- Handle booleans.local

2005-03-29 15:39:54 +00:00 · 2005-03-29 15:39:54 +00:00 · 041a966553
commit 041a966553
parent b85e3425be
2 changed files with 110 additions and 270 deletions
--- a/libsepol-rhat.patch
+++ b/libsepol-rhat.patch
@ -1,275 +1,110 @@
-diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/sepol.h libsepol-1.3.6/include/sepol/sepol.h
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/genbools.c libsepol-1.5.2/src/genbools.c
--- nsalibsepol/include/sepol/sepol.h	2005-02-17 17:55:48.000000000 -0500
+--- nsalibsepol/src/genbools.c	2005-03-08 15:15:26.000000000 -0500
-+++ libsepol-1.3.6/include/sepol/sepol.h	2005-02-25 10:18:10.000000000 -0500
+++ libsepol-1.5.2/src/genbools.c	2005-03-29 10:20:54.000000000 -0500
-@@ -32,5 +32,6 @@
+@@ -24,11 +24,40 @@
- /* Check context validity against currently set binary policy. */
+ 	return dest;
 extern int sepol_check_context(char *context);
 -
 +/* Turn on or off sepol error messages. */
 +extern void sepol_debug(int on);
 #endif
 diff --exclude-from=exclude -N -u -r nsalibsepol/src/genbools.c libsepol-1.3.6/src/genbools.c
 --- nsalibsepol/src/genbools.c	2005-02-25 09:44:03.000000000 -0500
 +++ libsepol-1.3.6/src/genbools.c	2005-02-25 09:50:17.000000000 -0500
@@ -87,7 +87,7 @@
 	pf.data = data;
 	pf.len = len;
 	if (policydb_read(&policydb,&pf, 0)) {
 -		fprintf(stderr, "Can't read binary policy:  %s\n",
 +		__sepol_debug_printf("Can't read binary policy:  %s\n",
 			strerror(errno));
 		return -1;
 	}
@@ -97,12 +97,12 @@
 	sepol_set_policyvers(policydb.policyvers);
 	if (load_booleans(&policydb, booleans) < 0) {
 -		fprintf(stderr, "Warning!  Error while reading %s:  %s\n",
 +		__sepol_debug_printf("Warning!  Error while reading %s:  %s\n",
 			booleans, strerror(errno));
 }
- 	if (evaluate_conds(&policydb) < 0) {
+static int process_boolean(char *buffer, char *name, int namesize, int *val) {
-		fprintf(stderr, "Error while re-evaluating conditionals: %s\n",
+	char name1[BUFSIZ];
-+		__sepol_debug_printf("Error while re-evaluating conditionals: %s\n",
+	char *ptr;
- 			strerror(errno));
+	char *tok=strtok_r(buffer,"=",&ptr);
- 		return -1;
+	if (tok) {
- 	}
+		strncpy(name1,tok, BUFSIZ-1);
-@@ -111,7 +111,7 @@
+		strtrim(name,name1,namesize-1);
- 	pf.len = len;
+		if ( name[0]=='#' ) return 0;
- 	rc = policydb_write(&policydb, &pf);
+		tok=strtok_r(NULL,"\0",&ptr);
- 	if (rc) {
+		if (tok) {
-		fprintf(stderr, "Can't write binary policy:  %s\n",
+			while (isspace(*tok)) tok++;
-+		__sepol_debug_printf("Can't write binary policy:  %s\n",
+			*val = -1;
- 			strerror(errno));
+			if (isdigit(tok[0]))
- 		return -1;
+				*val=atoi(tok);
- 	}
+			else if (!strncmp(tok, "true", sizeof("true")-1))
-@@ -129,7 +129,7 @@
+				*val = 1;
- 	pf.data = data;
+			else if (!strncmp(tok, "false", sizeof("false")-1))
- 	pf.len = len;
+				*val = 0;
- 	if (policydb_read(&policydb,&pf, 0)) {
+			if (*val != 0 && *val != 1) {
-		fprintf(stderr, "Can't read binary policy:  %s\n",
+				fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok);
-+		__sepol_debug_printf("Can't read binary policy:  %s\n",
