mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-30 09:22:38 +00:00
Revert "libsepol: implement new kernel binary format for avtab"
This reverts commit 7b77edd919
.
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
This commit is contained in:
parent
e3388c7643
commit
97450c623b
@ -722,11 +722,10 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
|
||||
#define POLICYDB_VERSION_INFINIBAND 31 /* Linux-specific */
|
||||
#define POLICYDB_VERSION_GLBLUB 32
|
||||
#define POLICYDB_VERSION_COMP_FTRANS 33 /* compressed filename transitions */
|
||||
#define POLICYDB_VERSION_AVTAB_FTRANS 34 /* filename transitions moved to avtab */
|
||||
|
||||
/* Range of policy versions we understand*/
|
||||
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
|
||||
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB_FTRANS
|
||||
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_COMP_FTRANS
|
||||
|
||||
/* Module versions and specific changes*/
|
||||
#define MOD_POLICYDB_VERSION_BASE 4
|
||||
|
@ -446,87 +446,6 @@ void avtab_hash_eval(avtab_t * h, char *tag)
|
||||
tag, h->nel, slots_used, h->nslot, max_chain_len);
|
||||
}
|
||||
|
||||
static int avtab_read_name_trans(policy_file_t *fp, symtab_t *target)
|
||||
{
|
||||
int rc;
|
||||
uint32_t buf32[2], nel, i, len, *otype = NULL;
|
||||
char *name = NULL;
|
||||
|
||||
/* read number of name transitions */
|
||||
rc = next_entry(buf32, fp, sizeof(uint32_t) * 1);
|
||||
if (rc < 0)
|
||||
return rc;
|
||||
nel = le32_to_cpu(buf32[0]);
|
||||
|
||||
rc = symtab_init(target, nel);
|
||||
if (rc < 0)
|
||||
return rc;
|
||||
|
||||
/* read name transitions */
|
||||
for (i = 0; i < nel; i++) {
|
||||
rc = SEPOL_ENOMEM;
|
||||
otype = malloc(sizeof(uint32_t));
|
||||
if (!otype)
|
||||
goto exit;
|
||||
|
||||
/* read name transition otype and name length */
|
||||
rc = next_entry(buf32, fp, sizeof(uint32_t) * 2);
|
||||
if (rc < 0)
|
||||
goto exit;
|
||||
*otype = le32_to_cpu(buf32[0]);
|
||||
len = le32_to_cpu(buf32[1]);
|
||||
|
||||
/* read the name */
|
||||
rc = str_read(&name, fp, len);
|
||||
if (rc < 0)
|
||||
goto exit;
|
||||
|
||||
rc = hashtab_insert(target->table, name, otype);
|
||||
if (rc < 0)
|
||||
goto exit;
|
||||
otype = NULL;
|
||||
name = NULL;
|
||||
}
|
||||
|
||||
exit:
|
||||
free(otype);
|
||||
free(name);
|
||||
return rc;
|
||||
}
|
||||
|
||||
static int avtab_trans_read(policy_file_t *fp, uint32_t vers,
|
||||
avtab_trans_t *trans)
|
||||
{
|
||||
int rc;
|
||||
uint32_t buf32[1];
|
||||
|
||||
if (vers < POLICYDB_VERSION_AVTAB_FTRANS) {
|
||||
rc = next_entry(buf32, fp, sizeof(uint32_t));
|
||||
if (rc < 0) {
|
||||
ERR(fp->handle, "truncated entry");
|
||||
return SEPOL_ERR;
|
||||
}
|
||||
trans->otype = le32_to_cpu(*buf32);
|
||||
return SEPOL_OK;
|
||||
}
|
||||
|
||||
/* read otype */
|
||||
rc = next_entry(buf32, fp, sizeof(uint32_t) * 1);
|
||||
if (rc < 0)
|
||||
return rc;
|
||||
trans->otype = le32_to_cpu(buf32[0]);
|
||||
|
||||
rc = avtab_read_name_trans(fp, &trans->name_trans);
|
||||
if (rc < 0)
