You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
258 lines
8.7 KiB
258 lines
8.7 KiB
From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001 |
|
From: Miroslav Grepl <mgrepl@redhat.com> |
|
Date: Fri, 11 Apr 2014 18:46:24 +0200 |
|
Subject: [PATCH 09/11] Fix help message on sesearch -D |
|
|
|
--- |
|
man/sesearch.1 | 2 +- |
|
secmds/sesearch.c | 77 +++++++++++++++++-------------------------------------- |
|
2 files changed, 25 insertions(+), 54 deletions(-) |
|
|
|
diff --git a/man/sesearch.1 b/man/sesearch.1 |
|
index 573aedd..dc119eb 100644 |
|
--- a/man/sesearch.1 |
|
+++ b/man/sesearch.1 |
|
@@ -43,7 +43,7 @@ Search for allow rules. |
|
Search for neverallow rules. |
|
.IP "--auditallow" |
|
Search for auditallow rules. |
|
-.IP "--dontaudit" |
|
+.IP "-D, --dontaudit" |
|
Search for dontaudit rules. |
|
.IP "-T, --type" |
|
Search for type_transition, type_member, and type_change rules. |
|
diff --git a/secmds/sesearch.c b/secmds/sesearch.c |
|
index e1436a7..f53d670 100644 |
|
--- a/secmds/sesearch.c |
|
+++ b/secmds/sesearch.c |
|
@@ -24,6 +24,7 @@ |
|
*/ |
|
|
|
#include <config.h> |
|
+#include <selinux/selinux.h> |
|
|
|
/* libapol */ |
|
#include <apol/policy.h> |
|
@@ -61,9 +62,8 @@ enum opt_values |
|
static struct option const longopts[] = { |
|
{"allow", no_argument, NULL, 'A'}, |
|
{"neverallow", no_argument, NULL, RULE_NEVERALLOW}, |
|
- {"audit", no_argument, NULL, RULE_AUDIT}, |
|
{"auditallow", no_argument, NULL, RULE_AUDITALLOW}, |
|
- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT}, |
|
+ {"dontaudit", no_argument, NULL, 'D'}, |
|
{"type", no_argument, NULL, 'T'}, |
|
{"role_allow", no_argument, NULL, RULE_ROLE_ALLOW}, |
|
{"role_trans", no_argument, NULL, RULE_ROLE_TRANS}, |
|
@@ -72,7 +72,6 @@ static struct option const longopts[] = { |
|
|
|
{"source", required_argument, NULL, 's'}, |
|
{"target", required_argument, NULL, 't'}, |
|
- {"default", required_argument, NULL, 'D'}, |
|
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, |
|
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, |
|
{"class", required_argument, NULL, 'c'}, |
|
@@ -129,7 +128,7 @@ void usage(const char *program_name, int brief) |
|
printf(" -A, --allow allow rules\n"); |
|
printf(" --neverallow neverallow rules\n"); |
|
printf(" --auditallow auditallow rules\n"); |
|
- printf(" --dontaudit dontaudit rules\n"); |
|
+ printf(" -D, --dontaudit dontaudit rules\n"); |
|
printf(" -T, --type type_trans, type_member, and type_change\n"); |
|
printf(" --role_allow role allow rules\n"); |
|
printf(" --role_trans role_transition rules\n"); |
|
@@ -138,7 +137,6 @@ void usage(const char *program_name, int brief) |
|
printf("EXPRESSIONS:\n"); |
|
printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n"); |
|
printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n"); |
|
- printf(" -D NAME, --default=NAME rules with type NAME as default\n"); |
|
printf(" --role_source=NAME rules with role NAME as source\n"); |
|
printf(" --role_target=NAME rules with role NAME as target\n"); |
|
printf(" -c NAME, --class=NAME rules with class NAME as the object class\n"); |
|
@@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t * |
|
tmp = apol_cond_expr_render(policy, cond); |
|
enable_char = (enabled ? 'E' : 'D'); |
|
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); |
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
|
- expr = NULL; |
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
|
goto cleanup; |
|
- } |
|
free(tmp); |
|
tmp = NULL; |
|
if (!expr) |
|
@@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt |
|
qpol_iterator_destroy(&iter); |
|
enable_char = (enabled ? 'E' : 'D'); |
|
branch_char = (list ? 'T' : 'F'); |
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
|
- expr = NULL; |
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
|
goto cleanup; |
|
- } |
|
free(tmp); |
|
tmp = NULL; |
|
if (!expr) |
|
@@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt, |
|
apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect); |
|
if (opt->bool_name) |
|
apol_terule_query_set_bool(policy, teq, opt->bool_name); |
|
- if (opt->default_name) |
|
- apol_terule_query_set_default(policy, teq, opt->default_name); |
|
if (opt->class_name) { |
|
if (opt->class_vector == NULL) { |
|
if (apol_terule_query_append_class(policy, teq, opt->class_name)) { |
