Changeset 28
- Timestamp:
- 10/02/06 08:32:17 (2 years ago)
- Files:
-
- upstream/selinux/checkpolicy/ChangeLog (modified) (1 diff)
- upstream/selinux/checkpolicy/VERSION (modified) (1 diff)
- upstream/selinux/checkpolicy/module_compiler.c (modified) (1 diff)
- upstream/selinux/checkpolicy/module_compiler.h (modified) (1 diff)
- upstream/selinux/checkpolicy/policy_parse.y (modified) (11 diffs)
- upstream/selinux/libselinux/ChangeLog (modified) (1 diff)
- upstream/selinux/libselinux/VERSION (modified) (1 diff)
- upstream/selinux/libselinux/include/selinux/av_permissions.h (modified) (2 diffs)
- upstream/selinux/libselinux/src/setrans_client.c (modified) (1 diff)
- upstream/selinux/libsemanage/ChangeLog (modified) (1 diff)
- upstream/selinux/libsemanage/VERSION (modified) (1 diff)
- upstream/selinux/libsemanage/src/conf-parse.y (modified) (3 diffs)
- upstream/selinux/libsemanage/src/conf-scan.l (modified) (2 diffs)
- upstream/selinux/libsemanage/src/direct_api.c (modified) (1 diff)
- upstream/selinux/libsemanage/src/semanage_store.c (modified) (1 diff)
- upstream/selinux/libsepol/ChangeLog (modified) (1 diff)
- upstream/selinux/libsepol/VERSION (modified) (1 diff)
- upstream/selinux/libsepol/include/sepol/policydb/policydb.h (modified) (1 diff)
- upstream/selinux/libsepol/src/Makefile (modified) (1 diff)
- upstream/selinux/libsepol/src/expand.c (modified) (4 diffs)
- upstream/selinux/libsepol/src/link.c (modified) (8 diffs)
- upstream/selinux/libsepol/src/policydb.c (modified) (7 diffs)
- upstream/selinux/policycoreutils/ChangeLog (modified) (1 diff)
- upstream/selinux/policycoreutils/VERSION (modified) (1 diff)
- upstream/selinux/policycoreutils/newrole/Makefile (modified) (1 diff)
- upstream/selinux/policycoreutils/newrole/newrole.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
upstream/selinux/checkpolicy/ChangeLog
r10 r28 1 1.30.12 2006-09-28 2 * Merged user and range_transition support for modules from 3 Darrel Goeddel 4 1 5 1.30.11 2006-09-05 2 6 * merged range_transition enhancements and user module format upstream/selinux/checkpolicy/VERSION
r10 r28 1 1.30.1 11 1.30.12 upstream/selinux/checkpolicy/module_compiler.c
r10 r28 938 938 } 939 939 940 int require_sens(int pass) 941 { 942 char *id = queue_remove(id_queue); 943 level_datum_t *level = NULL; 944 int retval; 945 if (pass == 2) { 946 free(id); 947 return 0; 948 } 949 if (!id) { 950 yyerror("no sensitivity name"); 951 return -1; 952 } 953 level = malloc(sizeof(level_datum_t)); 954 if (!level) { 955 free(id); 956 yyerror("Out of memory!"); 957 return -1; 958 } 959 level_datum_init(level); 960 level->level = malloc(sizeof(mls_level_t)); 961 if (!level->level) { 962 free(id); 963 level_datum_destroy(level); 964 free(level); 965 yyerror("Out of memory!"); 966 return -1; 967 } 968 mls_level_init(level->level); 969 retval = require_symbol(SYM_LEVELS, id, (hashtab_datum_t *) level, 970 &level->level->sens, &level->level->sens); 971 if (retval != 0) { 972 free(id); 973 mls_level_destroy(level->level); 974 free(level->level); 975 level_datum_destroy(level); 976 free(level); 977 } 978 switch (retval) { 979 case -3:{ 980 yyerror("Out of memory!"); 981 return -1; 982 } 983 case -2:{ 984 yyerror("duplicate declaration of