-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5yV3cACgkQrlYvE4MpobMkZACgo8GnIYpMthQnxxkN0rE1ZPA3
LrwAnipRsxdz7UlisocG6bwtQPsjy5D+
=+R1Z
-----END PGP SIGNATURE-----
>From e0c3e798c264034480308df45625b0add0901f01 Mon Sep 17 00:00:00 2001
From: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx>
Date: Thu, 1 Sep 2011 11:29:42 +0800
Subject: [PATCH 46/67] libsepol: Write and read TUNABLE flags in related data
structures.
All flags in cond_bool_datum_t and cond_node_t structures are written
or read for policy modules which version is no less than
MOD_POLICYDB_VERSION_TUNABLE_SEP.
Note, for cond_node_t the TUNABLE flag bit would be used only at expand,
however, it won't hurt to read/write this field for modules(potentially
for future usage).
Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx>
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
libsepol/src/conditional.c | 21 +++++++++++++++++++--
libsepol/src/write.c | 18 ++++++++++++++++++
2 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
index efdedb0..ea47cdd 100644
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@@ -564,8 +564,8 @@ static int bool_isvalid(cond_bool_datum_t * b)
return 1;
}
-int cond_read_bool(policydb_t * p
- __attribute__ ((unused)), hashtab_t h,
+int cond_read_bool(policydb_t * p,
+ hashtab_t h,
struct policy_file *fp)
{
char *key = 0;
@@ -597,6 +597,15 @@ int cond_read_bool(policydb_t * p
if (rc < 0)
goto err;
key[len] = 0;
+
+ if (p->policy_type != POLICY_KERN &&
+ p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto err;
+ booldatum->flags = le32_to_cpu(buf[0]);
+ }
+
if (hashtab_insert(h, key, booldatum))
goto err;
@@ -811,6 +820,14 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
goto err;
}
+ if (p->policy_type != POLICY_KERN &&
+ p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto err;
+ node->flags = le32_to_cpu(buf[0]);
+ }
+
return 0;
err:
cond_node_destroy(node);
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index 7257b0b..e34ab52 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -607,6 +607,7 @@ static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
unsigned int items, items2;
struct policy_data *pd = ptr;
struct policy_file *fp = pd->fp;
+ struct policydb *p = pd->p;
booldatum = (cond_bool_datum_t *) datum;
@@ -621,6 +622,15 @@ static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
items = put_entry(key, 1, len, fp);
if (items != len)
return POLICYDB_ERROR;
+
+ if (p->policy_type != POLICY_KERN &&
+ p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
+ buf[0] = cpu_to_le32(booldatum->flags);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ }
+
return POLICYDB_SUCCESS;
}
@@ -727,6 +737,14 @@ static int cond_write_node(policydb_t * p,
return POLICYDB_ERROR;
}
+ if (p->policy_type != POLICY_KERN &&
+ p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
+ buf[0] = cpu_to_le32(node->flags);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ }
+
return POLICYDB_SUCCESS;
}
--
1.7.6.2
