re-add Erics patch for filename transitions
Update to upstream * Add new class field in role_transition by Harry Ciao.
This commit is contained in:
parent
a3a7288b5c
commit
53af5b6865
@ -1,7 +1,8 @@
|
|||||||
diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.42/include/sepol/policydb/policydb.h
|
diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
|
||||||
--- libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis 2010-12-21 16:41:58.000000000 -0500
|
index 94b8609..7b23a16 100644
|
||||||
+++ libsepol-2.0.42/include/sepol/policydb/policydb.h 2011-03-23 14:11:28.432820275 -0400
|
--- a/libsepol/include/sepol/policydb/policydb.h
|
||||||
@@ -135,6 +135,16 @@ typedef struct role_allow {
|
+++ b/libsepol/include/sepol/policydb/policydb.h
|
||||||
|
@@ -136,6 +136,16 @@ typedef struct role_allow {
|
||||||
struct role_allow *next;
|
struct role_allow *next;
|
||||||
} role_allow_t;
|
} role_allow_t;
|
||||||
|
|
||||||
@ -18,7 +19,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
|
|||||||
/* Type attributes */
|
/* Type attributes */
|
||||||
typedef struct type_datum {
|
typedef struct type_datum {
|
||||||
symtab_datum_t s;
|
symtab_datum_t s;
|
||||||
@@ -245,6 +255,15 @@ typedef struct role_allow_rule {
|
@@ -247,6 +257,15 @@ typedef struct role_allow_rule {
|
||||||
struct role_allow_rule *next;
|
struct role_allow_rule *next;
|
||||||
} role_allow_rule_t;
|
} role_allow_rule_t;
|
||||||
|
|
||||||
@ -34,7 +35,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
|
|||||||
typedef struct range_trans_rule {
|
typedef struct range_trans_rule {
|
||||||
type_set_t stypes;
|
type_set_t stypes;
|
||||||
type_set_t ttypes;
|
type_set_t ttypes;
|
||||||
@@ -374,6 +393,9 @@ typedef struct avrule_decl {
|
@@ -376,6 +395,9 @@ typedef struct avrule_decl {
|
||||||
scope_index_t required; /* symbols needed to activate this block */
|
scope_index_t required; /* symbols needed to activate this block */
|
||||||
scope_index_t declared; /* symbols declared within this block */
|
scope_index_t declared; /* symbols declared within this block */
|
||||||
|
|
||||||
@ -44,7 +45,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
|
|||||||
/* for additive statements (type attribute, roles, and users) */
|
/* for additive statements (type attribute, roles, and users) */
|
||||||
symtab_t symtab[SYM_NUM];
|
symtab_t symtab[SYM_NUM];
|
||||||
|
|
||||||
@@ -484,6 +506,9 @@ typedef struct policydb {
|
@@ -486,6 +508,9 @@ typedef struct policydb {
|
||||||
/* role transitions */
|
/* role transitions */
|
||||||
role_trans_t *role_tr;
|
role_trans_t *role_tr;
|
||||||
|
|
||||||
@ -54,7 +55,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
|
|||||||
/* role allows */
|
/* role allows */
|
||||||
role_allow_t *role_allow;
|
role_allow_t *role_allow;
|
||||||
|
|
||||||
@@ -562,6 +587,8 @@ extern void avrule_destroy(avrule_t * x)
|
@@ -564,6 +589,8 @@ extern void avrule_destroy(avrule_t * x);
|
||||||
extern void avrule_list_destroy(avrule_t * x);
|
extern void avrule_list_destroy(avrule_t * x);
|
||||||
extern void role_trans_rule_init(role_trans_rule_t * x);
|
extern void role_trans_rule_init(role_trans_rule_t * x);
|
||||||
extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
|
extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
|
||||||
@ -63,35 +64,36 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
|
|||||||
|
|
||||||
extern void role_datum_init(role_datum_t * x);
|
extern void role_datum_init(role_datum_t * x);
|
||||||
extern void role_datum_destroy(role_datum_t * x);
|
extern void role_datum_destroy(role_datum_t * x);
|
||||||
@@ -630,10 +657,11 @@ extern int policydb_set_target_platform(
|
@@ -633,10 +660,11 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
|
||||||
#define POLICYDB_VERSION_POLCAP 22
|
|
||||||
#define POLICYDB_VERSION_PERMISSIVE 23
|
#define POLICYDB_VERSION_PERMISSIVE 23
|
||||||
#define POLICYDB_VERSION_BOUNDARY 24
|
#define POLICYDB_VERSION_BOUNDARY 24
|
||||||
+#define POLICYDB_VERSION_FILENAME_TRANS 25
|
#define POLICYDB_VERSION_ROLETRANS 26
|
||||||
|
+#define POLICYDB_VERSION_FILENAME_TRANS 27
|
||||||
|
|
||||||