sensitivity"); 985 return -1; 986 } 987 case -1:{ 988 yyerror("could not require sensitivity here"); 989 return -1; 990 } 991 case 0:{ 992 return 0; 993 } 994 case 1:{ 995 return 0; /* sensitivity already required */ 996 } 997 default:{ 998 assert(0); /* should never get here */ 999 } 1000 } 1001 } 1002 1003 int require_cat(int pass) 1004 { 1005 char *id = queue_remove(id_queue); 1006 cat_datum_t *cat = NULL; 1007 int retval; 1008 if (pass == 2) { 1009 free(id); 1010 return 0; 1011 } 1012 if (!id) { 1013 yyerror("no category name"); 1014 return -1; 1015 } 1016 cat = malloc(sizeof(cat_datum_t)); 1017 if (!cat) { 1018 free(id); 1019 yyerror("Out of memory!"); 1020 return -1; 1021 } 1022 cat_datum_init(cat); 1023 1024 retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat, 1025 &cat->s.value, &cat->s.value); 1026 if (retval != 0) { 1027 free(id); 1028 cat_datum_destroy(cat); 1029 free(cat); 1030 } 1031 switch (retval) { 1032 case -3:{ 1033 yyerror("Out of memory!"); 1034 return -1; 1035 } 1036 case -2:{ 1037 yyerror("duplicate declaration of category"); 1038 return -1; 1039 } 1040 case -1:{ 1041 yyerror("could not require category here"); 1042 return -1; 1043 } 1044 case 0:{ 1045 return 0; 1046 } 1047 case 1:{ 1048 return 0; /* category already required */ 1049 } 1050 default:{ 1051 assert(0); /* should never get here */ 1052 } 1053 } 1054 } 1055 940 1056 static int is_scope_in_stack(scope_datum_t * scope, scope_stack_t * stack) 941 1057 { upstream/selinux/checkpolicy/module_compiler.h
r10 r28 57 57 int require_user(int pass); 58 58 int require_bool(int pass); 59 int require_sens(int pass); 60 int require_cat(int pass); 59 61 60 62 /* Check if an identifier is within the scope of the current upstream/selinux/checkpolicy/policy_parse.y
r10 r28 835 835 | USER { $$ = require_user; } 836 836 | BOOL { $$ = require_bool; } 837 /* MLS-enabled modules are not implemented at this time.838 837 | SENSITIVITY { $$ = require_sens; } 839 838 | CATEGORY { $$ = require_cat; } 840 */841 839 ; 842 840 require_id_list : identifier … … 1302 1300 goto bad; 1303 1301 } 1304 m emset(level, 0, sizeof(mls_level_t));1302 mls_level_init(level); 1305 1303 level->sens = 0; /* actual value set in define_dominance */ 1306 1304 ebitmap_init(&level->cat); /* actual value set in define_level */ … … 1311 1309 goto bad; 1312 1310 } 1313 memset(datum, 0, sizeof(level_datum_t));1311 level_datum_init(datum); 1314 1312 datum->isalias = FALSE; 1315 1313 datum->level = level; … … 1348 1346 goto bad_alias; 1349 1347 } 1350 memset(aliasdatum, 0, sizeof(level_datum_t));1348 level_datum_init(aliasdatum); 1351 1349 aliasdatum->isalias = TRUE; 1352 1350 aliasdatum->level = level; … … 1385 1383 if (level) 1386 1384 free(level); 1387 if (datum) 1385 if (datum) { 1386 level_datum_destroy(datum); 1388 1387 free(datum); 1388 } 1389 1389 return -1; 1390 1390 … … 1392 1392 if (id) 1393 1393 free(id); 1394 if (aliasdatum) 1394 if (aliasdatum) { 1395 level_datum_destroy(aliasdatum); 1395 1396 free(aliasdatum); 1397 } 1396 1398 return -1; 1397 1399 } … … 1481 1483 goto bad; 1482 1484 } 1483 memset(datum, 0, sizeof(cat_datum_t));1485 cat_datum_init(datum); 1484 1486 datum->isalias = FALSE; 1485 1487 … … 1518 1520 goto bad_alias; 1519 