Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <mad...@us...> - 2008-02-02 15:37:01
|
Revision: 2775
http://selinux.svn.sourceforge.net/selinux/?rev=2775&view=rev
Author: madmethod
Date: 2008-02-02 07:36:53 -0800 (Sat, 02 Feb 2008)
Log Message:
-----------
On Fri, 2008-02-01 at 09:12 -0500, Joshua Brindle wrote:
> > This patch should reduce the amount of peak memory required to expand
> > the policy by consuming part of the input policy during expansion. It
> > reduced the rss of semodule_expand with a full refpolicy from 86 to 66 meg.
> >
> > On a side note, if anyone knows of a good tool for profiling heap usage
> > I'd like to hear, I've tried valgrind massif, google-perftools, and
> > smaps and none of them seem to work that well...
> >
> > Signed-off-by: Joshua Brindle <me...@ma...>
Looks sane, but patch is whitespace damaged here. Feel free to apply.
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsemanage/src/semanage_store.c
trunk/libsepol/include/sepol/handle.h
trunk/libsepol/src/expand.c
trunk/libsepol/src/handle.c
trunk/libsepol/src/handle.h
trunk/libsepol/src/libsepol.map
trunk/policycoreutils/semodule_expand/semodule_expand.c
Modified: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk/libsemanage/src/semanage_store.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsemanage/src/semanage_store.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -1636,6 +1636,8 @@
if (sepol_policydb_create(&out))
goto err;
+ sepol_set_expand_consume_base(sh->sepolh, 1);
+
if (sepol_expand_module(sh->sepolh,
sepol_module_package_get_policy(base), out, 0,
expand_check)
Modified: trunk/libsepol/include/sepol/handle.h
===================================================================
--- trunk/libsepol/include/sepol/handle.h 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/include/sepol/handle.h 2008-02-02 15:36:53 UTC (rev 2775)
@@ -11,6 +11,10 @@
* not disable dontaudits, 1 disables them */
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
+/* Set whether module_expand() should consume the base policy passed in.
+ * This should reduce the amount of memory required to expand the policy. */
+void sepol_set_expand_consume_base(sepol_handle_t * sh, int consume_base);
+
/* Destroy a sepol handle. */
void sepol_handle_destroy(sepol_handle_t *);
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/expand.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -2134,17 +2134,17 @@
*/
static int copy_and_expand_avrule_block(expand_state_t * state)
{
- avrule_block_t *curblock;
+ avrule_block_t *curblock = state->base->global;
+ avrule_block_t *prevblock;
int retval = -1;
- for (curblock = state->base->global; curblock != NULL;
- curblock = curblock->next) {
+ while (curblock) {
avrule_decl_t *decl = curblock->enabled;
avrule_t *cur_avrule;
if (decl == NULL) {
/* nothing was enabled within this block */
- continue;
+ goto cont;
}
/* copy role allows and role trans */
@@ -2186,6 +2186,18 @@
/* copy conditional rules */
if (cond_node_copy(state, decl->cond_list))
goto cleanup;
+
+ cont:
+ prevblock = curblock;
+ curblock = curblock->next;
+
+ if (state->handle && state->handle->expand_consume_base) {
+ /* set base top avrule block in case there
+ * is an error condition and the policy needs
+ * to be destroyed */
+ state->base->global = curblock;
+ avrule_block_destroy(prevblock);
+ }
}
retval = 0;
Modified: trunk/libsepol/src/handle.c
===================================================================
--- trunk/libsepol/src/handle.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/handle.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -16,6 +16,7 @@
/* by default do not disable dontaudits */
sh->disable_dontaudit = 0;
+ sh->expand_consume_base = 0;
return sh;
}
@@ -26,6 +27,12 @@
sh->disable_dontaudit = disable_dontaudit;
}
+void sepol_set_expand_consume_base(sepol_handle_t *sh, int consume_base)
+{
+ assert(sh != NULL);
+ sh->expand_consume_base = consume_base;
+}
+
void sepol_handle_destroy(sepol_handle_t * sh)
{
free(sh);
Modified: trunk/libsepol/src/handle.h
===================================================================
--- trunk/libsepol/src/handle.h 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/handle.h 2008-02-02 15:36:53 UTC (rev 2775)
@@ -16,6 +16,7 @@
void *msg_callback_arg;
int disable_dontaudit;
+ int expand_consume_base;
};
Modified: trunk/libsepol/src/libsepol.map
===================================================================
--- trunk/libsepol/src/libsepol.map 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/libsepol.map 2008-02-02 15:36:53 UTC (rev 2775)
@@ -13,5 +13,6 @@
sepol_policy_kern_*;
sepol_policy_file_*;
sepol_set_disable_dontaudit;
+ sepol_set_expand_consume_base;
local: *;
};
Modified: trunk/policycoreutils/semodule_expand/semodule_expand.c
===================================================================
--- trunk/policycoreutils/semodule_expand/semodule_expand.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/policycoreutils/semodule_expand/semodule_expand.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -44,6 +44,7 @@
sepol_policydb_t *out, *p;
FILE *fp, *outfile;
int check_assertions = 1;
+ sepol_handle_t *handle;
while ((ch = getopt(argc, argv, "c:Vva")) != EOF) {
switch (ch) {
@@ -105,6 +106,10 @@
basename = argv[optind++];
outname = argv[optind];
+ handle = sepol_handle_create();
+ if (!handle)
+ exit(1);
+
if (sepol_policy_file_create(&pf)) {
fprintf(stderr, "%s: Out of memory\n", argv[0]);
exit(1);
@@ -132,7 +137,7 @@
/* linking the base takes care of enabling optional avrules */
p = sepol_module_package_get_policy(base);
- if (sepol_link_modules(NULL, p, NULL, 0, 0)) {
+ if (sepol_link_modules(handle, p, NULL, 0, 0)) {
fprintf(stderr, "%s: Error while enabling avrules\n", argv[0]);
exit(1);
}
@@ -144,7 +149,9 @@
exit(1);
}
- if (sepol_expand_module(NULL, p, out, verbose, check_assertions)) {
+ sepol_set_expand_consume_base(handle, 1);
+
+ if (sepol_expand_module(handle, p, out, verbose, check_assertions)) {
fprintf(stderr, "%s: Error while expanding policy\n", argv[0]);
exit(1);
}
@@ -174,6 +181,7 @@
exit(1);
}
fclose(outfile);
+ sepol_handle_destroy(handle);
sepol_policydb_free(out);
sepol_policy_file_free(pf);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-31 19:43:03
|
Revision: 2774
http://selinux.svn.sourceforge.net/selinux/?rev=2774&view=rev
Author: millertc
Date: 2008-01-31 11:42:58 -0800 (Thu, 31 Jan 2008)
Log Message:
-----------
Use correct types for minuid, minuid_set and temp.
Fixes a 64-bit problem with the recent genhomedircon changes.
Signed-off-by: Todd C. Miller <tm...@tr...>
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-31 16:06:18 UTC (rev 2773)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-31 19:42:58 UTC (rev 2774)
@@ -221,9 +221,8 @@
char *rbuf = NULL;
char *path = NULL;
long rbuflen;
- size_t minuid = 0;
- size_t minuid_set = 0;
- size_t temp;
+ uid_t temp, minuid = 0;
+ int minuid_set = 0;
struct passwd pwstorage, *pwbuf;
struct stat buf;
int retval;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-31 16:06:20
|
Revision: 2773
http://selinux.svn.sourceforge.net/selinux/?rev=2773&view=rev
Author: millertc
Date: 2008-01-31 08:06:18 -0800 (Thu, 31 Jan 2008)
Log Message:
-----------
updated libsemanage to version 2.0.19
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2008-01-31 16:03:50 UTC (rev 2772)
+++ trunk/libsemanage/ChangeLog 2008-01-31 16:06:18 UTC (rev 2773)
@@ -1,3 +1,6 @@
+2.0.19 2008-01-31
+ * Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
+
2.0.18 2008-01-28
* Fix spurious out of memory error reports.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2008-01-31 16:03:50 UTC (rev 2772)
+++ trunk/libsemanage/VERSION 2008-01-31 16:06:18 UTC (rev 2773)
@@ -1 +1 @@
-2.0.18
+2.0.19
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-31 16:03:52
|
Revision: 2772
http://selinux.svn.sourceforge.net/selinux/?rev=2772&view=rev
Author: millertc
Date: 2008-01-31 08:03:50 -0800 (Thu, 31 Jan 2008)
Log Message:
-----------
Check the homedir context against the file contexts list to make sure
we are not overriding an existing file context. This can happen when
people put home directories in non-standard places. If we find a problem,
ignore the conflicting context and print a warning to alert the user.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-29 13:19:00 UTC (rev 2771)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-31 16:03:50 UTC (rev 2772)
@@ -24,6 +24,8 @@
#include <semanage/seusers_policy.h>
#include <semanage/users_policy.h>
#include <semanage/user_record.h>
+#include <semanage/fcontext_record.h>
+#include <semanage/fcontexts_policy.h>
#include <sepol/context.h>
#include <sepol/context_record.h>
#include "semanage_store.h"
@@ -45,6 +47,7 @@
#include <pwd.h>
#include <errno.h>
#include <unistd.h>
+#include <regex.h>
/* paths used in get_home_dirs() */
#define PATH_ETC_USERADD "/etc/default/useradd"
@@ -101,6 +104,11 @@
const char *replace_with;
} replacement_pair_t;
+typedef struct {
+ const char *dir;
+ int matched;
+} fc_match_handle_t;
+
static semanage_list_t *default_shell_list(void)
{
semanage_list_t *list = NULL;
@@ -150,10 +158,66 @@
return list;
}
+/* Helper function called via semanage_fcontext_iterate() */
+static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
+{
+ const char *oexpr = semanage_fcontext_get_expr(fcontext);
+ fc_match_handle_t *handp = varg;
+ struct Ustr *expr;
+ regex_t re;
+ int type, retval = -1;
+
+ /* Only match ALL or DIR */
+ type = semanage_fcontext_get_type(fcontext);
+ if (type != SEMANAGE_FCONTEXT_ALL && type != SEMANAGE_FCONTEXT_ALL)
+ return 0;
+
+ /* Convert oexpr into a Ustr and anchor it at the beginning */
+ expr = ustr_dup_cstr("^");
+ if (expr == USTR_NULL)
+ goto done;
+ ustr_ins_cstr(&expr, 1, oexpr);
+ if (expr == USTR_NULL)
+ goto done;
+
+ /* Strip off trailing ".+" or ".*" */
+ if (ustr_cmp_suffix_cstr_eq(expr, ".+") ||
+ ustr_cmp_suffix_cstr_eq(expr, ".*")) {
+ if (!ustr_del_subustr(&expr, ustr_len(expr) - 1, 2))
+ goto done;
+ }
+
+ /* Strip off trailing "(/.*)?" */
+ if (ustr_cmp_suffix_cstr_eq(expr, "(/.*)?")) {
+ if (!ustr_del_subustr(&expr, ustr_len(expr) - 5, 6))
+ goto done;
+ }
+
+ /* Append pattern to eat up trailing slashes */
+ if (!ustr_ins_cstr(&expr, ustr_len(expr), "/*$"))
+ goto done;
+
+ /* Check dir against expr */
+ if (regcomp(&re, ustr_cstr(expr), REG_EXTENDED) != 0)
+ goto done;
+ if (regexec(&re, handp->dir, 0, NULL, 0) == 0)
+ handp->matched = 1;
+ regfree(&re);
+
+ retval = 0;
+
+done:
+ if (expr)
+ ustr_free(expr);
+
+ return retval;
+}
+
static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
{
semanage_list_t *homedir_list = NULL;
semanage_list_t *shells = NULL;
+ fc_match_handle_t hand;
char *rbuf = NULL;
char *path = NULL;
long rbuflen;
@@ -169,21 +233,18 @@
path = semanage_findval(PATH_ETC_USERADD, "HOME", "=");
if (path && *path) {
- if (semanage_list_push(&homedir_list, path)) {
- free(path);
+ if (semanage_list_push(&homedir_list, path))
goto fail;
- }
}
free(path);
path = semanage_findval(PATH_ETC_LIBUSER, "LU_HOMEDIRECTORY", "=");
if (path && *path) {
- if (semanage_list_push(&homedir_list, path)) {
- free(path);
+ if (semanage_list_push(&homedir_list, path))
goto fail;
- }
}
free(path);
+ path = NULL;
if (!homedir_list) {
if (semanage_list_push(&homedir_list, PATH_DEFAULT_HOME)) {
@@ -211,6 +272,7 @@
}
}
free(path);
+ path = NULL;
path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "=");
if (path && *path) {
@@ -221,6 +283,7 @@
}
}
free(path);
+ path = NULL;
if (!minuid_set) {
minuid = 500;
@@ -248,13 +311,28 @@
}
semanage_rtrim(path, '/');
+
if (!semanage_list_find(homedir_list, path)) {
- if (semanage_list_push(&homedir_list, path)) {
- free(path);
+ /*
+ * Now check for an existing file context that matches
+ * so we don't label a non-homedir as a homedir.
