Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ssm...@us...> - 2008-02-28 20:41:03
|
Revision: 2825
http://selinux.svn.sourceforge.net/selinux/?rev=2825&view=rev
Author: ssmalley
Date: 2008-02-28 12:41:00 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsepol: accept Flask as string identifier in policy
Date: Thu, 28 Feb 2008 14:26:55 -0500
SELinux binary policies presently use "SE Linux" as the string
identifier in the header. Other Flask/TE implementations would like to
use a more general identifier while preserving compatibility with
SELinux policy tools. Thus, extend the libsepol policy reading code to
accept "Flask" as an alternate identifier. This allows checkpolicy and
setools to read such policies when rebuilt against the updated libsepol.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsepol/include/sepol/policydb/policydb.h
trunk/libsepol/src/policydb.c
Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2008-02-28 20:40:32 UTC (rev 2824)
+++ trunk/libsepol/include/sepol/policydb/policydb.h 2008-02-28 20:41:00 UTC (rev 2825)
@@ -617,6 +617,7 @@
#define POLICYDB_MAGIC SELINUX_MAGIC
#define POLICYDB_STRING "SE Linux"
+#define POLICYDB_ALT_STRING "Flask"
#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
#define POLICYDB_MOD_STRING "SE Linux Module"
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2008-02-28 20:40:32 UTC (rev 2824)
+++ trunk/libsepol/src/policydb.c 2008-02-28 20:41:00 UTC (rev 2825)
@@ -2980,7 +2980,7 @@
unsigned int i, j, r_policyvers;
uint32_t buf[5], config;
size_t len, nprim, nel;
- char *policydb_str, *target_str = NULL;
+ char *policydb_str, *target_str = NULL, *alt_target_str = NULL;
struct policydb_compat_info *info;
unsigned int policy_type, bufindex;
ebitmap_node_t *tnode;
@@ -2998,6 +2998,7 @@
if (buf[0] == POLICYDB_MAGIC) {
policy_type = POLICY_KERN;
target_str = POLICYDB_STRING;
+ alt_target_str = POLICYDB_ALT_STRING;
} else if (buf[0] == POLICYDB_MOD_MAGIC) {
policy_type = POLICY_MOD;
target_str = POLICYDB_MOD_STRING;
@@ -3009,7 +3010,8 @@
}
len = buf[1];
- if (len != strlen(target_str)) {
+ if (len != strlen(target_str) &&
+ (!alt_target_str || len != strlen(alt_target_str))) {
ERR(fp->handle, "policydb string length %zu does not match "
"expected length %zu", len, strlen(target_str));
return POLICYDB_ERROR;
@@ -3028,7 +3030,8 @@
return POLICYDB_ERROR;
}
policydb_str[len] = 0;
- if (strcmp(policydb_str, target_str)) {
+ if (strcmp(policydb_str, target_str) &&
+ (!alt_target_str || strcmp(policydb_str, alt_target_str))) {
ERR(fp->handle, "policydb string %s does not match "
"my string %s", policydb_str, target_str);
free(policydb_str);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-28 20:40:34
|
Revision: 2824
http://selinux.svn.sourceforge.net/selinux/?rev=2824&view=rev
Author: ssmalley
Date: 2008-02-28 12:40:32 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
updated libsepol to version 2.0.22
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-02-28 20:39:59 UTC (rev 2823)
+++ trunk/libsepol/ChangeLog 2008-02-28 20:40:32 UTC (rev 2824)
@@ -1,3 +1,6 @@
+2.0.22 2008-02-28
+ * Add support for open_perms policy capability from Eric Paris.
+
2.0.21 2008-02-20
* Fix invalid memory allocation in policydb_index_others() from Jason Tang.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-02-28 20:39:59 UTC (rev 2823)
+++ trunk/libsepol/VERSION 2008-02-28 20:40:32 UTC (rev 2824)
@@ -1 +1 @@
-2.0.21
+2.0.22
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-28 20:40:01
|
Revision: 2823
http://selinux.svn.sourceforge.net/selinux/?rev=2823&view=rev
Author: ssmalley
Date: 2008-02-28 12:39:59 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
Author: Eric Paris
Email: ep...@re...
Subject: libsepol: new capability to support open permissions
Date: Thu, 28 Feb 2008 10:09:54 -0500
This patch adds support for the new open_perms policy capability.
Simple yet true. I would like to point out that after this change
checkpolicy will also need to be rebuilt with the new libsepol-static
installed.
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsepol/include/sepol/policydb/polcaps.h
trunk/libsepol/src/polcaps.c
Modified: trunk/libsepol/include/sepol/policydb/polcaps.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/polcaps.h 2008-02-28 20:38:55 UTC (rev 2822)
+++ trunk/libsepol/include/sepol/policydb/polcaps.h 2008-02-28 20:39:59 UTC (rev 2823)
@@ -4,6 +4,7 @@
/* Policy capabilities */
enum {
POLICYDB_CAPABILITY_NETPEER,
+ POLICYDB_CAPABILITY_OPENPERM,
__POLICYDB_CAPABILITY_MAX
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
Modified: trunk/libsepol/src/polcaps.c
===================================================================
--- trunk/libsepol/src/polcaps.c 2008-02-28 20:38:55 UTC (rev 2822)
+++ trunk/libsepol/src/polcaps.c 2008-02-28 20:39:59 UTC (rev 2823)
@@ -7,6 +7,7 @@
static const char *polcap_names[] = {
"network_peer_controls", /* POLICYDB_CAPABILITY_NETPEER */
+ "open_perms", /* POLICYDB_CAPABILITY_OPENPERM */
NULL
};
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-28 20:38:57
|
Revision: 2822
http://selinux.svn.sourceforge.net/selinux/?rev=2822&view=rev
Author: ssmalley
Date: 2008-02-28 12:38:55 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
updated libselinux to version 2.0.58
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-02-28 20:38:11 UTC (rev 2821)
+++ trunk/libselinux/ChangeLog 2008-02-28 20:38:55 UTC (rev 2822)
@@ -1,3 +1,6 @@
+2.0.58 2008-02-28
+ * Merged reset_selinux_config() for load policy from Dan Walsh.
+
2.0.57 2008-02-25
* Merged avc_has_perm() errno fix from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-02-28 20:38:11 UTC (rev 2821)
+++ trunk/libselinux/VERSION 2008-02-28 20:38:55 UTC (rev 2822)
@@ -1 +1 @@
-2.0.57
+2.0.58
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-28 20:38:16
|
Revision: 2821
http://selinux.svn.sourceforge.net/selinux/?rev=2821&view=rev
Author: ssmalley
Date: 2008-02-28 12:38:11 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: libselinux does not work properly in upstart/initrd
Date: Thu, 28 Feb 2008 14:35:48 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Smalley wrote:
> On Thu, 2008-02-28 at 13:48 -0500, Daniel J Walsh wrote:
> Stephen Smalley wrote:
>>>> On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=434793
>>>>>
>>>>> The way the upstart initrd works is to run nash with a builtin
>>>>> loadpolicy. The problem is nash starts before the /sysmount files
>>>>> system is mounted, so libselinux does not have an /etc/selinux/config to
>>>>> read. It defaults to targeted. So when nash finally executes
>>>>> loadpolicy (selinux_init_load_policy) it has the wrong config.
>>>>> Switching to any other type of policy will fail and
>>>>> selinux_init_load_policy will look for targeted.
>>>>>
>>>>> I changed this function to reload the config, to fix this problem.
>>>>>
>>>>> I think I did all the hidden stuff correctly. I don't think we want to
>>>>> expose these functions.
>>>> To make a function hidden, just mark it with hidden.
>>>> hidden_def and hidden_proto are about creating a private definition
>>>> within the library for intra-library calls that do not cause a
>>>> relocation, not about hiding the definition altogether.
>>>>
> So the hidden_def and hidden_proto lines can be removed as login as the
> extern hidden remains.
>>>> Concerns about this patch:
>>>> - it isn't thread safe,
> selinux_init_load_policy should not be called repeatedly, or probably
> from a threaded app.
>>>> - it only "fixes" the load policy case, not any other libselinux
>>>> function call.
> Well this is a very strange occurrance where the config is not there and
> then when the function gets called, it is there.
>
>> Fair enough - we can just handle this specific case then.
>> I'd suggest a single reset_selinux_config() or similar function added to
>> src/selinux_config.c that does the fini_ and init_ calls internally, and
>> then call that single function from load policy.