+				return -1;
- 			strerror(errno));
+			}
 		return -1;
 	}
@@ -154,7 +154,7 @@
 	}
 	if (evaluate_conds(&policydb) < 0) {
 -		fprintf(stderr, "Error while re-evaluating conditionals: %s\n",
 +		__sepol_debug_printf("Error while re-evaluating conditionals: %s\n",
 			strerror(errno));
 		return -1;
 	}
@@ -163,7 +163,7 @@
 	pf.len = len;
 	rc = policydb_write(&policydb, &pf);
 	if (rc) {
 -		fprintf(stderr, "Can't write binary policy:  %s\n",
 +		__sepol_debug_printf("Can't write binary policy:  %s\n",
 			strerror(errno));
 		return -1;
 	}
 diff --exclude-from=exclude -N -u -r nsalibsepol/src/genusers.c libsepol-1.3.6/src/genusers.c
 --- nsalibsepol/src/genusers.c	2005-02-25 09:44:03.000000000 -0500
 +++ libsepol-1.3.6/src/genusers.c	2005-02-25 14:44:19.680658712 -0500
@@ -7,12 +7,25 @@
 #include <sepol/policydb.h>
 #include <sepol/mls.h>
 +#include <stdarg.h>
 #include "private.h"
 +static int gdebug=1;
 +			
 +void sepol_debug(int on) { gdebug=on; };
 +
 +void __sepol_debug_printf(const char *fmt, ...) {
 +	if (gdebug) {
 +		va_list ap;
 +		va_start(ap, fmt);
 +		vfprintf (stderr, fmt, ap);
 +		va_end(ap);
 +		}
 +	}
- #undef BADLINE
+	return 1;
- #define BADLINE() { \
+}
-	fprintf(stderr, "%s:  invalid entry %s on line %u\n", \
+
-+	__sepol_debug_printf("%s:  invalid entry %s on line %u\n", \
+ static int load_booleans(struct policydb *policydb, char *path) {
- 		path, buffer, lineno); \
+ 	FILE *boolf;
- 	continue; \
+-	char buffer[BUFSIZ];
- }
+	char *buffer=NULL;
-@@ -68,10 +81,11 @@
+	size_t size=0;
- 			/* Adding a new user definition. */
+	char localbools[BUFSIZ];
- 			usrdatum = (user_datum_t *) malloc(sizeof(user_datum_t));
+ 	char name[BUFSIZ];
- 			if (!id || !usrdatum) {
+-	char name1[BUFSIZ];
-				fprintf(stderr, "%s:  out of memory for %s on line %u\n",
+ 	int val;
-+				__sepol_debug_printf("%s:  out of memory for %s on line %u\n",
+ 	int errors=0;
- 					path, buffer, lineno);
+ 	struct cond_bool_datum *datum;
- 				errno = ENOMEM;
+@@ -37,28 +66,29 @@
- 				free(buffer);
+ 	if (boolf == NULL) 
 +				fclose(fp);
 		return -1;
 			}
 			memset(usrdatum, 0, sizeof(user_datum_t));
@@ -81,10 +95,11 @@
 			rc = hashtab_insert(policydb->p_users.table,
 					    id, (hashtab_datum_t) usrdatum);
 			if (rc) {
 -				fprintf(stderr, "%s:  out of memory for %s on line %u\n",
 +				__sepol_debug_printf("%s:  out of memory for %s on line %u\n",
 					path, buffer, lineno);
 				errno = ENOMEM;
 				free(buffer);
 +				fclose(fp);
 				return -1;
 			}
 		}
@@ -128,7 +143,7 @@
- 			roldatum = hashtab_search(policydb->p_roles.table, q);
+-        while (fgets(buffer, sizeof(buffer), boolf)) {
- 			if (!roldatum) {
+-		char *tok=strtok(buffer,"=");
-				fprintf(stderr, "%s:  undefined role %s in %s on line %u\n",
+-		if (tok) {
-+				__sepol_debug_printf("%s:  undefined role %s in %s on line %u\n",
+-			strncpy(name1,tok, BUFSIZ-1);
- 					path, q, buffer, lineno);
+-			strtrim(name,name1,BUFSIZ-1);
- 				continue;
+-			if ( name[0]=='#' ) continue;
- 			}
+-			tok=strtok(NULL,"\0");