|
||||
goto bad;
|
||||
|
||||
return SEPOL_OK;
|
||||
|
||||
bad:
|
||||
avtab_trans_destroy(trans);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Ordering of datums in the original avtab format in the policy file. */
|
||||
static const uint16_t spec_order[] = {
|
||||
AVTAB_ALLOWED,
|
||||
@ -690,9 +609,12 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
|
||||
xperms.perms[i] = le32_to_cpu(buf32[i]);
|
||||
datum.xperms = &xperms;
|
||||
} else if (key.specified & AVTAB_TRANSITION) {
|
||||
rc = avtab_trans_read(fp, vers, &trans);
|
||||
if (rc < 0)
|
||||
rc = next_entry(buf32, fp, sizeof(uint32_t));
|
||||
if (rc < 0) {
|
||||
ERR(fp->handle, "truncated entry");
|
||||
return -1;
|
||||
}
|
||||
trans.otype = le32_to_cpu(*buf32);
|
||||
datum.trans = &trans;
|
||||
} else {
|
||||
rc = next_entry(buf32, fp, sizeof(uint32_t));
|
||||
|
@ -208,13 +208,6 @@ static const struct policydb_compat_info policydb_compat[] = {
|
||||
.ocon_num = OCON_IBENDPORT + 1,
|
||||
.target_platform = SEPOL_TARGET_SELINUX,
|
||||
},
|
||||
{
|
||||
.type = POLICY_KERN,
|
||||
.version = POLICYDB_VERSION_AVTAB_FTRANS,
|
||||
.sym_num = SYM_NUM,
|
||||
.ocon_num = OCON_IBENDPORT + 1,
|
||||
.target_platform = SEPOL_TARGET_SELINUX,
|
||||
},
|
||||
{
|
||||
.type = POLICY_BASE,
|
||||
.version = MOD_POLICYDB_VERSION_BASE,
|
||||
@ -4106,7 +4099,6 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
|
||||
if (role_allow_read(&p->role_allow, fp))
|
||||
goto bad;
|
||||
if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
|
||||
r_policyvers < POLICYDB_VERSION_AVTAB_FTRANS &&
|
||||
avtab_filename_trans_read(fp, r_policyvers, &p->te_avtab))
|
||||
goto bad;
|
||||
} else {
|
||||
|
@ -102,56 +102,6 @@ static uint16_t spec_order[] = {
|
||||
AVTAB_MEMBER
|
||||
};
|
||||
|
||||
static int avtab_trans_write_helper(hashtab_key_t hkey, hashtab_datum_t hdatum,
|
||||
void *fp)
|
||||
{
|
||||
char *name = hkey;
|
||||
uint32_t *otype = hdatum;
|
||||
uint32_t buf32[2], len;
|
||||
size_t items;
|
||||
|
||||
/* write filename transition otype and name length */
|
||||
len = strlen(name);
|
||||
buf32[0] = cpu_to_le32(*otype);
|
||||
buf32[1] = cpu_to_le32(len);
|
||||
items = put_entry(buf32, sizeof(uint32_t), 2, fp);
|
||||
if (items != 2)
|
||||
return -1;
|
||||
|
||||
/* write filename transition name */
|
||||
items = put_entry(name, sizeof(char), len, fp);
|
||||
if (items != len)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int avtab_trans_write(policydb_t *p, const avtab_trans_t *cur,
|
||||
policy_file_t *fp)
|
||||
{
|
||||
size_t items;
|
||||
uint32_t buf32[2];
|
||||
|
||||
if (p->policyvers >= POLICYDB_VERSION_AVTAB_FTRANS) {
|
||||
/* write otype and number of filename transitions */
|
||||
buf32[0] = cpu_to_le32(cur->otype);
|
||||
buf32[1] = cpu_to_le32(hashtab_nel(cur->name_trans.table));
|
||||
items = put_entry(buf32, sizeof(uint32_t), 2, fp);
|
||||
if (items != 2)
|
||||
return -1;
|
||||
|
||||
/* write filename transitions */
|
||||
return hashtab_map(cur->name_trans.table,
