libsepol: cil: Keep type[attribute] declarations when attributizing.

cil_android_attributize() uses a source policy to identify types and attributes to be versioned according to the given version number, and then proceeds to modify the provided target policy to provide this versioning. Previously, the versioned policy relied on a base policy for the declarations of these type[attribute]s, but with multiple_decl support added, the declarations can be made in both places. This will make the policy more robust and allow for greater flexibility and the types of base policy used. Bug: 37915794 Test: Builds 'n' boots. non_plat_sepolicy.cil now contains the public type[attribute] declarations. Change-Id: Iaa084211a9e2774a7ed391888fb21c4c0cf955db
2025-03-02 00:16:06 +00:00 · 2017-10-11 12:59:43 -07:00 · 2017-10-11 12:59:43 -07:00 · 85850171a9
commit 85850171a9
parent 28749e4d40
2 changed files with 10 additions and 9 deletions
--- a/libsepol/cil/include/cil/android.h
+++ b/libsepol/cil/include/cil/android.h
@ -21,6 +21,8 @@ int cil_android_attrib_mapping(struct cil_db **mdb, struct cil_db *srcdb, const
 /*
 * cil_android_attributize - extract attributizable elements of the policy in
 * srcdb and convert all usage of those elements in tgtdb to versioned attributes.
+ * Keep the attributes and type definitions so that tgtdb policy is more robust
+ * against future changes to the public policy.
 *   tgtdb - initialized and parsed cil_db reference to modify.
 *   srcdb - initialized and parsed cil_db reference to source public policy
 *           from which to extract attributizable elements.
--- a/libsepol/cil/src/android.c
+++ b/libsepol/cil/src/android.c
@ -200,23 +200,27 @@ static char *__cil_attrib_get_versname(char *old, const char *vers)

 /*
 * Change type to attribute - create new versioned name based on old, create
- * typeattribute node and replace existing type node.
+ * typeattribute node add to the existing type node.
 */
 static int __cil_attrib_convert_type(struct cil_tree_node *node, struct version_args *args)
 {
 	int rc = SEPOL_ERR;
 	struct cil_type *type = (struct cil_type *)node->data;
 	struct cil_typeattribute *typeattr = NULL;
+	struct cil_tree_node *new_ast_node = NULL;
 	char *new_key;

 	cil_typeattribute_init(&typeattr);

 	new_key = __cil_attrib_get_versname(type->datum.name, args->num);

-	cil_symtab_datum_remove_node(&type->datum, node);
-	cil_destroy_type(type);
+	/* create new tree node to contain typeattribute and add to tree */
+	cil_tree_node_init(&new_ast_node);
+	new_ast_node->parent = node->parent;
+	new_ast_node->next = node->next;
+	node->next = new_ast_node;

-	rc = cil_gen_node(args->db, node, (struct cil_symtab_datum *) typeattr,
+	rc = cil_gen_node(args->db, new_ast_node, (struct cil_symtab_datum *) typeattr,
 			  new_key, CIL_SYM_TYPES, CIL_TYPEATTRIBUTE);
 	if (rc != SEPOL_OK) {
 		goto exit;
@ -422,11 +426,6 @@ static int cil_attrib_typeattribute(struct cil_tree_node *node, struct version_a
 		if (rc != SEPOL_OK) {
 			goto exit;
 		}
-	} else if (__cil_get_plat_flavor(args->vers_map, key) == PLAT_ATTRIB) {
-		// platform attribute declaration to be provided by platform policy
-		cil_symtab_datum_remove_node(&typeattr->datum, node);
-		cil_destroy_typeattribute(typeattr);
-		node->flavor = CIL_NONE; // traversal relies on this node sticking around, empty it.
 	}

 	return SEPOL_OK;