From 9be4e7454dc99afa7b556fa85da5e500f5f754cb Mon Sep 17 00:00:00 2001 From: Masatake YAMATO Date: Sat, 19 Oct 2019 19:26:56 +0900 Subject: [PATCH] checkpolicy: allow to write policy to stdout If - is given as filename for -o option, checkpolicy writes the policy to standard output. This helps users to read policy.conf and/or CIL policy file with pager like less command: $ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less The users don't have to make a temporary file. /dev/stdout can be used instead. However, - reduces the number of typing for the purpose. Using - for standard output (and/or standard input) is popular convention. Change(s) in v2: * Check the availability of output stream only when opening a regualar file. Suggested by Stephen Smalley . Signed-off-by: Masatake YAMATO --- checkpolicy/checkpolicy.8 | 5 +++-- checkpolicy/checkpolicy.c | 22 +++++++++++++++------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 index db57751c..bdfd6acd 100644 --- a/checkpolicy/checkpolicy.8 +++ b/checkpolicy/checkpolicy.8 @@ -3,7 +3,7 @@ checkpolicy \- SELinux policy compiler .SH SYNOPSIS .B checkpolicy -.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" .br .SH "DESCRIPTION" This manual page describes the @@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest. .TP .B \-o,\-\-output filename Write a policy file (binary, policy.conf, or CIL policy) -to the specified filename. +to the specified filename. If - is given as filename, +write it to standard output. .TP .B \-S,\-\-sort Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index e18de171..7c5b63f8 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) { printf ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] " - "[-c policyvers (%d-%d)] [-o output_file] [-S] " + "[-c policyvers (%d-%d)] [-o output_file|-] [-S] " "[-t target_platform (selinux,xen)] [-V] [input_file]\n", progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); exit(1); @@ -390,7 +390,8 @@ int main(int argc, char **argv) struct sepol_av_decision avd; class_datum_t *cladatum; const char *file = txtfile; - char ans[80 + 1], *outfile = NULL, *path, *fstype; + char ans[80 + 1], *path, *fstype; + const char *outfile = NULL; size_t scontext_len, pathlen; unsigned int i; unsigned int protocol, port; @@ -638,10 +639,15 @@ int main(int argc, char **argv) } if (outfile) { - outfp = fopen(outfile, "w"); - if (!outfp) { - perror(outfile); - exit(1); + if (!strcmp(outfile, "-")) { + outfp = stdout; + outfile = ""; + } else { + outfp = fopen(outfile, "w"); + if (!outfp) { + perror(outfile); + exit(1); + } } policydb.policyvers = policyvers; @@ -682,7 +688,9 @@ int main(int argc, char **argv) } } - fclose(outfp); + if (outfp != stdout) { + fclose(outfp); + } } else if (cil) { fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); exit(1);