|
||||
avtab_trans_write_helper, fp);
|
||||
} else if (cur->otype) {
|
||||
buf32[0] = cpu_to_le32(cur->otype);
|
||||
items = put_entry(buf32, sizeof(uint32_t), 1, fp);
|
||||
if (items != 1)
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int avtab_write_item(policydb_t * p,
|
||||
avtab_ptr_t cur, struct policy_file *fp,
|
||||
unsigned merge, unsigned commit, uint32_t * nel)
|
||||
@ -166,12 +116,8 @@ static int avtab_write_item(policydb_t * p,
|
||||
&& p->policyvers < POLICYDB_VERSION_AVTAB);
|
||||
unsigned int i;
|
||||
|
||||
/*
|
||||
* skip entries which only contain filename transitions in versions
|
||||
* before filename transitions were moved to avtab
|
||||
*/
|
||||
if (p->policyvers < POLICYDB_VERSION_AVTAB_FTRANS &&
|
||||
cur->key.specified & AVTAB_TRANSITION && !cur->datum.trans->otype) {
|
||||
/* skip entries which only contain filename transitions */
|
||||
if (cur->key.specified & AVTAB_TRANSITION && !cur->datum.trans->otype) {
|
||||
/* if oldvers, reduce nel, because this node will be skipped */
|
||||
if (oldvers && nel)
|
||||
(*nel)--;
|
||||
@ -325,7 +271,9 @@ static int avtab_write_item(policydb_t * p,
|
||||
if (items != 8)
|
||||
return POLICYDB_ERROR;
|
||||
} else if (cur->key.specified & AVTAB_TRANSITION) {
|
||||
if (avtab_trans_write(p, cur->datum.trans, fp) < 0)
|
||||
buf32[0] = cpu_to_le32(cur->datum.trans->otype);
|
||||
items = put_entry(buf32, sizeof(uint32_t), 1, fp);
|
||||
if (items != 1)
|
||||
return POLICYDB_ERROR;
|
||||
} else {
|
||||
buf32[0] = cpu_to_le32(cur->datum.data);
|
||||
@ -378,18 +326,15 @@ static int avtab_write(struct policydb *p, avtab_t * a, struct policy_file *fp)
|
||||
* filename transitions.
|
||||
*/
|
||||
nel = a->nel;
|
||||
if (p->policyvers < POLICYDB_VERSION_AVTAB_FTRANS) {
|
||||
/*
|
||||
* entries containing only filename transitions are
|
||||
* skipped and written out later
|
||||
*/
|
||||
for (i = 0; i < a->nslot; i++) {
|
||||
for (cur = a->htable[i]; cur; cur = cur->next) {
|
||||
if ((cur->key.specified
|
||||
& AVTAB_TRANSITION) &&
|
||||
!cur->datum.trans->otype)
|
||||
nel--;
|
||||
}
|
||||
/*
|
||||
* entries containing only filename transitions are skipped and
|
||||
* written out later
|
||||
*/
|
||||
for (i = 0; i < a->nslot; i++) {
|
||||
for (cur = a->htable[i]; cur; cur = cur->next) {
|
||||
if (cur->key.specified & AVTAB_TRANSITION &&
|
||||
!cur->datum.trans->otype)
|
||||
nel--;
|
||||
}
|
||||
}
|
||||
nel = cpu_to_le32(nel);
|
||||
@ -2681,8 +2626,7 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
|
||||
if (role_allow_write(p->role_allow, fp))
|
||||
return POLICYDB_ERROR;
|
||||
if (p->policyvers >= POLICYDB_VERSION_FILENAME_TRANS) {
|
||||
if (p->policyvers < POLICYDB_VERSION_AVTAB_FTRANS &&
|
||||
avtab_filename_trans_write(p, &p->te_avtab, fp))
|
||||
if (avtab_filename_trans_write(p, &p->te_avtab, fp))
|
||||
return POLICYDB_ERROR;
|
||||
} else if (avtab_has_filename_transitions(&p->te_avtab)) {
|
||||
WARN(fp->handle,
|
||||
|
Loading…
Reference in New Issue
Block a user