+ */
+ hand.dir = path;
+ hand.matched = 0;
+ if (semanage_fcontext_iterate(s->h_semanage,
+ fcontext_matches, &hand) == STATUS_ERR)
goto fail;
+
+ /* NOTE: old genhomedircon printed a warning on match */
+ if (hand.matched) {
+ WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
+ } else {
+ if (semanage_list_push(&homedir_list, path))
+ goto fail;
}
}
free(path);
+ path = NULL;
}
if (retval && retval != ENOENT) {
@@ -272,6 +350,7 @@
fail:
endpwent();
free(rbuf);
+ free(path);
semanage_list_destroy(&homedir_list);
semanage_list_destroy(&shells);
return NULL;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-29 13:19:11
|
Revision: 2771
http://selinux.svn.sourceforge.net/selinux/?rev=2771&view=rev
Author: ssmalley
Date: 2008-01-29 05:19:00 -0800 (Tue, 29 Jan 2008)
Log Message:
-----------
Per Vaclav Ovsik, Python.h must be included first in order to build on
Debian etch.
Modified Paths:
--------------
trunk/libselinux/src/audit2why.c
Modified: trunk/libselinux/src/audit2why.c
===================================================================
--- trunk/libselinux/src/audit2why.c 2008-01-28 19:07:48 UTC (rev 2770)
+++ trunk/libselinux/src/audit2why.c 2008-01-29 13:19:00 UTC (rev 2771)
@@ -1,3 +1,4 @@
+#include <Python.h>
#include <unistd.h>
#include <stdlib.h>
#include <ctype.h>
@@ -7,7 +8,6 @@
#include <sepol/sepol.h>
#include <sepol/policydb.h>
#include <sepol/policydb/services.h>
-#include <Python.h>
#include <selinux/selinux.h>
#define UNKNOWN -1
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-01-28 19:08:00
|
Revision: 2770
http://selinux.svn.sourceforge.net/selinux/?rev=2770&view=rev
Author: madmethod
Date: 2008-01-28 11:07:48 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
remove policy_package.{hpp,cpp}
Removed Paths:
-------------
branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp
branches/policyrep/libpolicyrep/src/policy_package.cpp
Deleted: branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp 2008-01-28 18:46:46 UTC (rev 2769)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp 2008-01-28 19:07:48 UTC (rev 2770)
@@ -1,72 +0,0 @@
-/* Author: Joshua Brindle <me...@ma...> */
-
-#ifndef __policy_package_hpp__
-#define __policy_package_hpp__
-
-#include <policyrep/policy.hpp>
-
-namespace policyrep {
-
-struct PolicyPackageImpl;
-
-class PolicyPackage {
-public:
- PolicyPackage();
- virtual ~ PolicyPackage();
-
- virtual Module & get_policy_module() const;
- virtual void set_policy_module(Module & module);
-
- virtual char *get_file_contexts() const;
- virtual void set_file_contexts(char *fc);
- virtual char *get_seusers() const;
- virtual void set_seusers(char *su);
- virtual char *get_user_extra() const;
- virtual void set_user_extra(char *ue);
- virtual char *get_netfilter_contexts() const;
- virtual void set_netfilter_contexts(char *nf);
-
- virtual void read(char *filename);
- // PolicyPackage.write does not currently work pending
- // a bug fix in xar
- virtual void write(char *filename);
-
-protected:
- void init();
- PolicyPackageImpl *impl;
-
-};
-
-// This is a simple archival class that allows a dumb packager
-// e.g., semodule_package to simply set the pathnames for each
-// file in the policy package and call create_archive.
-
-struct PolicyPackageArchiveImpl;
-
-class PolicyPackageArchive {
-public:
- PolicyPackageArchive();
- virtual ~ PolicyPackageArchive();
-
- virtual void set_mod_file(char *mod);
- virtual char *get_mod_file() const;
- virtual void set_fc_file(char *fc);
- virtual char *get_fc_file() const;
- virtual void set_seusers_file(char *su);
- virtual char *get_seusers_file() const;
- virtual void set_user_extra_file(char *ue);
- virtual char *get_user_extra_file() const;
- virtual void set_nc_file(char *nf);
- virtual char *get_nc_file() const;
-
- virtual void create_archive(char *filename);
-
-protected:
- void init();
- PolicyPackageArchiveImpl *impl;
-
-};
-
-} // namespace policyrep
-
-#endif
Deleted: branches/policyrep/libpolicyrep/src/policy_package.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/policy_package.cpp 2008-01-28 18:46:46 UTC (rev 2769)
+++ branches/policyrep/libpolicyrep/src/policy_package.cpp 2008-01-28 19:07:48 UTC (rev 2770)
@@ -1,463 +0,0 @@
-/*
- * Author : Joshua Brindle <me...@ma...>
- *
- * Copyright (C) 2007 Tresys Technology, llc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-extern "C" {
-#include <xar/xar.h>
-#include <string.h>
-}
-
-#define SELINUX_XAR_PROPERTY "selinuxfiletype"
-
-#include <policyrep/parse.hpp>
-#include <policyrep/policy_package.hpp>
-#include <sstream>
-#include <iostream>
-#include <stdexcept>
-
-namespace policyrep {
-
-struct PolicyPackageImpl {
- Module & policy_module;
- char *file_contexts;
- char *seusers;
- char *user_extra;
- char *netfilter_contexts;
-};
-
-void PolicyPackage::init() {
- impl = new PolicyPackageImpl;
- impl->file_contexts = NULL;
- impl->seusers = NULL;
- impl->user_extra = NULL;
- impl->netfilter_contexts = NULL;
-}
-
-PolicyPackage::PolicyPackage() {
- init();
-}
-
-Module & PolicyPackage::get_policy_module() const {
- return impl->policy_module;
-}
-
-void PolicyPackage::set_policy_module(Module & module) {
- impl->policy_module = module;
-}
-
-char *PolicyPackage::get_file_contexts() const {
- return impl->file_contexts;
-}
-
-void PolicyPackage::set_file_contexts(char *fc) {
- impl->file_contexts = fc;
-}
-
-char *PolicyPackage::get_seusers() const {
- return impl->seusers;
-}
-
-void PolicyPackage::set_seusers(char *se) {
- impl->seusers = se;
-}
-
-char *PolicyPackage::get_user_extra() const {
- return impl->user_extra;
-}
-
-void PolicyPackage::set_user_extra(char *ue) {
- impl->user_extra = ue;
-}
-
-char *PolicyPackage::get_netfilter_contexts() const {
- return impl->netfilter_contexts;
-}
-
-void PolicyPackage::set_netfilter_contexts(char *nc) {
- impl->netfilter_contexts = nc;
-}
-
-void PolicyPackage::read(char *filename) {
- xar_t x;
- xar_file_t f;
- xar_iter_t i;
-
- i = xar_iter_new();
-
- if (i == NULL) {
- throw std::bad_alloc();
- }
-
- x = xar_open(filename, READ);
-
- if (x == NULL) {
- throw std::
- runtime_error("Unable to open policy package");
- }
-
- for (f = xar_file_first(x, i); f; f = xar_file_next(i)) {
- size_t sz;
- char *fbuf;
- const char *filetype;
- int32_t ret;
-
- ret = xar_extract_tobuffersz(x, f, &fbuf, &sz);
-
- if (ret) {
- // This can happen if the file is 0 bytes
- // or is a symlink, directory, etc. We might want
- // to put code here to check those cases and bail
- // but for now we just ignore them and continue.
- continue;
- }
-
- ret = xar_prop_get(f, SELINUX_XAR_PROPERTY, &filetype);
-
- if (ret) {
- xar_close(x);
- throw std::runtime_error("Error getting name property of file");
- }
-
- if (strcmp(filetype, "policy_module") == 0) {
- Parser p;
- // TODO add parser constructor that takes a char * and call here
- continue;
- } else if (strcmp(filetype, "file_contexts") == 0) {
- if (impl->file_contexts) {
- xar_close(x);
- throw std::range_error("Multiple file_contexts files in policy package");
- }
-
- impl->file_contexts = fbuf;
-
- continue;
- } else if (strcmp(filetype, "seusers") == 0) {
- if (impl->seusers) {
- xar_close(x);
- throw std::range_error("Multiple seusers files in policy package");
- }
-
- impl->seusers = fbuf;
-
- continue;
- } else if (strcmp(filetype, "user_extra") == 0) {
- if (impl->user_extra) {
- xar_close(x);
- throw std::range_error("Multiple user_extra files in policy package");
- }
-
- impl->user_extra = fbuf;
-
- continue;
- } else if (strcmp(filetype, "netfilter_contexts") == 0) {
- if (impl->netfilter_contexts) {
- xar_close(x);
- throw std::range_error("Multiple netfilter_contexts files in policy package");
- }
-
- impl->netfilter_contexts = fbuf;
-
- continue;
- } else {
- // unrecognized file, just skip it
- free(fbuf);
- continue;
- }
-
- }
-
- xar_close(x);
-}
-
-void PolicyPackage::write(char *filename) {
-
- // just return -1 for now, this method exposes a xar bug and won't
- // work until the bug is fixed.
-
- return;
-
- xar_t x;
- xar_file_t f;
-
- x = xar_open(filename, WRITE);
-
- if (x == NULL) {
- throw std::
- runtime_error("Unable to open policy package");
- }
-
- if (!impl->policy_module.get_name().empty()) {
- std::stringstream s;
- char *buf;
-
- // TODO fix this when the output system has been updated - jjb
-#if 0
- output_tree(s, impl->policy_module);
-
- if (s.str().empty()) {
- throw std::runtime_error("Error serializing module");
- }
-
- buf = strdup(s.str().c_str());
-
- f = xar_add_frombuffer(x, NULL, "policy_module", buf, s.str().length());
- free(buf);
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing policy module to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "policy_module")) {
- xar_close(x);
- throw std::runtime_error("Error setting policy_module property in policy package");
- }
-
-#endif
- }
-
- if (impl->file_contexts) {
- f = xar_add_frombuffer(x, NULL, "file_contexts",
- impl->file_contexts,
- strlen(impl->file_contexts));
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing file_contexts to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "file_contexts")) {
- xar_close(x);
- throw std::runtime_error("Error setting file_contexts property in policy package");
- }
- }
-
- if (impl->seusers) {
- f = xar_add_frombuffer(x, NULL, "seusers",
- impl->seusers,
- strlen(impl->seusers));
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing seusers to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "seusers")) {
- xar_close(x);
- throw std::runtime_error("Error setting seusers property in policy package");
- }
- }
-
- if (impl->user_extra) {
- f = xar_add_frombuffer(x, NULL, "user_extra",
- impl->user_extra,
- strlen(impl->user_extra));
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing user_extra to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "user_extra")) {
- xar_close(x);
- throw std::runtime_error("Error setting user_extra property in policy package");
- }
- }
-
- if (impl->netfilter_contexts) {
- f = xar_add_frombuffer(x, NULL, "netfilter_contexts",
- impl->netfilter_contexts,
- strlen(impl->
- netfilter_contexts));
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing netfilter_contexts to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "netfilter_contexts")) {
- xar_close(x);
- throw std::runtime_error("Error setting netfilter_contexts property in policy package");
- }
- }
-
- xar_close(x);
-}
-
-PolicyPackage::~PolicyPackage() {
- delete impl;
-}
-
-//
-// PolicyPackageArchive
-// This class is used for creating a policy package file from individual files.
-// Set the filenames for each kind of file (module, file_contexts, etc) then
-// call create_archive.
