From patchwork Fri Apr 8 15:02:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 8784071 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 0D542C0553 for ; Fri, 8 Apr 2016 15:07:46 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 6A8A8201CD for ; Fri, 8 Apr 2016 15:07:45 +0000 (UTC) Received: from emvm-gh1-uea08.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7A99A201C7 for ; Fri, 8 Apr 2016 15:07:44 +0000 (UTC) X-TM-IMSS-Message-ID: <197ef177000ad125@nsa.gov> Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id 197ef177000ad125 ; Fri, 8 Apr 2016 11:05:47 -0400 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u38F5rPu005393; Fri, 8 Apr 2016 11:05:53 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u38F1GZW082804 for ; Fri, 8 Apr 2016 11:01:16 -0400 Received: from moss-lions.infosec.tycho.ncsc.mil (moss-lions [192.168.25.4]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u38F1FTi004320 for ; Fri, 8 Apr 2016 11:01:15 -0400 From: James Carter To: selinux@tycho.nsa.gov Subject: [PATCH 2/2 v3] checkpolicy: Fail if module name different than output base filename Date: Fri, 8 Apr 2016 11:02:33 -0400 Message-Id: <1460127753-29728-3-git-send-email-jwcart2@tycho.nsa.gov> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1460127753-29728-1-git-send-email-jwcart2@tycho.nsa.gov> References: <1460127753-29728-1-git-send-email-jwcart2@tycho.nsa.gov> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-TM-AS-MML: disable X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Since CIL treats files as modules and does not have a separate module statement it can cause confusion when a Refpolicy module has a name that is different than its base filename because older SELinux userspaces will refer to the module by its module name while a CIL-based userspace will refer to it by its filename. Because of this, have checkmodule fail when compiling a module and the output base filename is different than the module name. Signed-off-by: James Carter --- checkpolicy/checkmodule.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c index 5957d29..418f77b 100644 --- a/checkpolicy/checkmodule.c +++ b/checkpolicy/checkmodule.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -258,6 +259,25 @@ int main(int argc, char **argv) } } + if (policy_type != POLICY_BASE && outfile) { + char *mod_name = modpolicydb.name; + char *out_path = strdup(outfile); + if (out_path == NULL) { + fprintf(stderr, "%s: out of memory\n", argv[0]); + exit(1); + } + char *out_name = basename(out_path); + char *separator = strrchr(out_name, '.'); + if (separator) { + *separator = '\0'; + } + if (strcmp(mod_name, out_name) != 0) { + fprintf(stderr, "%s: Module name %s is different than the output base filename %s\n", argv[0], mod_name, out_name); + exit(1); + } + free(out_path); + } + if (modpolicydb.policy_type == POLICY_BASE && !cil) { /* Verify that we can successfully expand the base module. */ policydb_t kernpolicydb;