checkpolicy: add new helper to translate class sets into bitmaps
We use the exact same logic a bunch of places in policy_define.c to translate a class set into a bitmap. Make this into a helper function. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
parent
915b5f885f
commit
b39e8cab3c
|
@ -327,6 +327,30 @@ int define_initial_sid(void)
|
|||
return -1;
|
||||
}
|
||||
|
||||
static int read_classes(ebitmap_t *e_classes)
|
||||
{
|
||||
char *id;
|
||||
class_datum_t *cladatum;
|
||||
|
||||
while ((id = queue_remove(id_queue))) {
|
||||
if (!is_id_in_scope(SYM_CLASSES, id)) {
|
||||
yyerror2("class %s is not within scope", id);
|
||||
return -1;
|
||||
}
|
||||
cladatum = hashtab_search(policydbp->p_classes.table, id);
|
||||
if (!cladatum) {
|
||||
yyerror2("unknown class %s", id);
|
||||
return -1;
|
||||
}
|
||||
if (ebitmap_set_bit(e_classes, cladatum->s.value - 1, TRUE)) {
|
||||
yyerror("Out of memory");
|
||||
return -1;
|
||||
}
|
||||
free(id);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int define_common_perms(void)
|
||||
{
|
||||
char *id = 0, *perm = 0;
|
||||
|
@ -1360,7 +1384,6 @@ int define_compute_type_helper(int which, avrule_t ** rule)
|
|||
{
|
||||
char *id;
|
||||
type_datum_t *datum;
|
||||
class_datum_t *cladatum;
|
||||
ebitmap_t tclasses;
|
||||
ebitmap_node_t *node;
|
||||
avrule_t *avrule;
|
||||
|
@ -1387,23 +1410,8 @@ int define_compute_type_helper(int which, avrule_t ** rule)
|
|||
}
|
||||
|
||||
ebitmap_init(&tclasses);
|
||||
while ((id = queue_remove(id_queue))) {
|
||||
if (!is_id_in_scope(SYM_CLASSES, id)) {
|
||||
yyerror2("class %s is not within scope", id);
|
||||
free(id);
|
||||
goto bad;
|
||||
}
|
||||
cladatum = hashtab_search(policydbp->p_classes.table, id);
|
||||
if (!cladatum) {
|
||||
yyerror2("unknown class %s", id);
|
||||
goto bad;
|
||||
}
|
||||
if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
|
||||
yyerror("Out of memory");
|
||||
goto bad;
|
||||
}
|
||||
free(id);
|
||||
}
|
||||
if (read_classes(&tclasses))
|
||||
goto bad;
|
||||
|
||||
id = (char *)queue_remove(id_queue);
|
||||
if (!id) {
|
||||
|
@ -1628,25 +1636,9 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
|
|||
}
|
||||
|
||||
ebitmap_init(&tclasses);
|
||||
while ((id = queue_remove(id_queue))) {
|
||||
if (!is_id_in_scope(SYM_CLASSES, id)) {
|
||||
yyerror2("class %s is not within scope", id);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
cladatum = hashtab_search(policydbp->p_classes.table, id);
|
||||
if (!cladatum) {
|
||||
yyerror2("unknown class %s used in rule", id);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
|
||||
yyerror("Out of memory");
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
free(id);
|
||||
}
|
||||
ret = read_classes(&tclasses);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
perms = NULL;
|
||||
ebitmap_for_each_bit(&tclasses, node, i) {
|
||||
|
@ -2242,22 +2234,8 @@ int define_role_trans(int class_specified)
|
|||
}
|
||||
|
||||
if (class_specified) {
|
||||
while ((id = queue_remove(id_queue))) {
|
||||
if (!is_id_in_scope(SYM_CLASSES, id)) {
|
||||
yyerror2("class %s is not within scope", id);
|
||||
free(id);
|
||||
return -1;
|
||||
}
|
||||
cladatum = hashtab_search(policydbp->p_classes.table,
|
||||
id);
|
||||
if (!cladatum) {
|
||||
yyerror2("unknow class %s", id);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE);
|
||||
free(id);
|
||||
}
|
||||
if (read_classes(&e_classes))
|
||||
return -1;
|
||||
} else {
|
||||
cladatum = hashtab_search(policydbp->p_classes.table,
|
||||
"process");
|
||||
|
@ -2410,7 +2388,6 @@ int define_filename_trans(void)
|
|||
ebitmap_node_t *snode, *tnode, *cnode;
|
||||
filename_trans_t *ft;
|
||||
filename_trans_rule_t *ftr;
|
||||
class_datum_t *cladatum;
|
||||
type_datum_t *typdatum;
|
||||
uint32_t otype;
|
||||
unsigned int c, s, t;
|
||||
|
@ -2451,23 +2428,8 @@ int define_filename_trans(void)
|
|||
}
|
||||
|
||||
ebitmap_init(&e_tclasses);
|
||||
while ((id = queue_remove(id_queue))) {
|
||||
if (!is_id_in_scope(SYM_CLASSES, id)) {
|
||||
yyerror2("class %s is not within scope", id);
|
||||
free(id);
|
||||
goto bad;
|
||||
}
|
||||
cladatum = hashtab_search(policydbp->p_classes.table, id);
|
||||
if (!cladatum) {
|
||||
yyerror2("unknown class %s", id);
|
||||
goto bad;
|
||||
}
|
||||
if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) {
|
||||
yyerror("Out of memory");
|
||||
goto bad;
|
||||
}
|
||||
free(id);
|
||||
}
|
||||
if (read_classes(&e_tclasses))
|
||||
goto bad;
|
||||
|
||||
id = (char *)queue_remove(id_queue);
|
||||
if (!id) {
|
||||
|
@ -4549,23 +4511,8 @@ int define_range_trans(int class_specified)
|
|||
}
|
||||
|
||||
if (class_specified) {
|
||||
while ((id = queue_remove(id_queue))) {
|
||||
if (!is_id_in_scope(SYM_CLASSES, id)) {
|
||||
yyerror2("class %s is not within scope", id);
|
||||
free(id);
|
||||
goto out;
|
||||
}
|
||||
cladatum = hashtab_search(policydbp->p_classes.table,
|
||||
id);
|
||||
if (!cladatum) {
|
||||
yyerror2("unknown class %s", id);
|
||||
goto out;
|
||||
}
|
||||
|
||||
ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1,
|
||||
TRUE);
|
||||
free(id);
|
||||
}
|
||||
if (read_classes(&rule->tclasses))
|
||||
goto out;
|
||||
} else {
|
||||
cladatum = hashtab_search(policydbp->p_classes.table,
|
||||
"process");
|
||||
|
|
Loading…
Reference in New Issue