Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2007-05-31 18:28:29
|
Revision: 2449
http://svn.sourceforge.net/selinux/?rev=2449&view=rev
Author: ssmalley
Date: 2007-05-31 11:28:27 -0700 (Thu, 31 May 2007)
Log Message:
-----------
updated checkpolicy to version 1.34.3
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/ChangeLog
branches/stable/1_0/checkpolicy/VERSION
branches/stable/1_0/checkpolicy/checkmodule.8
branches/stable/1_0/checkpolicy/checkpolicy.8
branches/stable/1_0/checkpolicy/module_compiler.c
Modified: branches/stable/1_0/checkpolicy/ChangeLog
===================================================================
--- branches/stable/1_0/checkpolicy/ChangeLog 2007-05-31 18:11:53 UTC (rev 2448)
+++ branches/stable/1_0/checkpolicy/ChangeLog 2007-05-31 18:28:27 UTC (rev 2449)
@@ -1,3 +1,7 @@
+1.34.3 2007-05-31
+ * Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
+ * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
+
1.34.2 2007-04-12
* Merged checkmodule man page fix from Dan Walsh.
Modified: branches/stable/1_0/checkpolicy/VERSION
===================================================================
--- branches/stable/1_0/checkpolicy/VERSION 2007-05-31 18:11:53 UTC (rev 2448)
+++ branches/stable/1_0/checkpolicy/VERSION 2007-05-31 18:28:27 UTC (rev 2449)
@@ -1 +1 @@
-1.34.2
+1.34.3
Modified: branches/stable/1_0/checkpolicy/checkmodule.8
===================================================================
--- branches/stable/1_0/checkpolicy/checkmodule.8 2007-05-31 18:11:53 UTC (rev 2448)
+++ branches/stable/1_0/checkpolicy/checkmodule.8 2007-05-31 18:28:27 UTC (rev 2449)
@@ -47,7 +47,7 @@
.SH "SEE ALSO"
.B semodule(8), semodule_package(8)
-SELinux documentation at http://www.nsa.gov/selinux/docs.html,
+SELinux documentation at http://www.nsa.gov/selinux,
especially "Configuring the SELinux Policy".
Modified: branches/stable/1_0/checkpolicy/checkpolicy.8
===================================================================
--- branches/stable/1_0/checkpolicy/checkpolicy.8 2007-05-31 18:11:53 UTC (rev 2448)
+++ branches/stable/1_0/checkpolicy/checkpolicy.8 2007-05-31 18:28:27 UTC (rev 2449)
@@ -34,7 +34,7 @@
Specify the policy version, defaults to the latest.
.SH "SEE ALSO"
-SELinux documentation at http://www.nsa.gov/selinux/docs.html,
+SELinux documentation at http://www.nsa.gov/selinux,
especially "Configuring the SELinux Policy".
Modified: branches/stable/1_0/checkpolicy/module_compiler.c
===================================================================
--- branches/stable/1_0/checkpolicy/module_compiler.c 2007-05-31 18:11:53 UTC (rev 2448)
+++ branches/stable/1_0/checkpolicy/module_compiler.c 2007-05-31 18:28:27 UTC (rev 2449)
@@ -142,7 +142,12 @@
symtab[symbol_type].table,
key);
assert(s != NULL);
- *dest_value = s->value;
+
+ if (symbol_type == SYM_LEVELS) {
+ *dest_value = ((level_datum_t *)s)->level->sens;
+ } else {
+ *dest_value = s->value;
+ }
} else if (retval == -2) {
return -2;
} else if (retval < 0) {
@@ -496,7 +501,12 @@
symtab[symbol_type].table,
key);
assert(s != NULL);
- *dest_value = s->value;
+
+ if (symbol_type == SYM_LEVELS) {
+ *dest_value = ((level_datum_t *)s)->level->sens;
+ } else {
+ *dest_value = s->value;
+ }
} else if (retval == -2) {
/* ignore require statements if that symbol was
* previously declared and is in current scope */
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-27 13:18:31
|
Revision: 2594
http://selinux.svn.sourceforge.net/selinux/?rev=2594&view=rev
Author: ssmalley
Date: 2007-09-27 06:16:53 -0700 (Thu, 27 Sep 2007)
Log Message:
-----------
updated checkpolicy to version 1.34.4
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/ChangeLog
branches/stable/1_0/checkpolicy/VERSION
Modified: branches/stable/1_0/checkpolicy/ChangeLog
===================================================================
--- branches/stable/1_0/checkpolicy/ChangeLog 2007-09-27 13:16:05 UTC (rev 2593)
+++ branches/stable/1_0/checkpolicy/ChangeLog 2007-09-27 13:16:53 UTC (rev 2594)
@@ -1,3 +1,8 @@
+1.34.4 2007-09-27
+ * Merged handle unknown policydb flag support from Eric Paris.
