Commit Graph

6 Commits

Author SHA1 Message Date
Huaxin Lu
04613f6875 secilc: add check for malloc in secilc
Check the return value of malloc() to avoid null pointer reference.

Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Acked-by: James Carter <jwcart2@gmail.com>
2023-08-04 13:52:55 -04:00
Christian Göttsche
6d93701f39 secilc: fix memory leaks in secilc2conf
When specifying -o more than once, the previous allocation leaks.

Found by scan-build.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-07-19 10:42:45 -04:00
James Carter
532a4cc336
libsepol/cil: Add support for using qualified names to secil2conf
Provide the option "-Q" or "--qualified-names" to indicate that the
policy is using qualified names.

Using qualified names means that declaration names can have "dots"
in them, but blocks, blockinherits, blockabstracts, and in-statements
are not allowed in the policy.

The libsepol function cil_set_qualified_names() is called with the
desired value for the CIL db's "qualified_names" field.

Signed-off-by: James Carter <jwcart2@gmail.com>
2021-07-03 16:00:30 +02:00
James Carter
ea175157dd secilc: Add options to control the expansion of attributes
Added "-G, --expand_generated" option to specify that all automatically
generated attributes should be expanded and removed.

Added "-X, --expand_size <SIZE>" option to specify which attributes
are expanded when building a kernel policy. All attributes that have
less types assigned to it than SIZE will be expanded when writing AV
rules.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2017-04-12 14:33:55 -04:00
Nicolas Iooss
840a7c9180 secilc: add noreturn attribute to usage()
While at it, make usage() static and mark its argument as const.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-03-07 14:00:30 -05:00
James Carter
93e677d830 secilc: Add secil2conf which creates a policy.conf from CIL policy
The program secil2conf uses the libsepol function
cil_write_policy_conf() to create a policy.conf file from CIL policy.

By default a file called "policy.conf" will be created, but the "-o"
option can be used to write to a different file. The "-M" option can
be used to override the mls statement in CIL. The "-P" option will
cause tunables to be treated as booleans.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-11-30 10:18:19 -05:00