~ubuntu-branches/debian/lenny/libsepol/lenny

« back to all changes in this revision

Viewing changes to src/assertion.c

Committer: Bazaar Package Importer
Author(s): Russell Coker
Date: 2008-07-13 00:26:51 UTC
mfrom: (1.2.1 upstream) (3.1.3 gutsy)
Revision ID: james.westby@ubuntu.com-20080713002651-ww7wa3wm1x30dyk3

Tags: 2.0.30-2

Added exec_prefix to libselinux.pc.
Closes: #489724

files added:
.gitmodules

debian/.gitmodules

debian/common/README

debian/common/targets.dot

include/sepol/errcodes.h

include/sepol/policydb/polcaps.h

src/polcaps.c

tests/test-downgrade.c

tests/test-downgrade.h

files removed:
debian/stamp

files modified:
ChangeLog

VERSION

debian/changelog

debian/common/ChangeLog

debian/common/copt.mk

debian/common/targets.mk

debian/control

debian/local-vars.mk

debian/local.mk

debian/postinst

debian/shlibs

debian/watch

include/Makefile

include/sepol/handle.h

include/sepol/policydb.h

include/sepol/policydb/avtab.h

include/sepol/policydb/conditional.h

include/sepol/policydb/ebitmap.h

include/sepol/policydb/expand.h

include/sepol/policydb/hashtab.h

include/sepol/policydb/link.h

include/sepol/policydb/mls_types.h

include/sepol/policydb/policydb.h

man/man3/sepol_check_context.3

src/Makefile

src/assertion.c

src/avtab.c

src/conditional.c

src/context.c

src/context_record.c

src/ebitmap.c

src/expand.c

src/genbools.c

src/genusers.c

src/handle.c

src/handle.h

src/hashtab.c

src/hierarchy.c

src/libsepol.map

src/libsepol.pc.in

src/link.c

src/module.c

src/policydb.c

src/policydb_convert.c

src/policydb_public.c

src/private.h

src/services.c

src/sidtab.c

src/users.c

src/write.c

tests/Makefile

tests/libsepol-tests.c

utils/Makefile

Show diffs side-by-side

added added

removed removed

src/assertion.c

return 0;

err:

ERR(handle, "assertion on line %lu violated by allow %s %s:%s {%s };",

line, p->p_type_val_to_name[stype], p->p_type_val_to_name[ttype],

p->p_class_val_to_name[curperm->class - 1],

sepol_av_to_string(p, curperm->class,

node->datum.data & curperm->data));

if (line) {

ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };",

line, p->p_type_val_to_name[stype],

p->p_type_val_to_name[ttype],

p->p_class_val_to_name[curperm->class - 1],

sepol_av_to_string(p, curperm->class,

node->datum.data & curperm->data));

} else {

ERR(handle, "neverallow violated by allow %s %s:%s {%s };",

p->p_type_val_to_name[stype],

p->p_type_val_to_name[ttype],

p->p_class_val_to_name[curperm->class - 1],

sepol_av_to_string(p, curperm->class,

node->datum.data & curperm->data));

}

return -1;

}

avtab_t te_avtab, te_cond_avtab;

ebitmap_node_t *snode, *tnode;

unsigned int i, j;

int errors = 0;

int rc;

if (!avrules) {

/* Since assertions are stored in avrules, if it is NULL

111

121

if (a->flags & RULE_SELF) {

112

122

if (check_assertion_helper

113

123

(handle, p, &te_avtab, &te_cond_avtab, i, i,

114

a->perms, a->line))

115

errors++;

124

a->perms, a->line)) {

125

rc = -1;

126

goto out;

127

}

116

128

}

117

129

ebitmap_for_each_bit(ttypes, tnode, j) {

118

130

if (!ebitmap_node_get_bit(tnode, j))

119

131

continue;

120

132

if (check_assertion_helper

121

133

(handle, p, &te_avtab, &te_cond_avtab, i, j,

122

a->perms, a->line))

123

errors++;

134

a->perms, a->line)) {

135

rc = -1;

136

goto out;

137

}

124

138

}

125

139

}

126

140

}

127

141

128

if (errors) {

129

ERR(handle, "%d assertion violations occured", errors);

130

avtab_destroy(&te_avtab);

131

avtab_destroy(&te_cond_avtab);

132

return -1;

133

}

134

142

rc = 0;

143

out:

135

144

avtab_destroy(&te_avtab);

136

145

avtab_destroy(&te_cond_avtab);

137

return 0;

146

return rc;

138

147

139

148

oom:

140

ERR(handle, "Out of memory - unable to check assertions");

149

ERR(handle, "Out of memory - unable to check neverallows");

141

150

return -1;

142

151

}

Older »