1521 } 1520 memset(aliasdatum, 0, sizeof(cat_datum_t));1522 cat_datum_init(aliasdatum); 1521 1523 aliasdatum->isalias = TRUE; 1522 1524 aliasdatum->s.value = datum->s.value; … … 1555 1557 if (id) 1556 1558 free(id); 1557 if (datum) 1559 if (datum) { 1560 cat_datum_destroy(datum); 1558 1561 free(datum); 1562 } 1559 1563 return -1; 1560 1564 … … 1562 1566 if (id) 1563 1567 free(id); 1564 if (aliasdatum) 1568 if (aliasdatum) { 1569 cat_datum_destroy(aliasdatum); 1565 1570 free(aliasdatum); 1571 } 1566 1572 return -1; 1567 1573 } … … 3683 3689 int l; 3684 3690 3685 if (policydbp->policy_type == POLICY_MOD && mlspol) {3686 yyerror("Users cannot be declared in MLS modules");3687 return -1;3688 }3689 3690 3691 if (pass == 1) { 3691 3692 while ((id = queue_remove(id_queue))) upstream/selinux/libselinux/ChangeLog
r10 r28 1 1.30.29 2006-09-29 2 * Merged av_permissions.h update from Steve Grubb, 3 adding setsockcreate and polmatch definitions. 4 1 5 1.30.28 2006-09-13 2 6 * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client upstream/selinux/libselinux/VERSION
r10 r28 1 1.30.2 81 1.30.29 upstream/selinux/libselinux/include/selinux/av_permissions.h
r10 r28 469 469 #define PROCESS__EXECHEAP 0x08000000UL 470 470 #define PROCESS__SETKEYCREATE 0x10000000UL 471 #define PROCESS__SETSOCKCREATE 0x20000000UL 471 472 472 473 #define IPC__CREATE 0x00000001UL … … 911 912 #define ASSOCIATION__RECVFROM 0x00000002UL 912 913 #define ASSOCIATION__SETCONTEXT 0x00000004UL 914 #define ASSOCIATION__POLMATCH 0x00000008UL 913 915 914 916 #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL upstream/selinux/libselinux/src/setrans_client.c
r10 r28 89 89 memset(&msgh, 0, sizeof(msgh)); 90 90 msgh.msg_iov = iov; 91 msgh.msg_iovlen = sizeof(iov) /sizeof(iov[0]);91 msgh.msg_iovlen = sizeof(iov) / sizeof(iov[0]); 92 92 93 93 expected = 0; 94 for (i = 0; i < sizeof(iov) /sizeof(iov[0]); i++)94 for (i = 0; i < sizeof(iov) / sizeof(iov[0]); i++) 95 95 expected += iov[i].iov_len; 96 96 97 while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0) && (errno == EINTR)) ; 97 while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0) 98 && (errno == EINTR)) ; 98 99 if (count < 0 || count != expected) 99 100 return -1; upstream/selinux/libsemanage/ChangeLog
r10 r28 1 1.6.17 2006-09-29 2 * Merged patch to skip reload if no active store exists and 3 the store path doesn't match the active store path from Dan Walsh. 4 * Merged patch to not destroy sepol handle on error path of 5 connect from James Athey. 6 * Merged patch to add genhomedircon path to semanage.conf from 7 James Athey. 8 1 9 1.6.16 2006-08-14 2 10 * Make most copy errors fatal, but allow exceptions for upstream/selinux/libsemanage/VERSION
r10 r28 1 1.6.1 61 1.6.17 upstream/selinux/libsemanage/src/conf-parse.y
