- Fix mls crash
This commit is contained in:
parent
b846509581
commit
23957130df
@ -1,111 +1,29 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsacheckpolicy/Makefile checkpolicy-1.25.3/Makefile
|
Index: checkpolicy/policy_parse.y
|
||||||
--- nsacheckpolicy/Makefile 2005-07-28 15:18:33.000000000 -0400
|
===================================================================
|
||||||
+++ checkpolicy-1.25.3/Makefile 2005-07-29 09:18:09.000000000 -0400
|
RCS file: /nfshome/pal/CVS/selinux-usr/checkpolicy/policy_parse.y,v
|
||||||
@@ -6,7 +6,7 @@
|
retrieving revision 1.41
|
||||||
MANDIR ?= $(PREFIX)/share/man
|
diff -u -p -r1.41 policy_parse.y
|
||||||
LIBDIR ?= $(PREFIX)/lib
|
--- checkpolicy/policy_parse.y 15 Aug 2005 16:10:56 -0000 1.41
|
||||||
INCLUDEDIR ?= $(PREFIX)/include
|
+++ checkpolicy/policy_parse.y 22 Aug 2005 17:49:36 -0000
|
||||||
-TARGETS = checkpolicy checkmodule
|
@@ -2965,6 +2965,7 @@ static int define_validatetrans(constrai
|
||||||
+TARGETS = checkpolicy checkmodule semodule_package
|
ebitmap_t classmap;
|
||||||
|
constraint_expr_t *e;
|
||||||
|
int depth;
|
||||||
|
+ unsigned char useexpr = 1;
|
||||||
|
|
||||||
CFLAGS ?= -g -Wall -O2 -pipe -fno-strict-aliasing
|
if (pass == 1) {
|
||||||
|
while ((id = queue_remove(id_queue)))
|
||||||
@@ -15,8 +15,9 @@
|
@@ -3035,7 +3036,12 @@ static int define_validatetrans(constrai
|
||||||
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o
|
return -1;
|
||||||
CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
|
}
|
||||||
CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
|
memset(node, 0, sizeof(constraint_node_t));
|
||||||
+SEMODULE_PACKAGEOBJS = semodule_package.o
|
- node->expr = expr;
|
||||||
|
+ if (useexpr) {
|
||||||
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
|
+ node->expr = expr;
|
||||||
+LDLIBS=$(LIBDIR)/libsepol.a -lfl
|
+ useexpr = 0;
|
||||||
|
+ } else {
|
||||||
all: $(TARGETS)
|
+ node->expr = constraint_expr_clone(expr);
|
||||||
|
|
||||||
@@ -24,6 +25,9 @@
|
|
||||||
|
|
||||||
checkmodule: $(CHECKMODOBJS)
|
|
||||||
|
|
||||||
+semodule_package: $(SEMODULE_PACKAGEOBJS)
|
|
||||||
+ $(CC) -o $@ $^ ${LIBDIR}/libsemanage.a $(LIBDIR)/libsepol.a
|
|
||||||
+
|
|
||||||
%.o: %.c
|
|
||||||
$(CC) $(CFLAGS) -o $@ -c $<
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsacheckpolicy/semodule_package.c checkpolicy-1.25.3/semodule_package.c
|
|
||||||
--- nsacheckpolicy/semodule_package.c 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ checkpolicy-1.25.3/semodule_package.c 2005-07-28 15:30:24.000000000 -0400
|
|
||||||
@@ -0,0 +1,74 @@
|
|
||||||
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
|
|
||||||
+ *
|
|
||||||
+ * Copyright (C) 2004 Tresys Technology, LLC
|
|
||||||
+ * This program is free software; you can redistribute it and/or modify
|
|
||||||
+ * it under the terms of the GNU General Public License as published by
|
|
||||||
+ * the Free Software Foundation, version 2.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <semanage/module.h>
|
|
||||||
+
|
|
||||||
+#include <fcntl.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <stdlib.h>
|
|
||||||
+#include <unistd.h>
|
|
||||||
+
|
|
||||||
+extern char *optarg;
|
|
||||||
+
|
|
||||||
+static void usage(char *progname)
|
|
||||||
+{
|
|
||||||
+ printf("usage: %s PACKAGE MODULE [FILE_CONTEXTS]\n", progname);
|
|
||||||
+ printf("Build a package from a module and optional file contexts.\n");
|
|
||||||
+ printf("Options:\n");
|
|
||||||
+ printf(" PACKAGE name of file to write generated package\n");
|
|
||||||
+ printf(" MODULE base or policy module to wrap\n");
|
|
||||||
+ printf(" FILE_CONTEXTS file containing file contexts for this package\n");
|
|
||||||
+ exit(1);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int file_to_policy_file(char *filename, struct policy_file *pf, char *mode)
|
|
||||||
+{
|
|
||||||
+ FILE *f;
|
|
||||||
+
|
|
||||||
+ memset(pf, 0, sizeof(struct policy_file));
|
|
||||||
+
|
|
||||||
+ f = fopen(filename, mode);
|
|
||||||
+ if (!f) {
|
|
||||||
+ fprintf(stderr, "Could not open file %s\n", filename);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ pf->type = PF_USE_STDIO;
|
|
||||||
+ pf->fp = f;
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int main(int argc, char **argv)
|
|
||||||
+{
|
|
||||||
+ struct policy_file out, mod, fc;
|
|
||||||
+
|
|
||||||
+ if (argc < 3 || argc > 4)
|
|
||||||
+ usage(argv[0]);
|
|
||||||
+
|
|
||||||
+ if (file_to_policy_file(argv[1], &out, "w"))
|
|
||||||
+ exit(1);
|
|
||||||
+
|
|
||||||
+ if (file_to_policy_file(argv[2], &mod, "r"))
|
|
||||||
+ exit(1);
|
|
||||||
+
|
|
||||||
+ if (argc == 3) {
|
|
||||||
+ if (semod_module_package_create(&mod, NULL, &out)) {
|
|
||||||
+ fprintf(stderr, "Could not write module package\n");
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+ } else if (argc == 4) {
|
|
||||||
+ if (file_to_policy_file(argv[3], &fc, "r"))
|
|
||||||
+ exit(1);
|
|
||||||
+ if (semod_module_package_create(&mod, &fc, &out)) {
|
|
||||||
+ fprintf(stderr, "Could not write module package\n");
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
+ }
|
||||||
|
node->permissions = 0;
|
||||||
|
|
||||||
|
node->next = cladatum->validatetrans;
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
Summary: SELinux policy compiler
|
Summary: SELinux policy compiler
|
||||||
Name: checkpolicy
|
Name: checkpolicy
|
||||||
Version: 1.25.11
|
Version: 1.25.11
|
||||||
Release: 1
|
Release: 2
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: Development/System
|
Group: Development/System
|
||||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||||
@ -45,6 +45,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_mandir}/man8/checkpolicy.8.gz
|
%{_mandir}/man8/checkpolicy.8.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 22 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-2
|
||||||
|
- Fix mls crash
|
||||||
|
|
||||||
* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-1
|
* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-1
|
||||||
- Update to NSA Release
|
- Update to NSA Release
|
||||||
* Merged use-after-free fix from Serge Hallyn (IBM).
|
* Merged use-after-free fix from Serge Hallyn (IBM).
|
||||||
|
Loading…
Reference in New Issue
Block a user