|
 |
259de5e |
diff --git libsepol-2.6/src/assertion.c libsepol-2.6/src/assertion.c
|
|
|
259de5e |
index a4be880..121bf8c 100644
|
|
|
259de5e |
--- libsepol-2.6/src/assertion.c
|
|
|
259de5e |
+++ libsepol-2.6/src/assertion.c
|
|
|
259de5e |
@@ -222,7 +222,7 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void
|
|
|
259de5e |
ebitmap_node_t *snode, *tnode;
|
|
|
259de5e |
unsigned int i, j;
|
|
|
259de5e |
|
|
|
259de5e |
- if (k->specified != AVTAB_ALLOWED)
|
|
|
259de5e |
+ if ((k->specified & AVTAB_ALLOWED) == 0)
|
|
|
259de5e |
return 0;
|
|
|
259de5e |
|
|
|
259de5e |
if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
|
|
|
259de5e |
@@ -455,7 +455,7 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a
|
|
|
259de5e |
avrule_t *avrule = a->avrule;
|
|
|
259de5e |
avtab_t *avtab = a->avtab;
|
|
|
259de5e |
|
|
|
259de5e |
- if (k->specified != AVTAB_ALLOWED)
|
|
|
259de5e |
+ if ((k->specified & AVTAB_ALLOWED) == 0)
|
|
|
259de5e |
goto exit;
|
|
|
259de5e |
|
|
|
259de5e |
if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
|
|
|
99653f4 |
diff --git libsepol-2.6/src/boolean_record.c libsepol-2.6/src/boolean_record.c
|
|
|
259de5e |
index 8b64413..a194704 100644
|
|
|
99653f4 |
--- libsepol-2.6/src/boolean_record.c
|
|
|
99653f4 |
+++ libsepol-2.6/src/boolean_record.c
|
|
|
99653f4 |
@@ -15,7 +15,7 @@ struct sepol_bool {
|
|
|
99653f4 |
|
|
|
99653f4 |
struct sepol_bool_key {
|
|
|
99653f4 |
/* This boolean's name */
|
|
|
99653f4 |
- const char *name;
|
|
|
99653f4 |
+ char *name;
|
|
|
44e2d26 |
};
|
|
|
44e2d26 |
|
|
|
99653f4 |
int sepol_bool_key_create(sepol_handle_t * handle,
|
|
|
99653f4 |
@@ -30,7 +30,12 @@ int sepol_bool_key_create(sepol_handle_t * handle,
|
|
|
99653f4 |
return STATUS_ERR;
|
|
|
71b1a80 |
}
|
|
|
71b1a80 |
|
|
|
99653f4 |
- tmp_key->name = name;
|
|
|
99653f4 |
+ tmp_key->name = strdup(name);
|
|
|
99653f4 |
+ if (!tmp_key->name) {
|
|
|
99653f4 |
+ ERR(handle, "out of memory, " "could not create boolean key");
|
|
|
99653f4 |
+ free(tmp_key);
|
|
|
99653f4 |
+ return STATUS_ERR;
|
|
|
44e2d26 |
+ }
|
|
|
44e2d26 |
|
|
|
99653f4 |
*key_ptr = tmp_key;
|
|
|
99653f4 |
return STATUS_SUCCESS;
|
|
|
259de5e |
@@ -62,6 +67,9 @@ int sepol_bool_key_extract(sepol_handle_t * handle,
|
|
|
44e2d26 |
|
|
|
99653f4 |
void sepol_bool_key_free(sepol_bool_key_t * key)
|
|
|
44e2d26 |
{
|
|
|
259de5e |
+ if (!key)
|
|
|
259de5e |
+ return;
|
|
|
99653f4 |
+ free(key->name);
|
|
|
99653f4 |
free(key);
|
|
|
99653f4 |
}
|
|
|
44e2d26 |
|
|
|
259de5e |
diff --git libsepol-2.6/src/expand.c libsepol-2.6/src/expand.c
|
|
|
259de5e |
index 004a029..1d7558e 100644
|
|
|
259de5e |
--- libsepol-2.6/src/expand.c
|
|
|
259de5e |
+++ libsepol-2.6/src/expand.c
|
|
|
259de5e |
@@ -937,7 +937,7 @@ int mls_semantic_range_expand(mls_semantic_range_t * sr, mls_range_t * r,
|
|
|
259de5e |
return -1;
|
|
|
259de5e |
|
|
|
259de5e |
if (mls_semantic_level_expand(&sr->level[1], &r->level[1], p, h) < 0) {
|
|
|
259de5e |