-
-struct PolicyPackageArchiveImpl {
- char *mod_file;
- char *fc_file;
- char *seusers_file;
- char *user_extra_file;
- char *nc_file;
-};
-
-void PolicyPackageArchive::init() {
- impl = new PolicyPackageArchiveImpl;
- impl->mod_file = NULL;
- impl->fc_file = NULL;
- impl->seusers_file = NULL;
- impl->user_extra_file = NULL;
- impl->nc_file = NULL;
-}
-
-PolicyPackageArchive::PolicyPackageArchive() {
- init();
-}
-
-void PolicyPackageArchive::set_mod_file(char *mod) {
- impl->mod_file = mod;
-}
-
-char *PolicyPackageArchive::get_mod_file() const {
- return impl->mod_file;
-}
-
-void PolicyPackageArchive::set_fc_file(char *fc) {
- impl->fc_file = fc;
-}
-
-char *PolicyPackageArchive::get_fc_file() const {
- return impl->fc_file;
-}
-
-void PolicyPackageArchive::set_seusers_file(char *su) {
- impl->seusers_file = su;
-}
-
-char *PolicyPackageArchive::get_seusers_file() const {
- return impl->seusers_file;
-}
-
-void PolicyPackageArchive::set_user_extra_file(char *ue) {
- impl->user_extra_file = ue;
-}
-
-char *PolicyPackageArchive::get_user_extra_file() const {
- return impl->user_extra_file;
-}
-
-void PolicyPackageArchive::set_nc_file(char *nc) {
- impl->nc_file = nc;
-}
-
-char *PolicyPackageArchive::get_nc_file() const {
- return impl->nc_file;
-}
-
-void PolicyPackageArchive::create_archive(char *filename) {
- xar_t x;
- xar_file_t f;
-
- x = xar_open(filename, WRITE);
-
- if (x == NULL) {
- throw std::runtime_error("Unable to open policy package");
- }
-
- if (impl->mod_file) {
- f = xar_add(x, impl->mod_file);
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing module to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "module")) {
- xar_close(x);
- throw std::runtime_error("Error setting module property in policy package");
- }
- }
-
- if (impl->fc_file) {
- f = xar_add(x, impl->fc_file);
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing file_contexts to policy package");
- }
-
- if (xar_prop_set
- (f, SELINUX_XAR_PROPERTY, "file_contexts")) {
- xar_close(x);
- throw std::runtime_error("Error setting file_contexts property in policy package");
- }
- }
-
- if (impl->seusers_file) {
- f = xar_add(x, impl->seusers_file);
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing seusers to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "seusers")) {
- xar_close(x);
- throw std::runtime_error("Error setting seusers property in policy package");
- }
- }
-
- if (impl->user_extra_file) {
- f = xar_add(x, impl->user_extra_file);
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing user_extra to policy package");
- }
-
- if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "user_extra")) {
- xar_close(x);
- throw std::runtime_error("Error setting user_extra property in policy package");
- }
- }
-
- if (impl->nc_file) {
- f = xar_add(x, impl->nc_file);
-
- if (!f) {
- xar_close(x);
- throw std::runtime_error("Error writing netfilter_contexts to policy package");
- }
-
- if (xar_prop_set
- (f, SELINUX_XAR_PROPERTY, "netfilter_contexts")) {
- xar_close(x);
- throw std::runtime_error("Error setting netfilter_contexts property in policy package");
- }
- }
-
- xar_close(x);
-}
-
-PolicyPackageArchive::~PolicyPackageArchive() {
- delete impl;
-}
-
-} // namespace policyrep
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-01-28 18:46:48
|
Revision: 2769
http://selinux.svn.sourceforge.net/selinux/?rev=2769&view=rev
Author: madmethod
Date: 2008-01-28 10:46:46 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
various cleanups, remove Makefile targets that don't yet build
Add base class for symbols
remove policy_package and xar dependancies
fix operator = calls to return pointer
add negset to idset
remove unused init/copy methods
Modified Paths:
--------------
branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp
branches/policyrep/libpolicyrep/include/policyrep/idset.hpp
branches/policyrep/libpolicyrep/include/policyrep/mls.hpp
branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp
branches/policyrep/libpolicyrep/include/policyrep/optional.hpp
branches/policyrep/libpolicyrep/include/policyrep/parse.hpp
branches/policyrep/libpolicyrep/include/policyrep/policy.hpp
branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp
branches/policyrep/libpolicyrep/include/policyrep/rule.hpp
branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp
branches/policyrep/libpolicyrep/include/policyrep/user.hpp
branches/policyrep/libpolicyrep/src/conditional.cpp
branches/policyrep/libpolicyrep/src/idset.cpp
branches/policyrep/libpolicyrep/src/mls.cpp
branches/policyrep/libpolicyrep/src/object_class.cpp
branches/policyrep/libpolicyrep/src/optional.cpp
branches/policyrep/libpolicyrep/src/parse.cpp
branches/policyrep/libpolicyrep/src/policy.cpp
branches/policyrep/libpolicyrep/src/policy_base.cpp
branches/policyrep/libpolicyrep/src/policyrep_python.cpp
branches/policyrep/libpolicyrep/src/rbac.cpp
branches/policyrep/libpolicyrep/src/rule.cpp
branches/policyrep/libpolicyrep/src/te_decl.cpp
branches/policyrep/libpolicyrep/src/user.cpp
branches/policyrep/policycoreutils/Makefile
branches/policyrep/policycoreutils/semodule_package/Makefile
Modified: branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __conditional_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
#include <list>
@@ -39,22 +40,19 @@
*/
struct CondBoolImpl;
- class CondBool : public Node
+ class CondBool : public Symbol
{
public:
CondBool();
CondBool(const std::string& name, bool v);
CondBool(const CondBool& other);
virtual ~CondBool();
- virtual void operator=(const CondBool& other);
+ virtual CondBool& operator=(const CondBool& other);
- virtual void set_name(const std::string& name);
- virtual const std::string& get_name() const;
virtual void set_default_value(bool v);
virtual bool get_default_value() const;
protected:
- void copy(const CondBool& other);
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
CondBoolImpl* impl;
};
@@ -76,7 +74,7 @@
CondOp(Op op);
CondOp(const CondOp& other);
virtual ~CondOp();
- virtual void operator=(const CondOp& other);
+ virtual CondOp& operator=(const CondOp& other);
virtual void set_op(Op op);
virtual Op get_op() const;
@@ -114,9 +112,8 @@
CondBlock(CondBranchPtr if_, CondBranchPtr else_);
CondBlock(const CondBlock& other);
virtual ~CondBlock();
- virtual void operator=(const CondBlock& other);
+ virtual CondBlock& operator=(const CondBlock& other);
protected:
- void copy(const CondBlock& other);
CondBlockImpl* impl;
};
@@ -131,7 +128,7 @@
CondBranch();
CondBranch(const CondBranch& other);
virtual ~CondBranch();
- virtual void operator=(const CondBranch& other);
+ virtual CondBranch& operator=(const CondBranch& other);
virtual CondExpr& expr();
protected:
Modified: branches/policyrep/libpolicyrep/include/policyrep/idset.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/idset.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/idset.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -6,6 +6,7 @@
#include <policyrep/policy_base.hpp>
#include <set>
+#include <algorithm>
namespace policyrep
{
@@ -15,16 +16,31 @@
public:
IdSet();
IdSet(const IdSet& other);
+ template<typename I>
+ IdSet(bool comp, I sids, I eids){
+ init();
+ set_compl(comp);
+ ids().insert(sids, eids);
+ }
+ template<typename I>
+ IdSet(bool comp, I sids, I eids, I snids, I enids){
+ init();
+ set_compl(comp);
+ ids().insert(sids, eids);
+ neg_ids().insert(snids, enids);
+ }
~IdSet();
- void operator=(const IdSet& other);
+ IdSet& operator=(const IdSet& other);
void set_compl(bool val);
bool get_compl() const;
StringSet& ids();
+ StringSet& neg_ids();
protected:
+ IdSetImpl* impl;
+ private:
void init();
- IdSetImpl* impl;
};
Modified: branches/policyrep/libpolicyrep/include/policyrep/mls.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/mls.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/mls.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __mls_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,14 +14,14 @@
//
struct SensitivityImpl;
- class Sensitivity : public Node
+ class Sensitivity : public Symbol
{
public:
Sensitivity();
Sensitivity(const std::string& name);
Sensitivity(const Sensitivity& other);
virtual ~Sensitivity();
- virtual void operator=(const Sensitivity& other);
+ virtual Sensitivity& operator=(const Sensitivity& other);
template<class T>
Sensitivity(const std::string& name, T begin, T end)
@@ -30,14 +31,12 @@
aliases().insert(begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& aliases();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
SensitivityImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Sensitivity> SensitivityPtr;
@@ -52,7 +51,7 @@
Dominance();
Dominance(const Dominance& other);
virtual ~Dominance();
- virtual void operator=(const Dominance& other);
+ virtual Dominance& operator=(const Dominance& other);
template<class T>
Dominance(T begin, T end)
@@ -64,8 +63,9 @@
virtual StringVector& ordering();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
DominanceImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Dominance> DominancePtr;
@@ -74,14 +74,14 @@
//
struct CategoryImpl;
- class Category : public Node
+ class Category : public Symbol
{
public:
Category();
Category(const std::string& name);
Category(const Category& other);
virtual ~Category();
- virtual void operator=(const Category& other);
+ virtual Category& operator=(const Category& other);
template<class T>
Category(const std::string& name, T begin, T end)
@@ -91,13 +91,11 @@
aliases().insert(begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& aliases();
protected:
- virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ private:
void init();
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
CategoryImpl* impl;
};
typedef boost::shared_ptr<Category> CategoryPtr;
@@ -107,14 +105,14 @@
//
struct LevelImpl;
- class Level : public Node
+ class Level : public Symbol
{
public:
Level();
Level(const std::string& name);
Level(const Level& other);
virtual ~Level();
- virtual void operator=(const Level& other);
+ virtual Level& operator=(const Level& other);
template<class T>
Level(const std::string& name, T begin, T end)
@@ -124,15 +122,13 @@
categories().insert(begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& categories();
virtual void do_output_brief(std::ostream& o, const OutputFormatter& op) const;
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
LevelImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Level> LevelPtr;
@@ -153,10 +149,9 @@
virtual const LevelPtr& get_high() const;
virtual LevelPtr& get_low();
virtual LevelPtr& get_high();
- virtual void operator=(const Range& other);
+ virtual Range& operator=(const Range& other);
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
protected:
- void init();
RangeImpl* impl;
};
typedef boost::shared_ptr<Range> RangePtr;
Modified: branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __object_class_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,13 +14,13 @@
//
struct CommonPermsImpl;
- class CommonPerms : public Node
+ class CommonPerms : public Symbol
{
public:
CommonPerms();
CommonPerms(const CommonPerms& other);
virtual ~CommonPerms();
- virtual void operator=(const CommonPerms& other);
+ virtual CommonPerms& operator=(const CommonPerms& other);
template<class T>
CommonPerms(const std::string& name, T perms_begin, T perms_end)
@@ -29,15 +30,13 @@
perms().insert(perms_begin, perms_end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
virtual StringSet& perms();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const CommonPerms& other);
CommonPermsImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<CommonPerms> CommonPermsPtr;
@@ -46,14 +45,15 @@
//
struct ObjectClassImpl;
- class ObjectClass : public Node
+ class ObjectClass : public Symbol
{
public:
ObjectClass();
+ ObjectClass(const std::string& name);
ObjectClass(const std::string& name, const std::string& commons);
ObjectClass(const ObjectClass& other);
virtual ~ObjectClass();
- virtual void operator=(const ObjectClass& other);
+ virtual ObjectClass& operator=(const ObjectClass& other);
template<class T>
ObjectClass(std::string name, std::string commons,
@@ -65,21 +65,18 @@
perms().insert(perms_begin, perms_end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
virtual StringSet& perms();
virtual const std::string& get_common_perms() const;
virtual void set_common_perms(const std::string& name);
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const ObjectClass& other);
ObjectClassImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<ObjectClass> ObjectClassPtr;
-
} // namespace policyrep
#endif
Modified: branches/policyrep/libpolicyrep/include/policyrep/optional.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/optional.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/optional.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -19,9 +19,8 @@
OptionalBlock(OptionalBranchPtr true_);
OptionalBlock(OptionalBranchPtr true_, OptionalBranchPtr false_);
virtual ~OptionalBlock();
- virtual void operator=(const OptionalBlock& other);
+ virtual OptionalBlock& operator=(const OptionalBlock& other);
protected:
- void copy(const OptionalBlock& other);
