Revert "libsepol: implement new module binary format of avrule"

This reverts commit 11013986ac.

Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
This commit is contained in:
James Carter 2023-07-25 11:14:57 -04:00
parent 748614b73c
commit e3388c7643
3 changed files with 4 additions and 51 deletions
libsepol
include/sepol/policydb
src

View File

@ -749,10 +749,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
#define MOD_POLICYDB_VERSION_INFINIBAND 19
#define MOD_POLICYDB_VERSION_GLBLUB 20
#define MOD_POLICYDB_VERSION_SELF_TYPETRANS 21
#define MOD_POLICYDB_VERSION_AVRULE_FTRANS 22
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_AVRULE_FTRANS
#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_SELF_TYPETRANS
#define POLICYDB_CONFIG_MLS 1

View File

@ -341,13 +341,6 @@ static const struct policydb_compat_info policydb_compat[] = {
.ocon_num = OCON_IBENDPORT + 1,
.target_platform = SEPOL_TARGET_SELINUX,
},
{
.type = POLICY_BASE,
.version = MOD_POLICYDB_VERSION_AVRULE_FTRANS,
.sym_num = SYM_NUM,
.ocon_num = OCON_IBENDPORT + 1,
.target_platform = SEPOL_TARGET_SELINUX,
},
{
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_BASE,
@ -474,13 +467,6 @@ static const struct policydb_compat_info policydb_compat[] = {
.ocon_num = 0,
.target_platform = SEPOL_TARGET_SELINUX,
},
{
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_AVRULE_FTRANS,
.sym_num = SYM_NUM,
.ocon_num = 0,
.target_platform = SEPOL_TARGET_SELINUX,
},
};
#if 0
@ -3216,19 +3202,6 @@ static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
tail = cur;
}
if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
avrule->specified & AVRULE_TRANSITION) {
rc = next_entry(buf, fp, sizeof(uint32_t));
if (rc < 0)
goto bad;
len = le32_to_cpu(*buf);
if (len) {
rc = str_read(&avrule->object_name, fp, len);
if (rc < 0)
goto bad;
}
}
if (avrule->specified & AVRULE_XPERMS) {
uint8_t buf8;
size_t nel = ARRAY_SIZE(avrule->xperms->perms);
@ -3660,7 +3633,6 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
}
if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
filename_trans_rule_read(p, &decl->avrules, fp))
return -1;

View File

@ -2025,9 +2025,8 @@ static int avrule_write(policydb_t *p, avrule_t * avrule,
uint32_t buf[32], len;
class_perm_node_t *cur;
/* skip filename transitions if writing older version without name */
if (p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
avrule->specified & AVRULE_TRANSITION && avrule->object_name)
/* skip filename transitions for now */
if (avrule->specified & AVRULE_TRANSITION && avrule->object_name)
return POLICYDB_SUCCESS;
if (p->policyvers < MOD_POLICYDB_VERSION_SELF_TYPETRANS &&
@ -2074,21 +2073,6 @@ static int avrule_write(policydb_t *p, avrule_t * avrule,
cur = cur->next;
}
if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
avrule->specified & AVRULE_TRANSITION) {
len = avrule->object_name ? strlen(avrule->object_name) : 0;
*buf = cpu_to_le32(len);
items = put_entry(buf, sizeof(uint32_t), 1, fp);
if (items != 1)
return POLICYDB_ERROR;
if (avrule->object_name) {
items = put_entry(avrule->object_name, sizeof(char),
len, fp);
if (items != len)
return POLICYDB_ERROR;
}
}
if (avrule->specified & AVRULE_XPERMS) {
size_t nel = ARRAY_SIZE(avrule->xperms->perms);
uint32_t buf32[nel];
@ -2138,8 +2122,7 @@ static int avrule_write_list(policydb_t *p, avrule_t * avrules,
avrule = avrules;
len = 0;
while (avrule) {
if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS ||
!(avrule->specified & AVRULE_TRANSITION &&
if (!(avrule->specified & AVRULE_TRANSITION &&
avrule->object_name))
len++;
avrule = avrule->next;
@ -2374,7 +2357,6 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
}
if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS &&
filename_trans_rule_write(p, decl->avrules, fp))
return POLICYDB_ERROR;