New simplified patch to reset the selinux_config.
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/src/load_policy.c
trunk/libselinux/src/selinux_config.c
trunk/libselinux/src/selinux_internal.h
Modified: trunk/libselinux/src/load_policy.c
===================================================================
--- trunk/libselinux/src/load_policy.c 2008-02-28 15:40:04 UTC (rev 2820)
+++ trunk/libselinux/src/load_policy.c 2008-02-28 20:38:11 UTC (rev 2821)
@@ -309,6 +309,13 @@
char *buf;
/*
+ * Reread the selinux configuration in case it has changed.
+ * Example: Caller has chroot'd and is now loading policy from
+ * chroot'd environment.
+ */
+ reset_selinux_config();
+
+ /*
* Get desired mode (disabled, permissive, enforcing) from
* /etc/selinux/config.
*/
Modified: trunk/libselinux/src/selinux_config.c
===================================================================
--- trunk/libselinux/src/selinux_config.c 2008-02-28 15:40:04 UTC (rev 2820)
+++ trunk/libselinux/src/selinux_config.c 2008-02-28 20:38:11 UTC (rev 2821)
@@ -223,6 +223,12 @@
selinux_policytype = NULL;
}
+void reset_selinux_config(void)
+{
+ fini_selinux_policyroot();
+ init_selinux_config();
+}
+
static const char *get_path(int idx)
{
return file_paths[idx];
Modified: trunk/libselinux/src/selinux_internal.h
===================================================================
--- trunk/libselinux/src/selinux_internal.h 2008-02-28 15:40:04 UTC (rev 2820)
+++ trunk/libselinux/src/selinux_internal.h 2008-02-28 20:38:11 UTC (rev 2821)
@@ -80,6 +80,7 @@
hidden_proto(security_get_initial_context);
hidden_proto(security_get_initial_context_raw);
+extern void reset_selinux_config(void) hidden;
extern int load_setlocaldefs hidden;
extern int require_seusers hidden;
extern int selinux_page_size hidden;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-28 15:40:10
|
Revision: 2820
http://selinux.svn.sourceforge.net/selinux/?rev=2820&view=rev
Author: millertc
Date: 2008-02-28 07:40:04 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
updated checkpolicy to version 2.0.10
Modified Paths:
--------------
trunk/checkpolicy/ChangeLog
trunk/checkpolicy/VERSION
Modified: trunk/checkpolicy/ChangeLog
===================================================================
--- trunk/checkpolicy/ChangeLog 2008-02-28 15:38:39 UTC (rev 2819)
+++ trunk/checkpolicy/ChangeLog 2008-02-28 15:40:04 UTC (rev 2820)
@@ -1,3 +1,6 @@
+2.0.10 2008-02-28
+ * Use yyerror2() where appropriate from Todd C. Miller.
+
2.0.9 2008-02-04
* Update dispol for libsepol avtab changes from Stephen Smalley.
Modified: trunk/checkpolicy/VERSION
===================================================================
--- trunk/checkpolicy/VERSION 2008-02-28 15:38:39 UTC (rev 2819)
+++ trunk/checkpolicy/VERSION 2008-02-28 15:40:04 UTC (rev 2820)
@@ -1 +1 @@
-2.0.9
+2.0.10
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-28 15:38:41
|
Revision: 2819
http://selinux.svn.sourceforge.net/selinux/?rev=2819&view=rev
Author: millertc
Date: 2008-02-28 07:38:39 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
Author: Todd C. Miller <tm...@tr...>
Subject: PATCH: use yyerror2() in checkpolicy parser
Date: Wednesday, February 27, 2008 4:42 PM
policy_parse.y defines a yyerror2() which takes a variables number
of arguments, but much of the code does not take advantage of it.
This diff just replaces sprintf() + yyerror() with yyerror2().
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
policy_parse.y | 274 ++++++++++++++++++---------------------------------------
1 file changed, 90 insertions(+), 184 deletions(-)
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-02-27 20:28:20 UTC (rev 2818)
+++ trunk/checkpolicy/policy_parse.y 2008-02-28 15:38:39 UTC (rev 2819)
@@ -1035,8 +1035,7 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg, "duplicate initial SID %s", id);
- yyerror(errormsg);
+ yyerror2("duplicate initial SID %s", id);
goto bad;
}
}
@@ -1079,9 +1078,7 @@
}
comdatum = hashtab_search(policydbp->p_commons.table, id);
if (comdatum) {
- snprintf(errormsg, ERRORMSG_LEN,
- "duplicate declaration for common %s\n", id);
- yyerror(errormsg);
+ yyerror2("duplicate declaration for common %s\n", id);
return -1;
}
comdatum = (common_datum_t *) malloc(sizeof(common_datum_t));
@@ -1126,10 +1123,8 @@
(hashtab_datum_t) perdatum);
if (ret == SEPOL_EEXIST) {
- sprintf(errormsg,
- "duplicate permission %s in common %s", perm,
- id);
- yyerror(errormsg);
+ yyerror2("duplicate permission %s in common %s", perm,
+ id);
goto bad_perm;
}
if (ret == SEPOL_ENOMEM) {
@@ -1178,8 +1173,7 @@
cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table,
(hashtab_key_t) id);
if (!cladatum) {
- sprintf(errormsg, "class %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("class %s is not defined", id);
goto bad;
}
free(id);
@@ -1205,8 +1199,7 @@
(hashtab_key_t) id);
if (!comdatum) {
- sprintf(errormsg, "common %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("common %s is not defined", id);
goto bad;
}
cladatum->comkey = id;
@@ -1243,10 +1236,8 @@
permissions.table,
(hashtab_key_t) id);
if (perdatum2) {
- sprintf(errormsg,
- "permission %s conflicts with an inherited permission",
- id);
- yyerror(errormsg);
+ yyerror2("permission %s conflicts with an "
+ "inherited permission", id);
goto bad;
}
}
@@ -1255,8 +1246,7 @@
(hashtab_datum_t) perdatum);
if (ret == SEPOL_EEXIST) {
- sprintf(errormsg, "duplicate permission %s", id);
- yyerror(errormsg);
+ yyerror2("duplicate permission %s", id);
goto bad;
}
if (ret == SEPOL_ENOMEM) {
@@ -1434,18 +1424,14 @@
(level_datum_t *) hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!datum) {
- sprintf(errormsg,
- "unknown sensitivity %s used in dominance definition",
- id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in dominance "
+ "definition", id);
free(id);
return -1;
}
if (datum->level->sens != 0) {
- sprintf(errormsg,
- "sensitivity %s occurs multiply in dominance definition",
- id);
- yyerror(errormsg);
+ yyerror2("sensitivity %s occurs multiply in dominance "
+ "definition", id);
free(id);
return -1;
}
@@ -1630,17 +1616,13 @@
levdatum = (level_datum_t *) hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg,
- "unknown sensitivity %s used in level definition", id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in level definition", id);
free(id);
return -1;
}
if (ebitmap_length(&levdatum->level->cat)) {
- sprintf(errormsg,
- "sensitivity %s used in multiple level definitions",
- id);
- yyerror(errormsg);
+ yyerror2("sensitivity %s used in multiple level definitions",
+ id);
free(id);
return -1;
}
@@ -1664,9 +1646,7 @@
(hashtab_key_t)
id_start);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s",
- id_start);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_start);
free(id);
return -1;
}
@@ -1677,17 +1657,14 @@
(hashtab_key_t)
id_end);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s",
- id_end);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_end);
free(id);
return -1;
}
range_end = cdatum->s.value - 1;
if (range_end < range_start) {
- sprintf(errormsg, "category range is invalid");
- yyerror(errormsg);
+ yyerror2("category range is invalid");
free(id);
return -1;
}
@@ -1810,10 +1787,8 @@
}
t = hashtab_search(policydbp->p_types.table, id);
if (!t || t->flavor == TYPE_ATTRIB) {
- sprintf(errormsg,
- "unknown type %s, or it was already declared as an attribute",
- id);
- yyerror(errormsg);
+ yyerror2("unknown type %s, or it was already declared as an "
+ "attribute", id);
free(id);
return -1;
}
@@ -1844,8 +1819,7 @@
}
t = hashtab_search(policydbp->p_types.table, id);
if (!t || t->flavor == TYPE_ATTRIB) {
- sprintf(errormsg, "unknown type %s", id);
- yyerror(errormsg);
+ yyerror2("unknown type %s", id);
free(id);
return -1;
}
@@ -1858,16 +1832,14 @@
}
attr = hashtab_search(policydbp->p_types.table, id);
if (!attr) {
- sprintf(errormsg, "attribute %s is not declared", id);
/* treat it as a fatal error */
- yyerror(errormsg);
+ yyerror2("attribute %s is not declared", id);
free(id);
return -1;
}
if (attr->flavor != TYPE_ATTRIB) {
- sprintf(errormsg, "%s is a type, not an attribute", id);
- yyerror(errormsg);
+ yyerror2("%s is a type, not an attribute", id);
free(id);
return -1;
}
@@ -1920,18 +1892,15 @@
}
attr = hashtab_search(policydbp->p_types.table, id);
if (!attr) {
- sprintf(errormsg, "attribute %s is not declared", id);
-
/* treat it as a fatal error */
- yyerror(errormsg);
+ yyerror2("attribute %s is not declared", id);
return -1;
} else {
newattr = 0;
}
if (attr->flavor != TYPE_ATTRIB) {
- sprintf(errormsg, "%s is a type, not an attribute", id);
- yyerror(errormsg);
+ yyerror2("%s is a type, not an attribute", id);
return -1;
}
@@ -1998,8 +1967,7 @@
}
t = hashtab_search(policydbp->p_types.table, id);
if (!t) {
- snprintf(errormsg, ERRORMSG_LEN, "unknown type %s", id);
- yyerror(errormsg);
+ yyerror2("unknown type %s", id);