OptionalBlockImpl* impl;
};
typedef boost::shared_ptr<OptionalBlock> OptionalBlockPtr;
@@ -33,60 +32,13 @@
OptionalBranch();
OptionalBranch(const OptionalBranch& other);
virtual ~OptionalBranch();
- virtual void operator=(const OptionalBranch& other);
+ virtual OptionalBranch& operator=(const OptionalBranch& other);
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const OptionalBranch& other);
OptionalBranchImpl* impl;
};
} // namespace policyrep
#endif
-/* Author: Karl MacMillan <kma...@me...> */
-
-#ifndef __optional_hpp__
-#define __optional_hpp__
-
-#include <policyrep/policy_base.hpp>
-
-namespace policyrep
-{
- class OptionalBranch;
- typedef boost::shared_ptr<OptionalBranch> OptionalBranchPtr;
-
- struct OptionalBlockImpl;
- class OptionalBlock : public PolicyBlock
- {
- public:
- OptionalBlock();
- OptionalBlock(const OptionalBlock& other);
- OptionalBlock(OptionalBranchPtr true_);
- OptionalBlock(OptionalBranchPtr true_, OptionalBranchPtr false_);
- virtual ~OptionalBlock();
- virtual void operator=(const OptionalBlock& other);
- protected:
- void copy(const OptionalBlock& other);
- OptionalBlockImpl* impl;
- };
- typedef boost::shared_ptr<OptionalBlock> OptionalBlockPtr;
-
- struct OptionalBranchImpl;
- class OptionalBranch : public PolicyBranch
- {
- public:
- OptionalBranch();
- OptionalBranch(const OptionalBranch& other);
- virtual ~OptionalBranch();
- virtual void operator=(const OptionalBranch& other);
-
- protected:
- virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const OptionalBranch& other);
- OptionalBranchImpl* impl;
- };
-
-} // namespace policyrep
-
-#endif
Modified: branches/policyrep/libpolicyrep/include/policyrep/parse.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/parse.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/parse.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -18,7 +18,7 @@
Parser();
Parser(const Parser& other);
virtual ~Parser();
- virtual void operator=(const Parser& other);
+ virtual Parser& operator=(const Parser& other);
// Parser
virtual ModulePtr parse(const std::string& f);
Modified: branches/policyrep/libpolicyrep/include/policyrep/policy.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -12,6 +12,7 @@
#include <policyrep/user.hpp>
#include <policyrep/mls.hpp>
#include <policyrep/optional.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -27,13 +28,12 @@
Policy(bool mls=false);
Policy(const Policy& other);
virtual ~Policy();
- virtual void operator=(const Policy& other);
+ virtual Policy& operator=(const Policy& other);
virtual bool get_mls() const;
virtual void set_mls(bool val);
virtual bool ignore_indent() const;
protected:
- void copy(const Policy& other);
PolicyImpl* impl;
};
typedef boost::shared_ptr<Policy> PolicyPtr;
@@ -49,7 +49,7 @@
Module(const std::string& name, const std::string& version);
Module(const Module& other);
virtual ~Module();
- virtual void operator=(const Module& other);
+ virtual Module& operator=(const Module& other);
virtual const std::string& get_name() const;
virtual void set_name(const std::string& name);
@@ -59,7 +59,6 @@
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const Module& other);
ModuleImpl* impl;
};
typedef boost::shared_ptr<Module> ModulePtr;
@@ -69,21 +68,17 @@
//
struct InitialSidImpl;
- class InitialSid : public Node
+ class InitialSid : public Symbol
{
public:
InitialSid();
InitialSid(const std::string& name);
InitialSid(const InitialSid& other);
virtual ~InitialSid();
- virtual void operator=(const InitialSid& other);
+ virtual InitialSid& operator=(const InitialSid& other);
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const InitialSid& other);
InitialSidImpl* impl;
};
typedef boost::shared_ptr<InitialSid> InitialSidPtr;
Modified: branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -82,7 +82,7 @@
OutputFormatter();
OutputFormatter(const OutputFormatter& other);
~OutputFormatter();
- void operator=(const OutputFormatter& other);
+ OutputFormatter& operator=(const OutputFormatter& other);
OutputFormatter& operator()(const Node& n, bool end=false);
OutputFormatter& operator()(NodePtr n, bool end=false);
@@ -117,7 +117,7 @@
Node();
Node(const Node& other);
virtual ~Node();
- virtual void operator=(const Node& other);
+ virtual Node& operator=(const Node& other);
virtual void set_parent(Parent* p);
virtual Parent* get_parent() const;
@@ -132,7 +132,6 @@
protected:
virtual void output_indentation(std::ostream& o, const OutputFormatter& op) const;
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const Node& other);
NodeImpl* node_impl;
static const int VISITED = 1;
};
@@ -153,7 +152,7 @@
explicit TreeIterator(Parent* n, enum Strategy strategy=POSTORDER);
TreeIterator(const TreeIterator& other);
virtual ~TreeIterator();
- void operator=(const TreeIterator& other);
+ TreeIterator& operator=(const TreeIterator& other);
bool get_visited() const;
private:
friend class boost::iterator_core_access;
@@ -177,7 +176,7 @@
Parent();
Parent(const Parent& other);
virtual ~Parent();
- virtual void operator=(const Parent& other);
+ virtual Parent& operator=(const Parent& other);
typedef TreeIterator iterator;
virtual void append_child(NodePtr Node);
@@ -197,7 +196,6 @@
virtual bool ignore_indent() const;
protected:
- void copy(const Parent& other);
ParentImpl* parent_impl;
};
typedef boost::shared_ptr<Parent> ParentPtr;
@@ -223,7 +221,7 @@
PolicyBlock(PolicyBranchPtr true_, PolicyBranchPtr false_);
PolicyBlock(const PolicyBlock& other);
virtual ~PolicyBlock();
- virtual void operator=(const PolicyBlock& other);
+ virtual PolicyBlock& operator=(const PolicyBlock& other);
virtual void append_child(PolicyBranchPtr node);
@@ -235,7 +233,6 @@
virtual void set_false(PolicyBranchPtr branch);
virtual bool ignore_indent() const;
protected:
- void copy(const PolicyBlock& other);
PolicyBlockImpl* block_impl;
};
@@ -250,12 +247,11 @@
PolicyBranch();
PolicyBranch(const PolicyBranch& other);
virtual ~PolicyBranch();
- virtual void operator=(const PolicyBranch& other);
+ virtual PolicyBranch& operator=(const PolicyBranch& other);
virtual void set_isfalse(bool v);
virtual bool get_isfalse() const;
protected:
- void copy(const PolicyBranch& other);
PolicyBranchImpl* branch_impl;
};
Modified: branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __role_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,14 +14,14 @@
//
struct RoleImpl;
- class Role : public Node
+ class Role : public Symbol
{
public:
Role();
Role(const std::string& name);
Role(const Role& other);
virtual ~Role();
- virtual void operator=(const Role& other);
+ virtual Role& operator=(const Role& other);
template<class T>
Role(const std::string& name, T types_begin, T end)
@@ -30,14 +31,12 @@
types().insert(types_begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& types();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
RoleImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Role> RolePtr;
Modified: branches/policyrep/libpolicyrep/include/policyrep/rule.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/rule.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/rule.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -21,7 +21,7 @@
AVRule(Type type=ALLOW);
AVRule(const AVRule& other);
virtual ~AVRule();
- virtual void operator=(const AVRule& other);
+ virtual AVRule& operator=(const AVRule& other);
virtual void set_type(Type type);
virtual Type get_type() const;
@@ -33,8 +33,6 @@
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const AVRule& other);
AVRuleImpl* impl;
};
@@ -50,7 +48,7 @@
TypeRule(Type type=TRANSITION);
TypeRule(const TypeRule& other);
virtual ~TypeRule();
- virtual void operator=(const TypeRule& other);
+ virtual TypeRule& operator=(const TypeRule& other);
virtual void set_type(Type type);
virtual Type get_type() const;
@@ -63,8 +61,6 @@
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const TypeRule& other);
TypeRuleImpl* impl;
};
Modified: branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __te_decl_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,14 +14,14 @@
//
struct TypeImpl;
- class Type : public Node
+ class Type : public Symbol
{
public:
Type();
Type(const std::string& name);
Type(const Type& other);
virtual ~Type();
- virtual void operator=(const Type& other);
+ virtual Type& operator=(const Type& other);
template<class T>
Type(const std::string& name, T attrs_begin, T end)
@@ -40,16 +41,13 @@
aliases().insert(aliases_begin, aliases_end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& aliases();
virtual StringSet& attributes();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- virtual void copy(const Type& other);
TypeImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Type> TypePtr;
@@ -58,20 +56,17 @@
//
struct AttributeImpl;
- class Attribute : public Node
+ class Attribute : public Symbol
{
public:
Attribute();
Attribute(const std::string& name);
Attribute(const Attribute& other);
virtual ~Attribute();
- virtual void operator=(const Attribute& other);
+ virtual Attribute& operator=(const Attribute& other);
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- virtual void copy(const Attribute& other);
AttributeImpl* impl;
};
typedef boost::shared_ptr<Attribute> AttributePtr;
@@ -87,7 +82,7 @@
TypeAttribute();
TypeAttribute(const TypeAttribute& other);
virtual ~TypeAttribute();
- virtual void operator=(const TypeAttribute& other);
+ virtual TypeAttribute& operator=(const TypeAttribute& other);
template<class T>
TypeAttribute(const std::string& name, T attrs_begin,
@@ -103,9 +98,9 @@
virtual StringSet& attributes();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- virtual void copy(const TypeAttribute& other);
TypeAttributeImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<TypeAttribute> TypeAttributePtr;
@@ -120,7 +115,7 @@
TypeAlias();
TypeAlias(const TypeAlias& other);
virtual ~TypeAlias();
- virtual void operator=(const TypeAlias& other);
+ virtual TypeAlias& operator=(const TypeAlias& other);
template<class T>
TypeAlias(const std::string& name, T attrs_begin,
@@ -136,13 +131,12 @@
virtual StringSet& aliases();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- virtual void copy(const TypeAlias& other);
TypeAliasImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<TypeAlias> TypeAliasPtr;
-
} // namespace policyrep
#endif
Modified: branches/policyrep/libpolicyrep/include/policyrep/user.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/user.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/user.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -5,6 +5,7 @@
#include <policyrep/policy_base.hpp>
#include <policyrep/mls.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -14,14 +15,14 @@
//
struct UserImpl;
- class User : public Node
+ class User : public Symbol
{
public:
User();
User(const std::string& name);
User(const User& other);
virtual ~User();
- virtual void operator=(const User& other);
+ virtual User& operator=(const User& other);
template<class T>
User(const std::string& name, T roles_begin, T end)
@@ -43,9 +44,6 @@
set_range_high(high);
}
-
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
virtual void set_level(LevelPtr level);
virtual void set_range_low(LevelPtr low);
virtual void set_range_high(LevelPtr high);
@@ -54,8 +52,9 @@
virtual StringSet& roles();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
UserImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<User> UserPtr;
Modified: branches/policyrep/libpolicyrep/src/conditional.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/conditional.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/conditional.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -33,25 +33,23 @@
struct CondBoolImpl
{
- std::string name;
bool default_value;
};
- CondBool::CondBool() : impl(new CondBoolImpl)
+ CondBool::CondBool() : Symbol(), impl(new CondBoolImpl)
{
}
CondBool::CondBool(const std::string& name, bool v)
- : impl(new CondBoolImpl)
+ :Symbol(name), impl(new CondBoolImpl)
{
- impl->name = name;
impl->default_value = v;
}
- CondBool::CondBool(const CondBool& other) : Node(), impl(new CondBoolImpl)
+ CondBool::CondBool(const CondBool& other) : Symbol(other), impl(new CondBoolImpl)
{
- copy(other);
+ *impl = *other.impl;
}
CondBool::~CondBool()
@@ -59,21 +57,13 @@
delete impl;
}
- void CondBool::operator=(const CondBool& other)
+ CondBool& CondBool::operator=(const CondBool& other)
{
- copy(other);
+ Symbol::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
- void CondBool::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
- const std::string& CondBool::get_name() const
- {
- return impl->name;
- }
-
void CondBool::set_default_value(bool v)
{
impl->default_value = v;
@@ -86,19 +76,13 @@
void CondBool::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "bool " << impl->name << " ";
+ o << "bool " << get_name() << " ";
if (impl->default_value)
o << "true;";
else
o << "false;";
}
- void CondBool::copy(const CondBool& other)
- {
- Node::copy(other);
- *impl = *other.impl;
- }
-
//
// CondOp
//
@@ -136,9 +120,10 @@
delete impl;
}
- void CondOp::operator=(const CondOp& other)
+ CondOp& CondOp::operator=(const CondOp& other)
