RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-28 07:20:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Allow hexadecimal numbers in Xen context rules

Browse Source 
Allow the use of hexadecimal numbers in iomemcon, ioportcon, and
pcidevicecon statements. The use of hexadecimal numbers is often
the natural choice for these rules.

A zero base is now passed to strtol() and strtoull() which will
assume base 16 if the string has a prefix of "0x", base 8 if the
string starts with "0", and base 10 otherwise.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This commit is contained in:
James Carter 2017-03-20 11:06:29 -04:00
parent dd11ab6f7f
commit c408c70b0a
2 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
libsepol/cil/src/cil_build_ast.c
View File

@ -4228,12 +4228,12 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru
if (parse_current->next->next->cl_head != NULL) {
if (parse_current->next->next->cl_head->next != NULL
&& parse_current->next->next->cl_head->next->next == NULL) {
rc = cil_fill_integer(parse_current->next->next->cl_head, &portcon->port_low);
rc = cil_fill_integer(parse_current->next->next->cl_head, &portcon->port_low, 10);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper port specified\n");
goto exit;
}
rc = cil_fill_integer(parse_current->next->next->cl_head->next, &portcon->port_high);
rc = cil_fill_integer(parse_current->next->next->cl_head->next, &portcon->port_high, 10);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper port specified\n");
goto exit;
@ -4244,7 +4244,7 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru
goto exit;
}
} else {
rc = cil_fill_integer(parse_current->next->next, &portcon->port_low);
rc = cil_fill_integer(parse_current->next->next, &portcon->port_low, 10);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper port specified\n");
goto exit;
@ -4538,7 +4538,7 @@ int cil_gen_pirqcon(struct cil_db *db, struct cil_tree_node *parse_current, stru
cil_pirqcon_init(&pirqcon);
rc = cil_fill_integer(parse_current->next, &pirqcon->pirq);
rc = cil_fill_integer(parse_current->next, &pirqcon->pirq, 10);
if (rc != SEPOL_OK) {
goto exit;
}
@ -4604,12 +4604,12 @@ int cil_gen_iomemcon(struct cil_db *db, struct cil_tree_node *parse_current, str
if (parse_current->next->cl_head != NULL) {
if (parse_current->next->cl_head->next != NULL &&
parse_current->next->cl_head->next->next == NULL) {
rc = cil_fill_integer64(parse_current->next->cl_head, &iomemcon->iomem_low);
rc = cil_fill_integer64(parse_current->next->cl_head, &iomemcon->iomem_low, 0);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper iomem specified\n");
goto exit;
}
rc = cil_fill_integer64(parse_current->next->cl_head->next, &iomemcon->iomem_high);
rc = cil_fill_integer64(parse_current->next->cl_head->next, &iomemcon->iomem_high, 0);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper iomem specified\n");
goto exit;
@ -4620,7 +4620,7 @@ int cil_gen_iomemcon(struct cil_db *db, struct cil_tree_node *parse_current, str
goto exit;
}
} else {
rc = cil_fill_integer64(parse_current->next, &iomemcon->iomem_low);;
rc = cil_fill_integer64(parse_current->next, &iomemcon->iomem_low, 0);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper iomem specified\n");
goto exit;
@ -4689,12 +4689,12 @@ int cil_gen_ioportcon(struct cil_db *db, struct cil_tree_node *parse_current, st
if (parse_current->next->cl_head != NULL) {
if (parse_current->next->cl_head->next != NULL &&
parse_current->next->cl_head->next->next == NULL) {
rc = cil_fill_integer(parse_current->next->cl_head, &ioportcon->ioport_low);
rc = cil_fill_integer(parse_current->next->cl_head, &ioportcon->ioport_low, 10);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper ioport specified\n");
goto exit;
}
rc = cil_fill_integer(parse_current->next->cl_head->next, &ioportcon->ioport_high);
rc = cil_fill_integer(parse_current->next->cl_head->next, &ioportcon->ioport_high, 10);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper ioport specified\n");
goto exit;
@ -4705,7 +4705,7 @@ int cil_gen_ioportcon(struct cil_db *db, struct cil_tree_node *parse_current, st
goto exit;
}
} else {
rc = cil_fill_integer(parse_current->next, &ioportcon->ioport_low);
rc = cil_fill_integer(parse_current->next, &ioportcon->ioport_low, 10);
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Improper ioport specified\n");
goto exit;
@ -4771,7 +4771,7 @@ int cil_gen_pcidevicecon(struct cil_db *db, struct cil_tree_node *parse_current,
cil_pcidevicecon_init(&pcidevicecon);
rc = cil_fill_integer(parse_current->next, &pcidevicecon->dev);
rc = cil_fill_integer(parse_current->next, &pcidevicecon->dev, 0);
if (rc != SEPOL_OK) {
goto exit;
}
@ -5364,7 +5364,7 @@ void cil_destroy_ipaddr(struct cil_ipaddr *ipaddr)
free(ipaddr);
}
int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer)
int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer, int base)
{
int rc = SEPOL_ERR;
char *endptr = NULL;
@ -5375,7 +5375,7 @@ int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer)
}
errno = 0;
val = strtol(int_node->data, &endptr, 10);
val = strtol(int_node->data, &endptr, base);
if (errno != 0 || endptr == int_node->data || *endptr != '\0') {
rc = SEPOL_ERR;
goto exit;
@ -5390,7 +5390,7 @@ exit:
return rc;
}
int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer)
int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer, int base)
{
int rc = SEPOL_ERR;
char *endptr = NULL;
@ -5401,7 +5401,7 @@ int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer)
}
errno = 0;
val = strtoull(int_node->data, &endptr, 10);
val = strtoull(int_node->data, &endptr, base);
if (errno != 0 || endptr == int_node->data || *endptr != '\0') {
rc = SEPOL_ERR;
goto exit;

4
libsepol/cil/src/cil_build_ast.h
View File

@ -221,8 +221,8 @@ void cil_destroy_src_info(struct cil_src_info *info);
int cil_fill_cats(struct cil_tree_node *curr, struct cil_cats **cats);
void cil_destroy_cats(struct cil_cats *cats);
int cil_fill_context(struct cil_tree_node *user_node, struct cil_context *context);
int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer);
int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer);
int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer, int base);
int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer, int base);
int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr);
int cil_fill_level(struct cil_tree_node *sens, struct cil_level *level);