Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2007-04-10 19:13:50
|
Revision: 2337
http://svn.sourceforge.net/selinux/?rev=2337&view=rev
Author: ssmalley
Date: 2007-04-10 12:13:48 -0700 (Tue, 10 Apr 2007)
Log Message:
-----------
Ported r2334 through r2336 (sepolgen parser and tool updates) from trunk.
Modified Paths:
--------------
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/audit2allow/sepolgen-ifgen
branches/policyrep/sepolgen/ChangeLog
branches/policyrep/sepolgen/VERSION
branches/policyrep/sepolgen/src/sepolgen/interfaces.py
branches/policyrep/sepolgen/src/sepolgen/matching.py
branches/policyrep/sepolgen/src/sepolgen/refparser.py
branches/policyrep/sepolgen/src/sepolgen/refpolicy.py
Modified: branches/policyrep/policycoreutils/ChangeLog
===================================================================
--- branches/policyrep/policycoreutils/ChangeLog 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/policycoreutils/ChangeLog 2007-04-10 19:13:48 UTC (rev 2337)
@@ -1,3 +1,6 @@
+2.0.8 2007-04-10
+ * Merged updates to sepolgen-ifgen from Karl MacMillan.
+
2.0.7 2007-03-01
* Merged restorecond init script LSB compliance patch from Steve Grubb.
Modified: branches/policyrep/policycoreutils/VERSION
===================================================================
--- branches/policyrep/policycoreutils/VERSION 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/policycoreutils/VERSION 2007-04-10 19:13:48 UTC (rev 2337)
@@ -1 +1 @@
-2.0.7
+2.0.8
Modified: branches/policyrep/policycoreutils/audit2allow/sepolgen-ifgen
===================================================================
--- branches/policyrep/policycoreutils/audit2allow/sepolgen-ifgen 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/policycoreutils/audit2allow/sepolgen-ifgen 2007-04-10 19:13:48 UTC (rev 2337)
@@ -45,7 +45,9 @@
parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
help="location of the interface header files")
parser.add_option("-v", "--verbose", action="store_true", default=False,
- help="print debuging output")
+ help="print debuging output")
+ parser.add_option("-d", "--debug", action="store_true", default=False,
+ help="extra debugging output")
options, args = parser.parse_args()
return options
@@ -67,7 +69,7 @@
log = None
try:
- headers = refparser.parse_headers(options.headers, output=log)
+ headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
except ValueError, e:
print "error parsing headers"
print str(e)
Modified: branches/policyrep/sepolgen/ChangeLog
===================================================================
--- branches/policyrep/sepolgen/ChangeLog 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/sepolgen/ChangeLog 2007-04-10 19:13:48 UTC (rev 2337)
@@ -1,3 +1,9 @@
+1.0.8 2007-04-10
+ * Merged updates to sepolgen parser and tools from Karl MacMillan.
+ This includes improved debugging support, handling of interface
+ calls with list parameters, support for role transition rules,
+ updated range transition rule support, and looser matching.
+
1.0.7 2007-03-26
* Merged patch to discard self from types when generating requires from Karl MacMillan.
Modified: branches/policyrep/sepolgen/VERSION
===================================================================
--- branches/policyrep/sepolgen/VERSION 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/sepolgen/VERSION 2007-04-10 19:13:48 UTC (rev 2337)
@@ -1 +1 @@
-1.0.7
+1.0.8
Modified: branches/policyrep/sepolgen/src/sepolgen/interfaces.py
===================================================================
--- branches/policyrep/sepolgen/src/sepolgen/interfaces.py 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/sepolgen/src/sepolgen/interfaces.py 2007-04-10 19:13:48 UTC (rev 2337)
@@ -365,21 +365,25 @@
# been generated from an optional param.
return None
else:
- return ifcall.args[num - 1]
+ arg = ifcall.args[num - 1]
+ if isinstance(arg, list):
+ return arg
+ else:
+ return [arg]
else:
- return id
+ return [id]
def map_add_av(self, ifv, av, ifcall):
- src_type = self.map_param(av.src_type, ifcall)
- if src_type is None:
+ src_types = self.map_param(av.src_type, ifcall)
+ if src_types is None:
return
- tgt_type = self.map_param(av.tgt_type, ifcall)
- if tgt_type is None:
+ tgt_types = self.map_param(av.tgt_type, ifcall)
+ if tgt_types is None:
return
- obj_class = self.map_param(av.obj_class, ifcall)
- if obj_class is None:
+ obj_classes = self.map_param(av.obj_class, ifcall)
+ if obj_classes is None:
return
new_perms = refpolicy.IdSet()
@@ -388,14 +392,15 @@
if p is None:
continue
else:
- new_perms.add(p)
+ new_perms.update(p)
if len(new_perms) == 0:
return
- ifv.access.add(src_type, tgt_type, obj_class, new_perms)
+ for src_type in src_types:
+ for tgt_type in tgt_types:
+ for obj_class in obj_classes:
+ ifv.access.add(src_type, tgt_type, obj_class, new_perms)
-
-
def do_expand_ifcalls(self, interface, if_by_name):
# Descend an interface call tree adding the access
# from each interface. This is a depth first walk
Modified: branches/policyrep/sepolgen/src/sepolgen/matching.py
===================================================================
--- branches/policyrep/sepolgen/src/sepolgen/matching.py 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/sepolgen/src/sepolgen/matching.py 2007-04-10 19:13:48 UTC (rev 2337)
@@ -50,7 +50,7 @@
return 1
class MatchList:
- DEFAULT_THRESHOLD = 100
+ DEFAULT_THRESHOLD = 120
def __init__(self):
# Match objects that pass the threshold
self.children = []
Modified: branches/policyrep/sepolgen/src/sepolgen/refparser.py
===================================================================
--- branches/policyrep/sepolgen/src/sepolgen/refparser.py 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/sepolgen/src/sepolgen/refparser.py 2007-04-10 19:13:48 UTC (rev 2337)
@@ -35,6 +35,7 @@
import refpolicy
import access
+import defaults
import lex
import yacc
@@ -59,7 +60,6 @@
'MINUS',
'TILDE',
'ASTERISK',
- 'PERIOD',
'AMP',
'BAR',
'EXPL',
@@ -89,13 +89,13 @@
'TYPE_CHANGE',
'TYPE_MEMBER',
'RANGE_TRANSITION',
+ 'ROLE_TRANSITION',
# refpolicy keywords
'OPT_POLICY',
'INTERFACE',
'TUNABLE_POLICY',
'GEN_REQ',
'TEMPLATE',
- 'REFPOLICYWARN',
# m4
'IFDEF',
'IFNDEF',
@@ -128,13 +128,13 @@
'type_change' : 'TYPE_CHANGE',
'type_member' : 'TYPE_MEMBER',
'range_transition' : 'RANGE_TRANSITION',
+ 'role_transition' : 'ROLE_TRANSITION',
# refpolicy keywords
'optional_policy' : 'OPT_POLICY',
'interface' : 'INTERFACE',
'tunable_policy' : 'TUNABLE_POLICY',
'gen_require' : 'GEN_REQ',
'template' : 'TEMPLATE',
- 'refpolicywarn' : 'REFPOLICYWARN',
# M4
'ifndef' : 'IFNDEF',
'ifdef' : 'IFDEF',
@@ -158,7 +158,6 @@
t_MINUS = r'\-'
t_TILDE = r'\~'
t_ASTERISK = r'\*'
-t_PERIOD = r'\.'
t_AMP = r'\&'
t_BAR = r'\|'
t_EXPL = r'\!'
@@ -175,8 +174,14 @@
# Ignore all comments
t.lineno += 1
+def t_refpolicywarn(t):
+ r'refpolicywarn\(.*\n'
+ # Ignore refpolicywarn statements - they sometimes
+ # contain text that we can't parse.
+ t.lineno += 1
+
def t_IDENTIFIER(t):
- r'[a-zA-Z_\$\-][a-zA-Z0-9_\.\$\*]*'
+ r'[a-zA-Z_\$][a-zA-Z0-9_\.\$\*]*'
# Handle any keywords
t.type = reserved.get(t.value,'IDENTIFIER')
return t
@@ -311,6 +316,28 @@
str = "-" + p[2]
p[0] = [str]
+def p_interface_call_param(p):
+ '''interface_call_param : IDENTIFIER
+ | IDENTIFIER MINUS IDENTIFIER
+ | nested_id_set
+ '''
+ # Intentionally let single identifiers pass through
+ # List means set, non-list identifier
+ if len(p) == 2:
+ p[0] = p[1]
+ else:
+ p[0] = [p[1], "-" + p[3]]
+
+def p_interface_call_param_list(p):
+ '''interface_call_param_list : interface_call_param
+ | interface_call_param_list COMMA interface_call_param
+ '''
+ if len(p) == 2:
+ p[0] = [p[1]]
+ else:
+ p[0] = p[1] + [p[3]]
+
+
def p_comma_list(p):
'''comma_list : nested_id_list
| comma_list COMMA nested_id_list
@@ -406,23 +433,8 @@
collect(p[12], x, val=False)
p[0] = [x]
-def p_refpolicywarn_stmts(p):
- '''refpolicywarn_stmts : names
- | refpolicywarn_stmts names
- | OPAREN
- | refpolicywarn_stmts OPAREN
- | CPAREN
- | refpolicywarn_stmts CPAREN
- | PERIOD
- | refpolicywarn_stmts PERIOD
- '''
-
-def p_refpolicywarn(p):
- '''refpolicywarn : REFPOLICYWARN OPAREN TICK refpolicywarn_stmts SQUOTE CPAREN'''
- pass
-
def p_interface_call(p):
- 'interface_call : IDENTIFIER OPAREN comma_list CPAREN'
+ 'interface_call : IDENTIFIER OPAREN interface_call_param_list CPAREN'
i = refpolicy.InterfaceCall(ifname=p[1])
i.args.extend(p[3])
@@ -455,9 +467,9 @@
| role_allow
| type_def
| typealias_def
- | refpolicywarn
| attribute_def
| range_transition_def
+ | role_transition_def
'''
p[0] = [p[1]]
@@ -592,9 +604,14 @@
def p_range_transition_def(p):
- '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI'''
+ '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI
+ | RANGE_TRANSITION names names names SEMI'''
pass
+def p_role_transition_def(p):
+ '''role_transition_def : ROLE_TRANSITION names names names SEMI'''
+ pass
+
def p_error(tok):
global error
error = "Syntax error on line %d %s [type=%s]" % (tok.lineno, tok.value, tok.type)
@@ -640,7 +657,6 @@
if error is not None:
msg = 'could not parse text: "%s"' % error
- print msg
raise ValueError(msg)
return m
@@ -684,7 +700,7 @@
raise ValueError("Invalid file name %s" % root)
modname = os.path.splitext(name)
modules.append((modname[0], root))
- all_modules, support_macros = list_headers(DEFAULT_HEADERS_ROOT)
+ all_modules, support_macros = list_headers(defaults.headers())
else:
modules, support_macros = list_headers(root)
@@ -741,7 +757,8 @@
parse_file(x[1], m, spt)
else:
parse_file(x[1], m)
- except ValueError:
+ except ValueError, e:
+ o(str(e) + "\n")
failures.append(x[1])
continue
Modified: branches/policyrep/sepolgen/src/sepolgen/refpolicy.py
===================================================================
--- branches/policyrep/sepolgen/src/sepolgen/refpolicy.py 2007-04-10 19:09:48 UTC (rev 2336)
+++ branches/policyrep/sepolgen/src/sepolgen/refpolicy.py 2007-04-10 19:13:48 UTC (rev 2337)
@@ -579,9 +579,6 @@
self.args = []
self.comments = []
- def to_string(self):
- return self.to_string()
-
def matches(self, other):
if self.ifname != other.ifname:
return False
@@ -596,10 +593,15 @@
s = "%s(" % self.ifname
i = 0
for a in self.args:
+ if isinstance(a, list):
+ str = list_to_space_str(a)
+ else:
+ str = a
+
if i != 0:
- s = s + ", %s" % a
+ s = s + ", %s" % str
else:
- s = s + a
+ s = s + str
i += 1
return s + ")"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-12 18:44:44
|
Revision: 2344
http://svn.sourceforge.net/selinux/?rev=2344&view=rev
Author: ssmalley
Date: 2007-04-12 11:43:58 -0700 (Thu, 12 Apr 2007)
Log Message:
-----------
Ported r2338 thru r2343 (seobject use first alias, rpm_execcon python binding fix, getsebool -a EACCES handling, matchpathcon and checkmodule man page fixes) from trunk.
Modified Paths:
--------------
branches/policyrep/checkpolicy/ChangeLog
branches/policyrep/checkpolicy/VERSION
branches/policyrep/checkpolicy/checkmodule.8
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/man/man8/matchpathcon.8
branches/policyrep/libselinux/src/selinuxswig.i
branches/policyrep/libselinux/src/selinuxswig_wrap.c
branches/policyrep/libselinux/utils/getsebool.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/semanage/seobject.py
Modified: branches/policyrep/checkpolicy/ChangeLog
===================================================================
--- branches/policyrep/checkpolicy/ChangeLog 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/checkpolicy/ChangeLog 2007-04-12 18:43:58 UTC (rev 2344)
@@ -1,3 +1,6 @@
+2.0.2 2007-04-12
+ * Merged checkmodule man page fix from Dan Walsh.
+
2.0.1 2007-02-20
* Merged patch to allow dots in class identifiers from Caleb Case.
Modified: branches/policyrep/checkpolicy/VERSION
===================================================================
--- branches/policyrep/checkpolicy/VERSION 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/checkpolicy/VERSION 2007-04-12 18:43:58 UTC (rev 2344)
@@ -1 +1 @@
-2.0.1
+2.0.2
Modified: branches/policyrep/checkpolicy/checkmodule.8
===================================================================
--- branches/policyrep/checkpolicy/checkmodule.8 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/checkpolicy/checkmodule.8 2007-04-12 18:43:58 UTC (rev 2344)
@@ -3,7 +3,7 @@
checkmodule \- SELinux policy module compiler
.SH SYNOPSIS
.B checkmodule
-.I "[-b] [-d] [-m] [-M] [-o output_file] [input_file]"
+.I "[-b] [-m] [-M] [-V] [-o output_file] [input_file]"
.SH "DESCRIPTION"
This manual page describes the
.BR checkmodule
@@ -25,16 +25,15 @@
Read an existing binary policy module file rather than a source policy
module file. This option is a development/debugging aid.
.TP
-.B \-d
-Enter debug mode after loading the policy. This option is a
-development/debugging aid.
-.TP
.B \-m
Generate a non-base policy module.
.TP
.B \-M
Enable the MLS/MCS support when checking and compiling the policy module.
.TP
+.B \-V
+ Show policy versions created by this program
+.TP
.B \-o filename
Write a binary policy module file to the specified filename.
Otherwise, checkmodule will only check the syntax of the module source file
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/libselinux/ChangeLog 2007-04-12 18:43:58 UTC (rev 2344)
@@ -1,3 +1,6 @@
+2.0.13 2007-04-12
+ * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.
+
2.0.12 2007-04-09
* Merged support for getting initial contexts from James Carter.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/libselinux/VERSION 2007-04-12 18:43:58 UTC (rev 2344)
@@ -1 +1 @@
-2.0.12
+2.0.13
Modified: branches/policyrep/libselinux/man/man8/matchpathcon.8
===================================================================
--- branches/policyrep/libselinux/man/man8/matchpathcon.8 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/libselinux/man/man8/matchpathcon.8 2007-04-12 18:43:58 UTC (rev 2344)
@@ -28,4 +28,4 @@
.SH "SEE ALSO"
.BR selinux "(8), "
-.BR mathpathcon "(3), "
+.BR matchpathcon "(3), "
Modified: branches/policyrep/libselinux/src/selinuxswig.i
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig.i 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/libselinux/src/selinuxswig.i 2007-04-12 18:43:58 UTC (rev 2344)
@@ -115,9 +115,38 @@
extern const char *selinux_path(void);
extern int selinux_check_passwd_access(access_vector_t requested);
extern int checkPasswdAccess(access_vector_t requested);
+
+// This tells SWIG to treat char ** as a special case
+%typemap(python,in) char ** {
+ /* Check if is a list */
+ if (PyList_Check($input)) {
+ int size = PyList_Size($input);
+ int i = 0;
+ $1 = (char **) malloc((size+1)*sizeof(char *));
+ if ($1 == NULL) {
+ PyErr_SetString(PyExc_MemoryError,"Out of memory");
+ return NULL;
+ }
+ for (i = 0; i < size; i++) {
+ PyObject *o = PyList_GetItem($input,i);
+ if (PyString_Check(o))
+ $1[i] = PyString_AsString(PyList_GetItem($input,i));
+ else {
+ PyErr_SetString(PyExc_TypeError,"list must contain strings");
+ free($1);
+ return NULL;
+ }
+ }
+ $1[i] = 0;
+ } else {
+ PyErr_SetString(PyExc_TypeError,"not a list");
+ return NULL;
+ }
+}
+
extern int rpm_execcon(unsigned int verified,
const char *filename,
- char *const argv[], char *const envp[]);
+ char **, char **);
extern int is_context_customizable (security_context_t scontext);
Modified: branches/policyrep/libselinux/src/selinuxswig_wrap.c
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-04-12 18:43:58 UTC (rev 2344)
@@ -4145,18 +4145,14 @@
PyObject *resultobj = 0;
unsigned int arg1 ;
char *arg2 = (char *) 0 ;
- char **arg3 ;
- char **arg4 ;
+ char **arg3 = (char **) 0 ;
+ char **arg4 = (char **) 0 ;
int result;
unsigned int val1 ;
int ecode1 = 0 ;
int res2 ;
char *buf2 = 0 ;
int alloc2 = 0 ;
- void *argp3 = 0 ;
- int res3 = 0 ;
- void *argp4 = 0 ;
- int res4 = 0 ;
PyObject * obj0 = 0 ;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
@@ -4173,17 +4169,59 @@
SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'");
}
arg2 = (char *)(buf2);
- res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_char, 0 | 0 );
- if (!SWIG_IsOK(res3)) {
- SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "rpm_execcon" "', argument " "3"" of type '" "char *const []""'");
- }
- arg3 = (char **)(argp3);
- res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_char, 0 | 0 );
- if (!SWIG_IsOK(res4)) {
- SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "rpm_execcon" "', argument " "4"" of type '" "char *const []""'");
- }
- arg4 = (char **)(argp4);
- result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4);
+ {
+ /* Check if is a list */
+ if (PyList_Check(obj2)) {
+ int size = PyList_Size(obj2);
+ int i = 0;
+ arg3 = (char **) malloc((size+1)*sizeof(char *));
+ if (arg3 == NULL) {
+ PyErr_SetString(PyExc_MemoryError,"Out of memory");
+ return NULL;
+ }
+ for (i = 0; i < size; i++) {
+ PyObject *o = PyList_GetItem(obj2,i);
+ if (PyString_Check(o))
+ arg3[i] = PyString_AsString(PyList_GetItem(obj2,i));
+ else {
+ PyErr_SetString(PyExc_TypeError,"list must contain strings");
+ free(arg3);
+ return NULL;
+ }
+ }
+ arg3[i] = 0;
+ } else {
+ PyErr_SetString(PyExc_TypeError,"not a list");
+ return NULL;
+ }
+ }
+ {
+ /* Check if is a list */
+ if (PyList_Check(obj3)) {
+ int size = PyList_Size(obj3);
+ int i = 0;
+ arg4 = (char **) malloc((size+1)*sizeof(char *));
+ if (arg4 == NULL) {
+ PyErr_SetString(PyExc_MemoryError,"Out of memory");
+ return NULL;
+ }
+ for (i = 0; i < size; i++) {
+ PyObject *o = PyList_GetItem(obj3,i);
+ if (PyString_Check(o))
+ arg4[i] = PyString_AsString(PyList_GetItem(obj3,i));
+ else {
+ PyErr_SetString(PyExc_TypeError,"list must contain strings");
+ free(arg4);
+ return NULL;
+ }
+ }
+ arg4[i] = 0;
+ } else {
+ PyErr_SetString(PyExc_TypeError,"not a list");
+ return NULL;
+ }
+ }
+ result = (int)rpm_execcon(arg1,(char const *)arg2,arg3,arg4);
resultobj = SWIG_From_int((int)(result));
if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
return resultobj;
Modified: branches/policyrep/libselinux/utils/getsebool.c
===================================================================
--- branches/policyrep/libselinux/utils/getsebool.c 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/libselinux/utils/getsebool.c 2007-04-12 18:43:58 UTC (rev 2344)
@@ -14,7 +14,7 @@
int main(int argc, char **argv)
{
- int i, rc = 0, active, pending, len = 0, opt;
+ int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
char **names;
while ((opt = getopt(argc, argv, "a")) > 0) {
@@ -39,6 +39,7 @@
printf("No booleans\n");
return 0;
}
+ get_all = 1;
break;
default:
usage(argv[0]);
@@ -72,6 +73,8 @@
for (i = 0; i < len; i++) {
active = security_get_boolean_active(names[i]);
if (active < 0) {
+ if (get_all && errno == EACCES)
+ continue;
fprintf(stderr, "Error getting active value for %s\n",
names[i]);
rc = -1;
Modified: branches/policyrep/policycoreutils/ChangeLog
===================================================================
--- branches/policyrep/policycoreutils/ChangeLog 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/policycoreutils/ChangeLog 2007-04-12 18:43:58 UTC (rev 2344)
@@ -1,3 +1,6 @@
+2.0.9 2007-04-12
+ * Merged seobject setransRecords patch to return the first alias from Xavier Toth.
+
2.0.8 2007-04-10
* Merged updates to sepolgen-ifgen from Karl MacMillan.
Modified: branches/policyrep/policycoreutils/VERSION
===================================================================
--- branches/policyrep/policycoreutils/VERSION 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/policycoreutils/VERSION 2007-04-12 18:43:58 UTC (rev 2344)
@@ -1 +1 @@
-2.0.8
+2.0.9
Modified: branches/policyrep/policycoreutils/semanage/seobject.py
===================================================================
--- branches/policyrep/policycoreutils/semanage/seobject.py 2007-04-12 18:34:21 UTC (rev 2343)
+++ branches/policyrep/policycoreutils/semanage/seobject.py 2007-04-12 18:43:58 UTC (rev 2344)
@@ -154,7 +154,8 @@
if len(i) != 2:
self.comments.append(r)
continue
- self.ddict[i[0]] = i[1]
+ if self.ddict.has_key(i[0]) == 0:
+ self.ddict[i[0]] = i[1]
def get_all(self):
return self.ddict
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-13 18:05:30
|
Revision: 2356
http://svn.sourceforge.net/selinux/?rev=2356&view=rev
Author: ssmalley
Date: 2007-04-13 11:05:27 -0700 (Fri, 13 Apr 2007)
Log Message:
-----------
Ported r2355 (fix build) from trunk.
Modified Paths:
--------------
branches/policyrep/checkpolicy/test/Makefile
branches/policyrep/policycoreutils/secon/Makefile
Modified: branches/policyrep/checkpolicy/test/Makefile
===================================================================
--- branches/policyrep/checkpolicy/test/Makefile 2007-04-13 18:03:12 UTC (rev 2355)
+++ branches/policyrep/checkpolicy/test/Makefile 2007-04-13 18:05:27 UTC (rev 2356)
@@ -9,7 +9,7 @@
CFLAGS ?= -g -Wall -O2 -pipe
override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
all: dispol dismod
Modified: branches/policyrep/policycoreutils/secon/Makefile
===================================================================
--- branches/policyrep/policycoreutils/secon/Makefile 2007-04-13 18:03:12 UTC (rev 2355)
+++ branches/policyrep/policycoreutils/secon/Makefile 2007-04-13 18:05:27 UTC (rev 2356)
@@ -9,7 +9,7 @@
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
-LDLIBS = -lselinux -L$(LIBDIR)
+LDLIBS = -lsepol -lselinux -L$(LIBDIR)
all: secon
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-24 14:02:34
|
Revision: 2364
http://svn.sourceforge.net/selinux/?rev=2364&view=rev
Author: ssmalley
Date: 2007-04-24 07:02:33 -0700 (Tue, 24 Apr 2007)
Log Message:
-----------
Ported r2357 thru r2363 (libselinux: avc_internal.c fix, policycoreutils: several patches) from trunk.
Modified Paths:
--------------
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/src/avc_internal.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/restorecon/restorecon.c
branches/policyrep/policycoreutils/restorecond/restorecond.init
branches/policyrep/policycoreutils/scripts/chcat
branches/policyrep/policycoreutils/scripts/fixfiles
branches/policyrep/policycoreutils/scripts/genhomedircon
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/libselinux/ChangeLog 2007-04-24 14:02:33 UTC (rev 2364)
@@ -1,3 +1,6 @@
+2.0.14 2007-04-24
+ * Merged build fix for avc_internal.c from Joshua Brindle.
+
2.0.13 2007-04-12
* Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/libselinux/VERSION 2007-04-24 14:02:33 UTC (rev 2364)
@@ -1 +1 @@
-2.0.13
+2.0.14
Modified: branches/policyrep/libselinux/src/avc_internal.c
===================================================================
--- branches/policyrep/libselinux/src/avc_internal.c 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/libselinux/src/avc_internal.c 2007-04-24 14:02:33 UTC (rev 2364)
@@ -17,6 +17,7 @@
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <linux/types.h>
#include <linux/netlink.h>
#include "selinux_netlink.h"
#include "avc_internal.h"
Modified: branches/policyrep/policycoreutils/ChangeLog
===================================================================
--- branches/policyrep/policycoreutils/ChangeLog 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/policycoreutils/ChangeLog 2007-04-24 14:02:33 UTC (rev 2364)
@@ -1,3 +1,6 @@
+2.0.10 2007-04-24
+ * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
+
2.0.9 2007-04-12
* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
Modified: branches/policyrep/policycoreutils/VERSION
===================================================================
--- branches/policyrep/policycoreutils/VERSION 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/policycoreutils/VERSION 2007-04-24 14:02:33 UTC (rev 2364)
@@ -1 +1 @@
-2.0.9
+2.0.10
Modified: branches/policyrep/policycoreutils/restorecon/restorecon.c
===================================================================
--- branches/policyrep/policycoreutils/restorecon/restorecon.c 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/policycoreutils/restorecon/restorecon.c 2007-04-24 14:02:33 UTC (rev 2364)
@@ -336,8 +336,8 @@
if (!file_exist && errno == ENOENT)
return;
fprintf(stderr,
- "%s: error while labeling files under %s\n",
- progname, buf);
+ "%s: error while traversing %s: %s\n",
+ progname, buf, strerror(errno));
errors++;
}
}
Modified: branches/policyrep/policycoreutils/restorecond/restorecond.init
===================================================================
--- branches/policyrep/policycoreutils/restorecond/restorecond.init 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/policycoreutils/restorecond/restorecond.init 2007-04-24 14:02:33 UTC (rev 2364)
@@ -73,6 +73,7 @@
;;
status)
status restorecond
+ RETVAL=$?
;;
restart|reload)
restart
Modified: branches/policyrep/policycoreutils/scripts/chcat
===================================================================
--- branches/policyrep/policycoreutils/scripts/chcat 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/policycoreutils/scripts/chcat 2007-04-24 14:02:33 UTC (rev 2364)
@@ -74,10 +74,12 @@
if i not in cats:
cats.append(i)
- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
- if new_serange[-1:] == ":":
- new_serange = new_serange[:-1]
+ if len(cats) > 0:
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+ else
+ new_serange = "%s-%s" % (serange[0], top[0])
+
if add_ind:
cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
@@ -151,10 +153,11 @@
if i in cats:
cats.remove(i)
- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
- if new_serange[-1:] == ":":
- new_serange = new_serange[:-1]
-
+ if len(cats) > 0:
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+ else
+ new_serange = "%s-%s" % (serange[0], top[0])
+
if add_ind:
cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
Modified: branches/policyrep/policycoreutils/scripts/fixfiles
===================================================================
--- branches/policyrep/policycoreutils/scripts/fixfiles 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/policycoreutils/scripts/fixfiles 2007-04-24 14:02:33 UTC (rev 2364)
@@ -138,7 +138,7 @@
exit $?
fi
LogReadOnly
-${SETFILES} ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
exit $?
}
Modified: branches/policyrep/policycoreutils/scripts/genhomedircon
===================================================================
--- branches/policyrep/policycoreutils/scripts/genhomedircon 2007-04-24 13:58:04 UTC (rev 2363)
+++ branches/policyrep/policycoreutils/scripts/genhomedircon 2007-04-24 14:02:33 UTC (rev 2364)
@@ -26,6 +26,7 @@
import sys, os, pwd, string, getopt, re
from semanage import *;
+import selinux
import gettext
gettext.install('policycoreutils')
@@ -249,7 +250,10 @@
i = i.replace("HOME_DIR", home)
i = i.replace("ROLE", prefix)
i = i.replace("system_u", seuser)
- ret = ret+i
+ # Validate if the generated context exists. Some user types may not exist
+ scon = i.split()[-1]
+ if selinux.security_check_context(scon) == 0:
+ ret = ret+i
fd.close()
return ret
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-24 20:35:24
|
Revision: 2374
http://svn.sourceforge.net/selinux/?rev=2374&view=rev
Author: ssmalley
Date: 2007-04-24 13:35:23 -0700 (Tue, 24 Apr 2007)
Log Message:
-----------
Ported r2368 thru r2373 (genhomedircon default handling, libsemanage optimizations, setsebool optimizations) from trunk.
Modified Paths:
--------------
branches/policyrep/libsemanage/ChangeLog
branches/policyrep/libsemanage/VERSION
branches/policyrep/libsemanage/src/booleans_activedb.c
branches/policyrep/libsemanage/src/direct_api.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/scripts/genhomedircon
branches/policyrep/policycoreutils/setsebool/setsebool.c
Modified: branches/policyrep/libsemanage/ChangeLog
===================================================================
--- branches/policyrep/libsemanage/ChangeLog 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/ChangeLog 2007-04-24 20:35:23 UTC (rev 2374)
@@ -1,3 +1,8 @@
+2.0.2 2007-04-24
+ * Merged optimizations from Stephen Smalley.
+ - do not set all booleans upon commit, only those whose values have changed
+ - only install the sandbox upon commit if something was rebuilt
+
2.0.1 2007-03-12
* Merged dbase_file_flush patch from Dan Walsh.
