule requirements"},
+ {CMD, 'b', "Display avrule declarations"},
+ {CMD, 'c', "Display policy capabilities"},
+ {CMD|NOOPT, 'l', "Link in a module"},
+ {CMD, 'u', "Display the unknown handling setting"},
+ {CMD, 'F', "Display filename_trans rules"},
+ {HEADER, 0, ""},
+ {CMD|NOOPT, 'f', "set output file"},
+ {CMD|NOOPT, 'm', "display menu"},
+ {CMD|NOOPT, 'q', "quit"},
+ {EOL, 0, "" },
+};
+
static __attribute__((__noreturn__)) void usage(const char *progname)
{
puts("Usage:");
printf(" %s [OPTIONS] binary_pol_file\n\n", progname);
puts("Options:");
- puts(" -h, --help print this help message");
- puts("\n");
+ puts(" -h, --help print this help message");
+ puts(" -a, --actions ACTIONS run non-interactively");
+ puts("");
+ puts("Actions:");
+ for (unsigned int i = 0; commands[i].meta != EOL; i++) {
+ if (commands[i].meta == HEADER
+ || commands[i].meta & NOOPT)
+ continue;
+ printf(" %c %s\n", commands[i].cmd, commands[i].desc);
+ }
+ puts("");
exit(1);
}
@@ -845,46 +889,46 @@ static void display_policycaps(policydb_t * p, FILE * fp)
static int menu(void)
{
- printf("\nSelect a command:\n");
- printf("1) display unconditional AVTAB\n");
- printf("2) display conditional AVTAB\n");
- printf("3) display users\n");
- printf("4) display bools\n");
- printf("5) display roles\n");
- printf("6) display types, attributes, and aliases\n");
- printf("7) display role transitions\n");
- printf("8) display role allows\n");
- printf("9) Display policycon\n");
- printf("0) Display initial SIDs\n");
- printf("\n");
- printf("a) Display avrule requirements\n");
- printf("b) Display avrule declarations\n");
- printf("c) Display policy capabilities\n");
- printf("l) Link in a module\n");
- printf("u) Display the unknown handling setting\n");
- printf("F) Display filename_trans rules\n");
- printf("\n");
- printf("f) set output file\n");
- printf("m) display menu\n");
- printf("q) quit\n");
+ unsigned int i;
+ for (i = 0; commands[i].meta != EOL; i++) {
+ if (commands[i].meta == HEADER)
+ printf("%s\n", commands[i].desc);
+ else if (commands[i].meta & CMD)
+ printf("%c) %s\n", commands[i].cmd, commands[i].desc);
+ }
return 0;
}
int main(int argc, char **argv)
{
+ char *ops = NULL;
+ char *mod;
FILE *out_fp = stdout;
char ans[81], OutfileName[121];
if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
usage(argv[0]);
+ mod = argv[1];
+ if (strcmp (mod, "--actions") == 0 || strcmp (mod, "-a") == 0) {
+ if (argc != 4) {
+ fprintf(stderr, "%s: unexpected number of arguments\n", argv[0]);
+ usage(argv[0]);
+ }
+ ops = argv[2];
+ mod = argv[3];
+ } else if (mod[0] == '-') {
+ fprintf(stderr, "%s: unknown option: %s\n", argv[0], mod);
+ usage(argv[0]);
+ }
+
/* read the binary policy */
fprintf(out_fp, "Reading policy...\n");
if (policydb_init(&policydb)) {
fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__);
exit(1);
}
- if (read_policy(argv[1], &policydb)) {
+ if (read_policy(mod, &policydb)) {
fprintf(stderr,
"%s: error(s) encountered while loading policy\n",
argv[0]);
@@ -917,15 +961,22 @@ int main(int argc, char **argv)
}
printf("Policy version: %d\n\n", policydb.policyvers);
- menu();
+ if (!ops)
+ menu();
for (;;) {
- printf("\nCommand (\'m\' for menu): ");
- if (fgets(ans, sizeof(ans), stdin) == NULL) {
- if (feof(stdin))
- break;
- fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
+ if (ops) {
+ puts("");
+ ans[0] = *ops? *ops++: 'q';
+ ans[1] = '\0';
+ } else {
+ printf("\nCommand (\'m\' for menu): ");
+ if (fgets(ans, sizeof(ans), stdin) == NULL) {
+ if (feof(stdin))
+ break;
+ fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
strerror(errno));
- continue;
+ continue;
+ }
}
switch (ans[0]) {
--
2.40.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/4] dismod: add --help option
2023-05-31 1:32 [PATCH 1/4] dismod: add --help option Masatake YAMATO
` (2 preceding siblings ...)
2023-05-31 1:32 ` [PATCH 4/4] dismod: add --actions option for non-interactive use Masatake YAMATO
@ 2023-06-07 13:22 ` James Carter
2023-06-08 1:45 ` Masatake YAMATO
2023-06-08 19:50 ` James Carter
3 siblings, 2 replies; 7+ messages in thread
From: James Carter @ 2023-06-07 13:22 UTC (permalink / raw)
To: Masatake YAMATO; +Cc: selinux
On Tue, May 30, 2023 at 9:36 PM Masatake YAMATO <yamato@redhat.com> wrote:
>
> Signed-off-by: Masatake YAMATO <yamato@redhat.com>
It might make sense to add the actions option to dispol as well, but I
am not sure how much dismod and dispol are actually used.
