From patchwork Tue Apr 19 14:26:05 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 8880801 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 8C615BF29F for ; Tue, 19 Apr 2016 14:30:08 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D4FBF202A1 for ; Tue, 19 Apr 2016 14:30:07 +0000 (UTC) Received: from emvm-gh1-uea09.nsa.gov (emvm-gh1-uea09.nsa.gov [8.44.101.9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EC4782026F for ; Tue, 19 Apr 2016 14:30:06 +0000 (UTC) X-TM-IMSS-Message-ID: <9de03ed10005b58d@nsa.gov> Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov ([10.208.42.194]) with ESMTP (TREND IMSS SMTP Service 7.1) id 9de03ed10005b58d ; Tue, 19 Apr 2016 10:27:39 -0400 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3JERwYT005901; Tue, 19 Apr 2016 10:27:58 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u3JEOYte054985 for ; Tue, 19 Apr 2016 10:24:34 -0400 Received: from moss-lions.infosec.tycho.ncsc.mil (moss-lions [192.168.25.4]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3JEOYFN005142 for ; Tue, 19 Apr 2016 10:24:34 -0400 From: James Carter To: selinux@tycho.nsa.gov Subject: [PATCH 6/6] libsepol: When generating CIL use HLL line mark for neverallows Date: Tue, 19 Apr 2016 10:26:05 -0400 Message-Id: <1461075965-17161-7-git-send-email-jwcart2@tycho.nsa.gov> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1461075965-17161-1-git-send-email-jwcart2@tycho.nsa.gov> References: <1461075965-17161-1-git-send-email-jwcart2@tycho.nsa.gov> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-TM-AS-MML: disable X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When converting pp files to CIL or generating CIL using checkpolicy or checkmodule use CIL's HLL line mark annotations to record the original file and line numbers for neverallow rules so that CIL can produce more informative error messages. (Unfortunately, the original line number information is not saved in pp files, so there is no benefit for policy modules.) This is only done for neverallow rules currently. Signed-off-by: James Carter --- libsepol/src/module_to_cil.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index b478d9f..f79264e 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -1070,6 +1070,10 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a struct type_set *ts; for (avrule = avrule_list; avrule != NULL; avrule = avrule->next) { + if (avrule->specified == AVRULE_NEVERALLOW && avrule->source_filename) { + cil_println(0, ";;* lmx %lu %s\n",avrule->source_line, avrule->source_filename); + } + ts = &avrule->stypes; rc = process_typeset(indent, pdb, ts, attr_list, &snames, &num_snames); if (rc != 0) { @@ -1100,6 +1104,10 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a names_destroy(&snames, &num_snames); names_destroy(&tnames, &num_tnames); + + if (avrule->specified == AVRULE_NEVERALLOW && avrule->source_filename) { + cil_println(0, ";;* lme\n"); + } } return 0;