r10 r28 1 /* Author: Jason Tang <jtang@tresys.com> 1 /* Authors: Jason Tang <jtang@tresys.com> 2 * James Athey <jathey@tresys.com> 2 3 * 3 * Copyright (C) 2004-200 5Tresys Technology, LLC4 * Copyright (C) 2004-2006 Tresys Technology, LLC 4 5 * 5 6 * This library is free software; you can redistribute it and/or … … 57 58 58 59 %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE 59 %token LOAD_POLICY_START SETFILES_START 60 %token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START 60 61 %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END 61 62 %token PROG_PATH PROG_ARGS … … 134 135 current_conf->setfiles = NULL; 135 136 if (new_external_prog(¤t_conf->setfiles) == -1) { 137 parse_errors++; 138 YYABORT; 139 } 140 } 141 | GENHOMEDIRCON_START { 142 semanage_conf_external_prog_destroy(current_conf->genhomedircon); 143 current_conf->genhomedircon = NULL; 144 if (new_external_prog(¤t_conf->genhomedircon) == -1) { 136 145 parse_errors++; 137 146 YYABORT; upstream/selinux/libsemanage/src/conf-scan.l
r10 r28 1 /* Author: Jason Tang <jtang@tresys.com> 1 /* Authors: Jason Tang <jtang@tresys.com> 2 * James Athey <jathey@tresys.com> 2 3 * 3 * Copyright (C) 2004-200 5Tresys Technology, LLC4 * Copyright (C) 2004-2006 Tresys Technology, LLC 4 5 * 5 6 * This library is free software; you can redistribute it and/or … … 44 45 "[load_policy]" return LOAD_POLICY_START; 45 46 "[setfiles]" return SETFILES_START; 47 "[genhomedircon]" return GENHOMEDIRCON_START; 46 48 "[verify module]" return VERIFY_MOD_START; 47 49 "[verify linked]" return VERIFY_LINKED_START; upstream/selinux/libsemanage/src/direct_api.c
r10 r28 219 219 err: 220 220 ERR(sh, "could not establish direct connection"); 221 sepol_handle_destroy(sh->sepolh);222 221 return STATUS_ERR; 223 222 } upstream/selinux/libsemanage/src/semanage_store.c
r10 r28 1111 1111 goto skip_reload; 1112 1112 } 1113 } 1113 } else if (errno == ENOENT && 1114 strcmp(really_active_store, storepath) != 0) 1115 goto skip_reload; 1114 1116 1115 1117 if (semanage_reload_policy(sh)) { upstream/selinux/libsepol/ChangeLog
r10 r28 1 1.12.28 2006-09-28 2 * Build libsepol's static object files with -fpic 3 4 1.12.27 2006-09-28 5 * Merged mls user and range_transition support in modules 6 from Darrel Goeddel 7 1 8 1.12.26 2006-09-05 2 9 * Merged range transition enhancements and user format changes upstream/selinux/libsepol/VERSION
r10 r28 1 1.12.2 61 1.12.28 upstream/selinux/libsepol/include/sepol/policydb/policydb.h
r10 r28 533 533 extern void user_datum_init(user_datum_t * x); 534 534 extern void user_datum_destroy(user_datum_t * x); 535 extern void level_datum_init(level_datum_t * x); 536 extern void level_datum_destroy(level_datum_t * x); 537 extern void cat_datum_init(cat_datum_t * x); 538 extern void cat_datum_destroy(cat_datum_t * x); 535 539 536 540 extern int check_assertions(sepol_handle_t * handle, upstream/selinux/libsepol/src/Makefile
r10 r28 25 25 26 26 %.o: %.c 27 $(CC) $(CFLAGS) - c -o $@ $<27 $(CC) $(CFLAGS) -fpic -c -o $@ $< 28 28 29 29 %.lo: %.c upstream/selinux/libsepol/src/expand.c
r10 r28 824 824 INFO(state->handle, "copying sensitivity level %s", id); 825 825 826 if ((new_level = 827 (level_datum_t *) calloc(1, sizeof(*new_level))) == NULL 828 || (new_level->level = 829 (mls_level_t *) calloc(1, sizeof(mls_level_t))) == NULL 830 || (new_id = strdup(id)) == NULL) { 826 new_level = (level_datum_t *) malloc(sizeof(level_datum_t)); 827 if (!new_level) 831 828 goto out_of_mem; 832 } 829 level_datum_init(new_level); 830 new_level->level = (mls_level_t *) malloc(sizeof(mls_level_t)); 831 if (!new_level->level) 832 goto out_of_mem; 833 mls_level_init(new_level->level); 834 new_id = strdup(id); 835 if (!new_id) 836 goto out_of_mem; 833 837 834 838 if (mls_level_cpy(new_level->level, level->level)) { … … 848 852 ERR(state->handle, "Out of memory!"); 849 853 if (new_level != NULL && new_level->level != NULL) { 850 ebitmap_destroy(&new_level->level->cat);854 mls_level_destroy(new_level->level); 851 855 free(new_level->level); 852 856 } 857 level_datum_destroy(new_level); 853 858 free(new_level); 854 859 free(new_id); … … 871 876 INFO(state->handle, "copying category attribute %s", id); 872 877 873 if ((new_cat = (cat_datum_t *) calloc(1, sizeof(*new_cat))) == NULL ||874 (new_id = strdup(id)) == NULL) {878 new_cat = (cat_datum_t *) malloc(sizeof(cat_datum_t)); 879 if (!new_cat) 875 880 goto out_of_mem; 876 } 881 cat_datum_init(new_cat); 882 new_id = strdup(id); 883 if (!new_id) 884 goto out_of_mem; 877 885 878 886 new_cat->s.value = cat->s.value; … … 888 896 out_of_mem: 889 897 ERR(state->handle, "Out of memory!"); 898 cat_datum_destroy(new_cat); 890 899 free(new_cat); 891 900 free(new_id); upstream/selinux/libsepol/src/link.c
r10 r28 469 469 user_datum_t *user, *base_user, *new_user = NULL; 470 470 link_state_t *state = (link_state_t *) data; 471 scope_datum_t *scope;472 471 473 472 user = (user_datum_t *) datum; 474 if (state->base->mls) {475 scope =476 hashtab_search(state->cur->policy->p_users_scope.table, id);477 if (!scope) {478 ERR(state->handle,479 "No scope information for user %s in module %s\n",480 id, state->cur_mod_name);481 return -1;482 }483 if (scope->scope == SCOPE_DECL) {484 ERR(state->handle,485 "Users cannot be declared in MLS modules");486 return -1;487 }488 /* required users fall through */489 }490 473 491 474 base_user = hashtab_search(state->base->p_users.table, id); … … 503 486 } 504 487 user_datum_init(new_user); 505 /* new_users's roles field will be copied during 506 fix_user_callback(). the MLS fields are currently 507 unimplemented */ 488 /* new_users's roles and MLS fields will be copied during 489 user_fix_callback(). */ 508 490 509 491 new_user->s.value = state->base->p_users.nprim + 1; … … 593 575 } 594 576 577 static int sens_copy_callback(hashtab_key_t key, hashtab_datum_t datum, 578 void *data) 579 { 580 char *id = key; 581 level_datum_t *level, *base_level; 582 link_state_t *state = (link_state_t *) data; 583 scope_datum_t *scope; 584 585 level = (level_datum_t *) datum; 586 587 base_level = hashtab_search(state->base->p_levels.table, id); 588 if (!base_level) { 589 scope = 590 hashtab_search(state->cur->policy->p_sens_scope.table, id); 591 if (!scope) 592 return -SEPOL_LINK_ERROR; 593 if (scope->scope == SCOPE_DECL) { 594 /* disallow declarations in modules */ 595 ERR(state->handle, 596 "%s: Modules may not declare new sensitivities.", 597 state->cur_mod_name); 598 return -SEPOL_LINK_NOTSUP; 599 } 600 } 601 602 state->cur->map[SYM_LEVELS][level->level->sens - 1] = 603 base_level->level->sens; 604 605 return 0; 606 } 607 608 static int cat_copy_callback(hashtab_key_t key, hashtab_datum_t datum, 609 void *data) 610 { 611 char *id = key; 612 cat_datum_t *cat, *base_cat; 613 link_state_t *state = (link_state_t *) data; 614 scope_datum_t *scope; 615 616 cat = (cat_datum_t *) datum; 617 618 base_cat = hashtab_search(state->base->p_cats.table, id); 