+ Adds new command line options -U {allow, reject, deny} for selecting
+ the flag when a base module or kernel policy is built.
+
1.34.3 2007-05-31
* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
Modified: branches/stable/1_0/checkpolicy/VERSION
===================================================================
--- branches/stable/1_0/checkpolicy/VERSION 2007-09-27 13:16:05 UTC (rev 2593)
+++ branches/stable/1_0/checkpolicy/VERSION 2007-09-27 13:16:53 UTC (rev 2594)
@@ -1 +1 @@
-1.34.3
+1.34.4
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-04 18:36:16
|
Revision: 2836
http://selinux.svn.sourceforge.net/selinux/?rev=2836&view=rev
Author: ssmalley
Date: 2008-03-04 10:36:08 -0800 (Tue, 04 Mar 2008)
Log Message:
-----------
updated checkpolicy to version 1.34.5
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/ChangeLog
branches/stable/1_0/checkpolicy/VERSION
Modified: branches/stable/1_0/checkpolicy/ChangeLog
===================================================================
--- branches/stable/1_0/checkpolicy/ChangeLog 2008-03-04 18:35:35 UTC (rev 2835)
+++ branches/stable/1_0/checkpolicy/ChangeLog 2008-03-04 18:36:08 UTC (rev 2836)
@@ -1,3 +1,6 @@
+1.34.5 2008-03-04
+ * Merged r2831 from trunk: fix uninitialized use of handle in struct policy_file from Todd Miller.
+
1.34.4 2007-09-27
* Merged handle unknown policydb flag support from Eric Paris.
Adds new command line options -U {allow, reject, deny} for selecting
Modified: branches/stable/1_0/checkpolicy/VERSION
===================================================================
--- branches/stable/1_0/checkpolicy/VERSION 2008-03-04 18:35:35 UTC (rev 2835)
+++ branches/stable/1_0/checkpolicy/VERSION 2008-03-04 18:36:08 UTC (rev 2836)
@@ -1 +1 @@
-1.34.4
+1.34.5
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-06 14:39:54
|
Revision: 2897
http://selinux.svn.sourceforge.net/selinux/?rev=2897&view=rev
Author: ssmalley
Date: 2008-06-06 07:39:52 -0700 (Fri, 06 Jun 2008)
Log Message:
-----------
applied r2664:2665 from trunk
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/policy_parse.y
branches/stable/1_0/checkpolicy/policy_scan.l
Modified: branches/stable/1_0/checkpolicy/policy_parse.y
===================================================================
--- branches/stable/1_0/checkpolicy/policy_parse.y 2008-06-06 14:37:00 UTC (rev 2896)
+++ branches/stable/1_0/checkpolicy/policy_parse.y 2008-06-06 14:39:52 UTC (rev 2897)
@@ -121,7 +121,7 @@
static int define_fs_context(unsigned int major, unsigned int minor);
static int define_port_context(unsigned int low, unsigned int high);
static int define_netif_context(void);
-static int define_ipv4_node_context(unsigned int addr, unsigned int mask);
+static int define_ipv4_node_context(void);
static int define_ipv6_node_context(void);
typedef int (* require_func_t)();
@@ -194,6 +194,7 @@
%token NUMBER
%token EQUALS
%token NOTEQUAL
+%token IPV4_ADDR
%token IPV6_ADDR