This removes any mention of specific tools (e.g. semanage)
Modified: branches/policyrep/libsemanage/VERSION
===================================================================
--- branches/policyrep/libsemanage/VERSION 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/VERSION 2007-04-24 20:35:23 UTC (rev 2374)
@@ -1 +1 @@
-2.0.1
+2.0.2
Modified: branches/policyrep/libsemanage/src/booleans_activedb.c
===================================================================
--- branches/policyrep/libsemanage/src/booleans_activedb.c 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/src/booleans_activedb.c 2007-04-24 20:35:23 UTC (rev 2374)
@@ -92,8 +92,10 @@
{
SELboolean *blist = NULL;
+ const char *name;
unsigned int bcount = 0;
unsigned int i;
+ int curvalue, newvalue;
/* Allocate a sufficiently large array */
blist = malloc(sizeof(SELboolean) * count);
@@ -102,11 +104,18 @@
/* Populate array */
for (i = 0; i < count; i++) {
- blist[i].name = strdup(semanage_bool_get_name(booleans[i]));
+ name = semanage_bool_get_name(booleans[i]);
+ if (!name)
+ goto omem;
+ newvalue = semanage_bool_get_value(booleans[i]);
+ curvalue = security_get_boolean_active(name);
+ if (newvalue == curvalue)
+ continue;
+ blist[bcount].name = strdup(name);
+ if (blist[bcount].name == NULL)
+ goto omem;
+ blist[bcount].value = newvalue;
bcount++;
- if (blist[i].name == NULL)
- goto omem;
- blist[i].value = semanage_bool_get_value(booleans[i]);
}
/* Commit */
Modified: branches/policyrep/libsemanage/src/direct_api.c
===================================================================
--- branches/policyrep/libsemanage/src/direct_api.c 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/src/direct_api.c 2007-04-24 20:35:23 UTC (rev 2374)
@@ -699,7 +699,9 @@
if (retval < 0)
goto cleanup;
- retval = semanage_install_sandbox(sh);
+ if (sh->do_rebuild || modified) {
+ retval = semanage_install_sandbox(sh);
+ }
cleanup:
for (i = 0; mod_filenames != NULL && i < num_modfiles; i++) {
Modified: branches/policyrep/policycoreutils/ChangeLog
===================================================================
--- branches/policyrep/policycoreutils/ChangeLog 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/ChangeLog 2007-04-24 20:35:23 UTC (rev 2374)
@@ -1,3 +1,9 @@
+2.0.13 2007-04-24
+ * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
+
+2.0.12 2007-04-24
+ * Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
+
2.0.11 2007-04-24
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
Modified: branches/policyrep/policycoreutils/VERSION
===================================================================
--- branches/policyrep/policycoreutils/VERSION 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/VERSION 2007-04-24 20:35:23 UTC (rev 2374)
@@ -1 +1 @@
-2.0.11
+2.0.13
Modified: branches/policyrep/policycoreutils/scripts/genhomedircon
===================================================================
--- branches/policyrep/policycoreutils/scripts/genhomedircon 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/scripts/genhomedircon 2007-04-24 20:35:23 UTC (rev 2374)
@@ -136,6 +136,9 @@
self.contextdir = "/contexts"
self.filecontextdir = self.contextdir+"/files"
self.usepwd = usepwd
+ self.default_user = "user_u"
+ self.default_prefix = "user"
+ self.users = self.getUsers()
def getFileContextDir(self):
return self.selinuxdir+self.type+self.filecontextdir
@@ -212,6 +215,10 @@
prefs["prefix"] = prefix
prefs["home"] = home
udict[user] = prefs
+
+ def setDefaultUser(self, user, prefix):
+ self.default_user = user
+ self.default_prefix = prefix
def getUsers(self):
udict = {}
@@ -220,7 +227,11 @@
for seuser in list:
user = []
seusername = semanage_seuser_get_sename(seuser)
- self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.get_default_prefix(seusername))
+ prefix = self.get_default_prefix(seusername)
+ if semanage_seuser_get_name(seuser) == "__default__":
+ self.setDefaultUser(seusername, prefix)
+
+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
else:
try:
@@ -270,12 +281,11 @@
return ret
def genHomeDirContext(self):
- users = self.getUsers()
ret = ""
# Fill in HOME and prefix for users that are defined
- for u in users.keys():
- ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["prefix"])
- ret += self.getUserContext (u, users[u]["seuser"], users[u]["prefix"])
+ for u in self.users.keys():
+ ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
+ ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
return ret+"\n"
def checkExists(self, home):
@@ -322,9 +332,9 @@
def genoutput(self):
ret = self.heading()
for h in self.getHomeDirs():
- ret += self.getHomeDirContext ("user_u", "user_u" , h+'/[^/]*', "user")
+ ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
ret += self.getHomeRootContext(h)
- ret += self.getUserContext(".*", "user_u", "user") + "\n"
+ ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
ret += self.genHomeDirContext()
return ret
Modified: branches/policyrep/policycoreutils/setsebool/setsebool.c
===================================================================
--- branches/policyrep/policycoreutils/setsebool/setsebool.c 2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/setsebool/setsebool.c 2007-04-24 20:35:23 UTC (rev 2374)
@@ -73,12 +73,12 @@
return rc;
}
-/* Apply boolean changes to policy via libselinux */
+/* Apply temporal boolean changes to policy via libselinux */
static int selinux_set_boolean_list(size_t boolcnt,
- SELboolean * boollist, int perm)
+ SELboolean * boollist)
{
- if (security_set_boolean_list(boolcnt, boollist, perm)) {
+ if (security_set_boolean_list(boolcnt, boollist, 0)) {
if (errno == ENOENT)
fprintf(stderr, "Could not change active booleans: "
"Invalid boolean\n");
@@ -91,9 +91,9 @@
return 0;
}
-/* Apply (permanent) boolean changes to policy via libsemanage */
+/* Apply permanent boolean changes to policy via libsemanage */
static int semanage_set_boolean_list(size_t boolcnt,
- SELboolean * boollist, int perm)
+ SELboolean * boollist)
{
size_t j;
@@ -115,9 +115,9 @@
goto err;
} else if (managed == 0) {
- if (selinux_set_boolean_list(boolcnt, boollist, perm) < 0)
- goto err;
- goto out;
+ fprintf(stderr,
+ "Cannot set persistent booleans without managed policy.\n");
+ goto err;
}
if (semanage_connect(handle) < 0)
@@ -140,8 +140,7 @@
if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0)
goto err;
- if (perm
- && semanage_bool_modify_local(handle, bool_key,
+ if (semanage_bool_modify_local(handle, bool_key,
boolean) < 0)
goto err;
@@ -224,8 +223,13 @@
*value_ptr = '=';
}
- if (semanage_set_boolean_list(boolcnt, vallist, permanent) < 0)
- goto err;
+ if (permanent) {
+ if (semanage_set_boolean_list(boolcnt, vallist) < 0)
+ goto err;
+ } else {
+ if (selinux_set_boolean_list(boolcnt, vallist) < 0)
+ goto err;
+ }
/* Now log what was done */
pwd = getpwuid(getuid());
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-26 19:08:35
|
Revision: 2399
http://svn.sourceforge.net/selinux/?rev=2399&view=rev
Author: ssmalley
Date: 2007-04-26 12:08:34 -0700 (Thu, 26 Apr 2007)
Log Message:
-----------
Remove files left empty by prior patch.
Removed Paths:
-------------
branches/policyrep/libselinux/man/man3/selinux_booleans_path.3
branches/policyrep/libsepol/man/man3/sepol_genusers.3
branches/policyrep/libsepol/man/man8/genpolbools.8
branches/policyrep/libsepol/man/man8/genpolusers.8
branches/policyrep/libsepol/src/genusers.c
Deleted: branches/policyrep/libselinux/man/man3/selinux_booleans_path.3
===================================================================
Deleted: branches/policyrep/libsepol/man/man3/sepol_genusers.3
===================================================================
Deleted: branches/policyrep/libsepol/man/man8/genpolbools.8
===================================================================
Deleted: branches/policyrep/libsepol/man/man8/genpolusers.8
===================================================================
Deleted: branches/policyrep/libsepol/src/genusers.c
===================================================================
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-04-27 15:43:00
|
Revision: 2409
http://svn.sourceforge.net/selinux/?rev=2409&view=rev
Author: kmacmillan
Date: 2007-04-27 08:42:58 -0700 (Fri, 27 Apr 2007)
Log Message:
-----------
add scripts directory and selinux-maint
Added Paths:
-----------
branches/policyrep/scripts/
branches/policyrep/scripts/Lindent
branches/policyrep/scripts/selinux-maint
Removed Paths:
-------------
branches/policyrep/Lindent
Deleted: branches/policyrep/Lindent
===================================================================
--- branches/policyrep/Lindent 2007-04-27 15:31:45 UTC (rev 2408)
+++ branches/policyrep/Lindent 2007-04-27 15:42:58 UTC (rev 2409)
@@ -1,2 +0,0 @@
-#!/bin/sh
-indent -npro -kr -i8 -ts8 -sob -l80 -ss -ncs "$@"
Added: branches/policyrep/scripts/Lindent
===================================================================
--- branches/policyrep/scripts/Lindent (rev 0)
+++ branches/policyrep/scripts/Lindent 2007-04-27 15:42:58 UTC (rev 2409)
@@ -0,0 +1,2 @@
+#!/bin/sh
+indent -npro -kr -i8 -ts8 -sob -l80 -ss -ncs "$@"
Property changes on: branches/policyrep/scripts/Lindent
___________________________________________________________________
Name: svn:executable
+ *
Added: branches/policyrep/scripts/selinux-maint
===================================================================
--- branches/policyrep/scripts/selinux-maint (rev 0)
+++ branches/policyrep/scripts/selinux-maint 2007-04-27 15:42:58 UTC (rev 2409)
@@ -0,0 +1,221 @@
+#! /usr/bin/python
+
+# Basic instructions
+#
+# 1. Save patch email to file [patch.email]
+#
+# 2. Go to the svn directory to which you want to apply the patch.
+#
+# 3. Run "selinux-maint split patch.email". This will run vi on the
+# logmsg (pulled out of the email) to allow you to add anything (ack
+# messages). When you quit vi the current directory will have files
+# called "patch" and "logmsg".
+#
+# 4. Run "selinux-maint apply" (optionally with a strip level as
+# the last argument). This will do a dry run of applying the patch
+# showing the results and ask if you want to apply the patch. If you
+# say yes it will apply the patch and attempt to detect file adds (by
+# comparing svn status and the output of patch). If it finds adds it
+# will ask if you want to add each file.
+#
+# 5. Run "selinux-maint commit" to commit that patch with the log
+# message.
+#
+# 6. Repeat 4 and 5 as often as necessary for a set of patch emails.
+#
+# 7. Run "selinux-maint rev packagename" where packagename is
+# something like "libsepol". This will prompt for the new version
+# number (showing the current), update VERSION, add a Changelog entry
+# with the version and date, and vi the changelog for you to add
+# entries.
+#
+# 8. Run "selinux-maint commit" again to commit the revision change
+# (rev adds a simple log message - I just fixed this as my last
+# checkin had the wrong log message).
+
+import sys
+import subprocess
+import shutil
+import os
+import os.path
+import datetime
+
+dir = "/tmp/selinux-maint/"
+
+def usage():
+ print "selinux-maint [command] [options]"
+ print ""
+ print "commands:"
+ print "\tsplit patch-email: split patch-email into a patch and log message"
+ print "\tapply [patch-level]: apply the patch and logmsg with optional level"
+ print "\tcommit username: commit the changes"
+ print "\trev package: update the version number and changelog of package"
+
+def create_tmpdir():
+ try:
+ os.mkdir(dir)
+ except OSError:
+ if not os.path.isdir(dir):
+ print "path %s exists and is not a directory" % dir
+ sys.exit(1)
+
+def split_email(args):
+ # Get an absolute path for the patch email since we are going to
+ # change the working directory
+ patch_path = os.path.abspath(args[0])
+
+ create_tmpdir()
+ prevdir = os.getcwd()
+ os.chdir(dir)
+
+ infd = open(patch_path)
+ outfd = open("info", "w")
+ retcode = subprocess.call(["git-mailinfo", "msg", "patch"], stdin=infd,
+ stdout=outfd)
+ if retcode != 0:
+ sys.exit(1)
+
+ msgfd = open("logmsg", "w")
+ retcode = subprocess.call(["cat", "info", "msg"], stdout=msgfd)
+
+ msgfd.close()
+
+ retcode = subprocess.call(["vi", "logmsg"])
+
+ shutil.copyfile("logmsg", prevdir + "/logmsg")
+ shutil.copyfile("patch", prevdir + "/patch")
+
+def apply(args):
+ if len(args):
+ patch_level = "-p%d" % int(args[0])
+ else:
+ patch_level = "-p1"
+
+ print "Test applying patch:"
+ patchfd = open("patch")
+ retcode = subprocess.call(["patch", patch_level, "--dry-run"], stdin=patchfd)
+ resp = raw_input("apply [y/n]: ")
+ if resp != "y":
+ sys.exit(0)
+
+ patchfd = open("patch")
+ patch_output = subprocess.Popen(["patch", patch_level], stdin=patchfd,
+ stdout=subprocess.PIPE).communicate()[0]
+
+ status_output = subprocess.Popen(["svn", "status"], stdout=subprocess.PIPE).communicate()[0]
+
+
+ # Detect adds
+ unknown_files = []
+ for status_line in status_output.split("\n"):
+ try:
+ status, fname = status_line.split()
+ except ValueError:
+ continue
+ if status == "?":
+ unknown_files.append(fname)
+
+ added_files = []
+ for patch_line in patch_output.split("\n"):
+ try:
+ patched_fname = patch_line.split(" ")[2]
+ except:
+ continue
+ if patched_fname in unknown_files:
+ added_files.append(patched_fname)
+
+ for fname in added_files:
+ input = raw_input("add file %s [y/n]: " % fname)
+ if input == "y":
+ subprocess.call(["svn", "add", fname])
+
+def commit(args):
+ if len(args) != 1:
+ print "you must provide a username"
+ usage()
+ sys.exit(1)
+ retcode = subprocess.call(["svn", "commit", "--username", args[0], "-F", "logmsg"])
+
+def rev(args):
+ if len(args) != 1:
+ print "you must provide a package name"
+ usage()
+ sys.exit(1)
+ package = args[0]
+
+ ver_fd = open("%s/VERSION" % package, "r")
+ cur = ver_fd.read()
+ cur = cur.split("\n")[0]
+ ver_fd.close()
+ input = raw_input("new version [current is %s]: " % cur)
+ new_fd = open("%s/VERSION.new" % package, "w")
+ new_fd.write(input + "\n")
+ new_fd.close()
+ shutil.copyfile("%s/VERSION.new" % package, "%s/VERSION" % package)
+
+ old_changelog = "%s/ChangeLog" % package
+ new_changelog = "%s/ChangeLog.new" % package
+
+ n = open(new_changelog, "w")
+
+ entry = "%s %s\n" % (input, str(datetime.date.today()))
+ n.write(entry)
+ n.write("\t*\n\n")
+ o = open(old_changelog)
+ n.write(o.read())
+ n.close()
+ o.close()
+
+ subprocess.call(["vi", new_changelog])
+ shutil.copyfile(new_changelog, old_changelog)
+
+ logmsg = open("logmsg", "w")
+ logmsg.write("updated %s to version %s\n" % (package, input))
+
+def merge(args):
+ if len(args) != 2:
+ print "you must provide a revision pair and source branch"
+ usage()
+ sys.exit(1)
+
+ rev = args[0]
+ branch = args[1]
+
+ if branch == "trunk":
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/trunk"
+ elif branch == "stable":
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/branches/stable/1_0"
+ else:
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/branches/%s" % branch
+
+ subprocess.call(["svn", "diff", "-r%s" % rev, url])
+ input = raw_input("apply these changes [y/n]? ")
+ if input != "y":
+ sys.exit(0)
+
+ subprocess.call(["svn", "merge", "-r%s" % rev, url])
+
+ logmsg = open("logmsg", "w")
+ logmsg.write("applied r%s from %s\n" % (rev, branch))
+
+
+def main():
+ if len(sys.argv) < 2:
+ usage()
+ sys.exit(1)
+
+ command = sys.argv[1]
+ if command == "split":
+ split_email(sys.argv[2:])
+ elif command == "apply":
+ apply(sys.argv[2:])
+ elif command == "commit":
+ commit(sys.argv[2:])
+ elif command == "rev":
+ rev(sys.argv[2:])
+ elif command == "merge":
+ merge(sys.argv[2:])
+ else:
+ usage()
+
+main()
Property changes on: branches/policyrep/scripts/selinux-maint
___________________________________________________________________
Name: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-05-03 16:54:42
|
Revision: 2423
http://svn.sourceforge.net/selinux/?rev=2423&view=rev
Author: ssmalley
Date: 2007-05-03 09:54:37 -0700 (Thu, 03 May 2007)
Log Message:
-----------
applied r2421:2422 from trunk
Modified Paths:
--------------
branches/policyrep/checkpolicy/Makefile
branches/policyrep/libselinux/include/Makefile
branches/policyrep/libselinux/src/Makefile
branches/policyrep/libselinux/utils/Makefile
branches/policyrep/libsemanage/include/Makefile
branches/policyrep/libsemanage/src/Makefile
branches/policyrep/libsepol/include/Makefile
branches/policyrep/libsepol/src/Makefile
branches/policyrep/libsepol/utils/Makefile
branches/policyrep/policycoreutils/audit2why/Makefile
branches/policyrep/policycoreutils/load_policy/Makefile
branches/policyrep/policycoreutils/newrole/Makefile
branches/policyrep/policycoreutils/restorecon/Makefile
branches/policyrep/policycoreutils/restorecond/Makefile
branches/policyrep/policycoreutils/run_init/Makefile
branches/policyrep/policycoreutils/secon/Makefile
branches/policyrep/policycoreutils/semodule/Makefile
branches/policyrep/policycoreutils/semodule_deps/Makefile
branches/policyrep/policycoreutils/semodule_expand/Makefile
branches/policyrep/policycoreutils/semodule_link/Makefile
branches/policyrep/policycoreutils/semodule_package/Makefile
branches/policyrep/policycoreutils/sestatus/Makefile
branches/policyrep/policycoreutils/setfiles/Makefile
branches/policyrep/policycoreutils/setsebool/Makefile
Modified: branches/policyrep/checkpolicy/Makefile
===================================================================
--- branches/policyrep/checkpolicy/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/checkpolicy/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -58,4 +58,4 @@
$(MAKE) -C test clean
indent:
- ../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+ ../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
Modified: branches/policyrep/libselinux/include/Makefile
===================================================================
--- branches/policyrep/libselinux/include/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libselinux/include/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -7,5 +7,5 @@
install -m 644 $(wildcard selinux/*.h) $(INCDIR)
indent:
- ../../Lindent $(wildcard selinux/*.h)
+ ../../scripts/Lindent $(wildcard selinux/*.h)
Modified: branches/policyrep/libselinux/src/Makefile
===================================================================
--- branches/policyrep/libselinux/src/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libselinux/src/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -84,5 +84,5 @@
rm -f $(SWIGCOUT) $(SWIGFILES)
indent:
- ../../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+ ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
Modified: branches/policyrep/libselinux/utils/Makefile
===================================================================
--- branches/policyrep/libselinux/utils/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libselinux/utils/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -19,7 +19,7 @@
rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: branches/policyrep/libsemanage/include/Makefile
===================================================================
--- branches/policyrep/libsemanage/include/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libsemanage/include/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -7,4 +7,4 @@
install -m 644 $(wildcard semanage/*.h) $(INCDIR)
indent:
- ../../Lindent $(wildcard semanage/*.h)
+ ../../scripts/Lindent $(wildcard semanage/*.h)
Modified: branches/policyrep/libsemanage/src/Makefile
===================================================================
--- branches/policyrep/libsemanage/src/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libsemanage/src/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -99,6 +99,6 @@
rm -f $(SWIGCOUT) $(SWIGFILES)
indent:
- ../../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+ ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
.PHONY: all clean pywrap swigify install install-pywrap distclean
Modified: branches/policyrep/libsepol/include/Makefile
===================================================================
--- branches/policyrep/libsepol/include/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libsepol/include/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -9,4 +9,4 @@
install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
indent:
- ../../Lindent $(wildcard sepol/*.h)
+ ../../scripts/Lindent $(wildcard sepol/*.h)
Modified: branches/policyrep/libsepol/src/Makefile
===================================================================
--- branches/policyrep/libsepol/src/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libsepol/src/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -43,5 +43,5 @@
-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET)
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: branches/policyrep/libsepol/utils/Makefile
===================================================================
--- branches/policyrep/libsepol/utils/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/libsepol/utils/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -18,7 +18,7 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: branches/policyrep/policycoreutils/audit2why/Makefile
===================================================================
--- branches/policyrep/policycoreutils/audit2why/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/audit2why/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -25,6 +25,6 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: branches/policyrep/policycoreutils/load_policy/Makefile
===================================================================
--- branches/policyrep/policycoreutils/load_policy/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/load_policy/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -22,7 +22,7 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
/sbin/restorecon $(SBINDIR)/load_policy
Modified: branches/policyrep/policycoreutils/newrole/Makefile
===================================================================
--- branches/policyrep/policycoreutils/newrole/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/newrole/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -76,7 +76,7 @@
rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(BINDIR)/newrole
Modified: branches/policyrep/policycoreutils/restorecon/Makefile
===================================================================
--- branches/policyrep/policycoreutils/restorecon/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/restorecon/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -22,7 +22,7 @@
-rm -f restorecon *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(SBINDIR)/restorecon
Modified: branches/policyrep/policycoreutils/restorecond/Makefile
===================================================================
--- branches/policyrep/policycoreutils/restorecond/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/restorecond/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -31,5 +31,5 @@
-rm -f restorecond *.o *~
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: branches/policyrep/policycoreutils/run_init/Makefile
===================================================================
--- branches/policyrep/policycoreutils/run_init/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/run_init/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -46,7 +46,7 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty
Modified: branches/policyrep/policycoreutils/secon/Makefile
===================================================================
--- branches/policyrep/policycoreutils/secon/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/secon/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -30,7 +30,7 @@
rm -f *.o core* secon *~ *.bak
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
bare: clean
Modified: branches/policyrep/policycoreutils/semodule/Makefile
===================================================================
--- branches/policyrep/policycoreutils/semodule/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/semodule/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -26,5 +26,5 @@
-rm -f semodule *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: branches/policyrep/policycoreutils/semodule_deps/Makefile
===================================================================
--- branches/policyrep/policycoreutils/semodule_deps/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/semodule_deps/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -25,5 +25,5 @@
-rm -f semodule_deps *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: branches/policyrep/policycoreutils/semodule_expand/Makefile
===================================================================
--- branches/policyrep/policycoreutils/semodule_expand/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/semodule_expand/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -25,5 +25,5 @@
-rm -f semodule_expand *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: branches/policyrep/policycoreutils/semodule_link/Makefile
===================================================================
--- branches/policyrep/policycoreutils/semodule_link/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/semodule_link/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -25,5 +25,5 @@
-rm -f semodule_link *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: branches/policyrep/policycoreutils/semodule_package/Makefile
===================================================================
--- branches/policyrep/policycoreutils/semodule_package/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/semodule_package/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -25,5 +25,5 @@
-rm -f semodule_package *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: branches/policyrep/policycoreutils/sestatus/Makefile
===================================================================
--- branches/policyrep/policycoreutils/sestatus/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/sestatus/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -25,6 +25,6 @@
rm -f sestatus *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: branches/policyrep/policycoreutils/setfiles/Makefile
===================================================================
--- branches/policyrep/policycoreutils/setfiles/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/setfiles/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -29,7 +29,7 @@
rm -f setfiles *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(SBINDIR)/setfiles
Modified: branches/policyrep/policycoreutils/setsebool/Makefile
===================================================================
--- branches/policyrep/policycoreutils/setsebool/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
+++ branches/policyrep/policycoreutils/setsebool/Makefile 2007-05-03 16:54:37 UTC (rev 2423)
@@ -26,5 +26,5 @@
-rm -f setsebool *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-05-03 17:33:19
|
Revision: 2425
http://svn.sourceforge.net/selinux/?rev=2425&view=rev
Author: ssmalley
Date: 2007-05-03 10:33:17 -0700 (Thu, 03 May 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: Drop preservebools support from userland policy loader
Date: Fri, 27 Apr 2007 14:53:34 -0400
For the policyrep branch.
This patch drops preservebools support from the userland policy loader,
as it will be provided by the kernel automatically going forward (already in
-git as of today, will be released in 2.6.22). The patch includes the removal of the
obsoleted sepol_genbools_array interface from libsepol and the removal of
the preservebools flag from the selinux_mkload_policy() interface in libselinux.
This removes the last remaining manipulation of policy at load time except for
the possible downgrading of policy to the kernel's version if they do not match.
The only case where this will yield a change in behavior is if someone does
a setsebool w/o -P and then reloads policy on a kernel that lacks the new support
for preserving booleans. As the dominant use of booleans today is as tunables,
non-persistent boolean changes are rarely used.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
branches/policyrep/libselinux/include/selinux/selinux.h
branches/policyrep/libselinux/src/load_policy.c
branches/policyrep/libselinux/src/selinuxswig.i
branches/policyrep/libselinux/src/selinuxswig_wrap.c
branches/policyrep/libsepol/include/sepol/booleans.h
branches/policyrep/libsepol/include/sepol/users.h
branches/policyrep/libsepol/src/libsepol.map
branches/policyrep/policycoreutils/load_policy/load_policy.c
Removed Paths:
-------------
branches/policyrep/libsepol/man/man3/sepol_genbools.3
branches/policyrep/libsepol/src/genbools.c
Modified: branches/policyrep/libselinux/include/selinux/selinux.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/selinux.h 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libselinux/include/selinux/selinux.h 2007-05-03 17:33:17 UTC (rev 2425)
@@ -201,16 +201,10 @@
* This function provides a higher level interface for loading policy
* than security_load_policy, internally determining the right policy
* version, locating and opening the policy file, mapping it into memory,
- * manipulating it as needed for current boolean settings and/or local
- * definitions, and then calling security_load_policy to load it.
- *
- * 'preservebools' is a boolean flag indicating whether current
- * policy boolean values should be preserved into the new policy (if 1)
- * or reset to the saved policy settings (if 0). The former case is the
- * default for policy reloads, while the latter case is an option for policy
- * reloads but is primarily for the initial policy load.
+ * manipulating it as needed to match the kernel's supported version, and
+ * then calling security_load_policy to load it.
*/
- extern int selinux_mkload_policy(int preservebools);
+ extern int selinux_mkload_policy(void);
/*
* Perform the initial policy load.
Modified: branches/policyrep/libselinux/src/load_policy.c
===================================================================
--- branches/policyrep/libselinux/src/load_policy.c 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libselinux/src/load_policy.c 2007-05-03 17:33:17 UTC (rev 2425)
@@ -39,15 +39,15 @@
hidden_def(security_load_policy)
-int selinux_mkload_policy(int preservebools)
+int selinux_mkload_policy(void)
{
int vers = sepol_policy_kern_vers_max();
int kernvers = security_policyvers();
- char path[PATH_MAX], **names;
+ char path[PATH_MAX];
struct stat sb;
size_t size;
void *map, *data;
- int fd, rc = -1, *values, len, i, prot;
+ int fd, rc = -1;
sepol_policydb_t *policydb;
sepol_policy_file_t *pf;
@@ -68,12 +68,8 @@
if (fstat(fd, &sb) < 0)
goto close;
- prot = PROT_READ;
- if (preservebools)
- prot |= PROT_WRITE;
-
size = sb.st_size;
- data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+ data = map = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
if (map == MAP_FAILED)
goto close;
@@ -105,24 +101,6 @@
sepol_policydb_free(policydb);
}
- if (preservebools) {
- rc = security_get_boolean_names(&names, &len);
- if (!rc) {
- values = malloc(sizeof(int) * len);
- if (!values)
- goto unmap;
- for (i = 0; i < len; i++)
- values[i] =
- security_get_boolean_active(names[i]);
- (void)sepol_genbools_array(data, size, names, values,
- len);
- free(values);
- for (i = 0; i < len; i++)
- free(names[i]);
- free(names);
- }
- }
-
rc = security_load_policy(data, size);
unmap:
@@ -244,7 +222,7 @@
}
/* Load the policy. */
- return selinux_mkload_policy(0);
+ return selinux_mkload_policy();
noload:
/*
Modified: branches/policyrep/libselinux/src/selinuxswig.i
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig.i 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libselinux/src/selinuxswig.i 2007-05-03 17:33:17 UTC (rev 2425)
@@ -63,7 +63,7 @@
extern int lsetfilecon(const char *path, security_context_t con);
extern int fsetfilecon(int fd, security_context_t con);
extern int getpeercon(int fd, security_context_t *con);
-extern int selinux_mkload_policy(int preservebools);
+extern int selinux_mkload_policy(void);
extern int selinux_init_load_policy(int *enforce);
extern int security_set_boolean_list(size_t boolcnt,
SELboolean *boollist);
Modified: branches/policyrep/libselinux/src/selinuxswig_wrap.c
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-05-03 17:33:17 UTC (rev 2425)
@@ -3350,19 +3350,10 @@
SWIGINTERN PyObject *_wrap_selinux_mkload_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
- int arg1 ;
int result;
- int val1 ;
- int ecode1 = 0 ;
- PyObject * obj0 = 0 ;
- if (!PyArg_ParseTuple(args,(char *)"O:selinux_mkload_policy",&obj0)) SWIG_fail;
- ecode1 = SWIG_AsVal_int(obj0, &val1);
- if (!SWIG_IsOK(ecode1)) {
- SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_mkload_policy" "', argument " "1"" of type '" "int""'");
- }
- arg1 = (int)(val1);
- result = (int)selinux_mkload_policy(arg1);
+ if (!PyArg_ParseTuple(args,(char *)":selinux_mkload_policy")) SWIG_fail;
+ result = (int)selinux_mkload_policy();
resultobj = SWIG_From_int((int)(result));
return resultobj;
fail:
Modified: branches/policyrep/libsepol/include/sepol/booleans.h
===================================================================
--- branches/policyrep/libsepol/include/sepol/booleans.h 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libsepol/include/sepol/booleans.h 2007-05-03 17:33:17 UTC (rev 2425)
@@ -6,24 +6,6 @@
#include <sepol/boolean_record.h>
#include <sepol/handle.h>
-/*--------------compatibility--------------*/
-
-/* Given an existing binary policy (starting at 'data', with length 'len')
- and a boolean configuration file named by 'boolpath', rewrite the binary
- policy for the boolean settings in the boolean configuration file.
- The binary policy is rewritten in place in memory.
- Returns 0 upon success, or -1 otherwise. */
-extern int sepol_genbools(void *data, size_t len, char *boolpath);
-
-/* Given an existing binary policy (starting at 'data', with length 'len')
- and boolean settings specified by the parallel arrays ('names', 'values')
- with 'nel' elements, rewrite the binary policy for the boolean settings.
- The binary policy is rewritten in place in memory.
- Returns 0 upon success or -1 otherwise. */
-extern int sepol_genbools_array(void *data, size_t len,
- char **names, int *values, int nel);
-/*---------------end compatbility------------*/
-
/* Set the specified boolean */
extern int sepol_bool_set(sepol_handle_t * handle,
sepol_policydb_t * policydb,
Modified: branches/policyrep/libsepol/include/sepol/users.h
===================================================================
--- branches/policyrep/libsepol/include/sepol/users.h 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libsepol/include/sepol/users.h 2007-05-03 17:33:17 UTC (rev 2425)
@@ -6,23 +6,6 @@
#include <sepol/handle.h>
#include <stddef.h>
-/*---------compatibility------------*/
-
-/* Given an existing binary policy (starting at 'data with length 'len')
- and user configurations living in 'usersdir', generate a new binary
- policy for the new user configurations. Sets '*newdata' and '*newlen'
- to refer to the new binary policy image. */
-extern int sepol_genusers(void *data, size_t len,
- const char *usersdir,
- void **newdata, size_t * newlen);
-
-/* Enable or disable deletion of users by sepol_genusers(3) when
- a user in original binary policy image is not defined by the
- new user configurations. Defaults to disabled. */
-extern void sepol_set_delusers(int on);
-
-/*--------end compatibility----------*/
-
/* Modify the user, or add it, if the key is not found */
extern int sepol_user_modify(sepol_handle_t * handle,
sepol_policydb_t * policydb,
Deleted: branches/policyrep/libsepol/man/man3/sepol_genbools.3
===================================================================
--- branches/policyrep/libsepol/man/man3/sepol_genbools.3 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libsepol/man/man3/sepol_genbools.3 2007-05-03 17:33:17 UTC (rev 2425)
@@ -1,22 +0,0 @@
-.TH "sepol_genbools" "3" "11 August 2004" "sd...@ep..." "SE Linux binary policy API documentation"
-.SH "NAME"
-sepol_genbools \- Rewrite a binary policy with different boolean settings
-.SH "SYNOPSIS"
-.B #include <sepol/sepol.h>
-.sp
-.BI "int sepol_genbools_array(void *" data ", size_t " len ", char **" names ", int *" values ", int " nel );
-
-.SH "DESCRIPTION"
-.B sepol_genbools_array
-rewrites a binary policy stored in the memory region described by
-(data, len) to use the boolean settings specified in the parallel
-arrays (names, values) with nel elements each. The binary policy is
-rewritten in place in memory.
