From ab9a33402eb62cff4a04a72a7eb4c903d1073322 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Dec 21 2011 18:06:58 +0000 Subject: Update to upstream * add ignoredirs config for genhomedircon * Fallback_user_level can be NULL if you are not using MLS --- diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch index c752f32..cf50706 100644 --- a/checkpolicy-rhat.patch +++ b/checkpolicy-rhat.patch @@ -1,35 +1,11 @@ diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c -index 1bf669c..a86c6b3 100644 +index d19fc61..a86c6b3 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c -@@ -327,6 +327,126 @@ int define_initial_sid(void) - return -1; +@@ -351,6 +351,102 @@ static int read_classes(ebitmap_t *e_classes) + return 0; } -+static int read_classes(ebitmap_t *e_classes) -+{ -+ char *id; -+ class_datum_t *cladatum; -+ -+ while ((id = queue_remove(id_queue))) { -+ if (!is_id_in_scope(SYM_CLASSES, id)) { -+ yyerror2("class %s is not within scope", id); -+ return -1; -+ } -+ cladatum = hashtab_search(policydbp->p_classes.table, id); -+ if (!cladatum) { -+ yyerror2("unknown class %s", id); -+ return -1; -+ } -+ if (ebitmap_set_bit(e_classes, cladatum->s.value - 1, TRUE)) { -+ yyerror("Out of memory"); -+ return -1; -+ } -+ free(id); -+ } -+ return 0; -+} -+ +int define_default_user(int which) +{ + char *id; @@ -129,154 +105,6 @@ index 1bf669c..a86c6b3 100644 int define_common_perms(void) { char *id = 0, *perm = 0; -@@ -1360,7 +1480,6 @@ int define_compute_type_helper(int which, avrule_t ** rule) - { - char *id; - type_datum_t *datum; -- class_datum_t *cladatum; - ebitmap_t tclasses; - ebitmap_node_t *node; - avrule_t *avrule; -@@ -1387,23 +1506,8 @@ int define_compute_type_helper(int which, avrule_t ** rule) - } - - ebitmap_init(&tclasses); -- while ((id = queue_remove(id_queue))) { -- if (!is_id_in_scope(SYM_CLASSES, id)) { -- yyerror2("class %s is not within scope", id); -- free(id); -- goto bad; -- } -- cladatum = hashtab_search(policydbp->p_classes.table, id); -- if (!cladatum) { -- yyerror2("unknown class %s", id); -- goto bad; -- } -- if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) { -- yyerror("Out of memory"); -- goto bad; -- } -- free(id); -- } -+ if (read_classes(&tclasses)) -+ goto bad; - - id = (char *)queue_remove(id_queue); - if (!id) { -@@ -1628,25 +1732,9 @@ int define_te_avtab_helper(int which, avrule_t ** rule) - } - - ebitmap_init(&tclasses); -- while ((id = queue_remove(id_queue))) { -- if (!is_id_in_scope(SYM_CLASSES, id)) { -- yyerror2("class %s is not within scope", id); -- ret = -1; -- goto out; -- } -- cladatum = hashtab_search(policydbp->p_classes.table, id); -- if (!cladatum) { -- yyerror2("unknown class %s used in rule", id); -- ret = -1; -- goto out; -- } -- if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) { -- yyerror("Out of memory"); -- ret = -1; -- goto out; -- } -- free(id); -- } -+ ret = read_classes(&tclasses); -+ if (ret) -+ goto out; - - perms = NULL; - ebitmap_for_each_bit(&tclasses, node, i) { -@@ -2242,22 +2330,8 @@ int define_role_trans(int class_specified) - } - - if (class_specified) { -- while ((id = queue_remove(id_queue))) { -- if (!is_id_in_scope(SYM_CLASSES, id)) { -- yyerror2("class %s is not within scope", id); -- free(id); -- return -1; -- } -- cladatum = hashtab_search(policydbp->p_classes.table, -- id); -- if (!cladatum) { -- yyerror2("unknow class %s", id); -- return -1; -- } -- -- ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE); -- free(id); -- } -+ if (read_classes(&e_classes)) -+ return -1; - } else { - cladatum = hashtab_search(policydbp->p_classes.table, - "process"); -@@ -2410,7 +2484,6 @@ int define_filename_trans(void) - ebitmap_node_t *snode, *tnode, *cnode; - filename_trans_t *ft; - filename_trans_rule_t *ftr; -- class_datum_t *cladatum; - type_datum_t *typdatum; - uint32_t otype; - unsigned int c, s, t; -@@ -2451,23 +2524,8 @@ int define_filename_trans(void) - } - - ebitmap_init(&e_tclasses); -- while ((id = queue_remove(id_queue))) { -- if (!is_id_in_scope(SYM_CLASSES, id)) { -- yyerror2("class %s is not within scope", id); -- free(id); -- goto bad; -- } -- cladatum = hashtab_search(policydbp->p_classes.table, id); -- if (!cladatum) { -- yyerror2("unknown class %s", id); -- goto bad; -- } -- if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) { -- yyerror("Out of memory"); -- goto bad; -- } -- free(id); -- } -+ if (read_classes(&e_tclasses)) -+ goto bad; - - id = (char *)queue_remove(id_queue); - if (!id) { -@@ -4549,23 +4607,8 @@ int define_range_trans(int class_specified) - } - - if (class_specified) { -- while ((id = queue_remove(id_queue))) { -- if (!is_id_in_scope(SYM_CLASSES, id)) { -- yyerror2("class %s is not within scope", id); -- free(id); -- goto out; -- } -- cladatum = hashtab_search(policydbp->p_classes.table, -- id); -- if (!cladatum) { -- yyerror2("unknown class %s", id); -- goto out; -- } -- -- ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1, -- TRUE); -- free(id); -- } -+ if (read_classes(&rule->tclasses)) -+ goto out; - } else { - cladatum = hashtab_search(policydbp->p_classes.table, - "process"); diff --git a/checkpolicy/policy_define.h b/checkpolicy/policy_define.h index 92a9be7..ccbe56f 100644 --- a/checkpolicy/policy_define.h diff --git a/checkpolicy.spec b/checkpolicy.spec index aa01da5..267f8e3 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -58,7 +58,8 @@ rm -rf ${RPM_BUILD_ROOT} %changelog * Wed Dec 21 2011 Dan Walsh - 2.1.8-1 -Update to upstream - * add new helper to translate class sets into bitmaps + * add ignoredirs config for genhomedircon + * Fallback_user_level can be NULL if you are not using MLS * Wed Dec 21 2011 Dan Walsh - 2.1.7-3 - default_rules should be optional