From 651df3ceb68902a530a0f0f19e84bde999b1d244 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 16 Oct 2007 18:30:23 +0000 Subject: [PATCH] trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited by userspace object classes. --- policy/flask/Makefile | 4 ++-- policy/flask/flask.py | 15 +++++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/policy/flask/Makefile b/policy/flask/Makefile index 5d6e9549c..17dc1747c 100644 --- a/policy/flask/Makefile +++ b/policy/flask/Makefile @@ -27,11 +27,11 @@ FLASK_NOWARNINGS = --nowarnings all: $(USER_H) $(KERN_H) -$(USER_H): +$(USER_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F) mkdir -p $(USER_D) $(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(USER_D) -u $(FLASK_NOWARNINGS) -$(KERN_H): +$(KERN_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F) mkdir -p $(KERN_D) $(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(KERN_D) -k $(FLASK_NOWARNINGS) diff --git a/policy/flask/flask.py b/policy/flask/flask.py index 82e45b3a2..9cc91f717 100644 --- a/policy/flask/flask.py +++ b/policy/flask/flask.py @@ -93,6 +93,7 @@ class Flask: self.WARN = warn self.autogen = "/* This file is automatically generated. Do not edit. */\n" self.commons = [] + self.user_commons = [] self.common = {} self.classes = [] self.vectors = [] @@ -174,6 +175,7 @@ class Flask: commons = [] common = {} inherits = {} + user_commons = {} input = open(path, 'r') # states @@ -205,6 +207,7 @@ class Flask: if c in commons: raise DuplicateError, (self.COMMON, path, number, c) commons.append(c) common[c] = [] + user_commons[c] = True state = COMMON continue @@ -229,6 +232,7 @@ class Flask: if i not in common: raise UndefinedError, (self.COMMON, path, number, i) inherits[c] = i state = INHERIT + if not self.userspace.has_key(c): user_commons[i] = False continue m = self.OPENB.search(line) @@ -270,6 +274,7 @@ class Flask: if cvdiff: raise UnusedError, "Not all security classes were used in access vectors: %s" % cvdiff # the inverse of this will be caught as an undefined class error self.commons = commons + self.user_commons = user_commons self.common = common self.vectors = vectors self.vector = vector @@ -388,10 +393,12 @@ class Flask: results = [] results.append(self.autogen) for common in self.commons: - results.append("TB_(common_%s_perm_to_string)\n" % common) - for p in self.common[common]: - results.append(" S_(\"%s\")\n" % p) - results.append("TE_(common_%s_perm_to_string)\n\n" % common) + user = self.user_commons[common] + if not (mode == self.KERNEL and user): + results.append("TB_(common_%s_perm_to_string)\n" % common) + for p in self.common[common]: + results.append(" S_(\"%s\")\n" % p) + results.append("TE_(common_%s_perm_to_string)\n\n" % common) return results def createFlaskH(self, mode = USERSPACE):