- mls_semantic_level_destroy(&sr->level[0]);
|
|
|
259de5e |
+ mls_level_destroy(&r->level[0]);
|
|
|
259de5e |
return -1;
|
|
|
259de5e |
}
|
|
|
259de5e |
|
|
|
99653f4 |
diff --git libsepol-2.6/src/iface_record.c libsepol-2.6/src/iface_record.c
|
|
|
259de5e |
index 09adeb7..6d56835 100644
|
|
|
99653f4 |
--- libsepol-2.6/src/iface_record.c
|
|
|
99653f4 |
+++ libsepol-2.6/src/iface_record.c
|
|
|
99653f4 |
@@ -20,7 +20,7 @@ struct sepol_iface {
|
|
|
99653f4 |
struct sepol_iface_key {
|
|
|
44e2d26 |
|
|
|
99653f4 |
/* Interface name */
|
|
|
99653f4 |
- const char *name;
|
|
|
99653f4 |
+ char *name;
|
|
|
99653f4 |
};
|
|
|
71b1a80 |
|
|
|
99653f4 |
/* Key */
|
|
|
99653f4 |
@@ -36,7 +36,12 @@ int sepol_iface_key_create(sepol_handle_t * handle,
|
|
|
99653f4 |
return STATUS_ERR;
|
|
|
71b1a80 |
}
|
|
|
d162105 |
|
|
|
99653f4 |
- tmp_key->name = name;
|
|
|
99653f4 |
+ tmp_key->name = strdup(name);
|
|
|
99653f4 |
+ if (!tmp_key->name) {
|
|
|
99653f4 |
+ ERR(handle, "out of memory, could not create interface key");
|
|
|
99653f4 |
+ free(tmp_key);
|
|
|
99653f4 |
+ return STATUS_ERR;
|
|
|
d162105 |
+ }
|
|
|
d162105 |
|
|
|
99653f4 |
*key_ptr = tmp_key;
|
|
|
d162105 |
return STATUS_SUCCESS;
|
|
|
259de5e |
@@ -68,6 +73,9 @@ int sepol_iface_key_extract(sepol_handle_t * handle,
|
|
|
d162105 |
|
|
|
99653f4 |
void sepol_iface_key_free(sepol_iface_key_t * key)
|
|
|
d162105 |
{
|
|
|
259de5e |
+ if (!key)
|
|
|
259de5e |
+ return;
|
|
|
99653f4 |
+ free(key->name);
|
|
|
99653f4 |
free(key);
|
|
|
d88ffa1 |
}
|
|
|
d162105 |
|
|
|
99653f4 |
diff --git libsepol-2.6/src/user_record.c libsepol-2.6/src/user_record.c
|
|
|
259de5e |
index c59c54b..d72d4c7 100644
|
|
|
99653f4 |
--- libsepol-2.6/src/user_record.c
|
|
|
99653f4 |
+++ libsepol-2.6/src/user_record.c
|
|
|
99653f4 |
@@ -24,7 +24,7 @@ struct sepol_user {
|
|
|
d162105 |
|
|
|
99653f4 |
struct sepol_user_key {
|
|
|
99653f4 |
/* This user's name */
|
|
|
99653f4 |
- const char *name;
|
|
|
99653f4 |
+ char *name;
|
|
|
99653f4 |
};
|
|
|
71b1a80 |
|
|
|
99653f4 |
int sepol_user_key_create(sepol_handle_t * handle,
|
|
|
99653f4 |
@@ -40,7 +40,12 @@ int sepol_user_key_create(sepol_handle_t * handle,
|
|
|
a7ec325 |
return STATUS_ERR;
|
|
|
d162105 |
}
|
|
|
d162105 |
|
|
|
99653f4 |
- tmp_key->name = name;
|
|
|
99653f4 |
+ tmp_key->name = strdup(name);
|
|
|
99653f4 |
+ if (!tmp_key->name) {
|
|
|
99653f4 |
+ ERR(handle, "out of memory, could not create selinux user key");
|
|
|
99653f4 |
+ free(tmp_key);
|
|
|
99653f4 |
+ return STATUS_ERR;
|
|
|
d162105 |
+ }
|
|
|
d162105 |
|
|
|
99653f4 |
*key_ptr = tmp_key;
|
|
|
99653f4 |
return STATUS_SUCCESS;
|
|
|
259de5e |
@@ -71,6 +76,9 @@ int sepol_user_key_extract(sepol_handle_t * handle,
|
|
|
d162105 |
|
|
|
99653f4 |
void sepol_user_key_free(sepol_user_key_t * key)
|
|
|
d162105 |
{
|
|
|
259de5e |
+ if (!key)
|
|
|
259de5e |
+ return;
|
|
|
99653f4 |
+ free(key->name);
|
|
|
99653f4 |
free(key);
|
|
|
d162105 |
}
|
|
|
d162105 |
|