commit 79d10a8f9889ce0458ff0592ccaf83b273608eb2
author Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> Tue Sep 29 10:06:26 2009 -0400
committer Joshua Brindle <method@manicmethod.com> Wed Oct 14 15:46:09 2009 -0400
tree d782a5fd27cb40be020ccf4515f7bdd84481af2c
parent 505c75aad7f16e0db9ccfeb04eaa70f242e6b060

checkpolicy: Add support for multiple target OSes

Updated patch of checkpolicy based on input.

On Tue, 2009-09-15 at 12:37 -0400, pjnuzzi wrote:
> Add support for multiple target OSes by adding the -t target option to
> checkpolicy.  Implemented the new Xen ocontext identifiers pirqcon,
> pcidevicecon, iomemcon and ioportcon.
>
> Signed-off-by: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
>
> ---

 checkpolicy/checkpolicy.c   |   20 ++-
 checkpolicy/policy_define.c |  272
++++++++++++++++++++++++++++++++++++++++++++
 checkpolicy/policy_define.h |    4
 checkpolicy/policy_parse.y  |   29 ++++
 checkpolicy/policy_scan.l   |   10 +
 5 files changed, 330 insertions(+), 5 deletions(-)

Signed-off-by: Joshua Brindle <method@manicmethod.com>

checkpolicy/checkpolicy.c

diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index d7772d5..76d8ed3 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -100,7 +100,9 @@
 void usage(char *progname)
 {
 	printf
-	    ("usage:  %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
+	    ("usage:  %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M]"
+	     "[-c policyvers (%d-%d)] [-o output_file] [-t platform]"
+	     "[input_file]\n",
 	     progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
 	exit(1);
 }
@@ -381,7 +383,7 @@
 	unsigned int protocol, port;
 	unsigned int binary = 0, debug = 0;
 	struct val_to_name v;
-	int ret, ch, fd;
+	int ret, ch, fd, target = SEPOL_TARGET_SELINUX;
 	unsigned int nel, uret;
 	struct stat sb;
 	void *map;
@@ -391,11 +393,22 @@
 	int show_version = 0;
 	struct policy_file pf;
 
-	while ((ch = getopt(argc, argv, "o:dbU:MVc:")) != EOF) {
+	while ((ch = getopt(argc, argv, "o:t:dbU:MVc:")) != EOF) {
 		switch (ch) {
 		case 'o':
 			outfile = optarg;
 			break;
+		case 't':
+			if (!strcasecmp(optarg, "Xen"))
+				target = SEPOL_TARGET_XEN;
+			else if (!strcasecmp(optarg, "SELinux"))
+				target = SEPOL_TARGET_SELINUX;
+			else{
+				fprintf(stderr, "%s:  Unknown target platform:"
+					"%s\n", argv[0], optarg);
+				exit(1);
+			}
+			break;
 		case 'b':
 			binary = 1;
 			file = binfile;
@@ -528,6 +541,7 @@
 			exit(1);
 		/* We build this as a base policy first since that is all the parser understands */
 		parse_policy.policy_type = POLICY_BASE;
+		policydb_set_target_platform(&parse_policy, target);
 
 		/* Let sepol know if we are dealing with MLS support */
 		parse_policy.mls = mlspol;