Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2309] branches/stable/1_0/libsepol
|
From: <mad...@us...> - 2007-03-30 15:31:42
|
Revision: 2309
http://svn.sourceforge.net/selinux/?rev=2309&view=rev
Author: madmethod
Date: 2007-03-30 08:31:40 -0700 (Fri, 30 Mar 2007)
Log Message:
-----------
merged r2308 from trunk
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h
branches/stable/1_0/libsepol/src/conditional.c
branches/stable/1_0/libsepol/src/expand.c
branches/stable/1_0/libsepol/src/private.h
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-03-30 15:31:40 UTC (rev 2309)
@@ -1,3 +1,7 @@
+1.16.2 2007-03-30
+ * Merged fix from Karl to remap booleans at expand time to
+ avoid holes in the symbol table.
+
1.16.1 2007-02-06
* Merged libsepol segfault fix from Stephen Smalley for when
sensitivities are required but not present in the base.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/VERSION 2007-03-30 15:31:40 UTC (rev 2309)
@@ -1 +1 @@
-1.16.1
+1.16.2
Modified: branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h 2007-03-30 15:31:40 UTC (rev 2309)
@@ -100,6 +100,8 @@
cond_node_t * needle, cond_node_t * haystack,
int *was_created);
+extern cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node);
+
extern cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list,
cond_node_t * cn);
Modified: branches/stable/1_0/libsepol/src/conditional.c
===================================================================
--- branches/stable/1_0/libsepol/src/conditional.c 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/src/conditional.c 2007-03-30 15:31:40 UTC (rev 2309)
@@ -26,9 +26,6 @@
#include "private.h"
-#undef min
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-
/* move all type rules to top of t/f lists to help kernel on evaluation */
static void cond_optimize(cond_av_list_t ** l)
{
@@ -136,6 +133,38 @@
return 1;
}
+/* Create a new conditional node, optionally copying
+ * the conditional expression from an existing node.
+ * If node is NULL then a new node will be created
+ * with no conditional expression.
+ */
+cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node)
+{
+ cond_node_t *new_node;
+ unsigned int i;
+
+ new_node = (cond_node_t *)malloc(sizeof(cond_node_t));
+ if (!new_node) {
+ return NULL;
+ }
+ memset(new_node, 0, sizeof(cond_node_t));
+
+ if (node) {
+ new_node->expr = cond_copy_expr(node->expr);
+ if (!new_node->expr) {
+ free(new_node);
+ return NULL;
+ }
+ new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
+ new_node->nbools = node->nbools;
+ for (i = 0; i < min(node->nbools, COND_MAX_BOOLS); i++)
+ new_node->bool_ids[i] = node->bool_ids[i];
+ new_node->expr_pre_comp = node->expr_pre_comp;
+ }
+
+ return new_node;
+}
+
/* Find a conditional (the needle) within a list of existing ones (the
* haystack) that has a matching expression. If found, return a
* pointer to the existing node, setting 'was_created' to 0.