free(id);
return -1;
}
@@ -2059,8 +2027,7 @@
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
- sprintf(errormsg, "unknown class %s", id);
- yyerror(errormsg);
+ yyerror2("unknown class %s", id);
goto bad;
}
if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
@@ -2083,8 +2050,7 @@
datum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
(hashtab_key_t) id);
if (!datum || datum->flavor == TYPE_ATTRIB) {
- sprintf(errormsg, "unknown type %s", id);
- yyerror(errormsg);
+ yyerror2("unknown type %s", id);
goto bad;
}
@@ -2300,8 +2266,7 @@
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
- sprintf(errormsg, "unknown class %s used in rule", id);
- yyerror(errormsg);
+ yyerror2("unknown class %s used in rule", id);
ret = -1;
goto out;
}
@@ -2365,19 +2330,17 @@
}
}
if (!perdatum) {
- sprintf(errormsg,
- "permission %s is not defined for class %s",
- id, policydbp->p_class_val_to_name[i]);
if (!suppress)
- yyerror(errormsg);
+ yyerror2("permission %s is not defined"
+ " for class %s", id,
+ policydbp->p_class_val_to_name[i]);
continue;
} else
if (!is_perm_in_scope
(id, policydbp->p_class_val_to_name[i])) {
if (!suppress) {
- yyerror2
- ("permission %s of class %s is not within scope",
- id,
+ yyerror2("permission %s of class %s is"
+ " not within scope", id,
policydbp->p_class_val_to_name[i]);
}
continue;
@@ -2769,9 +2732,7 @@
}
role = hashtab_search(policydbp->p_roles.table, id);
if (!role) {
- sprintf(errormsg,
- "unknown role %s used in transition definition", id);
- yyerror(errormsg);
+ yyerror2("unknown role %s used in transition definition", id);
goto bad;
}
@@ -2791,12 +2752,9 @@
for (tr = policydbp->role_tr; tr; tr = tr->next) {
if (tr->role == (i + 1) && tr->type == (j + 1)) {
- sprintf(errormsg,
- "duplicate role transition for (%s,%s)",
- role_val_to_name(i + 1),
- policydbp->
- p_type_val_to_name[j]);
- yyerror(errormsg);
+ yyerror2("duplicate role transition for (%s,%s)",
+ role_val_to_name(i + 1),
+ policydbp->p_type_val_to_name[j]);
goto bad;
}
}
@@ -2983,9 +2941,8 @@
(class_datum_t *) hashtab_search(policydbp->p_classes.table,
(hashtab_key_t) id);
if (!cladatum) {
- sprintf(errormsg, "class %s is not defined", id);
+ yyerror2("class %s is not defined", id);
ebitmap_destroy(&classmap);
- yyerror(errormsg);
free(id);
return -1;
}
@@ -3043,10 +3000,8 @@
id);
}
if (!perdatum) {
- sprintf(errormsg,
- "permission %s is not defined",
- id);
- yyerror(errormsg);
+ yyerror2("permission %s is not"
+ " defined", id);
free(id);
ebitmap_destroy(&classmap);
return -1;
@@ -3126,9 +3081,8 @@
(class_datum_t *) hashtab_search(policydbp->p_classes.table,
(hashtab_key_t) id);
if (!cladatum) {
- sprintf(errormsg, "class %s is not defined", id);
+ yyerror2("class %s is not defined", id);
ebitmap_destroy(&classmap);
- yyerror(errormsg);
free(id);
return -1;
}
@@ -3258,9 +3212,7 @@
(hashtab_key_t)
id);
if (!user) {
- sprintf(errormsg, "unknown user %s",
- id);
- yyerror(errormsg);
+ yyerror2("unknown user %s", id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3279,9 +3231,7 @@
(hashtab_key_t)
id);
if (!role) {
- sprintf(errormsg, "unknown role %s",
- id);
- yyerror(errormsg);
+ yyerror2("unknown role %s", id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3510,10 +3460,8 @@
table,
(hashtab_key_t) id);
if (!bool_var) {
- sprintf(errormsg,
- "unknown boolean %s in conditional expression",
- id);
- yyerror(errormsg);
+ yyerror2("unknown boolean %s in conditional expression",
+ id);
free(expr);
free(id);
return NULL;
@@ -3552,8 +3500,7 @@
}
r = hashtab_search(policydbp->p_roles.table, id);
if (!r) {
- sprintf(errormsg, "unknown role %s", id);
- yyerror(errormsg);
+ yyerror2("unknown role %s", id);
free(id);
return -1;
}
@@ -3587,31 +3534,27 @@
(hashtab_key_t)
id_start);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_start);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_start);
return -1;
}
range_start = cdatum->s.value - 1;
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id_end);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_end);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_end);
return -1;
}
range_end = cdatum->s.value - 1;
if (range_end < range_start) {
- sprintf(errormsg, "category range is invalid");
- yyerror(errormsg);
+ yyerror2("category range is invalid");
return -1;
}
} else {
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id);
return -1;
}
range_start = range_end = cdatum->s.value - 1;
@@ -3621,11 +3564,10 @@
if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
uint32_t level_value = levdatum->level->sens - 1;
policydb_index_others(NULL, policydbp, 0);
- sprintf(errormsg, "category %s can not be associated "
- "with level %s",
- policydbp->p_cat_val_to_name[i],
- policydbp->p_sens_val_to_name[level_value]);
- yyerror(errormsg);
+ yyerror2("category %s can not be associated "
+ "with level %s",
+ policydbp->p_cat_val_to_name[i],
+ policydbp->p_sens_val_to_name[level_value]);
return -1;
}
if (ebitmap_set_bit(cats, i, TRUE)) {
@@ -3655,8 +3597,7 @@
(hashtab_key_t)
id_start);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_start);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_start);
return -1;
}
range_start = cdatum->s.value;
@@ -3664,8 +3605,7 @@
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id_end);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_end);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_end);
return -1;
}
range_end = cdatum->s.value;
@@ -3673,8 +3613,7 @@
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id);
return -1;
}
range_start = range_end = cdatum->s.value;
@@ -3744,9 +3683,8 @@
hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg, "unknown sensitivity %s used in user"
- " level definition", id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in user"
+ " level definition", id);
free(id);
return -1;
}
@@ -3770,10 +3708,8 @@
hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg,
- "unknown sensitivity %s used in user range definition",
- id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in user"
+ " range definition", id);
free(id);
return -1;
}
@@ -3854,8 +3790,7 @@
usrdatum = (user_datum_t *) hashtab_search(policydbp->p_users.table,
(hashtab_key_t) id);
if (!usrdatum) {
- sprintf(errormsg, "user %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("user %s is not defined", id);
free(id);
goto bad;
}
@@ -3878,8 +3813,7 @@
role = (role_datum_t *) hashtab_search(policydbp->p_roles.table,
(hashtab_key_t) id);
if (!role) {
- sprintf(errormsg, "role %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("role %s is not defined", id);
free(id);
return -1;
}
@@ -3902,9 +3836,7 @@
typdatum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
(hashtab_key_t) id);
if (!typdatum || typdatum->flavor == TYPE_ATTRIB) {
- sprintf(errormsg, "type %s is not defined or is an attribute",
- id);
- yyerror(errormsg);
+ yyerror2("type %s is not defined or is an attribute", id);
free(id);
return -1;
}
@@ -3928,9 +3860,7 @@
hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg, "Sensitivity %s is not "
- "defined", id);
- yyerror(errormsg);
+ yyerror2("Sensitivity %s is not defined", id);
free(id);
return -1;
}
@@ -4000,15 +3930,12 @@
}
if (!c) {
- sprintf(errormsg, "SID %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("SID %s is not defined", id);
free(id);
return -1;
}
if (c->context[0].user) {
- sprintf(errormsg, "The context for SID %s is multiply defined",
- id);
- yyerror(errormsg);
+ yyerror2("The context for SID %s is multiply defined", id);
free(id);
return -1;
}
@@ -4061,9 +3988,8 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg, "duplicate entry for file system %s",
- newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate entry for file system %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
context_destroy(&newc->context[1]);
free(newc->u.name);
@@ -4108,8 +4034,7 @@
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
protocol = IPPROTO_UDP;
} else {
- sprintf(errormsg, "unrecognized protocol %s", id);
- yyerror(errormsg);
+ yyerror2("unrecognized protocol %s", id);
free(newc);
return -1;
}
@@ -4119,9 +4044,7 @@
newc->u.port.high_port = high;
if (low > high) {
- sprintf(errormsg, "low port %d exceeds high port %d", low,
- high);
- yyerror(errormsg);
+ yyerror2("low port %d exceeds high port %d", low, high);
free(newc);
return -1;
}
@@ -4142,15 +4065,13 @@
if (protocol != prot2)
continue;
if (low == low2 && high == high2) {
- sprintf(errormsg,
- "duplicate portcon entry for %s %d-%d ", id,
- low, high);
+ yyerror2("duplicate portcon entry for %s %d-%d ", id,
+ low, high);
goto bad;
}
if (low2 <= low && high2 >= high) {
- sprintf(errormsg,
- "portcon entry for %s %d-%d hidden by earlier entry for %d-%d",
- id, low, high, low2, high2);
+ yyerror2("portcon entry for %s %d-%d hidden by earlier "
+ "entry for %d-%d", id, low, high, low2, high2);
goto bad;
}
}
