[checkpolicy] Update to upstream * add ignoredirs config for genhomedircon * Fallback_user_level can be NULL if
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Dec 21 18:06:59 UTC 2011
commit ab9a33402eb62cff4a04a72a7eb4c903d1073322
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Dec 21 18:06:58 2011 +0000
Update to upstream
* add ignoredirs config for genhomedircon
* Fallback_user_level can be NULL if you are not using MLS
checkpolicy-rhat.patch | 178 +-----------------------------------------------
checkpolicy.spec | 3 +-
2 files changed, 5 insertions(+), 176 deletions(-)
---
diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index c752f32..cf50706 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -1,35 +1,11 @@
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
-index 1bf669c..a86c6b3 100644
+index d19fc61..a86c6b3 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
-@@ -327,6 +327,126 @@ int define_initial_sid(void)
- return -1;
+@@ -351,6 +351,102 @@ static int read_classes(ebitmap_t *e_classes)
+ return 0;
}
-+static int read_classes(ebitmap_t *e_classes)
-+{
-+ char *id;
-+ class_datum_t *cladatum;
-+
-+ while ((id = queue_remove(id_queue))) {
-+ if (!is_id_in_scope(SYM_CLASSES, id)) {
-+ yyerror2("class %s is not within scope", id);
-+ return -1;
-+ }
-+ cladatum = hashtab_search(policydbp->p_classes.table, id);
-+ if (!cladatum) {
-+ yyerror2("unknown class %s", id);
-+ return -1;
-+ }
-+ if (ebitmap_set_bit(e_classes, cladatum->s.value - 1, TRUE)) {
-+ yyerror("Out of memory");
-+ return -1;
-+ }
-+ free(id);
-+ }
-+ return 0;
-+}
-+
+int define_default_user(int which)
+{
+ char *id;
@@ -129,154 +105,6 @@ index 1bf669c..a86c6b3 100644
int define_common_perms(void)
{
char *id = 0, *perm = 0;
-@@ -1360,7 +1480,6 @@ int define_compute_type_helper(int which, avrule_t ** rule)
- {
- char *id;
- type_datum_t *datum;
-- class_datum_t *cladatum;
- ebitmap_t tclasses;
- ebitmap_node_t *node;
- avrule_t *avrule;
-@@ -1387,23 +1506,8 @@ int define_compute_type_helper(int which, avrule_t ** rule)
- }
-
- ebitmap_init(&tclasses);
-- while ((id = queue_remove(id_queue))) {
-- if (!is_id_in_scope(SYM_CLASSES, id)) {
-- yyerror2("class %s is not within scope", id);
-- free(id);
-- goto bad;
-- }
-- cladatum = hashtab_search(policydbp->p_classes.table, id);
-- if (!cladatum) {
-- yyerror2("unknown class %s", id);
-- goto bad;
-- }
-- if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
-- yyerror("Out of memory");
-- goto bad;
-- }
-- free(id);
-- }
-+ if (read_classes(&tclasses))
-+ goto bad;
-
- id = (char *)queue_remove(id_queue);
- if (!id) {
-@@ -1628,25 +1732,9 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
- }
-
- ebitmap_init(&tclasses);
-- while ((id = queue_remove(id_queue))) {
-- if (!is_id_in_scope(SYM_CLASSES, id)) {
-- yyerror2("class %s is not within scope", id);
-- ret = -1;
-- goto out;
-- }
-- cladatum = hashtab_search(policydbp->p_classes.table, id);
-- if (!cladatum) {
-- yyerror2("unknown class %s used in rule", id);
-- ret = -1;
-- goto out;
-- }
-- if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
-- yyerror("Out of memory");
-- ret = -1;
-- goto out;
-- }
-- free(id);
-- }
-+ ret = read_classes(&tclasses);
-+ if (ret)
-+ goto out;
-
- perms = NULL;
- ebitmap_for_each_bit(&tclasses, node, i) {
-@@ -2242,22 +2330,8 @@ int define_role_trans(int class_specified)
- }
-
- if (class_specified) {
-- while ((id = queue_remove(id_queue))) {
-- if (!is_id_in_scope(SYM_CLASSES, id)) {
-- yyerror2("class %s is not within scope", id);
-- free(id);
-- return -1;
-- }
-- cladatum = hashtab_search(policydbp->p_classes.table,
-- id);
-- if (!cladatum) {
-- yyerror2("unknow class %s", id);
-- return -1;
-- }
--
-- ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE);
-- free(id);
-- }
-+ if (read_classes(&e_classes))
-+ return -1;
- } else {
- cladatum = hashtab_search(policydbp->p_classes.table,
- "process");
-@@ -2410,7 +2484,6 @@ int define_filename_trans(void)
- ebitmap_node_t *snode, *tnode, *cnode;
- filename_trans_t *ft;
- filename_trans_rule_t *ftr;
-- class_datum_t *cladatum;
- type_datum_t *typdatum;
- uint32_t otype;
- unsigned int c, s, t;
-@@ -2451,23 +2524,8 @@ int define_filename_trans(void)
- }
-
- ebitmap_init(&e_tclasses);
-- while ((id = queue_remove(id_queue))) {
-- if (!is_id_in_scope(SYM_CLASSES, id)) {
-- yyerror2("class %s is not within scope", id);
-- free(id);
-- goto bad;
-- }
-- cladatum = hashtab_search(policydbp->p_classes.table, id);
-- if (!cladatum) {
-- yyerror2("unknown class %s", id);
-- goto bad;
-- }
-- if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) {
-- yyerror("Out of memory");
-- goto bad;
-- }
-- free(id);
-- }
-+ if (read_classes(&e_tclasses))
-+ goto bad;
-
- id = (char *)queue_remove(id_queue);
- if (!id) {
-@@ -4549,23 +4607,8 @@ int define_range_trans(int class_specified)
- }
-
- if (class_specified) {
-- while ((id = queue_remove(id_queue))) {
-- if (!is_id_in_scope(SYM_CLASSES, id)) {
-- yyerror2("class %s is not within scope", id);
-- free(id);
-- goto out;
-- }
-- cladatum = hashtab_search(policydbp->p_classes.table,
-- id);
-- if (!cladatum) {
-- yyerror2("unknown class %s", id);
-- goto out;
-- }
--
-- ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1,
-- TRUE);
-- free(id);
-- }
-+ if (read_classes(&rule->tclasses))
-+ goto out;
- } else {
- cladatum = hashtab_search(policydbp->p_classes.table,
- "process");
diff --git a/checkpolicy/policy_define.h b/checkpolicy/policy_define.h
index 92a9be7..ccbe56f 100644
--- a/checkpolicy/policy_define.h
diff --git a/checkpolicy.spec b/checkpolicy.spec
index aa01da5..267f8e3 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -58,7 +58,8 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Wed Dec 21 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-1
-Update to upstream
- * add new helper to translate class sets into bitmaps
+ * add ignoredirs config for genhomedircon
+ * Fallback_user_level can be NULL if you are not using MLS
* Wed Dec 21 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.7-3
- default_rules should be optional
More information about the scm-commits
mailing list