/* Range of policy versions we understand*/
|
/* Range of policy versions we understand*/
|
||||||
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
|
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
|
||||||
-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY
|
-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_ROLETRANS
|
||||||
+#define POLICYDB_VERSION_MAX POLICYDB_VERSION_FILENAME_TRANS
|
+#define POLICYDB_VERSION_MAX POLICYDB_VERSION_FILENAME_TRANS
|
||||||
|
|
||||||
/* Module versions and specific changes*/
|
/* Module versions and specific changes*/
|
||||||
#define MOD_POLICYDB_VERSION_BASE 4
|
#define MOD_POLICYDB_VERSION_BASE 4
|
||||||
@@ -645,9 +673,10 @@ extern int policydb_set_target_platform(
|
@@ -649,9 +677,10 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
|
||||||
#define MOD_POLICYDB_VERSION_PERMISSIVE 8
|
|
||||||
#define MOD_POLICYDB_VERSION_BOUNDARY 9
|
#define MOD_POLICYDB_VERSION_BOUNDARY 9
|
||||||
#define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS 10
|
#define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS 10
|
||||||
+#define MOD_POLICYDB_VERSION_FILENAME_TRANS 11
|
#define MOD_POLICYDB_VERSION_ROLETRANS 12
|
||||||
|
+#define MOD_POLICYDB_VERSION_FILENAME_TRANS 13
|
||||||
|
|
||||||
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
|
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
|
||||||
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_BOUNDARY_ALIAS
|
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_ROLETRANS
|
||||||
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_FILENAME_TRANS
|
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_FILENAME_TRANS
|
||||||
|
|
||||||
#define POLICYDB_CONFIG_MLS 1
|
#define POLICYDB_CONFIG_MLS 1
|
||||||
|
|
||||||
diff -up libsepol-2.0.42/src/avrule_block.c.eparis libsepol-2.0.42/src/avrule_block.c
|
diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
|
||||||
--- libsepol-2.0.42/src/avrule_block.c.eparis 2010-12-21 16:41:58.000000000 -0500
|
index 8d1f8f6..16c89f3 100644
|
||||||
+++ libsepol-2.0.42/src/avrule_block.c 2011-03-23 12:15:48.241980087 -0400
|
--- a/libsepol/src/avrule_block.c
|
||||||
@@ -98,6 +98,7 @@ void avrule_decl_destroy(avrule_decl_t *
|
+++ b/libsepol/src/avrule_block.c
|
||||||
|
@@ -98,6 +98,7 @@ void avrule_decl_destroy(avrule_decl_t * x)
|
||||||
cond_list_destroy(x->cond_list);
|
cond_list_destroy(x->cond_list);
|
||||||
avrule_list_destroy(x->avrules);
|
avrule_list_destroy(x->avrules);
|
||||||
role_trans_rule_list_destroy(x->role_tr_rules);
|
role_trans_rule_list_destroy(x->role_tr_rules);
|
||||||
@ -99,10 +101,11 @@ diff -up libsepol-2.0.42/src/avrule_block.c.eparis libsepol-2.0.42/src/avrule_bl
|
|||||||
role_allow_rule_list_destroy(x->role_allow_rules);
|
role_allow_rule_list_destroy(x->role_allow_rules);
|
||||||
range_trans_rule_list_destroy(x->range_tr_rules);
|
range_trans_rule_list_destroy(x->range_tr_rules);
|
||||||
scope_index_destroy(&x->required);
|
scope_index_destroy(&x->required);
|
||||||
diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
|
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
|
||||||
--- libsepol-2.0.42/src/expand.c.eparis 2010-12-21 16:41:58.000000000 -0500
|
index 8539f88..b1af365 100644
|
||||||
+++ libsepol-2.0.42/src/expand.c 2011-03-23 12:15:48.242980223 -0400
|
--- a/libsepol/src/expand.c
|
||||||
@@ -1231,6 +1231,101 @@ static int copy_role_trans(expand_state_
|
+++ b/libsepol/src/expand.c
|
||||||
|
@@ -1237,6 +1237,101 @@ static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -204,7 +207,7 @@ diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
|
|||||||
static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass,
|
static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass,
|
||||||
mls_semantic_range_t * trange,
|
mls_semantic_range_t * trange,
|
||||||
expand_state_t * state)
|
expand_state_t * state)
|
||||||
@@ -2374,6 +2469,9 @@ static int copy_and_expand_avrule_block(
|
@@ -2380,6 +2475,9 @@ static int copy_and_expand_avrule_block(expand_state_t * state)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -214,10 +217,11 @@ diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