@@ -145,9 +174,6 @@
cond_node_t * needle, cond_node_t * haystack,
int *was_created)
{
- cond_node_t *new_node;
- unsigned int i;
-
while (haystack) {
if (cond_expr_equal(needle, haystack)) {
*was_created = 0;
@@ -156,26 +182,8 @@
haystack = haystack->next;
}
*was_created = 1;
- new_node = (cond_node_t *) malloc(sizeof(cond_node_t));
- if (!new_node) {
- return NULL;
- }
- memset(new_node, 0, sizeof(cond_node_t));
- new_node->expr = cond_copy_expr(needle->expr);
- if (!new_node->expr) {
- free(new_node);
- return NULL;
- }
- new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
- new_node->nbools = needle->nbools;
- for (i = 0; i < min(needle->nbools, COND_MAX_BOOLS); i++)
- new_node->bool_ids[i] = needle->bool_ids[i];
- new_node->expr_pre_comp = needle->expr_pre_comp;
- new_node->true_list = NULL;
- new_node->false_list = NULL;
- new_node->avtrue_list = NULL;
- new_node->avfalse_list = NULL;
- return new_node;
+
+ return cond_node_create(p, needle);
}
/* return either a pre-existing matching node or create a new node */
Modified: branches/stable/1_0/libsepol/src/expand.c
===================================================================
--- branches/stable/1_0/libsepol/src/expand.c 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/src/expand.c 2007-03-30 15:31:40 UTC (rev 2309)
@@ -34,10 +34,12 @@
#include <assert.h>
#include "debug.h"
+#include "private.h"
typedef struct expand_state {
int verbose;
uint32_t *typemap;
+ uint32_t *boolmap;
policydb_t *base;
policydb_t *out;
sepol_handle_t *handle;
@@ -790,8 +792,8 @@
return -1;
}
- new_bool->s.value = bool->s.value;
state->out->p_bools.nprim++;
+ new_bool->s.value = state->out->p_bools.nprim;
ret = hashtab_insert(state->out->p_bools.table,
(hashtab_key_t) new_id,
@@ -803,6 +805,8 @@
return -1;
}
+ state->boolmap[bool->s.value - 1] = new_bool->s.value;
+
new_bool->state = bool->state;
return 0;
@@ -1554,12 +1558,35 @@
return 0;
}
+static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
+{
+ cond_expr_t *cur;
+ unsigned int i;
+
+ cur = cn->expr;
+ while (cur) {
+ if (cur->bool)
+ cur->bool = state->boolmap[cur->bool - 1];
+ cur = cur->next;
+ }
+
+ for (i = 0; i < min(cn->nbools, COND_MAX_BOOLS); i++)
+ cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
+
+ if (cond_normalize_expr(state->out, cn)) {
+ ERR(state->handle, "Error while normalizing conditional");
+ return -1;
+ }
+
+ return 0;
+}
+
/* copy the nodes in *reverse* order -- the result is that the last
* given conditional appears first in the policy, so as to match the
* behavior of the upstream compiler */
static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
{
- cond_node_t *new_cond;
+ cond_node_t *new_cond, *tmp;
if (cn == NULL) {
return 0;
@@ -1572,11 +1599,28 @@
return -1;
}
- new_cond = cond_node_search(state->out, state->out->cond_list, cn);
+ /* create a new temporary conditional node with the booleans
+ * mapped */
+ tmp = cond_node_create(state->base, cn);
+ if (!tmp) {
+ ERR(state->handle, "Out of memory");
+ return -1;
+ }
+
+ if (cond_node_map_bools(state, tmp)) {
+ ERR(state->handle, "Error mapping booleans");
+ return -1;
+ }
+
+ new_cond = cond_node_search(state->out, state->out->cond_list, tmp);
if (!new_cond) {
+ cond_node_destroy(tmp);
+ free(tmp);
ERR(state->handle, "Out of memory!");
return -1;
}
+ cond_node_destroy(tmp);
+ free(tmp);
if (cond_avrule_list_copy
(state->out, cn->avtrue_list, &state->out->te_cond_avtab,
@@ -2209,6 +2253,12 @@
goto cleanup;
}
+ state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
+ if (!state.boolmap) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+
/* order is important - types must be first */
/* copy types */
@@ -2363,6 +2413,7 @@
cleanup:
free(state.typemap);
+ free(state.boolmap);
return retval;
}
Modified: branches/stable/1_0/libsepol/src/private.h
===================================================================
--- branches/stable/1_0/libsepol/src/private.h 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/src/private.h 2007-03-30 15:31:40 UTC (rev 2309)
@@ -22,6 +22,9 @@
#define le64_to_cpu(x) bswap_64(x)
#endif
+#undef min
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
/* Policy compatibility information. */
struct policydb_compat_info {
unsigned int type;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