-
-.SH "RETURN VALUE"
-Returns 0 on success or -1 otherwise, with errno set appropriately.
-An errno of EINVAL indicates that one or more booleans listed in the
-boolean file was undefined in the policy or had an invalid value specified;
-in this case, the binary policy is still rewritten but any invalid
-boolean settings are ignored.
-
Deleted: branches/policyrep/libsepol/src/genbools.c
===================================================================
--- branches/policyrep/libsepol/src/genbools.c 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libsepol/src/genbools.c 2007-05-03 17:33:17 UTC (rev 2425)
@@ -1,71 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include <sepol/policydb/policydb.h>
-#include <sepol/policydb/conditional.h>
-
-#include "debug.h"
-#include "private.h"
-#include "dso.h"
-
-int sepol_genbools_array(void *data, size_t len, char **names, int *values,
- int nel)
-{
- struct policydb policydb;
- struct policy_file pf;
- int rc, i, errors = 0;
- struct cond_bool_datum *datum;
-
- /* Create policy database from image */
- if (policydb_init(&policydb))
- goto err;
- if (policydb_from_image(NULL, data, len, &policydb) < 0)
- goto err;
-
- for (i = 0; i < nel; i++) {
- datum = hashtab_search(policydb.p_bools.table, names[i]);
- if (!datum) {
- ERR(NULL, "boolean %s no longer in policy", names[i]);
- errors++;
- continue;
- }
- if (values[i] != 0 && values[i] != 1) {
- ERR(NULL, "illegal value %d for boolean %s",
- values[i], names[i]);
- errors++;
- continue;
- }
- datum->state = values[i];
- }
-
- if (evaluate_conds(&policydb) < 0) {
- ERR(NULL, "error while re-evaluating conditionals");
- errno = EINVAL;
- goto err_destroy;
- }
-
- pf.type = PF_USE_MEMORY;
- pf.data = data;
- pf.len = len;
- rc = policydb_write(&policydb, &pf);
- if (rc) {
- ERR(NULL, "unable to write binary policy");
- errno = EINVAL;
- goto err_destroy;
- }
- if (errors) {
- errno = EINVAL;
- goto err_destroy;
- }
-
- policydb_destroy(&policydb);
- return 0;
-
- err_destroy:
- policydb_destroy(&policydb);
-
- err:
- return -1;
-}
Modified: branches/policyrep/libsepol/src/libsepol.map
===================================================================
--- branches/policyrep/libsepol/src/libsepol.map 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/libsepol/src/libsepol.map 2007-05-03 17:33:17 UTC (rev 2425)
@@ -1,7 +1,7 @@
LIBSEPOL_2.0 {
global:
sepol_module_package_*; sepol_link_modules; sepol_expand_module; sepol_link_packages;
- sepol_bool_*; sepol_genbools_array;
+ sepol_bool_*;
sepol_context_*; sepol_mls_*; sepol_check_context;
sepol_iface_*;
sepol_port_*;
Modified: branches/policyrep/policycoreutils/load_policy/load_policy.c
===================================================================
--- branches/policyrep/policycoreutils/load_policy/load_policy.c 2007-05-03 16:57:02 UTC (rev 2424)
+++ branches/policyrep/policycoreutils/load_policy/load_policy.c 2007-05-03 17:33:17 UTC (rev 2425)
@@ -62,7 +62,7 @@
argv[0], argv[optind++]);
}
- ret = selinux_mkload_policy(1);
+ ret = selinux_mkload_policy();
if (ret < 0) {
fprintf(stderr, _("%s: Can't load policy: %s\n"),
argv[0], strerror(errno));
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-05-09 15:03:35
|
Revision: 2435
http://svn.sourceforge.net/selinux/?rev=2435&view=rev
Author: ssmalley
Date: 2007-05-09 08:03:33 -0700 (Wed, 09 May 2007)
Log Message:
-----------
applied r2429:HEAD from trunk
Modified Paths:
--------------
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/src/selinux.py
branches/policyrep/libselinux/src/selinuxswig.i
branches/policyrep/libselinux/src/selinuxswig_wrap.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/scripts/genhomedircon
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-05-09 14:54:17 UTC (rev 2434)
+++ branches/policyrep/libselinux/ChangeLog 2007-05-09 15:03:33 UTC (rev 2435)
@@ -1,3 +1,6 @@
+2.0.16 2007-05-09
+ * Merged additional swig python bindings from Dan Walsh.
+
2.0.15 2007-04-27
* Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-05-09 14:54:17 UTC (rev 2434)
+++ branches/policyrep/libselinux/VERSION 2007-05-09 15:03:33 UTC (rev 2435)
@@ -1 +1 @@
-2.0.15
+2.0.16
Modified: branches/policyrep/libselinux/src/selinux.py
===================================================================
--- branches/policyrep/libselinux/src/selinux.py 2007-05-09 14:54:17 UTC (rev 2434)
+++ branches/policyrep/libselinux/src/selinux.py 2007-05-09 15:03:33 UTC (rev 2435)
@@ -48,8 +48,19 @@
del types
+SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
+get_ordered_context_list = _selinux.get_ordered_context_list
+get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level
+get_default_context = _selinux.get_default_context
+get_default_context_with_level = _selinux.get_default_context_with_level
+get_default_context_with_role = _selinux.get_default_context_with_role
+get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel
+query_user_context = _selinux.query_user_context
+manual_user_enter_context = _selinux.manual_user_enter_context
is_selinux_enabled = _selinux.is_selinux_enabled
is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
+freecon = _selinux.freecon
+freeconary = _selinux.freeconary
getcon = _selinux.getcon
setcon = _selinux.setcon
getpidcon = _selinux.getpidcon
@@ -87,6 +98,8 @@
set_matchpathcon_flags = _selinux.set_matchpathcon_flags
matchpathcon_init = _selinux.matchpathcon_init
matchpathcon = _selinux.matchpathcon
+matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix
+matchpathcon_fini = _selinux.matchpathcon_fini
matchmediacon = _selinux.matchmediacon
selinux_getenforcemode = _selinux.selinux_getenforcemode
selinux_policy_root = _selinux.selinux_policy_root
@@ -101,18 +114,22 @@
selinux_homedir_context_path = _selinux.selinux_homedir_context_path
selinux_media_context_path = _selinux.selinux_media_context_path
selinux_contexts_path = _selinux.selinux_contexts_path
+selinux_securetty_types_path = _selinux.selinux_securetty_types_path
selinux_customizable_types_path = _selinux.selinux_customizable_types_path
selinux_usersconf_path = _selinux.selinux_usersconf_path
selinux_translations_path = _selinux.selinux_translations_path
selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path
selinux_path = _selinux.selinux_path
-selinux_check_passwd_access = _selinux.selinux_check_passwd_access
-checkPasswdAccess = _selinux.checkPasswdAccess
+selinux_check_securetty_context = _selinux.selinux_check_securetty_context
+set_selinuxmnt = _selinux.set_selinuxmnt
rpm_execcon = _selinux.rpm_execcon
is_context_customizable = _selinux.is_context_customizable
selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
selinux_getpolicytype = _selinux.selinux_getpolicytype
getseuserbyname = _selinux.getseuserbyname
+selinux_file_context_cmp = _selinux.selinux_file_context_cmp
+selinux_file_context_verify = _selinux.selinux_file_context_verify
+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
Modified: branches/policyrep/libselinux/src/selinuxswig.i
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig.i 2007-05-09 14:54:17 UTC (rev 2434)
+++ branches/policyrep/libselinux/src/selinuxswig.i 2007-05-09 15:03:33 UTC (rev 2435)
@@ -21,6 +21,7 @@
%module selinux
%{
#include "selinux/selinux.h"
+ #include "selinux/get_context_list.h"
%}
%apply int *OUTPUT { int * };
%apply int *OUTPUT { size_t * };
@@ -42,8 +43,12 @@
%typedef unsigned mode_t;
+%include "../include/selinux/get_context_list.h"
+
extern int is_selinux_enabled(void);
extern int is_selinux_mls_enabled(void);
+extern void freecon(security_context_t con);
+extern void freeconary(security_context_t * con);
extern int getcon(security_context_t *con);
extern int setcon(security_context_t con);
extern int getpidcon(int pid, security_context_t *con);
@@ -88,6 +93,11 @@
mode_t mode,
security_context_t *con);
+extern int matchpathcon_init_prefix(const char *path,
+ const char *prefix);
+extern void matchpathcon_fini(void);
+
+
extern int matchmediacon(const char *media,
security_context_t *con);
@@ -104,16 +114,21 @@
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_contexts_path(void);
+extern const char *selinux_securetty_types_path(void);
extern const char *selinux_customizable_types_path(void);
extern const char *selinux_usersconf_path(void);
extern const char *selinux_translations_path(void);
extern const char *selinux_netfilter_context_path(void);
extern const char *selinux_path(void);
-extern int selinux_check_passwd_access(access_vector_t requested);
-extern int checkPasswdAccess(access_vector_t requested);
+#extern int selinux_check_passwd_access(access_vector_t requested);
+#extern int checkPasswdAccess(access_vector_t requested);
+extern int selinux_check_securetty_context(security_context_t tty_context);
+void set_selinuxmnt(char *mnt);
+
+#ifdef SWIGpython
// This tells SWIG to treat char ** as a special case
-%typemap(python,in) char ** {
+%typemap(in) char ** {
/* Check if is a list */
if (PyList_Check($input)) {
int size = PyList_Size($input);
@@ -139,6 +154,7 @@
return NULL;
}
}
+#endif
extern int rpm_execcon(unsigned int verified,
const char *filename,
@@ -160,3 +176,7 @@
}
extern int selinux_getpolicytype(char **enforce);
extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+
+int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
+int selinux_file_context_verify(const char *path, mode_t mode);
+int selinux_lsetfilecon_default(const char *path);
Modified: branches/policyrep/libselinux/src/selinuxswig_wrap.c
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-05-09 14:54:17 UTC (rev 2434)
+++ branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-05-09 15:03:33 UTC (rev 2435)
@@ -2449,11 +2449,11 @@
/* -------- TYPES TABLE (BEGIN) -------- */
#define SWIGTYPE_p_SELboolean swig_types[0]
-#define SWIGTYPE_p_access_vector_t swig_types[1]
-#define SWIGTYPE_p_char swig_types[2]
-#define SWIGTYPE_p_int swig_types[3]
-#define SWIGTYPE_p_p_char swig_types[4]
-#define SWIGTYPE_p_p_p_char swig_types[5]
+#define SWIGTYPE_p_char swig_types[1]
+#define SWIGTYPE_p_int swig_types[2]
+#define SWIGTYPE_p_p_char swig_types[3]
+#define SWIGTYPE_p_p_p_char swig_types[4]
+#define SWIGTYPE_p_p_security_context_t swig_types[5]
#define SWIGTYPE_p_security_context_t swig_types[6]
#define SWIGTYPE_p_unsigned_int swig_types[7]
static swig_type_info *swig_types[9];
@@ -2485,8 +2485,101 @@
#include "selinux/selinux.h"
+ #include "selinux/get_context_list.h"
+SWIGINTERN swig_type_info*
+SWIG_pchar_descriptor(void)
+{
+ static int init = 0;
+ static swig_type_info* info = 0;
+ if (!init) {
+ info = SWIG_TypeQuery("_p_char");
+ init = 1;
+ }
+ return info;
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtrAndSize(const char* carray, size_t size)
+{
+ if (carray) {
+ if (size > INT_MAX) {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ return pchar_descriptor ?
+ SWIG_NewPointerObj((char *)(carray), pchar_descriptor, 0) : SWIG_Py_Void();
+ } else {
+ return PyString_FromStringAndSize(carray, (int)(size));
+ }
+ } else {
+ return SWIG_Py_Void();
+ }
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtr(const char *cptr)
+{
+ return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
+}
+
+
+SWIGINTERN int
+SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc)
+{
+ if (PyString_Check(obj)) {
+ char *cstr; Py_ssize_t len;
+ PyString_AsStringAndSize(obj, &cstr, &len);
+ if (cptr) {
+ if (alloc) {
+ /*
+ In python the user should not be able to modify the inner
+ string representation. To warranty that, if you define
+ SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string
+ buffer is always returned.
+
+ The default behavior is just to return the pointer value,
+ so, be careful.
+ */
+#if defined(SWIG_PYTHON_SAFE_CSTRINGS)
+ if (*alloc != SWIG_OLDOBJ)
+#else
+ if (*alloc == SWIG_NEWOBJ)
+#endif
+ {
+ *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
+ *alloc = SWIG_NEWOBJ;
+ }
+ else {
+ *cptr = cstr;
+ *alloc = SWIG_OLDOBJ;
+ }
+ } else {
+ *cptr = PyString_AsString(obj);
+ }
+ }
+ if (psize) *psize = len + 1;
+ return SWIG_OK;
+ } else {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ if (pchar_descriptor) {
+ void* vptr = 0;
+ if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) {
+ if (cptr) *cptr = (char *) vptr;
+ if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
+ if (alloc) *alloc = SWIG_OLDOBJ;
+ return SWIG_OK;
+ }
+ }
+ }
+ return SWIG_TypeError;
+}
+
+
+
+
+
#define SWIG_From_long PyInt_FromLong
@@ -2644,75 +2737,7 @@
}
-SWIGINTERN swig_type_info*
-SWIG_pchar_descriptor(void)
-{
- static int init = 0;
- static swig_type_info* info = 0;
- if (!init) {
- info = SWIG_TypeQuery("_p_char");
- init = 1;
- }
- return info;
-}
-
-
SWIGINTERN int
-SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc)
-{
- if (PyString_Check(obj)) {
- char *cstr; Py_ssize_t len;
- PyString_AsStringAndSize(obj, &cstr, &len);
- if (cptr) {
- if (alloc) {
- /*
- In python the user should not be able to modify the inner
- string representation. To warranty that, if you define
- SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string
- buffer is always returned.
-
- The default behavior is just to return the pointer value,
- so, be careful.
- */
-#if defined(SWIG_PYTHON_SAFE_CSTRINGS)
- if (*alloc != SWIG_OLDOBJ)
-#else
- if (*alloc == SWIG_NEWOBJ)
-#endif
- {
- *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
- *alloc = SWIG_NEWOBJ;
- }
- else {
- *cptr = cstr;
- *alloc = SWIG_OLDOBJ;
- }
- } else {
- *cptr = PyString_AsString(obj);
- }
- }
- if (psize) *psize = len + 1;
- return SWIG_OK;
- } else {
- swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
- if (pchar_descriptor) {
- void* vptr = 0;
- if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) {
- if (cptr) *cptr = (char *) vptr;
- if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
- if (alloc) *alloc = SWIG_OLDOBJ;
- return SWIG_OK;
- }
- }
- }
- return SWIG_TypeError;
-}
-
-
-
-
-
-SWIGINTERN int
SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val)
{
if (PyInt_Check(obj)) {
@@ -2781,33 +2806,396 @@
return res;
}
+#ifdef __cplusplus
+extern "C" {
+#endif
+SWIGINTERN PyObject *_wrap_get_ordered_context_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 ;
+ security_context_t **arg3 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_ordered_context_list",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ {
+ arg2 = (security_context_t)PyString_AsString(obj1);
+ }
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_security_context_t, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_ordered_context_list" "', argument " "3"" of type '" "security_context_t **""'");
+ }
+ arg3 = (security_context_t **)(argp3);
+ result = (int)get_ordered_context_list((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
-SWIGINTERNINLINE PyObject *
-SWIG_FromCharPtrAndSize(const char* carray, size_t size)
-{
- if (carray) {
- if (size > INT_MAX) {
- swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
- return pchar_descriptor ?
- SWIG_NewPointerObj((char *)(carray), pchar_descriptor, 0) : SWIG_Py_Void();
- } else {
- return PyString_FromStringAndSize(carray, (int)(size));
- }
- } else {
- return SWIG_Py_Void();
+
+SWIGINTERN PyObject *_wrap_get_ordered_context_list_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 ;
+ security_context_t **arg4 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ void *argp4 = 0 ;
+ int res4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:get_ordered_context_list_with_level",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list_with_level" "', argument " "1"" of type '" "char const *""'");
}
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_ordered_context_list_with_level" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ {
+ arg3 = (security_context_t)PyString_AsString(obj2);
+ }
+ res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_security_context_t, 0 | 0 );
+ if (!SWIG_IsOK(res4)) {
+ SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "get_ordered_context_list_with_level" "', argument " "4"" of type '" "security_context_t **""'");
+ }
+ arg4 = (security_context_t **)(argp4);
+ result = (int)get_ordered_context_list_with_level((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
}
-SWIGINTERNINLINE PyObject *
-SWIG_FromCharPtr(const char *cptr)
-{
- return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
+SWIGINTERN PyObject *_wrap_get_default_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 ;
+ security_context_t *arg3 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp3 = NULL ;
+ char *temp30 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:get_default_context",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ {
+ arg2 = (security_context_t)PyString_AsString(obj1);
+ }
+ result = (int)get_default_context((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg3)
+ temp30 = *arg3;
+ else
+ temp30 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp30));
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
}
-#ifdef __cplusplus
-extern "C" {
-#endif
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t temp4 = NULL ;
+ char *temp40 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_level",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_level" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_level" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ {
+ arg3 = (security_context_t)PyString_AsString(obj2);
+ }
+ result = (int)get_default_context_with_level((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg4)
+ temp40 = *arg4;
+ else
+ temp40 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp40));
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t temp4 = NULL ;
+ char *temp40 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_role",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_role" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_role" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ {
+ arg3 = (security_context_t)PyString_AsString(obj2);
+ }
+ result = (int)get_default_context_with_role((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg4)
+ temp40 = *arg4;
+ else
+ temp40 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp40));
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_rolelevel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ char *arg3 = (char *) 0 ;
+ security_context_t arg4 ;
+ security_context_t *arg5 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ security_context_t temp5 = NULL ;
+ char *temp50 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ {
+ arg5 = &temp5;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:get_default_context_with_rolelevel",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_rolelevel" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_rolelevel" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_rolelevel" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ {
+ arg4 = (security_context_t)PyString_AsString(obj3);
+ }
+ result = (int)get_default_context_with_rolelevel((char const *)arg1,(char const *)arg2,(char const *)arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg5)
+ temp50 = *arg5;
+ else
+ temp50 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp50));
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_query_user_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = NULL ;
+ security_context_t temp2 = NULL ;
+ char *temp10 = NULL ;
+ char *temp20 = NULL ;
+
+ {
+ arg1 = &temp1;
+ }
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)":query_user_context")) SWIG_fail;
+ result = (int)query_user_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg1)
+ temp10 = *arg1;
+ else
+ temp10 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp10));
+ }
+ {
+ if (*arg2)
+ temp20 = *arg2;
+ else
+ temp20 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp20));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_manual_user_enter_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = NULL ;
+ char *temp20 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:manual_user_enter_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "manual_user_enter_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)manual_user_enter_context((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2)
+ temp20 = *arg2;
+ else
+ temp20 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp20));
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_is_selinux_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
int result;
@@ -2834,6 +3222,48 @@
}
+SWIGINTERN PyObject *_wrap_freecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:freecon",&obj0)) SWIG_fail;
+ {
+ arg1 = (security_context_t)PyString_AsString(obj0);
+ }
+ freecon(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_freeconary(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ security_context_t temp1 = NULL ;
+ char *temp10 = NULL ;
+
+ {
+ arg1 = &temp1;
+ }
+ if (!PyArg_ParseTuple(args,(char *)":freeconary")) SWIG_fail;
+ freeconary(arg1);
+ resultobj = SWIG_Py_Void();
+ {
+ if (*arg1)
+ temp10 = *arg1;
+ else
+ temp10 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp10));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_getcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
security_context_t *arg1 = (security_context_t *) 0 ;
@@ -3734,6 +4164,55 @@
}
+SWIGINTERN PyObject *_wrap_matchpathcon_init_prefix(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon_init_prefix",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init_prefix" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "matchpathcon_init_prefix" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)matchpathcon_init_prefix((char const *)arg1,(char const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_fini(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":matchpathcon_fini")) SWIG_fail;
+ matchpathcon_fini();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_matchmediacon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *arg1 = (char *) 0 ;
@@ -3951,6 +4430,19 @@
}
+SWIGINTERN PyObject *_wrap_selinux_securetty_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_securetty_types_path")) SWIG_fail;
+ result = (char *)selinux_securetty_types_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_selinux_customizable_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *result = 0 ;
@@ -4016,27 +4508,17 @@
}
-SWIGINTERN PyObject *_wrap_selinux_check_passwd_access(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+SWIGINTERN PyObject *_wrap_selinux_check_securetty_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
- access_vector_t arg1 ;
+ security_context_t arg1 ;
int result;
- void *argp1 ;
- int res1 = 0 ;
PyObject * obj0 = 0 ;
- if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_passwd_access",&obj0)) SWIG_fail;
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_securetty_context",&obj0)) SWIG_fail;
{
- res1 = SWIG_ConvertPtr(obj0, &argp1, SWIGTYPE_p_access_vector_t, 0 );
- if (!SWIG_IsOK(res1)) {
- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_check_passwd_...
[truncated message content] |
|
From: <ew...@us...> - 2007-05-31 21:16:33
|
Revision: 2456
http://svn.sourceforge.net/selinux/?rev=2456&view=rev
Author: ewalsh
Date: 2007-05-31 14:16:31 -0700 (Thu, 31 May 2007)
Log Message:
-----------
applied r2450:2453 from trunk
Modified Paths:
--------------
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/include/selinux/avc.h
branches/policyrep/libselinux/include/selinux/selinux.h
branches/policyrep/scripts/Lindent
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/ChangeLog 2007-05-31 21:16:31 UTC (rev 2456)
@@ -1,3 +1,6 @@
+2.0.17 2007-05-31
+ * Updated Lindent script and reindented two header files.
+
2.0.16 2007-05-09
* Merged additional swig python bindings from Dan Walsh.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/VERSION 2007-05-31 21:16:31 UTC (rev 2456)
@@ -1 +1 @@
-2.0.16
+2.0.17
Modified: branches/policyrep/libselinux/include/selinux/avc.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/avc.h 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/include/selinux/avc.h 2007-05-31 21:16:31 UTC (rev 2456)
@@ -18,11 +18,11 @@
/*
* SID format and operations
*/
- struct security_id {
- security_context_t ctx;
- unsigned int refcnt;
- };
- typedef struct security_id *security_id_t;
+struct security_id {
+ security_context_t ctx;
+ unsigned int refcnt;
+};
+typedef struct security_id *security_id_t;
#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
@@ -37,8 +37,8 @@
* failure, with @errno set to %ENOMEM if insufficient memory was
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
- int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
- int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
/**
* avc_context_to_sid - get SID for context.
@@ -51,8 +51,8 @@
* to the SID structure into the memory referenced by @sid,
* returning %0 on success or -%1 on error with @errno set.
*/
- int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
- int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
@@ -64,7 +64,7 @@
* reference count). Note that avc_context_to_sid() also
* increments reference counts.
*/
- int sidget(security_id_t sid);
+int sidget(security_id_t sid);
/**
* sidput - decrement SID reference counter.
@@ -76,7 +76,7 @@
* zero, the SID is invalid, and avc_context_to_sid() must
* be called to obtain a new SID for the security context.
*/
- int sidput(security_id_t sid);
+int sidput(security_id_t sid);
/**
* avc_get_initial_sid - get SID for an initial kernel security identifier
@@ -87,15 +87,15 @@
* @name using security_get_initial_context() and then call
* avc_context_to_sid() to get the corresponding SID.
*/
- int avc_get_initial_sid(const char * name, security_id_t * sid);
+int avc_get_initial_sid(const char *name, security_id_t * sid);
/*
* AVC entry
*/
- struct avc_entry;
- struct avc_entry_ref {
- struct avc_entry *ae;
- };
+struct avc_entry;
+struct avc_entry_ref {
+ struct avc_entry *ae;
+};
/**
* avc_entry_ref_init - initialize an AVC entry reference.
@@ -119,42 +119,42 @@
* listening thread won't be started for kernel policy change messages.
* If no locking callbacks are passed, no locking will take place.
*/
- struct avc_memory_callback {
- /* malloc() equivalent. */
- void *(*func_malloc) (size_t size);
- /* free() equivalent. */
- void (*func_free) (void *ptr);
- /* Note that these functions should set errno on failure.
- If not, some avc routines may return -1 without errno set. */
- };
+struct avc_memory_callback {
+ /* malloc() equivalent. */
+ void *(*func_malloc) (size_t size);
+ /* free() equivalent. */
+ void (*func_free) (void *ptr);
+ /* Note that these functions should set errno on failure.
+ If not, some avc routines may return -1 without errno set. */
+};
- struct avc_log_callback {
- /* log the printf-style format and arguments. */
- void (*func_log) (const char *fmt, ...);
- /* store a string representation of auditdata (corresponding
- to the given security class) into msgbuf. */
- void (*func_audit) (void *auditdata, security_class_t cls,
- char *msgbuf, size_t msgbufsize);
- };
+struct avc_log_callback {
+ /* log the printf-style format and arguments. */
+ void (*func_log) (const char *fmt, ...);
+ /* store a string representation of auditdata (corresponding
+ to the given security class) into msgbuf. */
+ void (*func_audit) (void *auditdata, security_class_t cls,
+ char *msgbuf, size_t msgbufsize);
+};
- struct avc_thread_callback {
- /* create and start a thread, returning an opaque pointer to it;
- the thread should run the given function. */
- void *(*func_create_thread) (void (*run) (void));
- /* cancel a given thread and free its resources. */
- void (*func_stop_thread) (void *thread);
- };
+struct avc_thread_callback {
+ /* create and start a thread, returning an opaque pointer to it;
+ the thread should run the given function. */
+ void *(*func_create_thread) (void (*run) (void));
+ /* cancel a given thread and free its resources. */
+ void (*func_stop_thread) (void *thread);
+};
- struct avc_lock_callback {
- /* create a lock and return an opaque pointer to it. */
- void *(*func_alloc_lock) (void);
- /* obtain a given lock, blocking if necessary. */
- void (*func_get_lock) (void *lock);
- /* release a given lock. */
- void (*func_release_lock) (void *lock);
- /* destroy a given lock (free memory, etc.) */
- void (*func_free_lock) (void *lock);
- };
+struct avc_lock_callback {
+ /* create a lock and return an opaque pointer to it. */
+ void *(*func_alloc_lock) (void);
+ /* obtain a given lock, blocking if necessary. */
+ void (*func_get_lock) (void *lock);
+ /* release a given lock. */
+ void (*func_release_lock) (void *lock);
+ /* destroy a given lock (free memory, etc.) */
+ void (*func_free_lock) (void *lock);
+};
/*
* AVC operations
@@ -175,11 +175,11 @@
* for those callbacks (see the definition of the callback
* structures above).
*/
- int avc_init(const char *msgprefix,
- const struct avc_memory_callback *mem_callbacks,
- const struct avc_log_callback *log_callbacks,
- const struct avc_thread_callback *thread_callbacks,
- const struct avc_lock_callback *lock_callbacks);
+int avc_init(const char *msgprefix,
+ const struct avc_memory_callback *mem_callbacks,
+ const struct avc_log_callback *log_callbacks,
+ const struct avc_thread_callback *thread_callbacks,
+ const struct avc_lock_callback *lock_callbacks);
/**
* avc_cleanup - Remove unused SIDs and AVC entries.
@@ -189,7 +189,7 @@
* AVC entries that reference them. This can be used
* to return memory to the system.
*/
- void avc_cleanup(void);
+void avc_cleanup(void);
/**
* avc_reset - Flush the cache and reset statistics.
@@ -199,7 +199,7 @@
* The SID mapping is not affected. Return %0 on success,
* -%1 with @errno set on error.
*/
- int avc_reset(void);
+int avc_reset(void);
/**
* avc_destroy - Free all AVC structures.
@@ -210,7 +210,7 @@
* callbacks will not. All SID's will be invalidated.
* User must call avc_init() if further use of AVC is desired.
*/
- void avc_destroy(void);
+void avc_destroy(void);
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
@@ -233,12 +233,11 @@
* auditing, e.g. in cases where a lock must be held for the check but
* should be released for the auditing.
*/
- int avc_has_perm_noaudit(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass,
- access_vector_t requested,
- struct avc_entry_ref *aeref,
- struct av_decision *avd);
+int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref, struct av_decision *avd);
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
@@ -258,9 +257,9 @@
* permissions are granted, -%1 with @errno set to %EACCES if any permissions
* are denied or to another value upon other errors.
*/
- int avc_has_perm(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct avc_entry_ref *aeref, void *auditdata);
+int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata);
/**
* avc_audit - Audit the granting or denial of permissions.
@@ -281,9 +280,9 @@
* be performed under a lock, to allow the lock to be released
* before calling the auditing code.
*/
- void avc_audit(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct av_decision *avd, int result, void *auditdata);
+void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *auditdata);
/**
* avc_compute_create - Compute SID for labeling a new object.
@@ -299,10 +298,9 @@
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
- int avc_compute_create(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass,
- security_id_t *newsid);
+int avc_compute_create(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
/*
* security event callback facility
@@ -333,14 +331,14 @@
* @perms based on @tclass. Returns %0 on success or
* -%1 if insufficient memory exists to add the callback.
*/
- int avc_add_callback(int (*callback)
- (uint32_t event, security_id_t ssid,
- security_id_t tsid, security_class_t tclass,
- access_vector_t perms,
- access_vector_t * out_retained),
- uint32_t events, security_id_t ssid,
- security_id_t tsid, security_class_t tclass,
- access_vector_t perms);
+int avc_add_callback(int (*callback)
+ (uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ uint32_t events, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms);
/*
* AVC statistics
@@ -351,16 +349,16 @@
*/
#define AVC_CACHE_STATS 1
- struct avc_cache_stats {
- unsigned entry_lookups;
- unsigned entry_hits;
- unsigned entry_misses;
- unsigned entry_discards;
- unsigned cav_lookups;
- unsigned cav_hits;
- unsigned cav_probes;
- unsigned cav_misses;
- };
+struct avc_cache_stats {
+ unsigned entry_lookups;
+ unsigned entry_hits;
+ unsigned entry_misses;
+ unsigned entry_discards;
+ unsigned cav_lookups;
+ unsigned cav_hits;
+ unsigned cav_probes;
+ unsigned cav_misses;
+};
/**
* avc_cache_stats - get cache access statistics.
