← Back to branch summary

~ubuntu-branches/debian/lenny/libsepol/lenny

« back to all changes in this revision

Viewing changes to src/write.c

  • Committer: Bazaar Package Importer
  • Author(s): Russell Coker
  • Date: 2008-07-13 00:26:51 UTC
  • mfrom: (1.2.1 upstream) (3.1.3 gutsy)
  • Revision ID: james.westby@ubuntu.com-20080713002651-ww7wa3wm1x30dyk3
Tags: 2.0.30-2
Added exec_prefix to libselinux.pc.
Closes: #489724

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/write.c
229
229
 
230
230
static inline void avtab_reset_merged(avtab_t * a)
231
231
{
232
 
        int i;
 
232
        unsigned int i;
233
233
        avtab_ptr_t cur;
234
 
        for (i = 0; i < AVTAB_SIZE; i++) {
 
234
        for (i = 0; i < a->nslot; i++) {
235
235
                for (cur = a->htable[i]; cur; cur = cur->next)
236
236
                        cur->merged = 0;
237
237
        }
239
239
 
240
240
static int avtab_write(struct policydb *p, avtab_t * a, struct policy_file *fp)
241
241
{
242
 
        int i, rc;
 
242
        unsigned int i;
 
243
        int rc;
243
244
        avtab_t expa;
244
245
        avtab_ptr_t cur;
245
246
        uint32_t nel;
269
270
                        return POLICYDB_ERROR;
270
271
        }
271
272
 
272
 
        for (i = 0; i < AVTAB_SIZE; i++) {
 
273
        for (i = 0; i < a->nslot; i++) {
273
274
                for (cur = a->htable[i]; cur; cur = cur->next) {
274
275
                        /* If old format, compute final nel.
275
276
                           If new format, write out the items. */
290
291
                        goto out;
291
292
                }
292
293
                avtab_reset_merged(a);
293
 
                for (i = 0; i < AVTAB_SIZE; i++) {
 
294
                for (i = 0; i < a->nslot; i++) {
294
295
                        for (cur = a->htable[i]; cur; cur = cur->next) {
295
296
                                if (avtab_write_item(p, cur, fp, 1, 1, NULL)) {
296
297
                                        rc = -1;
958
959
        buf[items++] = cpu_to_le32(typdatum->primary);
959
960
        if (p->policy_type != POLICY_KERN) {
960
961
                buf[items++] = cpu_to_le32(typdatum->flavor);
 
962
                if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
 
963
                        buf[items++] = cpu_to_le32(typdatum->flags);
 
964
                else if (typdatum->flags & TYPE_FLAGS_PERMISSIVE)
 
965
                        WARN(fp->handle, "Warning! Module policy version %d cannnot "
 
966
                             "support permissive types, but one was defined",
 
967
                             p->policyvers);
961
968
        }
962
969
        items2 = put_entry(buf, sizeof(uint32_t), items, fp);
963
970
        if (items != items2)
1090
1097
                                        return POLICYDB_ERROR;
1091
1098
                                break;
1092
1099
                        case OCON_NODE:
1093
 
                                buf[0] = cpu_to_le32(c->u.node.addr);
1094
 
                                buf[1] = cpu_to_le32(c->u.node.mask);
 
1100
                                buf[0] = c->u.node.addr; /* network order */
 
1101
                                buf[1] = c->u.node.mask; /* network order */
1095
1102
                                items = put_entry(buf, sizeof(uint32_t), 2, fp);
1096
1103
                                if (items != 2)
1097
1104
                                        return POLICYDB_ERROR;
1113
1120
                                break;
1114
1121
                        case OCON_NODE6:
1115
1122
                                for (j = 0; j < 4; j++)
1116
 
                                        buf[j] =
1117
 
                                            cpu_to_le32(c->u.node6.addr[j]);
 
1123
                                        buf[j] = c->u.node6.addr[j]; /* network order */
1118
1124
                                for (j = 0; j < 4; j++)
1119
 
