Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ssm...@us...> - 2006-08-30 13:21:02
|
Revision: 2001 Author: ssmalley Date: 2006-08-30 06:20:52 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2001&view=rev Log Message: ----------- Move tag to temporary location so that we can restructure it. Direct move to subdirectory not allowed. Added Paths: ----------- tags/libsepol_1_12_25_tmp/ Removed Paths: ------------- tags/libsepol_1_12_25/ Copied: tags/libsepol_1_12_25_tmp (from rev 2000, tags/libsepol_1_12_25) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:18:46
|
Revision: 2000 Author: ssmalley Date: 2006-08-24 09:18:37 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2000&view=rev Log Message: ----------- Tag for policycoreutils 1.30.27 Added Paths: ----------- tags/policycoreutils_1_30_27/ Copied: tags/policycoreutils_1_30_27 (from rev 1999, trunk/policycoreutils) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:16:52
|
Revision: 1999 Author: ssmalley Date: 2006-08-24 09:16:46 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1999&view=rev Log Message: ----------- policycoreutils 1.30.27 Modified Paths: -------------- trunk/policycoreutils/ChangeLog trunk/policycoreutils/VERSION Modified: trunk/policycoreutils/ChangeLog =================================================================== --- trunk/policycoreutils/ChangeLog 2006-08-24 16:14:17 UTC (rev 1998) +++ trunk/policycoreutils/ChangeLog 2006-08-24 16:16:46 UTC (rev 1999) @@ -1,3 +1,6 @@ +1.30.27 2006-08-24 + * Merged fix for restorecon symlink handling from Erich Schubert. + 1.30.26 2006-08-11 * Merged semanage local file contexts patch from Chris PeBenito. Modified: trunk/policycoreutils/VERSION =================================================================== --- trunk/policycoreutils/VERSION 2006-08-24 16:14:17 UTC (rev 1998) +++ trunk/policycoreutils/VERSION 2006-08-24 16:16:46 UTC (rev 1999) @@ -1 +1 @@ -1.30.26 +1.30.27 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:14:26
|
Revision: 1998 Author: ssmalley Date: 2006-08-24 09:14:17 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1998&view=rev Log Message: ----------- Author: Erich Schubert Email: er...@de... Subject: Bug in restorecon for symlinks in root dir Date: Tue, 22 Aug 2006 02:17:21 +0200 restorecon has a bug for symlinks in the root directory, such as /vmlinuz or the /lib64 -> /lib symlink found on all debian amd64 systems. The bug arises in the way the containing directories "realpath" is found for symlinks. Basically, the directory name is split by overwriting the last / character with a \0 char; then calling realpath(3) on the first component, then joining them again. For obvious reasons, this doesn't work for filenames such as /lib64; but it only affects symlinks (thats why "restorecon /etc" works fine). Signed-off-by: Stephen Smalley <sd...@ty...> Modified Paths: -------------- trunk/policycoreutils/restorecon/restorecon.c Modified: trunk/policycoreutils/restorecon/restorecon.c =================================================================== --- trunk/policycoreutils/restorecon/restorecon.c 2006-08-24 16:13:19 UTC (rev 1997) +++ trunk/policycoreutils/restorecon/restorecon.c 2006-08-24 16:14:17 UTC (rev 1998) @@ -178,7 +178,10 @@ return 1; } file_sep = strrchr(tmp_path, '/'); - if (file_sep) { + if (file_sep == tmp_path) { + file_sep++; + p = strcpy(path, ""); + } else if (file_sep) { *file_sep = 0; file_sep++; p = realpath(tmp_path, path); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:13:27
|
Revision: 1997 Author: ssmalley Date: 2006-08-24 09:13:19 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1997&view=rev Log Message: ----------- Tag for libselinux 1.30.27 Added Paths: ----------- tags/libselinux_1_30_27/ Copied: tags/libselinux_1_30_27 (from rev 1996, trunk/libselinux) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:11:39
|
Revision: 1996 Author: ssmalley Date: 2006-08-24 09:11:31 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1996&view=rev Log Message: ----------- libselinux 1.30.27 Modified Paths: -------------- trunk/libselinux/ChangeLog trunk/libselinux/VERSION Modified: trunk/libselinux/ChangeLog =================================================================== --- trunk/libselinux/ChangeLog 2006-08-24 16:10:35 UTC (rev 1995) +++ trunk/libselinux/ChangeLog 2006-08-24 16:11:31 UTC (rev 1996) @@ -1,3 +1,4 @@ +1.30.27 2006-08-24 * Merged patch to not log avc stats upon a reset from Steve Grubb. * Applied patch to revert compat_net setting upon policy load. Modified: trunk/libselinux/VERSION =================================================================== --- trunk/libselinux/VERSION 2006-08-24 16:10:35 UTC (rev 1995) +++ trunk/libselinux/VERSION 2006-08-24 16:11:31 UTC (rev 1996) @@ -1 +1 @@ -1.30.26 +1.30.27 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:10:49
|
Revision: 1995 Author: ssmalley Date: 2006-08-24 09:10:35 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1995&view=rev Log Message: ----------- Author: Stephen Smalley Email: sd...@ty... Subject: libselinux: do not set compat_net upon policy load Date: Wed, 23 Aug 2006 15:13:09 -0400 Revert the change to automatically set /selinux/compat_net at policy load time based on the policy, as this prevents compat_net from being effectively used with refpolicy-based policies that include the packet class definition. Signed-off-by: Stephen Smalley <sd...@ty...> Acked-by: Joshua Brindle <jbr...@tr...> Acked-by: Karl MacMillan <kma...@me...> Acked-by: Darrel Goeddel <dgo...@tr...> Modified Paths: -------------- trunk/libselinux/ChangeLog trunk/libselinux/src/load_policy.c Modified: trunk/libselinux/ChangeLog =================================================================== --- trunk/libselinux/ChangeLog 2006-08-24 16:08:39 UTC (rev 1994) +++ trunk/libselinux/ChangeLog 2006-08-24 16:10:35 UTC (rev 1995) @@ -1,4 +1,5 @@ * Merged patch to not log avc stats upon a reset from Steve Grubb. + * Applied patch to revert compat_net setting upon policy load. 1.30.26 2006-08-11 * Merged file context homedir and local path functions from Modified: trunk/libselinux/src/load_policy.c =================================================================== --- trunk/libselinux/src/load_policy.c 2006-08-24 16:08:39 UTC (rev 1994) +++ trunk/libselinux/src/load_policy.c 2006-08-24 16:10:35 UTC (rev 1995) @@ -49,7 +49,7 @@ struct stat sb; size_t size; void *map, *data; - int fd, rc = -1, *values, len, i, prot, compat_net; + int fd, rc = -1, *values, len, i, prot; sepol_policydb_t *policydb; sepol_policy_file_t *pf; @@ -79,23 +79,20 @@ if (map == MAP_FAILED) goto close; - if (sepol_policy_file_create(&pf)) - goto unmap; - if (sepol_policydb_create(&policydb)) { - sepol_policy_file_free(pf); - goto unmap; - } - sepol_policy_file_set_mem(pf, data, size); - if (sepol_policydb_read(policydb, pf)) { - sepol_policy_file_free(pf); - sepol_policydb_free(policydb); - goto unmap; - } - - compat_net = sepol_policydb_compat_net(policydb); - if (vers > kernvers) { /* Need to downgrade to kernel-supported version. */ + if (sepol_policy_file_create(&pf)) + goto unmap; + if (sepol_policydb_create(&policydb)) { + sepol_policy_file_free(pf); + goto unmap; + } + sepol_policy_file_set_mem(pf, data, size); + if (sepol_policydb_read(policydb, pf)) { + sepol_policy_file_free(pf); + sepol_policydb_free(policydb); + goto unmap; + } if (sepol_policydb_set_vers(policydb, kernvers) || sepol_policydb_to_image(NULL, policydb, &data, &size)) { /* Downgrade failed, keep searching. */ @@ -106,11 +103,10 @@ vers--; goto search; } + sepol_policy_file_free(pf); + sepol_policydb_free(policydb); } - sepol_policy_file_free(pf); - sepol_policydb_free(policydb); - if (load_setlocaldefs) { void *olddata = data; size_t oldsize = size; @@ -150,18 +146,6 @@ rc = security_load_policy(data, size); - if (!rc && selinux_mnt) { - int fd2; - char buf[2]; - snprintf(path, sizeof path, "%s/compat_net", selinux_mnt); - fd2 = open(path, O_RDWR); - if (fd2 < 0) - goto unmap; - buf[0] = compat_net ? '1' : '0'; - buf[1] = '\0'; - (void)write(fd2, buf, 2); - close(fd2); - } unmap: if (data != map) free(data); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:08:47
|
Revision: 1994 Author: ssmalley Date: 2006-08-24 09:08:39 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1994&view=rev Log Message: ----------- Author: Steve G Email: lin...@ya... Subject: Don't send statistics to audit logs Date: Fri, 18 Aug 2006 13:22:54 -0700 (PDT) Change the libselinux AVC to not log statistics upon a reset (reload or enforcing status change). Signed-off-by: Stephen Smalley <sd...@ty...> Modified Paths: -------------- trunk/libselinux/ChangeLog trunk/libselinux/src/avc.c Modified: trunk/libselinux/ChangeLog =================================================================== --- trunk/libselinux/ChangeLog 2006-08-24 16:05:06 UTC (rev 1993) +++ trunk/libselinux/ChangeLog 2006-08-24 16:08:39 UTC (rev 1994) @@ -1,3 +1,5 @@ + * Merged patch to not log avc stats upon a reset from Steve Grubb. + 1.30.26 2006-08-11 * Merged file context homedir and local path functions from Chris PeBenito. Modified: trunk/libselinux/src/avc.c =================================================================== --- trunk/libselinux/src/avc.c 2006-08-24 16:05:06 UTC (rev 1993) +++ trunk/libselinux/src/avc.c 2006-08-24 16:08:39 UTC (rev 1994) @@ -1191,8 +1191,6 @@ { int rc; - avc_av_stats(); - rc = avc_reset(); avc_get_lock(avc_lock); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:05:19
|
