| Message ID | 20191019102656.22972-3-yamato@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2,1/3] checkpolicy: remove a redundant if-condition | expand |
On 10/19/19 6:26 AM, Masatake YAMATO wrote: > If - is given as filename for -o option, checkpolicy > writes the policy to standard output. This helps users > to read policy.conf and/or CIL policy file with pager > like less command: > > $ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less > > The users don't have to make a temporary file. > /dev/stdout can be used instead. However, - reduces the number of > typing for the purpose. Using - for standard output (and/or standard > input) is popular convention. > > Change(s) in v2: > * Check the availability of output stream only when opening > a regualar file. Suggested by Stephen Smalley <sds@tycho.nsa.gov>. > > Signed-off-by: Masatake YAMATO <yamato@redhat.com> Thanks, applied. > --- > checkpolicy/checkpolicy.8 | 5 +++-- > checkpolicy/checkpolicy.c | 22 +++++++++++++++------- > 2 files changed, 18 insertions(+), 9 deletions(-) > > diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 > index db57751c..bdfd6acd 100644 > --- a/checkpolicy/checkpolicy.8 > +++ b/checkpolicy/checkpolicy.8 > @@ -3,7 +3,7 @@ > checkpolicy \- SELinux policy compiler > .SH SYNOPSIS > .B checkpolicy > -.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" > +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" > .br > .SH "DESCRIPTION" > This manual page describes the > @@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest. > .TP > .B \-o,\-\-output filename > Write a policy file (binary, policy.conf, or CIL policy) > -to the specified filename. > +to the specified filename. If - is given as filename, > +write it to standard output. > .TP > .B \-S,\-\-sort > Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. > diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c > index e18de171..7c5b63f8 100644 > --- a/checkpolicy/checkpolicy.c > +++ b/checkpolicy/checkpolicy.c > @@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) > { > printf > ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] " > - "[-c policyvers (%d-%d)] [-o output_file] [-S] " > + "[-c policyvers (%d-%d)] [-o output_file|-] [-S] " > "[-t target_platform (selinux,xen)] [-V] [input_file]\n", > progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); > exit(1); > @@ -390,7 +390,8 @@ int main(int argc, char **argv) > struct sepol_av_decision avd; > class_datum_t *cladatum; > const char *file = txtfile; > - char ans[80 + 1], *outfile = NULL, *path, *fstype; > + char ans[80 + 1], *path, *fstype; > + const char *outfile = NULL; > size_t scontext_len, pathlen; > unsigned int i; > unsigned int protocol, port; > @@ -638,10 +639,15 @@ int main(int argc, char **argv) > } > > if (outfile) { > - outfp = fopen(outfile, "w"); > - if (!outfp) { > - perror(outfile); > - exit(1); > + if (!strcmp(outfile, "-")) { > + outfp = stdout; > + outfile = "<STDOUT>"; > + } else { > + outfp = fopen(outfile, "w"); > + if (!outfp) { > + perror(outfile); > + exit(1); > + } > } > > policydb.policyvers = policyvers; > @@ -682,7 +688,9 @@ int main(int argc, char **argv) > } > } > > - fclose(outfp); > + if (outfp != stdout) { > + fclose(outfp); > + } > } else if (cil) { > fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); > exit(1); >
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 index db57751c..bdfd6acd 100644 --- a/checkpolicy/checkpolicy.8 +++ b/checkpolicy/checkpolicy.8 @@ -3,7 +3,7 @@ checkpolicy \- SELinux policy compiler .SH SYNOPSIS .B checkpolicy -.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" .br .SH "DESCRIPTION" This manual page describes the @@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest. .TP .B \-o,\-\-output filename Write a policy file (binary, policy.conf, or CIL policy) -to the specified filename. +to the specified filename. If - is given as filename, +write it to standard output. .TP .B \-S,\-\-sort Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index e18de171..7c5b63f8 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) { printf ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] " - "[-c policyvers (%d-%d)] [-o output_file] [-S] " + "[-c policyvers (%d-%d)] [-o output_file|-] [-S] " "[-t target_platform (selinux,xen)] [-V] [input_file]\n", progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); exit(1); @@ -390,7 +390,8 @@ int main(int argc, char **argv) struct sepol_av_decision avd; class_datum_t *cladatum; const char *file = txtfile; - char ans[80 + 1], *outfile = NULL, *path, *fstype; + char ans[80 + 1], *path, *fstype; + const char *outfile = NULL; size_t scontext_len, pathlen; unsigned int i; unsigned int protocol, port; @@ -638,10 +639,15 @@ int main(int argc, char **argv) } if (outfile) { - outfp = fopen(outfile, "w"); - if (!outfp) { - perror(outfile); - exit(1); + if (!strcmp(outfile, "-")) { + outfp = stdout; + outfile = "<STDOUT>"; + } else { + outfp = fopen(outfile, "w"); + if (!outfp) { + perror(outfile); + exit(1); + } } policydb.policyvers = policyvers; @@ -682,7 +688,9 @@ int main(int argc, char **argv) } } - fclose(outfp); + if (outfp != stdout) { + fclose(outfp); + } } else if (cil) { fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); exit(1);
If - is given as filename for -o option, checkpolicy writes the policy to standard output. This helps users to read policy.conf and/or CIL policy file with pager like less command: $ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less The users don't have to make a temporary file. /dev/stdout can be used instead. However, - reduces the number of typing for the purpose. Using - for standard output (and/or standard input) is popular convention. Change(s) in v2: * Check the availability of output stream only when opening a regualar file. Suggested by Stephen Smalley <sds@tycho.nsa.gov>. Signed-off-by: Masatake YAMATO <yamato@redhat.com> --- checkpolicy/checkpolicy.8 | 5 +++-- checkpolicy/checkpolicy.c | 22 +++++++++++++++------- 2 files changed, 18 insertions(+), 9 deletions(-)