Re: [PATCH 02/10 v3] libsepol: Treat types like an attribute in the attr_type_map.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/19/2015 02:19 PM, James Carter wrote:
> Types are treated as attributes that contain only themselves. This
> is how types are already treated in the type_attr_map.
> 
> Treating types this way makes finding rules that apply to a given
> type much easier. This simplifies the implementation of neverallow
> checking in assertion.c and bounds checking in hierarchy.c.
> 
> Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>

Acked-by:  Stephen Smalley <sds@xxxxxxxxxxxxx>

> ---
>  libsepol/src/expand.c   | 24 ++++++++++++++++--------
>  libsepol/src/policydb.c |  4 ++++
>  2 files changed, 20 insertions(+), 8 deletions(-)
> 
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index 478eaff..7b99f40 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -2311,25 +2311,33 @@ static int type_attr_map(hashtab_key_t key
>  	policydb_t *p = state->out;
>  	unsigned int i;
>  	ebitmap_node_t *tnode;
> +	int value;
>  
>  	type = (type_datum_t *) datum;
> +	value = type->s.value;
> +
>  	if (type->flavor == TYPE_ATTRIB) {
> -		if (ebitmap_cpy(&p->attr_type_map[type->s.value - 1],
> -				&type->types)) {
> -			ERR(state->handle, "Out of memory!");
> -			return -1;
> +		if (ebitmap_cpy(&p->attr_type_map[value - 1], &type->types)) {
> +			goto oom;
>  		}
>  		ebitmap_for_each_bit(&type->types, tnode, i) {
>  			if (!ebitmap_node_get_bit(tnode, i))
>  				continue;
> -			if (ebitmap_set_bit(&p->type_attr_map[i],
> -					    type->s.value - 1, 1)) {
> -				ERR(state->handle, "Out of memory!");
> -				return -1;
> +			if (ebitmap_set_bit(&p->type_attr_map[i], value - 1, 1)) {
> +				goto oom;
>  			}
>  		}
> +	} else {
> +		if (ebitmap_set_bit(&p->attr_type_map[value - 1], value - 1, 1)) {
> +			goto oom;
> +		}
>  	}
> +
>  	return 0;
> +
> +oom:
> +	ERR(state->handle, "Out of memory!");
> +	return -1;
>  }
>  
>  /* converts typeset using typemap and expands into ebitmap_t types using the attributes in the passed in policy.
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index 1677eb5..670aef8 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -3936,6 +3936,10 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
>  			/* add the type itself as the degenerate case */
>  			if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
>  				goto bad;
> +			if (p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
> +				if (ebitmap_set_bit(&p->attr_type_map[i], i, 1))
> +					goto bad;
> +			}
>  		}
>  	}
>  
> 

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux