[Selinux-commits] SF.net SVN: selinux: [2519] trunk/sepolgen

[<mad...@us...>]

Revision: 2519
          http://selinux.svn.sourceforge.net/selinux/?rev=2519&view=rev
Author:   madmethod
Date:     2007-08-16 12:23:53 -0700 (Thu, 16 Aug 2007)

Log Message:
-----------
Author: Karl MacMillan
Email: kma...@me...
Subject: Suppress rule generation for dontaudit rules
Date: Wed, 15 Aug 2007 10:15:01 -0400

The current policy generation code incorrectly generates allow rules for dontaudit messages. This patch fixes that.

Signed-off-by: User "Karl MacMillan <kma...@me...>"

Acked-by: Stephen Smalley <sd...@ty...>

Modified Paths:
--------------
    trunk/sepolgen/ChangeLog
    trunk/sepolgen/VERSION
    trunk/sepolgen/src/sepolgen/policygen.py

Modified: trunk/sepolgen/ChangeLog
===================================================================
--- trunk/sepolgen/ChangeLog	2007-08-16 19:19:24 UTC (rev 2518)
+++ trunk/sepolgen/ChangeLog	2007-08-16 19:23:53 UTC (rev 2519)
@@ -1,3 +1,6 @@
+1.0.9 2007-08-16
+	* Supress generation of rules for non-denials from Karl MacMillan.
+
 1.0.8 2007-04-10
 	* Merged updates to sepolgen parser and tools from Karl MacMillan.
 	  This includes improved debugging support, handling of interface 

Modified: trunk/sepolgen/VERSION
===================================================================
--- trunk/sepolgen/VERSION	2007-08-16 19:19:24 UTC (rev 2518)
+++ trunk/sepolgen/VERSION	2007-08-16 19:23:53 UTC (rev 2519)
@@ -1 +1 @@
-1.0.8
+1.0.9

Modified: trunk/sepolgen/src/sepolgen/policygen.py
===================================================================
--- trunk/sepolgen/src/sepolgen/policygen.py	2007-08-16 19:19:24 UTC (rev 2518)
+++ trunk/sepolgen/src/sepolgen/policygen.py	2007-08-16 19:23:53 UTC (rev 2519)
@@ -139,6 +139,8 @@
 
     def __add_allow_rules(self, avs):
         for av in avs:
+            if not av.denial:
+                continue
             rule = refpolicy.AVRule(av)
             if self.explain:
                 rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.