Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2008-01-23 20:51:59
|
Revision: 2743
http://selinux.svn.sourceforge.net/selinux/?rev=2743&view=rev
Author: ssmalley
Date: 2008-01-23 12:51:55 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Various cleanups, e.g. use the exported data structures and interfaces to the extent that we
can even if we still have to use some private structures and interfaces from libsepol, and
minimize pointer casting. Fix some incorrect types and casting as well.
Modified Paths:
--------------
trunk/libselinux/src/audit2why.c
Modified: trunk/libselinux/src/audit2why.c
===================================================================
--- trunk/libselinux/src/audit2why.c 2008-01-23 20:25:18 UTC (rev 2742)
+++ trunk/libselinux/src/audit2why.c 2008-01-23 20:51:55 UTC (rev 2743)
@@ -33,7 +33,7 @@
struct avc_t {
sepol_handle_t *handle;
- policydb_t policydb;
+ sepol_policydb_t *policydb;
sepol_security_id_t ssid;
sepol_security_id_t tsid;
sepol_security_class_t tclass;
@@ -47,15 +47,14 @@
static int load_booleans(const sepol_bool_t * boolean,
void *arg __attribute__ ((__unused__)))
{
- boollist[boolcnt] =
- (struct boolean_t *)malloc(sizeof(struct boolean_t));
+ boollist[boolcnt] = malloc(sizeof(struct boolean_t));
boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean));
boollist[boolcnt]->active = sepol_bool_get_value(boolean);
boolcnt++;
return 0;
}
-static int check_booleans(struct avc_t *avc, struct boolean_t ***bools)
+static int check_booleans(struct avc_t *avc, struct boolean_t **bools)
{
char errormsg[PATH_MAX];
struct sepol_av_decision avd;
@@ -80,7 +79,7 @@
break;
}
rc = sepol_bool_query(avc->handle,
- (sepol_policydb_t *) & avc->policydb,
+ avc->policydb,
key, &boolean);
if (rc < 0) {
@@ -93,7 +92,7 @@
sepol_bool_set_value(boolean, !active);
rc = sepol_bool_set(avc->handle,
- (sepol_policydb_t *) & avc->policydb,
+ avc->policydb,
key, boolean);
if (rc < 0) {
snprintf(errormsg, sizeof(errormsg),
@@ -117,11 +116,10 @@
foundlist[fcnt] = i;
fcnt++;
}
- sepol_bool_set_value((sepol_bool_t *) boolean, active);
+ sepol_bool_set_value(boolean, active);
rc = sepol_bool_set(avc->handle,
- (sepol_policydb_t *) & avc->
- policydb, key,
- (sepol_bool_t *) boolean);
+ avc->policydb, key,
+ boolean);
if (rc < 0) {
snprintf(errormsg, sizeof(errormsg),
"Could not set boolean data %s.\n",
@@ -143,9 +141,8 @@
sepol_bool_free(boolean);
if (fcnt > 0) {
- *bools = (struct boolean_t **)
- calloc(sizeof(struct boolean_t), fcnt + 1);
- struct boolean_t *b = (struct boolean_t *) *bools;
+ *bools = calloc(sizeof(struct boolean_t), fcnt + 1);
+ struct boolean_t *b = *bools;
for (i = 0; i < fcnt; i++) {
int ctr = foundlist[i];
b[i].name = strdup(boollist[ctr]->name);
@@ -168,7 +165,7 @@
free(boollist);
sepol_sidtab_shutdown(&sidtab);
sepol_sidtab_destroy(&sidtab);
- policydb_destroy(&avc->policydb);
+ sepol_policydb_free(avc->policydb);
sepol_handle_destroy(avc->handle);
free(avc);
avc = NULL;
@@ -188,7 +185,7 @@
int vers = 0;
char path[PATH_MAX];
char errormsg[PATH_MAX];
- struct policy_file pf;
+ struct sepol_policy_file *pf = NULL;
int rc;
unsigned int cnt;
@@ -236,18 +233,18 @@
}
/* Set up a policydb directly so that we can mutate it later
- for booleans and user settings. Otherwise we would just use
- sepol_set_policydb_from_file() here. */
- pf.fp = fp;
- pf.type = PF_USE_STDIO;
- if (policydb_init(&avc->policydb)) {
+ for testing what booleans might have allowed the access.