Revision: 1993 Author: ssmalley Date: 2006-08-24 09:05:06 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1993&view=rev Log Message: ----------- Apply the new make indent to the tree. Modified Paths: -------------- trunk/checkpolicy/module_compiler.c trunk/libselinux/src/fgetfilecon.c trunk/libselinux/src/getfilecon.c trunk/libselinux/src/lgetfilecon.c trunk/libselinux/src/procattr.c trunk/libsemanage/src/semanage_store.c trunk/libsepol/src/link.c trunk/libsepol/src/mls.c trunk/libsepol/src/users.c Modified: trunk/checkpolicy/module_compiler.c =================================================================== --- trunk/checkpolicy/module_compiler.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/checkpolicy/module_compiler.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -138,8 +138,9 @@ SCOPE_DECL, decl->decl_id, dest_value); if (retval == 1) { symtab_datum_t *s = - (symtab_datum_t *)hashtab_search(policydbp->symtab[symbol_type]. - table, key); + (symtab_datum_t *) hashtab_search(policydbp-> + symtab[symbol_type].table, + key); assert(s != NULL); *dest_value = s->value; } else if (retval == -2) { @@ -491,8 +492,9 @@ SCOPE_REQ, decl->decl_id, dest_value); if (retval == 1) { symtab_datum_t *s = - (symtab_datum_t *) hashtab_search(policydbp->symtab[symbol_type]. - table, key); + (symtab_datum_t *) hashtab_search(policydbp-> + symtab[symbol_type].table, + key); assert(s != NULL); *dest_value = s->value; } else if (retval == -2) { @@ -1018,7 +1020,8 @@ if (perdatum == NULL) { return 1; } - return is_perm_in_stack(perdatum->s.value, cladatum->s.value, stack_top); + return is_perm_in_stack(perdatum->s.value, cladatum->s.value, + stack_top); } cond_list_t *get_current_cond_list(cond_list_t * cond) Modified: trunk/libselinux/src/fgetfilecon.c =================================================================== --- trunk/libselinux/src/fgetfilecon.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libselinux/src/fgetfilecon.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -59,7 +59,7 @@ } if (ret >= 0 && *context) - return strlen(*context)+1; + return strlen(*context) + 1; return ret; } Modified: trunk/libselinux/src/getfilecon.c =================================================================== --- trunk/libselinux/src/getfilecon.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libselinux/src/getfilecon.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -58,7 +58,7 @@ freecon(rcontext); } if (ret >= 0 && *context) - return strlen(*context)+1; + return strlen(*context) + 1; return ret; } Modified: trunk/libselinux/src/lgetfilecon.c =================================================================== --- trunk/libselinux/src/lgetfilecon.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libselinux/src/lgetfilecon.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -59,6 +59,6 @@ } if (ret >= 0 && *context) - return strlen(*context)+1; + return strlen(*context) + 1; return ret; } Modified: trunk/libselinux/src/procattr.c =================================================================== --- trunk/libselinux/src/procattr.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libselinux/src/procattr.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -8,14 +8,13 @@ #include "selinux_internal.h" #include "policy.h" -static pid_t gettid(void) +static pid_t gettid(void) { return syscall(__NR_gettid); } static int getprocattrcon_raw(security_context_t * context, - pid_t pid, - const char *attr) + pid_t pid, const char *attr) { char *path, *buf; size_t size; @@ -72,9 +71,8 @@ return ret; } -static int getprocattrcon(security_context_t * context, - pid_t pid, - const char *attr) +static int getprocattrcon(security_context_t * context, + pid_t pid, const char *attr) { int ret; security_context_t rcontext; @@ -89,9 +87,8 @@ return ret; } -static int setprocattrcon_raw(security_context_t context, - pid_t pid, - const char *attr) +static int setprocattrcon_raw(security_context_t context, + pid_t pid, const char *attr) { char *path; int fd, rc; @@ -129,9 +126,8 @@ return 0; } -static int setprocattrcon(security_context_t context, - pid_t pid, - const char *attr) +static int setprocattrcon(security_context_t context, + pid_t pid, const char *attr) { int ret; security_context_t rcontext = context; @@ -179,31 +175,31 @@ { \ return getprocattrcon(c, pid, #attr); \ } - + all_selfattr_def(con, current) -getpidattr_def(pidcon, current) -getselfattr_def(prevcon, prev) -all_selfattr_def(execcon, exec) -all_selfattr_def(fscreatecon, fscreate) -all_selfattr_def(sockcreatecon, sockcreate) -all_selfattr_def(keycreatecon, keycreate) + getpidattr_def(pidcon, current) + getselfattr_def(prevcon, prev) + all_selfattr_def(execcon, exec) + all_selfattr_def(fscreatecon, fscreate) + all_selfattr_def(sockcreatecon, sockcreate) + all_selfattr_def(keycreatecon, keycreate) -hidden_def(getcon_raw) -hidden_def(getcon) -hidden_def(getexeccon_raw) -hidden_def(getfilecon_raw) -hidden_def(getfilecon) -hidden_def(getfscreatecon_raw) -hidden_def(getkeycreatecon_raw) -hidden_def(getpeercon_raw) -hidden_def(getpidcon_raw) -hidden_def(getprevcon_raw) -hidden_def(getprevcon) -hidden_def(getsockcreatecon_raw) -hidden_def(setcon_raw) -hidden_def(setexeccon_raw) -hidden_def(setexeccon) -hidden_def(setfilecon_raw) -hidden_def(setfscreatecon_raw) -hidden_def(setkeycreatecon_raw) -hidden_def(setsockcreatecon_raw) + hidden_def(getcon_raw) + hidden_def(getcon) + hidden_def(getexeccon_raw) + hidden_def(getfilecon_raw) + hidden_def(getfilecon) + hidden_def(getfscreatecon_raw) + hidden_def(getkeycreatecon_raw) + hidden_def(getpeercon_raw) + hidden_def(getpidcon_raw) + hidden_def(getprevcon_raw) + hidden_def(getprevcon) + hidden_def(getsockcreatecon_raw) + hidden_def(setcon_raw) + hidden_def(setexeccon_raw) + hidden_def(setexeccon) + hidden_def(setfilecon_raw) + hidden_def(setfscreatecon_raw) + hidden_def(setkeycreatecon_raw) + hidden_def(setsockcreatecon_raw) Modified: trunk/libsemanage/src/semanage_store.c =================================================================== --- trunk/libsemanage/src/semanage_store.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libsemanage/src/semanage_store.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -1068,20 +1068,25 @@ } snprintf(store_fc_loc, PATH_MAX, "%s%s", storepath, running_fc_loc); - if (semanage_copy_file(active_fc_loc, store_fc_loc, sh->conf->file_mode) == -1 && errno != ENOENT) { - ERR(sh, "Could not copy %s to %s.", active_fc_loc, store_fc_loc); + if (semanage_copy_file(active_fc_loc, store_fc_loc, sh->conf->file_mode) + == -1 && errno != ENOENT) { + ERR(sh, "Could not copy %s to %s.", active_fc_loc, + store_fc_loc); goto cleanup; } snprintf(store_seusers, PATH_MAX, "%s%s", storepath, running_seusers); if (semanage_copy_file - (active_seusers, store_seusers, sh->conf->file_mode) == -1 && errno != ENOENT) { - ERR(sh, "Could not copy %s to %s.", active_seusers, store_seusers); + (active_seusers, store_seusers, sh->conf->file_mode) == -1 + && errno != ENOENT) { + ERR(sh, "Could not copy %s to %s.", active_seusers, + store_seusers); goto cleanup; } snprintf(store_nc, PATH_MAX, "%s%s", storepath, running_nc); - if (semanage_copy_file(active_nc, store_nc, sh->conf->file_mode) == -1 && errno != ENOENT) { + if (semanage_copy_file(active_nc, store_nc, sh->conf->file_mode) == -1 + && errno != ENOENT) { ERR(sh, "Could not copy %s to %s.", active_nc, store_nc); goto cleanup; } Modified: trunk/libsepol/src/link.c =================================================================== --- trunk/libsepol/src/link.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libsepol/src/link.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -278,7 +278,8 @@ } } - state->cur->map[SYM_CLASSES][cladatum->s.value - 1] = new_class->s.value; + state->cur->map[SYM_CLASSES][cladatum->s.value - 1] = + new_class->s.value; /* copy permissions */ state->src_class = cladatum; Modified: trunk/libsepol/src/mls.c =================================================================== --- trunk/libsepol/src/mls.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libsepol/src/mls.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -403,7 +403,8 @@ if (!rngdatum) goto err; - if (catdatum->s.value >= rngdatum->s.value) + if (catdatum->s.value >= + rngdatum->s.value) goto err; for (i = catdatum->s.value; Modified: trunk/libsepol/src/users.c =================================================================== --- trunk/libsepol/src/users.c 2006-08-24 16:01:45 UTC (rev 1992) +++ trunk/libsepol/src/users.c 2006-08-24 16:05:06 UTC (rev 1993) @@ -332,7 +332,8 @@ return STATUS_SUCCESS; } - if (user_to_record(handle, policydb, usrdatum->s.value - 1, response) < 0) + if (user_to_record(handle, policydb, usrdatum->s.value - 1, response) < + 0) goto err; return STATUS_SUCCESS; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:02:22
|
