RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-04-11 04:01:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

checkpolicy/dispol: misc updates

Browse Source 
* add option to display users
* drop duplicate option to display booleans
* show number of entries before listing them
* drop global variable

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2023-12-07 17:53:36 +01:00 committed by James Carter
parent 94389f2102
commit 4d33c6753e
1 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
checkpolicy/test/dispol.c
View File

@ -33,9 +33,7 @@
#include <stdio.h> #include <stdio.h>
#include <fcntl.h> #include <fcntl.h>
static policydb_t policydb; static const struct command {
static struct command {
enum { enum {
EOL = 0, EOL = 0,
HEADER = 1, HEADER = 1,
@ -50,19 +48,19 @@ static struct command {
{CMD, '2', "display conditional AVTAB (entirely)"}, {CMD, '2', "display conditional AVTAB (entirely)"},
{CMD, '3', "display conditional AVTAB (only ENABLED rules)"}, {CMD, '3', "display conditional AVTAB (only ENABLED rules)"},
{CMD, '4', "display conditional AVTAB (only DISABLED rules)"}, {CMD, '4', "display conditional AVTAB (only DISABLED rules)"},
{CMD, '5', "display conditional bools"}, {CMD, '5', "display booleans"},
{CMD, '6', "display conditional expressions"}, {CMD, '6', "display conditional expressions"},
{CMD|NOOPT, '7', "change a boolean value"}, {CMD|NOOPT, '7', "change a boolean value"},
{CMD, '8', "display role transitions"}, {CMD, '8', "display role transitions"},
{HEADER, 0, ""}, {HEADER, 0, ""},
{CMD, 'c', "display policy capabilities"}, {CMD, 'c', "display policy capabilities"},
{CMD, 'b', "display booleans"},
{CMD, 'C', "display classes"}, {CMD, 'C', "display classes"},
{CMD, 'u', "display users"},
{CMD, 'r', "display roles"}, {CMD, 'r', "display roles"},
{CMD, 't', "display types"}, {CMD, 't', "display types"},
{CMD, 'a', "display type attributes"}, {CMD, 'a', "display type attributes"},
{CMD, 'p', "display the list of permissive types"}, {CMD, 'p', "display the list of permissive types"},
{CMD, 'u', "display unknown handling setting"}, {CMD, 'U', "display unknown handling setting"},
{CMD, 'F', "display filename_trans rules"}, {CMD, 'F', "display filename_trans rules"},
{HEADER, 0, ""}, {HEADER, 0, ""},
{CMD|NOOPT, 'f', "set output file"}, {CMD|NOOPT, 'f', "set output file"},
@ -234,17 +232,6 @@ static int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
return 0; return 0;
} }
static int display_bools(policydb_t * p, FILE * fp)
{
unsigned int i;
for (i = 0; i < p->p_bools.nprim; i++) {
fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
p->bool_val_to_struct[i]->state);
}
return 0;
}
static void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) static void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
{ {
@ -313,6 +300,8 @@ static int display_handle_unknown(policydb_t * p, FILE * out_fp)
fprintf(out_fp, "Deny unknown classes and permissions\n"); fprintf(out_fp, "Deny unknown classes and permissions\n");
else if (p->handle_unknown == REJECT_UNKNOWN) else if (p->handle_unknown == REJECT_UNKNOWN)
fprintf(out_fp, "Reject unknown classes and permissions\n"); fprintf(out_fp, "Reject unknown classes and permissions\n");
else
fprintf(out_fp, "<INVALID SETTING!>\n");
return 0; return 0;
} }
@ -334,7 +323,7 @@ static int display_booleans(policydb_t * p, FILE *fp)
{ {
uint32_t i; uint32_t i;
fprintf(fp, "booleans:\n"); fprintf(fp, "booleans (#%u):\n", p->p_bools.table->nel);
for (i = 0; i < p->p_bools.nprim; i++) { for (i = 0; i < p->p_bools.nprim; i++) {
fprintf(fp, "\t%s : %d\n", p->p_bool_val_to_name[i], fprintf(fp, "\t%s : %d\n", p->p_bool_val_to_name[i],
