mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-24 06:52:12 +00:00
libsepol: Populate and use policy name
When an assertion fails, the error message refers to a generic "policy.conf" file. When parsing a policy in checkpolicy, populate its name using the original filename (source_filename is still build using the #line directives within the policy). Signed-off-by: Thiébaud Weksteen <tweek@google.com> [Merge conflicts fixed by: James Carter <jwcart2@gmail.com>] Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
parent
bc26ddc59c
commit
c900816e93
@ -99,6 +99,7 @@ int define_policy(int pass, int module_header_given)
|
||||
yyerror("no module name");
|
||||
return -1;
|
||||
}
|
||||
free(policydbp->name);
|
||||
policydbp->name = id;
|
||||
if ((policydbp->version =
|
||||
queue_remove(id_queue)) == NULL) {
|
||||
|
@ -47,6 +47,7 @@ int read_source_policy(policydb_t * p, const char *file, const char *progname)
|
||||
}
|
||||
|
||||
policydbp = p;
|
||||
policydbp->name = strdup(file);
|
||||
mlspol = p->mls;
|
||||
|
||||
init_parser(1);
|
||||
|
@ -36,13 +36,21 @@ struct avtab_match_args {
|
||||
unsigned long errors;
|
||||
};
|
||||
|
||||
static const char* policy_name(policydb_t *p) {
|
||||
const char *policy_file = "policy.conf";
|
||||
if (p->name) {
|
||||
policy_file = p->name;
|
||||
}
|
||||
return policy_file;
|
||||
}
|
||||
|
||||
static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule,
|
||||
unsigned int stype, unsigned int ttype,
|
||||
const class_perm_node_t *curperm, uint32_t perms)
|
||||
{
|
||||
if (avrule->source_filename) {
|
||||
ERR(handle, "neverallow on line %lu of %s (or line %lu of policy.conf) violated by allow %s %s:%s {%s };",
|
||||
avrule->source_line, avrule->source_filename, avrule->line,
|
||||
ERR(handle, "neverallow on line %lu of %s (or line %lu of %s) violated by allow %s %s:%s {%s };",
|
||||
avrule->source_line, avrule->source_filename, avrule->line, policy_name(p),
|
||||
p->p_type_val_to_name[stype],
|
||||
p->p_type_val_to_name[ttype],
|
||||
p->p_class_val_to_name[curperm->tclass - 1],
|
||||
@ -171,9 +179,9 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle,
|
||||
/* failure on the extended permission check_extended_permissions */
|
||||
if (rc) {
|
||||
extended_permissions_violated(&error, avrule->xperms, xperms);
|
||||
ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of policy.conf) violated by\n"
|
||||
ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n"
|
||||
"allowxperm %s %s:%s %s;",
|
||||
avrule->source_line, avrule->source_filename, avrule->line,
|
||||
avrule->source_line, avrule->source_filename, avrule->line, policy_name(p),
|
||||
p->p_type_val_to_name[i],
|
||||
p->p_type_val_to_name[j],
|
||||
p->p_class_val_to_name[curperm->tclass - 1],
|
||||
@ -187,9 +195,9 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle,
|
||||
|
||||
/* failure on the regular permissions */
|
||||
if (!found_xperm) {
|
||||
ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of policy.conf) violated by\n"
|
||||
ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n"
|
||||
"allow %s %s:%s {%s };",
|
||||
avrule->source_line, avrule->source_filename, avrule->line,
|
||||
avrule->source_line, avrule->source_filename, avrule->line, policy_name(p),
|
||||
p->p_type_val_to_name[stype],
|
||||
p->p_type_val_to_name[ttype],
|
||||
p->p_class_val_to_name[curperm->tclass - 1],
|
||||
|
@ -2970,6 +2970,9 @@ int expand_module(sepol_handle_t * handle,
|
||||
|
||||
state.out->policy_type = POLICY_KERN;
|
||||
state.out->policyvers = POLICYDB_VERSION_MAX;
|
||||
if (state.base->name) {
|
||||
state.out->name = strdup(state.base->name);
|
||||
}
|
||||
|
||||
/* Copy mls state from base to out */
|
||||
out->mls = base->mls;
|
||||
|
Loading…
Reference in New Issue
Block a user