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
@@ -653,7 +654,7 @@
| node_contexts node_context_def
;
node_context_def : NODECON ipv4_addr_def ipv4_addr_def security_context_def
- {if (define_ipv4_node_context($2,$3)) return -1;}
+ {if (define_ipv4_node_context()) return -1;}
| NODECON ipv6_addr ipv6_addr security_context_def
{if (define_ipv6_node_context()) return -1;}
;
@@ -683,18 +684,9 @@
| GENFSCON identifier path security_context_def
{if (define_genfs_context(0)) return -1;}
;
-ipv4_addr_def : number '.' number '.' number '.' number
- {
- unsigned int addr;
- unsigned char *p = ((unsigned char *)&addr);
-
- p[0] = $1 & 0xff;
- p[1] = $3 & 0xff;
- p[2] = $5 & 0xff;
- p[3] = $7 & 0xff;
- $$ = addr;
- }
- ;
+ipv4_addr_def : IPV4_ADDR
+ { if (insert_id(yytext,0)) return -1; }
+ ;
security_context_def : identifier ':' identifier ':' identifier opt_mls_range_def
;
opt_mls_range_def : ':' mls_range_def
@@ -4183,27 +4175,63 @@
return 0;
}
-static int define_ipv4_node_context(unsigned int addr, unsigned int mask)
-{
+static int define_ipv4_node_context()
+{
+ char *id;
+ int rc = 0;
+ struct in_addr addr, mask;
ocontext_t *newc, *c, *l, *head;
if (pass == 1) {
+ free(queue_remove(id_queue));
+ free(queue_remove(id_queue));
parse_security_context(NULL);
- if (mlspol)
- free(queue_remove(id_queue));
- return 0;
+ goto out;
}
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv4 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET, id, &addr);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv4 address");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv4 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET, id, &mask);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv4 mask");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
newc = malloc(sizeof(ocontext_t));
if (!newc) {
yyerror("out of memory");
- return -1;
+ rc = -1;
+ goto out;
}
+
memset(newc, 0, sizeof(ocontext_t));
+ newc->u.node.addr = addr.s_addr;
+ newc->u.node.mask = mask.s_addr;
- newc->u.node.addr = addr;
- newc->u.node.mask = mask;
-
if (parse_security_context(&newc->context[0])) {
free(newc);
return -1;
@@ -4223,8 +4251,9 @@
l->next = newc;
else
policydbp->ocontexts[OCON_NODE] = newc;
-
- return 0;
+ rc = 0;
+out:
+ return rc;
}
static int define_ipv6_node_context(void)
Modified: branches/stable/1_0/checkpolicy/policy_scan.l
===================================================================
--- branches/stable/1_0/checkpolicy/policy_scan.l 2008-06-06 14:37:00 UTC (rev 2896)
+++ branches/stable/1_0/checkpolicy/policy_scan.l 2008-06-06 14:39:52 UTC (rev 2897)
@@ -31,7 +31,6 @@
static char linebuf[2][255];
static unsigned int lno = 0;
int yywarn(char *msg);
-static int is_valid_identifier(char *id);
char source_file[255];
unsigned long source_lineno = 1;
@@ -46,8 +45,8 @@
%array
letter [A-Za-z]
digit [0-9]
+alnum [a-zA-Z0-9]
hexval [0-9A-Fa-f]
-version [0-9]+(\.[A-Za-z0-9_.]*)?
