diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c index e7869bf1..2d6f2399 100644 --- a/checkpolicy/checkmodule.c +++ b/checkpolicy/checkmodule.c @@ -31,7 +31,6 @@ #include #include "queue.h" -#include "checkpolicy.h" #include "parse_util.h" static sidtab_t sidtab; @@ -43,9 +42,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN; static const char *txtfile = "policy.conf"; static const char *binfile = "policy"; -static unsigned int policy_type = POLICY_BASE; -unsigned int policyvers = MOD_POLICYDB_VERSION_MAX; - static int read_binary_policy(policydb_t * p, const char *file, const char *progname) { int fd; @@ -107,7 +103,7 @@ static int read_binary_policy(policydb_t * p, const char *file, const char *prog return 0; } -static int write_binary_policy(policydb_t * p, FILE *outfp) +static int write_binary_policy(policydb_t * p, FILE *outfp, unsigned int policy_type, unsigned int policyvers) { struct policy_file pf; @@ -150,6 +146,8 @@ int main(int argc, char **argv) { const char *file = txtfile, *outfile = NULL; unsigned int binary = 0, cil = 0, disable_neverallow = 0; + unsigned int policy_type = POLICY_BASE; + unsigned int policyvers = MOD_POLICYDB_VERSION_MAX; int ch; int show_version = 0; policydb_t modpolicydb; @@ -279,6 +277,7 @@ int main(int argc, char **argv) modpolicydb.policy_type = policy_type; modpolicydb.mls = mlspol; modpolicydb.handle_unknown = handle_unknown; + modpolicydb.policyvers = policyvers; if (read_source_policy(&modpolicydb, file, argv[0]) == -1) { exit(1); @@ -343,7 +342,7 @@ int main(int argc, char **argv) } if (!cil) { - if (write_binary_policy(&modpolicydb, outfp) != 0) { + if (write_binary_policy(&modpolicydb, outfp, policy_type, policyvers) != 0) { fprintf(stderr, "%s: error writing %s\n", argv[0], outfile); exit(1); } diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index d7cafaa4..ede2b6ad 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -89,7 +89,6 @@ #include #include "queue.h" -#include "checkpolicy.h" #include "parse_util.h" static policydb_t policydb; @@ -103,8 +102,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN; static const char *txtfile = "policy.conf"; static const char *binfile = "policy"; -unsigned int policyvers = 0; - static __attribute__((__noreturn__)) void usage(const char *progname) { printf @@ -395,6 +392,7 @@ int main(int argc, char **argv) unsigned int binary = 0, debug = 0, sort = 0, cil = 0, conf = 0, optimize = 0, disable_neverallow = 0; struct val_to_name v; int ret, ch, fd, target = SEPOL_TARGET_SELINUX; + unsigned int policyvers = 0; unsigned int nel, uret; struct stat sb; void *map; @@ -613,6 +611,7 @@ int main(int argc, char **argv) /* Let sepol know if we are dealing with MLS support */ parse_policy.mls = mlspol; parse_policy.handle_unknown = handle_unknown; + parse_policy.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX; policydbp = &parse_policy; @@ -637,11 +636,10 @@ int main(int argc, char **argv) fprintf(stderr, "Error while expanding policy\n"); exit(1); } + policydb.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX; policydb_destroy(policydbp); policydbp = &policydb; } - - policydbp->policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX; } if (policydb_load_isids(&policydb, &sidtab)) diff --git a/checkpolicy/checkpolicy.h b/checkpolicy/checkpolicy.h deleted file mode 100644 index f127687e..00000000 --- a/checkpolicy/checkpolicy.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef _CHECKPOLICY_H_ -#define _CHECKPOLICY_H_ - -extern unsigned int policyvers; - -#endif diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c index 6c5ce02f..ddb43260 100644 --- a/checkpolicy/fuzz/checkpolicy-fuzzer.c +++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c @@ -200,6 +200,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) parsepolicydb.policy_type = POLICY_BASE; parsepolicydb.mls = mls; parsepolicydb.handle_unknown = DENY_UNKNOWN; + parsepolicydb.policyvers = policyvers; policydb_set_target_platform(&parsepolicydb, platform); if (read_source_policy(&parsepolicydb, data, size)) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 1c019a3b..aa2ac2e6 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -55,7 +55,6 @@ #include #include #include "queue.h" -#include "checkpolicy.h" #include "module_compiler.h" #include "policy_define.h" diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y index 1b275ebc..c57a988a 100644 --- a/checkpolicy/policy_parse.y +++ b/checkpolicy/policy_parse.y @@ -49,7 +49,6 @@ #include #include #include "queue.h" -#include "checkpolicy.h" #include "module_compiler.h" #include "policy_define.h"