@@ -371,7 +369,7 @@
* avc_reset(). See the structure definition for
* details.
*/
- void avc_cache_stats(struct avc_cache_stats *stats);
+void avc_cache_stats(struct avc_cache_stats *stats);
/**
* avc_av_stats - log av table statistics.
@@ -380,7 +378,7 @@
* distribution of the access vector table. The audit
* callback is used to print the message.
*/
- void avc_av_stats(void);
+void avc_av_stats(void);
/**
* avc_sid_stats - log SID table statistics.
@@ -389,7 +387,7 @@
* distribution of the SID table. The audit callback
* is used to print the message.
*/
- void avc_sid_stats(void);
+void avc_sid_stats(void);
#ifdef __cplusplus
}
Modified: branches/policyrep/libselinux/include/selinux/selinux.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/selinux.h 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/include/selinux/selinux.h 2007-05-31 21:16:31 UTC (rev 2456)
@@ -9,24 +9,24 @@
#endif
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
- extern int is_selinux_enabled(void);
+extern int is_selinux_enabled(void);
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
- extern int is_selinux_mls_enabled(void);
+extern int is_selinux_mls_enabled(void);
- typedef char *security_context_t;
+typedef char *security_context_t;
/* Free the memory allocated for a context by any of the below get* calls. */
- extern void freecon(security_context_t con);
+extern void freecon(security_context_t con);
/* Free the memory allocated for a context array by security_compute_user. */
- extern void freeconary(security_context_t * con);
+extern void freeconary(security_context_t * con);
/* Wrappers for the /proc/pid/attr API. */
/* Get current context, and set *con to refer to it.
Caller must free via freecon. */
- extern int getcon(security_context_t * con);
- extern int getcon_raw(security_context_t * con);
+extern int getcon(security_context_t * con);
+extern int getcon_raw(security_context_t * con);
/* Set the current security context to con.
Note that use of this function requires that the entire application
@@ -36,165 +36,165 @@
instead. Note that the application may lose access to its open descriptors
as a result of a setcon() unless policy allows it to use descriptors opened
by the old context. */
- extern int setcon(security_context_t con);
- extern int setcon_raw(security_context_t con);
+extern int setcon(security_context_t con);
+extern int setcon_raw(security_context_t con);
/* Get context of process identified by pid, and
set *con to refer to it. Caller must free via freecon. */
- extern int getpidcon(pid_t pid, security_context_t * con);
- extern int getpidcon_raw(pid_t pid, security_context_t * con);
+extern int getpidcon(pid_t pid, security_context_t * con);
+extern int getpidcon_raw(pid_t pid, security_context_t * con);
/* Get previous context (prior to last exec), and set *con to refer to it.
Caller must free via freecon. */
- extern int getprevcon(security_context_t * con);
- extern int getprevcon_raw(security_context_t * con);
+extern int getprevcon(security_context_t * con);
+extern int getprevcon_raw(security_context_t * con);
/* Get exec context, and set *con to refer to it.
Sets *con to NULL if no exec context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getexeccon(security_context_t * con);
- extern int getexeccon_raw(security_context_t * con);
+extern int getexeccon(security_context_t * con);
+extern int getexeccon_raw(security_context_t * con);
/* Set exec security context for the next execve.
Call with NULL if you want to reset to the default. */
- extern int setexeccon(security_context_t con);
- extern int setexeccon_raw(security_context_t con);
+extern int setexeccon(security_context_t con);
+extern int setexeccon_raw(security_context_t con);
/* Get fscreate context, and set *con to refer to it.
Sets *con to NULL if no fs create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getfscreatecon(security_context_t * con);
- extern int getfscreatecon_raw(security_context_t * con);
+extern int getfscreatecon(security_context_t * con);
+extern int getfscreatecon_raw(security_context_t * con);
/* Set the fscreate security context for subsequent file creations.
Call with NULL if you want to reset to the default. */
- extern int setfscreatecon(security_context_t context);
- extern int setfscreatecon_raw(security_context_t context);
+extern int setfscreatecon(security_context_t context);
+extern int setfscreatecon_raw(security_context_t context);
/* Get keycreate context, and set *con to refer to it.
Sets *con to NULL if no key create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getkeycreatecon(security_context_t * con);
- extern int getkeycreatecon_raw(security_context_t * con);
+extern int getkeycreatecon(security_context_t * con);
+extern int getkeycreatecon_raw(security_context_t * con);
/* Set the keycreate security context for subsequent key creations.
Call with NULL if you want to reset to the default. */
- extern int setkeycreatecon(security_context_t context);
- extern int setkeycreatecon_raw(security_context_t context);
+extern int setkeycreatecon(security_context_t context);
+extern int setkeycreatecon_raw(security_context_t context);
/* Get sockcreate context, and set *con to refer to it.
Sets *con to NULL if no socket create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getsockcreatecon(security_context_t * con);
- extern int getsockcreatecon_raw(security_context_t * con);
+extern int getsockcreatecon(security_context_t * con);
+extern int getsockcreatecon_raw(security_context_t * con);
/* Set the sockcreate security context for subsequent socket creations.
Call with NULL if you want to reset to the default. */
- extern int setsockcreatecon(security_context_t context);
- extern int setsockcreatecon_raw(security_context_t context);
+extern int setsockcreatecon(security_context_t context);
+extern int setsockcreatecon_raw(security_context_t context);
/* Wrappers for the xattr API. */
/* Get file context, and set *con to refer to it.
Caller must free via freecon. */
- extern int getfilecon(const char *path, security_context_t * con);
- extern int getfilecon_raw(const char *path, security_context_t * con);
- extern int lgetfilecon(const char *path, security_context_t * con);
- extern int lgetfilecon_raw(const char *path, security_context_t * con);
- extern int fgetfilecon(int fd, security_context_t * con);
- extern int fgetfilecon_raw(int fd, security_context_t * con);
+extern int getfilecon(const char *path, security_context_t * con);
+extern int getfilecon_raw(const char *path, security_context_t * con);
+extern int lgetfilecon(const char *path, security_context_t * con);
+extern int lgetfilecon_raw(const char *path, security_context_t * con);
+extern int fgetfilecon(int fd, security_context_t * con);
+extern int fgetfilecon_raw(int fd, security_context_t * con);
/* Set file context */
- extern int setfilecon(const char *path, security_context_t con);
- extern int setfilecon_raw(const char *path, security_context_t con);
- extern int lsetfilecon(const char *path, security_context_t con);
- extern int lsetfilecon_raw(const char *path, security_context_t con);
- extern int fsetfilecon(int fd, security_context_t con);
- extern int fsetfilecon_raw(int fd, security_context_t con);
+extern int setfilecon(const char *path, security_context_t con);
+extern int setfilecon_raw(const char *path, security_context_t con);
+extern int lsetfilecon(const char *path, security_context_t con);
+extern int lsetfilecon_raw(const char *path, security_context_t con);
+extern int fsetfilecon(int fd, security_context_t con);
+extern int fsetfilecon_raw(int fd, security_context_t con);
/* Wrappers for the socket API */
/* Get context of peer socket, and set *con to refer to it.
Caller must free via freecon. */
- extern int getpeercon(int fd, security_context_t * con);
- extern int getpeercon_raw(int fd, security_context_t * con);
+extern int getpeercon(int fd, security_context_t * con);
+extern int getpeercon_raw(int fd, security_context_t * con);
/* Wrappers for the selinuxfs (policy) API. */
- typedef unsigned int access_vector_t;
- typedef unsigned short security_class_t;
+typedef unsigned int access_vector_t;
+typedef unsigned short security_class_t;
- struct av_decision {
- access_vector_t allowed;
- access_vector_t decided;
- access_vector_t auditallow;
- access_vector_t auditdeny;
- unsigned int seqno;
- };
+struct av_decision {
+ access_vector_t allowed;
+ access_vector_t decided;
+ access_vector_t auditallow;
+ access_vector_t auditdeny;
+ unsigned int seqno;
+};
/* Compute an access decision. */
- extern int security_compute_av(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested,
- struct av_decision *avd);
- extern int security_compute_av_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested,
- struct av_decision *avd);
+extern int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+extern int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
/* Compute a labeling decision and set *newcon to refer to it.
Caller must free via freecon. */
- extern int security_compute_create(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
- extern int security_compute_create_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
+extern int security_compute_create(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_create_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute a relabeling decision and set *newcon to refer to it.
Caller must free via freecon. */
- extern int security_compute_relabel(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
- extern int security_compute_relabel_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
+extern int security_compute_relabel(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_relabel_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute a polyinstantiation member decision and set *newcon to refer to it.
Caller must free via freecon. */
- extern int security_compute_member(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
- extern int security_compute_member_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
+extern int security_compute_member(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_member_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute the set of reachable user contexts and set *con to refer to
the NULL-terminated array of contexts. Caller must free via freeconary. */
- extern int security_compute_user(security_context_t scon,
- const char *username,
- security_context_t ** con);
- extern int security_compute_user_raw(security_context_t scon,
- const char *username,
- security_context_t ** con);
+extern int security_compute_user(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
+extern int security_compute_user_raw(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
/* Load a policy configuration. */
- extern int security_load_policy(void *data, size_t len);
+extern int security_load_policy(void *data, size_t len);
/* Get the context of an initial kernel security identifier by name.
Caller must free via freecon */
- extern int security_get_initial_context(const char * name,
- security_context_t * con);
- extern int security_get_initial_context_raw(const char * name,
- security_context_t * con);
+extern int security_get_initial_context(const char *name,
+ security_context_t * con);
+extern int security_get_initial_context_raw(const char *name,
+ security_context_t * con);
/*
* Make a policy image and load it.
@@ -204,7 +204,7 @@
* manipulating it as needed to match the kernel's supported version, and
* then calling security_load_policy to load it.
*/
- extern int selinux_mkload_policy(void);
+extern int selinux_mkload_policy(void);
/*
* Perform the initial policy load.
@@ -221,103 +221,100 @@
* determine how to proceed. If enforcing (*enforce > 0), then init should
* halt the system. Otherwise, init may proceed normally without a re-exec.
*/
- extern int selinux_init_load_policy(int *enforce);
+extern int selinux_init_load_policy(int *enforce);
/* Translate boolean strict to name value pair. */
- typedef struct {
- char *name;
- int value;
- } SELboolean;
- /* save a list of booleans in a single transaction. */
- extern int security_set_boolean_list(size_t boolcnt,
- SELboolean * boollist);
+typedef struct {
+ char *name;
+ int value;
+} SELboolean;
+/* save a list of booleans in a single transaction. */
+extern int security_set_boolean_list(size_t boolcnt, SELboolean * boollist);
/* Check the validity of a security context. */
- extern int security_check_context(security_context_t con);
- extern int security_check_context_raw(security_context_t con);
+extern int security_check_context(security_context_t con);
+extern int security_check_context_raw(security_context_t con);
/* Canonicalize a security context. */
- extern int security_canonicalize_context(security_context_t con,
- security_context_t * canoncon);
- extern int security_canonicalize_context_raw(security_context_t con,
- security_context_t *
- canoncon);
+extern int security_canonicalize_context(security_context_t con,
+ security_context_t * canoncon);
+extern int security_canonicalize_context_raw(security_context_t con,
+ security_context_t * canoncon);
/* Get the enforce flag value. */
- extern int security_getenforce(void);
+extern int security_getenforce(void);
/* Set the enforce flag value. */
- extern int security_setenforce(int value);
+extern int security_setenforce(int value);
/* Disable SELinux at runtime (must be done prior to initial policy load). */
- extern int security_disable(void);
+extern int security_disable(void);
/* Get the policy version number. */
- extern int security_policyvers(void);
+extern int security_policyvers(void);
/* Get the boolean names */
- extern int security_get_boolean_names(char ***names, int *len);
+extern int security_get_boolean_names(char ***names, int *len);
/* Get the pending value for the boolean */
- extern int security_get_boolean_pending(const char *name);
+extern int security_get_boolean_pending(const char *name);
/* Get the active value for the boolean */
- extern int security_get_boolean_active(const char *name);
+extern int security_get_boolean_active(const char *name);
/* Set the pending value for the boolean */
- extern int security_set_boolean(const char *name, int value);
+extern int security_set_boolean(const char *name, int value);
/* Commit the pending values for the booleans */
- extern int security_commit_booleans(void);
+extern int security_commit_booleans(void);
/* Common helpers */
/* Convert between security class values and string names */
- extern security_class_t string_to_security_class(const char *name);
- extern const char *security_class_to_string(security_class_t cls);
+extern security_class_t string_to_security_class(const char *name);
+extern const char *security_class_to_string(security_class_t cls);
/* Convert between individual access vector permissions and string names */
- extern const char *security_av_perm_to_string(security_class_t tclass,
- access_vector_t perm);
- extern access_vector_t string_to_av_perm(security_class_t tclass,
- const char *name);
+extern const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t perm);
+extern access_vector_t string_to_av_perm(security_class_t tclass,
+ const char *name);
/* Returns an access vector in a string representation. User must free the
* returned string via free(). */
- extern int security_av_string(security_class_t tclass,
- access_vector_t av, char **result);
+extern int security_av_string(security_class_t tclass,
+ access_vector_t av, char **result);
/* Display an access vector in a string representation. */
- extern void print_access_vector(security_class_t tclass,
- access_vector_t av);
+extern void print_access_vector(security_class_t tclass, access_vector_t av);
/* Set the function used by matchpathcon_init when displaying
errors about the file_contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). */
- extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
+extern void set_matchpathcon_printf...
[truncated message content] |
|
From: <mad...@us...> - 2007-07-11 16:32:43
|
Revision: 2495
http://svn.sourceforge.net/selinux/?rev=2495&view=rev
Author: madmethod
Date: 2007-07-11 09:32:42 -0700 (Wed, 11 Jul 2007)
Log Message:
-----------
Author: Karl MacMillan
Email: kma...@me...
Subject: Initial policyrep patch v3
Date: Wed, 11 Jul 2007 09:41:34 -0400
Initial patch to create a new policyrep branch using C++. This patch includes basic classes for
representing policy (Node and Parent), a few policy objects, a bison parser, a boost::python
binding, and basic test infrastructure.
Includes updates based on comments from James Antill
and Josh Brindle.
* * *
Signed-off-by: User "Karl MacMillan <kma...@me...>"
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
branches/policyrep/Makefile
Added Paths:
-----------
branches/policyrep/libpolicyrep/
branches/policyrep/libpolicyrep/Makefile
branches/policyrep/libpolicyrep/include/
branches/policyrep/libpolicyrep/include/Makefile
branches/policyrep/libpolicyrep/include/policyrep/
branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp
branches/policyrep/libpolicyrep/include/policyrep/idset.hpp
branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp
branches/policyrep/libpolicyrep/include/policyrep/parse.hpp
branches/policyrep/libpolicyrep/include/policyrep/policy.hpp
branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
branches/policyrep/libpolicyrep/include/policyrep/rule.hpp
branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp
branches/policyrep/libpolicyrep/src/
branches/policyrep/libpolicyrep/src/Makefile
branches/policyrep/libpolicyrep/src/conditional.cpp
branches/policyrep/libpolicyrep/src/idset.cpp
branches/policyrep/libpolicyrep/src/object_class.cpp
branches/policyrep/libpolicyrep/src/parse.cpp
branches/policyrep/libpolicyrep/src/policy.cpp
branches/policyrep/libpolicyrep/src/policy_base.cpp
branches/policyrep/libpolicyrep/src/policy_base_internal.hpp
branches/policyrep/libpolicyrep/src/policy_internal.hpp
branches/policyrep/libpolicyrep/src/policy_parse.y
branches/policyrep/libpolicyrep/src/policy_scan.l
branches/policyrep/libpolicyrep/src/policyrep_python.cpp
branches/policyrep/libpolicyrep/src/rule.cpp
branches/policyrep/libpolicyrep/src/te_decl.cpp
branches/policyrep/libpolicyrep/tests/
branches/policyrep/libpolicyrep/tests/Makefile
branches/policyrep/libpolicyrep/tests/example.te
branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp
Modified: branches/policyrep/Makefile
===================================================================
--- branches/policyrep/Makefile 2007-07-11 16:25:31 UTC (rev 2494)
+++ branches/policyrep/Makefile 2007-07-11 16:32:42 UTC (rev 2495)
@@ -1,4 +1,4 @@
-SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy policycoreutils # policy
+SUBDIRS=libsepol libselinux libsemanage libpolicyrep sepolgen checkpolicy policycoreutils # policy
PYSUBDIRS=libselinux libsemanage
ifeq ($(DEBUG),1)
Added: branches/policyrep/libpolicyrep/Makefile
===================================================================
--- branches/policyrep/libpolicyrep/Makefile (rev 0)
+++ branches/policyrep/libpolicyrep/Makefile 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,22 @@
+all:
+ $(MAKE) -C src
+
+install:
+ $(MAKE) -C include install
+ $(MAKE) -C src install
+
+relabel:
+ $(MAKE) -C src relabel
+
+clean:
+ $(MAKE) -C src clean
+ $(MAKE) -C tests clean
+
+indent:
+ $(MAKE) -C src $@
+ $(MAKE) -C include $@
+ $(MAKE) -C utils $@
+
+test: all
+ $(MAKE) -C tests test
+
Added: branches/policyrep/libpolicyrep/include/Makefile
===================================================================
--- branches/policyrep/libpolicyrep/include/Makefile (rev 0)
+++ branches/policyrep/libpolicyrep/include/Makefile 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,10 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+INCDIR ?= $(PREFIX)/include/policyrep
+
+install:
+ test -d $(INCDIR) || install -m 755 -d $(INCDIR)
+ install -m 644 $(wildcard policyrep/*.hpp) $(INCDIR)
+
+indent:
+ ../../scripts/Lindent $(wildcard policyrep/*.hpp)
Added: branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,136 @@
+/* Author: Karl MacMillan <kma...@me...> */
+
+#ifndef __conditional_hpp__
+#define __conditional_hpp__
+
+#include <policyrep/policy_base.hpp>
+
+#include <list>
+
+namespace policyrep
+{
+
+ /* Introduction
+ *
+ * Conditional policy in policyrep is handled in such a way that
+ * the normal tree iteration works unchanged all the way to the
+ * most nested leaf nodes. To achieve this the design is not
+ * what might be most obvious.
+ *
+ * The conditional policy statements:
+ *
+ * if (foo) {
+ * allow foo_t bar_t : file read;
+ * } else {
+ * allow baz_t bar_t : file write;
+ * }
+ *
+ * Are enconded into the following tree struction:
+ *
+ * CondBlock
+ * CondBranch (with CondExpr foo)
+ * AVRule
+ * CondBranch (with else == true)
+ * AVRule
+ *
+ * The CondBranches are just children of the CondBlock,
+ * but the CondBlock has an overloaded add_child implementation
+ * to prevent more than two children from being added.
+ */
+
+ struct CondBoolImpl;
+ class CondBool : public Node
+ {
+ public:
+ CondBool();
+ CondBool(const std::string& name, bool v);
+ CondBool(const CondBool& other);
+ virtual ~CondBool();
+ virtual void operator=(const CondBool& other);
+
+ virtual void set_name(const std::string& name);
+ virtual const std::string& get_name() const;
+
+ virtual void set_default_value(bool v);
+ virtual bool get_default_value() const;
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ CondBoolImpl* impl;
+ };
+
+ class CondOp;
+ std::ostream& operator<<(std::ostream& o, const CondOp& op);
+
+ struct CondOpImpl;
+ class CondOp
+ {
+ public:
+ enum Op { BOOL, NOT, OR, AND, XOR, EQ, NEQ };
+ CondOp();
+ CondOp(const std::string& b);
+ CondOp(Op op);
+ CondOp(const CondOp& other);
+ virtual ~CondOp();
+ virtual void operator=(const CondOp& other);
+
+ virtual void set_op(Op op);
+ virtual Op get_op() const;
+
+ /* changes op to BOOL in addition to setting the bool */
+ virtual void set_bool(const std::string& b);
+ virtual const std::string& get_bool() const;
+ friend std::ostream& operator<<(std::ostream& o, const CondOp& op);
+
+ protected:
+ CondOpImpl* impl;
+ };
+ typedef std::list<CondOp> CondExpr;
+
+
+ class CondBranch;
+ typedef boost::shared_ptr<CondBranch> CondBranchPtr;
+
+ struct CondBlockImpl;
+ class CondBlock : public Parent
+ {
+ public:
+ CondBlock();
+ CondBlock(CondBranchPtr if_);
+ CondBlock(CondBranchPtr if_, CondBranchPtr else_);
+ CondBlock(const CondBlock& other);
+ virtual ~CondBlock();
+ virtual void operator=(const CondBlock& other);
+
+ virtual void append_child(NodePtr node);
+
+ virtual bool has_if() const;
+ virtual CondBranch& get_if();
+ virtual void set_if(CondBranchPtr branch);
+ virtual bool has_else() const;
+ virtual CondBranch& get_else();
+ virtual void set_else(CondBranchPtr branch);
+ virtual bool ignore_indent() const;
+ protected:
+ CondBlockImpl* impl;
+ };
+
+ struct CondBranchImpl;
+ class CondBranch : public Parent
+ {
+ public:
+ CondBranch();
+ CondBranch(const CondBranch& other);
+ virtual ~CondBranch();
+ virtual void operator=(const CondBranch& other);
+
+ virtual CondExpr& expr();
+ virtual void set_else(bool v);
+ virtual bool get_else() const;
+ virtual void output(std::ostream& o, const OutputFormatter& op) const;
+ protected:
+ CondBranchImpl* impl;
+ };
+
+} // namespace policyrep
+
+#endif
Added: branches/policyrep/libpolicyrep/include/policyrep/idset.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/idset.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/idset.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,33 @@
+/* Author: Karl MacMillan <kma...@me...> */
+
+#ifndef __idset_hpp__
+#define __idset_hpp__
+
+#include <policyrep/policy_base.hpp>
+
+#include <set>
+
+namespace policyrep
+{
+ struct IdSetImpl;
+ class IdSet
+ {
+ public:
+ IdSet();
+ IdSet(const IdSet& other);
+ ~IdSet();
+ void operator=(const IdSet& other);
+
+ void set_compl(bool val);
+ bool get_compl() const;
+
+ StringSet& ids();
+ protected:
+ void init();
+ IdSetImpl* impl;
+ };
+
+
+} // namespace policyrep
+
+#endif
Added: branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,83 @@
+/* Author: Karl MacMillan <kma...@me...> */
+
+#ifndef __object_class_hpp__
+#define __object_class_hpp__
+
+#include <policyrep/policy_base.hpp>
+
+namespace policyrep
+{
+
+ //
+ // CommonPerms
+ //
+
+ struct CommonPermsImpl;
+ class CommonPerms : public Node
+ {
+ public:
+ CommonPerms();
+ CommonPerms(const CommonPerms& other);
+ virtual ~CommonPerms();
+ virtual void operator=(const CommonPerms& other);
+
+ template<class T>
+ CommonPerms(const std::string& name, T perms_begin, T perms_end)
+ {
+ init();
+ set_name(name);
+ perms().insert(perms_begin, perms_end);
+ }
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+ virtual StringSet& perms();
+
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ void init();
+ CommonPermsImpl* impl;
+ };
+ typedef boost::shared_ptr<CommonPerms> CommonPermsPtr;
+
+ //
+ // ObjectClass
+ //
+
+ struct ObjectClassImpl;
+ class ObjectClass : public Node
+ {
+ public:
+ ObjectClass();
+ ObjectClass(const std::string& name, const std::string& commons);
+ ObjectClass(const ObjectClass& other);
+ virtual ~ObjectClass();
+ virtual void operator=(const ObjectClass& other);
+
+ template<class T>
+ ObjectClass(std::string name, std::string commons,
+ T perms_begin, T perms_end)
+ {
+ init();
+ set_name(name);
+ set_common_perms(commons);
+ perms().insert(perms_begin, perms_end);
+ }
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+ virtual StringSet& perms();
+ virtual const std::string& get_common_perms() const;
+ virtual void set_common_perms(const std::string& name);
+
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ void init();
+ ObjectClassImpl* impl;
+ };
+ typedef boost::shared_ptr<ObjectClass> ObjectClassPtr;
+
+
+} // namespace policyrep
+
+#endif
Added: branches/policyrep/libpolicyrep/include/policyrep/parse.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/parse.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/parse.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,47 @@
+// Author Karl MacMillan <kma...@me...>
+
+#ifndef __parse_hpp__
+#define __parse_hpp__
+
+#include <policyrep/policy.hpp>
+
+#include <string>
+
+namespace policyrep {
+
+ class location;
+
+ struct ParserImpl;
+ class Parser
+ {
+ public:
+ Parser();
+ Parser(const Parser& other);
+ virtual ~Parser();
+ virtual void operator=(const Parser& other);
+
+ // Parser
+ virtual ModulePtr parse(const std::string& f);
+
+ virtual std::string& get_filename() const;
+ virtual Module& get_module();
+
+ virtual void set_trace_scanning(bool val);
+ virtual bool get_trace_scanning() const;
+
+ virtual void set_trace_parsing(bool val);
+ virtual bool get_trace_parsing() const;
+
+ // error handling
+ virtual void error(const policyrep::location& l, const std::string& m);
+ virtual void error(const std::string& m);
+ protected:
+ // scanner
+ virtual void scan_begin();
+ virtual void scan_end();
+
+ ParserImpl* impl;
+ };
+}
+
+#endif
Added: branches/policyrep/libpolicyrep/include/policyrep/policy.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,86 @@
+/* Author: Karl MacMillan <kma...@me...> */
+
+#ifndef __policy_hpp__
+#define __policy_hpp__
+
+#include <policyrep/policy_base.hpp>
+#include <policyrep/object_class.hpp>
+#include <policyrep/te_decl.hpp>
+#include <policyrep/rule.hpp>
+#include <policyrep/conditional.hpp>
+
+namespace policyrep
+{
+
+ //
+ // Policy
+ //
+
+ struct PolicyImpl;
+ class Policy : public Parent
+ {
+ public:
+ Policy(bool mls=false);
+ Policy(const Policy& other);
+ virtual ~Policy();
+ virtual void operator=(const Policy& other);
+
+ virtual bool get_mls() const;
+ virtual void set_mls(bool val);
+ virtual bool ignore_indent() const;
+ protected:
+ PolicyImpl* impl;
+ };
+ typedef boost::shared_ptr<Policy> PolicyPtr;
+
+ //
+ // Module
+ //
+ struct ModuleImpl;
+ class Module : public Parent
+ {
+ public:
+ Module();
+ Module(const std::string& name, const std::string& version);
+ Module(const Module& other);
+ virtual ~Module();
+ virtual void operator=(const Module& other);
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+ virtual const std::string& get_version() const;
+ virtual void set_version(const std::string& version);
+ virtual bool ignore_indent() const;
+
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ ModuleImpl* impl;
+ };
+ typedef boost::shared_ptr<Module> ModulePtr;
+
+ //
+ // InitialSid
+ //
+
+ struct InitialSidImpl;
+ class InitialSid : public Node
+ {
+ public:
+ InitialSid();
+ InitialSid(const std::string& name);
+ InitialSid(const InitialSid& other);
+ virtual ~InitialSid();
+ virtual void operator=(const InitialSid& other);
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ InitialSidImpl* impl;
+ };
+ typedef boost::shared_ptr<InitialSid> InitialSidPtr;
+
+}
+
+#endif
Added: branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,183 @@
+/* Author: Karl MacMillan <kma...@me...> */
+
+#ifndef __policy_base_hpp__
+#define __policy_base_hpp__
+
+#include <vector>
+#include <set>
+#include <string>
+#include <functional>
+#include <ostream>
+
+#include <boost/shared_ptr.hpp>
+#include <boost/iterator/iterator_facade.hpp>
+
+namespace policyrep {
+
+ // Forward declarations
+ class Node;
+ typedef boost::shared_ptr<Node> NodePtr;
+
+ class Parent;
+ typedef boost::shared_ptr<Parent> ParentPtr;
+
+ class TreeIterator;
+
+ // Convenience typedefs
+ typedef std::vector<NodePtr> NodeVector;
+ typedef boost::shared_ptr<NodeVector> NodeVectorPtr;
+
+ typedef std::set<std::string> StringSet;
+ typedef boost::shared_ptr<StringSet> StringSetPtr;
+
+ typedef std::vector<std::string> StringVector;
+ typedef boost::shared_ptr<StringVector> StringVectorPtr;
+
+ // util functions
+ template<class T>
+ bool is_instance(Node* n);
+
+ template<class T>
+ bool is_instance(NodePtr n);
+
+ // Output (string output)
+ std::ostream& operator<<(std::ostream& o, const Node& n);
+
+ void output_set_space(std::ostream& o, const StringSet& set);
+ void output_set_comma(std::ostream& o, const StringSet& set);
+
+ struct OutputFormatterImpl;
+ class OutputFormatter {
+ public:
+ enum Style { DEFAULT, DEBUG };
+ OutputFormatter(const Node& n, bool end=false, enum Style style=DEFAULT);
+ OutputFormatter();
+ OutputFormatter(const OutputFormatter& other);
+ ~OutputFormatter();
+ void operator=(const OutputFormatter& other);
+
+ OutputFormatter& operator()(const Node& n, bool end=false);
+ OutputFormatter& operator()(NodePtr n, bool end=false);
+ OutputFormatter& operator()(const TreeIterator& i);
+ friend std::ostream& operator<<(std::ostream& o, const OutputFormatter& op);
+
+ void set_style(Style style);
+ Style get_style() const;
+
+ void set_indent(bool v);
+ bool get_indent() const;
+
+ void set_end(bool v);
+ bool get_end() const;
+
+ void set_newline(bool v);
+ bool get_newline() const;
+
+ void set_root(Parent* p);
+ Parent* get_root() const;
+ private:
+ OutputFormatterImpl* impl;
+ };
+
+ //
+ // NODE
+ //
+
+ struct NodeImpl;
+ class Node {
+ public:
+ Node();
+ Node(const Node& other);
+ virtual ~Node();
+ virtual void operator=(const Node& other);
+
+ virtual void set_parent(Parent* p);
+ virtual Parent* get_parent() const;
+
+ virtual bool get_visited() const;
+ virtual void set_visited(bool val);
+
+ friend std::ostream& operator<<(std::ostream& o, const Node& n);
+ virtual void output(std::ostream& o, const OutputFormatter& op) const;
+ virtual std::string to_string() const;
+ virtual std::string to_string_end() const;
+ protected:
+ NodeImpl* node_impl;
+ static const int VISITED = 1;
+ virtual void output_indentation(std::ostream& o, const OutputFormatter& op) const;
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ };
+
+ //
+ // TreeIterator
+ //
+
+ struct TreeIteratorImpl;
+ class TreeIterator
+ : public boost::iterator_facade<TreeIterator, NodePtr,
+ boost::forward_traversal_tag, NodePtr>
+ {
+ public:
+ enum Strategy { POSTORDER, PREORDER, HYBRID };
+ TreeIterator(enum Strategy strategy=POSTORDER);
+ explicit TreeIterator(ParentPtr n, enum Strategy strategy=POSTORDER);
+ explicit TreeIterator(Parent* n, enum Strategy strategy=POSTORDER);
+ TreeIterator(const TreeIterator& other);
+ virtual ~TreeIterator();
+ void operator=(const TreeIterator& other);
+ bool get_visited() const;
+ private:
+ friend class boost::iterator_core_access;
+ void increment();
+ void increment_preorder();
+ void increment_postorder();
+ bool equal(const TreeIterator& other) const;
+ NodePtr dereference() const;
+ void add_children(Parent* parent);
+
+ TreeIteratorImpl* impl;
+ };
+
+ //
+ // Parent
+ //
+
+ struct ParentImpl;
+ class Parent : public Node {
+ public:
+ Parent();
+ Parent(const Parent& other);
+ virtual ~Parent();
+ virtual void operator=(const Parent& other);
+ typedef TreeIterator iterator;
+
+ virtual void append_child(NodePtr Node);
+ virtual void make_child(NodePtr node);
+
+ template<class T>
+ void append_children(T begin, T end)
+ {
+ for (; begin != end; ++begin)
+ append_child(*begin);
+ }
+
+ virtual NodeVector& children();
+
+ virtual iterator begin(enum TreeIterator::Strategy strategy=TreeIterator::POSTORDER);
+ virtual iterator end();
+
+ virtual bool ignore_indent() const;
+ protected:
+ ParentImpl* parent_impl;
+ };
+ typedef boost::shared_ptr<Parent> ParentPtr;
+
+ void output_tree(std::ostream& o, ParentPtr p);
+
+ void output_tree(std::ostream& o, ParentPtr p,
+ OutputFormatter& op);
+
+
+} // namespace policyrep
+
+#endif
Added: branches/policyrep/libpolicyrep/include/policyrep/rule.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/rule.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/rule.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,71 @@
+/* Author: Karl MacMillan <kma...@me...> */
+
+#ifndef __rule_hpp__
+#define __rule_hpp__
+
+#include <policyrep/policy_base.hpp>
+#include <policyrep/idset.hpp>
+
+namespace policyrep
+{
+
+ //
+ // AVRule
+ //
+
+ struct AVRuleImpl;
+ class AVRule : public Node
+ {
+ public:
+ enum Type { ALLOW, AUDITDENY, AUDITALLOW, DONTAUDIT, NEVERALLOW };
+ AVRule(Type type=ALLOW);
+ AVRule(const AVRule& other);
+ virtual ~AVRule();
+ virtual void operator=(const AVRule& other);
+
+ virtual void set_type(Type type);
+ virtual Type get_type() const;
+
+ virtual IdSet& src_types();
+ virtual IdSet& tgt_types();
+ virtual StringSet& classes();
+ virtual IdSet& perms();
+
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ void init();
+ AVRuleImpl* impl;
+ };
+
+ //
+ // TypeRule
+ //
+
+ struct TypeRuleImpl;
+ class TypeRule : public Node
+ {
+ public:
+ enum Type { TRANSITION, CHANGE, MEMBER };
+ TypeRule(Type type=TRANSITION);
+ TypeRule(const TypeRule& other);
+ virtual ~TypeRule();
+ virtual void operator=(const TypeRule& other);
+
+ virtual void set_type(Type type);
+ virtual Type get_type() const;
+
+ virtual IdSet& src_types();
+ virtual IdSet& tgt_types();
+ virtual StringSet& classes();
+ virtual const std::string& get_target();
+ virtual void set_target(const std::string& target);
+
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ void init();
+ TypeRuleImpl* impl;
+ };
+
+} // namepsace policyrep
+
+#endif
Added: branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,144 @@
+/* Author: Karl MacMillan <kma...@me...> */
+
+#ifndef __te_decl_hpp__
+#define __te_decl_hpp__
+
+#include <policyrep/policy_base.hpp>
+
+namespace policyrep
+{
+
+ //
+ // Type
+ //
+
+ struct TypeImpl;
+ class Type : public Node
+ {
+ public:
+ Type();
+ Type(const std::string& name);
+ Type(const Type& other);
+ virtual ~Type();
+ virtual void operator=(const Type& other);
+
+ template<class T>
+ Type(const std::string& name, T attrs_begin, T end)
+ {
+ init();
+ set_name(name);
+ attributes().insert(attrs_begin, end);
+ }
+
+ template<class T, class U>
+ Type(const std::string name, T attrs_begin, T end,
+ U aliases_begin, U aliases_end)
+ {
+ init();
+ set_name(name);
+ attributes().insert(attrs_begin, end);
+ aliases().insert(aliases_begin, aliases_end);
+ }
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+
+ virtual StringSet& aliases();
+ virtual StringSet& attributes();
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ void init();
+ TypeImpl* impl;
+ };
+ typedef boost::shared_ptr<Type> TypePtr;
+
+ //
+ // Attribute
+ //
+
+ struct AttributeImpl;
+ class Attribute : public Node
+ {
+ public:
+ Attribute();
+ Attribute(const std::string& name);
+ Attribute(const Attribute& other);
+ virtual ~Attribute();
+ virtual void operator=(const Attribute& other);
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ AttributeImpl* impl;
+ };
+ typedef boost::shared_ptr<Attribute> AttributePtr;
+
+ //
+ // TypeAttribute
+ //
+
+ struct TypeAttributeImpl;
+ class TypeAttribute : public Node
+ {
+ public:
+ TypeAttribute();
+ TypeAttribute(const TypeAttribute& other);
+ virtual ~TypeAttribute();
+ virtual void operator=(const TypeAttribute& other);
+
+ template<class T>
+ TypeAttribute(const std::string& name, T attrs_begin,
+ T attrs_end)
+ {
+ init();
+ set_name(name);
+ attributes().insert(attrs_begin, attrs_end);
+ }
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+ virtual StringSet& attributes();
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ void init();
+ TypeAttributeImpl* impl;
+ };
+ typedef boost::shared_ptr<TypeAttribute> TypeAttributePtr;
+
+ //
+ // TypeAlias
+ //
+
+ struct TypeAliasImpl;
+ class TypeAlias : public Node
+ {
+ public:
+ TypeAlias();
+ TypeAlias(const TypeAlias& other);
+ virtual ~TypeAlias();
+ virtual void operator=(const TypeAlias& other);
+
+ template<class T>
+ TypeAlias(const std::string& name, T attrs_begin,
+ T attrs_end)
+ {
+ init();
+ set_name(name);
+ aliases().insert(attrs_begin, attrs_end);
+ }
+
+ virtual const std::string& get_name() const;
+ virtual void set_name(const std::string& name);
+ virtual StringSet& aliases();
+ protected:
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ void init();
+ TypeAliasImpl* impl;
+ };
+ typedef boost::shared_ptr<TypeAlias> TypeAliasPtr;
+
+
+} // namespace policyrep
+
+#endif
Added: branches/policyrep/libpolicyrep/src/Makefile
===================================================================
--- branches/policyrep/libpolicyrep/src/Makefile (rev 0)
+++ branches/policyrep/libpolicyrep/src/Makefile 2007-07-11 16:32:42 UTC (rev 2495)
@@ -0,0 +1,76 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+SHLIBDIR ?= $(DESTDIR)/lib
+
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYINC ?= /usr/include/$(PYLIBVER)
+PYLIB ?= /usr/lib/$(PYLIBVER)
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+PYTHONCPP=policyrep_python.cpp
+PYTHONLOBJ=policyrep_python.lo
+PYTHONSO=policyrep.so
+
+LIBVERSION = 1
+
+PARSERGENERATED=policy_parse.cpp policy_parse.hpp policy_scan.cpp stack.hh position.hh scanner-file.cpp location.hh
+PARSEROBJS=policy_parse.o policy_scan.o
+PARSERLOBJS=policy_parse.lo policy_scan.lo
+
+LIBA=libpolicyrep.a
+TARGET=libpolicyrep.so
+LIBSO=$(TARGET).$(LIBVERSION)
+OBJS= $(PARSEROBJS) $(patsubst %.cpp,%.o,$(filter-out $(PYTHONCPP), $(wildcard *.cpp)))
+LOBJS= $(PARSERLOBJS) $(patsubst %.cpp,%.lo,$(filter-out $(PYTHONCPP), $(wildcard *.cpp)))
+CFLAGS ?= -g -Wall -W -Wmissing-format-attribute -Wno-unused-parameter
+override CFLAGS += -I. -I../include -D_GNU_SOURCE
+LDFLAGS += -lboost_serialization
+
+all: $(LIBA) $(LIBSO) $(PYTHONSO)
+
+$(LIBA): $(OBJS)
+ $(AR) rcs $@ $^
+ ranlib $@
+
+$(LIBSO): $(LOBJS)
+ g++ $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO)
+ ln -sf $@ $(TARGET)
+
+$(PYTHONSO): $(PYTHONLOBJ)
+ g++ $(LDFLAGS) -lboost_python -shared -o $@ $< $(LOBJS) -Wl,-soname,$@
+
+$(PYTHONLOBJ): $(PYTHONCPP)
+ g++ $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+%.o: %.cpp
+ g++ $(CFLAGS) -fPIC -c -o $@ $<
+
+%.lo: %.cpp
+ g++ $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+
+policy_parse.cpp: policy_parse.y
+ bison -o policy_parse.cpp -p policyrep -d policy_parse.y
+
+policy_scan.cpp: policy_scan.l policy_parse.cpp
+ flex policy_scan.l
+
+install: all install-pywrap
+ test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
+ install -m 644 $(LIBA) $(LIBDIR)
+ test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
+ install -m 755 $(LIBSO) $(SHLIBDIR)
+ cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+
+install-pywrap:
+ test -d $(PYTHONLIBDIR)/site-packages || ...
