- Fix mls crash
This commit is contained in:
Daniel J Walsh
parent
b846509581
commit
23957130df
|
|
@ -1,111 +1,29 @@
|
|||
diff --exclude-from=exclude -N -u -r nsacheckpolicy/Makefile checkpolicy-1.25.3/Makefile
|
||||
--- nsacheckpolicy/Makefile 2005-07-28 15:18:33.000000000 -0400
|
||||
+++ checkpolicy-1.25.3/Makefile 2005-07-29 09:18:09.000000000 -0400
|
||||
@@ -6,7 +6,7 @@
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
LIBDIR ?= $(PREFIX)/lib
|
||||
INCLUDEDIR ?= $(PREFIX)/include
|
||||
-TARGETS = checkpolicy checkmodule
|
||||
+TARGETS = checkpolicy checkmodule semodule_package
|
||||
Index: checkpolicy/policy_parse.y
|
||||
===================================================================
|
||||
RCS file: /nfshome/pal/CVS/selinux-usr/checkpolicy/policy_parse.y,v
|
||||
retrieving revision 1.41
|
||||
diff -u -p -r1.41 policy_parse.y
|
||||
--- checkpolicy/policy_parse.y 15 Aug 2005 16:10:56 -0000 1.41
|
||||
+++ checkpolicy/policy_parse.y 22 Aug 2005 17:49:36 -0000
|
||||
@@ -2965,6 +2965,7 @@ static int define_validatetrans(constrai
|
||||
ebitmap_t classmap;
|
||||
constraint_expr_t *e;
|
||||
int depth;
|
||||
+ unsigned char useexpr = 1;
|
||||
|
||||
CFLAGS ?= -g -Wall -O2 -pipe -fno-strict-aliasing
|
||||
|
||||
@@ -15,8 +15,9 @@
|
||||
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o
|
||||
CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
|
||||
CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
|
||||
+SEMODULE_PACKAGEOBJS = semodule_package.o
|
||||
|
||||
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
|
||||
+LDLIBS=$(LIBDIR)/libsepol.a -lfl
|
||||
|
||||
all: $(TARGETS)
|
||||
|
||||
@@ -24,6 +25,9 @@
|
||||
|
||||
checkmodule: $(CHECKMODOBJS)
|
||||
|
||||
+semodule_package: $(SEMODULE_PACKAGEOBJS)
|
||||
+ $(CC) -o $@ $^ ${LIBDIR}/libsemanage.a $(LIBDIR)/libsepol.a
|
||||
+
|
||||
%.o: %.c
|
||||
$(CC) $(CFLAGS) -o $@ -c $<
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsacheckpolicy/semodule_package.c checkpolicy-1.25.3/semodule_package.c
|
||||
--- nsacheckpolicy/semodule_package.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ checkpolicy-1.25.3/semodule_package.c 2005-07-28 15:30:24.000000000 -0400
|
||||
@@ -0,0 +1,74 @@
|
||||
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
|
||||
+ *
|
||||
+ * Copyright (C) 2004 Tresys Technology, LLC
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation, version 2.
|
||||
+ */
|
||||
+
|
||||
+#include <semanage/module.h>
|
||||
+
|
||||
+#include <fcntl.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <unistd.h>
|
||||
+
|
||||
+extern char *optarg;
|
||||
+
|
||||
+static void usage(char *progname)
|
||||
+{
|
||||
+ printf("usage: %s PACKAGE MODULE [FILE_CONTEXTS]\n", progname);
|
||||
+ printf("Build a package from a module and optional file contexts.\n");
|
||||
+ printf("Options:\n");
|
||||
+ printf(" PACKAGE name of file to write generated package\n");
|
||||
+ printf(" MODULE base or policy module to wrap\n");
|
||||
+ printf(" FILE_CONTEXTS file containing file contexts for this package\n");
|
||||
+ exit(1);
|
||||
+}
|
||||
+
|
||||
+static int file_to_policy_file(char *filename, struct policy_file *pf, char *mode)
|
||||
+{
|
||||
+ FILE *f;
|
||||
+
|
||||
+ memset(pf, 0, sizeof(struct policy_file));
|
||||
+
|
||||
+ f = fopen(filename, mode);
|
||||
+ if (!f) {
|
||||
+ fprintf(stderr, "Could not open file %s\n", filename);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ pf->type = PF_USE_STDIO;
|
||||
+ pf->fp = f;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char **argv)
|
||||
+{
|
||||
+ struct policy_file out, mod, fc;
|
||||
+
|
||||
+ if (argc < 3 || argc > 4)
|
||||
+ usage(argv[0]);
|
||||
+
|
||||
+ if (file_to_policy_file(argv[1], &out, "w"))
|
||||
+ exit(1);
|
||||
+
|
||||
+ if (file_to_policy_file(argv[2], &mod, "r"))
|
||||
+ exit(1);
|
||||
+
|
||||
+ if (argc == 3) {
|
||||
+ if (semod_module_package_create(&mod, NULL, &out)) {
|
||||
+ fprintf(stderr, "Could not write module package\n");
|
||||
+ exit(1);
|
||||
if (pass == 1) {
|
||||
while ((id = queue_remove(id_queue)))
|
||||
@@ -3035,7 +3036,12 @@ static int define_validatetrans(constrai
|
||||
return -1;
|
||||
}
|
||||
memset(node, 0, sizeof(constraint_node_t));
|
||||
- node->expr = expr;
|
||||
+ if (useexpr) {
|
||||
+ node->expr = expr;
|
||||
+ useexpr = 0;
|
||||
+ } else {
|
||||
+ node->expr = constraint_expr_clone(expr);
|
||||
+ }
|
||||
+ } else if (argc == 4) {
|
||||
+ if (file_to_policy_file(argv[3], &fc, "r"))
|
||||
+ exit(1);
|
||||
+ if (semod_module_package_create(&mod, &fc, &out)) {
|
||||
+ fprintf(stderr, "Could not write module package\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
node->permissions = 0;
|
||||
|
||||
node->next = cladatum->validatetrans;
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
Summary: SELinux policy compiler
|
||||
Name: checkpolicy
|
||||
Version: 1.25.11
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: GPL
|
||||
Group: Development/System
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
|
|
@ -45,6 +45,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_mandir}/man8/checkpolicy.8.gz
|
||||
|
||||
%changelog
|
||||
* Mon Aug 22 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-2
|
||||
- Fix mls crash
|
||||
|
||||
* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-1
|
||||
- Update to NSA Release
|
||||
* Merged use-after-free fix from Serge Hallyn (IBM).
|
||||
|
|
|
|||
Loading…
Reference in New Issue