mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-12 00:55:03 +00:00
libsepol: Write and read TUNABLE flags in related data structures.
All flags in cond_bool_datum_t and cond_node_t structures are written or read for policy modules which version is no less than MOD_POLICYDB_VERSION_TUNABLE_SEP. Note, for cond_node_t the TUNABLE flag bit would be used only at expand, however, it won't hurt to read/write this field for modules(potentially for future usage). Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
parent
80f26c5ee8
commit
b0be2a06b7
@ -564,8 +564,8 @@ static int bool_isvalid(cond_bool_datum_t * b)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int cond_read_bool(policydb_t * p
|
int cond_read_bool(policydb_t * p,
|
||||||
__attribute__ ((unused)), hashtab_t h,
|
hashtab_t h,
|
||||||
struct policy_file *fp)
|
struct policy_file *fp)
|
||||||
{
|
{
|
||||||
char *key = 0;
|
char *key = 0;
|
||||||
@ -597,6 +597,15 @@ int cond_read_bool(policydb_t * p
|
|||||||
if (rc < 0)
|
if (rc < 0)
|
||||||
goto err;
|
goto err;
|
||||||
key[len] = 0;
|
key[len] = 0;
|
||||||
|
|
||||||
|
if (p->policy_type != POLICY_KERN &&
|
||||||
|
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||||
|
rc = next_entry(buf, fp, sizeof(uint32_t));
|
||||||
|
if (rc < 0)
|
||||||
|
goto err;
|
||||||
|
booldatum->flags = le32_to_cpu(buf[0]);
|
||||||
|
}
|
||||||
|
|
||||||
if (hashtab_insert(h, key, booldatum))
|
if (hashtab_insert(h, key, booldatum))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -811,6 +820,14 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (p->policy_type != POLICY_KERN &&
|
||||||
|
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||||
|
rc = next_entry(buf, fp, sizeof(uint32_t));
|
||||||
|
if (rc < 0)
|
||||||
|
goto err;
|
||||||
|
node->flags = le32_to_cpu(buf[0]);
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
err:
|
err:
|
||||||
cond_node_destroy(node);
|
cond_node_destroy(node);
|
||||||
|
@ -607,6 +607,7 @@ static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
|
|||||||
unsigned int items, items2;
|
unsigned int items, items2;
|
||||||
struct policy_data *pd = ptr;
|
struct policy_data *pd = ptr;
|
||||||
struct policy_file *fp = pd->fp;
|
struct policy_file *fp = pd->fp;
|
||||||
|
struct policydb *p = pd->p;
|
||||||
|
|
||||||
booldatum = (cond_bool_datum_t *) datum;
|
booldatum = (cond_bool_datum_t *) datum;
|
||||||
|
|
||||||
@ -621,6 +622,15 @@ static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
|
|||||||
items = put_entry(key, 1, len, fp);
|
items = put_entry(key, 1, len, fp);
|
||||||
if (items != len)
|
if (items != len)
|
||||||
return POLICYDB_ERROR;
|
return POLICYDB_ERROR;
|
||||||
|
|
||||||
|
if (p->policy_type != POLICY_KERN &&
|
||||||
|
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||||
|
buf[0] = cpu_to_le32(booldatum->flags);
|
||||||
|
items = put_entry(buf, sizeof(uint32_t), 1, fp);
|
||||||
|
if (items != 1)
|
||||||
|
return POLICYDB_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
return POLICYDB_SUCCESS;
|
return POLICYDB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -727,6 +737,14 @@ static int cond_write_node(policydb_t * p,
|
|||||||
return POLICYDB_ERROR;
|
return POLICYDB_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (p->policy_type != POLICY_KERN &&
|
||||||
|
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||||
|
buf[0] = cpu_to_le32(node->flags);
|
||||||
|
items = put_entry(buf, sizeof(uint32_t), 1, fp);
|
||||||
|
if (items != 1)
|
||||||
|
return POLICYDB_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
return POLICYDB_SUCCESS;
|
return POLICYDB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user