From 8fb9a4571d3db8675ec12ba5ee1e2f2c3cefbeec Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 4 Aug 2011 09:53:34 -0400
Subject: [PATCH] policycoreutils: semodule_package: Add semodule_unpackage
 executable

Much like semodule_package this utility will unpack!

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
---
 policycoreutils/semodule_package/Makefile     |   4 +-
 .../semodule_package/semodule_package.8       |   2 +-
 .../semodule_package/semodule_unpackage.8     |  24 ++++
 .../semodule_package/semodule_unpackage.c     | 103 ++++++++++++++++++
 4 files changed, 131 insertions(+), 2 deletions(-)
 create mode 100644 policycoreutils/semodule_package/semodule_unpackage.8
 create mode 100644 policycoreutils/semodule_package/semodule_unpackage.c

diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile
index 0a4a3a61..f84cd7e1 100644
--- a/policycoreutils/semodule_package/Makefile
+++ b/policycoreutils/semodule_package/Makefile
@@ -9,15 +9,17 @@ CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
 LDLIBS = -lsepol -lselinux -L$(LIBDIR)
 
-all: semodule_package
+all: semodule_package semodule_unpackage
 
 semodule_package:  semodule_package.o 
 
 install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 semodule_package $(BINDIR)
+	install -m 755 semodule_unpackage $(BINDIR)
 	test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
 	install -m 644 semodule_package.8 $(MANDIR)/man8/
+	install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
 
 relabel:
 
diff --git a/policycoreutils/semodule_package/semodule_package.8 b/policycoreutils/semodule_package/semodule_package.8
index 29c9eb23..ddad2d2b 100644
--- a/policycoreutils/semodule_package/semodule_package.8
+++ b/policycoreutils/semodule_package/semodule_package.8
@@ -44,7 +44,7 @@ File contexts file for the module (optional).
 netfilter context file to be included in the package.
 
 .SH SEE ALSO
-.B checkmodule(8), semodule(8)
+.B checkmodule(8), semodule(8), semodule_unpackage(8)
 .SH AUTHORS
 .nf
 This manual page was written by Dan Walsh <dwalsh@redhat.com>.
diff --git a/policycoreutils/semodule_package/semodule_unpackage.8 b/policycoreutils/semodule_package/semodule_unpackage.8
new file mode 100644
index 00000000..62dd53e3
--- /dev/null
+++ b/policycoreutils/semodule_package/semodule_unpackage.8
@@ -0,0 +1,24 @@
+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_unpackage \- Extract polciy module and file context file from an SELinux policy module unpackage.
+
+.SH SYNOPSIS
+.B semodule_unpackage <module> [<file contexts>]
+.br
+.SH DESCRIPTION
+.PP
+semodule_unpackage is the tool used to extract the SELinux policy module
+ and file context file from an SELinux Policy Package.
+
+.SH EXAMPLE
+.nf
+# Extract the httpd module file from httpd policy package.
+$ semodule_unpackage httpd.pp httpd.mod httpd.fc
+.fi
+
+.SH SEE ALSO
+.B semodule_package(8)
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/policycoreutils/semodule_package/semodule_unpackage.c b/policycoreutils/semodule_package/semodule_unpackage.c
new file mode 100644
index 00000000..0120ee43
--- /dev/null
+++ b/policycoreutils/semodule_package/semodule_unpackage.c
@@ -0,0 +1,103 @@
+#include <sepol/module.h>
+#include <getopt.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <errno.h>
+
+char *progname = NULL;
+extern char *optarg;
+
+static void usage(char *progname)
+{
+	printf("usage: %s ppfile modfile [fcfile]\n", progname);
+	exit(1);
+}
+
+static int file_to_policy_file(char *filename, struct sepol_policy_file **pf, char *mode)
+{
+	FILE *f;
+
+	if (sepol_policy_file_create(pf)) {
+		fprintf(stderr, "%s:  Out of memory\n", progname);
+		return -1;
+	}
+
+	f = fopen(filename, mode);
+	if (!f) {
+		fprintf(stderr, "%s:  Could not open file %s:  %s\n", progname, strerror(errno), filename);
+		return -1;
+	}
+	sepol_policy_file_set_fp(*pf, f);
+	return 0;
+}
+
+int main(int argc, char **argv)
+{
+	struct sepol_module_package *pkg;
+	struct sepol_policy_file *in, *out;
+	FILE *fp;
+	size_t len;
+	char *ppfile, *modfile, *fcfile = NULL, *fcdata;
+
+	progname = argv[0];
+
+	if (argc < 3) {
+		usage(progname);
+		exit(1);
+	}
+
+	ppfile = argv[1];
+	modfile = argv[2];
+	if (argc >= 3)
+		fcfile = argv[3];
+
+	if (file_to_policy_file(ppfile, &in, "r"))
+		exit(1);
+
+	if (sepol_module_package_create(&pkg)) {
+                fprintf(stderr, "%s:  Out of memory\n", progname);
+                exit(1);
+	}
+
+	if (sepol_module_package_read(pkg, in, 0) == -1) {
+                fprintf(stderr, "%s:  Error while reading policy module from %s\n",
+			progname, ppfile);
+                exit(1);
+	}
+
+	if (file_to_policy_file(modfile, &out, "w"))
+		exit(1);
+
+        if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) {
+                fprintf(stderr, "%s:  Error while writing module to %s\n", progname, modfile);
+                exit(1);
+        }
+
+	sepol_policy_file_free(in);
+	sepol_policy_file_free(out);
+
+	len = sepol_module_package_get_file_contexts_len(pkg);
+	if (fcfile && len) {
+		fp = fopen(fcfile, "w");
+		if (!fp) {
+			fprintf(stderr, "%s:  Could not open file %s:  %s\n", progname, strerror(errno), fcfile);
+			exit(1);
+		}
+		fcdata = sepol_module_package_get_file_contexts(pkg);
+		if (fwrite(fcdata, 1, len, fp) != len) {
+			fprintf(stderr, "%s:  Could not write file %s:  %s\n", progname, strerror(errno), fcfile);
+			exit(1);
+		}
+		fclose(fp);
+	}
+
+	sepol_module_package_free(pkg);
+	exit(0);
+}