|
|||||||
/* expand the range transition rules */
|
/* expand the range transition rules */
|
||||||
if (expand_range_trans(state, decl->range_tr_rules))
|
if (expand_range_trans(state, decl->range_tr_rules))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
|
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
|
||||||
--- libsepol-2.0.42/src/link.c.eparis 2010-12-21 16:41:58.000000000 -0500
|
index e33db0f..23dbb1b 100644
|
||||||
+++ libsepol-2.0.42/src/link.c 2011-03-23 12:15:48.243980361 -0400
|
--- a/libsepol/src/link.c
|
||||||
@@ -1326,6 +1326,50 @@ static int copy_role_allow_list(role_all
|
+++ b/libsepol/src/link.c
|
||||||
|
@@ -1340,6 +1340,50 @@ static int copy_role_allow_list(role_allow_rule_t * list,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -268,7 +272,7 @@ diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
|
|||||||
static int copy_range_trans_list(range_trans_rule_t * rules,
|
static int copy_range_trans_list(range_trans_rule_t * rules,
|
||||||
range_trans_rule_t ** dst,
|
range_trans_rule_t ** dst,
|
||||||
policy_module_t * mod, link_state_t * state)
|
policy_module_t * mod, link_state_t * state)
|
||||||
@@ -1568,6 +1612,11 @@ static int copy_avrule_decl(link_state_t
|
@@ -1582,6 +1626,11 @@ static int copy_avrule_decl(link_state_t * state, policy_module_t * module,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -280,10 +284,11 @@ diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
|
|||||||
if (copy_range_trans_list(src_decl->range_tr_rules,
|
if (copy_range_trans_list(src_decl->range_tr_rules,
|
||||||
&dest_decl->range_tr_rules, module, state))
|
&dest_decl->range_tr_rules, module, state))
|
||||||
return -1;
|
return -1;
|
||||||
diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
|
||||||
--- libsepol-2.0.42/src/policydb.c.eparis 2010-12-21 16:41:58.000000000 -0500
|
index bbf3c88..d7be9fc 100644
|
||||||
+++ libsepol-2.0.42/src/policydb.c 2011-03-23 12:15:48.244980498 -0400
|
--- a/libsepol/src/policydb.c
|
||||||
@@ -136,6 +136,13 @@ static struct policydb_compat_info polic
|
+++ b/libsepol/src/policydb.c
|
||||||
|
@@ -143,6 +143,13 @@ static struct policydb_compat_info policydb_compat[] = {
|
||||||
.ocon_num = OCON_NODE6 + 1,
|
.ocon_num = OCON_NODE6 + 1,
|
||||||
.target_platform = SEPOL_TARGET_SELINUX,
|
.target_platform = SEPOL_TARGET_SELINUX,
|
||||||
},
|
},
|
||||||
@ -297,7 +302,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
{
|
{
|
||||||
.type = POLICY_BASE,
|
.type = POLICY_BASE,
|
||||||
.version = MOD_POLICYDB_VERSION_BASE,
|
.version = MOD_POLICYDB_VERSION_BASE,
|
||||||
@@ -186,6 +193,13 @@ static struct policydb_compat_info polic
|
@@ -200,6 +207,13 @@ static struct policydb_compat_info policydb_compat[] = {
|
||||||
.target_platform = SEPOL_TARGET_SELINUX,
|
.target_platform = SEPOL_TARGET_SELINUX,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -311,7 +316,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
.type = POLICY_MOD,
|
.type = POLICY_MOD,
|
||||||
.version = MOD_POLICYDB_VERSION_BASE,
|
.version = MOD_POLICYDB_VERSION_BASE,
|
||||||
.sym_num = SYM_NUM,
|
.sym_num = SYM_NUM,
|
||||||
@@ -234,6 +248,13 @@ static struct policydb_compat_info polic
|
@@ -255,6 +269,13 @@ static struct policydb_compat_info policydb_compat[] = {
|
||||||
.ocon_num = 0,
|
.ocon_num = 0,
|
||||||
.target_platform = SEPOL_TARGET_SELINUX,
|
.target_platform = SEPOL_TARGET_SELINUX,
|
||||||
},
|
},
|
||||||
@ -325,7 +330,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
};
|
};
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
@@ -433,6 +454,33 @@ void role_trans_rule_list_destroy(role_t
|
@@ -456,6 +477,33 @@ void role_trans_rule_list_destroy(role_trans_rule_t * x)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -359,7 +364,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
void role_allow_rule_init(role_allow_rule_t * x)
|
void role_allow_rule_init(role_allow_rule_t * x)
|
||||||
{
|
{
|
||||||
memset(x, 0, sizeof(role_allow_rule_t));
|
memset(x, 0, sizeof(role_allow_rule_t));
|
||||||
@@ -1112,6 +1160,7 @@ void policydb_destroy(policydb_t * p)
|
@@ -1135,6 +1183,7 @@ void policydb_destroy(policydb_t * p)
