From patchwork Thu Oct 17 07:05:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masatake YAMATO X-Patchwork-Id: 11194891 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 227C813BD for ; Thu, 17 Oct 2019 07:05:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0CED420640 for ; Thu, 17 Oct 2019 07:05:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392640AbfJQHFW (ORCPT ); Thu, 17 Oct 2019 03:05:22 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:56638 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2390918AbfJQHFW (ORCPT ); Thu, 17 Oct 2019 03:05:22 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EC859405C63A for ; Thu, 17 Oct 2019 07:05:21 +0000 (UTC) Received: from slave.localdomain.com (unknown [10.64.193.217]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2F25C2166BA1; Thu, 17 Oct 2019 07:05:20 +0000 (UTC) From: Masatake YAMATO To: selinux@vger.kernel.org Cc: yamato@redhat.com Subject: [PATCH 1/3] checkpolicy: remove a redundant if-condition Date: Thu, 17 Oct 2019 16:05:11 +0900 Message-Id: <20191017070513.13445-1-yamato@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Thu, 17 Oct 2019 07:05:21 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Thu, 17 Oct 2019 07:05:21 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'yamato@redhat.com' RCPT:'' Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Inner if-condition in following code is redundant: if (outfile) { /* ... just referring outfile ... */ if (outfile) { do_something(); } } We can simplify this to: if (outfile) { /* ... just referring outfile ... */ do_something(); } Signed-off-by: Masatake YAMATO --- checkpolicy/checkpolicy.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index f928ec06..e18de171 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -682,9 +682,7 @@ int main(int argc, char **argv) } } - if (outfile) { - fclose(outfp); - } + fclose(outfp); } else if (cil) { fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); exit(1); From patchwork Thu Oct 17 07:05:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masatake YAMATO X-Patchwork-Id: 11194893 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3E79014DB for ; Thu, 17 Oct 2019 07:05:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 28B1520640 for ; Thu, 17 Oct 2019 07:05:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392745AbfJQHFe (ORCPT ); Thu, 17 Oct 2019 03:05:34 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:55926 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2390955AbfJQHFe (ORCPT ); Thu, 17 Oct 2019 03:05:34 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EFEC28012661 for ; Thu, 17 Oct 2019 07:05:33 +0000 (UTC) Received: from slave.localdomain.com (unknown [10.64.193.217]) by smtp.corp.redhat.com (Postfix) with ESMTP id 339302156A2F; Thu, 17 Oct 2019 07:05:33 +0000 (UTC) From: Masatake YAMATO To: selinux@vger.kernel.org Cc: yamato@redhat.com Subject: [PATCH 2/3] checkpolicy: update the description for -o option in the man page Date: Thu, 17 Oct 2019 16:05:12 +0900 Message-Id: <20191017070513.13445-2-yamato@redhat.com> In-Reply-To: <20191017070513.13445-1-yamato@redhat.com> References: <20191017070513.13445-1-yamato@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Thu, 17 Oct 2019 07:05:33 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Thu, 17 Oct 2019 07:05:33 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'yamato@redhat.com' RCPT:'' Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Write about policy.conf and CIL files. Signed-off-by: Masatake YAMATO --- checkpolicy/checkpolicy.8 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 index 1552f497..db57751c 100644 --- a/checkpolicy/checkpolicy.8 +++ b/checkpolicy/checkpolicy.8 @@ -40,7 +40,8 @@ Enable the MLS policy when checking and compiling the policy. Specify the policy version, defaults to the latest. .TP .B \-o,\-\-output filename -Write a binary policy file to the specified filename. +Write a policy file (binary, policy.conf, or CIL policy) +to the specified filename. .TP .B \-S,\-\-sort Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. From patchwork Thu Oct 17 07:05:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masatake YAMATO X-Patchwork-Id: 11194895 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9DE1D14DB for ; Thu, 17 Oct 2019 07:05:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 88B88214E0 for ; Thu, 17 Oct 2019 07:05:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392761AbfJQHFj (ORCPT ); Thu, 17 Oct 2019 03:05:39 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:55930 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2390955AbfJQHFj (ORCPT ); Thu, 17 Oct 2019 03:05:39 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 948998012661 for ; Thu, 17 Oct 2019 07:05:37 +0000 (UTC) Received: from slave.localdomain.com (unknown [10.64.193.217]) by smtp.corp.redhat.com (Postfix) with ESMTP id CCCAF2156A2F; Thu, 17 Oct 2019 07:05:36 +0000 (UTC) From: Masatake YAMATO To: selinux@vger.kernel.org Cc: yamato@redhat.com Subject: [PATCH 3/3] checkpolicy: allow to write policy to stdout Date: Thu, 17 Oct 2019 16:05:13 +0900 Message-Id: <20191017070513.13445-3-yamato@redhat.com> In-Reply-To: <20191017070513.13445-1-yamato@redhat.com> References: <20191017070513.13445-1-yamato@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Thu, 17 Oct 2019 07:05:37 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Thu, 17 Oct 2019 07:05:37 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'yamato@redhat.com' RCPT:'' Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org If - is given as filename for -o option, checkpolicy writes the policy to standard output. This helps users to read policy.conf and/or CIL policy file with pager like less command: $ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less The users don't have to make a temporary file. /dev/stdout can be used instead. However, - reduces the number of typing for the purpose. Using - for standard output (and/or standard input) is popular convention. Signed-off-by: Masatake YAMATO --- checkpolicy/checkpolicy.8 | 5 +++-- checkpolicy/checkpolicy.c | 24 +++++++++++++++++++----- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 index db57751c..bdfd6acd 100644 --- a/checkpolicy/checkpolicy.8 +++ b/checkpolicy/checkpolicy.8 @@ -3,7 +3,7 @@ checkpolicy \- SELinux policy compiler .SH SYNOPSIS .B checkpolicy -.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" .br .SH "DESCRIPTION" This manual page describes the @@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest. .TP .B \-o,\-\-output filename Write a policy file (binary, policy.conf, or CIL policy) -to the specified filename. +to the specified filename. If - is given as filename, +write it to standard output. .TP .B \-S,\-\-sort Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index e18de171..81bd2a9d 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) { printf ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] " - "[-c policyvers (%d-%d)] [-o output_file] [-S] " + "[-c policyvers (%d-%d)] [-o output_file|-] [-S] " "[-t target_platform (selinux,xen)] [-V] [input_file]\n", progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); exit(1); @@ -390,7 +390,8 @@ int main(int argc, char **argv) struct sepol_av_decision avd; class_datum_t *cladatum; const char *file = txtfile; - char ans[80 + 1], *outfile = NULL, *path, *fstype; + char ans[80 + 1], *path, *fstype; + const char *outfile = NULL; size_t scontext_len, pathlen; unsigned int i; unsigned int protocol, port; @@ -638,9 +639,20 @@ int main(int argc, char **argv) } if (outfile) { - outfp = fopen(outfile, "w"); + int use_stdout = !strcmp(outfile, "-"); + if (use_stdout) { + outfp = stdout; + outfile = ""; + } else { + outfp = fopen(outfile, "w"); + } + if (!outfp) { - perror(outfile); + if (use_stdout) + fprintf(stderr, "%s: error to use %s\n", + argv[0], outfile); + else + perror(outfile); exit(1); } @@ -682,7 +694,9 @@ int main(int argc, char **argv) } } - fclose(outfp); + if (outfp != stdout) { + fclose(outfp); + } } else if (cil) { fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); exit(1);