Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2691] trunk/libsepol
|
From: <mad...@us...> - 2007-11-29 15:46:59
|
Revision: 2691
http://selinux.svn.sourceforge.net/selinux/?rev=2691&view=rev
Author: madmethod
Date: 2007-11-29 07:46:57 -0800 (Thu, 29 Nov 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsepol: clarify and reduce neverallow error reporting
Date: Thu, 29 Nov 2007 09:52:17 -0500
Alter the error reporting for neverallow failures to be clearer, i.e.
use the word neverallow instead of assertion and don't report a line number
if we don't have that information, and bail on the first such error rather
than flooding the user with multiple ones, since any such error is fatal.
Signed-off-by: Stephen Smalley <sd...@ty...>
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
trunk/libsepol/src/assertion.c
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2007-11-20 18:47:19 UTC (rev 2690)
+++ trunk/libsepol/ChangeLog 2007-11-29 15:46:57 UTC (rev 2691)
@@ -1,3 +1,6 @@
+2.0.15 2007-11-29
+ * clarify and reduce neverallow error reporting from Stephen Smalley.
+
2.0.14 2007-11-05
* Reject self aliasing at link time from Stephen Smalley.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2007-11-20 18:47:19 UTC (rev 2690)
+++ trunk/libsepol/VERSION 2007-11-29 15:46:57 UTC (rev 2691)
@@ -1 +1 @@
-2.0.14
+2.0.15
Modified: trunk/libsepol/src/assertion.c
===================================================================
--- trunk/libsepol/src/assertion.c 2007-11-20 18:47:19 UTC (rev 2690)
+++ trunk/libsepol/src/assertion.c 2007-11-29 15:46:57 UTC (rev 2691)
@@ -59,11 +59,21 @@
return 0;
err:
- ERR(handle, "assertion on line %lu violated by allow %s %s:%s {%s };",
- line, p->p_type_val_to_name[stype], p->p_type_val_to_name[ttype],
- p->p_class_val_to_name[curperm->class - 1],
- sepol_av_to_string(p, curperm->class,
- node->datum.data & curperm->data));
+ if (line) {
+ ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };",
+ line, p->p_type_val_to_name[stype],
+ p->p_type_val_to_name[ttype],
+ p->p_class_val_to_name[curperm->class - 1],
+ sepol_av_to_string(p, curperm->class,
+ node->datum.data & curperm->data));
+ } else {
+ ERR(handle, "neverallow violated by allow %s %s:%s {%s };",
+ p->p_type_val_to_name[stype],
+ p->p_type_val_to_name[ttype],
+ p->p_class_val_to_name[curperm->class - 1],
+ sepol_av_to_string(p, curperm->class,
+ node->datum.data & curperm->data));
+ }
return -1;
}
@@ -74,7 +84,7 @@
avtab_t te_avtab, te_cond_avtab;
ebitmap_node_t *snode, *tnode;
unsigned int i, j;
- int errors = 0;
+ int rc;
if (!avrules) {
/* Since assertions are stored in avrules, if it is NULL
@@ -111,32 +121,31 @@
if (a->flags & RULE_SELF) {
if (check_assertion_helper
(handle, p, &te_avtab, &te_cond_avtab, i, i,
- a->perms, a->line))
- errors++;
+ a->perms, a->line)) {
+ rc = -1;
+ goto out;
+ }
}
ebitmap_for_each_bit(ttypes, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
if (check_assertion_helper
(handle, p, &te_avtab, &te_cond_avtab, i, j,
- a->perms, a->line))
- errors++;
+ a->perms, a->line)) {
+ rc = -1;
+ goto out;
+ }
}
}
}
- if (errors) {
- ERR(handle, "%d assertion violations occured", errors);
- avtab_destroy(&te_avtab);
- avtab_destroy(&te_cond_avtab);
- return -1;
- }
-
+ rc = 0;
+out:
avtab_destroy(&te_avtab);
avtab_destroy(&te_cond_avtab);
- return 0;
+ return rc;
oom:
- ERR(handle, "Out of memory - unable to check assertions");
+ ERR(handle, "Out of memory - unable to check neverallows");
return -1;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
