[PATCH 19/25] checkpolicy: add new helper to translate class sets

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Mon, 19 Dec 2011 16:28:20 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7vrHQACgkQrlYvE4MpobN3dQCgm1K/F+U326ZxOKzjOPgRumHn
/DQAn0LsYl/hYirik7hLeJ3mICmSyRaC
=bm3B
-----END PGP SIGNATURE-----
>From 3527baea652d3d38c820ca0de61b9e90ce5fa47e Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Mon, 5 Dec 2011 11:48:20 -0500
Subject: [PATCH 19/25] checkpolicy: add new helper to translate class sets
 into bitmaps

We use the exact same logic a bunch of places in policy_define.c to
translate a class set into a bitmap.  Make this into a helper function.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 checkpolicy/policy_define.c |  123 ++++++++++++------------------------------
 1 files changed, 35 insertions(+), 88 deletions(-)

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 1bf669c..d19fc61 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -327,6 +327,30 @@ int define_initial_sid(void)
 	return -1;
 }
 
+static int read_classes(ebitmap_t *e_classes)
+{
+	char *id;
+	class_datum_t *cladatum;
+
+	while ((id = queue_remove(id_queue))) {
+		if (!is_id_in_scope(SYM_CLASSES, id)) {
+			yyerror2("class %s is not within scope", id);
+			return -1;
+		}
+		cladatum = hashtab_search(policydbp->p_classes.table, id);
+		if (!cladatum) {
+			yyerror2("unknown class %s", id);
+			return -1;
+		}
+		if (ebitmap_set_bit(e_classes, cladatum->s.value - 1, TRUE)) {
+			yyerror("Out of memory");
+			return -1;
+		}
+		free(id);
+	}
+	return 0;
+}
+
 int define_common_perms(void)
 {
 	char *id = 0, *perm = 0;
@@ -1360,7 +1384,6 @@ int define_compute_type_helper(int which, avrule_t ** rule)
 {
 	char *id;
 	type_datum_t *datum;
-	class_datum_t *cladatum;
 	ebitmap_t tclasses;
 	ebitmap_node_t *node;
 	avrule_t *avrule;
@@ -1387,23 +1410,8 @@ int define_compute_type_helper(int which, avrule_t ** rule)
 	}
 
 	ebitmap_init(&tclasses);
-	while ((id = queue_remove(id_queue))) {
-		if (!is_id_in_scope(SYM_CLASSES, id)) {
-			yyerror2("class %s is not within scope", id);
-			free(id);
-			goto bad;
-		}
-		cladatum = hashtab_search(policydbp->p_classes.table, id);
-		if (!cladatum) {
-			yyerror2("unknown class %s", id);
-			goto bad;
-		}
-		if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
-			yyerror("Out of memory");
-			goto bad;
-		}
-		free(id);
-	}
+	if (read_classes(&tclasses))
+		goto bad;
 
 	id = (char *)queue_remove(id_queue);
 	if (!id) {
@@ -1628,25 +1636,9 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
 	}
 
 	ebitmap_init(&tclasses);
-	while ((id = queue_remove(id_queue))) {
-		if (!is_id_in_scope(SYM_CLASSES, id)) {
-			yyerror2("class %s is not within scope", id);
-			ret = -1;
-			goto out;
-		}
-		cladatum = hashtab_search(policydbp->p_classes.table, id);
-		if (!cladatum) {
-			yyerror2("unknown class %s used in rule", id);
-			ret = -1;
-			goto out;
-		}
-		if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
-			yyerror("Out of memory");
-			ret = -1;
-			goto out;
-		}
-		free(id);
-	}
+	ret = read_classes(&tclasses);
+	if (ret)
+		goto out;
 
 	perms = NULL;
 	ebitmap_for_each_bit(&tclasses, node, i) {
@@ -2242,22 +2234,8 @@ int define_role_trans(int class_specified)
 	}
 
 	if (class_specified) {
-		while ((id = queue_remove(id_queue))) {
-			if (!is_id_in_scope(SYM_CLASSES, id)) {
-				yyerror2("class %s is not within scope", id);
-				free(id);
-				return -1;
-			}
-			cladatum = hashtab_search(policydbp->p_classes.table,
-						  id);
-			if (!cladatum) {
-				yyerror2("unknow class %s", id);
-				return -1;
-			}
-
-			ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE);
-			free(id);
-		}
+		if (read_classes(&e_classes))
+			return -1;
 	} else {
 		cladatum = hashtab_search(policydbp->p_classes.table,
 					  "process");
@@ -2410,7 +2388,6 @@ int define_filename_trans(void)
 	ebitmap_node_t *snode, *tnode, *cnode;
 	filename_trans_t *ft;
 	filename_trans_rule_t *ftr;
-	class_datum_t *cladatum;
 	type_datum_t *typdatum;
 	uint32_t otype;
 	unsigned int c, s, t;
@@ -2451,23 +2428,8 @@ int define_filename_trans(void)
 	}
 
 	ebitmap_init(&e_tclasses);
-	while ((id = queue_remove(id_queue))) {
-		if (!is_id_in_scope(SYM_CLASSES, id)) {
-			yyerror2("class %s is not within scope", id);
-			free(id);
-			goto bad;
-		}
-		cladatum = hashtab_search(policydbp->p_classes.table, id);
-		if (!cladatum) {
-			yyerror2("unknown class %s", id);
-			goto bad;
-		}
-		if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) {
-			yyerror("Out of memory");
-			goto bad;
-		}
-		free(id);
-	}
+	if (read_classes(&e_tclasses))
+		goto bad;
 
 	id = (char *)queue_remove(id_queue);
 	if (!id) {
@@ -4549,23 +4511,8 @@ int define_range_trans(int class_specified)
 	}
 
 	if (class_specified) {
-		while ((id = queue_remove(id_queue))) {
-			if (!is_id_in_scope(SYM_CLASSES, id)) {
-				yyerror2("class %s is not within scope", id);
-				free(id);
-				goto out;
-			}
-			cladatum = hashtab_search(policydbp->p_classes.table,
-			                          id);
-			if (!cladatum) {
-				yyerror2("unknown class %s", id);
-				goto out;
-			}
-
-			ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1,
-			                TRUE);
-			free(id);
-		}
+		if (read_classes(&rule->tclasses))
+			goto out;
 	} else {
 		cladatum = hashtab_search(policydbp->p_classes.table,
 		                          "process");
-- 
1.7.8





