From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Fri, 11 Apr 2014 18:46:24 +0200 Subject: [PATCH 09/11] Fix help message on sesearch -D --- man/sesearch.1 | 2 +- secmds/sesearch.c | 77 +++++++++++++++++-------------------------------------- 2 files changed, 25 insertions(+), 54 deletions(-) diff --git a/man/sesearch.1 b/man/sesearch.1 index 573aedd..dc119eb 100644 --- a/man/sesearch.1 +++ b/man/sesearch.1 @@ -43,7 +43,7 @@ Search for allow rules. Search for neverallow rules. .IP "--auditallow" Search for auditallow rules. -.IP "--dontaudit" +.IP "-D, --dontaudit" Search for dontaudit rules. .IP "-T, --type" Search for type_transition, type_member, and type_change rules. diff --git a/secmds/sesearch.c b/secmds/sesearch.c index e1436a7..f53d670 100644 --- a/secmds/sesearch.c +++ b/secmds/sesearch.c @@ -24,6 +24,7 @@ */ #include +#include /* libapol */ #include @@ -61,9 +62,8 @@ enum opt_values static struct option const longopts[] = { {"allow", no_argument, NULL, 'A'}, {"neverallow", no_argument, NULL, RULE_NEVERALLOW}, - {"audit", no_argument, NULL, RULE_AUDIT}, {"auditallow", no_argument, NULL, RULE_AUDITALLOW}, - {"dontaudit", no_argument, NULL, RULE_DONTAUDIT}, + {"dontaudit", no_argument, NULL, 'D'}, {"type", no_argument, NULL, 'T'}, {"role_allow", no_argument, NULL, RULE_ROLE_ALLOW}, {"role_trans", no_argument, NULL, RULE_ROLE_TRANS}, @@ -72,7 +72,6 @@ static struct option const longopts[] = { {"source", required_argument, NULL, 's'}, {"target", required_argument, NULL, 't'}, - {"default", required_argument, NULL, 'D'}, {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, {"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, {"class", required_argument, NULL, 'c'}, @@ -129,7 +128,7 @@ void usage(const char *program_name, int brief) printf(" -A, --allow allow rules\n"); printf(" --neverallow neverallow rules\n"); printf(" --auditallow auditallow rules\n"); - printf(" --dontaudit dontaudit rules\n"); + printf(" -D, --dontaudit dontaudit rules\n"); printf(" -T, --type type_trans, type_member, and type_change\n"); printf(" --role_allow role allow rules\n"); printf(" --role_trans role_transition rules\n"); @@ -138,7 +137,6 @@ void usage(const char *program_name, int brief) printf("EXPRESSIONS:\n"); printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n"); printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n"); - printf(" -D NAME, --default=NAME rules with type NAME as default\n"); printf(" --role_source=NAME rules with role NAME as source\n"); printf(" --role_target=NAME rules with role NAME as target\n"); printf(" -c NAME, --class=NAME rules with class NAME as the object class\n"); @@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t * tmp = apol_cond_expr_render(policy, cond); enable_char = (enabled ? 'E' : 'D'); branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); - if (asprintf(&expr, "[ %s ]", tmp) < 0) { - expr = NULL; + if (asprintf(&expr, "[ %s ]", tmp) < 0) goto cleanup; - } free(tmp); tmp = NULL; if (!expr) @@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt qpol_iterator_destroy(&iter); enable_char = (enabled ? 'E' : 'D'); branch_char = (list ? 'T' : 'F'); - if (asprintf(&expr, "[ %s ]", tmp) < 0) { - expr = NULL; + if (asprintf(&expr, "[ %s ]", tmp) < 0) goto cleanup; - } free(tmp); tmp = NULL; if (!expr) @@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt, apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect); if (opt->bool_name) apol_terule_query_set_bool(policy, teq, opt->bool_name); - if (opt->default_name) - apol_terule_query_set_default(policy, teq, opt->default_name); if (opt->class_name) { if (opt->class_vector == NULL) { if (apol_terule_query_append_class(policy, teq, opt->class_name)) { @@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t * tmp = apol_cond_expr_render(policy, cond); enable_char = (enabled ? 