[PATCH 4/8] Revert "libsepol: implement new module binary format of avrule"

James Carter <jwcart2@xxxxxxxxx> · Wed, 26 Jul 2023 10:25:45 -0400

This reverts commit 11013986ac484586e50ce318f4f10c1edf39e746.

Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
 libsepol/include/sepol/policydb/policydb.h |  3 +--
 libsepol/src/policydb.c                    | 28 ----------------------
 libsepol/src/write.c                       | 24 +++----------------
 3 files changed, 4 insertions(+), 51 deletions(-)

diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
index 5efd0a47..528c1cad 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -749,10 +749,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
 #define MOD_POLICYDB_VERSION_INFINIBAND		19
 #define MOD_POLICYDB_VERSION_GLBLUB		20
 #define MOD_POLICYDB_VERSION_SELF_TYPETRANS	21
-#define MOD_POLICYDB_VERSION_AVRULE_FTRANS	22
 
 #define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_AVRULE_FTRANS
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_SELF_TYPETRANS
 
 #define POLICYDB_CONFIG_MLS    1
 
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 37bb97a1..b15d4163 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -341,13 +341,6 @@ static const struct policydb_compat_info policydb_compat[] = {
 	 .ocon_num = OCON_IBENDPORT + 1,
 	 .target_platform = SEPOL_TARGET_SELINUX,
 	},
-	{
-	 .type = POLICY_BASE,
-	 .version = MOD_POLICYDB_VERSION_AVRULE_FTRANS,
-	 .sym_num = SYM_NUM,
-	 .ocon_num = OCON_IBENDPORT + 1,
-	 .target_platform = SEPOL_TARGET_SELINUX,
-	},
 	{
 	 .type = POLICY_MOD,
 	 .version = MOD_POLICYDB_VERSION_BASE,
@@ -474,13 +467,6 @@ static const struct policydb_compat_info policydb_compat[] = {
 	 .ocon_num = 0,
 	 .target_platform = SEPOL_TARGET_SELINUX,
 	},
-	{
-	 .type = POLICY_MOD,
-	 .version = MOD_POLICYDB_VERSION_AVRULE_FTRANS,
-	 .sym_num = SYM_NUM,
-	 .ocon_num = 0,
-	 .target_platform = SEPOL_TARGET_SELINUX,
-	},
 };
 
 #if 0
@@ -3216,19 +3202,6 @@ static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
 		tail = cur;
 	}
 
-	if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
-	    avrule->specified & AVRULE_TRANSITION) {
-		rc = next_entry(buf, fp, sizeof(uint32_t));
-		if (rc < 0)
-			goto bad;
-		len = le32_to_cpu(*buf);
-		if (len) {
-			rc = str_read(&avrule->object_name, fp, len);
-			if (rc < 0)
-				goto bad;
-		}
-	}
-
 	if (avrule->specified & AVRULE_XPERMS) {
 		uint8_t buf8;
 		size_t nel = ARRAY_SIZE(avrule->xperms->perms);
@@ -3660,7 +3633,6 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
 	}
 
 	if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
-	    p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
 	    filename_trans_rule_read(p, &decl->avrules, fp))
 		return -1;
 
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index d7f47c8d..68495198 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -2025,9 +2025,8 @@ static int avrule_write(policydb_t *p, avrule_t * avrule,
 	uint32_t buf[32], len;
 	class_perm_node_t *cur;
 
-	/* skip filename transitions if writing older version without name */
-	if (p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
-	    avrule->specified & AVRULE_TRANSITION && avrule->object_name)
+	/* skip filename transitions for now */
+	if (avrule->specified & AVRULE_TRANSITION && avrule->object_name)
 		return POLICYDB_SUCCESS;
 
 	if (p->policyvers < MOD_POLICYDB_VERSION_SELF_TYPETRANS &&
@@ -2074,21 +2073,6 @@ static int avrule_write(policydb_t *p, avrule_t * avrule,
 		cur = cur->next;
 	}
 
-	if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
-	    avrule->specified & AVRULE_TRANSITION) {
-		len = avrule->object_name ? strlen(avrule->object_name) : 0;
-		*buf = cpu_to_le32(len);
-		items = put_entry(buf, sizeof(uint32_t), 1, fp);
-		if (items != 1)
-			return POLICYDB_ERROR;
-		if (avrule->object_name) {
-			items = put_entry(avrule->object_name, sizeof(char),
-					  len, fp);
-			if (items != len)
-				return POLICYDB_ERROR;
-		}
-	}
-
 	if (avrule->specified & AVRULE_XPERMS) {
 		size_t nel = ARRAY_SIZE(avrule->xperms->perms);
 		uint32_t buf32[nel];
@@ -2138,8 +2122,7 @@ static int avrule_write_list(policydb_t *p, avrule_t * avrules,
 	avrule = avrules;
 	len = 0;
 	while (avrule) {
-		if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS ||
-		    !(avrule->specified & AVRULE_TRANSITION &&
+		if (!(avrule->specified & AVRULE_TRANSITION &&
 		      avrule->object_name))
 			len++;
 		avrule = avrule->next;
@@ -2374,7 +2357,6 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
 	}
 
 	if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
-	    p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
 	    filename_trans_rule_write(p, decl->avrules, fp))
 		return POLICYDB_ERROR;
 
-- 
2.41.0







