KaiGai Kohei wrote:
>>> Hmm....
>>> It seems to me what you pointed out is a bug of my patch. It prevents to deliver
>>> actual number of type/attribute symbols to policy file, but it is unclear why does
>>> it makes libsepol ignore the policyvers.
>>> (I guess it may be a separated matter.)
>>>
>>>
>>>> Rather than trying to calculate the length without attributes I just removed
>>>> the attribute check. This causes attributes to be written for all versions,
>>>> but this should not cause any problems at all.
>>>>
>>> The reason why I injected such an ad-hoc code is that we cannot decide the policy
>>> version written when type_attr_remove() is invoked.
>>> Is it impossible to move it to policydb_write()?
>>> It is invoked after the policyvers is fixed by caller.
>>>
>> It isn't impossible. You are going to have to make it walk to type
>> symbol table to calculate the length without attributes, then write
>> that length instead of the total symtab length.
>>
>
> The attached patch enables to fixup the number of type/attribute entries
> to be written. The type_attr_uncount() decrements the number of attribute
> entries skipped at type_write().
>
> At first, I had a plan to invoke type_attr_remove() with
> hashtab_map_remove_on_error(), but it means the given policydb structure
> is modified at policydb_write() and implicit changes to external interface.
>
>
This does not cause a hierarchy error, is this an expected limitation?
typebounds goodbye_world_t hello_world_t;
allow hello_world_t self: file ~{read };
allow goodbye_world_t self: file *;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