-@@ -136,7 +151,7 @@
+-			if (tok) {
- 			for (bit = ebitmap_startbit(&roldatum->dominates); bit < ebitmap_length(&roldatum->dominates); bit++) {
+-				while (isspace(*tok)) tok++;
- 				if (ebitmap_get_bit(&roldatum->dominates, bit))
+-				val = -1;
- 					if (ebitmap_set_bit(&usrdatum->roles, bit, 1)) {
+-				if (isdigit(tok[0]))
-						fprintf(stderr, "%s:  out of memory for %s on line %u\n",
+-					val=atoi(tok);
-+						__sepol_debug_printf("%s:  out of memory for %s on line %u\n",
+-				else if (!strncasecmp(tok, "true", sizeof("true")-1))
- 							path, buffer, lineno);
+-					val = 1;
- 						errno = ENOMEM;
+-				else if (!strncasecmp(tok, "false", sizeof("false")-1))
- 						free(buffer);
+-					val = 0;
-@@ -172,10 +187,11 @@
+-				if (val != 0 && val != 1) {
- 
+-					fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok);
- 			scontext = malloc(p - q);
+-					errors++;
- 			if (!scontext) {
+-					continue;
-				fprintf(stderr, "%s:  out of memory for %s on line %u\n",
+-				}
 +				__sepol_debug_printf("%s:  out of memory for %s on line %u\n",
 					path, buffer, lineno);
 				errno = ENOMEM;
 				free(buffer);
 +				fclose(fp);
 				return -1;
 			}
 			r = scontext;
@@ -191,7 +207,7 @@
 			context_init(&context);
 			rc = mls_context_to_sid(policydb, oldc, &r, &context);
 			if (rc) {
 -				fprintf(stderr, "%s:  invalid level %s in %s on line %u\n",
 +				__sepol_debug_printf("%s:  invalid level %s in %s on line %u\n",
 					path, scontext, buffer, lineno);
 				free(scontext);
 				continue;
@@ -218,10 +234,11 @@
 			scontext = malloc(p - q);
 			if (!scontext) {
 -				fprintf(stderr, "%s:  out of memory for %s on line %u\n",
 +				__sepol_debug_printf("%s:  out of memory for %s on line %u\n",
 					path, buffer, lineno);
 				errno = ENOMEM;
 				free(buffer);
 +				fclose(fp);
 				return -1;
 			}
 			r = scontext;
@@ -237,7 +254,7 @@
 			context_init(&context);
 			rc = mls_context_to_sid(policydb, oldc, &r, &context);
 			if (rc) {
 -				fprintf(stderr, "%s:  invalid range %s in %s on line %u\n",
 +				__sepol_debug_printf("%s:  invalid range %s in %s on line %u\n",
 					path, scontext, buffer, lineno);
 				free(scontext);
 				continue;
@@ -248,7 +265,7 @@
 	}
 	free(buffer);
 -
-+	fclose(fp);
+	while (getline(&buffer, &size, boolf) > 0) {
- 	return 0;
+		int ret=process_boolean(buffer, name, sizeof(name), &val);
 +		if (ret==-1) 
 +			errors++;
 +		if (ret==1) {
 +			datum = hashtab_search(policydb->p_bools.table, name);
 +			if (!datum) {
 +				fprintf(stderr,"unknown boolean %s\n", name);
 +				errors++;
 +				continue;
 +			}
 +			datum->state = val;
 +		}
 +	}
 +	fclose(boolf);
 +	snprintf(localbools,sizeof(localbools), "%s.local", path);
 +	boolf = fopen(localbools,"r");
 +	if (boolf != NULL) {
 +		while (getline(&buffer, &size, boolf) > 0) {
 +			int ret=process_boolean(buffer, name, sizeof(name), &val);
 +			if (ret==-1) 
 +				errors++;
 +			if (ret==1) {
 				datum = hashtab_search(policydb->p_bools.table, name);
 				if (!datum) {
 					fprintf(stderr,"unknown boolean %s\n", name);