+ Otherwise, we'd just use sepol_set_policydb_from_file() here. */
+ if (sepol_policy_file_create(&pf) ||
+ sepol_policydb_create(&avc->policydb)) {
snprintf(errormsg, sizeof(errormsg),
"policydb_init failed: %s\n", strerror(errno));
PyErr_SetString( PyExc_RuntimeError, errormsg);
fclose(fp);
return 1;
}
- if (policydb_read(&avc->policydb, &pf, 0)) {
+ sepol_policy_file_set_fp(pf, fp);
+ if (sepol_policydb_read(avc->policydb, pf)) {
snprintf(errormsg, sizeof(errormsg),
"invalid binary policy %s\n", path);
PyErr_SetString( PyExc_ValueError, errormsg);
@@ -255,25 +252,11 @@
return 1;
}
fclose(fp);
- sepol_set_policydb(&avc->policydb);
- if (!init_path) {
- /* If they didn't specify a full path of a binary policy file,
- then also try loading any boolean settings and user
- definitions from the active locations. Otherwise,
- they can use genpolbools and genpolusers to build a
- binary policy file that includes any desired settings
- and then apply audit2why -p to the resulting file.
- Errors are non-fatal as such settings are optional. */
- sepol_debug(0);
- (void)sepol_genbools_policydb(&avc->policydb,
- selinux_booleans_path());
- (void)sepol_genusers_policydb(&avc->policydb,
- selinux_users_path());
- }
+ sepol_set_policydb(&avc->policydb->p);
avc->handle = sepol_handle_create();
rc = sepol_bool_count(avc->handle,
- (sepol_policydb_t *) & avc->policydb, &cnt);
+ avc->policydb, &cnt);
if (rc < 0) {
PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
return 1;
@@ -285,8 +268,7 @@
return 1;
}
- sepol_bool_iterate(avc->handle,
- (const sepol_policydb_t *)&avc->policydb,
+ sepol_bool_iterate(avc->handle, avc->policydb,
load_booleans, (void *)NULL);
/* Initialize the sidtab for subsequent use by sepol_context_to_sid
@@ -320,7 +302,7 @@
PyObject *listObj;
PyObject *strObj;
int numlines;
- struct boolean_t **bools;
+ struct boolean_t *bools;
unsigned int reason;
sepol_security_id_t ssid, tsid;
sepol_security_class_t tclass;
@@ -401,12 +383,12 @@
}
} else {
PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
- struct boolean_t *b=(struct boolean_t *) bools;
+ struct boolean_t *b = bools;
int len=0;
while (b->name) {
len++; b++;
}
- b = (struct boolean_t *) bools;
+ b = bools;
PyObject *boollist = PyTuple_New(len);
len=0;
while(b->name) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:05:19
|
Revision: 2762
http://selinux.svn.sourceforge.net/selinux/?rev=2762&view=rev
Author: ssmalley
Date: 2008-01-28 05:05:17 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
Author: Dan Walsh
Email: dw...@re...
Date: Fri, 25 Jan 2008 10:31:28 -0500
Fix audit2why to use sepol_policy_kern_vers_max() rather than
security_policyvers() as the upper bound for the search for
a policy file.
Modified Paths:
--------------
trunk/libselinux/src/audit2why.c
Modified: trunk/libselinux/src/audit2why.c
===================================================================
--- trunk/libselinux/src/audit2why.c 2008-01-25 19:06:56 UTC (rev 2761)
+++ trunk/libselinux/src/audit2why.c 2008-01-28 13:05:17 UTC (rev 2762)
@@ -5,6 +5,7 @@
#include <getopt.h>
#include <limits.h>
#include <sepol/sepol.h>
+#include <sepol/policydb.h>
#include <sepol/policydb/services.h>
#include <Python.h>
#include <selinux/selinux.h>
@@ -197,10 +198,10 @@
"unable to open %s: %s\n",
path, strerror(errno));
PyErr_SetString( PyExc_ValueError, errormsg);
- return 0; // trigger exception
+ return 1;
}
} else {
- vers = security_policyvers();
+ vers = sepol_policy_kern_vers_max();
if (vers < 0) {
snprintf(errormsg, sizeof(errormsg),
"Could not get policy version: %s\n",
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-29 13:19:11
|
Revision: 2771
http://selinux.svn.sourceforge.net/selinux/?rev=2771&view=rev
Author: ssmalley
Date: 2008-01-29 05:19:00 -0800 (Tue, 29 Jan 2008)
Log Message:
-----------
Per Vaclav Ovsik, Python.h must be included first in order to build on
Debian etch.
Modified Paths:
--------------
trunk/libselinux/src/audit2why.c
Modified: trunk/libselinux/src/audit2why.c
===================================================================
--- trunk/libselinux/src/audit2why.c 2008-01-28 19:07:48 UTC (rev 2770)
+++ trunk/libselinux/src/audit2why.c 2008-01-29 13:19:00 UTC (rev 2771)
@@ -1,3 +1,4 @@
+#include <Python.h>
#include <unistd.h>
#include <stdlib.h>
#include <ctype.h>
@@ -7,7 +8,6 @@
#include <sepol/sepol.h>
#include <sepol/policydb.h>
#include <sepol/policydb/services.h>
-#include <Python.h>
#include <selinux/selinux.h>
#define UNKNOWN -1
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X