[truncated message content] |
|
From: <mad...@us...> - 2007-08-12 19:45:21
|
Revision: 2513
http://selinux.svn.sourceforge.net/selinux/?rev=2513&view=rev
Author: madmethod
Date: 2007-08-12 12:45:19 -0700 (Sun, 12 Aug 2007)
Log Message:
-----------
policy package support with xar
Modified Paths:
--------------
branches/policyrep/policycoreutils/semodule_package/Makefile
Added Paths:
-----------
branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp
branches/policyrep/libpolicyrep/src/policy_package.cpp
Added: branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp (rev 0)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy_package.hpp 2007-08-12 19:45:19 UTC (rev 2513)
@@ -0,0 +1,72 @@
+/* Author: Joshua Brindle <me...@ma...> */
+
+#ifndef __policy_package_hpp__
+#define __policy_package_hpp__
+
+#include <policyrep/policy.hpp>
+
+namespace policyrep {
+
+struct PolicyPackageImpl;
+
+class PolicyPackage {
+public:
+ PolicyPackage();
+ virtual ~ PolicyPackage();
+
+ virtual Module & get_policy_module() const;
+ virtual void set_policy_module(Module & module);
+
+ virtual char *get_file_contexts() const;
+ virtual void set_file_contexts(char *fc);
+ virtual char *get_seusers() const;
+ virtual void set_seusers(char *su);
+ virtual char *get_user_extra() const;
+ virtual void set_user_extra(char *ue);
+ virtual char *get_netfilter_contexts() const;
+ virtual void set_netfilter_contexts(char *nf);
+
+ virtual void read(char *filename);
+ // PolicyPackage.write does not currently work pending
+ // a bug fix in xar
+ virtual void write(char *filename);
+
+protected:
+ void init();
+ PolicyPackageImpl *impl;
+
+};
+
+// This is a simple archival class that allows a dumb packager
+// e.g., semodule_package to simply set the pathnames for each
+// file in the policy package and call create_archive.
+
+struct PolicyPackageArchiveImpl;
+
+class PolicyPackageArchive {
+public:
+ PolicyPackageArchive();
+ virtual ~ PolicyPackageArchive();
+
+ virtual void set_mod_file(char *mod);
+ virtual char *get_mod_file() const;
+ virtual void set_fc_file(char *fc);
+ virtual char *get_fc_file() const;
+ virtual void set_seusers_file(char *su);
+ virtual char *get_seusers_file() const;
+ virtual void set_user_extra_file(char *ue);
+ virtual char *get_user_extra_file() const;
+ virtual void set_nc_file(char *nf);
+ virtual char *get_nc_file() const;
+
+ virtual void create_archive(char *filename);
+
+protected:
+ void init();
+ PolicyPackageArchiveImpl *impl;
+
+};
+
+} // namespace policyrep
+
+#endif
Added: branches/policyrep/libpolicyrep/src/policy_package.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/policy_package.cpp (rev 0)
+++ branches/policyrep/libpolicyrep/src/policy_package.cpp 2007-08-12 19:45:19 UTC (rev 2513)
@@ -0,0 +1,463 @@
+/*
+ * Author : Joshua Brindle <me...@ma...>
+ *
+ * Copyright (C) 2007 Tresys Technology, llc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+extern "C" {
+#include <xar/xar.h>
+#include <string.h>
+}
+
+#define SELINUX_XAR_PROPERTY "selinuxfiletype"
+
+#include <policyrep/parse.hpp>
+#include <policyrep/policy_package.hpp>
+#include <sstream>
+#include <iostream>
+#include <stdexcept>
+
+namespace policyrep {
+
+struct PolicyPackageImpl {
+ Module & policy_module;
+ char *file_contexts;
+ char *seusers;
+ char *user_extra;
+ char *netfilter_contexts;
+};
+
+void PolicyPackage::init() {
+ impl = new PolicyPackageImpl;
+ impl->file_contexts = NULL;
+ impl->seusers = NULL;
+ impl->user_extra = NULL;
+ impl->netfilter_contexts = NULL;
+}
+
+PolicyPackage::PolicyPackage() {
+ init();
+}
+
+Module & PolicyPackage::get_policy_module() const {
+ return impl->policy_module;
+}
+
+void PolicyPackage::set_policy_module(Module & module) {
+ impl->policy_module = module;
+}
+
+char *PolicyPackage::get_file_contexts() const {
+ return impl->file_contexts;
+}
+
+void PolicyPackage::set_file_contexts(char *fc) {
+ impl->file_contexts = fc;
+}
+
+char *PolicyPackage::get_seusers() const {
+ return impl->seusers;
+}
+
+void PolicyPackage::set_seusers(char *se) {
+ impl->seusers = se;
+}
+
+char *PolicyPackage::get_user_extra() const {
+ return impl->user_extra;
+}
+
+void PolicyPackage::set_user_extra(char *ue) {
+ impl->user_extra = ue;
+}
+
+char *PolicyPackage::get_netfilter_contexts() const {
+ return impl->netfilter_contexts;
+}
+
+void PolicyPackage::set_netfilter_contexts(char *nc) {
+ impl->netfilter_contexts = nc;
+}
+
+void PolicyPackage::read(char *filename) {
+ xar_t x;
+ xar_file_t f;
+ xar_iter_t i;
+
+ i = xar_iter_new();
+
+ if (i == NULL) {
+ throw std::bad_alloc();
+ }
+
+ x = xar_open(filename, READ);
+
+ if (x == NULL) {
+ throw std::
+ runtime_error("Unable to open policy package");
+ }
+
+ for (f = xar_file_first(x, i); f; f = xar_file_next(i)) {
+ size_t sz;
+ char *fbuf;
+ const char *filetype;
+ int32_t ret;
+
+ ret = xar_extract_tobuffersz(x, f, &fbuf, &sz);
+
+ if (ret) {
+ // This can happen if the file is 0 bytes
+ // or is a symlink, directory, etc. We might want
+ // to put code here to check those cases and bail
+ // but for now we just ignore them and continue.
+ continue;
+ }
+
+ ret = xar_prop_get(f, SELINUX_XAR_PROPERTY, &filetype);
+
+ if (ret) {
+ xar_close(x);
+ throw std::runtime_error("Error getting name property of file");
+ }
+
+ if (strcmp(filetype, "policy_module") == 0) {
+ Parser p;
+ // TODO add parser constructor that takes a char * and call here
+ continue;
+ } else if (strcmp(filetype, "file_contexts") == 0) {
+ if (impl->file_contexts) {
+ xar_close(x);
+ throw std::range_error("Multiple file_contexts files in policy package");
+ }
+
+ impl->file_contexts = fbuf;
+
+ continue;
+ } else if (strcmp(filetype, "seusers") == 0) {
+ if (impl->seusers) {
+ xar_close(x);
+ throw std::range_error("Multiple seusers files in policy package");
+ }
+
+ impl->seusers = fbuf;
+
+ continue;
+ } else if (strcmp(filetype, "user_extra") == 0) {
+ if (impl->user_extra) {
+ xar_close(x);
+ throw std::range_error("Multiple user_extra files in policy package");
+ }
+
+ impl->user_extra = fbuf;
+
+ continue;
+ } else if (strcmp(filetype, "netfilter_contexts") == 0) {
+ if (impl->netfilter_contexts) {
+ xar_close(x);
+ throw std::range_error("Multiple netfilter_contexts files in policy package");
+ }
+
+ impl->netfilter_contexts = fbuf;
+
+ continue;
+ } else {
+ // unrecognized file, just skip it
+ free(fbuf);
+ continue;
+ }
+
+ }
+
+ xar_close(x);
+}
+
+void PolicyPackage::write(char *filename) {
+
+ // just return -1 for now, this method exposes a xar bug and won't
+ // work until the bug is fixed.
+
+ return;
+
+ xar_t x;
+ xar_file_t f;
+
+ x = xar_open(filename, WRITE);
+
+ if (x == NULL) {
+ throw std::
+ runtime_error("Unable to open policy package");
+ }
+
+ if (!impl->policy_module.get_name().empty()) {
+ std::stringstream s;
+ char *buf;
+
+ // TODO fix this when the output system has been updated - jjb
+#if 0
+ output_tree(s, impl->policy_module);
+
+ if (s.str().empty()) {
+ throw std::runtime_error("Error serializing module");
+ }
+
+ buf = strdup(s.str().c_str());
+
+ f = xar_add_frombuffer(x, NULL, "policy_module", buf, s.str().length());
+ free(buf);
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing policy module to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "policy_module")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting policy_module property in policy package");
+ }
+
+#endif
+ }
+
+ if (impl->file_contexts) {
+ f = xar_add_frombuffer(x, NULL, "file_contexts",
+ impl->file_contexts,
+ strlen(impl->file_contexts));
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing file_contexts to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "file_contexts")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting file_contexts property in policy package");
+ }
+ }
+
+ if (impl->seusers) {
+ f = xar_add_frombuffer(x, NULL, "seusers",
+ impl->seusers,
+ strlen(impl->seusers));
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing seusers to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "seusers")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting seusers property in policy package");
+ }
+ }
+
+ if (impl->user_extra) {
+ f = xar_add_frombuffer(x, NULL, "user_extra",
+ impl->user_extra,
+ strlen(impl->user_extra));
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing user_extra to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "user_extra")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting user_extra property in policy package");
+ }
+ }
+
+ if (impl->netfilter_contexts) {
+ f = xar_add_frombuffer(x, NULL, "netfilter_contexts",
+ impl->netfilter_contexts,
+ strlen(impl->
+ netfilter_contexts));
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing netfilter_contexts to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "netfilter_contexts")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting netfilter_contexts property in policy package");
+ }
+ }
+
+ xar_close(x);
+}
+
+PolicyPackage::~PolicyPackage() {
+ delete impl;
+}
+
+//
+// PolicyPackageArchive
+// This class is used for creating a policy package file from individual files.
+// Set the filenames for each kind of file (module, file_contexts, etc) then
+// call create_archive.
+
+struct PolicyPackageArchiveImpl {
+ char *mod_file;
+ char *fc_file;
+ char *seusers_file;
+ char *user_extra_file;
+ char *nc_file;
+};
+
+void PolicyPackageArchive::init() {
+ impl = new PolicyPackageArchiveImpl;
+ impl->mod_file = NULL;
+ impl->fc_file = NULL;
+ impl->seusers_file = NULL;
+ impl->user_extra_file = NULL;
+ impl->nc_file = NULL;
+}
+
+PolicyPackageArchive::PolicyPackageArchive() {
+ init();
+}
+
+void PolicyPackageArchive::set_mod_file(char *mod) {
+ impl->mod_file = mod;
+}
+
+char *PolicyPackageArchive::get_mod_file() const {
+ return impl->mod_file;
+}
+
+void PolicyPackageArchive::set_fc_file(char *fc) {
+ impl->fc_file = fc;
+}
+
+char *PolicyPackageArchive::get_fc_file() const {
+ return impl->fc_file;
+}
+
+void PolicyPackageArchive::set_seusers_file(char *su) {
+ impl->seusers_file = su;
+}
+
+char *PolicyPackageArchive::get_seusers_file() const {
+ return impl->seusers_file;
+}
+
+void PolicyPackageArchive::set_user_extra_file(char *ue) {
+ impl->user_extra_file = ue;
+}
+
+char *PolicyPackageArchive::get_user_extra_file() const {
+ return impl->user_extra_file;
+}
+
+void PolicyPackageArchive::set_nc_file(char *nc) {
+ impl->nc_file = nc;
+}
+
+char *PolicyPackageArchive::get_nc_file() const {
+ return impl->nc_file;
+}
+
+void PolicyPackageArchive::create_archive(char *filename) {
+ xar_t x;
+ xar_file_t f;
+
+ x = xar_open(filename, WRITE);
+
+ if (x == NULL) {
+ throw std::runtime_error("Unable to open policy package");
+ }
+
+ if (impl->mod_file) {
+ f = xar_add(x, impl->mod_file);
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing module to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "module")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting module property in policy package");
+ }
+ }
+
+ if (impl->fc_file) {
+ f = xar_add(x, impl->fc_file);
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing file_contexts to policy package");
+ }
+
+ if (xar_prop_set
+ (f, SELINUX_XAR_PROPERTY, "file_contexts")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting file_contexts property in policy package");
+ }
+ }
+
+ if (impl->seusers_file) {
+ f = xar_add(x, impl->seusers_file);
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing seusers to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "seusers")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting seusers property in policy package");
+ }
+ }
+
+ if (impl->user_extra_file) {
+ f = xar_add(x, impl->user_extra_file);
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing user_extra to policy package");
+ }
+
+ if (xar_prop_set(f, SELINUX_XAR_PROPERTY, "user_extra")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting user_extra property in policy package");
+ }
+ }
+
+ if (impl->nc_file) {
+ f = xar_add(x, impl->nc_file);
+
+ if (!f) {
+ xar_close(x);
+ throw std::runtime_error("Error writing netfilter_contexts to policy package");
+ }
+
+ if (xar_prop_set
+ (f, SELINUX_XAR_PROPERTY, "netfilter_contexts")) {
+ xar_close(x);
+ throw std::runtime_error("Error setting netfilter_contexts property in policy package");
+ }
+ }
+
+ xar_close(x);
+}
+
+PolicyPackageArchive::~PolicyPackageArchive() {
+ delete impl;
+}
+
+} // namespace policyrep
Modified: branches/policyrep/policycoreutils/semodule_package/Makefile
===================================================================
--- branches/policyrep/policycoreutils/semodule_package/Makefile 2007-08-12 19:42:58 UTC (rev 2512)
+++ branches/policyrep/policycoreutils/semodule_package/Makefile 2007-08-12 19:45:19 UTC (rev 2513)
@@ -7,7 +7,7 @@
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+LDLIBS = -lpolicyrep -lxar -lselinux -L$(LIBDIR)
all: semodule_package
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2007-09-04 18:22:57
|
Revision: 2545
http://selinux.svn.sourceforge.net/selinux/?rev=2545&view=rev
Author: madmethod
Date: 2007-09-04 11:22:54 -0700 (Tue, 04 Sep 2007)
Log Message:
-----------
merge from trunk r2494:HEAD
Modified Paths:
--------------
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/Makefile
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/include/selinux/av_permissions.h
branches/policyrep/libselinux/include/selinux/flask.h
branches/policyrep/libselinux/include/selinux/selinux.h
branches/policyrep/libselinux/man/man3/avc_add_callback.3
branches/policyrep/libselinux/man/man3/avc_cache_stats.3
branches/policyrep/libselinux/man/man3/avc_compute_create.3
branches/policyrep/libselinux/man/man3/avc_context_to_sid.3
branches/policyrep/libselinux/man/man3/avc_has_perm.3
branches/policyrep/libselinux/man/man3/avc_init.3
branches/policyrep/libselinux/man/man3/context_new.3
branches/policyrep/libselinux/man/man3/freecon.3
branches/policyrep/libselinux/man/man3/get_ordered_context_list.3
branches/policyrep/libselinux/man/man3/getcon.3
branches/policyrep/libselinux/man/man3/getexeccon.3
branches/policyrep/libselinux/man/man3/getfilecon.3
branches/policyrep/libselinux/man/man3/getfscreatecon.3
branches/policyrep/libselinux/man/man3/getseuserbyname.3
branches/policyrep/libselinux/man/man3/is_context_customizable.3
branches/policyrep/libselinux/man/man3/matchmediacon.3
branches/policyrep/libselinux/man/man3/matchpathcon.3
branches/policyrep/libselinux/man/man3/security_class_to_string.3
branches/policyrep/libselinux/man/man3/security_compute_av.3
branches/policyrep/libselinux/man/man3/security_getenforce.3
branches/policyrep/libselinux/man/man3/security_load_booleans.3
branches/policyrep/libselinux/man/man3/selabel_lookup.3
branches/policyrep/libselinux/man/man3/selabel_open.3
branches/policyrep/libselinux/man/man3/selabel_stats.3
branches/policyrep/libselinux/man/man3/selinux_binary_policy_path.3
branches/policyrep/libselinux/man/man3/selinux_getenforcemode.3
branches/policyrep/libselinux/man/man3/selinux_policy_root.3
branches/policyrep/libselinux/man/man3/selinux_set_callback.3
branches/policyrep/libselinux/man/man3/setfilecon.3
branches/policyrep/libselinux/man/man5/selabel_file.5
branches/policyrep/libselinux/man/man5/selabel_media.5
branches/policyrep/libselinux/man/man5/selabel_x.5
branches/policyrep/libselinux/man/man8/matchpathcon.8
branches/policyrep/libselinux/man/man8/selinux.8
branches/policyrep/libselinux/src/Makefile
branches/policyrep/libselinux/src/file_path_suffixes.h
branches/policyrep/libselinux/src/label_internal.h
branches/policyrep/libselinux/src/label_x.c
branches/policyrep/libselinux/src/mapping.h
branches/policyrep/libselinux/src/matchpathcon.c
branches/policyrep/libselinux/src/selinux_config.c
branches/policyrep/libselinux/src/selinux_internal.h
branches/policyrep/libselinux/src/stringrep.c
branches/policyrep/libsemanage/ChangeLog
branches/policyrep/libsemanage/VERSION
branches/policyrep/libsemanage/include/semanage/handle.h
branches/policyrep/libsemanage/src/Makefile
branches/policyrep/libsemanage/src/conf-parse.y
branches/policyrep/libsemanage/src/conf-scan.l
branches/policyrep/libsemanage/src/handle.c
branches/policyrep/libsemanage/src/libsemanage.map
branches/policyrep/libsemanage/src/semanage_conf.h
branches/policyrep/libsemanage/src/semanage_store.c
branches/policyrep/libsemanage/src/semanage_store.h
branches/policyrep/libsemanage/tests/Makefile
branches/policyrep/libsemanage/tests/libsemanage-tests.c
branches/policyrep/libsepol/ChangeLog
branches/policyrep/libsepol/VERSION
branches/policyrep/libsepol/include/sepol/handle.h
branches/policyrep/libsepol/src/avtab.c
branches/policyrep/libsepol/src/conditional.c
branches/policyrep/libsepol/src/context_record.c
branches/policyrep/libsepol/src/ebitmap.c
branches/policyrep/libsepol/src/expand.c
branches/policyrep/libsepol/src/handle.c
branches/policyrep/libsepol/src/handle.h
branches/policyrep/libsepol/src/libsepol.map
branches/policyrep/libsepol/src/module.c
branches/policyrep/libsepol/src/policydb.c
branches/policyrep/libsepol/src/private.h
branches/policyrep/libsepol/src/services.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/newrole/Makefile
branches/policyrep/policycoreutils/run_init/Makefile
branches/policyrep/policycoreutils/scripts/Makefile
branches/policyrep/policycoreutils/scripts/chcat
branches/policyrep/policycoreutils/scripts/fixfiles
branches/policyrep/policycoreutils/semanage/semanage
branches/policyrep/policycoreutils/semodule/semodule.c
branches/policyrep/sepolgen/ChangeLog
branches/policyrep/sepolgen/VERSION
Added Paths:
-----------
branches/policyrep/libsemanage/src/genhomedircon.c
branches/policyrep/libsemanage/src/genhomedircon.h
branches/policyrep/libsemanage/src/utilities.c
branches/policyrep/libsemanage/src/utilities.h
branches/policyrep/libsemanage/tests/test_utilities.c
branches/policyrep/libsemanage/tests/test_utilities.h
Removed Paths:
-------------
branches/policyrep/policycoreutils/restorecon/
branches/policyrep/policycoreutils/scripts/genhomedircon
branches/policyrep/policycoreutils/scripts/genhomedircon.8
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/ChangeLog 2007-09-04 18:22:54 UTC (rev 2545)
@@ -1,3 +1,26 @@
+2.0.31 2007-08-23
+ * Fix file_contexts.homedirs path from Todd Miller.
+
+2.0.30 2007-08-06
+ * Fix segfault resulting from uninitialized print-callback pointer.
+
+2.0.29 2007-08-02
+ * Added x_contexts path function patch from Eamon Walsh.
+
+2.0.28 2007-08-01
+ * Fix build for EMBEDDED=y from Yuichi Nakamura.
+
+2.0.27 2007-07-25
+ * Fix markup problems in selinux man pages from Dan Walsh.
+
+2.0.26 2007-07-23
+ * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
+ * Added swigify to top-level Makefile from Dan Walsh.
+
+2.0.25 2007-07-23
+ * Fix for string_to_security_class segfault on x86_64 from Stephen
+ Smalley.
+
2.0.24 2007-09-07
* Fix for getfilecon() for zero-length contexts from Stephen Smalley.
