diff --git a/policy/flask/Makefile b/policy/flask/Makefile index 5d6e954..17dc174 100644 --- a/policy/flask/Makefile +++ b/policy/flask/Makefile @@ -27,11 +27,11 @@ FLASK_NOWARNINGS = --nowarnings all: $(USER_H) $(KERN_H) -$(USER_H): +$(USER_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F) mkdir -p $(USER_D) $(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(USER_D) -u $(FLASK_NOWARNINGS) -$(KERN_H): +$(KERN_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F) mkdir -p $(KERN_D) $(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(KERN_D) -k $(FLASK_NOWARNINGS) diff --git a/policy/flask/flask.py b/policy/flask/flask.py index 82e45b3..9cc91f7 100644 --- a/policy/flask/flask.py +++ b/policy/flask/flask.py @@ -93,6 +93,7 @@ class Flask: self.WARN = warn self.autogen = "/* This file is automatically generated. Do not edit. */\n" self.commons = [] + self.user_commons = [] self.common = {} self.classes = [] self.vectors = [] @@ -174,6 +175,7 @@ class Flask: commons = [] common = {} inherits = {} + user_commons = {} input = open(path, 'r') # states @@ -205,6 +207,7 @@ class Flask: if c in commons: raise DuplicateError, (self.COMMON, path, number, c) commons.append(c) common[c] = [] + user_commons[c] = True state = COMMON continue @@ -229,6 +232,7 @@ class Flask: if i not in common: raise UndefinedError, (self.COMMON, path, number, i) inherits[c] = i state = INHERIT + if not self.userspace.has_key(c): user_commons[i] = False continue m = self.OPENB.search(line) @@ -270,6 +274,7 @@ class Flask: if cvdiff: raise UnusedError, "Not all security classes were used in access vectors: %s" % cvdiff # the inverse of this will be caught as an undefined class error self.commons = commons + self.user_commons = user_commons self.common = common self.vectors = vectors self.vector = vector @@ -388,10 +393,12 @@ class Flask: results = [] results.append(self.autogen) for common in self.commons: - results.append("TB_(common_%s_perm_to_string)\n" % common) - for p in self.common[common]: - results.append(" S_(\"%s\")\n" % p) - results.append("TE_(common_%s_perm_to_string)\n\n" % common) + user = self.user_commons[common] + if not (mode == self.KERNEL and user): + results.append("TB_(common_%s_perm_to_string)\n" % common) + for p in self.common[common]: + results.append(" S_(\"%s\")\n" % p) + results.append("TE_(common_%s_perm_to_string)\n\n" % common) return results def createFlaskH(self, mode = USERSPACE):