                                        buf[j + 4] =
1120
 
                                            cpu_to_le32(c->u.node6.mask[j]);
 
1125
                                        buf[j + 4] = c->u.node6.mask[j]; /* network order */
1121
1126
                                items = put_entry(buf, sizeof(uint32_t), 8, fp);
1122
1127
                                if (items != 8)
1123
1128
                                        return POLICYDB_ERROR;
1531
1536
        pd.p = p;
1532
1537
 
1533
1538
        config = 0;
1534
 
        if (p->mls)
 
1539
        if (p->mls) {
 
1540
                if ((p->policyvers < POLICYDB_VERSION_MLS &&
 
1541
                    p->policy_type == POLICY_KERN) ||
 
1542
                    (p->policyvers < MOD_POLICYDB_VERSION_MLS &&
 
1543
                    p->policy_type == POLICY_BASE) ||
 
1544
                    (p->policyvers < MOD_POLICYDB_VERSION_MLS &&
 
1545
                    p->policy_type == POLICY_MOD)) {
 
1546
                        ERR(fp->handle, "policy version %d cannot support MLS",
 
1547
                            p->policyvers);
 
1548
                        return POLICYDB_ERROR;
 
1549
                }
1535
1550
                config |= POLICYDB_CONFIG_MLS;
 
1551
        }
 
1552
 
 
1553
        config |= (POLICYDB_CONFIG_UNKNOWN_MASK & p->handle_unknown);
1536
1554
 
1537
1555
        /* Write the magic number and string identifiers. */
1538
1556
        items = 0;
1593
1611
                if (items != len)
1594
1612
                        return POLICYDB_ERROR;
1595
1613
        }
 
1614
 
 
1615
        if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
 
1616
             p->policy_type == POLICY_KERN) ||
 
1617
            (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
 
1618
             p->policy_type == POLICY_BASE) ||
 
1619
            (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
 
1620
             p->policy_type == POLICY_MOD)) {
 
1621
                if (ebitmap_write(&p->policycaps, fp) == -1)
 
1622
                        return POLICYDB_ERROR;
 
1623
        }
 
1624
 
 
1625
        if (p->policyvers < POLICYDB_VERSION_PERMISSIVE &&
 
1626
            p->policy_type == POLICY_KERN) {
 
1627
                ebitmap_node_t *tnode;
 
1628
                unsigned int i;
 
1629
 
 
1630
                ebitmap_for_each_bit(&p->permissive_map, tnode, i) {
 
1631
                        if (ebitmap_node_get_bit(tnode, i)) {
 
1632
                                WARN(fp->handle, "Warning! Policy version %d cannot "
 
1633
                                     "support permissive types, but some were defined",
 
1634
                                     p->policyvers);
 
1635
                                break;
 
1636
                        }
 
1637
                }
 
1638
        }
 
1639
 
 
1640
        if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
 
1641
            p->policy_type == POLICY_KERN) {
 
1642
                if (ebitmap_write(&p->permissive_map, fp) == -1)
 
1643
                        return POLICYDB_ERROR;
 
1644
        }
 
1645
 
1596
1646
        num_syms = info->sym_num;
1597
1647
        for (i = 0; i < num_syms; i++) {
1598
1648
                buf[0] = cpu_to_le32(p->symtab[i].nprim);
1641
1691
        if ((p->policyvers >= POLICYDB_VERSION_MLS
1642
1692
             && p->policy_type == POLICY_KERN)
1643
1693
            || (p->policyvers >= MOD_POLICYDB_VERSION_MLS
1644
 
                && p->policyvers < MOD_POLICYDB_VERSION_MLS
 
1694
                && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS
1645
1695
                && p->policy_type == POLICY_BASE)) {
1646
1696
                if (range_write(p, fp)) {
1647
1697
                        return POLICYDB_ERROR;