@@ -4163,7 +4084,6 @@
return 0;
bad:
- yyerror(errormsg);
free(newc);
return -1;
}
@@ -4206,10 +4126,8 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg,
- "duplicate entry for network interface %s",
- newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate entry for network interface %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
context_destroy(&newc->context[1]);
free(newc->u.name);
@@ -4420,10 +4338,8 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg,
- "duplicate fs_use entry for filesystem type %s",
- newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate fs_use entry for filesystem type %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
free(newc->u.name);
free(newc);
@@ -4489,8 +4405,7 @@
if (!type)
goto fail;
if (type[1] != 0) {
- sprintf(errormsg, "invalid type %s", type);
- yyerror(errormsg);
+ yyerror2("invalid type %s", type);
goto fail;
}
switch (type[0]) {
@@ -4516,8 +4431,7 @@
newc->v.sclass = SECCLASS_FILE;
break;
default:
- sprintf(errormsg, "invalid type %s", type);
- yyerror(errormsg);
+ yyerror2("invalid type %s", type);
goto fail;
}
}
@@ -4530,10 +4444,8 @@
if (!strcmp(newc->u.name, c->u.name) &&
(!newc->v.sclass || !c->v.sclass
|| newc->v.sclass == c->v.sclass)) {
- sprintf(errormsg,
- "duplicate entry for genfs entry (%s, %s)",
- fstype, newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate entry for genfs entry (%s, %s)",
+ fstype, newc->u.name);
goto fail;
}
len = strlen(newc->u.name);
@@ -4627,8 +4539,7 @@
cladatum = hashtab_search(policydbp->p_classes.table,
id);
if (!cladatum) {
- sprintf(errormsg, "unknown class %s", id);
- yyerror(errormsg);
+ yyerror2("unknown class %s", id);
goto out;
}
@@ -4640,9 +4551,8 @@
cladatum = hashtab_search(policydbp->p_classes.table,
"process");
if (!cladatum) {
- sprintf(errormsg, "could not find process class for "
- "legacy range_transition statement\n");
- yyerror(errormsg);
+ yyerror2("could not find process class for "
+ "legacy range_transition statement");
goto out;
}
@@ -4657,10 +4567,8 @@
for (l = 0; l < 2; l++) {
levdatum = hashtab_search(policydbp->p_levels.table, id);
if (!levdatum) {
- sprintf(errormsg,
- "unknown level %s used in range_transition "
- "definition", id);
- yyerror(errormsg);
+ yyerror2("unknown level %s used in range_transition "
+ "definition", id);
free(id);
goto out;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-27 20:28:24
|
Revision: 2818
http://selinux.svn.sourceforge.net/selinux/?rev=2818&view=rev
Author: millertc
Date: 2008-02-27 12:28:20 -0800 (Wed, 27 Feb 2008)
Log Message:
-----------
Author: Todd C. Miller <tm...@tr...>
Date: Wednesday, February 27, 2008 1:44 PM
Subject: PATCH: avoid -Werror for parser-generated sources
We've been bitten repeatedly by changes in lex and yacc resulting in
new compiler warnings. Now that we build with -Werror this can result
in broken builds. Since we have little control over what lex and yacc
generate, just filter out -Werror when compiling their .c files.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/checkpolicy/Makefile
trunk/libsemanage/src/Makefile
Modified: trunk/checkpolicy/Makefile
===================================================================
--- trunk/checkpolicy/Makefile 2008-02-26 12:18:28 UTC (rev 2817)
+++ trunk/checkpolicy/Makefile 2008-02-27 20:28:20 UTC (rev 2818)
@@ -33,10 +33,10 @@
$(CC) $(CFLAGS) -o $@ -c $<
y.tab.o: y.tab.c
- $(CC) $(CFLAGS) -o $@ -c $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -o $@ -c $<
lex.yy.o: lex.yy.c
- $(CC) $(CFLAGS) -o $@ -c $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -o $@ -c $<
y.tab.c: policy_parse.y
$(YACC) -d policy_parse.y
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2008-02-26 12:18:28 UTC (rev 2817)
+++ trunk/libsemanage/src/Makefile 2008-02-27 20:28:20 UTC (rev 2818)
@@ -71,6 +71,18 @@
%.lo: %.c
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+conf-parse.o: conf-parse.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -c -o $@ $<
+
+conf-parse.lo: conf-parse.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -fPIC -DSHARED -c -o $@ $<
+
+conf-scan.o: conf-scan.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -c -o $@ $<
+
+conf-scan.lo: conf-scan.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -fPIC -DSHARED -c -o $@ $<
+
$(SWIGCOUT): $(SWIGIF)
$(SWIG) $^
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-26 12:18:41
|
Revision: 2817
http://selinux.svn.sourceforge.net/selinux/?rev=2817&view=rev
Author: ssmalley
Date: 2008-02-26 04:18:28 -0800 (Tue, 26 Feb 2008)
Log Message:
-----------
updated libsemanage to version 2.0.24
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2008-02-26 12:17:53 UTC (rev 2816)
+++ trunk/libsemanage/ChangeLog 2008-02-26 12:18:28 UTC (rev 2817)
@@ -1,3 +1,6 @@
+2.0.24 2008-02-26
+ * make swigify
+
2.0.23 2008-02-04
* Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2008-02-26 12:17:53 UTC (rev 2816)
+++ trunk/libsemanage/VERSION 2008-02-26 12:18:28 UTC (rev 2817)
@@ -1 +1 @@
-2.0.23
+2.0.24
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-26 12:18:04
|
Revision: 2816
http://selinux.svn.sourceforge.net/selinux/?rev=2816&view=rev
Author: ssmalley
Date: 2008-02-26 04:17:53 -0800 (Tue, 26 Feb 2008)
Log Message:
-----------
make swigify
Modified Paths:
--------------
trunk/Makefile
trunk/libsemanage/src/semanage.py
trunk/libsemanage/src/semanageswig_wrap.c
Modified: trunk/Makefile
===================================================================
--- trunk/Makefile 2008-02-25 20:55:08 UTC (rev 2815)
+++ trunk/Makefile 2008-02-26 12:17:53 UTC (rev 2816)
@@ -11,7 +11,7 @@
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
-install-pywrap:
+install-pywrap swigify:
@for subdir in $(PYSUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
Modified: trunk/libsemanage/src/semanage.py
===================================================================
--- trunk/libsemanage/src/semanage.py 2008-02-25 20:55:08 UTC (rev 2815)
+++ trunk/libsemanage/src/semanage.py 2008-02-26 12:17:53 UTC (rev 2816)
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.31
+# Version 1.3.33
#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
Modified: trunk/libsemanage/src/semanageswig_wrap.c
===================================================================
--- trunk/libsemanage/src/semanageswig_wrap.c 2008-02-25 20:55:08 UTC (rev 2815)
+++ trunk/libsemanage/src/semanageswig_wrap.c 2008-02-26 12:17:53 UTC (rev 2816)
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.31
+ * Version 1.3.33
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
@@ -17,14 +17,14 @@
/* template workaround for compilers that cannot correctly implement the C++ standard */
#ifndef SWIGTEMPLATEDISAMBIGUATOR
-# if defined(__SUNPRO_CC)
-# if (__SUNPRO_CC <= 0x560)
-# define SWIGTEMPLATEDISAMBIGUATOR template
-# else
-# define SWIGTEMPLATEDISAMBIGUATOR
-# endif
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
# else
-# define SWIGTEMPLATEDISAMBIGUATOR
+# define SWIGTEMPLATEDISAMBIGUATOR
# endif
#endif
@@ -107,7 +107,13 @@
# define _CRT_SECURE_NO_DEPRECATE
#endif
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+
/* Python.h has to appear first */
#include <Python.h>
@@ -343,7 +349,7 @@
while ((*f2 == ' ') && (f2 != l2)) ++f2;
if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1;
}
- return (l1 - f1) - (l2 - f2);
+ return (int)((l1 - f1) - (l2 - f2));
}
/*
@@ -1090,14 +1096,14 @@
/* Unpack the argument tuple */
SWIGINTERN int
-SWIG_Python_UnpackTuple(PyObject *args, const char *name, int min, int max, PyObject **objs)
+SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs)
{
if (!args) {
if (!min && !max) {
return 1;
} else {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none",
- name, (min == max ? "" : "at least "), min);
+ name, (min == max ? "" : "at least "), (int)min);
return 0;
}
}
@@ -1105,14 +1111,14 @@
PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple");
return 0;
} else {
- register int l = PyTuple_GET_SIZE(args);
+ register Py_ssize_t l = PyTuple_GET_SIZE(args);
if (l < min) {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
- name, (min == max ? "" : "at least "), min, l);
+ name, (min == max ? "" : "at least "), (int)min, (int)l);
return 0;
} else if (l > max) {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
- name, (min == max ? "" : "at most "), max, l);
+ name, (min == max ? "" : "at most "), (int)max, (int)l);
return 0;
} else {
register int i;
@@ -1591,9 +1597,11 @@
(unaryfunc)0, /*nb_float*/
(unaryfunc)PySwigObject_oct, /*nb_oct*/
(unaryfunc)PySwigObject_hex, /*nb_hex*/
-#if PY_VERSION_HEX >= 0x02020000
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
-#elif PY_VERSION_HEX >= 0x02000000
+#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */
+#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
+#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */
