RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-18 03:10:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: do not modify policy during write

Browse Source 
Do not modify the in memory default_range value of a class datum while
writing a policy.

While on it fix indentation.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2022-06-30 19:03:01 +02:00 committed by James Carter
parent 36bf1be1ca
commit 2651989d3b
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libsepol/src/write.c
View File

@ -1097,16 +1097,18 @@ static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
(p->policy_type == POLICY_BASE &&
p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
char default_range = cladatum->default_range;
buf[0] = cpu_to_le32(cladatum->default_user);
buf[1] = cpu_to_le32(cladatum->default_role);
if (!glblub_version && cladatum->default_range == DEFAULT_GLBLUB) {
if (!glblub_version && default_range == DEFAULT_GLBLUB) {
WARN(fp->handle,
"class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
cladatum->default_range = 0;
}
buf[2] = cpu_to_le32(cladatum->default_range);
"class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
default_range = 0;
}
buf[2] = cpu_to_le32(default_range);
items = put_entry(buf, sizeof(uint32_t), 3, fp);
if (items != 3)
return POLICYDB_ERROR;