Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2351] trunk/libsepol
|
From: <ssm...@us...> - 2007-04-13 14:06:59
|
Revision: 2351
http://svn.sourceforge.net/selinux/?rev=2351&view=rev
Author: ssmalley
Date: 2007-04-13 07:06:57 -0700 (Fri, 13 Apr 2007)
Log Message:
-----------
Author: "Christopher J. PeBenito"
Email: cpe...@tr...
Subject: add boolmap argument to expand_module_avrules()
Date: Thu, 12 Apr 2007 19:03:17 +0000
A recent change to libsepol's expander introduced the boolmap structure
so that boolean values may be remapped properly. In the special
function expand_module_avrules(), which at the moment only SETools uses,
this boolmap structure is never initialized. As a result, the expander
will segfault when remapping conditional expressions. The following
patch adds a paramater to expand_module_avrules() that allows users to
specify that boolmap. This function is never exported out of the
library, so doesn't result in an ABI change to the library.
Modified Paths:
--------------
trunk/libsepol/include/sepol/policydb/expand.h
trunk/libsepol/src/expand.c
Modified: trunk/libsepol/include/sepol/policydb/expand.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/expand.h 2007-04-12 19:03:11 UTC (rev 2350)
+++ trunk/libsepol/include/sepol/policydb/expand.h 2007-04-13 14:06:57 UTC (rev 2351)
@@ -30,17 +30,19 @@
#include <sepol/policydb/conditional.h>
/*
- * Expand only the avrules for a module. It is valid for this function to
- * expand base into itself (i.e. base == out); the typemap for this special
- * case should map type[i] to i+1. This function optionally expands neverallow
- * rules. If neverallow rules are expanded, there is no need to copy them and
- * doing so could cause duplicate entries when base == out. If the neverallow
- * rules are not expanded, they are just copied to the destination policy so
- * that assertion checking can be performed after expand. No assertion or
- * hierarchy checking is performed by this function.
+ * Expand only the avrules for a module. It is valid for this function
+ * to expand base into itself (i.e. base == out); the typemap for
+ * this special case should map type[i] to i+1. Likewise the boolmap
+ * should map bool[i] to i + 1. This function optionally expands
+ * neverallow rules. If neverallow rules are expanded, there is no
+ * need to copy them and doing so could cause duplicate entries when
+ * base == out. If the neverallow rules are not expanded, they are
+ * just copied to the destination policy so that assertion checking
+ * can be performed after expand. No assertion or hierarchy checking
+ * is performed by this function.
*/
extern int expand_module_avrules(sepol_handle_t * handle, policydb_t * base,
- policydb_t * out, uint32_t * typemap,
+ policydb_t * out, uint32_t * typemap, uint32_t * boolmap,
int verbose, int expand_neverallow);
/*
* Expand all parts of a module. Neverallow rules are not expanded (only
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2007-04-12 19:03:11 UTC (rev 2350)
+++ trunk/libsepol/src/expand.c 2007-04-13 14:06:57 UTC (rev 2351)
@@ -2198,7 +2198,8 @@
* or expand into the same policy for analysis purposes.
*/
int expand_module_avrules(sepol_handle_t * handle, policydb_t * base,
- policydb_t * out, uint32_t * typemap, int verbose,
+ policydb_t * out, uint32_t * typemap,
+ uint32_t * boolmap, int verbose,
int expand_neverallow)
{
expand_state_t state;
@@ -2208,6 +2209,7 @@
state.base = base;
state.out = out;
state.typemap = typemap;
+ state.boolmap = boolmap;
state.handle = handle;
state.verbose = verbose;
state.expand_neverallow = expand_neverallow;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
