Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [1995] trunk/libselinux
|
From: <ssm...@us...> - 2006-08-24 16:10:49
|
Revision: 1995 Author: ssmalley Date: 2006-08-24 09:10:35 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1995&view=rev Log Message: ----------- Author: Stephen Smalley Email: sd...@ty... Subject: libselinux: do not set compat_net upon policy load Date: Wed, 23 Aug 2006 15:13:09 -0400 Revert the change to automatically set /selinux/compat_net at policy load time based on the policy, as this prevents compat_net from being effectively used with refpolicy-based policies that include the packet class definition. Signed-off-by: Stephen Smalley <sd...@ty...> Acked-by: Joshua Brindle <jbr...@tr...> Acked-by: Karl MacMillan <kma...@me...> Acked-by: Darrel Goeddel <dgo...@tr...> Modified Paths: -------------- trunk/libselinux/ChangeLog trunk/libselinux/src/load_policy.c Modified: trunk/libselinux/ChangeLog =================================================================== --- trunk/libselinux/ChangeLog 2006-08-24 16:08:39 UTC (rev 1994) +++ trunk/libselinux/ChangeLog 2006-08-24 16:10:35 UTC (rev 1995) @@ -1,4 +1,5 @@ * Merged patch to not log avc stats upon a reset from Steve Grubb. + * Applied patch to revert compat_net setting upon policy load. 1.30.26 2006-08-11 * Merged file context homedir and local path functions from Modified: trunk/libselinux/src/load_policy.c =================================================================== --- trunk/libselinux/src/load_policy.c 2006-08-24 16:08:39 UTC (rev 1994) +++ trunk/libselinux/src/load_policy.c 2006-08-24 16:10:35 UTC (rev 1995) @@ -49,7 +49,7 @@ struct stat sb; size_t size; void *map, *data; - int fd, rc = -1, *values, len, i, prot, compat_net; + int fd, rc = -1, *values, len, i, prot; sepol_policydb_t *policydb; sepol_policy_file_t *pf; @@ -79,23 +79,20 @@ if (map == MAP_FAILED) goto close; - if (sepol_policy_file_create(&pf)) - goto unmap; - if (sepol_policydb_create(&policydb)) { - sepol_policy_file_free(pf); - goto unmap; - } - sepol_policy_file_set_mem(pf, data, size); - if (sepol_policydb_read(policydb, pf)) { - sepol_policy_file_free(pf); - sepol_policydb_free(policydb); - goto unmap; - } - - compat_net = sepol_policydb_compat_net(policydb); - if (vers > kernvers) { /* Need to downgrade to kernel-supported version. */ + if (sepol_policy_file_create(&pf)) + goto unmap; + if (sepol_policydb_create(&policydb)) { + sepol_policy_file_free(pf); + goto unmap; + } + sepol_policy_file_set_mem(pf, data, size); + if (sepol_policydb_read(policydb, pf)) { + sepol_policy_file_free(pf); + sepol_policydb_free(policydb); + goto unmap; + } if (sepol_policydb_set_vers(policydb, kernvers) || sepol_policydb_to_image(NULL, policydb, &data, &size)) { /* Downgrade failed, keep searching. */ @@ -106,11 +103,10 @@ vers--; goto search; } + sepol_policy_file_free(pf); + sepol_policydb_free(policydb); } - sepol_policy_file_free(pf); - sepol_policydb_free(policydb); - if (load_setlocaldefs) { void *olddata = data; size_t oldsize = size; @@ -150,18 +146,6 @@ rc = security_load_policy(data, size); - if (!rc && selinux_mnt) { - int fd2; - char buf[2]; - snprintf(path, sizeof path, "%s/compat_net", selinux_mnt); - fd2 = open(path, O_RDWR); - if (fd2 < 0) - goto unmap; - buf[0] = compat_net ? '1' : '0'; - buf[1] = '\0'; - (void)write(fd2, buf, 2); - close(fd2); - } unmap: if (data != map) free(data); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