%%
\n.* { strncpy(linebuf[lno], yytext+1, 255);
@@ -199,17 +198,14 @@
H1 { return(H1); }
h2 |
H2 { return(H2); }
-"/"({letter}|{digit}|_|"."|"-"|"/")* { return(PATH); }
-{letter}({letter}|{digit}|_|"."|"-")* { if (is_valid_identifier(yytext))
- return(IDENTIFIER);
- else
- REJECT;
- }
-{digit}{digit}* { return(NUMBER); }
-{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|":"|".")* { return(IPV6_ADDR); }
-{version}/([ \t\f]*;) { return(VERSION_IDENTIFIER); }
+"/"({alnum}|[_.-/])* { return(PATH); }
+{letter}({alnum}|[_-])*([.]?({alnum}|[_-]))* { return(IDENTIFIER); }
+{digit}+ { return(NUMBER); }
+{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
+{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
+{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); }
#line[ ]1[ ]\"[^\n]*\" { source_lineno = 1; strncpy(source_file, yytext+9, 255); source_file[strlen(source_file)-1] = '\0'; }
-#line[ ]{digit}{digit}* { source_lineno = atoi(yytext+6)-1; }
+#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; }
#[^\n]* { /* delete comments */ }
[ \t\f]+ { /* delete whitespace */ }
"==" { return(EQUALS); }
@@ -263,17 +259,3 @@
linebuf[0], linebuf[1]);
return 0;
}
-
-static int is_valid_identifier(char *id) {
- if ((strrchr(id, '.')) != NULL) {
- if (strstr(id, "..") != NULL) {
- /* identifier has consecutive '.' */
- return 0;
- }
- if (id[strlen(id) - 1] == '.') {
- /* identifier ends in '.' */
- return 0;
- }
- }
- return 1;
-}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-06 14:43:24
|
Revision: 2899
http://selinux.svn.sourceforge.net/selinux/?rev=2899&view=rev
Author: ssmalley
Date: 2008-06-06 07:43:16 -0700 (Fri, 06 Jun 2008)
Log Message:
-----------
updated checkpolicy to version 1.34.6
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/ChangeLog
branches/stable/1_0/checkpolicy/VERSION
Modified: branches/stable/1_0/checkpolicy/ChangeLog
===================================================================
--- branches/stable/1_0/checkpolicy/ChangeLog 2008-06-06 14:41:13 UTC (rev 2898)
+++ branches/stable/1_0/checkpolicy/ChangeLog 2008-06-06 14:43:16 UTC (rev 2899)
@@ -1,3 +1,7 @@
+1.34.6 2008-06-06
+ * Merged r2665 and r2878 from trunk: make ipv4 address parsing like ipv6 from James Carter.
+ In combination with the libsepol fix, this fixes network node address handling by checkpolicy on big endian platforms.
+
1.34.5 2008-03-04
* Merged r2831 from trunk: fix uninitialized use of handle in struct policy_file from Todd Miller.
Modified: branches/stable/1_0/checkpolicy/VERSION
===================================================================
--- branches/stable/1_0/checkpolicy/VERSION 2008-06-06 14:41:13 UTC (rev 2898)
+++ branches/stable/1_0/checkpolicy/VERSION 2008-06-06 14:43:16 UTC (rev 2899)
@@ -1 +1 @@
-1.34.5
+1.34.6
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-10 13:09:53
|
Revision: 2903
http://selinux.svn.sourceforge.net/selinux/?rev=2903&view=rev
Author: ssmalley
Date: 2008-06-10 06:09:47 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
updated checkpolicy to version 1.34.7
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/ChangeLog
branches/stable/1_0/checkpolicy/VERSION
Modified: branches/stable/1_0/checkpolicy/ChangeLog
===================================================================
--- branches/stable/1_0/checkpolicy/ChangeLog 2008-06-10 13:08:56 UTC (rev 2902)
+++ branches/stable/1_0/checkpolicy/ChangeLog 2008-06-10 13:09:47 UTC (rev 2903)
@@ -1,6 +1,8 @@
+1.34.7 2008-06-10
+ * Merged r2886 from trunk: user and role mapping support from Joshua Brindle.
+
1.34.6 2008-06-06
* Merged r2665 and r2878 from trunk: make ipv4 address parsing like ipv6 from James Carter.
- In combination with the libsepol fix, this fixes network node address handling by checkpolicy on big endian platforms.
1.34.5 2008-03-04
* Merged r2831 from trunk: fix uninitialized use of handle in struct policy_file from Todd Miller.
Modified: branches/stable/1_0/checkpolicy/VERSION
===================================================================
--- branches/stable/1_0/checkpolicy/VERSION 2008-06-10 13:08:56 UTC (rev 2902)
+++ branches/stable/1_0/checkpolicy/VERSION 2008-06-10 13:09:47 UTC (rev 2903)
@@ -1 +1 @@
-1.34.6
+1.34.7
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X