0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */
#endif
};
@@ -2522,7 +2530,7 @@
#define SWIG_name "_semanage"
-#define SWIGVERSION 0x010331
+#define SWIGVERSION 0x010333
#define SWIG_VERSION SWIGVERSION
@@ -2640,15 +2648,13 @@
#include <limits.h>
-#ifndef LLONG_MIN
-# define LLONG_MIN LONG_LONG_MIN
+#if !defined(SWIG_NO_LLONG_MAX)
+# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__)
+# define LLONG_MAX __LONG_LONG_MAX__
+# define LLONG_MIN (-LLONG_MAX - 1LL)
+# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL)
+# endif
#endif
-#ifndef LLONG_MAX
-# define LLONG_MAX LONG_LONG_MAX
-#endif
-#ifndef ULLONG_MAX
-# define ULLONG_MAX ULONG_LONG_MAX
-#endif
SWIGINTERN int
@@ -11626,7 +11632,7 @@
static swig_type_info _swigt__p_f_p_q_const__struct_semanage_port_p_void__int = {"_p_f_p_q_const__struct_semanage_port_p_void__int", "int (*)(struct semanage_port const *,void *)|int (*)(semanage_port_t const *,void *)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_p_q_const__struct_semanage_seuser_p_void__int = {"_p_f_p_q_const__struct_semanage_seuser_p_void__int", "int (*)(struct semanage_seuser const *,void *)|int (*)(semanage_seuser_t const *,void *)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_p_q_const__struct_semanage_user_p_void__int = {"_p_f_p_q_const__struct_semanage_user_p_void__int", "int (*)(struct semanage_user const *,void *)|int (*)(semanage_user_t const *,void *)", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void = {"_p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void", "void (*)(void *,struct semanage_handle *,char const *,...)|void (*)(void *,semanage_handle_t *,char const *,...)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void = {"_p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void", "void (*)(void *,semanage_handle_t *,char const *,...)|void (*)(void *,struct semanage_handle *,char const *,...)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***", 0, 0, (void*)0, 0};
@@ -11638,33 +11644,33 @@
static swig_type_info _swigt__p_p_p_semanage_seuser = {"_p_p_p_semanage_seuser", "struct semanage_seuser ***|semanage_seuser_t ***", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_p_semanage_user = {"_p_p_p_semanage_user", "struct semanage_user ***|semanage_user_t ***", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_bool = {"_p_p_semanage_bool", "struct semanage_bool **|semanage_bool_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_bool_key = {"_p_p_semanage_bool_key", "struct semanage_bool_key **|semanage_bool_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_bool_key = {"_p_p_semanage_bool_key", "semanage_bool_key_t **|struct semanage_bool_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_context = {"_p_p_semanage_context", "struct semanage_context **|semanage_context_t **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_fcontext = {"_p_p_semanage_fcontext", "struct semanage_fcontext **|semanage_fcontext_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_fcontext_key = {"_p_p_semanage_fcontext_key", "struct semanage_fcontext_key **|semanage_fcontext_key_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_iface = {"_p_p_semanage_iface", "struct semanage_iface **|semanage_iface_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_iface_key = {"_p_p_semanage_iface_key", "struct semanage_iface_key **|semanage_iface_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_fcontext_key = {"_p_p_semanage_fcontext_key", "semanage_fcontext_key_t **|struct semanage_fcontext_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_iface = {"_p_p_semanage_iface", "semanage_iface_t **|struct semanage_iface **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_iface_key = {"_p_p_semanage_iface_key", "semanage_iface_key_t **|struct semanage_iface_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_module_info = {"_p_p_semanage_module_info", "struct semanage_module_info **|semanage_module_info_t **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_node = {"_p_p_semanage_node", "struct semanage_node **|semanage_node_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_node_key = {"_p_p_semanage_node_key", "struct semanage_node_key **|semanage_node_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_node_key = {"_p_p_semanage_node_key", "semanage_node_key_t **|struct semanage_node_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_port = {"_p_p_semanage_port", "struct semanage_port **|semanage_port_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_port_key = {"_p_p_semanage_port_key", "struct semanage_port_key **|semanage_port_key_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_seuser = {"_p_p_semanage_seuser", "struct semanage_seuser **|semanage_seuser_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_seuser_key = {"_p_p_semanage_seuser_key", "struct semanage_seuser_key **|semanage_seuser_key_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_user = {"_p_p_semanage_user", "struct semanage_user **|semanage_user_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_user_key = {"_p_p_semanage_user_key", "struct semanage_user_key **|semanage_user_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_port_key = {"_p_p_semanage_port_key", "semanage_port_key_t **|struct semanage_port_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_seuser = {"_p_p_semanage_seuser", "semanage_seuser_t **|struct semanage_seuser **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_seuser_key = {"_p_p_semanage_seuser_key", "semanage_seuser_key_t **|struct semanage_seuser_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_user = {"_p_p_semanage_user", "semanage_user_t **|struct semanage_user **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_user_key = {"_p_p_semanage_user_key", "semanage_user_key_t **|struct semanage_user_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_bool = {"_p_semanage_bool", "struct semanage_bool *|semanage_bool_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_bool_key = {"_p_semanage_bool_key", "struct semanage_bool_key *|semanage_bool_key_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_context = {"_p_semanage_context", "struct semanage_context *|semanage_context_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_fcontext = {"_p_semanage_fcontext", "struct semanage_fcontext *|semanage_fcontext_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_fcontext_key = {"_p_semanage_fcontext_key", "struct semanage_fcontext_key *|semanage_fcontext_key_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_semanage_handle = {"_p_semanage_handle", "struct semanage_handle *|semanage_handle_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_handle = {"_p_semanage_handle", "semanage_handle_t *|struct semanage_handle *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_iface = {"_p_semanage_iface", "struct semanage_iface *|semanage_iface_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_iface_key = {"_p_semanage_iface_key", "struct semanage_iface_key *|semanage_iface_key_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_module_info = {"_p_semanage_module_info", "struct semanage_module_info *|semanage_module_info_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_node = {"_p_semanage_node", "struct semanage_node *|semanage_node_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_node_key = {"_p_semanage_node_key", "struct semanage_node_key *|semanage_node_key_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_semanage_port = {"_p_semanage_port", "struct semanage_port *|semanage_port_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_port = {"_p_semanage_port", "semanage_port_t *|struct semanage_port *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_port_key = {"_p_semanage_port_key", "struct semanage_port_key *|semanage_port_key_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_seuser = {"_p_semanage_seuser", "struct semanage_seuser *|semanage_seuser_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_seuser_key = {"_p_semanage_seuser_key", "struct semanage_seuser_key *|semanage_seuser_key_t *", 0, 0, (void*)0, 0};
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-02-25 20:55:16
|
Revision: 2815
http://selinux.svn.sourceforge.net/selinux/?rev=2815&view=rev
Author: ewalsh
Date: 2008-02-25 12:55:08 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
updated libselinux to version 1.34.15
Modified Paths:
--------------
branches/stable/1_0/libselinux/ChangeLog
branches/stable/1_0/libselinux/VERSION
Modified: branches/stable/1_0/libselinux/ChangeLog
===================================================================
--- branches/stable/1_0/libselinux/ChangeLog 2008-02-25 20:53:58 UTC (rev 2814)
+++ branches/stable/1_0/libselinux/ChangeLog 2008-02-25 20:55:08 UTC (rev 2815)
@@ -1,3 +1,6 @@
+1.34.15 2008-02-25
+ * Merged avc_has_perm() errno fix from Eamon Walsh.
