mirror of
https://github.com/topjohnwu/selinux.git
synced 2025-01-27 06:11:52 +00:00
libsepol: Write and read TUNABLE flags in related data structures.
All flags in cond_bool_datum_t and cond_node_t structures are written or read for policy modules which version is no less than MOD_POLICYDB_VERSION_TUNABLE_SEP. Note, for cond_node_t the TUNABLE flag bit would be used only at expand, however, it won't hurt to read/write this field for modules(potentially for future usage). Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
parent
80f26c5ee8
commit
b0be2a06b7
@ -564,8 +564,8 @@ static int bool_isvalid(cond_bool_datum_t * b)
|
||||
return 1;
|
||||
}
|
||||
|
||||
int cond_read_bool(policydb_t * p
|
||||
__attribute__ ((unused)), hashtab_t h,
|
||||
int cond_read_bool(policydb_t * p,
|
||||
hashtab_t h,
|
||||
struct policy_file *fp)
|
||||
{
|
||||
char *key = 0;
|
||||
@ -597,6 +597,15 @@ int cond_read_bool(policydb_t * p
|
||||
if (rc < 0)
|
||||
goto err;
|
||||
key[len] = 0;
|
||||
|
||||
if (p->policy_type != POLICY_KERN &&
|
||||
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||
rc = next_entry(buf, fp, sizeof(uint32_t));
|
||||
if (rc < 0)
|
||||
goto err;
|
||||
booldatum->flags = le32_to_cpu(buf[0]);
|
||||
}
|
||||
|
||||
if (hashtab_insert(h, key, booldatum))
|
||||
goto err;
|
||||
|
||||
@ -811,6 +820,14 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (p->policy_type != POLICY_KERN &&
|
||||
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||
rc = next_entry(buf, fp, sizeof(uint32_t));
|
||||
if (rc < 0)
|
||||
goto err;
|
||||
node->flags = le32_to_cpu(buf[0]);
|
||||
}
|
||||
|
||||
return 0;
|
||||
err:
|
||||
cond_node_destroy(node);
|
||||
|
@ -607,6 +607,7 @@ static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
|
||||
unsigned int items, items2;
|
||||
struct policy_data *pd = ptr;
|
||||
struct policy_file *fp = pd->fp;
|
||||
struct policydb *p = pd->p;
|
||||
|
||||
booldatum = (cond_bool_datum_t *) datum;
|
||||
|
||||
@ -621,6 +622,15 @@ static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
|
||||
items = put_entry(key, 1, len, fp);
|
||||
if (items != len)
|
||||
return POLICYDB_ERROR;
|
||||
|
||||
if (p->policy_type != POLICY_KERN &&
|
||||
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||
buf[0] = cpu_to_le32(booldatum->flags);
|
||||
items = put_entry(buf, sizeof(uint32_t), 1, fp);
|
||||
if (items != 1)
|
||||
return POLICYDB_ERROR;
|
||||
}
|
||||
|
||||
return POLICYDB_SUCCESS;
|
||||
}
|
||||
|
||||
@ -727,6 +737,14 @@ static int cond_write_node(policydb_t * p,
|
||||
return POLICYDB_ERROR;
|
||||
}
|
||||
|
||||
if (p->policy_type != POLICY_KERN &&
|
||||
p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) {
|
||||
buf[0] = cpu_to_le32(node->flags);
|
||||
items = put_entry(buf, sizeof(uint32_t), 1, fp);
|
||||
if (items != 1)
|
||||
return POLICYDB_ERROR;
|
||||
}
|
||||
|
||||
return POLICYDB_SUCCESS;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user