{
*impl = *other.impl;
+ return *this;
}
void CondOp::set_bool(const std::string& b)
@@ -190,7 +175,6 @@
return o;
}
-
//
// CondBlock
//
@@ -213,9 +197,9 @@
append_child(else_);
}
- CondBlock::CondBlock(const CondBlock& other) : PolicyBlock(), impl(new CondBlockImpl)
+ CondBlock::CondBlock(const CondBlock& other) : PolicyBlock(other), impl(new CondBlockImpl)
{
- copy(other);
+ *impl = *other.impl;
}
CondBlock::~CondBlock()
@@ -223,18 +207,13 @@
delete impl;
}
- void CondBlock::operator=(const CondBlock& other)
+ CondBlock& CondBlock::operator=(const CondBlock& other)
{
- copy(other);
- }
-
- void CondBlock::copy(const CondBlock& other)
- {
- PolicyBlock::copy(other);
+ PolicyBlock::operator=(other);
*impl = *other.impl;
+ return *this;
}
-
//
// CondBranch
//
@@ -249,9 +228,9 @@
}
- CondBranch::CondBranch(const CondBranch& other) : PolicyBranch(), impl(new CondBranchImpl)
+ CondBranch::CondBranch(const CondBranch& other) : PolicyBranch(other), impl(new CondBranchImpl)
{
- copy(other);
+ *impl = *other.impl;
}
CondBranch::~CondBranch()
@@ -259,9 +238,11 @@
delete impl;
}
- void CondBranch::operator=(const CondBranch& other)
+ CondBranch& CondBranch::operator=(const CondBranch& other)
{
- copy(other);
+ PolicyBranch::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
CondExpr& CondBranch::expr()
@@ -299,10 +280,4 @@
}
- void CondBranch::copy(const CondBranch& other)
- {
- PolicyBranch::copy(other);
- *impl = *other.impl;
- }
-
}
Modified: branches/policyrep/libpolicyrep/src/idset.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/idset.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/idset.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -27,6 +27,7 @@
{
IdSetImpl() : compliment(false) { }
StringSet ids;
+ StringSet neg_ids;
bool compliment;
};
@@ -35,19 +36,23 @@
impl = new IdSetImpl;
}
- IdSet::IdSet() { init(); }
+ IdSet::IdSet()
+ {
+ impl = new IdSetImpl;
+ }
IdSet::IdSet(const IdSet& other)
{
- init();
+ impl = new IdSetImpl;
*impl = *other.impl;
}
IdSet::~IdSet() { delete impl; }
- void IdSet::operator=(const IdSet& other)
+ IdSet& IdSet::operator=(const IdSet& other)
{
*impl = *other.impl;
+ return *this;
}
void IdSet::set_compl(bool val)
@@ -65,4 +70,9 @@
return impl->ids;
}
+ StringSet& IdSet::neg_ids()
+ {
+ return impl->neg_ids;
+ }
+
} // namespace policyre
Modified: branches/policyrep/libpolicyrep/src/mls.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/mls.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/mls.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -29,7 +29,6 @@
struct SensitivityImpl
{
- std::string name;
StringSet aliases;
};
@@ -38,38 +37,36 @@
impl = new SensitivityImpl;
}
- Sensitivity::Sensitivity() { init(); }
+ Sensitivity::Sensitivity()
+ :Symbol()
+ {
+ impl = new SensitivityImpl;
+ }
Sensitivity::Sensitivity(const std::string& name)
+ :Symbol(name)
{
- init();
- impl->name = name;
+ impl = new SensitivityImpl;
}
Sensitivity::Sensitivity(const Sensitivity& other)
- : Node()
+ :Symbol(other)
{
- init();
+ impl = new SensitivityImpl;
*impl = *other.impl;
}
- Sensitivity::~Sensitivity() { delete impl; }
-
- void Sensitivity::operator=(const Sensitivity& other)
+ Sensitivity::~Sensitivity()
{
- *impl = *other.impl;
+ delete impl;
}
- const std::string& Sensitivity::get_name() const
+ Sensitivity& Sensitivity::operator=(const Sensitivity& other)
{
- return impl->name;
+ *impl = *other.impl;
+ return *this;
}
- void Sensitivity::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
StringSet& Sensitivity::aliases()
{
return impl->aliases;
@@ -77,7 +74,7 @@
void Sensitivity::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "sensitivity " << impl->name;
+ o << "sensitivity " << get_name();
if (!impl->aliases.empty()) {
o << " alias ";
bracket_output_container(o, impl->aliases.begin(),
@@ -100,20 +97,25 @@
impl = new DominanceImpl;
}
- Dominance::Dominance() { init(); }
+ Dominance::Dominance()
+ :Node()
+ {
+ impl = new DominanceImpl;
+ }
Dominance::Dominance(const Dominance& other)
- : Node()
+ :Node(other)
{
- init();
+ impl = new DominanceImpl;
*impl = *other.impl;
}
Dominance::~Dominance() { delete impl; }
- void Dominance::operator=(const Dominance& other)
+ Dominance& Dominance::operator=(const Dominance& other)
{
*impl = *other.impl;
+ return *this;
}
StringVector& Dominance::ordering()
@@ -137,7 +139,6 @@
struct CategoryImpl
{
- std::string name;
StringSet aliases;
};
@@ -146,38 +147,36 @@
impl = new CategoryImpl;
}
- Category::Category() { init(); }
+ Category::Category()
+ :Symbol()
+ {
+ impl = new CategoryImpl;
+ }
Category::Category(const std::string& name)
+ :Symbol(name)
{
- init();
- impl->name = name;
+ impl = new CategoryImpl;
}
Category::Category(const Category& other)
- : Node()
+ :Symbol(other)
{
init();
*impl = *other.impl;
}
- Category::~Category() { delete impl; }
-
- void Category::operator=(const Category& other)
+ Category::~Category()
{
- *impl = *other.impl;
+ delete impl;
}
- const std::string& Category::get_name() const
+ Category& Category::operator=(const Category& other)
{
- return impl->name;
+ *impl = *other.impl;
+ return *this;
}
- void Category::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
StringSet& Category::aliases()
{
return impl->aliases;
@@ -185,7 +184,7 @@
void Category::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "category " << impl->name;
+ o << "category " << get_name();
if (!impl->aliases.empty()) {
o << " alias ";
bracket_output_container(o, impl->aliases.begin(),
@@ -209,18 +208,22 @@
impl = new LevelImpl;
}
- Level::Level() { init(); }
+ Level::Level()
+ :Symbol()
+ {
+ impl = new LevelImpl;
+ }
Level::Level(const std::string& name)
+ :Symbol(name)
{
- init();
- impl->name = name;
+ impl = new LevelImpl;
}
Level::Level(const Level& other)
- : Node()
+ :Symbol(other)
{
- init();
+ impl = new LevelImpl;
*impl = *other.impl;
}
@@ -228,21 +231,12 @@
delete impl;
}
- void Level::operator=(const Level& other)
+ Level& Level::operator=(const Level& other)
{
*impl = *other.impl;
+ return *this;
}
- const std::string& Level::get_name() const
- {
- return impl->name;
- }
-
- void Level::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
StringSet& Level::categories()
{
return impl->categories;
@@ -250,7 +244,7 @@
void Level::do_output_brief(std::ostream& o, const OutputFormatter& op) const
{
- o << impl->name;
+ o << get_name();
if (!impl->categories.empty()) {
o << ":";
bracket_output_container(o, impl->categories.begin(),
@@ -277,26 +271,26 @@
Range::Range()
{
- init();
+ impl = new RangeImpl;
}
Range::Range(LevelPtr low)
{
- init();
+ impl = new RangeImpl;
impl->low = low;
}
Range::Range(LevelPtr low, LevelPtr high)
{
- init();
+ impl = new RangeImpl;
impl->low = low;
impl->high = high;
}
Range::Range(const Range& other)
- : Node()
+ :Node(other)
{
- init();
+ impl = new RangeImpl;
*impl = *(other.impl);
}
@@ -305,9 +299,10 @@
delete impl;
}
- void Range::operator=(const Range& other)
+ Range& Range::operator=(const Range& other)
{
*impl = *(other.impl);
+ return *this;
}
const LevelPtr& Range::get_low(void) const
@@ -339,10 +334,4 @@
}
}
- void Range::init()
- {
- impl = new RangeImpl;
- }
-
-
} // namespace policyrep
Modified: branches/policyrep/libpolicyrep/src/object_class.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/object_class.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/object_class.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -28,39 +28,36 @@
struct CommonPermsImpl
{
- std::string name;
StringSet perms;
};
- void CommonPerms::init() { impl = new CommonPermsImpl; }
-
- CommonPerms::CommonPerms() { init(); }
-
- CommonPerms::CommonPerms(const CommonPerms& other)
- : Node()
+ void CommonPerms::init()
{
- init();
- copy(other);
+ impl = new CommonPermsImpl;
}
- CommonPerms::~CommonPerms()
+ CommonPerms::CommonPerms()
{
- delete impl;
+ impl = new CommonPermsImpl;
}
- void CommonPerms::operator=(const CommonPerms& other)
+ CommonPerms::CommonPerms(const CommonPerms& other)
+ :Symbol(other)
{
- copy(other);
+ impl = new CommonPermsImpl;
+ *impl = *other.impl;
}
- const std::string& CommonPerms::get_name() const
+ CommonPerms::~CommonPerms()
{
- return impl->name;
+ delete impl;
}
- void CommonPerms::set_name(const std::string& name)
+ CommonPerms& CommonPerms::operator=(const CommonPerms& other)
{
- impl->name = name;
+ Symbol::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
StringSet& CommonPerms::perms()
@@ -70,43 +67,48 @@
void CommonPerms::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "common " << impl->name << " ";
+ o << "common " << get_name() << " ";
output_set_space(o, impl->perms);
}
- void CommonPerms::copy(const CommonPerms& other)
- {
- Node::copy(other);
- *impl = *other.impl;
- }
-
//
// ObjectClass
//
struct ObjectClassImpl
{
- std::string name;
StringSet perms;
std::string common_perms;
};
- void ObjectClass::init() { impl = new ObjectClassImpl; }
+ void ObjectClass::init()
+ {
+ impl = new ObjectClassImpl;
+ }
- ObjectClass::ObjectClass() { init(); }
+ ObjectClass::ObjectClass()
+ {
+ impl = new ObjectClassImpl;
+ }
+ ObjectClass::ObjectClass(const std::string &name)
+ :Symbol(name)
+ {
+ impl = new ObjectClassImpl;
+ }
+
ObjectClass::ObjectClass(const std::string& name, const std::string& commons)
+ :Symbol(name)
{
- init();
- set_name(name);
+ impl = new ObjectClassImpl;
set_common_perms(commons);
}
ObjectClass::ObjectClass(const ObjectClass& other)
- : Node()
+ :Symbol(other)
{
- init();
- copy(other);
+ impl = new ObjectClassImpl;
+ *impl = *other.impl;
}
ObjectClass::~ObjectClass()
@@ -114,21 +116,13 @@
delete impl;
}
- void ObjectClass::operator=(const ObjectClass& other)
+ ObjectClass& ObjectClass::operator=(const ObjectClass& other)
{
- copy(other);
+ Symbol::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
- const std::string& ObjectClass::get_name() const
- {
- return impl->name;
- }
-
- void ObjectClass::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
StringSet& ObjectClass::perms()
{
return impl->perms;
@@ -146,7 +140,7 @@
void ObjectClass::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "class " << impl->name;
+ o << "class " << get_name();
if (impl->common_perms != "")
o << " inherits " << impl->common_perms;
if (!impl->perms.empty()) {
@@ -155,11 +149,4 @@
}
}
- void ObjectClass::copy(const ObjectClass& other)
- {
- Node::copy(other);
- *impl = *other.impl;
- }
-
-
} // namespace policyrep
Modified: branches/policyrep/libpolicyrep/src/optional.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/optional.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/optional.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -30,9 +30,9 @@
}
- OptionalBlock::OptionalBlock(const OptionalBlock& other) : PolicyBlock()
+ OptionalBlock::OptionalBlock(const OptionalBlock& other) : PolicyBlock(other)
{
- copy(other);
+ *impl = *other.impl;
}
OptionalBlock::OptionalBlock(OptionalBranchPtr true_)
@@ -52,15 +52,11 @@
delete impl;
}
- void OptionalBlock::operator=(const OptionalBlock& other)
+ OptionalBlock& OptionalBlock::operator=(const OptionalBlock& other)
{
- copy(other);
- }
-
- void OptionalBlock::copy(const OptionalBlock& other)
- {
- PolicyBlock::copy(other);
+ PolicyBlock::operator=(other);
*impl = *other.impl;
+ return *this;
}
struct OptionalBranchImpl { };
@@ -71,9 +67,9 @@
}
OptionalBranch::OptionalBranch(const OptionalBranch& other)
- : PolicyBranch(), impl(new OptionalBranchImpl)
+ : PolicyBranch(other), impl(new OptionalBranchImpl)
{
- copy(other);
+ *impl = *other.impl;
}
OptionalBranch::~OptionalBranch()
@@ -81,9 +77,11 @@
delete impl;
}
- void OptionalBranch::operator=(const OptionalBranch& other)
+ OptionalBranch& OptionalBranch::operator=(const OptionalBranch& other)
{
- copy(other);
+ PolicyBranch::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
void OptionalBranch::do_output(std::ostream& o, const OutputFormatter& op) const
@@ -99,10 +97,4 @@
}
}
- void OptionalBranch::copy(const OptionalBranch& other)
- {
- PolicyBranch::copy(other);
- }
-
-
}
Modified: branches/policyrep/libpolicyrep/src/parse.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/parse.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/parse.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -46,9 +46,10 @@
Parser::~Parser() { delete impl; }
- void Parser::operator=(const Parser& other)
+ Parser& Parser::operator=(const Parser& other)
{
*impl = *other.impl;
+ return *this;
}
ModulePtr Parser::parse(const std::string& f)
Modified: branches/policyrep/libpolicyrep/src/policy.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/policy.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/policy.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -40,16 +40,18 @@
: impl(new PolicyImpl(mls)) { }
Policy::Policy(const Policy& other)
- : Parent(), impl(new PolicyImpl)
+ : Parent(other), impl(new PolicyImpl)
{
- copy(other);
+ *impl = *other.impl;
}
Policy::~Policy() { delete impl; }
- void Policy::operator=(const Policy& other)
+ Policy& Policy::operator=(const Policy& other)
{
- copy(other);
+ Parent::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
bool Policy::get_mls() const
@@ -67,12 +69,6 @@
