From patchwork Wed May 4 20:41:06 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 9018731 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 64C49BF29F for ; Wed, 4 May 2016 20:42:47 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id BD20620397 for ; Wed, 4 May 2016 20:42:46 +0000 (UTC) Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) by mail.kernel.org (Postfix) with ESMTP id 0022D203AA for ; Wed, 4 May 2016 20:42:45 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.24,578,1454976000"; d="scan'208";a="13364122" IronPort-PHdr: =?us-ascii?q?9a23=3AEgpV+RKli/QGz9b/49mcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgUL/TxwZ3uMQTl6Ol3ixeRBMOAu6MC07Cd6v25EUU7or+/81k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZv?= =?us-ascii?q?IaytQ8iJ35Xxj7r5osCKKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu?= =?us-ascii?q?5NznlpL1/A1zz158O34YIxu38I46FpytREGZneU+x4COYATWduD2dg/8DvtB/e?= =?us-ascii?q?XSOT93AcVSMQiRMODA/bvz/gWZKkkCL/u/E18yCAIcDsBeQ2Rj+r9bsxYAP5gy?= =?us-ascii?q?cAcTgi+SfYjdIm3/ETmw6ouxEqm92cW4qSLvcrO/mFcA=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EFBQD7XSpX/wHyM5BeHAGDG4FBD7thJIc2TAEBAQEBAQI?= =?us-ascii?q?CYieCLYIVAgQBAiQTFCAOAwkBARcpCAgDAS0VEQ4LBRgEiAm+G459EQFohQ0Fm?= =?us-ascii?q?BmOGAKJUIVBjzRihAdQhyWBNQEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 May 2016 20:42:43 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u44Kgg8P015836; Wed, 4 May 2016 16:42:43 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u44KdRG9015136 for ; Wed, 4 May 2016 16:39:27 -0400 Received: from moss-lions.infosec.tycho.ncsc.mil (moss-lions [192.168.25.4]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u44KdQa6014889 for ; Wed, 4 May 2016 16:39:27 -0400 From: James Carter To: selinux@tycho.nsa.gov Subject: [PATCH 6/6 v2] libsepol: When generating CIL use HLL line mark for neverallows Date: Wed, 4 May 2016 16:41:06 -0400 Message-Id: <1462394466-25076-7-git-send-email-jwcart2@tycho.nsa.gov> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1462394466-25076-1-git-send-email-jwcart2@tycho.nsa.gov> References: <1462394466-25076-1-git-send-email-jwcart2@tycho.nsa.gov> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When converting pp files to CIL or generating CIL using checkpolicy or checkmodule use CIL's HLL line mark annotations to record the original file and line numbers for neverallow rules so that CIL can produce more informative error messages. (Unfortunately, the original line number information is not saved in pp files, so there is no benefit for policy modules.) This is only done for neverallow rules currently. Signed-off-by: James Carter --- libsepol/src/module_to_cil.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 38f0dc3..b9a4af7 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -1073,6 +1073,10 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a struct type_set *ts; for (avrule = avrule_list; avrule != NULL; avrule = avrule->next) { + if (avrule->specified == AVRULE_NEVERALLOW && avrule->source_filename) { + cil_println(0, ";;* lmx %lu %s\n",avrule->source_line, avrule->source_filename); + } + ts = &avrule->stypes; rc = process_typeset(indent, pdb, ts, attr_list, &snames, &num_snames); if (rc != 0) { @@ -1103,6 +1107,10 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a names_destroy(&snames, &num_snames); names_destroy(&tnames, &num_tnames); + + if (avrule->specified == AVRULE_NEVERALLOW && avrule->source_filename) { + cil_println(0, ";;* lme\n"); + } } return 0;