Home | History | Annotate | Download | only in pp 
      1 /*
      2  * Copyright (C) 2014  Tresys Technology, LLC
      3  *
      4  * This program is free software; you can redistribute it and/or
      5  * modify it under the terms of the GNU General Public License
      6  * as published by the Free Software Foundation; either version 2
      7  * of the License, or (at your option) any later version.
      8  *
      9  * This program is distributed in the hope that it will be useful,
     10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     12  * GNU General Public License for more details.
     13  *
     14  * You should have received a copy of the GNU General Public License
     15  * along with this program; if not, write to the Free Software
     16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
     17  * 02110-1301, USA.
     18  */
     19 
     20 #include <errno.h>
     21 #include <getopt.h>
     22 #include <libgen.h>
     23 #include <signal.h>
     24 #include <stdarg.h>
     25 #include <stdlib.h>
     26 #include <string.h>
     27 #include <unistd.h>
     28 
     29 #include <sepol/module.h>
     30 #include <sepol/module_to_cil.h>
     31 #include <sepol/policydb/module.h>
     32 
     33 char *progname;
     34 
     35 __attribute__ ((format(printf, 1, 2)))
     36 static void log_err(const char *fmt, ...)
     37 {
     38 	va_list argptr;
     39 	va_start(argptr, fmt);
     40 	if (vfprintf(stderr, fmt, argptr) < 0) {
     41 		_exit(EXIT_FAILURE);
     42 	}
     43 	va_end(argptr);
     44 	if (fprintf(stderr, "\n") < 0) {
     45 		_exit(EXIT_FAILURE);
     46 	}
     47 }
     48 
     49 static __attribute__((__noreturn__)) void usage(int err)
     50 {
     51 	fprintf(stderr, "Usage: %s [OPTIONS] [IN_FILE [OUT_FILE]]\n", progname);
     52 	fprintf(stderr, "\n");
     53 	fprintf(stderr, "Read an SELinux policy package (.pp) and output the equivilent CIL.\n");
     54 	fprintf(stderr, "If IN_FILE is not provided or is -, read SELinux policy package from\n");
     55 	fprintf(stderr, "standard input. If OUT_FILE is not provided or is -, output CIL to\n");
     56 	fprintf(stderr, "standard output.\n");
     57 	fprintf(stderr, "\n");
     58 	fprintf(stderr, "Options:\n");
     59 	fprintf(stderr, "  -h, --help      print this message and exit\n");
     60 	exit(err);
     61 }
     62 
     63 int main(int argc, char **argv)
     64 {
     65 	int rc = -1;
     66 	int opt;
     67 	static struct option long_opts[] = {
     68 		{ "help", 0, NULL, 'h' },
     69 		{ NULL, 0, NULL, 0 }
     70 	};
     71 	struct sepol_module_package *mod_pkg = NULL;
     72 	const char *ifile = NULL;
     73 	const char *ofile = NULL;
     74 	FILE *in = NULL;
     75 	FILE *out = NULL;
     76 	int outfd = -1;
     77 
     78 	// ignore sigpipe so we can check the return code of write, and potentially
     79 	// return a more helpful error message
     80 	signal(SIGPIPE, SIG_IGN);
     81 
     82 	progname = basename(argv[0]);
     83 
     84 	while ((opt = getopt_long(argc, argv, "h", long_opts, NULL)) != -1) {
     85 		switch (opt) {
     86 		case 'h':
     87 			usage(0);
     88 		case '?':
     89 		default:
     90 			usage(1);
     91 		}
     92 	}
     93 
     94 	if (argc >= optind + 1 && strcmp(argv[1], "-") != 0) {
     95 		ifile = argv[1];
     96 		in = fopen(ifile, "rb");
     97 		if (in == NULL) {
     98 			log_err("Failed to open %s: %s", ifile, strerror(errno));
     99 			rc = -1;
    100 			goto exit;
    101 		}
    102 	} else {
    103 		ifile = "stdin";
    104 		in = stdin;
    105 	}
    106 
    107 	if (argc >= optind + 2 && strcmp(argv[2], "-") != 0) {
    108 		ofile = argv[2];
    109 		out = fopen(ofile, "w");
    110 		if (out == NULL) {
    111 			log_err("Failed to open %s: %s", ofile, strerror(errno));
    112 			rc = -1;
    113 			goto exit;
    114 		}
    115 	} else {
    116 		out = stdout;
    117 	}
    118 
    119 	if (argc >= optind + 3) {
    120 		log_err("Too many arguments");
    121 		usage(1);
    122 	}
    123 
    124 	rc = sepol_ppfile_to_module_package(in, &mod_pkg);
    125 	if (rc != 0) {
    126 		goto exit;
    127 	}
    128 	fclose(in);
    129 	in = NULL;
    130 
    131 	if (ofile) {
    132 		char *mod_name = mod_pkg->policy->p.name;
    133 		char *cil_path = strdup(ofile);
    134 		if (cil_path == NULL) {
    135 			log_err("No memory available for strdup\n");
    136 			rc = -1;
    137 			goto exit;
    138 		}
    139 		char *cil_name = basename(cil_path);
    140 		char *separator = strrchr(cil_name, '.');
    141 		if (separator) {
    142 			*separator = '\0';
    143 		}
    144 		if (mod_name && strcmp(mod_name, cil_name) != 0) {
    145 			fprintf(stderr,	"Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, mod_name, cil_name);
    146 		}
    147 		free(cil_path);
    148 	}
    149 
    150 	rc = sepol_module_package_to_cil(out, mod_pkg);
    151 	if (rc != 0) {
    152 		goto exit;
    153 	}
    154 
    155 exit:
    156 	if (in != NULL) {
    157 		fclose(in);
    158 	}
    159 	if (out != NULL) {
    160 		fclose(out);
    161 	}
    162 	if (outfd != -1) {
    163 		close(outfd);
    164 		if (rc != 0) {
    165 			unlink(argv[2]);
    166 		}
    167 	}
    168 	sepol_module_package_free(mod_pkg);
    169 
    170 	return rc;
    171 }
    172