[Selinux-commits] SF.net SVN: selinux: [2566] trunk/libsepol

[<ssm...@us...>]

Revision: 2566
          http://selinux.svn.sourceforge.net/selinux/?rev=2566&view=rev
Author:   ssmalley
Date:     2007-09-18 12:43:38 -0700 (Tue, 18 Sep 2007)

Log Message:
-----------
Author: Eric Paris
Email: ep...@re...
Subject: libsepol: support the handle_unknown config flag
Date: Wed, 01 Aug 2007 11:52:28 -0400

Update the policydb definition to contain a handle_unknown flag.  Change
libsepol to copy the handle_unknown config flag from the base policy to
the final binary policy.  Also makes libsepol properly read and write
the flag which dealing with policy modules.

Signed-off-by: Eric Paris <ep...@re...>

Modified Paths:
--------------
    trunk/libsepol/include/sepol/policydb/policydb.h
    trunk/libsepol/src/expand.c
    trunk/libsepol/src/policydb.c
    trunk/libsepol/src/write.c

Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h	2007-09-18 19:41:20 UTC (rev 2565)
+++ trunk/libsepol/include/sepol/policydb/policydb.h	2007-09-18 19:43:38 UTC (rev 2566)
@@ -469,6 +469,8 @@
 	ebitmap_t *attr_type_map;	/* not saved in the binary policy */
 
 	unsigned policyvers;
+
+	unsigned handle_unknown;
 } policydb_t;
 
 struct sepol_policydb {
@@ -599,6 +601,13 @@
 
 #define POLICYDB_CONFIG_MLS    1
 
+/* the config flags related to unknown classes/perms are bits 2 and 3 */
+#define DENY_UNKNOWN	0x00000000
+#define REJECT_UNKNOWN	0x00000002
+#define ALLOW_UNKNOWN 	0x00000004
+
+#define POLICYDB_CONFIG_UNKNOWN_MASK	(DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)
+
 #define OBJECT_R "object_r"
 #define OBJECT_R_VAL 1
 

Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c	2007-09-18 19:41:20 UTC (rev 2565)
+++ trunk/libsepol/src/expand.c	2007-09-18 19:43:38 UTC (rev 2566)
@@ -2250,6 +2250,7 @@
 
 	/* Copy mls state from base to out */
 	out->mls = base->mls;
+	out->handle_unknown = base->handle_unknown;
 
 	if ((state.typemap =
 	     (uint32_t *) calloc(state.base->p_types.nprim,

Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c	2007-09-18 19:41:20 UTC (rev 2565)
+++ trunk/libsepol/src/policydb.c	2007-09-18 19:43:38 UTC (rev 2566)
@@ -3077,6 +3077,8 @@
 		p->mls = 0;
 	}
 
+	p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
+
 	bufindex++;
 
 	info = policydb_lookup_compat(r_policyvers, policy_type);

Modified: trunk/libsepol/src/write.c
===================================================================
--- trunk/libsepol/src/write.c	2007-09-18 19:41:20 UTC (rev 2565)
+++ trunk/libsepol/src/write.c	2007-09-18 19:43:38 UTC (rev 2566)
@@ -1534,6 +1534,8 @@
 	if (p->mls)
 		config |= POLICYDB_CONFIG_MLS;
 
+	config |= (POLICYDB_CONFIG_UNKNOWN_MASK & p->handle_unknown);
+
 	/* Write the magic number and string identifiers. */
 	items = 0;
 	if (p->policy_type == POLICY_KERN) {


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.