return true;
}
- void Policy::copy(const Policy& other)
- {
- Parent::copy(other);
- *impl = *other.impl;
- }
-
//
// Module
//
@@ -91,16 +87,18 @@
: impl(new ModuleImpl(name, version)) { }
Module::Module(const Module& other)
- : Parent(), impl(new ModuleImpl)
+ : Parent(other), impl(new ModuleImpl)
{
- copy(other);
+ *impl = *other.impl;
}
Module::~Module() { delete impl; }
- void Module::operator=(const Module& other)
+ Module& Module::operator=(const Module& other)
{
- copy(other);
+ Parent::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
const std::string& Module::get_name() const
@@ -135,64 +133,40 @@
return true;
}
- void Module::copy(const Module& other)
- {
- Parent::copy(other);
- *impl = *other.impl;
- }
-
-
//
// InitialSid
//
struct InitialSidImpl
{
- std::string name;
};
InitialSid::InitialSid()
- : impl(new InitialSidImpl) { }
+ :Symbol(), impl(new InitialSidImpl) { }
InitialSid::InitialSid(const std::string& name)
- : impl(new InitialSidImpl)
+ :Symbol(name), impl(new InitialSidImpl)
{
- impl->name = name;
}
InitialSid::InitialSid(const InitialSid& other)
- : Node(), impl(new InitialSidImpl)
+ : Symbol(other), impl(new InitialSidImpl)
{
- copy(other);
+ *impl = *other.impl;
}
InitialSid::~InitialSid() { delete impl; }
- void InitialSid::operator=(const InitialSid& other)
+ InitialSid& InitialSid::operator=(const InitialSid& other)
{
- copy(other);
+ Symbol::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
- const std::string& InitialSid::get_name() const
- {
- return impl->name;
- }
-
- void InitialSid::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
void InitialSid::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "sid " << impl->name;
+ o << "sid " << get_name();
}
- void InitialSid::copy(const InitialSid& other)
- {
- Node::copy(other);
- *impl = *other.impl;
- }
-
-
} // namespace Policyrep
Modified: branches/policyrep/libpolicyrep/src/policy_base.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/policy_base.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/policy_base.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -99,9 +99,10 @@
delete impl;
}
- void OutputFormatter::operator=(const OutputFormatter& other)
+ OutputFormatter& OutputFormatter::operator=(const OutputFormatter& other)
{
*impl = *other.impl;
+ return *this;
}
OutputFormatter& OutputFormatter::operator()(const Node& n, bool end)
@@ -199,7 +200,7 @@
Node::Node(const Node& other)
: node_impl(new NodeImpl)
{
- copy(other);
+ *node_impl = *other.node_impl;
}
Node::~Node()
@@ -207,10 +208,11 @@
delete node_impl;
}
- void Node::operator=(const Node& other)
+ Node& Node::operator=(const Node& other)
{
std::cout << "node" << std::endl;
- copy(other);
+ *node_impl = *other.node_impl;
+ return *this;
}
void Node::set_parent(Parent* parent)
@@ -290,11 +292,6 @@
}
}
- void Node::copy(const Node& other)
- {
- *node_impl = *other.node_impl;
- }
-
//
// TreeIterator
//
@@ -342,9 +339,10 @@
delete impl;
}
- void TreeIterator::operator=(const TreeIterator& other)
+ TreeIterator& TreeIterator::operator=(const TreeIterator& other)
{
*impl = *other.impl;
+ return *this;
}
bool TreeIterator::get_visited() const
@@ -437,10 +435,10 @@
: parent_impl(new ParentImpl) { }
Parent::Parent(const Parent& other)
- : Node()
+ :Node(other)
{
parent_impl = new ParentImpl;
- copy(other);
+ *parent_impl = *other.parent_impl;
}
Parent::~Parent()
@@ -448,9 +446,11 @@
delete parent_impl;
}
- void Parent::operator=(const Parent& other)
+ Parent& Parent::operator=(const Parent& other)
{
- copy(other);
+ Node::operator=(other);
+ *parent_impl = *other.parent_impl;
+ return *this;
}
void Parent::make_child(NodePtr node)
@@ -502,12 +502,6 @@
}
- void Parent::copy(const Parent& other)
- {
- Node::copy(other);
- *parent_impl = *other.parent_impl;
- }
-
//
// PolicyBlock
//
@@ -530,9 +524,9 @@
append_child(false_);
}
- PolicyBlock::PolicyBlock(const PolicyBlock& other) : Parent(), block_impl(new PolicyBlockImpl)
+ PolicyBlock::PolicyBlock(const PolicyBlock& other) : Parent(other), block_impl(new PolicyBlockImpl)
{
- copy(other);
+ *block_impl = *other.block_impl;
}
PolicyBlock::~PolicyBlock()
@@ -540,9 +534,11 @@
delete block_impl;
}
- void PolicyBlock::operator=(const PolicyBlock& other)
+ PolicyBlock& PolicyBlock::operator=(const PolicyBlock& other)
{
- copy(other);
+ Parent::operator=(other);
+ *block_impl = *other.block_impl;
+ return *this;
}
void PolicyBlock::append_child(PolicyBranchPtr node)
@@ -621,12 +617,6 @@
return true;
}
- void PolicyBlock::copy(const PolicyBlock& other)
- {
- Parent::copy(other);
- *block_impl = *other.block_impl;
- }
-
//
// PolicyBranch
@@ -642,9 +632,9 @@
}
- PolicyBranch::PolicyBranch(const PolicyBranch& other) : Parent(), branch_impl(new PolicyBranchImpl)
+ PolicyBranch::PolicyBranch(const PolicyBranch& other) : Parent(other), branch_impl(new PolicyBranchImpl)
{
- copy(other);
+ *branch_impl = *other.branch_impl;
}
PolicyBranch::~PolicyBranch()
@@ -652,9 +642,11 @@
delete branch_impl;
}
- void PolicyBranch::operator=(const PolicyBranch& other)
+ PolicyBranch& PolicyBranch::operator=(const PolicyBranch& other)
{
- copy(other);
+ Parent::operator=(other);
+ *branch_impl = *other.branch_impl;
+ return *this;
}
void PolicyBranch::set_isfalse(bool v)
@@ -667,11 +659,4 @@
return branch_impl->isfalse;
}
- void PolicyBranch::copy(const PolicyBranch& other)
- {
- Parent::copy(other);
- *branch_impl = *other.branch_impl;
- }
-
-
} // namespace policyrep
Modified: branches/policyrep/libpolicyrep/src/policyrep_python.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/policyrep_python.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/policyrep_python.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -58,10 +58,10 @@
//
class_<Node>("Node")
- .add_property("parent",
- make_function(&Node::get_parent,
- return_value_policy<reference_existing_object>()),
- &Node::set_parent)
+// .add_property("parent",
+// make_function(&Node::get_parent,
+// return_value_policy<reference_existing_object>()),
+// &Node::set_parent)
.add_property("visited", &Node::get_visited, &Node::set_visited)
.def("__str__", &Node::to_string)
.def("to_string_end", &Node::to_string_end)
@@ -99,20 +99,20 @@
class_<Module, bases<Parent> >("Module")
- .add_property("name",
- make_function(&Module::get_name,
- return_value_policy<copy_const_reference>()),
- &Module::set_name)
- .add_property("version", make_function(&Module::get_version,
- return_value_policy<copy_const_reference>()),
- &Module::set_version)
+// .add_property("name",
+// make_function(&Module::get_name,
+// return_value_policy<copy_const_reference>()),
+// &Module::set_name)
+// .add_property("version", make_function(&Module::get_version,
+// return_value_policy<copy_const_reference>()),
+// &Module::set_version)
;
register_ptr_to_python<ModulePtr>();
class_<InitialSid, bases<Node> >("InitialSid")
- .add_property("name", make_function(&InitialSid::get_name,
- return_value_policy<reference_existing_object>()),
- &InitialSid::set_name)
+// .add_property("name", make_function(&InitialSid::get_name,
+// return_value_policy<reference_existing_object>()),
+// &InitialSid::set_name)
;
register_ptr_to_python<InitialSidPtr>();
@@ -121,10 +121,10 @@
//
class_<Type, bases<Node> >("Type")
- .add_property("name",
- make_function(&Type::get_name,
- return_value_policy<copy_const_reference>()),
- &Type::set_name)
+// .add_property("name",
+// make_function(&Type::get_name,
+// return_value_policy<copy_const_reference>()),
+// &Type::set_name)
.add_property("aliases"
, make_function(
&Type::aliases,
@@ -139,18 +139,18 @@
register_ptr_to_python<TypePtr>();
class_<Attribute, bases<Node> >("Attribute")
- .add_property("name",
- make_function(&Attribute::get_name,
- return_value_policy<copy_const_reference>()),
- &Attribute::set_name)
+// .add_property("name",
+// make_function(&Attribute::get_name,
+// return_value_policy<copy_const_reference>()),
+// &Attribute::set_name)
;
register_ptr_to_python<AttributePtr>();
class_<TypeAttribute, bases<Node> >("TypeAttribute")
- .add_property("name",
- make_function(&TypeAttribute::get_name,
- return_value_policy<copy_const_reference>()),
- &TypeAttribute::set_name)
+// .add_property("name",
+// make_function(&TypeAttribute::get_name,
+// return_value_policy<copy_const_reference>()),
+// &TypeAttribute::set_name)
.add_property("attributes",
make_function(&TypeAttribute::attributes,
return_value_policy<reference_existing_object>()))
@@ -158,10 +158,10 @@
register_ptr_to_python<TypeAttributePtr>();
class_<TypeAlias, bases<Node> >("TypeAlias")
- .add_property("name",
- make_function(&TypeAlias::get_name,
- return_value_policy<copy_const_reference>()),
- &TypeAlias::set_name)
+// .add_property("name",
+// make_function(&TypeAlias::get_name,
+// return_value_policy<copy_const_reference>()),
+// &TypeAlias::set_name)
.add_property("aliases",
make_function(&TypeAlias::aliases,
return_value_policy<reference_existing_object>()))
@@ -176,10 +176,10 @@
//
class_<CommonPerms, bases<Node> >("CommonPerms")
- .add_property("name",
- make_function(&CommonPerms::get_name,
- return_value_policy<copy_const_reference>()),
- &CommonPerms::set_name)
+// .add_property("name",
+// make_function(&CommonPerms::get_name,
+// return_value_policy<copy_const_reference>()),
+// &CommonPerms::set_name)
.add_property("perms",
make_function(&CommonPerms::perms,
return_value_policy<reference_existing_object>()))
@@ -187,14 +187,14 @@
register_ptr_to_python<CommonPermsPtr>();
class_<ObjectClass, bases<Node> >("ObjectClass")
- .add_property("name",
- make_function(&ObjectClass::get_name,
- return_value_policy<copy_const_reference>()),
- &ObjectClass::set_name)
- .add_property("common_perms",
- make_function(&ObjectClass::get_common_perms,
- return_value_policy<copy_const_reference>()),
- &ObjectClass::set_common_perms)
+// .add_property("name",
+// make_function(&ObjectClass::get_name,
+// return_value_policy<copy_const_reference>()),
+// &ObjectClass::set_name)
+// .add_property("common_perms",
+// make_function(&ObjectClass::get_common_perms,
+// return_value_policy<copy_const_reference>()),
+// &ObjectClass::set_common_perms)
.add_property("perms",
make_function(&ObjectClass::perms,
return_value_policy<reference_existing_object>()))
Modified: branches/policyrep/libpolicyrep/src/rbac.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/rbac.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/rbac.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -29,7 +29,6 @@
struct RoleImpl
{
- std::string name;
StringSet types;
};
@@ -38,38 +37,37 @@
impl = new RoleImpl;
}
- Role::Role() { init(); }
+ Role::Role()
+ :Symbol()
+ {
+ impl = new RoleImpl;
+ }
Role::Role(const std::string& name)
+ :Symbol(name)
{
- init();
- impl->name = name;
+ impl = new RoleImpl;
}
Role::Role(const Role& other)
- : Node()
+ :Symbol(other)
{
- init();
+ impl = new RoleImpl;
*impl = *other.impl;
}
- Role::~Role() { delete impl; }
-
- void Role::operator=(const Role& other)
+ Role::~Role()
{
- *impl = *other.impl;
+ delete impl;
}
- const std::string& Role::get_name() const
+ Role& Role::operator=(const Role& other)
{
- return impl->name;
+ Symbol::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
- void Role::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
StringSet& Role::types()
{
return impl->types;
@@ -77,7 +75,7 @@
void Role::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "role " << impl->name;
+ o << "role " << get_name();
if (!impl->types.empty()) {
o << " types ";
output_set_comma(o, impl->types);
Modified: branches/policyrep/libpolicyrep/src/rule.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/rule.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/rule.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -36,22 +36,17 @@
IdSet perms;
};
- void AVRule::init()
- {
- impl = new AVRuleImpl;
- }
-
AVRule::AVRule(Type type)
{
- init();
+ impl = new AVRuleImpl;
impl->type = type;
}
AVRule::AVRule(const AVRule& other)
- : Node()
+ :Node(other)
{
- init();
- copy(other);
+ impl = new AVRuleImpl;
+ *impl = *other.impl;
}
AVRule::~AVRule()
@@ -59,9 +54,11 @@
delete impl;
}
- void AVRule::operator=(const AVRule& other)
+ AVRule& AVRule::operator=(const AVRule& other)
{
- copy(other);
+ Node::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
void AVRule::set_type(AVRule::Type type)
@@ -128,12 +125,6 @@
}
- void AVRule::copy(const AVRule& other)
- {
- Node::copy(other);
- *impl = *other.impl;
- }
-
//
// TypeRule
//
@@ -147,22 +138,17 @@
std::string target;
};
- void TypeRule::init()
- {
- impl = new TypeRuleImpl;
- }
-
TypeRule::TypeRule(Type type)
{
- init();
+ impl = new TypeRuleImpl;
impl->type = type;
}
TypeRule::TypeRule(const TypeRule& other)
- : Node()
+ :Node(other)
{
- init();
- copy(other);
+ impl = new TypeRuleImpl;
+ *impl = *other.impl;
}
TypeRule::~TypeRule()
@@ -170,9 +156,11 @@
delete impl;
}
- void TypeRule::operator=(const TypeRule& other)
+ TypeRule& TypeRule::operator=(const TypeRule& other)
{
- copy(other);
+ Node::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
void TypeRule::set_type(TypeRule::Type type)
@@ -237,11 +225,4 @@
}
- void TypeRule::copy(const...