Revision: 1992 Author: ssmalley Date: 2006-08-24 09:01:45 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1992&view=rev Log Message: ----------- Author: Caleb Case Email: cc...@tr... Subject: make indent target update Date: Thu, 17 Aug 2006 16:43:22 -0400 The current make indent invokes the distclean target which removes generated files. This approach instead pushes the decision of which files to indent down into the respective makefiles and does not force a distclean. Tests are not indented. Acked-by: Stephen Smalley <sd...@ty...> Acked-by: Karl MacMillan <kma...@me...> Modified Paths: -------------- trunk/Makefile trunk/checkpolicy/Makefile trunk/libselinux/Makefile trunk/libselinux/include/Makefile trunk/libselinux/src/Makefile trunk/libselinux/utils/Makefile trunk/libsemanage/Makefile trunk/libsemanage/include/Makefile trunk/libsemanage/src/Makefile trunk/libsepol/Makefile trunk/libsepol/include/Makefile trunk/libsepol/src/Makefile trunk/libsepol/utils/Makefile trunk/policycoreutils/Makefile trunk/policycoreutils/audit2allow/Makefile trunk/policycoreutils/audit2why/Makefile trunk/policycoreutils/load_policy/Makefile trunk/policycoreutils/newrole/Makefile trunk/policycoreutils/po/Makefile trunk/policycoreutils/restorecon/Makefile trunk/policycoreutils/restorecond/Makefile trunk/policycoreutils/run_init/Makefile trunk/policycoreutils/scripts/Makefile trunk/policycoreutils/secon/Makefile trunk/policycoreutils/semanage/Makefile trunk/policycoreutils/semodule/Makefile trunk/policycoreutils/semodule_deps/Makefile trunk/policycoreutils/semodule_expand/Makefile trunk/policycoreutils/semodule_link/Makefile trunk/policycoreutils/semodule_package/Makefile trunk/policycoreutils/sestatus/Makefile trunk/policycoreutils/setfiles/Makefile trunk/policycoreutils/setsebool/Makefile Modified: trunk/Makefile =================================================================== --- trunk/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -31,5 +31,7 @@ (cd $$subdir && $(MAKE) $@) || exit 1; \ done -indent: distclean # do not indent the generated files - find . -name "*.[ch]" -exec sh ./Lindent {} \; +indent: + @for subdir in $(SUBDIRS); do \ + (cd $$subdir && $(MAKE) $@) || exit 1; \ + done Modified: trunk/checkpolicy/Makefile =================================================================== --- trunk/checkpolicy/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/checkpolicy/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -18,6 +18,8 @@ LDLIBS=$(LIBDIR)/libsepol.a -lfl +GENERATED=lex.yy.c y.tab.c y.tab.h + all: $(TARGETS) $(MAKE) -C test @@ -55,3 +57,5 @@ -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c $(MAKE) -C test clean +indent: + ../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) Modified: trunk/libselinux/Makefile =================================================================== --- trunk/libselinux/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libselinux/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -21,4 +21,9 @@ $(MAKE) -C src $@ $(MAKE) -C utils clean -test: \ No newline at end of file +indent: + $(MAKE) -C src $@ + $(MAKE) -C utils $@ + $(MAKE) -C include $@ + +test: Modified: trunk/libselinux/include/Makefile =================================================================== --- trunk/libselinux/include/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libselinux/include/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -5,3 +5,7 @@ install: test -d $(INCDIR) || install -m 755 -d $(INCDIR) install -m 644 $(wildcard selinux/*.h) $(INCDIR) + +indent: + ../../Lindent $(wildcard selinux/*.h) + Modified: trunk/libselinux/src/Makefile =================================================================== --- trunk/libselinux/src/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libselinux/src/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -31,6 +31,8 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ +GENERATED=$(SWIGCOUT) + all: $(LIBA) $(LIBSO) pywrap: all $(SWIGSO) @@ -80,3 +82,7 @@ distclean: clean rm -f $(SWIGCOUT) $(SWIGFILES) + +indent: + ../../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) + Modified: trunk/libselinux/utils/Makefile =================================================================== --- trunk/libselinux/utils/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libselinux/utils/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -18,5 +18,8 @@ clean: rm -f $(TARGETS) *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: Modified: trunk/libsemanage/Makefile =================================================================== --- trunk/libsemanage/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libsemanage/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -19,4 +19,8 @@ $(MAKE) -C src $@ $(MAKE) -C tests $@ +indent: + $(MAKE) -C src $@ + $(MAKE) -C include $@ + test: Modified: trunk/libsemanage/include/Makefile =================================================================== --- trunk/libsemanage/include/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libsemanage/include/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -5,3 +5,6 @@ install: test -d $(INCDIR) || install -m 755 -d $(INCDIR) install -m 644 $(wildcard semanage/*.h) $(INCDIR) + +indent: + ../../Lindent $(wildcard semanage/*.h) Modified: trunk/libsemanage/src/Makefile =================================================================== --- trunk/libsemanage/src/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libsemanage/src/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -37,6 +37,8 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ +GENERATED=$(SWIGCOUT) $(wildcard conf-*.[ch]) + all: $(LIBA) $(LIBSO) pywrap: all $(SWIGLOBJ) $(SWIGSO) @@ -96,4 +98,7 @@ distclean: clean rm -f $(SWIGCOUT) $(SWIGFILES) +indent: + ../../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) + .PHONY: all clean pywrap swigify install install-pywrap distclean Modified: trunk/libsepol/Makefile =================================================================== --- trunk/libsepol/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libsepol/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -16,6 +16,11 @@ $(MAKE) -C utils clean $(MAKE) -C tests clean +indent: + $(MAKE) -C src $@ + $(MAKE) -C include $@ + $(MAKE) -C utils $@ + test: $(MAKE) -C tests test Modified: trunk/libsepol/include/Makefile =================================================================== --- trunk/libsepol/include/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libsepol/include/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -7,3 +7,6 @@ test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb install -m 644 $(wildcard sepol/*.h) $(INCDIR) install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb + +indent: + ../../Lindent $(wildcard sepol/*.h) Modified: trunk/libsepol/src/Makefile =================================================================== --- trunk/libsepol/src/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libsepol/src/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -42,3 +42,6 @@ clean: -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) +indent: + ../../Lindent $(wildcard *.[ch]) + Modified: trunk/libsepol/utils/Makefile =================================================================== --- trunk/libsepol/utils/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/libsepol/utils/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -17,5 +17,8 @@ clean: -rm -f $(TARGETS) *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: Modified: trunk/policycoreutils/Makefile =================================================================== --- trunk/policycoreutils/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -1,6 +1,6 @@ SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -all install relabel clean: +all install relabel clean indent: @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ done Modified: trunk/policycoreutils/audit2allow/Makefile =================================================================== --- trunk/policycoreutils/audit2allow/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/audit2allow/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -21,4 +21,6 @@ clean: +indent: + relabel: Modified: trunk/policycoreutils/audit2why/Makefile =================================================================== --- trunk/policycoreutils/audit2why/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/audit2why/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -24,4 +24,7 @@ clean: -rm -f $(TARGETS) *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: Modified: trunk/policycoreutils/load_policy/Makefile =================================================================== --- trunk/policycoreutils/load_policy/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/load_policy/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -21,5 +21,8 @@ clean: -rm -f $(TARGETS) *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: /sbin/restorecon $(SBINDIR)/load_policy Modified: trunk/policycoreutils/newrole/Makefile =================================================================== --- trunk/policycoreutils/newrole/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/newrole/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -52,5 +52,8 @@ clean: rm -f $(TARGETS) *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: install /sbin/restorecon $(BINDIR)/newrole Modified: trunk/policycoreutils/po/Makefile =================================================================== --- trunk/policycoreutils/po/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/po/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -64,6 +64,8 @@ @rm -fv *mo *~ .depend @rm -rf tmp +indent: + install: $(MOFILES) @for n in $(MOFILES); do \ l=`basename $$n .mo`; \ Modified: trunk/policycoreutils/restorecon/Makefile =================================================================== --- trunk/policycoreutils/restorecon/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/restorecon/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -21,5 +21,8 @@ clean: -rm -f restorecon *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: install /sbin/restorecon $(SBINDIR)/restorecon Modified: trunk/policycoreutils/restorecond/Makefile =================================================================== --- trunk/policycoreutils/restorecond/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/restorecond/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -30,3 +30,6 @@ clean: -rm -f restorecond *.o *~ +indent: + ../../Lindent $(wildcard *.