secilc/secil2tree: Add option to write CIL AST after post processing

This will show the resulting CIL AST after deny rules have been processed. Signed-off-by: James Carter <[email protected]> Reviewed-by: Daniel Burgener <[email protected]> Acked-by: Petr Lautrbach <[email protected]>
SELinuxProject · Aug 16, 2023 · 409b4d3 · 409b4d3
1 parent 5d5a871
commit 409b4d3
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/secilc/secil2tree.c b/secilc/secil2tree.c
@@ -45,6 +45,7 @@ enum write_ast_phase {
  WRITE_AST_PHASE_PARSE = 0,
  WRITE_AST_PHASE_BUILD,
  WRITE_AST_PHASE_RESOLVE,
+ WRITE_AST_PHASE_POST,
 };
 
 static __attribute__((__noreturn__)) void usage(const char *prog)
@@ -58,7 +59,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog)
  printf(" Blocks, blockinherits, blockabstracts, and\n");
  printf(" in-statements will not be allowed.\n");
  printf(" -A, --ast-phase=<phase> write AST of phase <phase>. Phase must be parse, \n");
- printf(" build, or resolve. (default: resolve)\n");
+ printf(" build, resolve, or post. (default: resolve)\n");
  printf(" -v, --verbose increment verbosity level\n");
  printf(" -h, --help display usage information\n");
  exit(1);
@@ -115,6 +116,8 @@ int main(int argc, char *argv[])
  write_ast = WRITE_AST_PHASE_BUILD;
  } else if (!strcasecmp(optarg, "resolve")) {
  write_ast = WRITE_AST_PHASE_RESOLVE;
+ } else if (!strcasecmp(optarg, "post")) {
+ write_ast = WRITE_AST_PHASE_POST;
  } else {
  fprintf(stderr, "Invalid AST phase: %s\n", optarg);
  usage(argv[0]);
@@ -203,6 +206,9 @@ int main(int argc, char *argv[])
  case WRITE_AST_PHASE_RESOLVE:
  rc = cil_write_resolve_ast(file, db);
  break;
+ case WRITE_AST_PHASE_POST:
+ rc = cil_write_post_ast(file, db);
+ break;
  }
 
  if (rc != SEPOL_OK) {