[truncated message content] |
|
From: <ssm...@us...> - 2008-01-28 13:45:11
|
Revision: 2768
http://selinux.svn.sourceforge.net/selinux/?rev=2768&view=rev
Author: ssmalley
Date: 2008-01-28 05:45:06 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
Silence spurious out of memory errors.
Modified Paths:
--------------
branches/stable/1_0/libsemanage/src/debug.c
Modified: branches/stable/1_0/libsemanage/src/debug.c
===================================================================
--- branches/stable/1_0/libsemanage/src/debug.c 2008-01-28 13:44:02 UTC (rev 2767)
+++ branches/stable/1_0/libsemanage/src/debug.c 2008-01-28 13:45:06 UTC (rev 2768)
@@ -81,8 +81,8 @@
vfprintf(stream, fmt, ap);
va_end(ap);
- if (errsv)
- fprintf(stream, " %s.", strerror(errsv));
+ if (errsv && errsv != ENOMEM)
+ fprintf(stream, " (%s).", strerror(errsv));
fprintf(stream, "\n");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:44:06
|
Revision: 2767
http://selinux.svn.sourceforge.net/selinux/?rev=2767&view=rev
Author: ssmalley
Date: 2008-01-28 05:44:02 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
updated libsemanage to version 2.0.18
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2008-01-28 13:43:16 UTC (rev 2766)
+++ trunk/libsemanage/ChangeLog 2008-01-28 13:44:02 UTC (rev 2767)
@@ -1,3 +1,6 @@
+2.0.18 2008-01-28
+ * Fix spurious out of memory error reports.
+
2.0.17 2008-01-25
* Merged second version of fix for genhomedircon handling from Caleb Case.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2008-01-28 13:43:16 UTC (rev 2766)
+++ trunk/libsemanage/VERSION 2008-01-28 13:44:02 UTC (rev 2767)
@@ -1 +1 @@
-2.0.17
+2.0.18
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:43:18
|
Revision: 2766
http://selinux.svn.sourceforge.net/selinux/?rev=2766&view=rev
Author: ssmalley
Date: 2008-01-28 05:43:16 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
Silence the spurious Cannot allocate memory messages.
Modified Paths:
--------------
trunk/libsemanage/src/debug.c
Modified: trunk/libsemanage/src/debug.c
===================================================================
--- trunk/libsemanage/src/debug.c 2008-01-28 13:13:32 UTC (rev 2765)
+++ trunk/libsemanage/src/debug.c 2008-01-28 13:43:16 UTC (rev 2766)
@@ -81,8 +81,8 @@
vfprintf(stream, fmt, ap);
va_end(ap);
- if (errsv)
- fprintf(stream, " %s.", strerror(errsv));
+ if (errsv && errsv != ENOMEM)
+ fprintf(stream, " (%s).", strerror(errsv));
fprintf(stream, "\n");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:13:38
|
Revision: 2765
http://selinux.svn.sourceforge.net/selinux/?rev=2765&view=rev
Author: ssmalley
Date: 2008-01-28 05:13:32 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.41
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-28 13:12:08 UTC (rev 2764)
+++ trunk/policycoreutils/ChangeLog 2008-01-28 13:13:32 UTC (rev 2765)
@@ -1,3 +1,6 @@
+2.0.41 2008-01-28
+ * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
+
2.0.40 2008-01-25
* Merged a second fixfiles -C fix from Marshall Miller.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-28 13:12:08 UTC (rev 2764)
+++ trunk/policycoreutils/VERSION 2008-01-28 13:13:32 UTC (rev 2765)
@@ -1 +1 @@
-2.0.40
+2.0.41
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:12:10
|
Revision: 2764
http://selinux.svn.sourceforge.net/selinux/?rev=2764&view=rev
Author: ssmalley
Date: 2008-01-28 05:12:08 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
Author: Dan Walsh
Email: dw...@re...
Subject: Fix audit2why and semanage boolean
Date: Fri, 25 Jan 11:12:17 -0500
Remove path argument from audit2why.init call.
Add support for --on, --off, -1, and -0 to semanage boolean.
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/policycoreutils/semanage/semanage
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-28 13:06:00 UTC (rev 2763)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-28 13:12:08 UTC (rev 2764)
@@ -221,7 +221,7 @@
import selinux
import selinux.audit2why as audit2why
import seobject
- audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
+ audit2why.init()
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2008-01-28 13:06:00 UTC (rev 2763)
+++ trunk/policycoreutils/semanage/semanage 2008-01-28 13:12:08 UTC (rev 2764)
@@ -111,7 +111,7 @@
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
return valid_option
#
@@ -131,7 +131,7 @@
seuser = ""
prefix = ""
heading=1
-
+ value=0
add = 0
modify = 0
delete = 0
@@ -150,7 +150,7 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
+ '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
['add',
'delete',
'deleteall',
@@ -160,6 +160,8 @@
'modify',
'noheading',
'localist',
+ 'off',
+ 'on',
'proto=',
'seuser=',
'store=',
@@ -238,6 +240,11 @@
if o == "-T" or o == "--trans":
setrans = a
+ if o == "--on" or o == "-1":
+ value = 1
+ if o == "-off" or o == "-0":
+ value = 0
+
if object == "login":
OBJECT = seobject.loginRecords(store)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:06:05
|
Revision: 2763
http://selinux.svn.sourceforge.net/selinux/?rev=2763&view=rev
Author: ssmalley
Date: 2008-01-28 05:06:00 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
updated libselinux to version 2.0.50
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-01-28 13:05:17 UTC (rev 2762)
+++ trunk/libselinux/ChangeLog 2008-01-28 13:06:00 UTC (rev 2763)
@@ -1,3 +1,6 @@
+2.0.50 2008-01-28
+ * Merged fix for audit2why from Dan Walsh.
+
2.0.49 2008-01-23
* Merged audit2why python binding from Dan Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-01-28 13:05:17 UTC (rev 2762)
+++ trunk/libselinux/VERSION 2008-01-28 13:06:00 UTC (rev 2763)
@@ -1 +1 @@
-2.0.49
+2.0.50
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:05:19
|
Revision: 2762
http://selinux.svn.sourceforge.net/selinux/?rev=2762&view=rev
Author: ssmalley
Date: 2008-01-28 05:05:17 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
Author: Dan Walsh
Email: dw...@re...
Date: Fri, 25 Jan 2008 10:31:28 -0500
Fix audit2why to use sepol_policy_kern_vers_max() rather than
security_policyvers() as the upper bound for the search for
a policy file.
Modified Paths:
--------------
trunk/libselinux/src/audit2why.c
Modified: trunk/libselinux/src/audit2why.c
===================================================================
--- trunk/libselinux/src/audit2why.c 2008-01-25 19:06:56 UTC (rev 2761)
+++ trunk/libselinux/src/audit2why.c 2008-01-28 13:05:17 UTC (rev 2762)
@@ -5,6 +5,7 @@
#include <getopt.h>
#include <limits.h>
#include <sepol/sepol.h>
+#include <sepol/policydb.h>
#include <sepol/policydb/services.h>
#include <Python.h>
#include <selinux/selinux.h>
@@ -197,10 +198,10 @@
"unable to open %s: %s\n",
path, strerror(errno));
PyErr_SetString( PyExc_ValueError, errormsg);
- return 0; // trigger exception
+ return 1;
}
} else {
- vers = security_policyvers();
+ vers = sepol_policy_kern_vers_max();
if (vers < 0) {
snprintf(errormsg, sizeof(errormsg),
"Could not get policy version: %s\n",
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-25 19:06:57
|
Revision: 2761
http://selinux.svn.sourceforge.net/selinux/?rev=2761&view=rev
Author: ssmalley
Date: 2008-01-25 11:06:56 -0800 (Fri, 25 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.40
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-25 19:00:51 UTC (rev 2760)
+++ trunk/policycoreutils/ChangeLog 2008-01-25 19:06:56 UTC (rev 2761)
@@ -1,3 +1,6 @@
+2.0.40 2008-01-25
+ * Merged a second fixfiles -C fix from Marshall Miller.
+
2.0.39 2008-01-24
* Merged fixfiles -C fix from Marshall Miller.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-25 19:00:51 UTC (rev 2760)
+++ trunk/policycoreutils/VERSION 2008-01-25 19:06:56 UTC (rev 2761)
@@ -1 +1 @@
-2.0.39
+2.0.40
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-25 19:00:52
|
Revision: 2760
http://selinux.svn.sourceforge.net/selinux/?rev=2760&view=rev
Author: ssmalley
Date: 2008-01-25 11:00:51 -0800 (Fri, 25 Jan 2008)
Log Message:
-----------
Author: Marshall Miller
Email: mm...@tr...
Subject: fixfiles -C: behave as advertised
Date: Thu, 24 Jan 2008 16:25:17 -0500
This patch makes fixfiles -C <file> (restore|check|verify|relabel) behave as advertised.
Marshall Miller
Modified Paths:
--------------
trunk/policycoreutils/scripts/fixfiles
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-01-25 18:58:56 UTC (rev 2759)
+++ trunk/policycoreutils/scripts/fixfiles 2008-01-25 19:00:51 UTC (rev 2760)
@@ -92,7 +92,7 @@
! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
\( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
done 2> /dev/null | \
- ${RESTORECON} $2 -0 -f -
+ ${RESTORECON} $* -0 -f -
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
@@ -117,7 +117,7 @@
#
restore () {
if [ ! -z "$PREFC" ]; then
- diff_filecontext $1
+ diff_filecontext $*
exit $?
fi
if [ ! -z "$RPMFILES" ]; then
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-25 18:58:58
|
Revision: 2759
http://selinux.svn.sourceforge.net/selinux/?rev=2759&view=rev
Author: ssmalley
Date: 2008-01-25 10:58:56 -0800 (Fri, 25 Jan 2008)
Log Message:
-----------
updated libsemanage to version 2.0.17
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2008-01-25 18:57:54 UTC (rev 2758)
+++ trunk/libsemanage/ChangeLog 2008-01-25 18:58:56 UTC (rev 2759)
@@ -1,3 +1,6 @@
+2.0.17 2008-01-25
+ * Merged second version of fix for genhomedircon handling from Caleb Case.
+
2.0.16 2008-01-24
* Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2008-01-25 18:57:54 UTC (rev 2758)
+++ trunk/libsemanage/VERSION 2008-01-25 18:58:56 UTC (rev 2759)
@@ -1 +1 @@
-2.0.16
+2.0.17
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-25 18:57:55
|
Revision: 2758
http://selinux.svn.sourceforge.net/selinux/?rev=2758&view=rev
Author: ssmalley
Date: 2008-01-25 10:57:54 -0800 (Fri, 25 Jan 2008)
Log Message:
-----------
Author: Caleb Case
Email: cc...@tr...
Subject: libsemanage: genhomedircon remove error on missing HOME_DIR or HOME_ROOT v2
Date: Thu, 24 Jan 2008 16:05:44 -0500
Replacing failure condition in write_context_file when HOME_DIR or
HOME_ROOT are not found in the contexts. This condition is not needed
(the case where the lists are empty is handled correctly) and stops
otherwise valid operations:
On a fresh policy store, without any modules loaded:
# semodule -s refpolicy -b /usr/share/selinux/refpolicy/base.pp
libsemanage.semanage_install_sandbox: semanage_genhomedircon returned
error code -1. No such file or directory.
semodule: Failed!
Failure is replaced with an early success return which happens when
HOME_DIR, HOME_ROOT, or USER are not found.
The list of homedirs is computed only if needed (HOME_DIR or HOME_ROOT
exist).