619 if (!base_cat) { 620 scope = 621 hashtab_search(state->cur->policy->p_cat_scope.table, id); 622 if (!scope) 623 return -SEPOL_LINK_ERROR; 624 if (scope->scope == SCOPE_DECL) { 625 /* disallow declarations in modules */ 626 ERR(state->handle, 627 "%s: Modules may not declare new categories.", 628 state->cur_mod_name); 629 return -SEPOL_LINK_NOTSUP; 630 } 631 } 632 633 state->cur->map[SYM_CATS][cat->s.value - 1] = base_cat->s.value; 634 635 return 0; 636 } 637 595 638 static int (*copy_callback_f[SYM_NUM]) (hashtab_key_t key, 596 639 hashtab_datum_t datum, void *datap) = { 597 640 NULL, class_copy_callback, role_copy_callback, type_copy_callback, 598 user_copy_callback, bool_copy_callback, NULL, NULL}; 641 user_copy_callback, bool_copy_callback, sens_copy_callback, 642 cat_copy_callback}; 599 643 600 644 /* The aliases have to be copied after the types and attributes to be … … 784 828 } 785 829 830 static int mls_level_convert(mls_semantic_level_t * src, 831 mls_semantic_level_t * dst, policy_module_t * mod) 832 { 833 mls_semantic_cat_t *src_cat, *new_cat; 834 835 assert(mod->map[SYM_LEVELS][src->sens - 1]); 836 dst->sens = mod->map[SYM_LEVELS][src->sens - 1]; 837 838 for (src_cat = src->cat; src_cat; src_cat = src_cat->next) { 839 new_cat = 840 (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 841 if (!new_cat) 842 return -1; 843 mls_semantic_cat_init(new_cat); 844 845 new_cat->next = dst->cat; 846 dst->cat = new_cat; 847 848 assert(mod->map[SYM_CATS][src_cat->low - 1]); 849 dst->cat->low = mod->map[SYM_CATS][src_cat->low - 1]; 850 assert(mod->map[SYM_CATS][src_cat->high - 1]); 851 dst->cat->high = mod->map[SYM_CATS][src_cat->high - 1]; 852 } 853 854 return 0; 855 } 856 857 static int mls_range_convert(mls_semantic_range_t * src, 858 mls_semantic_range_t * dst, policy_module_t * mod) 859 { 860 if (mls_level_convert(&src->level[0], &dst->level[0], mod)) 861 return -1; 862 if (mls_level_convert(&src->level[1], &dst->level[1], mod)) 863 return -1; 864 return 0; 865 } 866 786 867 static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum, 787 868 void *data) … … 894 975 link_state_t *state = (link_state_t *) data; 895 976 policy_module_t *mod = state->cur; 977 symtab_t *usertab; 896 978 897 979 user = (user_datum_t *) datum; 898 980 899 981 if (state->dest_decl == NULL) 900 return 0; 901 902 new_user = hashtab_search(state->dest_decl->p_users.table, id); 982 usertab = &state->base->p_users; 983 else 984 usertab = &state->dest_decl->p_users; 985 986 new_user = hashtab_search(usertab->table, id); 903 987 assert(new_user != NULL); 904 988 … … 910 994 goto cleanup; 911 995 } 996 997 if (mls_range_convert(&user->range, &new_user->range, mod)) 998 goto cleanup; 999 1000 if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod)) 1001 goto cleanup; 912 1002 913 1003 return 0; … … 1097 1187 } 1098 1188 1189 static int copy_range_trans_list(range_trans_rule_t * rules, 1190 range_trans_rule_t ** dst, 1191 policy_module_t * mod, link_state_t * state) 1192 { 1193 range_trans_rule_t *rule, *new_rule = NULL; 1194 unsigned int i; 1195 ebitmap_node_t *cnode; 1196 1197 for (rule = rules; rule; rule = rule->next) { 1198 new_rule = 1199 (range_trans_rule_t *) malloc(sizeof(range_trans_rule_t)); 1200 if (!new_rule) 1201 goto cleanup; 1202 1203 range_trans_rule_init(new_rule); 1204 1205 new_rule->next = *dst; 1206 *dst = new_rule; 1207 1208 if (type_set_convert(&rule->stypes, &new_rule->stypes, 1209 mod, state)) 1210 goto cleanup; 1211 1212 if (type_set_convert(&rule->ttypes, &new_rule->ttypes, 1213 mod, state)) 1214 goto cleanup; 1215 1216 ebitmap_for_each_bit(&rule->tclasses, cnode, i) { 1217 if (ebitmap_node_get_bit(cnode, i)) { 1218 assert(mod->map[SYM_CLASSES][i]); 1219 if (ebitmap_set_bit 1220 (&new_rule->tclasses, 1221 mod->map[SYM_CLASSES][i] - 1, 1)) { 1222 goto cleanup; 1223 } 1224 } 1225 } 1226 1227 if (mls_range_convert(&rule->trange, &new_rule->trange, mod)) 1228 goto cleanup; 1229 } 1230 return 0; 1231 1232 cleanup: 1233 ERR(state->handle, "Out of memory!"); 1234 range_trans_rule_list_destroy(new_rule); 1235 return -1; 1236 } 1237 1099 1238 static int copy_cond_list(cond_node_t * list, cond_node_t ** dst, 1100 1239 policy_module_t * module, link_state_t * state) … … 1278 1417 return -1; 1279 1418 } 1419 1420 if (copy_range_trans_list(src_decl->range_tr_rules, 1421 &dest_decl->range_tr_rules, module, state)) 1422 return -1; 1280 1423 1281 1424 /* finally copy any identifiers local to this declaration */ upstream/selinux/libsepol/src/policydb.c
r10 r28 253 253 } 254 254 255 void level_datum_init(level_datum_t * x) 256 { 257 memset(x, 0, sizeof(level_datum_t)); 258 } 259 260 void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 261 { 262 /* the mls_level_t referenced by the level_datum is managed 263 * separately for now, so there is nothing to destroy */ 264 return; 265 } 266 267 void cat_datum_init(cat_datum_t * x) 268 { 269 memset(x, 0, sizeof(cat_datum_t)); 270 } 271 272 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 273 { 274 /* it's currently a simple struct - really nothing to destroy */ 275 return; 276 } 277 255 278 void class_perm_node_init(class_perm_node_t * x) 256 279 { … … 503 526 } 504 527 505 if (p->policy_type != POLICY_KERN) { 528 /* we do not expand user's MLS info in kernel policies because the 529 * semantic representation is not present and we do not expand user's 530 * MLS info in module policies because all of the necessary mls 531 * information is not present */ 532 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 506 533 mls_range_destroy(&user->exp_range); 507 534 if (mls_semantic_range_expand(&user->range, … … 908 935 free(key); 909 936 levdatum = (level_datum_t *) datum; 910 ebitmap_destroy(&levdatum->level->cat);937 mls_level_destroy(levdatum->level); 911 938 free(levdatum->level); 912 free(datum); 939 level_datum_destroy(levdatum); 940 free(levdatum); 913 941 return 0; 914 942 } … … 919 947 if (key) 920 948 free(key); 949 cat_datum_destroy((cat_datum_t *) datum); 921 950 free(datum); 922 951 return 0; … … 2200 2229 uint32_t *buf; 2201 2230 2202 m emset(lp, 0, sizeof(mls_level_t));2231 mls_level_init(lp); 2203 2232 2204 2233 buf = next_entry(fp, sizeof(uint32_t)); … … 2306 2335 uint32_t *buf, len; 2307 2336 2308 levdatum = calloc(1,sizeof(level_datum_t));2337 levdatum = malloc(sizeof(level_datum_t)); 2309 2338 if (!levdatum) 2310 2339 return -1; 2340 level_datum_init(levdatum); 2311