Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2670] branches/stable/1_0
|
From: <ssm...@us...> - 2007-11-05 19:01:34
|
Revision: 2670
http://selinux.svn.sourceforge.net/selinux/?rev=2670&view=rev
Author: ssmalley
Date: 2007-11-05 11:01:32 -0800 (Mon, 05 Nov 2007)
Log Message:
-----------
applied r2666:2667 from trunk
Modified Paths:
--------------
branches/stable/1_0/libsemanage/src/conf-parse.y
branches/stable/1_0/libsemanage/src/conf-scan.l
branches/stable/1_0/libsemanage/src/semanage_conf.h
branches/stable/1_0/libsemanage/src/semanage_store.c
branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h
branches/stable/1_0/libsepol/include/sepol/policydb.h
branches/stable/1_0/libsepol/src/policydb_public.c
Modified: branches/stable/1_0/libsemanage/src/conf-parse.y
===================================================================
--- branches/stable/1_0/libsemanage/src/conf-parse.y 2007-11-05 18:54:58 UTC (rev 2669)
+++ branches/stable/1_0/libsemanage/src/conf-parse.y 2007-11-05 19:01:32 UTC (rev 2670)
@@ -57,7 +57,7 @@
}
%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
-%token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START
+%token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START HANDLE_UNKNOWN
%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
%token PROG_PATH PROG_ARGS
%token <s> ARG
@@ -80,6 +80,7 @@
| file_mode
| save_previous
| save_linked
+ | handle_unknown
;
module_store: MODULE_STORE '=' ARG {
@@ -137,6 +138,18 @@
}
;
+handle_unknown: HANDLE_UNKNOWN '=' ARG {
+ if (strcasecmp($3, "deny") == 0) {
+ current_conf->handle_unknown = SEPOL_DENY_UNKNOWN;
+ } else if (strcasecmp($3, "reject") == 0) {
+ current_conf->handle_unknown = SEPOL_REJECT_UNKNOWN;
+ } else if (strcasecmp($3, "allow") == 0) {
+ current_conf->handle_unknown = SEPOL_ALLOW_UNKNOWN;
+ } else {
+ yyerror("handle-unknown can only be 'deny', 'reject' or 'allow'");
+ }
+ free($3);
+ }
command_block:
command_start external_opts BLOCK_END {
@@ -211,6 +224,7 @@
conf->store_path = strdup(basename(selinux_policy_root()));
conf->policyvers = sepol_policy_kern_vers_max();
conf->expand_check = 1;
+ conf->handle_unknown = -1;
conf->file_mode = 0644;
conf->save_previous = 0;
Modified: branches/stable/1_0/libsemanage/src/conf-scan.l
===================================================================
--- branches/stable/1_0/libsemanage/src/conf-scan.l 2007-11-05 18:54:58 UTC (rev 2669)
+++ branches/stable/1_0/libsemanage/src/conf-scan.l 2007-11-05 19:01:32 UTC (rev 2670)
@@ -44,6 +44,7 @@
file-mode return FILE_MODE;
save-previous return SAVE_PREVIOUS;
save-linked return SAVE_LINKED;
+handle-unknown return HANDLE_UNKNOWN;
"[load_policy]" return LOAD_POLICY_START;
"[setfiles]" return SETFILES_START;
"[genhomedircon]" return GENHOMEDIRCON_START;
Modified: branches/stable/1_0/libsemanage/src/semanage_conf.h
===================================================================
--- branches/stable/1_0/libsemanage/src/semanage_conf.h 2007-11-05 18:54:58 UTC (rev 2669)
+++ branches/stable/1_0/libsemanage/src/semanage_conf.h 2007-11-05 19:01:32 UTC (rev 2670)
@@ -37,6 +37,7 @@
int expand_check;
int save_previous;
int save_linked;
+ int handle_unknown;
mode_t file_mode;
struct external_prog *load_policy;
struct external_prog *setfiles;
Modified: branches/stable/1_0/libsemanage/src/semanage_store.c
===================================================================
--- branches/stable/1_0/libsemanage/src/semanage_store.c 2007-11-05 18:54:58 UTC (rev 2669)
+++ branches/stable/1_0/libsemanage/src/semanage_store.c 2007-11-05 19:01:32 UTC (rev 2670)
@@ -1628,6 +1628,8 @@
ERR(sh, "Unknown/Invalid policy version %d.", policyvers);
goto err;
}
+ if (sh->conf->handle_unknown >= 0)
+ sepol_policydb_set_handle_unknown(out, sh->conf->handle_unknown);
*policydb = out;
return STATUS_SUCCESS;
Modified: branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h 2007-11-05 18:54:58 UTC (rev 2669)
+++ branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h 2007-11-05 19:01:32 UTC (rev 2670)
@@ -602,9 +602,9 @@
#define POLICYDB_CONFIG_MLS 1
/* the config flags related to unknown classes/perms are bits 2 and 3 */
-#define DENY_UNKNOWN 0x00000000
-#define REJECT_UNKNOWN 0x00000002
-#define ALLOW_UNKNOWN 0x00000004
+#define DENY_UNKNOWN SEPOL_DENY_UNKNOWN
+#define REJECT_UNKNOWN SEPOL_REJECT_UNKNOWN
+#define ALLOW_UNKNOWN SEPOL_ALLOW_UNKNOWN
#define POLICYDB_CONFIG_UNKNOWN_MASK (DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)
Modified: branches/stable/1_0/libsepol/include/sepol/policydb.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb.h 2007-11-05 18:54:58 UTC (rev 2669)
+++ branches/stable/1_0/libsepol/include/sepol/policydb.h 2007-11-05 19:01:32 UTC (rev 2670)
@@ -83,6 +83,13 @@
*/
extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
+/* Set how to handle unknown class/perms. */
+#define SEPOL_DENY_UNKNOWN 0
+#define SEPOL_REJECT_UNKNOWN 2
+#define SEPOL_ALLOW_UNKNOWN 4
+extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
+ unsigned int handle_unknown);
+
/*
* Read a policydb from a policy file.
* This automatically sets the type and version based on the
Modified: branches/stable/1_0/libsepol/src/policydb_public.c
===================================================================
--- branches/stable/1_0/libsepol/src/policydb_public.c 2007-11-05 18:54:58 UTC (rev 2669)
+++ branches/stable/1_0/libsepol/src/policydb_public.c 2007-11-05 19:01:32 UTC (rev 2670)
@@ -134,6 +134,24 @@
return 0;
}
+int sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,
+ unsigned int handle_unknown)
+{
+ struct policydb *p = &sp->p;
+
+ switch (handle_unknown) {
+ case SEPOL_DENY_UNKNOWN:
+ case SEPOL_REJECT_UNKNOWN:
+ case SEPOL_ALLOW_UNKNOWN:
+ break;
+ default:
+ return -1;
+ }
+
+ p->handle_unknown = handle_unknown;
+ return 0;
+}
+
int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf)
{
return policydb_read(&p->p, &pf->pf, 0);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
