1 /*
2 * Copyright (C) 2014 Tresys Technology, LLC
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 */
19
20 #include <errno.h>
21 #include <getopt.h>
22 #include <libgen.h>
23 #include <signal.h>
24 #include <stdarg.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <unistd.h>
28
29 #include <sepol/module.h>
30 #include <sepol/module_to_cil.h>
31
32 char *progname;
33
34 __attribute__ ((format(printf, 1, 2)))
log_err(const char * fmt,...)35 static void log_err(const char *fmt, ...)
36 {
37 va_list argptr;
38 va_start(argptr, fmt);
39 if (vfprintf(stderr, fmt, argptr) < 0) {
40 _exit(EXIT_FAILURE);
41 }
42 va_end(argptr);
43 if (fprintf(stderr, "\n") < 0) {
44 _exit(EXIT_FAILURE);
45 }
46 }
47
usage(int err)48 static void usage(int err)
49 {
50 fprintf(stderr, "Usage: %s [OPTIONS] [IN_FILE [OUT_FILE]]\n", progname);
51 fprintf(stderr, "\n");
52 fprintf(stderr, "Read an SELinux policy package (.pp) and output the equivilent CIL.\n");
53 fprintf(stderr, "If IN_FILE is not provided or is -, read SELinux policy package from\n");
54 fprintf(stderr, "standard input. If OUT_FILE is not provided or is -, output CIL to\n");
55 fprintf(stderr, "standard output.\n");
56 fprintf(stderr, "\n");
57 fprintf(stderr, "Options:\n");
58 fprintf(stderr, " -h, --help print this message and exit\n");
59 exit(err);
60 }
61
main(int argc,char ** argv)62 int main(int argc, char **argv)
63 {
64 int rc = -1;
65 int opt;
66 static struct option long_opts[] = {
67 { "help", 0, NULL, 'h' },
68 { NULL, 0, NULL, 0 }
69 };
70 struct sepol_module_package *mod_pkg = NULL;
71 FILE *in = NULL;
72 FILE *out = NULL;
73 int outfd = -1;
74
75 // ignore sigpipe so we can check the return code of write, and potentially
76 // return a more helpful error message
77 signal(SIGPIPE, SIG_IGN);
78
79 progname = basename(argv[0]);
80
81 while ((opt = getopt_long(argc, argv, "h", long_opts, NULL)) != -1) {
82 switch (opt) {
83 case 'h':
84 usage(0);
85 case '?':
86 default:
87 usage(1);
88 }
89 }
90
91 if (argc >= optind + 1 && strcmp(argv[1], "-") != 0) {
92 in = fopen(argv[1], "rb");
93 if (in == NULL) {
94 log_err("Failed to open %s: %s", argv[1], strerror(errno));
95 rc = -1;
96 goto exit;
97 }
98 } else {
99 in = stdin;
100 }
101
102 if (argc >= optind + 2 && strcmp(argv[2], "-") != 0) {
103 out = fopen(argv[2], "w");
104 if (out == NULL) {
105 log_err("Failed to open %s: %s", argv[2], strerror(errno));
106 rc = -1;
107 goto exit;
108 }
109 } else {
110 out = stdout;
111 }
112
113 if (argc >= optind + 3) {
114 log_err("Too many arguments");
115 usage(1);
116 }
117
118 rc = sepol_ppfile_to_module_package(in, &mod_pkg);
119 if (rc != 0) {
120 goto exit;
121 }
122 fclose(in);
123 in = NULL;
124
125 rc = sepol_module_package_to_cil(out, mod_pkg);
126 if (rc != 0) {
127 goto exit;
128 }
129
130 exit:
131 if (in != NULL) {
132 fclose(in);
133 }
134 if (out != NULL) {
135 fclose(out);
136 }
137 if (outfd != -1) {
138 close(outfd);
139 if (rc != 0) {
140 unlink(argv[2]);
141 }
142 }
143 sepol_module_package_free(mod_pkg);
144
145 return rc;
146 }
147