[ch]) + Modified: trunk/policycoreutils/run_init/Makefile =================================================================== --- trunk/policycoreutils/run_init/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/run_init/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -45,5 +45,8 @@ clean: -rm -f $(TARGETS) *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: install /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty Modified: trunk/policycoreutils/scripts/Makefile =================================================================== --- trunk/policycoreutils/scripts/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/scripts/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -21,4 +21,6 @@ clean: +indent: + relabel: Modified: trunk/policycoreutils/secon/Makefile =================================================================== --- trunk/policycoreutils/secon/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/secon/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -29,6 +29,9 @@ clean: rm -f *.o core* secon *~ *.bak +indent: + ../../Lindent $(wildcard *.[ch]) + bare: clean .PHONY: clean bare Modified: trunk/policycoreutils/semanage/Makefile =================================================================== --- trunk/policycoreutils/semanage/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/semanage/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -20,4 +20,6 @@ clean: +indent: + relabel: Modified: trunk/policycoreutils/semodule/Makefile =================================================================== --- trunk/policycoreutils/semodule/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/semodule/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -23,4 +23,8 @@ relabel: clean: - -rm -f semodule *.o + -rm -f semodule *.o + +indent: + ../../Lindent $(wildcard *.[ch]) + Modified: trunk/policycoreutils/semodule_deps/Makefile =================================================================== --- trunk/policycoreutils/semodule_deps/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/semodule_deps/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -22,4 +22,8 @@ relabel: clean: - -rm -f semodule_deps *.o + -rm -f semodule_deps *.o + +indent: + ../../Lindent $(wildcard *.[ch]) + Modified: trunk/policycoreutils/semodule_expand/Makefile =================================================================== --- trunk/policycoreutils/semodule_expand/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/semodule_expand/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -22,4 +22,8 @@ relabel: clean: - -rm -f semodule_expand *.o + -rm -f semodule_expand *.o + +indent: + ../../Lindent $(wildcard *.[ch]) + Modified: trunk/policycoreutils/semodule_link/Makefile =================================================================== --- trunk/policycoreutils/semodule_link/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/semodule_link/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -22,4 +22,8 @@ relabel: clean: - -rm -f semodule_link *.o + -rm -f semodule_link *.o + +indent: + ../../Lindent $(wildcard *.[ch]) + Modified: trunk/policycoreutils/semodule_package/Makefile =================================================================== --- trunk/policycoreutils/semodule_package/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/semodule_package/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -22,4 +22,8 @@ relabel: clean: - -rm -f semodule_package *.o + -rm -f semodule_package *.o + +indent: + ../../Lindent $(wildcard *.[ch]) + Modified: trunk/policycoreutils/sestatus/Makefile =================================================================== --- trunk/policycoreutils/sestatus/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/sestatus/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -24,4 +24,7 @@ clean: rm -f sestatus *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: Modified: trunk/policycoreutils/setfiles/Makefile =================================================================== --- trunk/policycoreutils/setfiles/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/setfiles/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -28,5 +28,8 @@ clean: rm -f setfiles *.o +indent: + ../../Lindent $(wildcard *.[ch]) + relabel: install /sbin/restorecon $(SBINDIR)/setfiles Modified: trunk/policycoreutils/setsebool/Makefile =================================================================== --- trunk/policycoreutils/setsebool/Makefile 2006-08-24 15:57:08 UTC (rev 1991) +++ trunk/policycoreutils/setsebool/Makefile 2006-08-24 16:01:45 UTC (rev 1992) @@ -23,4 +23,8 @@ relabel: clean: - -rm -f setsebool *.o + -rm -f setsebool *.o + +indent: + ../../Lindent $(wildcard *.[ch]) + This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 15:57:16
|
Revision: 1991 Author: ssmalley Date: 2006-08-24 08:57:08 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1991&view=rev Log Message: ----------- Tag for libsepol 1.12.25 Added Paths: ----------- tags/libsepol_1_12_25/ Copied: tags/libsepol_1_12_25 (from rev 1990, trunk/libsepol) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 15:49:59
|
Revision: 1990 Author: ssmalley Date: 2006-08-24 08:49:53 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1990&view=rev Log Message: ----------- libsepol 1.12.25 Modified Paths: -------------- trunk/libsepol/ChangeLog trunk/libsepol/VERSION Modified: trunk/libsepol/ChangeLog =================================================================== --- trunk/libsepol/ChangeLog 2006-08-24 15:47:05 UTC (rev 1989) +++ trunk/libsepol/ChangeLog 2006-08-24 15:49:53 UTC (rev 1990) @@ -1,3 +1,4 @@ +1.12.25 2006-08-24 * Merged conditionally expand neverallows patch from Jeremy Mowery. * Merged refactor expander patch from Jeremy Mowery. Modified: trunk/libsepol/VERSION =================================================================== --- trunk/libsepol/VERSION 2006-08-24 15:47:05 UTC (rev 1989) +++ trunk/libsepol/VERSION 2006-08-24 15:49:53 UTC (rev 1990) @@ -1 +1 @@ -1.12.24 +1.12.25 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 15:47:12
|
Revision: 1989 Author: ssmalley Date: 2006-08-24 08:47:05 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1989&view=rev Log Message: ----------- Author: "Jeremy A. Mowery" Email: jm...@tr... Subject: Refactor expander Date: Thu, 17 Aug 2006 10:33:12 -0400 This patch adds a new function called expand_module_avrules that creates an expand_state object and expands the avrules (optionally including the neverallows). This function permits external users of libsepol to expand the avrules into the same policy. We refactored and created a static function called copy_and_expand_avrule_block since its functionality is needed in the original expand_module and the new expand_module_avrules functions. Acked-by: Stephen Smalley <sd...@ty...> Acked-by: Karl MacMillan <kma...@me...> Modified Paths: -------------- trunk/libsepol/include/sepol/policydb/expand.h trunk/libsepol/src/expand.c Modified: trunk/libsepol/include/sepol/policydb/expand.h =================================================================== --- trunk/libsepol/include/sepol/policydb/expand.h 2006-08-24 15:46:50 UTC (rev 1988) +++ trunk/libsepol/include/sepol/policydb/expand.h 2006-08-24 15:47:05 UTC (rev 1989) @@ -29,6 +29,24 @@ #include <sepol/handle.h> #include <sepol/policydb/conditional.h> +/* + * Expand only the avrules for a module. It is valid for this function to + * expand base into itself (i.e. base == out); the typemap for this special + * case should map type[i] to i+1. This function optionally expands neverallow + * rules. If neverallow rules are expanded, there is no need to copy them and + * doing so could cause duplicate entries when base == out. If the neverallow + * rules are not expanded, they are just copied to the destination policy so + * that assertion checking can be performed after expand. No assertion or + * hierarchy checking is performed by this function. + */ +extern int expand_module_avrules(sepol_handle_t * handle, policydb_t * base, + policydb_t * out, uint32_t * typemap, + int verbose, int expand_neverallow); +/* + * Expand all parts of a module. Neverallow rules are not expanded (only + * copied). It is not valid to expand base into itself. If check is non-zero, + * performs hierarchy and assertion checking. + */ extern int expand_module(sepol_handle_t * handle, policydb_t * base, policydb_t * out, int verbose, int check); Modified: trunk/libsepol/src/expand.c =================================================================== --- trunk/libsepol/src/expand.c 2006-08-24 15:46:50 UTC (rev 1988) +++ trunk/libsepol/src/expand.c 2006-08-24 15:47:05 UTC (rev 1989) @@ -1906,6 +1906,93 @@ return -1; } +/* + * Expands the avrule blocks for a policy. RBAC rules are copied. Neverallow + * rules are copied or expanded as per the settings in the state object; all + * other AV rules are expanded. If neverallow rules are expanded, they are not + * copied, otherwise they are copied for later use by the assertion checker. + */ +static int copy_and_expand_avrule_block(expand_state_t * state) +{ + avrule_block_t *curblock; + int retval = -1; + + for (curblock = state->base->global; curblock != NULL; + curblock = curblock->next) { + avrule_decl_t *decl = curblock->enabled; + avrule_t *cur_avrule; + + if (decl == NULL) { + /* nothing was enabled within this block */ + continue; + } + + /* copy role allows and role trans */ + if (copy_role_allows(state, decl->role_allow_rules) != 0 || + copy_role_trans(state, decl->role_tr_rules) != 0) { + goto cleanup; + } + + /* copy rules */ + cur_avrule = decl->avrules; + while (cur_avrule != NULL) { + if (!