|
||||||
role_allow_t *ra, *lra = NULL;
|
role_allow_t *ra, *lra = NULL;
|
||||||
role_trans_t *tr, *ltr = NULL;
|
role_trans_t *tr, *ltr = NULL;
|
||||||
range_trans_t *rt, *lrt = NULL;
|
range_trans_t *rt, *lrt = NULL;
|
||||||
@ -367,7 +372,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
|
|
||||||
if (!p)
|
if (!p)
|
||||||
return;
|
return;
|
||||||
@@ -1177,6 +1226,14 @@ void policydb_destroy(policydb_t * p)
|
@@ -1200,6 +1249,14 @@ void policydb_destroy(policydb_t * p)
|
||||||
if (ltr)
|
if (ltr)
|
||||||
free(ltr);
|
free(ltr);
|
||||||
|
|
||||||
@ -382,7 +387,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
for (ra = p->role_allow; ra; ra = ra->next) {
|
for (ra = p->role_allow; ra; ra = ra->next) {
|
||||||
if (lra)
|
if (lra)
|
||||||
free(lra);
|
free(lra);
|
||||||
@@ -2168,6 +2225,55 @@ int role_allow_read(role_allow_t ** r, s
|
@@ -2201,6 +2258,55 @@ int role_allow_read(role_allow_t ** r, struct policy_file *fp)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -438,7 +443,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
static int ocontext_read_xen(struct policydb_compat_info *info,
|
static int ocontext_read_xen(struct policydb_compat_info *info,
|
||||||
policydb_t *p, struct policy_file *fp)
|
policydb_t *p, struct policy_file *fp)
|
||||||
{
|
{
|
||||||
@@ -2971,6 +3077,62 @@ static int role_allow_rule_read(role_all
|
@@ -3007,6 +3113,62 @@ static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -501,7 +506,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
static int range_trans_rule_read(range_trans_rule_t ** r,
|
static int range_trans_rule_read(range_trans_rule_t ** r,
|
||||||
struct policy_file *fp)
|
struct policy_file *fp)
|
||||||
{
|
{
|
||||||
@@ -3064,6 +3226,11 @@ static int avrule_decl_read(policydb_t *
|
@@ -3100,6 +3262,11 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
|
||||||
role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
|
role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -513,7 +518,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
|
if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
|
||||||
range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
|
range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
|
||||||
return -1;
|
return -1;
|
||||||
@@ -3455,6 +3622,9 @@ int policydb_read(policydb_t * p, struct
|
@@ -3491,6 +3658,9 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
|
||||||
goto bad;
|
goto bad;
|
||||||
if (role_allow_read(&p->role_allow, fp))
|
if (role_allow_read(&p->role_allow, fp))
|
||||||
goto bad;
|
goto bad;
|
||||||
@ -523,10 +528,11 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
|
|||||||
} else {
|
} else {
|
||||||
/* first read the AV rule blocks, then the scope tables */
|
/* first read the AV rule blocks, then the scope tables */
|
||||||
avrule_block_destroy(p->global);
|
avrule_block_destroy(p->global);
|
||||||
diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
|
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
|
||||||
--- libsepol-2.0.42/src/write.c.eparis 2010-12-21 16:41:58.000000000 -0500
|
index f9d59b6..c4f5035 100644
|
||||||
+++ libsepol-2.0.42/src/write.c 2011-03-23 12:15:48.245980639 -0400
|
--- a/libsepol/src/write.c
|
||||||
@@ -510,6 +510,42 @@ static int role_allow_write(role_allow_t
|
+++ b/libsepol/src/write.c
|
||||||
|
@@ -528,6 +528,42 @@ static int role_allow_write(role_allow_t * r, struct policy_file *fp)
|
||||||
return POLICYDB_SUCCESS;
|
return POLICYDB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -569,7 +575,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
|
|||||||
static int role_set_write(role_set_t * x, struct policy_file *fp)
|
static int role_set_write(role_set_t * x, struct policy_file *fp)
|
||||||
{
|
{
|
||||||
size_t items;
|
size_t items;
|
||||||
@@ -1476,6 +1512,47 @@ static int role_allow_rule_write(role_al
|
@@ -1496,6 +1532,47 @@ static int role_allow_rule_write(role_allow_rule_t * r, struct policy_file *fp)
|
||||||
return POLICYDB_SUCCESS;
|
return POLICYDB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -617,7 +623,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
