1/* 2 * Copyright (C) 2014 Tresys Technology, LLC 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 17 * 02110-1301, USA. 18 */ 19 20#include <errno.h> 21#include <getopt.h> 22#include <libgen.h> 23#include <signal.h> 24#include <stdarg.h> 25#include <stdlib.h> 26#include <string.h> 27#include <unistd.h> 28 29#include <sepol/module.h> 30#include <sepol/module_to_cil.h> 31#include <sepol/policydb/module.h> 32 33char *progname; 34 35__attribute__ ((format(printf, 1, 2))) 36static void log_err(const char *fmt, ...) 37{ 38 va_list argptr; 39 va_start(argptr, fmt); 40 if (vfprintf(stderr, fmt, argptr) < 0) { 41 _exit(EXIT_FAILURE); 42 } 43 va_end(argptr); 44 if (fprintf(stderr, "\n") < 0) { 45 _exit(EXIT_FAILURE); 46 } 47} 48 49static __attribute__((__noreturn__)) void usage(int err) 50{ 51 fprintf(stderr, "Usage: %s [OPTIONS] [IN_FILE [OUT_FILE]]\n", progname); 52 fprintf(stderr, "\n"); 53 fprintf(stderr, "Read an SELinux policy package (.pp) and output the equivilent CIL.\n"); 54 fprintf(stderr, "If IN_FILE is not provided or is -, read SELinux policy package from\n"); 55 fprintf(stderr, "standard input. If OUT_FILE is not provided or is -, output CIL to\n"); 56 fprintf(stderr, "standard output.\n"); 57 fprintf(stderr, "\n"); 58 fprintf(stderr, "Options:\n"); 59 fprintf(stderr, " -h, --help print this message and exit\n"); 60 exit(err); 61} 62 63int main(int argc, char **argv) 64{ 65 int rc = -1; 66 int opt; 67 static struct option long_opts[] = { 68 { "help", 0, NULL, 'h' }, 69 { NULL, 0, NULL, 0 } 70 }; 71 struct sepol_module_package *mod_pkg = NULL; 72 const char *ifile = NULL; 73 const char *ofile = NULL; 74 FILE *in = NULL; 75 FILE *out = NULL; 76 int outfd = -1; 77 78 // ignore sigpipe so we can check the return code of write, and potentially 79 // return a more helpful error message 80 signal(SIGPIPE, SIG_IGN); 81 82 progname = basename(argv[0]); 83 84 while ((opt = getopt_long(argc, argv, "h", long_opts, NULL)) != -1) { 85 switch (opt) { 86 case 'h': 87 usage(0); 88 case '?': 89 default: 90 usage(1); 91 } 92 } 93 94 if (argc >= optind + 1 && strcmp(argv[1], "-") != 0) { 95 ifile = argv[1]; 96 in = fopen(ifile, "rb"); 97 if (in == NULL) { 98 log_err("Failed to open %s: %s", ifile, strerror(errno)); 99 rc = -1; 100 goto exit; 101 } 102 } else { 103 ifile = "stdin"; 104 in = stdin; 105 } 106 107 if (argc >= optind + 2 && strcmp(argv[2], "-") != 0) { 108 ofile = argv[2]; 109 out = fopen(ofile, "w"); 110 if (out == NULL) { 111 log_err("Failed to open %s: %s", ofile, strerror(errno)); 112 rc = -1; 113 goto exit; 114 } 115 } else { 116 out = stdout; 117 } 118 119 if (argc >= optind + 3) { 120 log_err("Too many arguments"); 121 usage(1); 122 } 123 124 rc = sepol_ppfile_to_module_package(in, &mod_pkg); 125 if (rc != 0) { 126 goto exit; 127 } 128 fclose(in); 129 in = NULL; 130 131 if (ofile) { 132 char *mod_name = mod_pkg->policy->p.name; 133 char *cil_path = strdup(ofile); 134 if (cil_path == NULL) { 135 log_err("No memory available for strdup\n"); 136 rc = -1; 137 goto exit; 138 } 139 char *cil_name = basename(cil_path); 140 char *separator = strrchr(cil_name, '.'); 141 if (separator) { 142 *separator = '\0'; 143 } 144 if (mod_name && strcmp(mod_name, cil_name) != 0) { 145 fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, mod_name, cil_name); 146 } 147 free(cil_path); 148 } 149 150 rc = sepol_module_package_to_cil(out, mod_pkg); 151 if (rc != 0) { 152 goto exit; 153 } 154 155exit: 156 if (in != NULL) { 157 fclose(in); 158 } 159 if (out != NULL) { 160 fclose(out); 161 } 162 if (outfd != -1) { 163 close(outfd); 164 if (rc != 0) { 165 unlink(argv[2]); 166 } 167 } 168 sepol_module_package_free(mod_pkg); 169 170 return rc; 171} 172