+
1.34.14 2007-09-27
* Refactored SWIG bindings from James Athey.
Modified: branches/stable/1_0/libselinux/VERSION
===================================================================
--- branches/stable/1_0/libselinux/VERSION 2008-02-25 20:53:58 UTC (rev 2814)
+++ branches/stable/1_0/libselinux/VERSION 2008-02-25 20:55:08 UTC (rev 2815)
@@ -1 +1 @@
-1.34.14
+1.34.15
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-02-25 20:54:00
|
Revision: 2814
http://selinux.svn.sourceforge.net/selinux/?rev=2814&view=rev
Author: ewalsh
Date: 2008-02-25 12:53:58 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
applied r2811:2812 from trunk
Modified Paths:
--------------
branches/stable/1_0/libselinux/src/avc.c
Modified: branches/stable/1_0/libselinux/src/avc.c
===================================================================
--- branches/stable/1_0/libselinux/src/avc.c 2008-02-25 20:47:12 UTC (rev 2813)
+++ branches/stable/1_0/libselinux/src/avc.c 2008-02-25 20:53:58 UTC (rev 2814)
@@ -1004,10 +1004,12 @@
struct avc_entry_ref *aeref, void *auditdata)
{
struct av_decision avd = { 0, 0, 0, 0, 0 };
- int rc;
+ int errsave, rc;
rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
+ errsave = errno;
avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
+ errno = errsave;
return rc;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-02-25 20:47:23
|
Revision: 2813
http://selinux.svn.sourceforge.net/selinux/?rev=2813&view=rev
Author: ewalsh
Date: 2008-02-25 12:47:12 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
updated libselinux to version 2.0.57
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-02-25 20:45:32 UTC (rev 2812)
+++ trunk/libselinux/ChangeLog 2008-02-25 20:47:12 UTC (rev 2813)
@@ -1,3 +1,6 @@
+2.0.57 2008-02-25
+ * Merged avc_has_perm() errno fix from Eamon Walsh.
+
2.0.56 2008-02-21
* Regenerated Flask headers from refpolicy flask definitions.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-02-25 20:45:32 UTC (rev 2812)
+++ trunk/libselinux/VERSION 2008-02-25 20:47:12 UTC (rev 2813)
@@ -1 +1 @@
-2.0.56
+2.0.57
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-02-25 20:45:36
|
Revision: 2812
http://selinux.svn.sourceforge.net/selinux/?rev=2812&view=rev
Author: ewalsh
Date: 2008-02-25 12:45:32 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: save errno value in avc_has_perm()
Date: Fri, 22 Feb 2008 18:42:02 -0500
The errno value set by avc_has_perm_noaudit() is being lost somewhere in
the bowels of avc_audit(). This patch saves it off so it doesn't get lost.
Signed-off-by: Eamon Walsh <ew...@ty...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/src/avc.c
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2008-02-22 21:05:36 UTC (rev 2811)
+++ trunk/libselinux/src/avc.c 2008-02-25 20:45:32 UTC (rev 2812)
@@ -874,10 +874,12 @@
struct avc_entry_ref *aeref, void *auditdata)
{
struct av_decision avd = { 0, 0, 0, 0, 0 };
- int rc;
+ int errsave, rc;
rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
+ errsave = errno;
avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
+ errno = errsave;
return rc;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-22 21:06:02
|
Revision: 2811
http://selinux.svn.sourceforge.net/selinux/?rev=2811&view=rev
Author: ssmalley
Date: 2008-02-22 13:05:36 -0800 (Fri, 22 Feb 2008)
Log Message:
-----------
Tidy up description of what changed.
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-02-22 19:07:13 UTC (rev 2810)
+++ trunk/policycoreutils/ChangeLog 2008-02-22 21:05:36 UTC (rev 2811)
@@ -1,5 +1,5 @@
2.0.44 2008-02-22
- * Fix for segfault when conf file parse error occurs.
+ * Fixed semodule to correctly handle error when unable to create a handle.
2.0.43 2008-02-08
* Merged fix fixfiles option processing from Vaclav Ovsik.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-02-22 19:07:18
|
Revision: 2810
http://selinux.svn.sourceforge.net/selinux/?rev=2810&view=rev
Author: madmethod
Date: 2008-02-22 11:07:13 -0800 (Fri, 22 Feb 2008)
Log Message:
-----------
bump policycoreutils to 2.0.44
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-02-22 19:06:24 UTC (rev 2809)
+++ trunk/policycoreutils/ChangeLog 2008-02-22 19:07:13 UTC (rev 2810)
@@ -1,3 +1,6 @@
+2.0.44 2008-02-22
+ * Fix for segfault when conf file parse error occurs.
+
2.0.43 2008-02-08
* Merged fix fixfiles option processing from Vaclav Ovsik.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-02-22 19:06:24 UTC (rev 2809)
+++ trunk/policycoreutils/VERSION 2008-02-22 19:07:13 UTC (rev 2810)
@@ -1 +1 @@
-2.0.43
+2.0.44
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-02-22 19:06:31
|
Revision: 2809
http://selinux.svn.sourceforge.net/selinux/?rev=2809&view=rev
Author: madmethod
Date: 2008-02-22 11:06:24 -0800 (Fri, 22 Feb 2008)
Log Message:
-----------
On Fri, 2008-02-22 at 11:55 -0500, Joshua Brindle wrote:
> > Eric Paris wrote:
>> > > I added "allow-unknown = deny" in semanage.conf and ran semodule -R
>> > >
>> > > [root@dhcp231-146 ~]# semodule -R
>> > > error parsing semanage configuration file: syntax error
>> > > semodule: Could not create semanage handle
>> > > semodule: handle.c:123: semanage_is_connected: Assertion `sh != ((void *)0)' failed.
>> > > Segmentation fault
>> > >
>> > > It was supposed to bail (allow-unknown is not a valid entry, it should
>> > > be handle-unknown) but it wasn't supposed to segfault. Maybe someone
>> > > who knows this code can find/fix it really quickly, if not I'm sure I'll
>> > > get to look at it when it gets to the top of my list in 10 or 12
>> > > months :)
>> > >
>> > > policycoreutils-2.0.43-2.fc9.x86_64
>> > >
> >
> > This is totally untested but should fix it:
Whitespace damaged, but applied with -l and it fixed the problem.