(state->expand_neverallow) + && cur_avrule->specified & AVRULE_NEVERALLOW) { + /* copy this over directly so that assertions are checked later */ + if (copy_neverallow + (state->out, state->typemap, cur_avrule)) + ERR(state->handle, + "Error while copying neverallow."); + } else { + if (cur_avrule->specified & AVRULE_NEVERALLOW) { + state->out->unsupported_format = 1; + } + if (convert_and_expand_rule + (state->handle, state->out, state->typemap, + cur_avrule, &state->out->te_avtab, NULL, + NULL, 0, + state->expand_neverallow) != + EXPAND_RULE_SUCCESS) { + goto cleanup; + } + } + cur_avrule = cur_avrule->next; + } + + /* copy conditional rules */ + if (cond_node_copy(state, decl->cond_list)) + goto cleanup; + } + + retval = 0; + + cleanup: + return retval; +} + +/* + * This function allows external users of the library (such as setools) to + * expand only the avrules and optionally perform expansion of neverallow rules + * or expand into the same policy for analysis purposes. + */ +int expand_module_avrules(sepol_handle_t * handle, policydb_t * base, + policydb_t * out, uint32_t * typemap, int verbose, + int expand_neverallow) +{ + expand_state_t state; + + expand_state_init(&state); + + state.base = base; + state.out = out; + state.typemap = typemap; + state.handle = handle; + state.verbose = verbose; + state.expand_neverallow = expand_neverallow; + + return copy_and_expand_avrule_block(&state); +} + /* Linking should always be done before calling expand, even if * there is only a base since all optionals are dealt with at link time * the base passed in should be indexed and avrule blocks should be @@ -2037,47 +2124,9 @@ } - /* then loop through delcs to copy and expand rules */ - for (curblock = state.base->global; curblock != NULL; - curblock = curblock->next) { - avrule_decl_t *decl = curblock->enabled; - avrule_t *cur_avrule; - - if (decl == NULL) { - /* nothing was enabled within this block */ - continue; - } - - /* copy role allows and role trans */ - if (copy_role_allows(&state, decl->role_allow_rules) != 0 || - copy_role_trans(&state, decl->role_tr_rules) != 0) { - goto cleanup; - } - - /* copy rules */ - cur_avrule = decl->avrules; - while (cur_avrule != NULL) { - if (!(state.expand_neverallow) - && cur_avrule->specified & AVRULE_NEVERALLOW) { - /* copy this over directly so that assertions are checked later */ - if (copy_neverallow - (out, state.typemap, cur_avrule)) - ERR(handle, - "Error while copying neverallow."); - } else { - if (convert_and_expand_rule - (state.handle, out, state.typemap, - cur_avrule, &out->te_avtab, NULL, NULL, - 0, state.expand_neverallow) != EXPAND_RULE_SUCCESS) { - goto cleanup; - } - } - cur_avrule = cur_avrule->next; - } - - /* copy conditional rules */ - if (cond_node_copy(&state, decl->cond_list)) - goto cleanup; + if (copy_and_expand_avrule_block(&state) < 0) { + ERR(handle, "Error during expand"); + goto cleanup; } /* copy constraints */ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 15:46:53
|
Revision: 1988 Author: ssmalley Date: 2006-08-24 08:46:50 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1988&view=rev Log Message: ----------- Author: "Jeremy A. Mowery" Email: jm...@tr... Subject: Refactor expander Date: Thu, 17 Aug 2006 10:33:12 -0400 This patch adds a new function called expand_module_avrules that creates an expand_state object and expands the avrules (optionally including the neverallows). This function permits external users of libsepol to expand the avrules into the same policy. We refactored and created a static function called copy_and_expand_avrule_block since its functionality is needed in the original expand_module and the new expand_module_avrules functions. Acked-by: Stephen Smalley <sd...@ty...> Acked-by: Karl MacMillan <kma...@me...> Modified Paths: -------------- trunk/libsepol/ChangeLog Modified: trunk/libsepol/ChangeLog =================================================================== --- trunk/libsepol/ChangeLog 2006-08-24 15:42:26 UTC (rev 1987) +++ trunk/libsepol/ChangeLog 2006-08-24 15:46:50 UTC (rev 1988) @@ -1,4 +1,5 @@ * Merged conditionally expand neverallows patch from Jeremy Mowery. + * Merged refactor expander patch from Jeremy Mowery. 1.12.24 2006-08-03 * Merged libsepol unit tests from Joshua Brindle. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 15:42:38
|
Revision: 1987 Author: ssmalley Date: 2006-08-24 08:42:26 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1987&view=rev Log Message: ----------- Author: "Jeremy A. Mowery" Email: jm...@tr... Subject: Conditionally expand neverallows Date: Thu, 17 Aug 2006 10:33:10 -0400 This patch allows neverallow rules to be expanded into the avtab for analysis purposes. This option is added to the expand state structure (and set to off by default). When neverallows are expanded, the unsupported_format flag is set for the policydb disabling writing the binary file. If expanded, neverallow rules are not copied; this is documented above the relevant functions. (Previous versions of this patch set also disabled checking on unsupported formats; this behavior has been dropped in this version of the patch set.) The read and write functions now recognize this state and appropriate defines were added for the return values. Acked-by: Stephen Smalley <sd...@ty...> Acked-by: Karl MacMillan <kma...@me...> Modified Paths: -------------- trunk/libsepol/ChangeLog trunk/libsepol/include/sepol/policydb/avtab.h trunk/libsepol/include/sepol/policydb/policydb.h trunk/libsepol/src/expand.c trunk/libsepol/src/link.c trunk/libsepol/src/policydb.c trunk/libsepol/src/write.c Modified: trunk/libsepol/ChangeLog =================================================================== --- trunk/libsepol/ChangeLog 2006-08-16 17:25:08 UTC (rev 1986) +++ trunk/libsepol/ChangeLog 2006-08-24 15:42:26 UTC (rev 1987) @@ -1,3 +1,5 @@ + * Merged conditionally expand neverallows patch from Jeremy Mowery. + 1.12.24 2006-08-03 * Merged libsepol unit tests from Joshua Brindle. Modified: trunk/libsepol/include/sepol/policydb/avtab.h =================================================================== --- trunk/libsepol/include/sepol/policydb/avtab.h 2006-08-16 17:25:08 UTC (rev 1986) +++ trunk/libsepol/include/sepol/policydb/avtab.h 2006-08-24 15:42:26 UTC (rev 1987) @@ -45,6 +45,7 @@ #define AVTAB_ALLOWED 1 #define AVTAB_AUDITALLOW 2 #define AVTAB_AUDITDENY 4 +#define AVTAB_NEVERALLOW 128 #define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) #define AVTAB_TRANSITION 16 #define AVTAB_MEMBER 32 Modified: trunk/libsepol/include/sepol/policydb/policydb.h =================================================================== --- trunk/libsepol/include/sepol/policydb/policydb.h 2006-08-16 17:25:08 UTC (rev 1986) +++ trunk/libsepol/include/sepol/policydb/policydb.h 2006-08-24 15:42:26 UTC (rev 1987) @@ -65,6 +65,10 @@ #define ERRMSG_LEN 1024 +#define POLICYDB_SUCCESS 0 +#define POLICYDB_ERROR -1 +#define POLICYDB_UNSUPPORTED -2 + /* * A datum type is defined for each kind of symbol * in the configuration data: individual permissions, @@ -194,12 +198,12 @@ #define AVRULE_AUDITALLOW 2 #define AVRULE_AUDITDENY 4 #define AVRULE_DONTAUDIT 8 -#define AVRULE_AV (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT) +#define AVRULE_NEVERALLOW 128 +#define AVRULE_AV (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW) #define AVRULE_TRANSITION 16 #define AVRULE_MEMBER 32 #define AVRULE_CHANGE 64 #define AVRULE_TYPE (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE) -#define AVRULE_NEVERALLOW 128 uint32_t specified; #define RULE_SELF 1 uint32_t flags; @@ -371,6 +375,9 @@ char *name; char *version; + /* Set when the policydb is modified such that writing is unsupported */ + int unsupported_format; + /* Whether this policydb is mls, should always be set */ int mls; Modified: trunk/libsepol/src/expand.c =================================================================== --- trunk/libsepol/src/expand.c 2006-08-16 17:25:08 UTC (rev 1986) +++ trunk/libsepol/src/expand.c 2006-08-24 15:42:26 UTC (rev 1987) @@ -41,8 +41,14 @@ policydb_t *base; policydb_t *out; sepol_handle_t *handle; + int expand_neverallow; } expand_state_t; +static void expand_state_init(expand_state_t * state) +{ + memset(state, 0, sizeof(expand_state_t)); +} + static int type_copy_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) { @@ -1007,6 +1013,10 @@ return node; } +#define EXPAND_RULE_SUCCESS 1 +#define EXPAND_RULE_CONFLICT 0 +#define EXPAND_RULE_ERROR -1 + static int expand_terule_helper(sepol_handle_t * handle, policydb_t * p, uint32_t * typemap, uint32_t specified, cond_av_list_t ** cond, @@ -1069,7 +1079,7 @@ * or in same conditional then ignore it */ if ((conflict == 1 && cond == NULL) || node->parse_context == cond) - return 1; + return EXPAND_RULE_SUCCESS; ERR(handle, "duplicate TE rule for %s %s:%s %s", p->p_type_val_to_name[avkey.source_type - 1], @@ -1078,7 +1088,7 @@ p->p_class_val_to_name[avkey.target_class - 1], p->p_type_val_to_name[oldtype - 1]); - return 0; + return EXPAND_RULE_CONFLICT; } ERR(handle, "conflicting TE rule for (%s, %s:%s): old was %s, new is %s", @@ -1087,7 +1097,7 @@ p->p_class_val_to_name[avkey.target_class - 1], p->p_type_val_to_name[oldtype - 1], p->p_type_val_to_name[remapped_data - 1]); - return 0; + return EXPAND_RULE_CONFLICT; } node = find_avtab_node(handle, avtab, &avkey, cond); @@ -1113,7 +1123,7 @@ cur = cur->next; } - return 1; + return EXPAND_RULE_SUCCESS; } static int expand_avrule_helper(sepol_handle_t * handle, @@ -1137,6 +1147,8 @@ spec = AVTAB_AUDITDENY; } else if (specified & AVRULE_DONTAUDIT) { spec = AVTAB_AUDITDENY; + } else if (specified & AVRULE_NEVERALLOW) { + spec = AVTAB_NEVERALLOW; } else { assert(0); /* unreachable */ } @@ -1150,7 +1162,7 @@ node = find_avtab_node(handle, avtab, &avkey, cond); if (!node) - return -1; + return EXPAND_RULE_ERROR; if (enabled) { node->key.specified |= AVTAB_ENABLED; } else { @@ -1162,6 +1174,8 @@ avdatump->data |= cur->data; } else if (specified & AVRULE_AUDITALLOW) { avdatump->data |= cur->data; + } else if (specified & AVRULE_NEVERALLOW) { + avdatump->data |= cur->data; } else if (specified & AVRULE_AUDITDENY) { /* Since a '0' in an auditdeny mask represents * a permission we do NOT want to audit @@ -1182,7 +1196,7 @@ cur = cur->next; } - return 1; + return EXPAND_RULE_SUCCESS; } static int expand_rule_helper(sepol_handle_t * handle, @@ -1207,7 +1221,8 @@ specified, cond, i, i, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } else { @@ -1219,7 +1234,8 @@ other, i, i, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } @@ -1234,7 +1250,8 @@ specified, cond, i, j, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } else { @@ -1246,32 +1263,36 @@ other, i, j, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } } } - return 1; + return EXPAND_RULE_SUCCESS; } -/* Expand a rule into a given avtab - checking for conflicting type - * rules in the destination policy. Return 1 on success, 0 if the - * rule conflicts with something (and hence was not added), or -1 on - * error. */ +/* + * Expand a rule into a given avtab - checking for conflicting type + * rules in the destination policy. Return EXPAND_RULE_SUCCESS on + * success, EXPAND_RULE_CONFLICT if the rule conflicts with something + * (and hence was not added), or EXPAND_RULE_ERROR on error. + */ static int convert_and_expand_rule(sepol_handle_t * handle, policydb_t * dest_pol, uint32_t * typemap, avrule_t * source_rule, avtab_t * dest_avtab, cond_av_list_t ** cond, - cond_av_list_t ** other, int enabled) + cond_av_list_t ** other, int enabled, + int do_neverallow) { int retval; ebitmap_t stypes, ttypes; unsigned char alwaysexpand; - if (source_rule->specified & AVRULE_NEVERALLOW) - return 1; + if (!do_neverallow && source_rule->specified & AVRULE_NEVERALLOW) + return EXPAND_RULE_SUCCESS; ebitmap_init(&stypes); ebitmap_init(&ttypes); @@ -1282,10 +1303,10 @@ if (expand_convert_type_set (dest_pol, typemap, &source_rule->stypes, &stypes, alwaysexpand)) - return -1; + return EXPAND_RULE_ERROR; if (expand_convert_type_set (dest_pol, typemap, &source_rule->ttypes, &ttypes, alwaysexpand)) - return -1; + return EXPAND_RULE_ERROR; retval = expand_rule_helper(handle, dest_pol, typemap, source_rule, dest_avtab, @@ -1306,7 +1327,8 @@ while (cur) { if (convert_and_expand_rule(state->handle, dest_pol, typemap, cur, dest_avtab, - list, other, enabled) != 1) { + list, other, enabled, + 0) != EXPAND_RULE_SUCCESS) { return -1; } @@ -1897,6 +1919,8 @@ expand_state_t state; avrule_block_t *curblock; + expand_state_init(&state); + state.verbose = verbose; state.typemap = NULL; state.base = base; @@ -2033,7 +2057,8 @@ /* copy rules */ cur_avrule = decl->avrules; while (cur_avrule != NULL) { - if (cur_avrule->specified & AVRULE_NEVERALLOW) { + if (!(state.expand_neverallow) + && cur_avrule->specified & AVRULE_NEVERALLOW) { /* copy this over directly so that assertions are checked later */ if (copy_neverallow (out, state.typemap, cur_avrule)) @@ -2043,7 +2068,7 @@ if (convert_and_expand_rule (state.handle, out, state.typemap, cur_avrule, &out->te_avtab, NULL, NULL, - 0) != 1) { + 0, state.expand_neverallow) != EXPAND_RULE_SUCCESS) { goto cleanup; } } Modified: trunk/libsepol/src/link.c =================================================================== --- trunk/libsepol/src/link.c 2006-08-16 17:25:08 UTC (rev 1986) +++ trunk/libsepol/src/link.c 2006-08-24 15:42:26 UTC (rev 1987) @@ -964,8 +964,7 @@ module->map[SYM_CLASSES][cur_perm->class - 1]; assert(new_perm->class); - if (new_rule-> - specified & (AVRULE_AV | AVRULE_NEVERALLOW)) { + if (new_rule->specified & AVRULE_AV) { for (i = 0; i < module->perm_map_len[cur_perm->class - 1]; Modified: trunk/libsepol/src/policydb.c =================================================================== --- trunk/libsepol/src/policydb.c 2006-08-16 17:25:08 UTC (rev 1986) +++ trunk/libsepol/src/policydb.c 2006-08-24 15:42:26 UTC (rev 1987) @@ -2618,7 +2618,7 @@ /* Read the magic number and string length. */ buf = next_entry(fp, sizeof(uint32_t) * 2); if (!buf) - return -1; + return POLICYDB_ERROR; for (i = 0; i < 2; i++) buf[i] = le32_to_cpu(buf[i]); @@ -2632,26 +2632,26 @@ ERR(fp->handle, "policydb magic number %#08x does not " "match expected magic number %#08x or %#08x", buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); - return -1; + return POLICYDB_ERROR; } len = buf[1]; if (len != strlen(target_str)) { ERR(fp->handle, "policydb string length %zu does not match " "expected length %zu", len, strlen(target_str)); - return -1; + return POLICYDB_ERROR; } buf = next_entry(fp, len); if (!buf) { ERR(fp->handle, "truncated policydb string identifier"); - return -1; + return POLICYDB_ERROR; } policydb_str = malloc(len + 1); if (!policydb_str) { ERR(fp->handle, "unable to allocate memory for policydb " "string of length %zu", len); - return -1; + return POLICYDB_ERROR; } memcpy(policydb_str, buf, len); policydb_str[len] = 0; @@ -2659,7 +2659,7 @@ ERR(fp->handle, "policydb string %s does not match " "my string %s", policydb_str, target_str); free(policydb_str); - return -1; + return POLICYDB_ERROR; } /* Done with policydb_str. */ free(policydb_str); @@ -2673,7 +2673,7 @@ buf = next_entry(fp, sizeof(uint32_t) * nel); if (!buf) - return -1; + return POLICYDB_ERROR; for (i = 0; i < nel; i++) buf[i] = le32_to_cpu(buf[i]); @@ -2687,7 +2687,7 @@ if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { ERR(fp->handle, "unknown module type: %#08x", policy_type); - return -1; + return POLICYDB_ERROR; } bufindex++; } @@ -2699,7 +2699,7 @@ ERR(fp->handle, "policydb version %d does not match " "my version range %d-%d", buf[bufindex], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); - return -1; + return POLICYDB_ERROR; } } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { if (r_policyvers < MOD_POLICYDB_VERSION_MIN || @@ -2708,7 +2708,7 @@ "not match my version range %d-%d", buf[bufindex], MOD_POLICYDB_VERSION_MIN, MOD_POLICYDB_VERSION_MAX); - return -1; + return POLICYDB_ERROR; } } else { assert(0); @@ -2870,9 +2870,9 @@ } } - return 0; + return POLICYDB_SUCCESS; bad: - return -1; + return POLICYDB_ERROR; } int policydb_reindex_users(policydb_t * p) Modified: trunk/libsepol/src/write.c =================================================================== --- trunk/libsepol/src/write.c 2006-08-16 17:25:08 UTC (rev 1986) +++ trunk/libsepol/src/write.c 2006-08-24 15:42:26 UTC (rev 1987) @@ -68,21 +68,21 @@ items = put_entry(buf, sizeof(uint32_t), 3, fp); if (items != 3) - return -1; + return POLICYDB_ERROR; for (n = e->node; n; n = n->next) { bit = cpu_to_le32(n->startbit); items = put_entry(&bit, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; map = cpu_to_le64(n->map); items = put_entry(&map, sizeof(uint64_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } /* Ordering of datums in the original avtab format in the policy file. */ @@ -113,7 +113,7 @@ Requires merging similar entries if uncond avtab. */ if (merge) { if (cur->merged) - return 0; /* already merged by prior merge */ + return POLICYDB_SUCCESS; /* already merged by prior merge */ } items = 1; /* item 0 is used for the item count */ @@ -137,7 +137,7 @@ else if (val & AVTAB_TYPE) lookup = AVTAB_TYPE; else - return -1; + return POLICYDB_ERROR; for (node = avtab_search_node_next(cur, lookup); node; node = avtab_search_node_next(node, lookup)) { @@ -150,12 +150,12 @@ if (!(val & (AVTAB_AV | AVTAB_TYPE))) { ERR(fp->handle, "null entry"); - return -1; + return POLICYDB_ERROR; } if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) { ERR(fp->handle, "entry has both access " "vectors and types"); - return -1; + return POLICYDB_ERROR; } buf32[items++] = cpu_to_le32(val); @@ -180,7 +180,7 @@ if (!node) { ERR(fp->handle, "missing node"); - return -1; + return POLICYDB_ERROR; } buf32[items++] = cpu_to_le32(node->datum.data); @@ -196,7 +196,7 @@ if (set) { ERR(fp->handle, "data count wrong"); - return -1; + return POLICYDB_ERROR; } buf32[0] = cpu_to_le32(items - 1); @@ -205,10 +205,10 @@ /* Commit this item to the policy file. */ items2 = put_entry(buf32, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } /* Generate the new avtab format. */ @@ -218,12 +218,12 @@ buf16[3] = cpu_to_le16(cur->key.specified); items = put_entry(buf16, sizeof(uint16_t), 4, fp); if (items != 4) - return -1; + return POLICYDB_ERROR; buf32[0] = cpu_to_le32(cur->datum.data); items = put_entry(buf32, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; - return 0; + return POLICYDB_ERROR; + return POLICYDB_SUCCESS; } static inline void avtab_reset_merged(avtab_t * a) @@ -252,7 +252,7 @@ merge similar entries, so we need to track merged nodes and compute the final nel. */ if (avtab_init(&expa)) - return -1; + return POLICYDB_ERROR; if (expand_avtab(p, a, &expa)) { rc = -1; goto out; @@ -265,7 +265,7 @@ nel = cpu_to_le32(a->nel); items = put_entry(&nel, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; } for (i = 0; i < AVTAB_SIZE; i++) { @@ -318,12 +318,12 @@ sens = cpu_to_le32(l->sens); items = put_entry(&sens, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; if (ebitmap_write(&l->cat, fp)) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } /* @@ -346,15 +346,15 @@ items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items2 != items) - return -1; + return POLICYDB_ERROR; if (ebitmap_write(&r->level[0].cat, fp)) - return -1; + return POLICYDB_ERROR; if (!eq) if (ebitmap_write(&r->level[1].cat, fp)) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int sens_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -373,16 +373,16 @@ buf[items++] = cpu_to_le32(levdatum->isalias); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; if (mls_write_level(levdatum->level, fp)) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int cat_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -402,13 +402,13 @@ buf[items++] = cpu_to_le32(catdatum->isalias); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int role_trans_write(role_trans_t * r, struct policy_file *fp) @@ -423,17 +423,17 @@ buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (tr = r; tr; tr = tr->next) { buf[0] = cpu_to_le32(tr->role); buf[1] = cpu_to_le32(tr->type); buf[2] = cpu_to_le32(tr->new_role); items = put_entry(buf, sizeof(uint32_t), 3, fp); if (items != 3) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int role_allow_write(role_allow_t * r, struct policy_file *fp) @@ -448,15 +448,15 @@ buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (ra = r; ra; ra = ra->next) { buf[0] = cpu_to_le32(ra->role); buf[1] = cpu_to_le32(ra->new_role); items = put_entry(buf, sizeof(uint32_t), 2, fp); if (items != 2) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int role_set_write(role_set_t * x, struct policy_file *fp) @@ -465,14 +465,14 @@ uint32_t buf[1]; if (ebitmap_write(&x->roles, fp)) - return -1; + return POLICYDB_ERROR; buf[0] = cpu_to_le32(x->flags); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int type_set_write(type_set_t * x, struct policy_file *fp) @@ -481,16 +481,16 @@ uint32_t buf[1]; if (ebitmap_write(&x->types, fp)) - return -1; + return POLICYDB_ERROR; if (ebitmap_write(&x->negset, fp)) - return -1; + return POLICYDB_ERROR; buf[0] = cpu_to_le32(x->flags); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -510,11 +510,11 @@ buf[items++] = cpu_to_le32(len); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; - return 0; + return POLICYDB_ERROR; + return POLICYDB_SUCCESS; } /* @@ -539,7 +539,7 @@ if (oldvers) { if (avtab_init(&expa)) - return -1; + return POLICYDB_ERROR; if (expand_cond_av_list(p, list, &new_list, &expa)) goto out; list = new_list; @@ -587,7 +587,7 @@ buf[0] = cpu_to_le32(node->cur_state); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; /* expr */ len = 0; @@ -597,7 +597,7 @@ buf[0] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) { items = 0; @@ -605,22 +605,22 @@ buf[items++] = cpu_to_le32(cur_expr->bool); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items2 != items) - return -1; + return POLICYDB_ERROR; } if (p->policy_type == POLICY_KERN) { if (cond_write_av_list(p, node->true_list, fp) != 0) - return -1; + return POLICYDB_ERROR; if (cond_write_av_list(p, node->false_list, fp) != 0) - return -1; + return POLICYDB_ERROR; } else { if (avrule_write_list(node->avtrue_list, fp)) - return -1; + return POLICYDB_ERROR; if (avrule_write_list(node->avfalse_list, fp)) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int cond_write_list(policydb_t * p, cond_list_t * list, @@ -636,13 +636,13 @@ buf[0] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (cur = list; cur != NULL; cur = cur->next) { if (cond_write_node(p, cur, fp) != 0) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } /* @@ -661,15 +661,15 @@ buf[items++] = cpu_to_le32(c->type); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items2 != items) - return -1; + return POLICYDB_ERROR; if ((p->policyvers >= POLICYDB_VERSION_MLS && p->policy_type == POLICY_KERN) || (p->policyvers >= MOD_POLICYDB_VERSION_MLS && p->policy_type == POLICY_BASE)) if (mls_write_range_helper(&c->range, fp)) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } /* @@ -694,13 +694,13 @@ buf[items++] = cpu_to_le32(perdatum->s.value); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int common_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -721,16 +721,16 @@ buf[items++] = cpu_to_le32(comdatum->permissions.table->nel); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; if (hashtab_map(comdatum->permissions.table, perm_write, pd)) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int write_cons_helper(policydb_t * p, @@ -751,7 +751,7 @@ buf[1] = cpu_to_le32(nexpr); items = put_entry(buf, sizeof(uint32_t), 2, fp); if (items != 2) - return -1; + return POLICYDB_ERROR; for (e = c->expr; e; e = e->next) { items = 0; buf[0] = cpu_to_le32(e->expr_type); @@ -759,18 +759,18 @@ buf[2] = cpu_to_le32(e->op); items = put_entry(buf, sizeof(uint32_t), 3, fp); if (items != 3) - return -1; + return POLICYDB_ERROR; switch (e->expr_type) { case CEXPR_NAMES: if (!allowxtarget && (e->attr & CEXPR_XTARGET)) - return -1; + return POLICYDB_ERROR; if (ebitmap_write(&e->names, fp)) { - return -1; + return POLICYDB_ERROR; } if (p->policy_type != POLICY_KERN && type_set_write(e->type_names, fp)) { - return -1; + return POLICYDB_ERROR; } break; default: @@ -779,7 +779,7 @@ } } - return 0; + return POLICYDB_SUCCESS; } static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -817,22 +817,22 @@ buf[items++] = cpu_to_le32(ncons); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; if (cladatum->comkey) { items = put_entry(cladatum->comkey, 1, len2, fp); if (items != len2) - return -1; + return POLICYDB_ERROR; } if (hashtab_map(cladatum->permissions.table, perm_write, pd)) - return -1; + return POLICYDB_ERROR; if (write_cons_helper(p, cladatum->constraints, 0, fp)) - return -1; + return POLICYDB_ERROR; if ((p->policy_type == POLICY_KERN && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) @@ -846,12 +846,12 @@ buf[0] = cpu_to_le32(ncons); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; if (write_cons_helper(p, cladatum->validatetrans, 1, fp)) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int role_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -871,23 +871,23 @@ buf[items++] = cpu_to_le32(role->s.value); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; if (ebitmap_write(&role->dominates, fp)) - return -1; + return POLICYDB_ERROR; if (p->policy_type == POLICY_KERN) { if (ebitmap_write(&role->types.types, fp)) - return -1; + return POLICYDB_ERROR; } else { if (type_set_write(&role->types, fp)) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int type_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -911,18 +911,18 @@ } items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; if (p->policy_type != POLICY_KERN) { if (ebitmap_write(&typdatum->types, fp)) - return -1; + return POLICYDB_ERROR; } items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; - return 0; + return POLICYDB_SUCCESS; } static int user_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -942,18 +942,18 @@ buf[items++] = cpu_to_le32(usrdatum->s.value); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(key, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; if (p->policy_type == POLICY_KERN) { if (ebitmap_write(&usrdatum->roles.roles, fp)) - return -1; + return POLICYDB_ERROR; } else { if (role_set_write(&usrdatum->roles, fp)) - return -1; + return POLICYDB_ERROR; } /* Users are allowed in non-mls modules, so the empty field will be present in modules with users >= MOD_POLICYDB_VERSION_MLS */ @@ -964,12 +964,12 @@ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS && p->policy_type == POLICY_BASE)) { if (mls_write_range_helper(&usrdatum->range, fp)) - return -1; + return POLICYDB_ERROR; if (mls_write_level(&usrdatum->dfltlevel, fp)) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, @@ -991,16 +991,16 @@ buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (c = p->ocontexts[i]; c; c = c->next) { switch (i) { case OCON_ISID: buf[0] = cpu_to_le32(c->sid[0]); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[0], fp)) - return -1; + return POLICYDB_ERROR; break; case OCON_FS: case OCON_NETIF: @@ -1008,14 +1008,14 @@ buf[0] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; items = put_entry(c->u.name, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[0], fp)) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[1], fp)) - return -1; + return POLICYDB_ERROR; break; case OCON_PORT: buf[0] = c->u.port.protocol; @@ -1026,18 +1026,18 @@ } items = put_entry(buf, sizeof(uint32_t), 3, fp); if (items != 3) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[0], fp)) - return -1; + return POLICYDB_ERROR; break; case OCON_NODE: buf[0] = cpu_to_le32(c->u.node.addr); buf[1] = cpu_to_le32(c->u.node.mask); items = put_entry(buf, sizeof(uint32_t), 2, fp); if (items != 2) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[0], fp)) - return -1; + return POLICYDB_ERROR; break; case OCON_FSUSE: buf[0] = cpu_to_le32(c->v.behavior); @@ -1045,12 +1045,12 @@ buf[1] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 2, fp); if (items != 2) - return -1; + return POLICYDB_ERROR; items = put_entry(c->u.name, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[0], fp)) - return -1; + return POLICYDB_ERROR; break; case OCON_NODE6: for (j = 0; j < 4; j++) @@ -1061,14 +1061,14 @@ cpu_to_le32(c->u.node6.mask[j]); items = put_entry(buf, sizeof(uint32_t), 8, fp); if (items != 8) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[0], fp)) - return -1; + return POLICYDB_ERROR; break; } } } - return 0; + return POLICYDB_SUCCESS; } static int genfs_write(policydb_t * p, struct policy_file *fp) @@ -1083,41 +1083,41 @@ buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (genfs = p->genfs; genfs; genfs = genfs->next) { len = strlen(genfs->fstype); buf[0] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; items = put_entry(genfs->fstype, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; nel = 0; for (c = genfs->head; c; c = c->next) nel++; buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (c = genfs->head; c; c = c->next) { len = strlen(c->u.name); buf[0] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; items = put_entry(c->u.name, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; buf[0] = cpu_to_le32(c->v.sclass); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; if (context_write(p, &c->context[0], fp)) - return -1; + return POLICYDB_ERROR; } } - return 0; + return POLICYDB_SUCCESS; } static int range_write(policydb_t * p, struct policy_file *fp) @@ -1131,17 +1131,17 @@ buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (rt = p->range_tr; rt; rt = rt->next) { buf[0] = cpu_to_le32(rt->dom); buf[1] = cpu_to_le32(rt->type); items = put_entry(buf, sizeof(uint32_t), 2, fp); if (items != 2) - return -1; + return POLICYDB_ERROR; if (mls_write_range_helper(&rt->range, fp)) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } /************** module writing functions below **************/ @@ -1157,13 +1157,13 @@ buf[items++] = cpu_to_le32(avrule->flags); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items2 != items) - return -1; + return POLICYDB_ERROR; if (type_set_write(&avrule->stypes, fp)) - return -1; + return POLICYDB_ERROR; if (type_set_write(&avrule->ttypes, fp)) - return -1; + return POLICYDB_ERROR; cur = avrule->perms; len = 0; @@ -1175,7 +1175,7 @@ buf[items++] = cpu_to_le32(len); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items2 != items) - return -1; + return POLICYDB_ERROR; cur = avrule->perms; while (cur) { items = 0; @@ -1183,12 +1183,12 @@ buf[items++] = cpu_to_le32(cur->data); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items2 != items) - return -1; + return POLICYDB_ERROR; cur = cur->next; } - return 0; + return POLICYDB_SUCCESS; } static int avrule_write_list(avrule_t * avrules, struct policy_file *fp) @@ -1205,7 +1205,7 @@ buf[0] = cpu_to_le32(len); if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) - return -1; + return POLICYDB_ERROR; avrule = avrules; while (avrule) { @@ -1213,7 +1213,7 @@ avrule = avrule->next; } - return 0; + return POLICYDB_SUCCESS; } static int role_trans_rule_write(role_trans_rule_t * t, struct policy_file *fp) @@ -1228,18 +1228,18 @@ buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (tr = t; tr; tr = tr->next) { if (role_set_write(&tr->roles, fp)) - return -1; + return POLICYDB_ERROR; if (type_set_write(&tr->types, fp)) - return -1; + return POLICYDB_ERROR; buf[0] = cpu_to_le32(tr->new_role); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int role_allow_rule_write(role_allow_rule_t * r, struct policy_file *fp) @@ -1254,14 +1254,14 @@ buf[0] = cpu_to_le32(nel); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; for (ra = r; ra; ra = ra->next) { if (role_set_write(&ra->roles, fp)) - return -1; + return POLICYDB_ERROR; if (role_set_write(&ra->new_roles, fp)) - return -1; + return POLICYDB_ERROR; } - return 0; + return POLICYDB_SUCCESS; } static int scope_index_write(scope_index_t * scope_index, @@ -1272,19 +1272,19 @@ uint32_t buf[1]; for (i = 0; i < num_scope_syms; i++) { if (ebitmap_write(scope_index->scope + i, fp) == -1) { - return -1; + return POLICYDB_ERROR; } } buf[0] = cpu_to_le32(scope_index->class_perms_len); if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) { - return -1; + return POLICYDB_ERROR; } for (i = 0; i < scope_index->class_perms_len; i++) { if (ebitmap_write(scope_index->class_perms_map + i, fp) == -1) { - return -1; + return POLICYDB_ERROR; } } - return 0; + return POLICYDB_SUCCESS; } static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms, @@ -1296,17 +1296,17 @@ buf[0] = cpu_to_le32(decl->decl_id); buf[1] = cpu_to_le32(decl->enabled); if (put_entry(buf, sizeof(uint32_t), 2, fp) != 2) { - return -1; + return POLICYDB_ERROR; } if (cond_write_list(p, decl->cond_list, fp) == -1 || avrule_write_list(decl->avrules, fp) == -1 || role_trans_rule_write(decl->role_tr_rules, fp) == -1 || role_allow_rule_write(decl->role_allow_rules, fp) == -1) { - return -1; + return POLICYDB_ERROR; } if (scope_index_write(&decl->required, num_scope_syms, fp) == -1 || scope_index_write(&decl->declared, num_scope_syms, fp) == -1) { - return -1; + return POLICYDB_ERROR; } pd.fp = fp; pd.p = p; @@ -1314,13 +1314,13 @@ buf[0] = cpu_to_le32(decl->symtab[i].nprim); buf[1] = cpu_to_le32(decl->symtab[i].table->nel); if (put_entry(buf, sizeof(uint32_t), 2, fp) != 2) { - return -1; + return POLICYDB_ERROR; } if (hashtab_map(decl->symtab[i].table, write_f[i], &pd)) { - return -1; + return POLICYDB_ERROR; } } - return 0; + return POLICYDB_SUCCESS; } static int avrule_block_write(avrule_block_t * block, int num_scope_syms, @@ -1334,7 +1334,7 @@ } buf[0] = cpu_to_le32(num_blocks); if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) { - return -1; + return POLICYDB_ERROR; } /* now write each block */ @@ -1347,16 +1347,16 @@ } buf[0] = cpu_to_le32(num_decls); if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) { - return -1; + return POLICYDB_ERROR; } for (decl = cur->branch_list; decl != NULL; decl = decl->next) { if (avrule_decl_write(decl, num_scope_syms, p, fp) == -1) { - return -1; + return POLICYDB_ERROR; } } } - return 0; + return POLICYDB_SUCCESS; } static int scope_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) @@ -1373,7 +1373,7 @@ * buffer. this would have been easier with C99's * dynamic arrays... */ if ((dyn_buf = malloc(items * sizeof(*dyn_buf))) == NULL) { - return -1; + return POLICYDB_ERROR; } buf = dyn_buf; } else { @@ -1382,7 +1382,7 @@ buf[0] = cpu_to_le32(key_len); if (put_entry(buf, sizeof(*buf), 1, fp) != 1 || put_entry(key, 1, key_len, fp) != key_len) { - return -1; + return POLICYDB_ERROR; } buf[0] = cpu_to_le32(scope->scope); buf[1] = cpu_to_le32(scope->decl_ids_len); @@ -1391,10 +1391,10 @@ } if (put_entry(buf, sizeof(*buf), items, fp) != items) { free(dyn_buf); - return -1; + return POLICYDB_ERROR; } free(dyn_buf); - return 0; + return POLICYDB_SUCCESS; } /* @@ -1411,6 +1411,9 @@ struct policy_data pd; char *policydb_str; + if (p->unsupported_format) + return POLICYDB_UNSUPPORTED; + pd.fp = fp; pd.p = p; @@ -1432,10 +1435,10 @@ buf[items++] = cpu_to_le32(len); items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; items = put_entry(policydb_str, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; /* Write the version, config, and table sizes. */ items = 0; @@ -1443,7 +1446,7 @@ if (!info) { ERR(fp->handle, "compatibility lookup failed for policy " "version %d", p->policyvers); - return -1; + return POLICYDB_ERROR; } if (p->policy_type != POLICY_KERN) { @@ -1456,7 +1459,7 @@ items2 = put_entry(buf, sizeof(uint32_t), items, fp); if (items != items2) - return -1; + return POLICYDB_ERROR; if (p->policy_type == POLICY_MOD) { /* Write module name and version */ @@ -1464,18 +1467,18 @@ buf[0] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; items = put_entry(p->name, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; len = strlen(p->version); buf[0] = cpu_to_le32(len); items = put_entry(buf, sizeof(uint32_t), 1, fp); if (items != 1) - return -1; + return POLICYDB_ERROR; items = put_entry(p->version, 1, len, fp); if (items != len) - return -1; + return POLICYDB_ERROR; } num_syms = info->sym_num; for (i = 0; i < num_syms; i++) { @@ -1483,43 +1486,43 @@ buf[1] = cpu_to_le32(p->symtab[i].table->nel); items = put_entry(buf, sizeof(uint32_t), 2, fp); if (items != 2) - return -1; + return POLICYDB_ERROR; if (hashtab_map(p->symtab[i].table, write_f[i], &pd)) - return -1; + return POLICYDB_ERROR; } if (p->policy_type == POLICY_KERN) { if (avtab_write(p, &p->te_avtab, fp)) - return -1; + return POLICYDB_ERROR; if (p->policyvers < POLICYDB_VERSION_BOOL) { if (p->p_bools.nprim) WARN(fp->handle, "Discarding " "booleans and conditional rules"); } else { if (cond_write_list(p, p->cond_list, fp)) - return -1; + return POLICYDB_ERROR; } if (role_trans_write(p->role_tr, fp)) - return -1; + return POLICYDB_ERROR; if (role_allow_write(p->role_allow, fp)) - return -1; + return POLICYDB_ERROR; } else { if (avrule_block_write(p->global, num_syms, p, fp) == -1) { - return -1; + return POLICYDB_ERROR; } for (i = 0; i < num_syms; i++) { buf[0] = cpu_to_le32(p->scope[i].table->nel); if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) { - return -1; + return POLICYDB_ERROR; } if (hashtab_map(p->scope[i].table, scope_write, &pd)) - return -1; + return POLICYDB_ERROR; } } if (ocontext_write(info, p, fp) == -1 || genfs_write(p, fp) == -1) { - return -1; + return POLICYDB_ERROR; } if ((p->policyvers >= POLICYDB_VERSION_MLS @@ -1527,7 +1530,7 @@ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS && p->policy_type == POLICY_BASE)) { if (range_write(p, fp)) { - return -1; + return POLICYDB_ERROR; } } @@ -1535,9 +1538,9 @@ && p->policyvers >= POLICYDB_VERSION_AVTAB) { for (i = 0; i < p->p_types.nprim; i++) { if (ebitmap_write(&p->type_attr_map[i], fp) == -1) - return -1; + return POLICYDB_ERROR; } } - return 0; + return POLICYDB_SUCCESS; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-16 17:25:13
|
Revision: 1986 Author: ssmalley Date: 2006-08-16 10:25:08 -0700 (Wed, 16 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1986&view=rev Log Message: ----------- Revert Modified Paths: -------------- trunk/README Modified: trunk/README =================================================================== --- trunk/README 2006-08-16 17:20:19 UTC (rev 1985) +++ trunk/README 2006-08-16 17:25:08 UTC (rev 1986) @@ -1,2 +1 @@ See selinux-doc/README for build instructions. --test This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
