From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001

From: Miroslav Grepl <mgrepl@redhat.com>

Date: Fri, 11 Apr 2014 18:46:24 +0200

Subject: [PATCH 09/11] Fix help message on sesearch -D

---

 man/sesearch.1    |  2 +-

 secmds/sesearch.c | 77 +++++++++++++++++--------------------------------------

 2 files changed, 25 insertions(+), 54 deletions(-)

diff --git a/man/sesearch.1 b/man/sesearch.1

index 573aedd..dc119eb 100644

--- a/man/sesearch.1

+++ b/man/sesearch.1

@@ -43,7 +43,7 @@ Search for allow rules.

 Search for neverallow rules.

 .IP "--auditallow"

 Search for auditallow rules.

-.IP "--dontaudit"

+.IP "-D, --dontaudit"

 Search for dontaudit rules.

 .IP "-T, --type"

 Search for type_transition, type_member, and type_change rules.

diff --git a/secmds/sesearch.c b/secmds/sesearch.c

index e1436a7..f53d670 100644

--- a/secmds/sesearch.c

+++ b/secmds/sesearch.c

@@ -24,6 +24,7 @@

  */

 #include <config.h>

+#include <selinux/selinux.h>

 /* libapol */

 #include <apol/policy.h>

@@ -61,9 +62,8 @@ enum opt_values

 static struct option const longopts[] = {

 	{"allow", no_argument, NULL, 'A'},

 	{"neverallow", no_argument, NULL, RULE_NEVERALLOW},

-	{"audit", no_argument, NULL, RULE_AUDIT},

 	{"auditallow", no_argument, NULL, RULE_AUDITALLOW},

-	{"dontaudit", no_argument, NULL, RULE_DONTAUDIT},

+	{"dontaudit", no_argument, NULL, 'D'},

 	{"type", no_argument, NULL, 'T'},

 	{"role_allow", no_argument, NULL, RULE_ROLE_ALLOW},

 	{"role_trans", no_argument, NULL, RULE_ROLE_TRANS},

@@ -72,7 +72,6 @@ static struct option const longopts[] = {

 	{"source", required_argument, NULL, 's'},

 	{"target", required_argument, NULL, 't'},

-	{"default", required_argument, NULL, 'D'},

 	{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},

 	{"role_target", required_argument, NULL, EXPR_ROLE_TARGET},

 	{"class", required_argument, NULL, 'c'},

@@ -129,7 +128,7 @@ void usage(const char *program_name, int brief)

 	printf("  -A, --allow               allow rules\n");

 	printf("  --neverallow              neverallow rules\n");

 	printf("  --auditallow              auditallow rules\n");

-	printf("  --dontaudit               dontaudit rules\n");

+	printf("  -D, --dontaudit           dontaudit rules\n");

 	printf("  -T, --type                type_trans, type_member, and type_change\n");

 	printf("  --role_allow              role allow rules\n");

 	printf("  --role_trans              role_transition rules\n");

@@ -138,7 +137,6 @@ void usage(const char *program_name, int brief)

 	printf("EXPRESSIONS:\n");

 	printf("  -s NAME, --source=NAME    rules with type/attribute NAME as source\n");

 	printf("  -t NAME, --target=NAME    rules with type/attribute NAME as target\n");

-	printf("  -D NAME, --default=NAME   rules with type NAME as default\n");

 	printf("  --role_source=NAME        rules with role NAME as source\n");

 	printf("  --role_target=NAME        rules with role NAME as target\n");

 	printf("  -c NAME, --class=NAME     rules with class NAME as the object class\n");

@@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *

 				tmp = apol_cond_expr_render(policy, cond);

 				enable_char = (enabled ? 'E' : 'D');

 				branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');

-				if (asprintf(&expr, "[ %s ]", tmp) < 0) {

-					expr = NULL;

+				if (asprintf(&expr, "[ %s ]", tmp) < 0)

 					goto cleanup;

-				}

 				free(tmp);

 				tmp = NULL;

 				if (!expr)

@@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt

 				qpol_iterator_destroy(&iter);

 				enable_char = (enabled ? 'E' : 'D');

 				branch_char = (list ? 'T' : 'F');

-				if (asprintf(&expr, "[ %s ]", tmp) < 0) {

-					expr = NULL;

+				if (asprintf(&expr, "[ %s ]", tmp) < 0)

 					goto cleanup;

-				}

 				free(tmp);

 				tmp = NULL;

 				if (!expr)

@@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt,

 		apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect);

 	if (opt->bool_name)

 		apol_terule_query_set_bool(policy, teq, opt->bool_name);

-	if (opt->default_name)

