~ubuntu-branches/ubuntu/trusty/checkpolicy/trusty

Committer: Bazaar Package Importer
Author(s): Manoj Srivastava
Date: 2005-09-30 14:41:04 UTC
mfrom: (1.1.3 upstream)
Revision ID: james.westby@ubuntu.com-20050930144104-mxvxypbz4tdsf2r0

Tags: 1.27.4-1

New upstream CVS point release, required for the latest SELinux policy
package. Various bug fixes, and retooled for the new avtab format.

files added:
checkmodule.c

module_compiler.c

module_compiler.h

test/dismod.c

files removed:
checkpolicy.spec

files modified:
ChangeLog

Makefile

VERSION

checkpolicy.c

debian/changelog

debian/control

debian/copyright

debian/local.mk

policy_parse.y

policy_scan.l

test/Makefile

test/dispol.c

Show diffs side-by-side

added added

removed removed

test/dispol.c

#include <sepol/avtab.h>

#include <sepol/services.h>

#include <sepol/conditional.h>

#include <sepol/expand.h>

#include <getopt.h>

#include <assert.h>

#include <unistd.h>

exit(1);

}

/* borrowed from avtab.c */

#define HASH_BITS 15

#define HASH_BUCKETS (1 << HASH_BITS)

#define HASH_MASK (HASH_BUCKETS-1)

/* borrowed from checkpolicy.c */

static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *p)

{

int render_key(avtab_key_t *key, policydb_t *p, FILE *fp)

{

fprintf(fp, "%s %s : %s ", p->p_type_val_to_name[key->source_type - 1],

p->p_type_val_to_name[key->target_type - 1],

p->p_class_val_to_name[key->target_class - 1]);

char *stype, *ttype, *tclass;

stype = p->p_type_val_to_name[key->source_type - 1];

ttype = p->p_type_val_to_name[key->target_type - 1];

tclass = p->p_class_val_to_name[key->target_class - 1];

if (stype && ttype)

fprintf(fp, "%s %s : %s ", stype, ttype, tclass);

else if (stype)

fprintf(fp, "%s %u : %s ", stype, key->target_type, tclass);

else if (ttype)

100

fprintf(fp, "%u %s : %s ", key->source_type, ttype, tclass);

101

else

102

fprintf(fp, "%u %u : %s ", key->source_type, key->target_type, tclass);

103

return 0;

104

}

100

105

108

113

{

109

114

if(!(what & RENDER_UNCONDITIONAL)) {

110

115

if(what != RENDER_CONDITIONAL &&

111

(((what & RENDER_ENABLED) && !(datum->specified & AVTAB_ENABLED)) ||

112

((what & RENDER_DISABLED) && (datum->specified & AVTAB_ENABLED)))) {

116

(((what & RENDER_ENABLED) && !(key->specified & AVTAB_ENABLED)) ||

117

((what & RENDER_DISABLED) && (key->specified & AVTAB_ENABLED)))) {

113

118

return 0; /* doesn't match selection criteria */

114

119

}

115

120

}

116

121

117

122

if(!(what & RENDER_UNCONDITIONAL)) {

118

if(datum->specified & AVTAB_ENABLED)

123

if(key->specified & AVTAB_ENABLED)

119

124

fprintf(fp, "[enabled] ");

120

else if(!(datum->specified & AVTAB_ENABLED))

125

else if(!(key->specified & AVTAB_ENABLED))

121

126

fprintf(fp, "[disabled] ");

122

127

}

123

128

124

if( datum->specified & AVTAB_AV) {

125

if(datum->specified & AVTAB_ALLOWED) {

129

if( key->specified & AVTAB_AV) {

130

if(key->specified & AVTAB_ALLOWED) {

126

131

fprintf(fp, "allow ");

127

132

render_key(key, p, fp);

128

render_access_mask(avtab_allowed(datum),key, p, fp);

133

render_access_mask(datum->data,key, p, fp);

129

134

fprintf(fp, ";\n");

130

135

}

131

if(datum->specified & AVTAB_AUDITALLOW) {

136

if(key->specified & AVTAB_AUDITALLOW) {

132

137

fprintf(fp, "auditallow ");

133

138

render_key(key, p, fp);

134

render_access_mask(avtab_auditallow(datum),key, p, fp);

139

render_access_mask(datum->data,key, p, fp);

135

140

fprintf(fp, ";\n");

136

141

}

137

if(datum->specified & AVTAB_AUDITDENY) {

142

if(key->specified & AVTAB_AUDITDENY) {

138

143

fprintf(fp, "dontaudit ");

139

144

render_key(key, p, fp);

140

145

/* We inverse the mask for dontaudit since the mask is internally stored

141

146

* as a auditdeny mask */

142

render_access_mask(~avtab_auditdeny(datum),key, p, fp);