Acked-by: Stephen Smalley <sd...@ty...>
Merge at will.
> >
> > Index: trunk/policycoreutils/semodule/semodule.c
> > ===================================================================
> > --- trunk/policycoreutils/semodule/semodule.c (revision 2808)
> > +++ trunk/policycoreutils/semodule/semodule.c (working copy)
> > @@ -285,7 +285,7 @@
> > if (!sh) {
> > fprintf(stderr, "%s: Could not create semanage handle\n",
> > argv[0]);
> > - goto cleanup;
> > + goto cleanup_nohandle;
> > }
> >
> > if (store) {
> > @@ -473,6 +473,8 @@
> > }
> > }
> > semanage_handle_destroy(sh);
> > +
> > + cleanup_nohandle:
> > cleanup();
> > exit(status);
> > }
> >
> >
> >
Revision Links:
--------------
http://selinux.svn.sourceforge.net/selinux/?rev=2808&view=rev
Modified Paths:
--------------
trunk/policycoreutils/semodule/semodule.c
Modified: trunk/policycoreutils/semodule/semodule.c
===================================================================
--- trunk/policycoreutils/semodule/semodule.c 2008-02-21 16:12:21 UTC (rev 2808)
+++ trunk/policycoreutils/semodule/semodule.c 2008-02-22 19:06:24 UTC (rev 2809)
@@ -285,7 +285,7 @@
if (!sh) {
fprintf(stderr, "%s: Could not create semanage handle\n",
argv[0]);
- goto cleanup;
+ goto cleanup_nohandle;
}
if (store) {
@@ -473,6 +473,8 @@
}
}
semanage_handle_destroy(sh);
+
+ cleanup_nohandle:
cleanup();
exit(status);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-21 17:59:06
|
Revision: 2807
http://selinux.svn.sourceforge.net/selinux/?rev=2807&view=rev
Author: ssmalley
Date: 2008-02-21 08:11:33 -0800 (Thu, 21 Feb 2008)
Log Message:
-----------
Regenerate Flask headers from latest refpolicy definitions.
Modified Paths:
--------------
trunk/libselinux/include/selinux/av_permissions.h
trunk/libselinux/include/selinux/flask.h
trunk/libselinux/src/av_perm_to_string.h
trunk/libselinux/src/class_to_string.h
Modified: trunk/libselinux/include/selinux/av_permissions.h
===================================================================
--- trunk/libselinux/include/selinux/av_permissions.h 2008-02-20 15:32:51 UTC (rev 2806)
+++ trunk/libselinux/include/selinux/av_permissions.h 2008-02-21 16:11:33 UTC (rev 2807)
@@ -298,6 +298,8 @@
#define NODE__ENFORCE_DEST 0x00000040UL
#define NODE__DCCP_RECV 0x00000080UL
#define NODE__DCCP_SEND 0x00000100UL
+#define NODE__RECVFROM 0x00000200UL
+#define NODE__SENDTO 0x00000400UL
#define NETIF__TCP_RECV 0x00000001UL
#define NETIF__TCP_SEND 0x00000002UL
#define NETIF__UDP_RECV 0x00000004UL
@@ -306,6 +308,8 @@
#define NETIF__RAWIP_SEND 0x00000020UL
#define NETIF__DCCP_RECV 0x00000040UL
#define NETIF__DCCP_SEND 0x00000080UL
+#define NETIF__INGRESS 0x00000100UL
+#define NETIF__EGRESS 0x00000200UL
#define NETLINK_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SOCKET__READ 0x00000002UL
#define NETLINK_SOCKET__WRITE 0x00000004UL
@@ -535,6 +539,9 @@
#define CAPABILITY__LEASE 0x10000000UL
#define CAPABILITY__AUDIT_WRITE 0x20000000UL
#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
+#define CAPABILITY__SETFCAP 0x80000000UL
+#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
+#define CAPABILITY2__MAC_ADMIN 0x00000002UL
#define PASSWD__PASSWD 0x00000001UL
#define PASSWD__CHFN 0x00000002UL
#define PASSWD__CHSH 0x00000004UL
@@ -900,6 +907,10 @@
#define PACKET__SEND 0x00000001UL
#define PACKET__RECV 0x00000002UL
#define PACKET__RELABELTO 0x00000004UL
+#define PACKET__FLOW_IN 0x00000008UL
+#define PACKET__FLOW_OUT 0x00000010UL
+#define PACKET__FORWARD_IN 0x00000020UL
+#define PACKET__FORWARD_OUT 0x00000040UL
#define KEY__VIEW 0x00000001UL
#define KEY__READ 0x00000002UL
#define KEY__WRITE 0x00000004UL
@@ -992,3 +1003,4 @@
#define DB_BLOB__WRITE 0x00000080UL
#define DB_BLOB__IMPORT 0x00000100UL
#define DB_BLOB__EXPORT 0x00000200UL
+#define PEER__RECV 0x00000001UL
Modified: trunk/libselinux/include/selinux/flask.h
===================================================================
--- trunk/libselinux/include/selinux/flask.h 2008-02-20 15:32:51 UTC (rev 2806)
+++ trunk/libselinux/include/selinux/flask.h 2008-02-21 16:11:33 UTC (rev 2807)
@@ -72,6 +72,8 @@
#define SECCLASS_DB_COLUMN 65
#define SECCLASS_DB_TUPLE 66
#define SECCLASS_DB_BLOB 67
+#define SECCLASS_PEER 68
+#define SECCLASS_CAPABILITY2 69
/*
* Security identifier indices for initial entities
Modified: trunk/libselinux/src/av_perm_to_string.h
===================================================================
--- trunk/libselinux/src/av_perm_to_string.h 2008-02-20 15:32:51 UTC (rev 2806)
+++ trunk/libselinux/src/av_perm_to_string.h 2008-02-21 16:11:33 UTC (rev 2807)
@@ -37,6 +37,8 @@
S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv")
S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom")
+ S_(SECCLASS_NODE, NODE__SENDTO, "sendto")
S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
@@ -45,6 +47,8 @@
S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv")
S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress")
+ S_(SECCLASS_NETIF, NETIF__EGRESS, "egress")
S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
@@ -128,6 +132,9 @@
S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
+ S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
+ S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
@@ -251,6 +258,10 @@
S_(SECCLASS_PACKET, PACKET__SEND, "send")
S_(SECCLASS_PACKET, PACKET__RECV, "recv")
S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto")
+ S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in")
+ S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out")
+ S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in")
+ S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out")
S_(SECCLASS_KEY, KEY__VIEW, "view")
S_(SECCLASS_KEY, KEY__READ, "read")
S_(SECCLASS_KEY, KEY__WRITE, "write")
@@ -291,3 +302,4 @@
S_(SECCLASS_DB_BLOB, DB_BLOB__WRITE, "write")
S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import")
S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export")
+ S_(SECCLASS_PEER, PEER__RECV, "recv")
Modified: trunk/libselinux/src/class_to_string.h
===================================================================
--- trunk/libselinux/src/class_to_string.h 2008-02-20 15:32:51 UTC (rev 2806)
+++ trunk/libselinux/src/class_to_string.h 2008-02-21 16:11:33 UTC (rev 2807)
@@ -70,3 +70,5 @@
S_("db_column")
S_("db_tuple")
S_("db_blob")
+ S_("peer")
+ S_("capability2")
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-21 17:00:15
|
Revision: 2808
http://selinux.svn.sourceforge.net/selinux/?rev=2808&view=rev
Author: ssmalley
Date: 2008-02-21 08:12:21 -0800 (Thu, 21 Feb 2008)
Log Message:
-----------
updated libselinux to version 2.0.56
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-02-21 16:11:33 UTC (rev 2807)
+++ trunk/libselinux/ChangeLog 2008-02-21 16:12:21 UTC (rev 2808)
@@ -1,3 +1,6 @@
+2.0.56 2008-02-21
+ * Regenerated Flask headers from refpolicy flask definitions.