'E' : 'D'); branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); - if (asprintf(&expr, "[ %s ]", tmp) < 0) { - expr = NULL; + if (asprintf(&expr, "[ %s ]", tmp) < 0) goto cleanup; - } free(tmp); tmp = NULL; if (!expr) - goto cleanup; + break; } } if (!(rule_str = apol_syn_terule_render(policy, rule))) @@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt qpol_iterator_destroy(&iter); enable_char = (enabled ? 'E' : 'D'); branch_char = (list ? 'T' : 'F'); - if (asprintf(&expr, "[ %s ]", tmp) < 0) { - expr = NULL; + if (asprintf(&expr, "[ %s ]", tmp) < 0) goto cleanup; - } free(tmp); tmp = NULL; if (!expr) @@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, goto err; } } - if (opt->default_name) { if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) { error = errno; @@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt { size_t i, num_filename_trans = 0; const qpol_filename_trans_t *filename_trans = NULL; - char *filename_trans_str = NULL; - qpol_iterator_t *iter = NULL; + char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; if (!(num_filename_trans = apol_vector_get_size(v))) goto cleanup; - fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans); + fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); for (i = 0; i < num_filename_trans; i++) { if (!(filename_trans = apol_vector_get_element(v, i))) @@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans))) goto cleanup; - fprintf(stdout, "%s\n", filename_trans_str); + fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : ""); free(filename_trans_str); filename_trans_str = NULL; + free(expr); + expr = NULL; } cleanup: + free(tmp); free(filename_trans_str); + free(expr); } static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) @@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt, } } - if (opt->default_name) { - if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) { - error = errno; - goto err; - } - } - if (apol_role_trans_get_by_query(policy, rtq, v)) { error = errno; goto err; @@ -973,7 +956,7 @@ int main(int argc, char **argv) memset(&cmd_opts, 0, sizeof(cmd_opts)); cmd_opts.indirect = true; - while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { + while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) { switch (optc) { case 0: break; @@ -1001,18 +984,6 @@ int main(int argc, char **argv) exit(1); } break; - case 'D': /* default */ - if (optarg == 0) { - usage(argv[0], 1); - printf("Missing default type for -D (--default)\n"); - exit(1); - } - cmd_opts.default_name = strdup(optarg); - if (!cmd_opts.default_name) { - - exit(1); - } - break; case EXPR_ROLE_SOURCE: if (optarg == 0) { usage(argv[0], 1); @@ -1093,7 +1064,7 @@ int main(int argc, char **argv) case RULE_AUDITALLOW: cmd_opts.auditallow = true; break; - case RULE_DONTAUDIT: + case 'D': cmd_opts.dontaudit = true; break; case 'T': /* type */ @@ -1273,12 +1244,13 @@ int main(int argc, char **argv) fprintf(stdout, "\n"); } - apol_vector_destroy(&v); - if (perform_ft_query(policy, &cmd_opts, &v)) { - rt = 1; - goto cleanup; - } - if (v) { + if (cmd_opts.all || cmd_opts.type) { + apol_vector_destroy(&v); + if (perform_ft_query(policy, &cmd_opts, &v)) { + rt = 1; + goto cleanup; + } + print_ft_results(policy, &cmd_opts, v); fprintf(stdout, "\n"); } @@ -1317,7 +1289,6 @@ int main(int argc, char **argv) apol_policy_path_destroy(&pol_path); free(cmd_opts.src_name); free(cmd_opts.tgt_name); - free(cmd_opts.default_name); free(cmd_opts.class_name); free(cmd_opts.permlist); free(cmd_opts.bool_name); -- 1.8.5.3