Modified: branches/policyrep/libselinux/Makefile
===================================================================
--- branches/policyrep/libselinux/Makefile 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/Makefile 2007-09-04 18:22:54 UTC (rev 2545)
@@ -8,6 +8,9 @@
override DISABLE_RPM=y
override DISABLE_BOOL=y
endif
+ifeq ($(DISABLE_AVC),y)
+ EMFLAGS+= -DDISABLE_AVC
+endif
ifeq ($(DISABLE_BOOL),y)
EMFLAGS+= -DDISABLE_BOOL
endif
@@ -20,6 +23,9 @@
$(MAKE) -C src
$(MAKE) -C utils
+swigify: all
+ $(MAKE) -C src swigify
+
pywrap:
$(MAKE) -C src pywrap
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/VERSION 2007-09-04 18:22:54 UTC (rev 2545)
@@ -1 +1 @@
-2.0.24
+2.0.31
Modified: branches/policyrep/libselinux/include/selinux/av_permissions.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/av_permissions.h 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/include/selinux/av_permissions.h 2007-09-04 18:22:54 UTC (rev 2545)
@@ -290,12 +290,16 @@
#define NODE__RAWIP_RECV 0x00000010UL
#define NODE__RAWIP_SEND 0x00000020UL
#define NODE__ENFORCE_DEST 0x00000040UL
+#define NODE__DCCP_RECV 0x00000080UL
+#define NODE__DCCP_SEND 0x00000100UL
#define NETIF__TCP_RECV 0x00000001UL
#define NETIF__TCP_SEND 0x00000002UL
#define NETIF__UDP_RECV 0x00000004UL
#define NETIF__UDP_SEND 0x00000008UL
#define NETIF__RAWIP_RECV 0x00000010UL
#define NETIF__RAWIP_SEND 0x00000020UL
+#define NETIF__DCCP_RECV 0x00000040UL
+#define NETIF__DCCP_SEND 0x00000080UL
#define NETLINK_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SOCKET__READ 0x00000002UL
#define NETLINK_SOCKET__WRITE 0x00000004UL
@@ -837,6 +841,8 @@
#define NSCD__SHMEMPWD 0x00000020UL
#define NSCD__SHMEMGRP 0x00000040UL
#define NSCD__SHMEMHOST 0x00000080UL
+#define NSCD__GETSERV 0x00000100UL
+#define NSCD__SHMEMSERV 0x00000200UL
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
@@ -897,3 +903,28 @@
#define KEY__CREATE 0x00000040UL
#define CONTEXT__TRANSLATE 0x00000001UL
#define CONTEXT__CONTAINS 0x00000002UL
+#define DCCP_SOCKET__IOCTL 0x00000001UL
+#define DCCP_SOCKET__READ 0x00000002UL
+#define DCCP_SOCKET__WRITE 0x00000004UL
+#define DCCP_SOCKET__CREATE 0x00000008UL
+#define DCCP_SOCKET__GETATTR 0x00000010UL
+#define DCCP_SOCKET__SETATTR 0x00000020UL
+#define DCCP_SOCKET__LOCK 0x00000040UL
+#define DCCP_SOCKET__RELABELFROM 0x00000080UL
+#define DCCP_SOCKET__RELABELTO 0x00000100UL
+#define DCCP_SOCKET__APPEND 0x00000200UL
+#define DCCP_SOCKET__BIND 0x00000400UL
+#define DCCP_SOCKET__CONNECT 0x00000800UL
+#define DCCP_SOCKET__LISTEN 0x00001000UL
+#define DCCP_SOCKET__ACCEPT 0x00002000UL
+#define DCCP_SOCKET__GETOPT 0x00004000UL
+#define DCCP_SOCKET__SETOPT 0x00008000UL
+#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
+#define DCCP_SOCKET__RECVFROM 0x00020000UL
+#define DCCP_SOCKET__SENDTO 0x00040000UL
+#define DCCP_SOCKET__RECV_MSG 0x00080000UL
+#define DCCP_SOCKET__SEND_MSG 0x00100000UL
+#define DCCP_SOCKET__NAME_BIND 0x00200000UL
+#define DCCP_SOCKET__NODE_BIND 0x00400000UL
+#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
+#define MEMPROTECT__MMAP_ZERO 0x00000001UL
Modified: branches/policyrep/libselinux/include/selinux/flask.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/flask.h 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/include/selinux/flask.h 2007-09-04 18:22:54 UTC (rev 2545)
@@ -64,6 +64,8 @@
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
#define SECCLASS_CONTEXT 59
+#define SECCLASS_DCCP_SOCKET 60
+#define SECCLASS_MEMPROTECT 61
/*
* Security identifier indices for initial entities
Modified: branches/policyrep/libselinux/include/selinux/selinux.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/selinux.h 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/include/selinux/selinux.h 2007-09-04 18:22:54 UTC (rev 2545)
@@ -454,6 +454,7 @@
extern const char *selinux_file_context_local_path(void);
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
+extern const char *selinux_x_context_path(void);
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
extern const char *selinux_booleans_path(void);
Modified: branches/policyrep/libselinux/man/man3/avc_add_callback.3
===================================================================
--- branches/policyrep/libselinux/man/man3/avc_add_callback.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/avc_add_callback.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,26 +6,26 @@
avc_add_callback \- additional event notification for SELinux userspace object managers.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
.in +\w'int avc_add_callback(int (*callback)('u
.BI "security_id_t " ssid ,
-.br
+
.BI "security_id_t " tsid ,
-.br
+
.BI "security_class_t " tclass ,
-.br
+
.BI "access_vector_t " perms ,
-.br
+
.BI "access_vector_t *" out_retained "),"
.in
.in +\w'int avc_add_callback('u
.BI "uint32_t " events ", security_id_t " ssid ,
-.br
+
.BI "security_id_t " tsid ", security_class_t " tclass ,
-.br
+
.BI "access_vector_t " perms ");"
.in
.SH "DESCRIPTION"
Modified: branches/policyrep/libselinux/man/man3/avc_cache_stats.3
===================================================================
--- branches/policyrep/libselinux/man/man3/avc_cache_stats.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/avc_cache_stats.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,7 +6,7 @@
avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "void avc_av_stats(void);"
Modified: branches/policyrep/libselinux/man/man3/avc_compute_create.3
===================================================================
--- branches/policyrep/libselinux/man/man3/avc_compute_create.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/avc_compute_create.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,7 +6,7 @@
avc_compute_create \- obtain SELinux label for new object.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
Modified: branches/policyrep/libselinux/man/man3/avc_context_to_sid.3
===================================================================
--- branches/policyrep/libselinux/man/man3/avc_context_to_sid.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/avc_context_to_sid.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,7 +6,7 @@
avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
Modified: branches/policyrep/libselinux/man/man3/avc_has_perm.3
===================================================================
--- branches/policyrep/libselinux/man/man3/avc_has_perm.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/avc_has_perm.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,7 +6,7 @@
avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
@@ -14,21 +14,21 @@
.BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'int avc_has_perm('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
.in
.sp
.BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'int avc_has_perm('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
.in
.sp
.BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'void avc_audit('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
.in
.SH "DESCRIPTION"
Modified: branches/policyrep/libselinux/man/man3/avc_init.3
===================================================================
--- branches/policyrep/libselinux/man/man3/avc_init.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/avc_init.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,17 +6,17 @@
avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_init(const char *" msgprefix ,
.in +\w'int avc_init('u
.BI "const struct avc_memory_callback *" mem_callbacks ,
-.br
+
.BI "const struct avc_log_callback *" log_callbacks ,
-.br
+
.BI "const struct avc_thread_callback *" thread_callbacks ,
-.br
+
.BI "const struct avc_lock_callback *" lock_callbacks ");"
.in
.sp
Modified: branches/policyrep/libselinux/man/man3/context_new.3
===================================================================
--- branches/policyrep/libselinux/man/man3/context_new.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/context_new.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -4,27 +4,27 @@
.SH "SYNOPSIS"
.B #include <selinux/context.h>
-.br
+
.B "context_t context_new(const char *" context_str );
-.br
+
.B "const char * context_str(context_t " con );
-.br
+
.B "void context_free(context_t " con );
-.br
+
.B "const char * context_type_get(context_t " con );
-.br
+
.B "const char * context_range_get(context_t " con );
-.br
+
.B "const char * context_role_get(context_t " con );
-.br
+
.B "const char * context_user_get(context_t " con );
-.br
+
.B "const char * context_type_set(context_t " con ", const char* " type);
-.br
+
.B "const char * context_range_set(context_t " con ", const char* " range);
-.br
+
.B "const char * context_role_set(context_t " con ", const char* " role );
-.br
+
.B "const char * context_user_set(context_t " con ", const char* " user );
.SH "DESCRIPTION"
Modified: branches/policyrep/libselinux/man/man3/freecon.3
===================================================================
--- branches/policyrep/libselinux/man/man3/freecon.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/freecon.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -5,7 +5,7 @@
.B #include <selinux/selinux.h>
.sp
.BI "void freecon(security_context_t "con );
-.br
+
.BI "void freeconary(security_context_t *" con );
.SH "DESCRIPTION"
Modified: branches/policyrep/libselinux/man/man3/get_ordered_context_list.3
===================================================================
--- branches/policyrep/libselinux/man/man3/get_ordered_context_list.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/get_ordered_context_list.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -4,7 +4,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/get_context_list.h>
.sp
.BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
Modified: branches/policyrep/libselinux/man/man3/getcon.3
===================================================================
--- branches/policyrep/libselinux/man/man3/getcon.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/getcon.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -1,21 +1,21 @@
.TH "getcon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getcon, getprevcon, getpidcon \- get SELinux security context of a process.
-.br
+
getpeercon - get security context of a peer socket.
-.br
+
setcon - set current security context of a process.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getcon(security_context_t *" context );
-.br
+
.BI "int getprevcon(security_context_t *" context );
-.br
+
.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
-.br
+
.BI "int getpeercon(int " fd ", security_context_t *" context);
-.br
+
.BI "int setcon(security_context_t " context);
.SH "DESCRIPTION"
Modified: branches/policyrep/libselinux/man/man3/getexeccon.3
===================================================================
--- branches/policyrep/libselinux/man/man3/getexeccon.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/getexeccon.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -1,16 +1,16 @@
.TH "getexeccon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
-.br
+
rpm_execcon \- run a helper for rpm in an appropriate security context
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getexeccon(security_context_t *" context );
-.br
+
.BI "int setexeccon(security_context_t "context );
-.br
+
.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
.SH "DESCRIPTION"
@@ -26,17 +26,17 @@
setexeccon to reset to the default policy behavior.
The exec context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
-.br
+
setexeccon can be applied prior to library
functions that internally perform an execve, e.g. execl*, execv*, popen,
in order to set an exec context for that operation.
-.br
+
Note: Signal handlers that perform an execve must take care to
save, reset, and restore the exec context to avoid unexpected behaviors.
-.br
+
.B rpm_execcon
runs a helper for rpm in an appropriate security context. The
verified parameter should contain the return code from the signature
Modified: branches/policyrep/libselinux/man/man3/getfilecon.3
===================================================================
--- branches/policyrep/libselinux/man/man3/getfilecon.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/getfilecon.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -5,9 +5,9 @@
.B #include <selinux/selinux.h>
.sp
.BI "int getfilecon(const char *" path ", security_context_t *" con );
-.br
+
.BI "int lgetfilecon(const char *" path ", security_context_t *" con );
-.br
+
.BI "int fgetfilecon(int "fd ", security_context_t *" con );
.SH "DESCRIPTION"
.B getfilecon
@@ -22,7 +22,6 @@
is identical to getfilecon, only the open file pointed to by filedes (as
returned by open(2)) is interrogated in place of path.
-.br
The returned context should be freed with freecon if non-NULL.
.SH "RETURN VALUE"
Modified: branches/policyrep/libselinux/man/man3/getfscreatecon.3
===================================================================
--- branches/policyrep/libselinux/man/man3/getfscreatecon.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/getfscreatecon.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,7 +6,7 @@
.B #include <selinux/selinux.h>
.sp
.BI "int getfscreatecon(security_context_t *" con );
-.br
+
.BI "int setfscreatecon(security_context_t "context );
.SH "DESCRIPTION"
@@ -22,12 +22,12 @@
setfscreatecon to reset to the default policy behavior.
The fscreate context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
-.br
+
setfscreatecon can be applied prior to library
functions that internally perform an file creation,
in order to set an file context on the objects.
-.br
+
Note: Signal handlers that perform an setfscreate must take care to
save, reset, and restore the fscreate context to avoid unexpected behaviors.
.SH "RETURN VALUE"
Modified: branches/policyrep/libselinux/man/man3/getseuserbyname.3
===================================================================
--- branches/policyrep/libselinux/man/man3/getseuserbyname.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/getseuserbyname.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -12,8 +12,8 @@
then be passed to other libselinux functions such as
get_ordered_context_list_with_level and get_default_context_with_level.
-.br
+
The returned SELinux username and level should be freed by the caller
using free.
.SH "RETURN VALUE"
Modified: branches/policyrep/libselinux/man/man3/is_context_customizable.3
===================================================================
--- branches/policyrep/libselinux/man/man3/is_context_customizable.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/is_context_customizable.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -8,7 +8,7 @@
.SH "DESCRIPTION"
.B is_context_customizable
-.br
+
This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
Modified: branches/policyrep/libselinux/man/man3/matchmediacon.3
===================================================================
--- branches/policyrep/libselinux/man/man3/matchmediacon.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/matchmediacon.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,14 +6,14 @@
.B #include <selinux/selinux.h>
.sp
.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
-.br
+
.SH "DESCRIPTION"
-.br
+
.B matchmediacon
matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
.sp
-.br
+
.B Note:
Caller must free returned security context "con" using freecon.
.SH "RETURN VALUE"
Modified: branches/policyrep/libselinux/man/man3/matchpathcon.3
===================================================================
--- branches/policyrep/libselinux/man/man3/matchpathcon.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/matchpathcon.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,18 +6,18 @@
.B #include <selinux/selinux.h>
.sp
.BI "int matchpathcon_init(const char *" path ");"
-.br
+
.BI "int matchpathcon_fini(void);"
-.br
+
.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
.sp
-.br
+
.BI "void set_matchpathcon_printf(void (*" f ")(const char *" fmt ", ...));"
-.br
+
.BI "void set_matchpathcon_invalidcon(int (*" f ")(const char *"path ", unsigned " lineno ", char * " context "));"
-.br
+
.BI "void set_matchpathcon_flags(unsigned int " flags ");"
-.br
+
.SH "DESCRIPTION"
.B matchpathcon_init
loads the file contexts configuration specified by
@@ -40,7 +40,7 @@
suffix are also looked up and loaded if present. These files provide
dynamically generated entries for user home directories and for local
customizations.
-.br
+
.sp
.B matchpathcon_fini
frees the memory allocated by a prior call to
@@ -49,7 +49,7 @@
.B matchpathcon_init
calls, or to free memory when finished using
.B matchpathcon.
-.br
+
.sp
.B matchpathcon
matches the specified pathname and mode against the file contexts
@@ -72,14 +72,14 @@
.I path,
defaulting to the active file contexts configuration.
.sp
-.br
+
.B set_matchpathcon_printf
sets the function used by
.B matchpathcon_init
when displaying errors about the file contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect
error reporting to a different destination.
-.br
+
.sp
.B set_matchpathcon_invalidcon
sets the function used by
@@ -100,7 +100,7 @@
and
.I lineno
in such error messages.
-.br
+
.sp
.B set_matchpathcon_flags
sets flags controlling the operation of
@@ -111,7 +111,7 @@
.B MATCHPATHCON_BASEONLY
flag is set, then only the base file contexts configuration file
will be processed, not any dynamically generated entries or local customizations.
-.br
+
.sp
.SH "RETURN VALUE"
Returns 0 on success or -1 otherwise.
Modified: branches/policyrep/libselinux/man/man3/security_class_to_string.3
===================================================================
--- branches/policyrep/libselinux/man/man3/security_class_to_string.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/security_class_to_string.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -8,7 +8,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/flask.h>
.sp
.BI "const char * security_class_to_string(security_class_t " tclass ");"
Modified: branches/policyrep/libselinux/man/man3/security_compute_av.3
===================================================================
--- branches/policyrep/libselinux/man/man3/security_compute_av.3 2007-08-29 13:03:18 UTC (rev 2544)
+++ branches/policyrep/libselinux/man/man3/security_compute_av.3 2007-09-04 18:22:54 UTC (rev 2545)
@@ -6,7 +6,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/flask.h>
.sp
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
Modified: branches/policyrep/libselinux/man/man3/security_getenforce.3
===================================================================
--- branches/policyrep/libselinux/man/man3/security_getenforce.3 2007-08-...
[truncated message content] |
|
From: <mad...@us...> - 2007-10-05 14:05:53
|
Revision: 2639
http://selinux.svn.sourceforge.net/selinux/?rev=2639&view=rev
Author: madmethod
Date: 2007-10-05 07:05:52 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
merge r2545:HEAD from trunk
Modified Paths:
--------------
branches/policyrep/Makefile
branches/policyrep/checkpolicy/ChangeLog
branches/policyrep/checkpolicy/VERSION
branches/policyrep/checkpolicy/checkmodule.c
branches/policyrep/checkpolicy/checkpolicy.c
branches/policyrep/checkpolicy/policy_parse.y
branches/policyrep/checkpolicy/test/dismod.c
branches/policyrep/checkpolicy/test/dispol.c
branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
branches/policyrep/libpolicyrep/src/Makefile
branches/policyrep/libpolicyrep/tests/Makefile
branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/include/selinux/avc.h
branches/policyrep/libselinux/include/selinux/selinux.h
branches/policyrep/libselinux/src/Makefile
branches/policyrep/libselinux/src/avc.c
branches/policyrep/libselinux/src/avc_internal.c
branches/policyrep/libselinux/src/avc_internal.h
branches/policyrep/libselinux/src/callbacks.c
branches/policyrep/libselinux/src/fgetfilecon.c
branches/policyrep/libselinux/src/getfilecon.c
branches/policyrep/libselinux/src/lgetfilecon.c
branches/policyrep/libselinux/src/mapping.c
branches/policyrep/libselinux/src/matchpathcon.c
branches/policyrep/libselinux/src/selinux.py
branches/policyrep/libselinux/src/selinuxswig.i
branches/policyrep/libselinux/src/selinuxswig_python.i
branches/policyrep/libselinux/src/selinuxswig_wrap.c
branches/policyrep/libselinux/src/setrans_client.c
branches/policyrep/libselinux/src/setrans_internal.h
branches/policyrep/libselinux/src/stringrep.c
branches/policyrep/libselinux/utils/togglesebool.c
branches/policyrep/libsemanage/ChangeLog
branches/policyrep/libsemanage/Makefile
branches/policyrep/libsemanage/VERSION
branches/policyrep/libsemanage/src/Makefile
branches/policyrep/libsemanage/src/debug.c
branches/policyrep/libsemanage/src/direct_api.c
branches/policyrep/libsemanage/src/genhomedircon.c
branches/policyrep/libsemanage/src/genhomedircon.h
branches/policyrep/libsemanage/src/semanage.py
branches/policyrep/libsemanage/src/semanage_store.c
branches/policyrep/libsemanage/src/semanage_store.h
branches/policyrep/libsemanage/src/semanageswig_wrap.c
branches/policyrep/libsemanage/src/utilities.c
branches/policyrep/libsepol/ChangeLog
branches/policyrep/libsepol/VERSION
branches/policyrep/libsepol/include/sepol/policydb/policydb.h
branches/policyrep/libsepol/src/Makefile
branches/policyrep/libsepol/src/policydb.c
branches/policyrep/libsepol/src/private.h
branches/policyrep/libsepol/src/write.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/semanage/semanage
branches/policyrep/policycoreutils/semanage/seobject.py
branches/policyrep/policycoreutils/semodule/semodule.8
branches/policyrep/policycoreutils/semodule/semodule.c
branches/policyrep/policycoreutils/setfiles/setfiles.c
branches/policyrep/sepolgen/ChangeLog
branches/policyrep/sepolgen/VERSION
branches/policyrep/sepolgen/src/sepolgen/audit.py
branches/policyrep/sepolgen/src/sepolgen/refparser.py
branches/policyrep/sepolgen/src/sepolgen/refpolicy.py
branches/policyrep/sepolgen/tests/test_audit.py
Modified: branches/policyrep/Makefile
===================================================================
--- branches/policyrep/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,5 +1,5 @@
-SUBDIRS=libsepol libselinux libsemanage libpolicyrep sepolgen checkpolicy policycoreutils # policy
-PYSUBDIRS=libselinux libsemanage
+SUBDIRS=libsepol libselinux libpolicyrep sepolgen policycoreutils # policy checkpolicy
+PYSUBDIRS=libselinux
ifeq ($(DEBUG),1)
export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
Modified: branches/policyrep/checkpolicy/ChangeLog
===================================================================
--- branches/policyrep/checkpolicy/ChangeLog 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/ChangeLog 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,3 +1,8 @@
+2.0.4 2007-09-18
+ * Merged handle unknown policydb flag support from Eric Paris.
+ Adds new command line options -U {allow, reject, deny} for selecting
+ the flag when a base module or kernel policy is built.
+
2.0.3 2007-05-31
* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
Modified: branches/policyrep/checkpolicy/VERSION
===================================================================
--- branches/policyrep/checkpolicy/VERSION 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/VERSION 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1 +1 @@
-2.0.3
+2.0.4
Modified: branches/policyrep/checkpolicy/checkmodule.c
===================================================================
--- branches/policyrep/checkpolicy/checkmodule.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/checkmodule.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -39,6 +39,7 @@
static sidtab_t sidtab;
extern int mlspol;
+extern int handle_unknown;
static char *txtfile = "policy.conf";
static char *binfile = "policy";
@@ -121,6 +122,7 @@
p->policy_type = policy_type;
p->policyvers = policyvers;
+ p->handle_unknown = handle_unknown;
pf.type = PF_USE_STDIO;
pf.fp = outfp;
@@ -135,13 +137,17 @@
static void usage(char *progname)
{
- printf("usage: %s [-V] [-b] [-m] [-M] [-o FILE] [INPUT]\n", progname);
+ printf("usage: %s [-V] [-b] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname);
printf("Build base and policy modules.\n");
printf("Options:\n");
printf(" INPUT build module from INPUT (else read from \"%s\")\n",
txtfile);
printf(" -V show policy versions created by this program\n");
printf(" -b treat input as a binary policy file\n");
+ printf(" -U OPTION How to handle unknown classes and permissions\n");
+ printf(" deny: Deny unknown kernel checks\n");
+ printf(" reject: Reject loading of policy with unknowns\n");
+ printf(" allow: Allow unknown kernel checks\n");
printf(" -m build a policy module instead of a base module\n");
printf(" -M enable MLS policy\n");
printf(" -o FILE write module to FILE (else just check syntax)\n");
@@ -156,7 +162,7 @@
int show_version = 0;
policydb_t modpolicydb;
- while ((ch = getopt(argc, argv, "ho:dbVmM")) != EOF) {
+ while ((ch = getopt(argc, argv, "ho:dbVU:mM")) != EOF) {
switch (ch) {
case 'h':
usage(argv[0]);
@@ -171,6 +177,20 @@
case 'V':
show_version = 1;
break;
+ case 'U':
+ if (!strcasecmp(optarg, "deny")) {
+ handle_unknown = DENY_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "reject")) {
+ handle_unknown = REJECT_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "allow")) {
+ handle_unknown = ALLOW_UNKNOWN;
+ break;
+ }
+ usage(argv[0]);
case 'm':
policy_type = POLICY_MOD;
policyvers = MOD_POLICYDB_VERSION_MAX;
@@ -189,6 +209,12 @@
exit(0);
}
+ if (handle_unknown && (policy_type != POLICY_BASE)) {
+ printf("Handling of unknown classes and permissions is only ");
+ printf("valid in the base module\n");
+ exit(1);
+ }
+
if (optind != argc) {
file = argv[optind++];
if (optind != argc)
@@ -214,6 +240,7 @@
modpolicydb.policy_type = policy_type;
modpolicydb.mls = mlspol;
+ modpolicydb.handle_unknown = handle_unknown;
if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {
exit(1);
Modified: branches/policyrep/checkpolicy/checkpolicy.c
===================================================================
--- branches/policyrep/checkpolicy/checkpolicy.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/checkpolicy.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -90,6 +90,7 @@
extern policydb_t *policydbp;
extern int mlspol;
+extern int handle_unknown;
static char *txtfile = "policy.conf";
static char *binfile = "policy";
@@ -99,7 +100,7 @@
void usage(char *progname)
{
printf
- ("usage: %s [-b] [-d] [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
+ ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
}
@@ -390,7 +391,7 @@
int show_version = 0;
struct policy_file pf;
- while ((ch = getopt(argc, argv, "o:dbMVc:")) != EOF) {
+ while ((ch = getopt(argc, argv, "o:dbU:MVc:")) != EOF) {
switch (ch) {
case 'o':
outfile = optarg;
@@ -405,6 +406,20 @@
case 'V':
show_version = 1;
break;
+ case 'U':
+ if (!strcasecmp(optarg, "deny")) {
+ handle_unknown = DENY_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "allow")) {
+ handle_unknown = ALLOW_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "reject")) {
+ handle_unknown = REJECT_UNKNOWN;
+ break;
+ }
+ usage(argv[0]);
case 'M':
mlspol = 1;
break;
@@ -515,6 +530,7 @@
/* Let sepol know if we are dealing with MLS support */
parse_policy.mls = mlspol;
+ parse_policy.handle_unknown = handle_unknown;
policydbp = &parse_policy;
Modified: branches/policyrep/checkpolicy/policy_parse.y
===================================================================
--- branches/policyrep/checkpolicy/policy_parse.y 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/policy_parse.y 2007-10-05 14:05:52 UTC (rev 2639)
@@ -67,6 +67,7 @@
static unsigned int pass;
char *curfile = 0;
int mlspol = 0;
+int handle_unknown = 0;
extern unsigned long policydb_lineno;
extern unsigned long source_lineno;
Modified: branches/policyrep/checkpolicy/test/dismod.c
===================================================================
--- branches/policyrep/checkpolicy/test/dismod.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/test/dismod.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -665,6 +665,17 @@
return 0;
}
+int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+{
+ if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ fprintf(out_fp, "Allow unknown classes and perms\n");
+ else if (policydb->handle_unknown == DENY_UNKNOWN)
+ fprintf(out_fp, "Deny unknown classes and perms\n");
+ else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ fprintf(out_fp, "Reject unknown classes and perms\n");
+ return 0;
+}
+
static int read_policy(char *filename, policydb_t * policy)
{
FILE *in_fp;
@@ -771,6 +782,7 @@
printf("a) Display avrule requirements\n");
printf("b) Display avrule declarations\n");
printf("l) Link in a module\n");
+ printf("u) Display the unknown handling setting\n");
printf("\n");
printf("f) set output file\n");
printf("m) display menu\n");
@@ -879,6 +891,10 @@
fprintf(out_fp, "avrule block declarations:\n");
display_avblock(6, 0, &policydb, out_fp);
break;
+ case 'u':
+ case 'U':
+ display_handle_unknown(&policydb, out_fp);
+ break;
case 'f':
printf
("\nFilename for output (<CR> for screen output): ");
Modified: branches/policyrep/checkpolicy/test/dispol.c
===================================================================
--- branches/policyrep/checkpolicy/test/dispol.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/test/dispol.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -273,6 +273,17 @@
return 1;
}
+int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+{
+ if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ fprintf(out_fp, "Allow unknown classes and permisions\n");
+ else if (policydb->handle_unknown == DENY_UNKNOWN)
+ fprintf(out_fp, "Deny unknown classes and permisions\n");
+ else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ fprintf(out_fp, "Reject unknown classes and permisions\n");
+ return 0;
+}
+
int change_bool(char *name, int state, policydb_t * p, FILE * fp)
{
cond_bool_datum_t *bool;
@@ -298,6 +309,7 @@
printf("6) display conditional expressions\n");
printf("7) change a boolean value\n");
printf("\n");
+ printf("u) display unknown handling setting\n");
printf("f) set output file\n");
printf("m) display menu\n");
printf("q) quit\n");
@@ -409,6 +421,10 @@
change_bool(name, state, &policydb, out_fp);
free(name);
break;
+ case 'u':
+ case 'U':
+ display_handle_unknown(&policydb, out_fp);
+ break;
case 'f':
printf
("\nFilename for output (<CR> for screen output): ");
Modified: branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2007-10-05 14:05:52 UTC (rev 2639)
@@ -24,6 +24,8 @@
typedef boost::shared_ptr<Parent> ParentPtr;
class TreeIterator;
+
+ class Policydb;
// Convenience typedefs
typedef std::vector<NodePtr> NodeVector;
Modified: branches/policyrep/libpolicyrep/src/Makefile
===================================================================
--- branches/policyrep/libpolicyrep/src/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/src/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -32,20 +32,20 @@
ranlib $@
$(LIBSO): $(LOBJS)
- g++ $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO)
+ $(CXX) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO)
ln -sf $@ $(TARGET)
$(PYTHONSO): $(PYTHONLOBJ)
- g++ $(LDFLAGS) -lboost_python -shared -o $@ $< $(LOBJS) -Wl,-soname,$@
+ $(CXX) $(LDFLAGS) -lboost_python -shared -o $@ $< $(LOBJS) -Wl,-soname,$@
$(PYTHONLOBJ): $(PYTHONCPP)
- g++ $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CXX) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
%.o: %.cpp
- g++ $(CFLAGS) -fPIC -c -o $@ $<
+ $(CXX) $(CFLAGS) -fPIC -c -o $@ $<
%.lo: %.cpp
- g++ $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+ $(CXX) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
policy_parse.cpp: policy_parse.y
bison -o policy_parse.cpp -p policyrep -d policy_parse.y
Modified: branches/policyrep/libpolicyrep/tests/Makefile
===================================================================
--- branches/policyrep/libpolicyrep/tests/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/tests/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -4,7 +4,7 @@
CFLAGS += -g3 -gdwarf-2 -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter -Werror -I../include
-LIBPOLICYREP := ../src/libpolicyrep.a
+LIBPOLICYREP := ../src/libpolicyrep.a ../../libsepol/src/libsepol.a
# test program object files
objs := $(patsubst %.cpp,%.o,$(wildcard *.cpp))
Modified: branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp
===================================================================
--- branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp 2007-10-05 14:05:52 UTC (rev 2639)
@@ -20,6 +20,7 @@
#include <policyrep/policy.hpp>
#include <policyrep/parse.hpp>
+#include <policyrep/generate.hpp>
#include <sstream>
#include <iostream>
@@ -79,6 +80,10 @@
parsed_mod->append_children(mod->children().begin(), mod->children().end());
+
+ Policydb *poldb = new Policydb();
+ poldb->generate(pol);
+
}
int main(int argc, char **argv)
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/ChangeLog 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,3 +1,20 @@
+2.0.36 2007-09-27
+ * Fix segfault resulting from missing file_contexts file.
+
+2.0.35 2007-09-24
+ * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
+ * Pass CFLAGS when using gcc for linking from Dennis Gilmore.
+
+2.0.34 2007-09-18
+ * Fix selabel option flag setting for 64-bit from Stephen Smalley.
+
+2.0.33 2007-09-12
+ * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
+ * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
+
+2.0.32 2007-09-10
+ * Fix swig binding for rpm_execcon from James Athey.
+
2.0.31 2007-08-23
* Fix file_contexts.homedirs path from Todd Miller.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/VERSION 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1 +1 @@
-2.0.31
+2.0.36
Modified: branches/policyrep/libselinux/include/selinux/avc.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/avc.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/include/selinux/avc.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -182,6 +182,17 @@
const struct avc_lock_callback *lock_callbacks);
/**
+ * avc_open - Initialize the AVC.
+ * @opts: array of selabel_opt structures specifying AVC options or NULL.
+ * @nopts: number of elements in opts array or zero for no options.
+ *
+ * This function is identical to avc_init(), except the message prefix
+ * is set to "avc" and any callbacks desired should be specified via
+ * selinux_set_callback(). No options are currently supported.
+ */
+int avc_open(struct selinux_opt *opts, unsigned nopts);
+
+/**
* avc_cleanup - Remove unused SIDs and AVC entries.