+
2.0.55 2008-02-08
* Merged compute_member AVC function and manpages from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-02-21 16:11:33 UTC (rev 2807)
+++ trunk/libselinux/VERSION 2008-02-21 16:12:21 UTC (rev 2808)
@@ -1 +1 @@
-2.0.55
+2.0.56
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-20 15:32:56
|
Revision: 2806
http://selinux.svn.sourceforge.net/selinux/?rev=2806&view=rev
Author: ssmalley
Date: 2008-02-20 07:32:51 -0800 (Wed, 20 Feb 2008)
Log Message:
-----------
updated libsepol to version 2.0.21
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-02-20 15:30:30 UTC (rev 2805)
+++ trunk/libsepol/ChangeLog 2008-02-20 15:32:51 UTC (rev 2806)
@@ -1,3 +1,6 @@
+2.0.21 2008-02-20
+ * Fix invalid memory allocation in policydb_index_others() from Jason Tang.
+
2.0.20 2008-02-04
* Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-02-20 15:30:30 UTC (rev 2805)
+++ trunk/libsepol/VERSION 2008-02-20 15:32:51 UTC (rev 2806)
@@ -1 +1 @@
-2.0.20
+2.0.21
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-20 15:30:32
|
Revision: 2805
http://selinux.svn.sourceforge.net/selinux/?rev=2805&view=rev
Author: ssmalley
Date: 2008-02-20 07:30:30 -0800 (Wed, 20 Feb 2008)
Log Message:
-----------
Author: "J. Tang"
Email: jt...@tr...
Subject: invalid memory allocation in policydb_index_others()
Date: Tue, 19 Feb 2008 10:48:44 -0500
There is an error in libsepol's policydb_index_others(). If a policy
is lacking symbols of some kind (e.g., a policy with no booleans),
then the function will attempt a calloc() of 0, which is undefined.
The following patch checks for this condition and explicitly sets the
field upon zero symbols.
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsepol/src/policydb.c
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2008-02-12 21:55:50 UTC (rev 2804)
+++ trunk/libsepol/src/policydb.c 2008-02-20 15:30:30 UTC (rev 2805)
@@ -820,14 +820,16 @@
cond_init_bool_indexes(p);
for (i = SYM_ROLES; i < SYM_NUM; i++) {
- if (p->sym_val_to_name[i])
- free(p->sym_val_to_name[i]);
- p->sym_val_to_name[i] = (char **)
- calloc(p->symtab[i].nprim, sizeof(char *));
- if (!p->sym_val_to_name[i])
- return -1;
- if (hashtab_map(p->symtab[i].table, index_f[i], p))
- return -1;
+ free(p->sym_val_to_name[i]);
+ p->sym_val_to_name[i] = NULL;
+ if (p->symtab[i].nprim) {
+ p->sym_val_to_name[i] = (char **)
+ calloc(p->symtab[i].nprim, sizeof(char *));
+ if (!p->sym_val_to_name[i])
+ return -1;
+ if (hashtab_map(p->symtab[i].table, index_f[i], p))
+ return -1;
+ }
}
/* This pre-expands the roles and users for context validity checking */
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-12 21:55:55
|
Revision: 2804
http://selinux.svn.sourceforge.net/selinux/?rev=2804&view=rev
Author: millertc
Date: 2008-02-12 13:55:50 -0800 (Tue, 12 Feb 2008)
Log Message:
-----------
Author: Todd C. Miller
Email: tm...@tr...
Subject: libsepol use correct pointer type in sizeof()
Date: Tuesday, February 12, 2008 3:59 PM
This looks to be a cut & pasto from the chunk above it. It won't change
the code generated since sizeof(foo *) == sizeof(bar *) but it should
probably be fixed anyway.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsepol/src/users.c
Modified: trunk/libsepol/src/users.c
===================================================================
--- trunk/libsepol/src/users.c 2008-02-11 16:10:00 UTC (rev 2803)
+++ trunk/libsepol/src/users.c 2008-02-12 21:55:50 UTC (rev 2804)
@@ -237,7 +237,7 @@
tmp_ptr = realloc(policydb->sym_val_to_name[SYM_USERS],
(policydb->p_users.nprim +
- 1) * sizeof(user_datum_t *));
+ 1) * sizeof(char *));
if (!tmp_ptr)
goto omem;
policydb->sym_val_to_name[SYM_USERS] = tmp_ptr;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-11 16:10:02
|
Revision: 2803
http://selinux.svn.sourceforge.net/selinux/?rev=2803&view=rev
Author: millertc
Date: 2008-02-11 08:10:00 -0800 (Mon, 11 Feb 2008)
Log Message:
-----------
Disable generation of the unused input() function in the lexer.
Quiets a gcc warning that breaks the build for newer versions of flex.
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/policy_scan.l
branches/stable/1_0/libsemanage/src/conf-scan.l
Modified: branches/stable/1_0/checkpolicy/policy_scan.l
===================================================================
--- branches/stable/1_0/checkpolicy/policy_scan.l 2008-02-08 18:10:06 UTC (rev 2802)
+++ branches/stable/1_0/checkpolicy/policy_scan.l 2008-02-11 16:10:00 UTC (rev 2803)
@@ -41,7 +41,7 @@
unsigned int policydb_errors = 0;
%}
-%option nounput
+%option noinput nounput
%array
letter [A-Za-z]
Modified: branches/stable/1_0/libsemanage/src/conf-scan.l
===================================================================
--- branches/stable/1_0/libsemanage/src/conf-scan.l 2008-02-08 18:10:06 UTC (rev 2802)
+++ branches/stable/1_0/libsemanage/src/conf-scan.l 2008-02-11 16:10:00 UTC (rev 2803)
@@ -32,7 +32,7 @@
%}
%option stack prefix="semanage_"
-%option nounput noyy_push_state noyy_pop_state noyy_top_state
+%option noinput nounput noyy_push_state noyy_pop_state noyy_top_state
%x arg
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-02-08 18:10:08
|
Revision: 2802
http://selinux.svn.sourceforge.net/selinux/?rev=2802&view=rev
Author: ewalsh
Date: 2008-02-08 10:10:06 -0800 (Fri, 08 Feb 2008)
Log Message:
-----------
updated libselinux to version 2.0.55
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-02-08 18:09:01 UTC (rev 2801)
+++ trunk/libselinux/ChangeLog 2008-02-08 18:10:06 UTC (rev 2802)
@@ -1,3 +1,6 @@
+2.0.55 2008-02-08
+ * Merged compute_member AVC function and manpages from Eamon Walsh.
+
2.0.54 2008-02-08
* Provide more error reporting on load policy failures from Stephen Smalley.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-02-08 18:09:01 UTC (rev 2801)
+++ trunk/libselinux/VERSION 2008-02-08 18:10:06 UTC (rev 2802)
@@ -1 +1 @@
-2.0.54
+2.0.55
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-02-08 18:09:11
|
Revision: 2801
http://selinux.svn.sourceforge.net/selinux/?rev=2801&view=rev
Author: ewalsh
Date: 2008-02-08 10:09:01 -0800 (Fri, 08 Feb 2008)
Log Message:
-----------
Man page redirect and blurb for security_compute_member().
Modified Paths:
--------------
trunk/libselinux/man/man3/security_compute_av.3
Added Paths:
-----------
trunk/libselinux/man/man3/security_compute_member.3
Modified: trunk/libselinux/man/man3/security_compute_av.3
===================================================================
--- trunk/libselinux/man/man3/security_compute_av.3 2008-02-08 18:03:06 UTC (rev 2800)
+++ trunk/libselinux/man/man3/security_compute_av.3 2008-02-08 18:09:01 UTC (rev 2801)
@@ -1,7 +1,7 @@
.TH "security_compute_av" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
security_compute_av, security_compute_create, security_compute_relabel,
-security_compute_user, security_get_initial_context \- query
+security_compute_member, security_compute_user, security_get_initial_context \- query
the SELinux policy database in the kernel.
.SH "SYNOPSIS"
@@ -15,6 +15,8 @@
.sp
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
+.BI "int security_compute_member(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
+.sp
.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
.sp
.BI "int security_get_initial_context(const char *" name ", security_context_t
@@ -43,6 +45,10 @@
in the pam_selinux.so source and the newrole source to determine the correct
label for the tty at login time, but can be used for other things.
+.B security_compute_member
+is used to compute the context to use when labeling a polyinstantiated object
+instance.
+
.B security_compute_user
is used to determine the set of user contexts that can be reached from a
source context. Is mainly used by
Added: trunk/libselinux/man/man3/security_compute_member.3
===================================================================
--- trunk/libselinux/man/man3/security_compute_member.3 (rev 0)
+++ trunk/libselinux/man/man3/security_compute_member.3 2008-02-08 18:09:01 UTC (rev 2801)
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