|
@@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t * |
|
tmp = apol_cond_expr_render(policy, cond); |
|
enable_char = (enabled ? 'E' : 'D'); |
|
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); |
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
|
- expr = NULL; |
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
|
goto cleanup; |
|
- } |
|
free(tmp); |
|
tmp = NULL; |
|
if (!expr) |
|
- goto cleanup; |
|
+ break; |
|
} |
|
} |
|
if (!(rule_str = apol_syn_terule_render(policy, rule))) |
|
@@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt |
|
qpol_iterator_destroy(&iter); |
|
enable_char = (enabled ? 'E' : 'D'); |
|
branch_char = (list ? 'T' : 'F'); |
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
|
- expr = NULL; |
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
|
goto cleanup; |
|
- } |
|
free(tmp); |
|
tmp = NULL; |
|
if (!expr) |
|
@@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, |
|
goto err; |
|
} |
|
} |
|
- |
|
if (opt->default_name) { |
|
if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) { |
|
error = errno; |
|
@@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt |
|
{ |
|
size_t i, num_filename_trans = 0; |
|
const qpol_filename_trans_t *filename_trans = NULL; |
|
- char *filename_trans_str = NULL; |
|
- qpol_iterator_t *iter = NULL; |
|
+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; |
|
|
|
if (!(num_filename_trans = apol_vector_get_size(v))) |
|
goto cleanup; |
|
|
|
- fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans); |
|
+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); |
|
|
|
for (i = 0; i < num_filename_trans; i++) { |
|
if (!(filename_trans = apol_vector_get_element(v, i))) |
|
@@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt |
|
|
|
if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans))) |
|
goto cleanup; |
|
- fprintf(stdout, "%s\n", filename_trans_str); |
|
+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : ""); |
|
free(filename_trans_str); |
|
filename_trans_str = NULL; |
|
+ free(expr); |
|
+ expr = NULL; |
|
} |
|
|
|
cleanup: |
|
+ free(tmp); |
|
free(filename_trans_str); |
|
+ free(expr); |
|
} |
|
|
|
static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) |
|
@@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt, |
|
} |
|
} |
|
|
|
- if (opt->default_name) { |
|
- if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) { |
|
- error = errno; |
|
- goto err; |
|
- } |
|
- } |
|
- |
|
if (apol_role_trans_get_by_query(policy, rtq, v)) { |
|
error = errno; |
|
goto err; |
|
@@ -973,7 +956,7 @@ int main(int argc, char **argv) |
|
|
|
memset(&cmd_opts, 0, sizeof(cmd_opts)); |
|
cmd_opts.indirect = true; |
|
- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { |
|
+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) { |
|
switch (optc) { |
|
case 0: |
|
break; |
|
@@ -1001,18 +984,6 @@ int main(int argc, char **argv) |
|
exit(1); |
|
} |
|
break; |
|
- case 'D': /* default */ |
|
- if (optarg == 0) { |
|
- usage(argv[0], 1); |
|
- printf("Missing default type for -D (--default)\n"); |
|
- exit(1); |
|
- } |
|
- cmd_opts.default_name = strdup(optarg); |
|
- if (!cmd_opts.default_name) { |
|
- |
|
- exit(1); |
|
- } |
|
- break; |
|
case EXPR_ROLE_SOURCE: |
|
if (optarg == 0) { |
|
usage(argv[0], 1); |
|
@@ -1093,7 +1064,7 @@ int main(int argc, char **argv) |
|
case RULE_AUDITALLOW: |
|
cmd_opts.auditallow = true; |
|
break; |
|
- case RULE_DONTAUDIT: |
|
+ case 'D': |
|
cmd_opts.dontaudit = true; |
|
break; |
|
case 'T': /* type */ |
|
@@ -1273,12 +1244,13 @@ int main(int argc, char **argv) |
|
fprintf(stdout, "\n"); |
|
} |
|
|
|
- apol_vector_destroy(&v); |
|
- if (perform_ft_query(policy, &cmd_opts, &v)) { |
|
- rt = 1; |
|
- goto cleanup; |
|
- } |
|
- if (v) { |
|
+ if (cmd_opts.all || cmd_opts.type) { |
|
+ apol_vector_destroy(&v); |
|
+ if (perform_ft_query(policy, &cmd_opts, &v)) { |
|
+ rt = 1; |
|
+ goto cleanup; |
|
+ } |
|
+ |
|
print_ft_results(policy, &cmd_opts, v); |
|
fprintf(stdout, "\n"); |
|
} |
|
@@ -1317,7 +1289,6 @@ int main(int argc, char **argv) |
|
apol_policy_path_destroy(&pol_path); |
|
free(cmd_opts.src_name); |
|
free(cmd_opts.tgt_name); |
|
- free(cmd_opts.default_name); |
|
free(cmd_opts.class_name); |
|
free(cmd_opts.permlist); |
|
free(cmd_opts.bool_name); |
|
-- |
|
1.8.5.3 |
|
|
|
|