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-24 20:43:51 UTC (rev 2757)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-25 18:57:54 UTC (rev 2758)
@@ -779,52 +779,60 @@
semanage_list_t *homeroot_context_tpl = NULL;
int retval = STATUS_SUCCESS;
- homedirs = get_home_dirs(s);
- if (!homedirs) {
- WARN(s->h_semanage,
- "no home directories were available, exiting without writing");
- return STATUS_ERR; /* No homedirs so no output */
- }
-
- if (write_file_context_header(s, out) != STATUS_SUCCESS)
- return STATUS_ERR;
-
homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
+ if (!homedir_context_tpl && !homeroot_context_tpl && !user_context_tpl)
+ goto done;
+
+ if (write_file_context_header(s, out) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
if (setup_fallback_user(s) != 0) {
retval = STATUS_ERR;
goto done;
}
- for (h = homedirs; h; h = h->next) {
- Ustr *temp = ustr_dup_cstr(h->data);
- if (!temp || !ustr_add_cstr(&temp, "/[^/]*")) {
- ustr_sc_free(&temp);
- retval = STATUS_ERR;
+ if (homedir_context_tpl || homeroot_context_tpl) {
+ homedirs = get_home_dirs(s);
+ if (!homedirs) {
+ WARN(s->h_semanage,
+ "no home directories were available, exiting without writing");
goto done;
}
- if (write_home_dir_context(s, out,
- homedir_context_tpl,
- s->fallback_user, s->fallback_user,
- ustr_cstr(temp),
- s->fallback_user_prefix) !=
- STATUS_SUCCESS) {
+ for (h = homedirs; h; h = h->next) {
+ Ustr *temp = ustr_dup_cstr(h->data);
+
+ if (!temp || !ustr_add_cstr(&temp, "/[^/]*")) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ if (write_home_dir_context(s, out,
+ homedir_context_tpl,
+ s->fallback_user, s->fallback_user,
+ ustr_cstr(temp),
+ s->fallback_user_prefix) !=
+ STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+ if (write_home_root_context(s, out,
+ homeroot_context_tpl,
+ h->data) != STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
ustr_sc_free(&temp);
- retval = STATUS_ERR;
- goto done;
}
- if (write_home_root_context(s, out,
- homeroot_context_tpl,
- h->data) != STATUS_SUCCESS) {
- ustr_sc_free(&temp);
- retval = STATUS_ERR;
- goto done;
- }
-
- ustr_sc_free(&temp);
}
if (user_context_tpl) {
if (write_user_context(s, out, user_context_tpl,
@@ -840,7 +848,7 @@
}
}
- done:
+done:
/* Cleanup */
semanage_list_destroy(&homedirs);
semanage_list_destroy(&user_context_tpl);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-01-24 20:43:56
|
Revision: 2757
http://selinux.svn.sourceforge.net/selinux/?rev=2757&view=rev
Author: madmethod
Date: 2008-01-24 12:43:51 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
update checkpolicy to 2.0.8
Modified Paths:
--------------
trunk/checkpolicy/ChangeLog
trunk/checkpolicy/VERSION
Modified: trunk/checkpolicy/ChangeLog
===================================================================
--- trunk/checkpolicy/ChangeLog 2008-01-24 20:42:54 UTC (rev 2756)
+++ trunk/checkpolicy/ChangeLog 2008-01-24 20:43:51 UTC (rev 2757)
@@ -1,3 +1,6 @@
+2.0.8 2008-01-24
+ * Deprecate role dominance in parser.
+
2.0.7 2008-01-02
* Added support for policy capabilities from Todd Miller.
Modified: trunk/checkpolicy/VERSION
===================================================================
--- trunk/checkpolicy/VERSION 2008-01-24 20:42:54 UTC (rev 2756)
+++ trunk/checkpolicy/VERSION 2008-01-24 20:43:51 UTC (rev 2757)
@@ -1 +1 @@
-2.0.7
+2.0.8
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-01-24 20:42:57
|
Revision: 2756
http://selinux.svn.sourceforge.net/selinux/?rev=2756&view=rev
Author: madmethod
Date: 2008-01-24 12:42:54 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Joshua Brindle
Email: me...@ma...
Subject: role dominance
Date: Tue, 08 Jan 2008 15:48:34 -0500
Joshua Brindle wrote:
> Stephen Smalley wrote:
>> On Mon, 2008-01-07 at 10:41 -0500, Joshua Brindle wrote:
>>
>>> While working on policyrep we've found that role dominance is pretty
>>> difficult to implement correctly, and apparently there is some
>>> ambiguity about how it works. The main problem we are running into
>>> now is that converting the role bitmaps of an old module
>>> (compatibility) back to a role dominance statement is very difficult.
>>>
>>
>> And likely unnecessary. It isn't required that a conversion yield the
>> same source representation, but only that it yield the same end result
>> when you ultimately generate a kernel binary policy. Or are you saying
>> that you can't even do the latter?
>>
>>
>
> The latter is possible.
>
>>> Also it seems like noone has really used role dominance. During
>>> conversations about it here Chris PeBenito suggests that he wants
>>> something like it for refpolicy but a role attribute kind of system
>>> may be much simpler and easier to implement/understand.
>>>
>>> Thoughts?
>>>
>>
>> Any language feature that isn't actually being used should probably be
>> deprecated.
>>
>
> I vote for deprecation in the current compiler and no implementation
> in policyrep. If we want to add role attribute that would be fine too.
> Chris wants some way to group roles and I never really thought role
> dominance was the right way to do it.
>
Patch below to deprecate role dominance. I think we should throw a
warning in policyrep if we see anything in the dominates field of the
role datum and continue without support. Chris suggests that he'd like
role attributes so we can put that on the todo list to implement.
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-01-24 20:38:56 UTC (rev 2755)
+++ trunk/checkpolicy/policy_parse.y 2008-01-24 20:42:54 UTC (rev 2756)
@@ -2563,6 +2563,8 @@
return (role_datum_t *) 1; /* any non-NULL value */
}
+ yywarn("Role dominance has been deprecated");
+
role_id = queue_remove(id_queue);
if (!is_id_in_scope(SYM_ROLES, role_id)) {
yyerror2("role %s is not within scope", role_id);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:39:22
|
Revision: 2755
http://selinux.svn.sourceforge.net/selinux/?rev=2755&view=rev
Author: ssmalley
Date: 2008-01-24 12:38:56 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.39
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-24 20:37:02 UTC (rev 2754)
+++ trunk/policycoreutils/ChangeLog 2008-01-24 20:38:56 UTC (rev 2755)
@@ -1,3 +1,6 @@
+2.0.39 2008-01-24
+ * Merged fixfiles -C fix from Marshall Miller.
+
2.0.38 2008-01-24
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-24 20:37:02 UTC (rev 2754)
+++ trunk/policycoreutils/VERSION 2008-01-24 20:38:56 UTC (rev 2755)
@@ -1 +1 @@
-2.0.38
+2.0.39
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:37:22
|
Revision: 2754
http://selinux.svn.sourceforge.net/selinux/?rev=2754&view=rev
Author: ssmalley
Date: 2008-01-24 12:37:02 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Marshall Miller
Email: mm...@tr...
Subject: fixfiles -C: relabel all file contexts that have changed
Date: Thu, 24 Jan 2008 14:39:40 -0500
This fixes the situation where one path is a substring of another path, but not a prefix. For example, if /lib and /var/lib have both changed in the file_contexts file, then /var/lib would not be selected for relabel even though it should.
Marshall Miller
Modified Paths:
--------------
trunk/policycoreutils/scripts/fixfiles
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-01-24 20:29:37 UTC (rev 2753)
+++ trunk/policycoreutils/scripts/fixfiles 2008-01-24 20:37:02 UTC (rev 2754)
@@ -84,7 +84,7 @@
do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \
echo "$pattern"; \
case "$pattern" in *"*") \
- echo "$pattern" | sed 's,\*$,,g' >> ${TEMPFILE};;
+ echo "$pattern" | sed -e 's,^,^,' -e 's,\*$,,g' >> ${TEMPFILE};;
esac; \
fi; \
done | \
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:29:44
|
Revision: 2753
http://selinux.svn.sourceforge.net/selinux/?rev=2753&view=rev
Author: ssmalley
Date: 2008-01-24 12:29:37 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
updated libsemanage to version 2.0.16
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2008-01-24 20:15:58 UTC (rev 2752)
+++ trunk/libsemanage/ChangeLog 2008-01-24 20:29:37 UTC (rev 2753)
@@ -1,3 +1,6 @@
+2.0.16 2008-01-24
+ * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
+
2.0.15 2007-12-05
* Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
* Copy the store path in semanage_select_store from Dan Walsh.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2008-01-24 20:15:58 UTC (rev 2752)
+++ trunk/libsemanage/VERSION 2008-01-24 20:29:37 UTC (rev 2753)
@@ -1 +1 @@
-2.0.15
+2.0.16
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:20:14
|
Revision: 2749
http://selinux.svn.sourceforge.net/selinux/?rev=2749&view=rev
Author: ssmalley
Date: 2008-01-24 11:20:15 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: audit2allow patch
Date: Wed, 23 Jan 2008 17:22:43 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ran through pychecker and cleaned up some bugs.
Also added booleans description from policy.xml file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeXvjMACgkQrlYvE4MpobOsgwCfbTTJxThRmfUw5LHQGhsG99vj
rtwAoMTo1ms2h6dOQXmrtLpHrwB1Ec5Z
=mNcO
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 21:15:12 UTC (rev 2748)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-24 19:20:15 UTC (rev 2749)
@@ -19,7 +19,6 @@
#
import sys
-import tempfile
import sepolgen.audit as audit
import sepolgen.policygen as policygen
@@ -153,9 +152,9 @@
def __process_input(self):
if self.__options.type:
- filter = audit.TypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(filter)
- self.__selinux_errs = self.__parser.to_role(filter)
+ avcfilter = audit.TypeFilter(self.__options.type)
+ self.__avs = self.__parser.to_access(avcfilter)
+ self.__selinux_errs = self.__parser.to_role(avcfilter)
else:
self.__avs = self.__parser.to_access()
self.__selinux_errs = self.__parser.to_role()
@@ -221,13 +220,14 @@
def __output_audit2why(self):
import selinux
import selinux.audit2why as audit2why
+ import seobject
audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
print "%s\n\tWas caused by:" % i.message
if rc == audit2why.NOPOLICY:
- raise "Must call policy_init first"
+ raise RuntimeError("Must call policy_init first")
if rc == audit2why.BADTCON:
print "Invalid Target Context %s\n" % i.tcontext
continue
@@ -241,7 +241,7 @@
print "Invalid permission %s\n" % i.accesses
continue
if rc == audit2why. BADCOMPUTE:
- raise "Error during access vector computation"
+ raise RuntimeError("Error during access vector computation")
if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
@@ -251,28 +251,28 @@
if len(bools) > 1:
print "\tOne of the following booleans was set incorrectly."
for b in bools:
- print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
- print "\t# setsebool -P %s %d" % (b[0], b[1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
else:
- print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
- print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
-
+ print "\tThe boolean %s was set incorrectly. " % (bools[0][0])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
continue
if rc == audit2why.TERULE:
- print "\t\tMissing or disabled type enforcing (TE) allow rule.\n"
- print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
+ print "\t\tMissing type enforcement (TE) allow rule.\n"
+ print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n"
continue
if rc == audit2why.CONSTRAINT:
- print "\t\tConstraint violation.\n"
- print "\t\tCheck policy/constraints.\n"
- print "\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n"
+ print "\t\tPolicy constraint violation.\n"
+ print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
+ print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
continue
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
- print "\t\tAdd allow rule for the role pair.\n"
+ print "\t\tAdd an allow rule for the role pair.\n"
continue
audit2why.finish()
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2008-01-23 21:15:12 UTC (rev 2748)
+++ trunk/policycoreutils/semanage/seobject.py 2008-01-24 19:20:15 UTC (rev 2749)
@@ -117,6 +117,12 @@
#print _("Failed to translate booleans.\n%s") % e
pass
+def boolean_desc(boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -1456,10 +1462,7 @@
return ddict
def get_desc(self, boolean):
- if boolean in booleans_dict:
- return _(booleans_dict[boolean][2])
- else:
- return boolean
+ return boolean_desc(boolean)
def get_category(self, boolean):
if boolean in booleans_dict:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:16:03
|
Revision: 2752
http://selinux.svn.sourceforge.net/selinux/?rev=2752&view=rev
Author: ssmalley
Date: 2008-01-24 12:15:58 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Caleb Case
Email: cc...@tr...
Subject: libsemanage: genhomedircon remove error on missing HOME_DIR or HOME_ROOT
Date: Wed, 23 Jan 2008 08:53:56 -0500
Removing failure condition in write_context_file when HOME_DIR or
HOME_ROOT are not found in the contexts. This condition is not needed
(the case where the lists are empty is handled correctly) and stops
otherwise valid operations:
On a fresh policy store, without any modules loaded:
# semodule -s refpolicy -b /usr/share/selinux/refpolicy/base.pp
libsemanage.semanage_install_sandbox: semanage_genhomedircon returned
error code -1. No such file or directory.
semodule: Failed!
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-24 19:27:50 UTC (rev 2751)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-24 20:15:58 UTC (rev 2752)
@@ -792,10 +792,6 @@
homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
- if (!homedir_context_tpl || !homeroot_context_tpl) {
- retval = STATUS_ERR;
- goto done;
- }
if (setup_fallback_user(s) != 0) {
retval = STATUS_ERR;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