-		apol_terule_query_set_default(policy, teq, opt->default_name);

 	if (opt->class_name) {

 		if (opt->class_vector == NULL) {

 			if (apol_terule_query_append_class(policy, teq, opt->class_name)) {

@@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *

 				tmp = apol_cond_expr_render(policy, cond);

 				enable_char = (enabled ? 'E' : 'D');

 				branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');

-				if (asprintf(&expr, "[ %s ]", tmp) < 0) {

-					expr = NULL;

+				if (asprintf(&expr, "[ %s ]", tmp) < 0)

 					goto cleanup;

-				}

 				free(tmp);

 				tmp = NULL;

 				if (!expr)

-					goto cleanup;

+					break;

 			}

 		}

 		if (!(rule_str = apol_syn_terule_render(policy, rule)))

@@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt

 				qpol_iterator_destroy(&iter);

 				enable_char = (enabled ? 'E' : 'D');

 				branch_char = (list ? 'T' : 'F');

-				if (asprintf(&expr, "[ %s ]", tmp) < 0) {

-					expr = NULL;

+				if (asprintf(&expr, "[ %s ]", tmp) < 0)

 					goto cleanup;

-				}

 				free(tmp);

 				tmp = NULL;

 				if (!expr)

@@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,

 			goto err;

 		}

 	}

-

 	if (opt->default_name) {

 		if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {

 			error = errno;

@@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt

 {

 	size_t i, num_filename_trans = 0;

 	const qpol_filename_trans_t *filename_trans = NULL;

-	char *filename_trans_str = NULL;

-	qpol_iterator_t *iter = NULL;

+	char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;

 	if (!(num_filename_trans = apol_vector_get_size(v)))

 		goto cleanup;

-	fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans);

+	fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);

 	for (i = 0; i < num_filename_trans; i++) {

 		if (!(filename_trans = apol_vector_get_element(v, i)))

@@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt

 		if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))

 			goto cleanup;

-		fprintf(stdout, "%s\n", filename_trans_str);

+		fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");

 		free(filename_trans_str);

 		filename_trans_str = NULL;

+		free(expr);

+		expr = NULL;

 	}

       cleanup:

+	free(tmp);

 	free(filename_trans_str);

+	free(expr);

 }

 static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)

@@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt,

 		}

 	}

-	if (opt->default_name) {

-		if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) {

-			error = errno;

-			goto err;

-		}

-	}

-

 	if (apol_role_trans_get_by_query(policy, rtq, v)) {

 		error = errno;

 		goto err;

@@ -973,7 +956,7 @@ int main(int argc, char **argv)

 	memset(&cmd_opts, 0, sizeof(cmd_opts));

 	cmd_opts.indirect = true;

-	while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {

+	while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) {

 		switch (optc) {

 		case 0:

 			break;

@@ -1001,18 +984,6 @@ int main(int argc, char **argv)

 				exit(1);

 			}

 			break;

-		case 'D':	       /* default */

-			if (optarg == 0) {

-				usage(argv[0], 1);

-				printf("Missing default type for -D (--default)\n");

-				exit(1);

-			}

-			cmd_opts.default_name = strdup(optarg);

-			if (!cmd_opts.default_name) {

-		

-				exit(1);

-			}

-			break;

 		case EXPR_ROLE_SOURCE:

 			if (optarg == 0) {

 				usage(argv[0], 1);

@@ -1093,7 +1064,7 @@ int main(int argc, char **argv)

 		case RULE_AUDITALLOW:

 			cmd_opts.auditallow = true;

 			break;

-		case RULE_DONTAUDIT:

+		case 'D':

 			cmd_opts.dontaudit = true;

 			break;

 		case 'T':	       /* type */

@@ -1273,12 +1244,13 @@ int main(int argc, char **argv)

 		fprintf(stdout, "\n");

 	}

-	apol_vector_destroy(&v);

-	if (perform_ft_query(policy, &cmd_opts, &v)) {

-		rt = 1;

-		goto cleanup;

-	}

-	if (v) {

+	if (cmd_opts.all || cmd_opts.type) {

+		apol_vector_destroy(&v);

+		if (perform_ft_query(policy, &cmd_opts, &v)) {

+			rt = 1;

+			goto cleanup;

+		}

+

 		print_ft_results(policy, &cmd_opts, v);

 		fprintf(stdout, "\n");

 	}

@@ -1317,7 +1289,6 @@ int main(int argc, char **argv)

 	apol_policy_path_destroy(&pol_path);

 	free(cmd_opts.src_name);

 	free(cmd_opts.tgt_name);

-	free(cmd_opts.default_name);

 	free(cmd_opts.class_name);

 	free(cmd_opts.permlist);

 	free(cmd_opts.bool_name);

-- 

1.8.5.3