| Message ID | 1458929095-25819-4-git-send-email-jwcart2@tycho.nsa.gov (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
On 03/25/2016 02:04 PM, James Carter wrote: > Since the usual convention is for the module name to be same as the > base filename of the module, provide a warning message if they are > different. Also warn if the output filename is different than the > module name. > > Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> > --- > checkpolicy/checkmodule.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c > index 5957d29..5d1e219 100644 > --- a/checkpolicy/checkmodule.c > +++ b/checkpolicy/checkmodule.c > @@ -258,6 +258,19 @@ int main(int argc, char **argv) > } > } > > + if (policy_type != POLICY_BASE) { > + sepol_policydb_t *module = (sepol_policydb_t *)&modpolicydb; > + if (sepol_module_check_name_matches_filename(module, file)) { > + fprintf(stderr, "Module name %s does not match input file %s\n", > + sepol_module_get_name(module), file); > + } > + if (outfile) { > + if (sepol_module_check_name_matches_filename(module, outfile)) { > + fprintf(stderr, "Module name %s does not match output file %s\n", sepol_module_get_name(module), outfile); > + } > + } > + } Probably want a "Warning:" prefix here as well, and possibly some hint as to which name is preferred or will be used by the system. Do we actually care about the input file name? > + > if (modpolicydb.policy_type == POLICY_BASE && !cil) { > /* Verify that we can successfully expand the base module. */ > policydb_t kernpolicydb; >
On 03/25/2016 02:48 PM, Stephen Smalley wrote: > On 03/25/2016 02:04 PM, James Carter wrote: >> Since the usual convention is for the module name to be same as the >> base filename of the module, provide a warning message if they are >> different. Also warn if the output filename is different than the >> module name. >> >> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> >> --- >> checkpolicy/checkmodule.c | 13 +++++++++++++ >> 1 file changed, 13 insertions(+) >> >> diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c >> index 5957d29..5d1e219 100644 >> --- a/checkpolicy/checkmodule.c >> +++ b/checkpolicy/checkmodule.c >> @@ -258,6 +258,19 @@ int main(int argc, char **argv) >> } >> } >> >> + if (policy_type != POLICY_BASE) { >> + sepol_policydb_t *module = (sepol_policydb_t *)&modpolicydb; >> + if (sepol_module_check_name_matches_filename(module, file)) { >> + fprintf(stderr, "Module name %s does not match input file %s\n", >> + sepol_module_get_name(module), file); >> + } >> + if (outfile) { >> + if (sepol_module_check_name_matches_filename(module, outfile)) { >> + fprintf(stderr, "Module name %s does not match output file %s\n", sepol_module_get_name(module), outfile); >> + } >> + } >> + } > > Probably want a "Warning:" prefix here as well, and possibly some hint > as to which name is preferred or will be used by the system. > > Do we actually care about the input file name? > I went back and forth with that myself. I don't think so, but I left in in case others cared. Jim >> + >> if (modpolicydb.policy_type == POLICY_BASE && !cil) { >> /* Verify that we can successfully expand the base module. */ >> policydb_t kernpolicydb; >>
diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c index 5957d29..5d1e219 100644 --- a/checkpolicy/checkmodule.c +++ b/checkpolicy/checkmodule.c @@ -258,6 +258,19 @@ int main(int argc, char **argv) } } + if (policy_type != POLICY_BASE) { + sepol_policydb_t *module = (sepol_policydb_t *)&modpolicydb; + if (sepol_module_check_name_matches_filename(module, file)) { + fprintf(stderr, "Module name %s does not match input file %s\n", + sepol_module_get_name(module), file); + } + if (outfile) { + if (sepol_module_check_name_matches_filename(module, outfile)) { + fprintf(stderr, "Module name %s does not match output file %s\n", sepol_module_get_name(module), outfile); + } + } + } + if (modpolicydb.policy_type == POLICY_BASE && !cil) { /* Verify that we can successfully expand the base module. */ policydb_t kernpolicydb;
Since the usual convention is for the module name to be same as the base filename of the module, provide a warning message if they are different. Also warn if the output filename is different than the module name. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> --- checkpolicy/checkmodule.c | 13 +++++++++++++ 1 file changed, 13 insertions(+)