Commit Graph

5 Commits

Author SHA1 Message Date
Christian Göttsche
c14a86af9a python/audit2allow: close file stream on error
sepolgen-ifgen-attr-helper.c: In function ‘load_policy’:
    sepolgen-ifgen-attr-helper.c:196:17: warning: leak of FILE ‘fp’ [CWE-775] [-Wanalyzer-file-leak]
      196 |                 fprintf(stderr, "Out of memory!\n");
          |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
2022-06-15 08:58:54 -04:00
Christian Göttsche
c09d63852e python: mark local functions static
sepolgen-ifgen-attr-helper.c:59:5: warning: no previous prototype for ‘render_access_mask’ [-Wmissing-prototypes]
       59 | int render_access_mask(uint32_t av, avtab_key_t *key, policydb_t *policydbp,
          |     ^~~~~~~~~~~~~~~~~~
    sepolgen-ifgen-attr-helper.c:114:5: warning: no previous prototype for ‘output_avrule’ [-Wmissing-prototypes]
      114 | int output_avrule(avtab_key_t *key, avtab_datum_t *datum, void *args)
          |     ^~~~~~~~~~~~~
    sepolgen-ifgen-attr-helper.c:220:6: warning: no previous prototype for ‘usage’ [-Wmissing-prototypes]
      220 | void usage(char *progname)
          |      ^~~~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-11-15 16:00:54 -05:00
W. Michael Petullo
ccd973f721
python/audit2allow: add #include <limits.h> to sepolgen-ifgen-attr-helper.c
I found that building on OpenWrt/musl failed with:

  sepolgen-ifgen-attr-helper.c:152:16: error: 'PATH_MAX' undeclared ...

Musl is less "generous" than glibc in recursively including header
files, and I suspect this is the reason for this error. Explicitly
including limits.h fixes the problem.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-07-21 08:14:43 +02:00
Christian Göttsche
4613038d8e sepolgen-ifgen: refactor default policy path retrieval
On a SELinux disabled system the python call
`selinux.security_policyvers()` will fail.

Move the logic to find a binary policy from the python script
`sepolgen-ifgen` to the C-helper `sepolgen-ifgen-attr-helper`.
Change the helper command line interface to accept an optional policy
path as second argument.  If not given try the current loaded policy
(`selinux_current_policy_path`) and if running on a SELinux disabled
system iterate over the default store path appending policy versions
starting at the maximum supported policy version
(`sepol_policy_kern_vers_max`).

This changes the helper command line interface from:
    sepolgen-ifgen-attr-helper policy_file out_file
to
    sepolgen-ifgen-attr-helper out_file [policy_file]
and adds a linkage to libselinux.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
2020-06-18 19:32:07 +02:00
Stephen Smalley
b97d959a6a Move policycoreutils/sepolgen-ifgen into python/audit2allow.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00