[selinux-policy: 1829/3172] trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited b
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:43:15 UTC 2010
commit 651df3ceb68902a530a0f0f19e84bde999b1d244
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Oct 16 18:30:23 2007 +0000
trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited by userspace object classes.
policy/flask/Makefile | 4 ++--
policy/flask/flask.py | 15 +++++++++++----
2 files changed, 13 insertions(+), 6 deletions(-)
---
diff --git a/policy/flask/Makefile b/policy/flask/Makefile
index 5d6e954..17dc174 100644
--- a/policy/flask/Makefile
+++ b/policy/flask/Makefile
@@ -27,11 +27,11 @@ FLASK_NOWARNINGS = --nowarnings
all: $(USER_H) $(KERN_H)
-$(USER_H):
+$(USER_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F)
mkdir -p $(USER_D)
$(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(USER_D) -u $(FLASK_NOWARNINGS)
-$(KERN_H):
+$(KERN_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F)
mkdir -p $(KERN_D)
$(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(KERN_D) -k $(FLASK_NOWARNINGS)
diff --git a/policy/flask/flask.py b/policy/flask/flask.py
index 82e45b3..9cc91f7 100644
--- a/policy/flask/flask.py
+++ b/policy/flask/flask.py
@@ -93,6 +93,7 @@ class Flask:
self.WARN = warn
self.autogen = "/* This file is automatically generated. Do not edit. */\n"
self.commons = []
+ self.user_commons = []
self.common = {}
self.classes = []
self.vectors = []
@@ -174,6 +175,7 @@ class Flask:
commons = []
common = {}
inherits = {}
+ user_commons = {}
input = open(path, 'r')
# states
@@ -205,6 +207,7 @@ class Flask:
if c in commons: raise DuplicateError, (self.COMMON, path, number, c)
commons.append(c)
common[c] = []
+ user_commons[c] = True
state = COMMON
continue
@@ -229,6 +232,7 @@ class Flask:
if i not in common: raise UndefinedError, (self.COMMON, path, number, i)
inherits[c] = i
state = INHERIT
+ if not self.userspace.has_key(c): user_commons[i] = False
continue
m = self.OPENB.search(line)
@@ -270,6 +274,7 @@ class Flask:
if cvdiff: raise UnusedError, "Not all security classes were used in access vectors: %s" % cvdiff # the inverse of this will be caught as an undefined class error
self.commons = commons
+ self.user_commons = user_commons
self.common = common
self.vectors = vectors
self.vector = vector
@@ -388,10 +393,12 @@ class Flask:
results = []
results.append(self.autogen)
for common in self.commons:
- results.append("TB_(common_%s_perm_to_string)\n" % common)
- for p in self.common[common]:
- results.append(" S_(\"%s\")\n" % p)
- results.append("TE_(common_%s_perm_to_string)\n\n" % common)
+ user = self.user_commons[common]
+ if not (mode == self.KERNEL and user):
+ results.append("TB_(common_%s_perm_to_string)\n" % common)
+ for p in self.common[common]:
+ results.append(" S_(\"%s\")\n" % p)
+ results.append("TE_(common_%s_perm_to_string)\n\n" % common)
return results
def createFlaskH(self, mode = USERSPACE):
More information about the scm-commits
mailing list