Changeset 4812
- Timestamp:
- 09/30/08 14:46:33
(2 months ago)
- Author:
- jmowery
- Message:
fix the typeattribute statement handling for optionals; this fixes the problem with rules using attributes with type sets modified within an optional
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r4811 |
r4812 |
|
| 563 | 563 | } |
|---|
| 564 | 564 | |
|---|
| 565 | | /** For all symbols that are multiply defined (such as roles and users), |
|---|
| | 565 | /** For all symbols that are multiply defined (such as attributes, roles, and users), |
|---|
| 566 | 566 | * union the relevant sets of types and roles from each declaration. |
|---|
| 567 | 567 | * @param policy The policy containig the symbols to union. |
|---|
| … | … | |
| 571 | 571 | static int union_multiply_declared_symbols(qpol_policy_t * policy) { |
|---|
| 572 | 572 | /* general structure of this function: |
|---|
| 573 | | walk role and user symbol tables for each role/user |
|---|
| | 573 | walk role and user symbol tables for each role/user/attribute |
|---|
| 574 | 574 | get datum from symtab, get key from array |
|---|
| 575 | 575 | look up symbol in scope table |
|---|
| … | … | |
| 579 | 579 | qpol_iterator_t * iter = NULL; |
|---|
| 580 | 580 | int error = 0; |
|---|
| | 581 | if (qpol_policy_get_type_iter(policy, &iter)) { |
|---|
| | 582 | return 1; |
|---|
| | 583 | } |
|---|
| | 584 | for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { |
|---|
| | 585 | type_datum_t *attr; |
|---|
| | 586 | if (qpol_iterator_get_item(iter, (void**)&attr)) { |
|---|
| | 587 | error = errno; |
|---|
| | 588 | goto err; |
|---|
| | 589 | } |
|---|
| | 590 | unsigned char isattr = 0; |
|---|
| | 591 | if (qpol_type_get_isattr(policy, attr, &isattr)) { |
|---|
| | 592 | error = errno; |
|---|
| | 593 | goto err; |
|---|
| | 594 | } |
|---|
| | 595 | if (!isattr) |
|---|
| | 596 | continue; |
|---|
| | 597 | const char *name; |
|---|
| | 598 | if (qpol_type_get_name(policy, (qpol_type_t*)attr, &name)) { |
|---|
| | 599 | error = errno; |
|---|
| | 600 | goto err; |
|---|
| | 601 | } |
|---|
| | 602 | policydb_t *db = &policy->p->p; |
|---|
| | 603 | avrule_block_t *blk = db->global; |
|---|
| | 604 | for (; blk; blk = blk->next) { |
|---|
| | 605 | avrule_decl_t *decl = blk->enabled; |
|---|
| | 606 | if (!decl) |
|---|
| | 607 | continue; /* disabled */ |
|---|
| | 608 | type_datum_t *internal_datum = hashtab_search(decl->symtab[SYM_TYPES].table, (const hashtab_key_t)name); |
|---|
| | 609 | if (internal_datum == NULL) { |
|---|
| | 610 | continue; /* not declared here */ |
|---|
| | 611 | } |
|---|
| | 612 | if (ebitmap_union(&attr->types, &internal_datum->types)) |
|---|
| | 613 | { |
|---|
| | 614 | error = errno; |
|---|
| | 615 | ERR(policy, "could not merge declarations for attribute %s", name); |
|---|
| | 616 | goto err; |
|---|
| | 617 | } |
|---|
| | 618 | } |
|---|
| | 619 | } |
|---|
| | 620 | qpol_iterator_destroy(&iter); |
|---|
| | 621 | |
|---|
| | 622 | /* repeat for roles */ |
|---|
| 581 | 623 | if (qpol_policy_get_role_iter(policy, &iter)) { |
|---|
| 582 | 624 | return 1; |
|---|
| … | … | |
| 644 | 686 | if (db->decl_val_to_struct[scope_datum->decl_ids[i] - 1]->enabled == 0) |
|---|
| 645 | 687 | continue; /* block is disabled */ |
|---|
| 646 | | user_datum_t *internal_datum = hashtab_search(db->decl_val_to_struct[scope_datum->decl_ids[i] |
|---|
| | 688 | user_datum_t *internal_datum = hashtab_search(db->decl_val_to_struct[scope_datum->decl_ids[i] -1 ]->symtab[SYM_USERS].table, (const hashtab_key_t)name); |
|---|
| 647 | 689 | if (internal_datum == NULL) { |
|---|
| 648 | 690 | continue; /* not declared here */ |
|---|
Download in other formats:
* Generating other formats may take time.
