From f76901b6a225e796f468354845313088df71f2f7 Mon Sep 17 00:00:00 2001 From: Nathan Straz Date: Tue, 27 Aug 2013 16:44:19 -0500 Subject: Catch errors in both make commands Fix more errors as they are found. Takes longer to rebuild the policy, but we can start with no bad interfaces. --- SELinux/rebuild-policy.sh | 80 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 63 insertions(+), 17 deletions(-) (limited to 'SELinux') diff --git a/SELinux/rebuild-policy.sh b/SELinux/rebuild-policy.sh index 64fce3c..f25c0e2 100644 --- a/SELinux/rebuild-policy.sh +++ b/SELinux/rebuild-policy.sh @@ -11,32 +11,78 @@ mark_bad() echo $1 >> qarshd.bad-interfaces } +get_rule() +{ + head -n $1 qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//' +} + lookup_rule() { - lineno=`grep -B1 $1 tmp/qarshd.tmp | head -n 1 | awk '{print $NF}'`; - head -n $lineno qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//' + lineno=`grep -B1 $1 tmp/qarshd.tmp | awk '{print $NF; exit}'`; + get_rule $lineno } cp -a * $tmpdir pushd $tmpdir -make || exit 1 - -until output=$(make load 2>&1); do - badtype=`echo $output | perl -n -e'/libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'` - if [ -z "$badtype" ]; then - echo "Error not found in make.log" +for cmd in "make" "make load"; do + until output=$($cmd 2>&1); do + badlineno=`echo "$output" | perl -n -e'/^qarshd.te":(\d+):ERROR/ && print "$1"'` + if [ -n "$badlineno" ]; then + badint=`get_rule $badlineno` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + fi + fi + badtype=`echo "$output" | perl -n -e'/libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'` + if [ -n "$badtype" ]; then + badint=`lookup_rule $badtype` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + else + echo "Interface not found from bad type $badtype" + exit 1 + fi + fi + conflict=`echo "$output" | awk '/conflicting TE rule for \(qarshd_t/ { print $NF; exit }'` + if [ -n "$conflict" ]; then + badint=`lookup_rule $conflict` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + else + echo "Interface not found from conflict type $conflict" + exit 1 + fi + fi + dupe=`echo "$output" | awk '/duplicate TE rule for qarshd_t/ { print $NF; exit }'` + if [ -n "$dupe" ]; then + badint=`lookup_rule $dupe` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + else + echo "Interface not found from duplicate type $dupe" + exit 1 + fi + fi + echo "Error from $cmd not understood" + echo "------" echo "$output" + echo "------" + echo "$output" > $tmpdir/$cmd.log exit 1 - fi - badint=`lookup_rule $badtype` - if [ -z "$badint" ]; then - echo "Interface not found from bad type $badtype" - exit 1 - fi - mark_bad $badint - echo "$output" > $tmpdir/$badint.log - savetmp="yes" + done done popd -- cgit