*
* Search the SID table for SID structures with zero
Modified: branches/policyrep/libselinux/include/selinux/selinux.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/selinux.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/include/selinux/selinux.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -142,7 +142,8 @@
union selinux_callback {
/* log the printf-style format and arguments,
with the type code indicating the type of message */
- int (*func_log) (int type, const char *fmt, ...);
+ int __attribute__((format(printf, 2, 3)))
+ (*func_log) (int type, const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
int (*func_audit) (void *auditdata, security_class_t cls,
@@ -155,6 +156,7 @@
#define SELINUX_CB_AUDIT 1
#define SELINUX_CB_VALIDATE 2
+extern union selinux_callback selinux_get_callback(int type);
extern void selinux_set_callback(int type, union selinux_callback cb);
/* Logging type codes, passed to the logging callback */
Modified: branches/policyrep/libselinux/src/Makefile
===================================================================
--- branches/policyrep/libselinux/src/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -57,10 +57,10 @@
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
$(LIBSO): $(LOBJS)
- $(CC) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
%.o: %.c policy.h
Modified: branches/policyrep/libselinux/src/avc.c
===================================================================
--- branches/policyrep/libselinux/src/avc.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/avc.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -157,6 +157,12 @@
return rc;
}
+int avc_open(struct selinux_opt *opts __attribute__((unused)),
+ unsigned nopts __attribute__((unused)))
+{
+ return avc_init("avc", NULL, NULL, NULL, NULL);
+}
+
int avc_init(const char *prefix,
const struct avc_memory_callback *mem_cb,
const struct avc_log_callback *log_cb,
Modified: branches/policyrep/libselinux/src/avc_internal.c
===================================================================
--- branches/policyrep/libselinux/src/avc_internal.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/avc_internal.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -61,7 +61,8 @@
rc = fd;
goto out;
}
-
+
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
if (!blocking && fcntl(fd, F_SETFL, O_NONBLOCK)) {
close(fd);
rc = -1;
Modified: branches/policyrep/libselinux/src/avc_internal.h
===================================================================
--- branches/policyrep/libselinux/src/avc_internal.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/avc_internal.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -13,6 +13,7 @@
#include <stdlib.h>
#include <string.h>
#include <selinux/avc.h>
+#include "callbacks.h"
#include "dso.h"
/* SID reference counter manipulation */
@@ -93,13 +94,15 @@
if (avc_func_log) \
avc_func_log(format); \
else \
- fprintf(stderr, format)
+ selinux_log(SELINUX_ERROR, format);
static inline void avc_suppl_audit(void *ptr, security_class_t class,
char *buf, size_t len)
{
if (avc_func_audit)
avc_func_audit(ptr, class, buf, len);
+ else
+ selinux_audit(ptr, class, buf, len);
}
static inline void *avc_create_thread(void (*run) (void))
Modified: branches/policyrep/libselinux/src/callbacks.c
===================================================================
--- branches/policyrep/libselinux/src/callbacks.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/callbacks.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -6,6 +6,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
+#include <errno.h>
#include <selinux/selinux.h>
#include "callbacks.h"
@@ -65,3 +66,27 @@
break;
}
}
+
+/* callback getting function */
+union selinux_callback
+selinux_get_callback(int type)
+{
+ union selinux_callback cb;
+
+ switch (type) {
+ case SELINUX_CB_LOG:
+ cb.func_log = selinux_log;
+ break;
+ case SELINUX_CB_AUDIT:
+ cb.func_audit = selinux_audit;
+ break;
+ case SELINUX_CB_VALIDATE:
+ cb.func_validate = selinux_validate;
+ break;
+ default:
+ memset(&cb, 0, sizeof(cb));
+ errno = EINVAL;
+ break;
+ }
+ return cb;
+}
Modified: branches/policyrep/libselinux/src/fgetfilecon.c
===================================================================
--- branches/policyrep/libselinux/src/fgetfilecon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/fgetfilecon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -37,6 +37,11 @@
ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
}
out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
if (ret < 0)
free(buf);
else
Modified: branches/policyrep/libselinux/src/getfilecon.c
===================================================================
--- branches/policyrep/libselinux/src/getfilecon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/getfilecon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -37,6 +37,11 @@
ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
}
out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
if (ret < 0)
free(buf);
else
Modified: branches/policyrep/libselinux/src/lgetfilecon.c
===================================================================
--- branches/policyrep/libselinux/src/lgetfilecon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/lgetfilecon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -37,6 +37,11 @@
ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
}
out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
if (ret < 0)
free(buf);
else
Modified: branches/policyrep/libselinux/src/mapping.c
===================================================================
--- branches/policyrep/libselinux/src/mapping.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/mapping.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -68,6 +68,11 @@
k = 0;
while (p_in->perms && p_in->perms[k]) {
+ /* An empty permission string skips ahead */
+ if (!*p_in->perms[k]) {
+ k++;
+ continue;
+ }
p_out->perms[k] = string_to_av_perm(p_out->value,
p_in->perms[k]);
if (!p_out->perms[k])
@@ -111,6 +116,7 @@
for (i=0; i<current_mapping[tclass].num_perms; i++)
if (tperm & (1<<i)) {
+ assert(current_mapping[tclass].perms[i]);
kperm |= current_mapping[tclass].perms[i];
tperm &= ~(1<<i);
}
Modified: branches/policyrep/libselinux/src/matchpathcon.c
===================================================================
--- branches/policyrep/libselinux/src/matchpathcon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/matchpathcon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -119,10 +119,10 @@
memset(options, 0, sizeof(options));
i = SELABEL_OPT_BASEONLY;
options[i].type = i;
- options[i].value = (char *)(flags & MATCHPATHCON_BASEONLY);
+ options[i].value = (flags & MATCHPATHCON_BASEONLY) ? (char*)1 : NULL;
i = SELABEL_OPT_VALIDATE;
options[i].type = i;
- options[i].value = (char *)(flags & MATCHPATHCON_VALIDATE);
+ options[i].value = (flags & MATCHPATHCON_VALIDATE) ? (char*)1 : NULL;
notrans = flags & MATCHPATHCON_NOTRANS;
}
@@ -305,8 +305,10 @@
void matchpathcon_fini(void)
{
- selabel_close(hnd);
- hnd = NULL;
+ if (hnd) {
+ selabel_close(hnd);
+ hnd = NULL;
+ }
}
int matchpathcon(const char *name, mode_t mode, security_context_t * con)
Modified: branches/policyrep/libselinux/src/selinux.py
===================================================================
--- branches/policyrep/libselinux/src/selinux.py 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/selinux.py 2007-10-05 14:05:52 UTC (rev 2639)
@@ -277,6 +277,7 @@
selinux_file_context_local_path = _selinux.selinux_file_context_local_path
selinux_homedir_context_path = _selinux.selinux_homedir_context_path
selinux_media_context_path = _selinux.selinux_media_context_path
+selinux_x_context_path = _selinux.selinux_x_context_path
selinux_contexts_path = _selinux.selinux_contexts_path
selinux_securetty_types_path = _selinux.selinux_securetty_types_path
selinux_booleans_path = _selinux.selinux_booleans_path
Modified: branches/policyrep/libselinux/src/selinuxswig.i
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig.i 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/selinuxswig.i 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,22 +1,5 @@
/* Authors: Dan Walsh
* James Athey
- *
- * Copyright (C) 2004-2005 Red Hat
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
Modified: branches/policyrep/libselinux/src/selinuxswig_python.i
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig_python.i 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/selinuxswig_python.i 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,20 +1,4 @@
/* Author: James Athey
- *
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
@@ -98,4 +82,41 @@
}
}
+%typemap(in) char * const [] {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check($input)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size($input);
+
+ $1 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem($input, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem($input,...
[truncated message content] |
|
From: <mad...@us...> - 2007-11-19 04:33:56
|
Revision: 2686
http://selinux.svn.sourceforge.net/selinux/?rev=2686&view=rev
Author: madmethod
Date: 2007-11-18 20:33:54 -0800 (Sun, 18 Nov 2007)
Log Message:
-----------
merged revision 2638:HEAD from trunk
Revision Links:
--------------
http://selinux.svn.sourceforge.net/selinux/?rev=2638&view=rev
Modified Paths:
--------------
branches/policyrep/checkpolicy/ChangeLog
branches/policyrep/checkpolicy/VERSION
branches/policyrep/checkpolicy/parse_util.c
branches/policyrep/checkpolicy/policy_parse.y
branches/policyrep/checkpolicy/policy_scan.l
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/include/selinux/av_permissions.h
branches/policyrep/libselinux/include/selinux/avc.h
branches/policyrep/libselinux/include/selinux/flask.h
branches/policyrep/libselinux/include/selinux/label.h
branches/policyrep/libselinux/src/av_inherit.h
branches/policyrep/libselinux/src/av_perm_to_string.h
branches/policyrep/libselinux/src/avc.c
branches/policyrep/libselinux/src/avc_internal.c
branches/policyrep/libselinux/src/avc_internal.h
branches/policyrep/libselinux/src/class_to_string.h
branches/policyrep/libselinux/src/common_perm_to_string.h
branches/policyrep/libselinux/src/label_x.c
branches/policyrep/libselinux/src/stringrep.c
branches/policyrep/libsemanage/ChangeLog
branches/policyrep/libsemanage/VERSION
branches/policyrep/libsemanage/src/conf-parse.y
branches/policyrep/libsemanage/src/conf-scan.l
branches/policyrep/libsemanage/src/semanage_conf.h
branches/policyrep/libsemanage/src/semanage_store.c
branches/policyrep/libsepol/ChangeLog
branches/policyrep/libsepol/VERSION
branches/policyrep/libsepol/include/sepol/policydb/policydb.h
branches/policyrep/libsepol/include/sepol/policydb.h
branches/policyrep/libsepol/src/hierarchy.c
branches/policyrep/libsepol/src/policydb_public.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/scripts/Makefile
branches/policyrep/policycoreutils/semanage/seobject.py
branches/policyrep/policycoreutils/semodule/semodule.c
Added Paths:
-----------
branches/policyrep/policycoreutils/scripts/genhomedircon
Modified: branches/policyrep/checkpolicy/ChangeLog
===================================================================
--- branches/policyrep/checkpolicy/ChangeLog 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/checkpolicy/ChangeLog 2007-11-19 04:33:54 UTC (rev 2686)
@@ -1,3 +1,9 @@
+2.0.6 2007-11-15
+ * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source".
+
+2.0.5 2007-11-01
+ * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter.
+
2.0.4 2007-09-18
* Merged handle unknown policydb flag support from Eric Paris.
Adds new command line options -U {allow, reject, deny} for selecting
Modified: branches/policyrep/checkpolicy/VERSION
===================================================================
--- branches/policyrep/checkpolicy/VERSION 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/checkpolicy/VERSION 2007-11-19 04:33:54 UTC (rev 2686)
@@ -1 +1 @@
-2.0.4
+2.0.6
Modified: branches/policyrep/checkpolicy/parse_util.c
===================================================================
--- branches/policyrep/checkpolicy/parse_util.c 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/checkpolicy/parse_util.c 2007-11-19 04:33:54 UTC (rev 2686)
@@ -29,9 +29,9 @@
extern queue_t id_queue;
extern unsigned int policydb_errors;
extern unsigned long policydb_lineno;
-extern char source_file[];
extern policydb_t *policydbp;
extern int mlspol;
+extern void set_source_file(const char *name);
int read_source_policy(policydb_t * p, const char *file, const char *progname)
{
@@ -40,6 +40,7 @@
fprintf(stderr, "%s: unable to open %s\n", progname, file);
return -1;
}
+ set_source_file(file);
if ((id_queue = queue_create()) == NULL) {
fprintf(stderr, "%s: out of memory!\n", progname);
@@ -58,7 +59,7 @@
}
rewind(yyin);
init_parser(2);
- source_file[0] = '\0';
+ set_source_file(file);
yyrestart(yyin);
if (yyparse() || policydb_errors) {
fprintf(stderr,
Modified: branches/policyrep/checkpolicy/policy_parse.y
===================================================================
--- branches/policyrep/checkpolicy/policy_parse.y 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/checkpolicy/policy_parse.y 2007-11-19 04:33:54 UTC (rev 2686)
@@ -122,7 +122,7 @@
static int define_fs_context(unsigned int major, unsigned int minor);
static int define_port_context(unsigned int low, unsigned int high);
static int define_netif_context(void);
-static int define_ipv4_node_context(unsigned int addr, unsigned int mask);
+static int define_ipv4_node_context(void);
static int define_ipv6_node_context(void);
typedef int (* require_func_t)();
@@ -195,6 +195,7 @@
%token NUMBER
%token EQUALS
%token NOTEQUAL
+%token IPV4_ADDR
%token IPV6_ADDR
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
@@ -654,7 +655,7 @@
| node_contexts node_context_def
;
node_context_def : NODECON ipv4_addr_def ipv4_addr_def security_context_def
- {if (define_ipv4_node_context($2,$3)) return -1;}
+ {if (define_ipv4_node_context()) return -1;}
| NODECON ipv6_addr ipv6_addr security_context_def
{if (define_ipv6_node_context()) return -1;}
;
@@ -684,18 +685,9 @@
| GENFSCON identifier path security_context_def
{if (define_genfs_context(0)) return -1;}
;
-ipv4_addr_def : number '.' number '.' number '.' number
- {
- unsigned int addr;
- unsigned char *p = ((unsigned char *)&addr);
-
- p[0] = $1 & 0xff;
- p[1] = $3 & 0xff;
- p[2] = $5 & 0xff;
- p[3] = $7 & 0xff;
- $$ = addr;
- }
- ;
+ipv4_addr_def : IPV4_ADDR
+ { if (insert_id(yytext,0)) return -1; }
+ ;
security_context_def : identifier ':' identifier ':' identifier opt_mls_range_def
;
opt_mls_range_def : ':' mls_range_def
@@ -4184,27 +4176,63 @@
return 0;
}
-static int define_ipv4_node_context(unsigned int addr, unsigned int mask)
-{
+static int define_ipv4_node_context()
+{
+ char *id;
+ int rc = 0;
+ struct in_addr addr, mask;
ocontext_t *newc, *c, *l, *head;
if (pass == 1) {
+ free(queue_remove(id_queue));
+ free(queue_remove(id_queue));
parse_security_context(NULL);
- if (mlspol)
- free(queue_remove(id_queue));
- return 0;
+ goto out;
}
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv4 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET, id, &addr);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv4 address");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv4 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET, id, &mask);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv4 mask");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
newc = malloc(sizeof(ocontext_t));
if (!newc) {
yyerror("out of memory");
- return -1;
+ rc = -1;
+ goto out;
}
+
memset(newc, 0, sizeof(ocontext_t));
+ newc->u.node.addr = addr.s_addr;
+ newc->u.node.mask = mask.s_addr;
- newc->u.node.addr = addr;
- newc->u.node.mask = mask;
-
if (parse_security_context(&newc->context[0])) {
free(newc);
return -1;
@@ -4224,8 +4252,9 @@
l->next = newc;
else
policydbp->ocontexts[OCON_NODE] = newc;
-
- return 0;
+ rc = 0;
+out:
+ return rc;
}
static int define_ipv6_node_context(void)
Modified: branches/policyrep/checkpolicy/policy_scan.l
===================================================================
--- branches/policyrep/checkpolicy/policy_scan.l 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/checkpolicy/policy_scan.l 2007-11-19 04:33:54 UTC (rev 2686)
@@ -21,6 +21,7 @@
%{
#include <sys/types.h>
+#include <limits.h>
#include <stdint.h>
#include <string.h>
@@ -31,9 +32,10 @@
static char linebuf[2][255];
static unsigned int lno = 0;
int yywarn(char *msg);
-static int is_valid_identifier(char *id);
-char source_file[255];
+void set_source_file(const char *name);
+
+char source_file[PATH_MAX];
unsigned long source_lineno = 1;
unsigned long policydb_lineno = 1;
@@ -46,8 +48,8 @@
%array
letter [A-Za-z]
digit [0-9]
+alnum [a-zA-Z0-9]
hexval [0-9A-Fa-f]
-version [0-9]+(\.[A-Za-z0-9_.]*)?
%%
\n.* { strncpy(linebuf[lno], yytext+1, 255);
@@ -199,17 +201,14 @@
H1 { return(H1); }
h2 |
H2 { return(H2); }
-"/"({letter}|{digit}|_|"."|"-"|"/")* { return(PATH); }
-{letter}({letter}|{digit}|_|"."|"-")* { if (is_valid_identifier(yytext))
- return(IDENTIFIER);
- else
- REJECT;
- }
-{digit}{digit}* { return(NUMBER); }
-{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|":"|".")* { return(IPV6_ADDR); }
-{version}/([ \t\f]*;) { return(VERSION_IDENTIFIER); }
-#line[ ]1[ ]\"[^\n]*\" { source_lineno = 1; strncpy(source_file, yytext+9, 255); source_file[strlen(source_file)-1] = '\0'; }
-#line[ ]{digit}{digit}* { source_lineno = atoi(yytext+6)-1; }
+"/"({alnum}|[_.-/])* { return(PATH); }
+{letter}({alnum}|[_-])*([.]?({alnum}|[_-]))* { return(IDENTIFIER); }
+{digit}+ { return(NUMBER); }
+{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
+{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
+{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); }
+#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); }
+#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; }
#[^\n]* { /* delete comments */ }
[ \t\f]+ { /* delete whitespace */ }
"==" { return(EQUALS); }
@@ -264,16 +263,9 @@
return 0;
}
-static int is_valid_identifier(char *id) {
- if ((strrchr(id, '.')) != NULL) {
- if (strstr(id, "..") != NULL) {
- /* identifier has consecutive '.' */
- return 0;
- }
- if (id[strlen(id) - 1] == '.') {
- /* identifier ends in '.' */
- return 0;
- }
- }
- return 1;
+void set_source_file(const char *name)
+{
+ source_lineno = 1;
+ strncpy(source_file, name, sizeof(source_file)-1);
+ source_file[sizeof(source_file)-1] = '\0';
}
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/ChangeLog 2007-11-19 04:33:54 UTC (rev 2686)
@@ -1,3 +1,24 @@
+2.0.43 2007-11-15
+ * Regenerated Flask headers from policy.
+
+2.0.42 2007-11-08
+ * AVC enforcing mode override patch from Eamon Walsh.
+
+2.0.41 2007-11-06
+ * Aligned attributes in AVC netlink code from Eamon Walsh.
+
+2.0.40 2007-11-01
+ * Merged refactored AVC netlink code from Eamon Walsh.
+
+2.0.39 2007-10-19
+ * Merged new X label namespaces from Eamon Walsh.
+
+2.0.38 2007-10-15
+ * Bux fix and minor refactoring in string representation code.
+
+2.0.37 2007-10-05
+ * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
+
2.0.36 2007-09-27
* Fix segfault resulting from missing file_contexts file.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/VERSION 2007-11-19 04:33:54 UTC (rev 2686)
@@ -1 +1 @@
-2.0.36
+2.0.43
Modified: branches/policyrep/libselinux/include/selinux/av_permissions.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/av_permissions.h 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/include/selinux/av_permissions.h 2007-11-19 04:33:54 UTC (rev 2686)
@@ -47,6 +47,12 @@
#define COMMON_IPC__ASSOCIATE 0x00000040UL
#define COMMON_IPC__UNIX_READ 0x00000080UL
#define COMMON_IPC__UNIX_WRITE 0x00000100UL
+#define COMMON_DATABASE__CREATE 0x00000001UL
+#define COMMON_DATABASE__DROP 0x00000002UL
+#define COMMON_DATABASE__GETATTR 0x00000004UL
+#define COMMON_DATABASE__SETATTR 0x00000008UL
+#define COMMON_DATABASE__RELABELFROM 0x00000010UL
+#define COMMON_DATABASE__RELABELTO 0x00000020UL
#define FILESYSTEM__MOUNT 0x00000001UL
#define FILESYSTEM__REMOUNT 0x00000002UL
#define FILESYSTEM__UNMOUNT 0x00000004UL
@@ -928,3 +934,61 @@
#define DCCP_SOCKET__NODE_BIND 0x00400000UL
#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
#define MEMPROTECT__MMAP_ZERO 0x00000001UL
+#define DB_DATABASE__CREATE 0x00000001UL
+#define DB_DATABASE__DROP 0x00000002UL
+#define DB_DATABASE__GETATTR 0x00000004UL
+#define DB_DATABASE__SETATTR 0x00000008UL
+#define DB_DATABASE__RELABELFROM 0x00000010UL
+#define DB_DATABASE__RELABELTO 0x00000020UL
+#define DB_DATABASE__ACCESS 0x00000040UL
+#define DB_DATABASE__INSTALL_MODULE 0x00000080UL
+#define DB_DATABASE__LOAD_MODULE 0x00000100UL
+#define DB_DATABASE__GET_PARAM 0x00000200UL
+#define DB_DATABASE__SET_PARAM 0x00000400UL
+#define DB_TABLE__CREATE 0x00000001UL
+#define DB_TABLE__DROP 0x00000002UL
+#define DB_TABLE__GETATTR 0x00000004UL
+#define DB_TABLE__SETATTR 0x00000008UL
+#define DB_TABLE__RELABELFROM 0x00000010UL
+#define DB_TABLE__RELABELTO 0x00000020UL
+#define DB_TABLE__USE 0x00000040UL
+#define DB_TABLE__SELECT 0x00000080UL
+#define DB_TABLE__UPDATE 0x00000100UL
+#define DB_TABLE__INSERT 0x00000200UL
+#define DB_TABLE__DELETE 0x00000400UL
+#define DB_TABLE__LOCK 0x00000800UL
+#define DB_PROCEDURE__CREATE 0x00000001UL
+#define DB_PROCEDURE__DROP 0x00000002UL
+#define DB_PROCEDURE__GETATTR 0x00000004UL
+#define DB_PROCEDURE__SETATTR 0x00000008UL
+#define DB_PROCEDURE__RELABELFROM 0x00000010UL
+#define DB_PROCEDURE__RELABELTO 0x00000020UL
+#define DB_PROCEDURE__EXECUTE 0x00000040UL
+#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL
+#define DB_COLUMN__CREATE 0x00000001UL
+#define DB_COLUMN__DROP 0x00000002UL
+#define DB_COLUMN__GETATTR 0x00000004UL
+#define DB_COLUMN__SETATTR 0x00000008UL
+#define DB_COLUMN__RELABELFROM 0x00000010UL
+#define DB_COLUMN__RELABELTO 0x00000020UL
+#define DB_COLUMN__USE 0x00000040UL
+#define DB_COLUMN__SELECT 0x00000080UL
+#define DB_COLUMN__UPDATE 0x00000100UL
+#define DB_COLUMN__INSERT 0x00000200UL
+#define DB_TUPLE__RELABELFROM 0x00000001UL
+#define DB_TUPLE__RELABELTO 0x00000002UL
+#define DB_TUPLE__USE 0x00000004UL
+#define DB_TUPLE__SELECT 0x00000008UL
+#define DB_TUPLE__UPDATE 0x00000010UL
+#define DB_TUPLE__INSERT 0x00000020UL
+#define DB_TUPLE__DELETE 0x00000040UL
+#define DB_BLOB__CREATE 0x00000001UL
+#define DB_BLOB__DROP 0x00000002UL
+#define DB_BLOB__GETATTR 0x00000004UL
+#define DB_BLOB__SETATTR 0x00000008UL
+#define DB_BLOB__RELABELFROM 0x00000010UL
+#define DB_BLOB__RELABELTO 0x00000020UL
+#define DB_BLOB__READ 0x00000040UL
+#define DB_BLOB__WRITE 0x00000080UL
+#define DB_BLOB__IMPORT 0x00000100UL
+#define DB_BLOB__EXPORT 0x00000200UL
Modified: branches/policyrep/libselinux/include/selinux/avc.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/avc.h 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/include/selinux/avc.h 2007-11-19 04:33:54 UTC (rev 2686)
@@ -157,6 +157,15 @@
};
/*
+ * Available options
+ */
+
+/* no-op option, useful for unused slots in an array of options */
+#define AVC_OPT_UNUSED 0
+/* override kernel enforcing mode (boolean value) */
+#define AVC_OPT_SETENFORCE 1
+
+/*
* AVC operations
*/
@@ -188,7 +197,7 @@
*
* This function is identical to avc_init(), except the message prefix
* is set to "avc" and any callbacks desired should be specified via
- * selinux_set_callback(). No options are currently supported.
+ * selinux_set_callback(). Available options are listed above.
*/
int avc_open(struct selinux_opt *opts, unsigned nopts);
Modified: branches/policyrep/libselinux/include/selinux/flask.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/flask.h 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/include/selinux/flask.h 2007-11-19 04:33:54 UTC (rev 2686)
@@ -66,6 +66,12 @@
#define SECCLASS_CONTEXT 59
#define SECCLASS_DCCP_SOCKET 60
#define SECCLASS_MEMPROTECT 61
+#define SECCLASS_DB_DATABASE 62
+#define SECCLASS_DB_TABLE 63
+#define SECCLASS_DB_PROCEDURE 64
+#define SECCLASS_DB_COLUMN 65
+#define SECCLASS_DB_TUPLE 66
+#define SECCLASS_DB_BLOB 67
/*
* Security identifier indices for initial entities
Modified: branches/policyrep/libselinux/include/selinux/label.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/label.h 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/include/selinux/label.h 2007-11-19 04:33:54 UTC (rev 2686)
@@ -111,6 +111,8 @@
#define SELABEL_X_PROP 1
#define SELABEL_X_EXT 2
#define SELABEL_X_CLIENT 3
+#define SELABEL_X_EVENT 4
+#define SELABEL_X_SELN 5
#ifdef __cplusplus
Modified: branches/policyrep/libselinux/src/av_inherit.h
===================================================================
--- branches/policyrep/libselinux/src/av_inherit.h 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/src/av_inherit.h 2007-11-19 04:33:54 UTC (rev 2686)
@@ -1,32 +1,38 @@
/* This file is automatically generated. Do not edit. */
-S_(SECCLASS_DIR, file, 0x00020000UL)
- S_(SECCLASS_FILE, file, 0x00020000UL)
- S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
- S_(SECCLASS_CHR_FILE, file, 0x00020000UL)
- S_(SECCLASS_BLK_FILE, file, 0x00020000UL)
- S_(SECCLASS_SOCK_FILE, file, 0x00020000UL)
- S_(SECCLASS_FIFO_FILE, file, 0x00020000UL)
- S_(SECCLASS_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_IPC, ipc, 0x00000200UL)
- S_(SECCLASS_SEM, ipc, 0x00000200UL)
- S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
- S_(SECCLASS_SHM, ipc, 0x00000200UL)
- S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
- S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_DIR, file, 0x00020000UL)
+ S_(SECCLASS_FILE, file, 0x00020000UL)
+ S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_CHR_FILE, file, 0x00020000UL)
+ S_(SECCLASS_BLK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_SOCK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_FIFO_FILE, file, 0x00020000UL)
+ S_(SECCLASS_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_IPC, ipc, 0x00000200UL)
+ S_(SECCLASS_SEM, ipc, 0x00000200UL)
+ S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
+ S_(SECCLASS_SHM, ipc, 0x00000200UL)
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_DB_DATABASE, database, 0x00000040UL)
+ S_(SECCLASS_DB_TABLE, database, 0x00000040UL)
+ S_(SECCLASS_DB_PROCEDURE, database, 0x00000040UL)
+ S_(SECCLASS_DB_COLUMN, database, 0x00000040UL)
+ S_(SECCLASS_DB_BLOB, database, 0x00000040UL)
Modified: branches/policyrep/libselinux/src/av_perm_to_string.h
===================================================================
--- branches/policyrep/libselinux/src/av_perm_to_string.h 2007-11-15 18:43:55 UTC (rev 2685)
+++ branches/policyrep/libselinux/src/av_perm_to_string.h 2007-11-19 04:33:54 UTC (rev 2686)
@@ -1,269 +1,293 @@
/* This file is automatically generated. Do not edit. */
-S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
- S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
- S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
- S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
- S_(SECCLASS_DIR, DIR__SEARCH, "search")
- S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
- S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
- S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
- S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
- S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
- S_(SECCLASS_FD, FD__USE, "use")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
- S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
- S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
- S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
- S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
- S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
- S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
- S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
- S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
- S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
- S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
- S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
- S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
- S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
- S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
- S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
- S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
- S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
- S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
- S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
- S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
- S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
- S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
- S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
- S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
- S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
- S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
- S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
- S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
- S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
- S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
- S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
- S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
- S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
- S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
- S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
- S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
- S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
- S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
- S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
- S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
- S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
- S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
- S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
- S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
- S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate")
- S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
- S_(SECCLASS_MSG, MSG__SEND, "send")
- S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
- S_(SECCLASS_SHM, SHM__LOCK, "lock")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
- S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
- S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
- S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
- S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
- S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
- S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
- S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
- S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
- S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
- S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
- S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
- S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
- S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
- S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
- S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
- S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock")
- S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner")
- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module"...
