mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-27 08:22:07 +00:00
policycoreutils: mcstrans: use string_to_av_perm() to calculate permission access vector
mcstrans still uses CONTEXT__CONTAINS from av_permissions.h to calculate a permission access vector. However, av_permissions.h was deprecated, so it does not have access to the constant. This updates mcstrans to use string_to_av_perm() to get the value for context contains. Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be> Signed-off-by: Steve Lawrence <slawrence@tresys.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
213c3189d0
commit
86dffdd28f
@ -78,11 +78,12 @@ void finish_context_colors(void) {
|
||||
static int check_dominance(const char *pattern, const char *raw) {
|
||||
security_context_t ctx;
|
||||
context_t con;
|
||||
unsigned int bit = CONTEXT__CONTAINS;
|
||||
struct av_decision avd;
|
||||
int rc = -1;
|
||||
context_t my_tmp;
|
||||
const char *raw_range;
|
||||
security_class_t context_class = string_to_security_class("context");
|
||||
access_vector_t context_contains_perm = string_to_av_perm(context_class, "contains");
|
||||
|
||||
con = context_new(raw);
|
||||
if (!con)
|
||||
@ -108,11 +109,11 @@ static int check_dominance(const char *pattern, const char *raw) {
|
||||
if (!raw)
|
||||
goto out;
|
||||
|
||||
rc = security_compute_av_raw(ctx, (security_context_t)raw, string_to_security_class("context"), bit, &avd);
|
||||
rc = security_compute_av_raw(ctx, (security_context_t)raw, context_class, context_contains_perm, &avd);
|
||||
if (rc)
|
||||
goto out;
|
||||
|
||||
rc = (bit & avd.allowed) != bit;
|
||||
rc = (context_contains_perm & avd.allowed) != context_contains_perm;
|
||||
out:
|
||||
free(ctx);
|
||||
context_free(my_tmp);
|
||||
|
Loading…
Reference in New Issue
Block a user