p->bool_val_to_struct[i]->state); p->bool_val_to_struct[i]->state);
@ -364,7 +353,7 @@ static int display_classes(policydb_t * p, FILE *fp)
{ {
uint32_t i; uint32_t i;
fprintf(fp, "classes:\n"); fprintf(fp, "classes (#%u):\n", p->p_classes.table->nel);
for (i = 0; i < p->p_classes.nprim; i++) { for (i = 0; i < p->p_classes.nprim; i++) {
if (!p->p_class_val_to_name[i]) if (!p->p_class_val_to_name[i])
continue; continue;
@ -386,7 +375,7 @@ static void display_permissive(policydb_t *p, FILE *fp)
ebitmap_node_t *node; ebitmap_node_t *node;
unsigned int i; unsigned int i;
fprintf(fp, "permissive sids:\n"); fprintf(fp, "permissive sids (#%u):\n", ebitmap_cardinality(&p->permissive_map));
ebitmap_for_each_positive_bit(&p->permissive_map, node, i) { ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
fprintf(fp, "\t"); fprintf(fp, "\t");
display_id(p, fp, SYM_TYPES, i - 1, ""); display_id(p, fp, SYM_TYPES, i - 1, "");
@ -394,11 +383,25 @@ static void display_permissive(policydb_t *p, FILE *fp)
} }
} }
static int display_users(policydb_t * p, FILE *fp)
{
uint32_t i;
fprintf(fp, "users (#%u):\n", p->p_users.table->nel);
for (i = 0; i < p->p_users.nprim; i++) {
if (!p->p_user_val_to_name[i])
continue;
fprintf(fp, "\t%s\n", p->p_user_val_to_name[i]);
}
return 0;
}
static int display_roles(policydb_t * p, FILE *fp) static int display_roles(policydb_t * p, FILE *fp)
{ {
uint32_t i; uint32_t i;
fprintf(fp, "roles:\n"); fprintf(fp, "roles (#%u):\n", p->p_roles.table->nel);
for (i = 0; i < p->p_roles.nprim; i++) { for (i = 0; i < p->p_roles.nprim; i++) {
if (!p->p_role_val_to_name[i]) if (!p->p_role_val_to_name[i])
continue; continue;
@ -412,7 +415,7 @@ static int display_types(policydb_t * p, FILE *fp)
{ {
uint32_t i; uint32_t i;
fprintf(fp, "types:\n"); fprintf(fp, "types (out of #%u):\n", p->p_types.table->nel);
for (i = 0; i < p->p_types.nprim; i++) { for (i = 0; i < p->p_types.nprim; i++) {
if (!p->p_type_val_to_name[i]) if (!p->p_type_val_to_name[i])
continue; continue;
@ -429,7 +432,7 @@ static int display_attributes(policydb_t * p, FILE *fp)
{ {
uint32_t i; uint32_t i;
fprintf(fp, "attributes:\n"); fprintf(fp, "attributes (out of #%u):\n", p->p_types.table->nel);
for (i = 0; i < p->p_types.nprim; i++) { for (i = 0; i < p->p_types.nprim; i++) {
if (!p->p_type_val_to_name[i]) if (!p->p_type_val_to_name[i])
continue; continue;
@ -522,6 +525,7 @@ int main(int argc, char **argv)
char *name; char *name;
int state; int state;
struct policy_file pf; struct policy_file pf;
policydb_t policydb;
if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0)
usage(argv[0]); usage(argv[0]);
@ -617,7 +621,7 @@ int main(int argc, char **argv)
&policydb, out_fp); &policydb, out_fp);
break; break;
case '5': case '5':
display_bools(&policydb, out_fp); display_booleans(&policydb, out_fp);
break; break;
case '6': case '6':
display_cond_expressions(&policydb, out_fp); display_cond_expressions(&policydb, out_fp);
@ -659,9 +663,6 @@ int main(int argc, char **argv)
case 'a': case 'a':
display_attributes(&policydb, out_fp); display_attributes(&policydb, out_fp);
break; break;
case 'b':
display_booleans(&policydb, out_fp);
break;
case 'c': case 'c':
display_policycaps(&policydb, out_fp); display_policycaps(&policydb, out_fp);
break; break;
@ -678,6 +679,8 @@ int main(int argc, char **argv)
display_types(&policydb, out_fp); display_types(&policydb, out_fp);
break; break;
case 'u': case 'u':
display_users(&policydb, out_fp);
break;
case 'U': case 'U':
display_handle_unknown(&policydb, out_fp); display_handle_unknown(&policydb, out_fp);
break; break;