147

render_access_mask(~datum->data,key, p, fp);

143

148

fprintf(fp, ";\n");

144

149

}

145

150

}

146

else if( datum->specified & AVTAB_TYPE){

147

if(datum->specified & AVTAB_TRANSITION) {

151

else if( key->specified & AVTAB_TYPE){

152

if(key->specified & AVTAB_TRANSITION) {

148

153

fprintf(fp, "type_transition ");

149

154

render_key(key, p, fp);

150

render_type(avtab_transition(datum), p, fp);

155

render_type(datum->data, p, fp);

151

156

fprintf(fp, ";\n");

152

157

}

153

if(datum->specified & AVTAB_MEMBER) {

158

if(key->specified & AVTAB_MEMBER) {

154

159

fprintf(fp, "type_member ");

155

160

render_key(key, p, fp);

156

render_type(avtab_member(datum), p, fp);

161

render_type(datum->data, p, fp);

157

162

fprintf(fp, ";\n");

158

163

}

159

if(datum->specified & AVTAB_CHANGE) {

164

if(key->specified & AVTAB_CHANGE) {

160

165

fprintf(fp, "type_change ");

161

166

render_key(key, p, fp);

162

render_type(avtab_change(datum), p, fp);

167

render_type(datum->data, p, fp);

163

168

fprintf(fp, ";\n");

164

169

}

165

170

}

172

177

173

178

int display_avtab(avtab_t *a, uint32_t what, policydb_t *p, FILE *fp)

174

179

{

175

int i;

180

int i, rc;

176

181

avtab_ptr_t cur;

177

182

avtab_t expa;

183

184

if (avtab_init(&expa))

185

goto oom;

186

if (expand_avtab(p, a, &expa)) {

187

avtab_destroy(&expa);

188

goto oom;

189

}

190

191

/* hmm...should have used avtab_map. */

178

192

for (i = 0; i < AVTAB_SIZE; i++) {

179

for (cur = a->htable[i]; cur; cur = cur->next) {

193

for (cur = expa.htable[i]; cur; cur = cur->next) {

180

194

render_av_rule(&cur->key, &cur->datum, what, p, fp);

181

195

}

182

196

}

197

avtab_destroy(&expa);

183

198

fprintf(fp, "\n");

184

199

return 0;

200

oom:

201

fprintf(stderr, "out of memory\n");

202

return 1;

185

203

}

186

204

187

205

int display_bools(policydb_t *p, FILE *fp)

232

250

int display_cond_expressions(policydb_t *p, FILE *fp)

233

251

{

234

252

cond_node_t *cur;

235

cond_av_list_t *av_cur;

253

cond_av_list_t *av_cur, *expl = NULL;

254

avtab_t expa;

255

256

236

257

for (cur = p->cond_list; cur != NULL; cur = cur->next) {

237

258

fprintf(fp, "expression: ");

238

259

display_expr(p, cur->expr, fp);

239

260

fprintf(fp, "current state: %d\n", cur->cur_state);

240

261

fprintf(fp, "True list:\n");

241

for (av_cur = cur->true_list; av_cur != NULL; av_cur = av_cur->next) {

262

if (avtab_init(&expa))

263

goto oom;

264

if (expand_cond_av_list(p, cur->true_list, &expl, &expa)) {

265

avtab_destroy(&expa);

266

goto oom;

267

}

268

for (av_cur = expl; av_cur != NULL; av_cur = av_cur->next) {

242

269

fprintf(fp, "\t");

243

270

render_av_rule(&av_cur->node->key, &av_cur->node->datum,

244

271

RENDER_CONDITIONAL, p, fp);

245

272

}

273

cond_av_list_destroy(expl);

274

avtab_destroy(&expa);

246

275

fprintf(fp, "False list:\n");

247

for (av_cur = cur->false_list; av_cur != NULL; av_cur = av_cur->next) {

276

if (avtab_init(&expa))

277

goto oom;

278

if (expand_cond_av_list(p, cur->false_list, &expl, &expa)) {

279

avtab_destroy(&expa);

280

goto oom;

281

}

282

for (av_cur = expl; av_cur != NULL; av_cur = av_cur->next) {

248

283

fprintf(fp, "\t");

249

284

render_av_rule(&av_cur->node->key, &av_cur->node->datum,

250

285

RENDER_CONDITIONAL, p, fp);

251

286

}

287

cond_av_list_destroy(expl);

288

avtab_destroy(&expa);

252

289

}

253

290

return 0;

291

292

oom:

293

fprintf(stderr, "out of memory\n");

294

return 1;

254

295

}

255

296

256

297

int change_bool(char *name, int state, policydb_t *p, FILE *fp)

Older »