[truncated message content] |
|
From: <mil...@us...> - 2008-01-09 15:49:09
|
Revision: 2728
http://selinux.svn.sourceforge.net/selinux/?rev=2728&view=rev
Author: millertc
Date: 2008-01-09 07:49:07 -0800 (Wed, 09 Jan 2008)
Log Message:
-----------
Merge from trunk, 2719-2727
Modified Paths:
--------------
branches/policyrep/Makefile
branches/policyrep/checkpolicy/Makefile
branches/policyrep/libselinux/src/Makefile
branches/policyrep/libselinux/utils/getdefaultcon.c
branches/policyrep/libsemanage/src/Makefile
branches/policyrep/libsemanage/src/conf-scan.l
branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h
branches/policyrep/libsepol/include/sepol/policydb/mls_types.h
branches/policyrep/libsepol/src/Makefile
branches/policyrep/libsepol/src/ebitmap.c
branches/policyrep/libsepol/src/genusers.c
branches/policyrep/libsepol/src/hierarchy.c
branches/policyrep/libsepol/utils/Makefile
branches/policyrep/policycoreutils/audit2why/audit2why.c
branches/policyrep/policycoreutils/newrole/newrole.c
branches/policyrep/policycoreutils/secon/Makefile
branches/policyrep/policycoreutils/semodule/semodule.c
branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c
branches/policyrep/policycoreutils/setfiles/Makefile
branches/policyrep/policycoreutils/setfiles/setfiles.c
Modified: branches/policyrep/Makefile
===================================================================
--- branches/policyrep/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -2,7 +2,7 @@
PYSUBDIRS=libselinux
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
Modified: branches/policyrep/checkpolicy/Makefile
===================================================================
--- branches/policyrep/checkpolicy/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/checkpolicy/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -8,7 +8,7 @@
INCLUDEDIR ?= $(PREFIX)/include
TARGETS = checkpolicy checkmodule
-CFLAGS ?= -g -Wall -O2 -pipe -fno-strict-aliasing
+CFLAGS ?= -g -Wall -Werror -O2 -pipe -fno-strict-aliasing
override CFLAGS += -I. -I${INCLUDEDIR}
Modified: branches/policyrep/libselinux/src/Makefile
===================================================================
--- branches/policyrep/libselinux/src/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libselinux/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -32,7 +32,7 @@
OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
RANLIB=ranlib
@@ -54,7 +54,7 @@
$(RANLIB) $@
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
Modified: branches/policyrep/libselinux/utils/getdefaultcon.c
===================================================================
--- branches/policyrep/libselinux/utils/getdefaultcon.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libselinux/utils/getdefaultcon.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -57,7 +57,7 @@
} else
cur_context = argv[optind + 1];
- if (getseuserbyname(user, &seuser, &dlevel)==0) {
+ if ((ret = getseuserbyname(user, &seuser, &dlevel)) == 0) {
if (! level) level=dlevel;
if (role != NULL && role[0])
ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
Modified: branches/policyrep/libsemanage/src/Makefile
===================================================================
--- branches/policyrep/libsemanage/src/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsemanage/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -10,7 +10,7 @@
DEFAULT_SEMANAGE_CONF_LOCATION=$(DESTDIR)/etc/selinux/semanage.conf
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
@@ -44,7 +44,7 @@
pywrap: all $(SWIGLOBJ) $(SWIGSO)
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
Modified: branches/policyrep/libsemanage/src/conf-scan.l
===================================================================
--- branches/policyrep/libsemanage/src/conf-scan.l 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsemanage/src/conf-scan.l 2008-01-09 15:49:07 UTC (rev 2728)
@@ -32,6 +32,7 @@
%}
%option stack prefix="semanage_"
+%option nounput noyy_push_state noyy_pop_state noyy_top_state
%x arg
Modified: branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h
===================================================================
--- branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h 2008-01-09 15:49:07 UTC (rev 2728)
@@ -73,12 +73,12 @@
#define ebitmap_for_each_bit(e, n, bit) \
for (bit = ebitmap_start(e, &n); bit < ebitmap_length(e); bit = ebitmap_next(&n, bit)) \
-extern int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_union(ebitmap_t * dst, ebitmap_t * e1);
-extern int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src);
-extern int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_get_bit(ebitmap_t * e, unsigned int bit);
+extern int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1);
+extern int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src);
+extern int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit);
extern int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value);
extern void ebitmap_destroy(ebitmap_t * e);
extern int ebitmap_read(ebitmap_t * e, void *fp);
Modified: branches/policyrep/libsepol/include/sepol/policydb/mls_types.h
===================================================================
--- branches/policyrep/libsepol/include/sepol/policydb/mls_types.h 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/include/sepol/policydb/mls_types.h 2008-01-09 15:49:07 UTC (rev 2728)
@@ -70,12 +70,12 @@
mls_level_init(level);
}
-static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2)
+static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
}
-static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
+static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
}
Modified: branches/policyrep/libsepol/src/Makefile
===================================================================
--- branches/policyrep/libsepol/src/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -10,7 +10,7 @@
LIBSO=$(TARGET).$(LIBVERSION)
OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I. -I../include -D_GNU_SOURCE
all: $(LIBA) $(LIBSO)
Modified: branches/policyrep/libsepol/src/ebitmap.c
===================================================================
--- branches/policyrep/libsepol/src/ebitmap.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/ebitmap.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -15,7 +15,7 @@
#include "debug.h"
#include "private.h"
-int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2, *new, *prev;
@@ -58,7 +58,7 @@
return 0;
}
-int ebitmap_union(ebitmap_t * dst, ebitmap_t * e1)
+int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1)
{
ebitmap_t tmp;
@@ -71,7 +71,7 @@
return 0;
}
-int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2;
@@ -92,7 +92,7 @@
return 1;
}
-int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src)
+int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
{
ebitmap_node_t *n, *new, *prev;
@@ -121,7 +121,7 @@
return 0;
}
-int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2;
@@ -148,7 +148,7 @@
return 1;
}
-int ebitmap_get_bit(ebitmap_t * e, unsigned int bit)
+int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit)
{
ebitmap_node_t *n;
Modified: branches/policyrep/libsepol/src/genusers.c
===================================================================
--- branches/policyrep/libsepol/src/genusers.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/genusers.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -117,17 +117,18 @@
} else
islist = 0;
+ oldc = 0;
do {
while (*p && isspace(*p))
p++;
if (!(*p))
- BADLINE();
+ break;
q = p;
while (*p && *p != ';' && *p != '}' && !isspace(*p))
p++;
if (!(*p))
- BADLINE();
+ break;
if (*p == '}')
islist = 0;
oldc = *p;
@@ -153,6 +154,8 @@
}
}
} while (islist);
+ if (oldc == 0)
+ BADLINE();
if (policydb->mls) {
context_struct_t context;
Modified: branches/policyrep/libsepol/src/hierarchy.c
===================================================================
--- branches/policyrep/libsepol/src/hierarchy.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/hierarchy.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -129,7 +129,7 @@
avtab_key_t key;
avtab_datum_t *avdatump;
hierarchy_args_t *a;
- uint32_t av;
+ uint32_t av = 0;
type_datum_t *t = NULL, *t2 = NULL;
if (!(k->specified & AVTAB_ALLOWED)) {
@@ -163,8 +163,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
@@ -201,8 +200,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
@@ -227,8 +225,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
Modified: branches/policyrep/libsepol/utils/Makefile
===================================================================
--- branches/policyrep/libsepol/utils/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/utils/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -2,7 +2,7 @@
PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
-CFLAGS ?= -Wall
+CFLAGS ?= -Wall -Werror
override CFLAGS += -I../include
LDLIBS += -L../src -lsepol
Modified: branches/policyrep/policycoreutils/audit2why/audit2why.c
===================================================================
--- branches/policyrep/policycoreutils/audit2why/audit2why.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/audit2why/audit2why.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -28,7 +28,7 @@
char *buffer = NULL, *bufcopy = NULL;
unsigned int lineno = 0;
size_t len = 0, bufcopy_len = 0;
- FILE *fp;
+ FILE *fp = NULL;
int opt, rc, set_path = 0;
char *p, *scon, *tcon, *tclassstr, *permstr;
sepol_security_id_t ssid, tsid;
Modified: branches/policyrep/policycoreutils/newrole/newrole.c
===================================================================
--- branches/policyrep/policycoreutils/newrole/newrole.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/newrole/newrole.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -1216,13 +1216,13 @@
* since we are doing cleanup which needs to be done.
* We can exit with a bad rc though
*/
- int rc;
+ pid_t pid;
int exit_code = 0;
int status;
do {
- rc = wait(&status);
- } while (rc < 0 && errno == EINTR);
+ pid = wait(&status);
+ } while (pid < 0 && errno == EINTR);
/* Preserve child exit status, unless there is another error. */
if (WIFEXITED(status))
Modified: branches/policyrep/policycoreutils/secon/Makefile
===================================================================
--- branches/policyrep/policycoreutils/secon/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/secon/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= ${PREFIX}/lib
-WARNS=-W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
+WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
Modified: branches/policyrep/policycoreutils/semodule/semodule.c
===================================================================
--- branches/policyrep/policycoreutils/semodule/semodule.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/semodule/semodule.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -339,8 +339,8 @@
for (i = 0; i < num_commands; i++) {
enum client_modes mode = commands[i].mode;
char *mode_arg = commands[i].arg;
- char *data;
- size_t data_len;
+ char *data = NULL;
+ size_t data_len = 0;
if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
if ((data_len = map_file(mode_arg, &data)) == 0) {
fprintf(stderr,
Modified: branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c
===================================================================
--- branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -139,7 +139,7 @@
* of the policy.
* - levels / cats: can't be required or used in modules.
*/
-static int generate_requires(policydb_t * p, hashtab_t * r)
+static hashtab_t generate_requires(policydb_t * p)
{
avrule_block_t *block;
avrule_decl_t *decl;
@@ -154,7 +154,7 @@
mods = hashtab_create(reqsymhash, reqsymcmp, 64);
if (mods == NULL)
- return -1;
+ return NULL;
for (block = p->global; block != NULL; block = block->next) {
if (block->flags & AVRULE_OPTIONAL)
@@ -196,14 +196,14 @@
reqsymcmp,
64);
if (reqs == NULL) {
- return -1;
+ return NULL;
}
ret =
hashtab_insert(mods,
mod_name,
reqs);
if (ret != SEPOL_OK)
- return ret;
+ return NULL;
}
ret =
hashtab_insert(reqs, req_name,
@@ -211,16 +211,14 @@
if (!
(ret == SEPOL_EEXIST
|| ret == SEPOL_OK))
- return -1;
+ return NULL;
}
}
}
}
- *r = mods;
-
- return 0;
+ return mods;
}
static void free_requires(hashtab_t req)
@@ -323,6 +321,7 @@
int verbose = 0, exclude_base = 1, command = SHOW_DEPS;
char *basename;
sepol_module_package_t *base, **mods;
+ policydb_t *p;
hashtab_t req;
while ((ch = getopt(argc, argv, "vgb")) != EOF) {
@@ -383,10 +382,14 @@
exit(1);
}
- if (generate_requires
- ((policydb_t *) sepol_module_package_get_policy(base), &req) < 0)
+ p = (policydb_t *) sepol_module_package_get_policy(base);
+ if (p == NULL)
exit(1);
+ req = generate_requires(p);
+ if (req == NULL)
+ exit(1);
+
if (command == SHOW_DEPS)
output_requirements(req, exclude_base, stdout);
else
Modified: branches/policyrep/policycoreutils/setfiles/Makefile
===================================================================
--- branches/policyrep/policycoreutils/setfiles/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/setfiles/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -6,7 +6,7 @@
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-CFLAGS = -Werror -Wall -W
+CFLAGS = -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64 -I$(PREFIX)/include
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
Modified: branches/policyrep/policycoreutils/setfiles/setfiles.c
===================================================================
--- branches/policyrep/policycoreutils/setfiles/setfiles.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/setfiles/setfiles.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -53,7 +53,7 @@
static int quiet = 0;
static int ignore_enoent;
static int verbose = 0;
-static int log = 0;
+static int logging = 0;
static int warn_no_match = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
@@ -519,7 +519,7 @@
}
}
- if (log && !user_only_changed) {
+ if (logging && !user_only_changed) {
if (context)
syslog(LOG_INFO, "relabeling %s from %s to %s\n",
my_file, context, newcon);
@@ -858,7 +858,7 @@
ignore_enoent = 1;
break;
case 'l':
- log = 1;
+ logging = 1;
break;
case 'F':
force = 1;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-01-28 18:46:48
|
Revision: 2769
http://selinux.svn.sourceforge.net/selinux/?rev=2769&view=rev
Author: madmethod
Date: 2008-01-28 10:46:46 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
various cleanups, remove Makefile targets that don't yet build
Add base class for symbols
remove policy_package and xar dependancies
fix operator = calls to return pointer
add negset to idset
remove unused init/copy methods
Modified Paths:
--------------
branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp
branches/policyrep/libpolicyrep/include/policyrep/idset.hpp
branches/policyrep/libpolicyrep/include/policyrep/mls.hpp
branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp
branches/policyrep/libpolicyrep/include/policyrep/optional.hpp
branches/policyrep/libpolicyrep/include/policyrep/parse.hpp
branches/policyrep/libpolicyrep/include/policyrep/policy.hpp
branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp
branches/policyrep/libpolicyrep/include/policyrep/rule.hpp
branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp
branches/policyrep/libpolicyrep/include/policyrep/user.hpp
branches/policyrep/libpolicyrep/src/conditional.cpp
branches/policyrep/libpolicyrep/src/idset.cpp
branches/policyrep/libpolicyrep/src/mls.cpp
branches/policyrep/libpolicyrep/src/object_class.cpp
branches/policyrep/libpolicyrep/src/optional.cpp
branches/policyrep/libpolicyrep/src/parse.cpp
branches/policyrep/libpolicyrep/src/policy.cpp
branches/policyrep/libpolicyrep/src/policy_base.cpp
branches/policyrep/libpolicyrep/src/policyrep_python.cpp
branches/policyrep/libpolicyrep/src/rbac.cpp
branches/policyrep/libpolicyrep/src/rule.cpp
branches/policyrep/libpolicyrep/src/te_decl.cpp
branches/policyrep/libpolicyrep/src/user.cpp
branches/policyrep/policycoreutils/Makefile
branches/policyrep/policycoreutils/semodule_package/Makefile
Modified: branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/conditional.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __conditional_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
#include <list>
@@ -39,22 +40,19 @@
*/
struct CondBoolImpl;
- class CondBool : public Node
+ class CondBool : public Symbol
{
public:
CondBool();
CondBool(const std::string& name, bool v);
CondBool(const CondBool& other);
virtual ~CondBool();
- virtual void operator=(const CondBool& other);
+ virtual CondBool& operator=(const CondBool& other);
- virtual void set_name(const std::string& name);
- virtual const std::string& get_name() const;
virtual void set_default_value(bool v);
virtual bool get_default_value() const;
protected:
- void copy(const CondBool& other);
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
CondBoolImpl* impl;
};
@@ -76,7 +74,7 @@
CondOp(Op op);
CondOp(const CondOp& other);
virtual ~CondOp();
- virtual void operator=(const CondOp& other);
+ virtual CondOp& operator=(const CondOp& other);
virtual void set_op(Op op);
virtual Op get_op() const;
@@ -114,9 +112,8 @@
CondBlock(CondBranchPtr if_, CondBranchPtr else_);
CondBlock(const CondBlock& other);
virtual ~CondBlock();
- virtual void operator=(const CondBlock& other);
+ virtual CondBlock& operator=(const CondBlock& other);
protected:
- void copy(const CondBlock& other);
CondBlockImpl* impl;
};
@@ -131,7 +128,7 @@
CondBranch();
CondBranch(const CondBranch& other);
virtual ~CondBranch();
- virtual void operator=(const CondBranch& other);
+ virtual CondBranch& operator=(const CondBranch& other);
virtual CondExpr& expr();
protected:
Modified: branches/policyrep/libpolicyrep/include/policyrep/idset.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/idset.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/idset.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -6,6 +6,7 @@
#include <policyrep/policy_base.hpp>
#include <set>
+#include <algorithm>
namespace policyrep
{
@@ -15,16 +16,31 @@
public:
IdSet();
IdSet(const IdSet& other);
+ template<typename I>
+ IdSet(bool comp, I sids, I eids){
+ init();
+ set_compl(comp);
+ ids().insert(sids, eids);
+ }
+ template<typename I>
+ IdSet(bool comp, I sids, I eids, I snids, I enids){
+ init();
+ set_compl(comp);
+ ids().insert(sids, eids);
+ neg_ids().insert(snids, enids);
+ }
~IdSet();
- void operator=(const IdSet& other);
+ IdSet& operator=(const IdSet& other);
void set_compl(bool val);
bool get_compl() const;
StringSet& ids();
+ StringSet& neg_ids();
protected:
+ IdSetImpl* impl;
+ private:
void init();
- IdSetImpl* impl;
};
Modified: branches/policyrep/libpolicyrep/include/policyrep/mls.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/mls.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/mls.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __mls_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,14 +14,14 @@
//
struct SensitivityImpl;
- class Sensitivity : public Node
+ class Sensitivity : public Symbol
{
public:
Sensitivity();
Sensitivity(const std::string& name);
Sensitivity(const Sensitivity& other);
virtual ~Sensitivity();
- virtual void operator=(const Sensitivity& other);
+ virtual Sensitivity& operator=(const Sensitivity& other);
template<class T>
Sensitivity(const std::string& name, T begin, T end)
@@ -30,14 +31,12 @@
aliases().insert(begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& aliases();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
SensitivityImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Sensitivity> SensitivityPtr;
@@ -52,7 +51,7 @@
Dominance();
Dominance(const Dominance& other);
virtual ~Dominance();
- virtual void operator=(const Dominance& other);
+ virtual Dominance& operator=(const Dominance& other);
template<class T>
Dominance(T begin, T end)
@@ -64,8 +63,9 @@
virtual StringVector& ordering();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
DominanceImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Dominance> DominancePtr;
@@ -74,14 +74,14 @@
//
struct CategoryImpl;
- class Category : public Node
+ class Category : public Symbol
{
public:
Category();
Category(const std::string& name);
Category(const Category& other);
virtual ~Category();
- virtual void operator=(const Category& other);
+ virtual Category& operator=(const Category& other);
template<class T>
Category(const std::string& name, T begin, T end)
@@ -91,13 +91,11 @@
aliases().insert(begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& aliases();
protected:
- virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
+ private:
void init();
+ virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
CategoryImpl* impl;
};
typedef boost::shared_ptr<Category> CategoryPtr;
@@ -107,14 +105,14 @@
//
struct LevelImpl;
- class Level : public Node
+ class Level : public Symbol
{
public:
Level();
Level(const std::string& name);
Level(const Level& other);
virtual ~Level();
- virtual void operator=(const Level& other);
+ virtual Level& operator=(const Level& other);
template<class T>
Level(const std::string& name, T begin, T end)
@@ -124,15 +122,13 @@
categories().insert(begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& categories();
virtual void do_output_brief(std::ostream& o, const OutputFormatter& op) const;
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
LevelImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Level> LevelPtr;
@@ -153,10 +149,9 @@
virtual const LevelPtr& get_high() const;
virtual LevelPtr& get_low();
virtual LevelPtr& get_high();
- virtual void operator=(const Range& other);
+ virtual Range& operator=(const Range& other);
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
protected:
- void init();
RangeImpl* impl;
};
typedef boost::shared_ptr<Range> RangePtr;
Modified: branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/object_class.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __object_class_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,13 +14,13 @@
//
struct CommonPermsImpl;
- class CommonPerms : public Node
+ class CommonPerms : public Symbol
{
public:
CommonPerms();
CommonPerms(const CommonPerms& other);
virtual ~CommonPerms();
- virtual void operator=(const CommonPerms& other);
+ virtual CommonPerms& operator=(const CommonPerms& other);
template<class T>
CommonPerms(const std::string& name, T perms_begin, T perms_end)
@@ -29,15 +30,13 @@
perms().insert(perms_begin, perms_end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
virtual StringSet& perms();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const CommonPerms& other);
CommonPermsImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<CommonPerms> CommonPermsPtr;
@@ -46,14 +45,15 @@
//
struct ObjectClassImpl;
- class ObjectClass : public Node
+ class ObjectClass : public Symbol
{
public:
ObjectClass();
+ ObjectClass(const std::string& name);
ObjectClass(const std::string& name, const std::string& commons);
ObjectClass(const ObjectClass& other);
virtual ~ObjectClass();
- virtual void operator=(const ObjectClass& other);
+ virtual ObjectClass& operator=(const ObjectClass& other);
template<class T>
ObjectClass(std::string name, std::string commons,
@@ -65,21 +65,18 @@
perms().insert(perms_begin, perms_end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
virtual StringSet& perms();
virtual const std::string& get_common_perms() const;
virtual void set_common_perms(const std::string& name);
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const ObjectClass& other);
ObjectClassImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<ObjectClass> ObjectClassPtr;
-
} // namespace policyrep
#endif
Modified: branches/policyrep/libpolicyrep/include/policyrep/optional.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/optional.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/optional.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -19,9 +19,8 @@
OptionalBlock(OptionalBranchPtr true_);
OptionalBlock(OptionalBranchPtr true_, OptionalBranchPtr false_);
virtual ~OptionalBlock();
- virtual void operator=(const OptionalBlock& other);
+ virtual OptionalBlock& operator=(const OptionalBlock& other);
protected:
- void copy(const OptionalBlock& other);
OptionalBlockImpl* impl;
};
typedef boost::shared_ptr<OptionalBlock> OptionalBlockPtr;
@@ -33,60 +32,13 @@
OptionalBranch();
OptionalBranch(const OptionalBranch& other);
virtual ~OptionalBranch();
- virtual void operator=(const OptionalBranch& other);
+ virtual OptionalBranch& operator=(const OptionalBranch& other);
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const OptionalBranch& other);
OptionalBranchImpl* impl;
};
} // namespace policyrep
#endif
-/* Author: Karl MacMillan <kma...@me...> */
-
-#ifndef __optional_hpp__
-#define __optional_hpp__
-
-#include <policyrep/policy_base.hpp>
-
-namespace policyrep
-{
- class OptionalBranch;
- typedef boost::shared_ptr<OptionalBranch> OptionalBranchPtr;
-
- struct OptionalBlockImpl;
- class OptionalBlock : public PolicyBlock
- {
- public:
- OptionalBlock();
- OptionalBlock(const OptionalBlock& other);
- OptionalBlock(OptionalBranchPtr true_);
- OptionalBlock(OptionalBranchPtr true_, OptionalBranchPtr false_);
- virtual ~OptionalBlock();
- virtual void operator=(const OptionalBlock& other);
- protected:
- void copy(const OptionalBlock& other);
- OptionalBlockImpl* impl;
- };
- typedef boost::shared_ptr<OptionalBlock> OptionalBlockPtr;
-
- struct OptionalBranchImpl;
- class OptionalBranch : public PolicyBranch
- {
- public:
- OptionalBranch();
- OptionalBranch(const OptionalBranch& other);
- virtual ~OptionalBranch();
- virtual void operator=(const OptionalBranch& other);
-
- protected:
- virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const OptionalBranch& other);
- OptionalBranchImpl* impl;
- };
-
-} // namespace policyrep
-
-#endif
Modified: branches/policyrep/libpolicyrep/include/policyrep/parse.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/parse.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/parse.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -18,7 +18,7 @@
Parser();
Parser(const Parser& other);
virtual ~Parser();
- virtual void operator=(const Parser& other);
+ virtual Parser& operator=(const Parser& other);
// Parser
virtual ModulePtr parse(const std::string& f);
Modified: branches/policyrep/libpolicyrep/include/policyrep/policy.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -12,6 +12,7 @@
#include <policyrep/user.hpp>
#include <policyrep/mls.hpp>
#include <policyrep/optional.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -27,13 +28,12 @@
Policy(bool mls=false);
Policy(const Policy& other);
virtual ~Policy();
- virtual void operator=(const Policy& other);
+ virtual Policy& operator=(const Policy& other);
virtual bool get_mls() const;
virtual void set_mls(bool val);
virtual bool ignore_indent() const;
protected:
- void copy(const Policy& other);
PolicyImpl* impl;
};
typedef boost::shared_ptr<Policy> PolicyPtr;
@@ -49,7 +49,7 @@
Module(const std::string& name, const std::string& version);
Module(const Module& other);
virtual ~Module();
- virtual void operator=(const Module& other);
+ virtual Module& operator=(const Module& other);
virtual const std::string& get_name() const;
virtual void set_name(const std::string& name);
@@ -59,7 +59,6 @@
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const Module& other);
ModuleImpl* impl;
};
typedef boost::shared_ptr<Module> ModulePtr;
@@ -69,21 +68,17 @@
//
struct InitialSidImpl;
- class InitialSid : public Node
+ class InitialSid : public Symbol
{
public:
InitialSid();
InitialSid(const std::string& name);
InitialSid(const InitialSid& other);
virtual ~InitialSid();
- virtual void operator=(const InitialSid& other);
+ virtual InitialSid& operator=(const InitialSid& other);
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const InitialSid& other);
InitialSidImpl* impl;
};
typedef boost::shared_ptr<InitialSid> InitialSidPtr;
Modified: branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -82,7 +82,7 @@
OutputFormatter();
OutputFormatter(const OutputFormatter& other);
~OutputFormatter();
- void operator=(const OutputFormatter& other);
+ OutputFormatter& operator=(const OutputFormatter& other);
OutputFormatter& operator()(const Node& n, bool end=false);
OutputFormatter& operator()(NodePtr n, bool end=false);
@@ -117,7 +117,7 @@
Node();
Node(const Node& other);
virtual ~Node();
- virtual void operator=(const Node& other);
+ virtual Node& operator=(const Node& other);
virtual void set_parent(Parent* p);
virtual Parent* get_parent() const;
@@ -132,7 +132,6 @@
protected:
virtual void output_indentation(std::ostream& o, const OutputFormatter& op) const;
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void copy(const Node& other);
NodeImpl* node_impl;
static const int VISITED = 1;
};
@@ -153,7 +152,7 @@
explicit TreeIterator(Parent* n, enum Strategy strategy=POSTORDER);
TreeIterator(const TreeIterator& other);
virtual ~TreeIterator();
- void operator=(const TreeIterator& other);
+ TreeIterator& operator=(const TreeIterator& other);
bool get_visited() const;
private:
friend class boost::iterator_core_access;
@@ -177,7 +176,7 @@
Parent();
Parent(const Parent& other);
virtual ~Parent();
- virtual void operator=(const Parent& other);
+ virtual Parent& operator=(const Parent& other);
typedef TreeIterator iterator;
virtual void append_child(NodePtr Node);
@@ -197,7 +196,6 @@
virtual bool ignore_indent() const;
protected:
- void copy(const Parent& other);
ParentImpl* parent_impl;
};
typedef boost::shared_ptr<Parent> ParentPtr;
@@ -223,7 +221,7 @@
PolicyBlock(PolicyBranchPtr true_, PolicyBranchPtr false_);
PolicyBlock(const PolicyBlock& other);
virtual ~PolicyBlock();
- virtual void operator=(const PolicyBlock& other);
+ virtual PolicyBlock& operator=(const PolicyBlock& other);
virtual void append_child(PolicyBranchPtr node);
@@ -235,7 +233,6 @@
virtual void set_false(PolicyBranchPtr branch);
virtual bool ignore_indent() const;
protected:
- void copy(const PolicyBlock& other);
PolicyBlockImpl* block_impl;
};
@@ -250,12 +247,11 @@
PolicyBranch();
PolicyBranch(const PolicyBranch& other);
virtual ~PolicyBranch();
- virtual void operator=(const PolicyBranch& other);
+ virtual PolicyBranch& operator=(const PolicyBranch& other);
virtual void set_isfalse(bool v);
virtual bool get_isfalse() const;
protected:
- void copy(const PolicyBranch& other);
PolicyBranchImpl* branch_impl;
};
Modified: branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/rbac.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __role_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,14 +14,14 @@
//
struct RoleImpl;
- class Role : public Node
+ class Role : public Symbol
{
public:
Role();
Role(const std::string& name);
Role(const Role& other);
virtual ~Role();
- virtual void operator=(const Role& other);
+ virtual Role& operator=(const Role& other);
template<class T>
Role(const std::string& name, T types_begin, T end)
@@ -30,14 +31,12 @@
types().insert(types_begin, end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& types();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
RoleImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Role> RolePtr;
Modified: branches/policyrep/libpolicyrep/include/policyrep/rule.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/rule.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/rule.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -21,7 +21,7 @@
AVRule(Type type=ALLOW);
AVRule(const AVRule& other);
virtual ~AVRule();
- virtual void operator=(const AVRule& other);
+ virtual AVRule& operator=(const AVRule& other);
virtual void set_type(Type type);
virtual Type get_type() const;
@@ -33,8 +33,6 @@
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const AVRule& other);
AVRuleImpl* impl;
};
@@ -50,7 +48,7 @@
TypeRule(Type type=TRANSITION);
TypeRule(const TypeRule& other);
virtual ~TypeRule();
- virtual void operator=(const TypeRule& other);
+ virtual TypeRule& operator=(const TypeRule& other);
virtual void set_type(Type type);
virtual Type get_type() const;
@@ -63,8 +61,6 @@
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- void copy(const TypeRule& other);
TypeRuleImpl* impl;
};
Modified: branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/te_decl.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -4,6 +4,7 @@
#define __te_decl_hpp__
#include <policyrep/policy_base.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -13,14 +14,14 @@
//
struct TypeImpl;
- class Type : public Node
+ class Type : public Symbol
{
public:
Type();
Type(const std::string& name);
Type(const Type& other);
virtual ~Type();
- virtual void operator=(const Type& other);
+ virtual Type& operator=(const Type& other);
template<class T>
Type(const std::string& name, T attrs_begin, T end)
@@ -40,16 +41,13 @@
aliases().insert(aliases_begin, aliases_end);
}
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
-
virtual StringSet& aliases();
virtual StringSet& attributes();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- virtual void copy(const Type& other);
TypeImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<Type> TypePtr;
@@ -58,20 +56,17 @@
//
struct AttributeImpl;
- class Attribute : public Node
+ class Attribute : public Symbol
{
public:
Attribute();
Attribute(const std::string& name);
Attribute(const Attribute& other);
virtual ~Attribute();
- virtual void operator=(const Attribute& other);
+ virtual Attribute& operator=(const Attribute& other);
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- virtual void copy(const Attribute& other);
AttributeImpl* impl;
};
typedef boost::shared_ptr<Attribute> AttributePtr;
@@ -87,7 +82,7 @@
TypeAttribute();
TypeAttribute(const TypeAttribute& other);
virtual ~TypeAttribute();
- virtual void operator=(const TypeAttribute& other);
+ virtual TypeAttribute& operator=(const TypeAttribute& other);
template<class T>
TypeAttribute(const std::string& name, T attrs_begin,
@@ -103,9 +98,9 @@
virtual StringSet& attributes();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- virtual void copy(const TypeAttribute& other);
TypeAttributeImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<TypeAttribute> TypeAttributePtr;
@@ -120,7 +115,7 @@
TypeAlias();
TypeAlias(const TypeAlias& other);
virtual ~TypeAlias();
- virtual void operator=(const TypeAlias& other);
+ virtual TypeAlias& operator=(const TypeAlias& other);
template<class T>
TypeAlias(const std::string& name, T attrs_begin,
@@ -136,13 +131,12 @@
virtual StringSet& aliases();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
- virtual void copy(const TypeAlias& other);
TypeAliasImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<TypeAlias> TypeAliasPtr;
-
} // namespace policyrep
#endif
Modified: branches/policyrep/libpolicyrep/include/policyrep/user.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/user.hpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/include/policyrep/user.hpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -5,6 +5,7 @@
#include <policyrep/policy_base.hpp>
#include <policyrep/mls.hpp>
+#include <policyrep/symbol.hpp>
namespace policyrep
{
@@ -14,14 +15,14 @@
//
struct UserImpl;
- class User : public Node
+ class User : public Symbol
{
public:
User();
User(const std::string& name);
User(const User& other);
virtual ~User();
- virtual void operator=(const User& other);
+ virtual User& operator=(const User& other);
template<class T>
User(const std::string& name, T roles_begin, T end)
@@ -43,9 +44,6 @@
set_range_high(high);
}
-
- virtual const std::string& get_name() const;
- virtual void set_name(const std::string& name);
virtual void set_level(LevelPtr level);
virtual void set_range_low(LevelPtr low);
virtual void set_range_high(LevelPtr high);
@@ -54,8 +52,9 @@
virtual StringSet& roles();
protected:
virtual void do_output(std::ostream& o, const OutputFormatter& op) const;
- void init();
UserImpl* impl;
+ private:
+ void init();
};
typedef boost::shared_ptr<User> UserPtr;
Modified: branches/policyrep/libpolicyrep/src/conditional.cpp
===================================================================
--- branches/policyrep/libpolicyrep/src/conditional.cpp 2008-01-28 13:45:06 UTC (rev 2768)
+++ branches/policyrep/libpolicyrep/src/conditional.cpp 2008-01-28 18:46:46 UTC (rev 2769)
@@ -33,25 +33,23 @@
struct CondBoolImpl
{
- std::string name;
bool default_value;
};
- CondBool::CondBool() : impl(new CondBoolImpl)
+ CondBool::CondBool() : Symbol(), impl(new CondBoolImpl)
{
}
CondBool::CondBool(const std::string& name, bool v)
- : impl(new CondBoolImpl)
+ :Symbol(name), impl(new CondBoolImpl)
{
- impl->name = name;
impl->default_value = v;
}
- CondBool::CondBool(const CondBool& other) : Node(), impl(new CondBoolImpl)
+ CondBool::CondBool(const CondBool& other) : Symbol(other), impl(new CondBoolImpl)
{
- copy(other);
+ *impl = *other.impl;
}
CondBool::~CondBool()
@@ -59,21 +57,13 @@
delete impl;
}
- void CondBool::operator=(const CondBool& other)
+ CondBool& CondBool::operator=(const CondBool& other)
{
- copy(other);
+ Symbol::operator=(other);
+ *impl = *other.impl;
+ return *this;
}
- void CondBool::set_name(const std::string& name)
- {
- impl->name = name;
- }
-
- const std::string& CondBool::get_name() const
- {
- return impl->name;
- }
-
void CondBool::set_default_value(bool v)
{
impl->default_value = v;
@@ -86,19 +76,13 @@
void CondBool::do_output(std::ostream& o, const OutputFormatter& op) const
{
- o << "bool " << impl->name << " ";
+ o << "bool " << get_name() << " ";
...
[truncated message content] |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X