|
|||||||
static int range_trans_rule_write(range_trans_rule_t * t,
|
static int range_trans_rule_write(range_trans_rule_t * t,
|
||||||
struct policy_file *fp)
|
struct policy_file *fp)
|
||||||
{
|
{
|
||||||
@@ -1543,6 +1620,11 @@ static int avrule_decl_write(avrule_decl
|
@@ -1563,6 +1640,11 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
|
||||||
role_allow_rule_write(decl->role_allow_rules, fp) == -1) {
|
role_allow_rule_write(decl->role_allow_rules, fp) == -1) {
|
||||||
return POLICYDB_ERROR;
|
return POLICYDB_ERROR;
|
||||||
}
|
}
|
||||||
@ -629,7 +635,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
|
|||||||
if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
|
if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
|
||||||
range_trans_rule_write(decl->range_tr_rules, fp) == -1) {
|
range_trans_rule_write(decl->range_tr_rules, fp) == -1) {
|
||||||
return POLICYDB_ERROR;
|
return POLICYDB_ERROR;
|
||||||
@@ -1819,6 +1901,9 @@ int policydb_write(policydb_t * p, struc
|
@@ -1839,6 +1921,9 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
|
||||||
return POLICYDB_ERROR;
|
return POLICYDB_ERROR;
|
||||||
if (role_allow_write(p->role_allow, fp))
|
if (role_allow_write(p->role_allow, fp))
|
||||||
return POLICYDB_ERROR;
|
return POLICYDB_ERROR;
|
||||||
@ -639,6 +645,3 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
|
|||||||
} else {
|
} else {
|
||||||
if (avrule_block_write(p->global, num_syms, p, fp) == -1) {
|
if (avrule_block_write(p->global, num_syms, p, fp) == -1) {
|
||||||
return POLICYDB_ERROR;
|
return POLICYDB_ERROR;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,10 +1,11 @@
|
|||||||
Summary: SELinux binary policy manipulation library
|
Summary: SELinux binary policy manipulation library
|
||||||
Name: libsepol
|
Name: libsepol
|
||||||
Version: 2.0.43
|
Version: 2.0.43
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
|
||||||
|
Patch: libsepol-rhat.patch
|
||||||
URL: http://www.selinuxproject.org
|
URL: http://www.selinuxproject.org
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
@ -45,6 +46,7 @@ needed for developing applications that manipulate binary policies.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch -p2 -b .rhat
|
||||||
# sparc64 is an -fPIC arch, so we need to fix it here
|
# sparc64 is an -fPIC arch, so we need to fix it here
|
||||||
%ifarch sparc64
|
%ifarch sparc64
|
||||||
sed -i 's/fpic/fPIC/g' src/Makefile
|
sed -i 's/fpic/fPIC/g' src/Makefile
|
||||||
@ -97,14 +99,12 @@ exit 0
|
|||||||
/%{_lib}/libsepol.so.1
|
/%{_lib}/libsepol.so.1
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-2
|
||||||
|
- re-add Erics patch for filename transitions
|
||||||
|
|
||||||
* Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
|
* Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
|
||||||
* Give correct names to mount points in load_policy by Dan Walsh.
|
-Update to upstream
|
||||||
* Make sure selinux state is reported correctly if selinux is disabled or
|
* Add new class field in role_transition by Harry Ciao.
|
||||||
fails to load by Dan Walsh.
|
|
||||||
* Fix crash if selinux_key_create was never called by Dan Walsh.
|
|
||||||
* Add new file_context.subs_dist for distro specific filecon substitutions
|
|
||||||
by Dan Walsh.
|
|
||||||
* Update man pages for selinux_color_* functions by Richard Haines.
|
|
||||||
|
|
||||||
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
|
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
|
||||||
- Apply Eparis Patch
|
- Apply Eparis Patch
|
||||||
@ -115,7 +115,6 @@ the number of rules grows to an significant size I will likely choose to
|
|||||||
store these in a hash, both in libsepol and in the kernel. But as long
|
store these in a hash, both in libsepol and in the kernel. But as long
|
||||||
as the number of such rules stays small, this should be good.
|
as the number of such rules stays small, this should be good.
|
||||||
|
|
||||||
|
|
||||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.42-2
|
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.42-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user