For these four patches:
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> checkpolicy/test/dismod.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
> index 929ee308..eb090a36 100644
> --- a/checkpolicy/test/dismod.c
> +++ b/checkpolicy/test/dismod.c
> @@ -66,7 +66,11 @@ static const char *symbol_labels[9] = {
>
> static __attribute__((__noreturn__)) void usage(const char *progname)
> {
> - printf("usage: %s binary_pol_file\n\n", progname);
> + puts("Usage:");
> + printf(" %s [OPTIONS] binary_pol_file\n\n", progname);
> + puts("Options:");
> + puts(" -h, --help print this help message");
> + puts("\n");
> exit(1);
> }
>
> @@ -872,7 +876,7 @@ int main(int argc, char **argv)
> FILE *out_fp = stdout;
> char ans[81], OutfileName[121];
>
> - if (argc != 2)
> + if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
> usage(argv[0]);
>
> /* read the binary policy */
> --
> 2.40.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/4] dismod: add --help option
2023-06-07 13:22 ` [PATCH 1/4] dismod: add --help option James Carter
@ 2023-06-08 1:45 ` Masatake YAMATO
2023-06-08 19:50 ` James Carter
1 sibling, 0 replies; 7+ messages in thread
From: Masatake YAMATO @ 2023-06-08 1:45 UTC (permalink / raw)
To: jwcart2; +Cc: selinux
> On Tue, May 30, 2023 at 9:36 PM Masatake YAMATO <yamato@redhat.com> wrote:
>>
>> Signed-off-by: Masatake YAMATO <yamato@redhat.com>
>
> It might make sense to add the actions option to dispol as well, but I
> am not sure how much dismod and dispol are actually used.
See https://serverfault.com/questions/321301/how-do-i-view-the-contents-of-a-selinux-policy-package
The page is viewed 40K tiems.
There are alwasy some people interested in the backyard of technoogy.
Masatake YAMATO
>
> For these four patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>
>> ---
>> checkpolicy/test/dismod.c | 8 ++++++--
>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
>> index 929ee308..eb090a36 100644
>> --- a/checkpolicy/test/dismod.c
>> +++ b/checkpolicy/test/dismod.c
>> @@ -66,7 +66,11 @@ static const char *symbol_labels[9] = {
>>
>> static __attribute__((__noreturn__)) void usage(const char *progname)
>> {
>> - printf("usage: %s binary_pol_file\n\n", progname);
>> + puts("Usage:");
>> + printf(" %s [OPTIONS] binary_pol_file\n\n", progname);
>> + puts("Options:");
>> + puts(" -h, --help print this help message");
>> + puts("\n");
>> exit(1);
>> }
>>
>> @@ -872,7 +876,7 @@ int main(int argc, char **argv)
>> FILE *out_fp = stdout;
>> char ans[81], OutfileName[121];
>>
>> - if (argc != 2)
>> + if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
>> usage(argv[0]);
>>
>> /* read the binary policy */
>> --
>> 2.40.1
>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/4] dismod: add --help option
2023-06-07 13:22 ` [PATCH 1/4] dismod: add --help option James Carter
2023-06-08 1:45 ` Masatake YAMATO
@ 2023-06-08 19:50 ` James Carter
1 sibling, 0 replies; 7+ messages in thread
From: James Carter @ 2023-06-08 19:50 UTC (permalink / raw)
To: Masatake YAMATO; +Cc: selinux
On Wed, Jun 7, 2023 at 9:22 AM James Carter <jwcart2@gmail.com> wrote:
>
> On Tue, May 30, 2023 at 9:36 PM Masatake YAMATO <yamato@redhat.com> wrote:
> >
> > Signed-off-by: Masatake YAMATO <yamato@redhat.com>
>
> It might make sense to add the actions option to dispol as well, but I
> am not sure how much dismod and dispol are actually used.
>
> For these four patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>
These four patches have been merged.
Thanks,
Jim
> > ---
> > checkpolicy/test/dismod.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
> > index 929ee308..eb090a36 100644
> > --- a/checkpolicy/test/dismod.c
> > +++ b/checkpolicy/test/dismod.c
> > @@ -66,7 +66,11 @@ static const char *symbol_labels[9] = {
> >
> > static __attribute__((__noreturn__)) void usage(const char *progname)
> > {
> > - printf("usage: %s binary_pol_file\n\n", progname);
> > + puts("Usage:");
> > + printf(" %s [OPTIONS] binary_pol_file\n\n", progname);
> > + puts("Options:");
> > + puts(" -h, --help print this help message");
> > + puts("\n");
> > exit(1);
> > }
> >
> > @@ -872,7 +876,7 @@ int main(int argc, char **argv)
> > FILE *out_fp = stdout;
> > char ans[81], OutfileName[121];
> >
> > - if (argc != 2)
> > + if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
> > usage(argv[0]);
> >
> > /* read the binary policy */
> > --
> > 2.40.1
> >
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-06-08 19:51 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-31 1:32 [PATCH 1/4] dismod: add --help option Masatake YAMATO
2023-05-31 1:32 ` [PATCH 2/4] dismod: delete an unnecessary empty line Masatake YAMATO
2023-05-31 1:32 ` [PATCH 3/4] dismod: handle EOF in user interaction Masatake YAMATO
2023-05-31 1:32 ` [PATCH 4/4] dismod: add --actions option for non-interactive use Masatake YAMATO
2023-06-07 13:22 ` [PATCH 1/4] dismod: add --help option James Carter
2023-06-08 1:45 ` Masatake YAMATO
2023-06-08 19:50 ` James Carter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).