@@ -68,9 +98,9 @@
 				datum->state = val;
 			}
 		}
 +		fclose(boolf);
 	}
 -	fclose(boolf);
 -
 +	free(buffer);
 	if (errors)
 		errno = EINVAL;
@@ -334,7 +351,7 @@
 	pf.data = data;
 	pf.len = len;
 	if (policydb_read(&policydb,&pf, 0)) {
 -		fprintf(stderr, "%s:  Can't read binary policy:  %s\n",
 +		__sepol_debug_printf("%s:  Can't read binary policy:  %s\n",
 			__FUNCTION__, strerror(errno));
 		return -1;
 	}
@@ -342,7 +359,7 @@
 	/* Load base set of system users from the policy package. */
 	snprintf(path, sizeof path, "%s/system.users", usersdir);
 	if (load_users(&policydb, path) < 0) {
 -		fprintf(stderr, "%s: Can't load system.users:  %s\n",
 +		__sepol_debug_printf("%s: Can't load system.users:  %s\n",
 			__FUNCTION__, strerror(errno));
 		return -1;
 	}
@@ -350,7 +367,7 @@
 	/* Load locally defined users. */
 	snprintf(path, sizeof path, "%s/local.users", usersdir);
 	if (load_users(&policydb, path) < 0) {
 -		fprintf(stderr, "%s:  Can't load local.users:  %s\n",
 +		__sepol_debug_printf("%s:  Can't load local.users:  %s\n",
 			__FUNCTION__, strerror(errno));
 		return -1;
 	}
@@ -374,7 +391,7 @@
 	pf.len = 0;
 	rc = policydb_write(&policydb, &pf);
 	if (rc) {
 -		fprintf(stderr, "Can't compute length of binary policy:  %s\n",
 +		__sepol_debug_printf("Can't compute length of binary policy:  %s\n",
 			strerror(errno));
 		return -1;
 	}
@@ -383,7 +400,7 @@
 	pf.type = PF_USE_MEMORY;	
 	pf.data = malloc(pf.len);
 	if (!pf.data) {
 -		fprintf(stderr, "%s:  %s\n", __FUNCTION__, strerror(errno));
 +		__sepol_debug_printf("%s:  %s\n", __FUNCTION__, strerror(errno));
 		return -1;
 	}
@@ -394,7 +411,7 @@
 	/* Write out the new binary policy image. */
 	rc = policydb_write(&policydb, &pf);
 	if (rc) {
 -		fprintf(stderr, "Can't write binary policy:  %s\n",
 +		__sepol_debug_printf("Can't write binary policy:  %s\n",
 			strerror(errno));
 		free(pf.data);
 		return -1;
 diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-1.3.6/src/libsepol.map
 --- nsalibsepol/src/libsepol.map	2005-02-17 17:55:49.000000000 -0500
 +++ libsepol-1.3.6/src/libsepol.map	2005-02-25 10:19:28.000000000 -0500
@@ -1,4 +1,4 @@
 {
 -  global: sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers;
 +  global: sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers; sepol_debug;
   local: *;
 };
 diff --exclude-from=exclude -N -u -r nsalibsepol/src/private.h libsepol-1.3.6/src/private.h
 --- nsalibsepol/src/private.h	2005-02-07 10:23:04.000000000 -0500
 +++ libsepol-1.3.6/src/private.h	2005-02-25 10:20:39.000000000 -0500
@@ -25,6 +25,7 @@
 };
 extern struct policydb_compat_info *policydb_lookup_compat(int version);
 +extern void __sepol_debug_printf(const char *fmt, ...);
 /* Reading from a policy "file". */
 static inline void *next_entry(struct policy_file * fp, size_t bytes)
--- a/libsepol.spec
+++ b/libsepol.spec
@ -1,10 +1,11 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsepol
 Version: 1.5.2
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
 patch: libsepol-rhat.patch
 Prefix: %{_prefix}
 BuildRoot: %{_tmppath}/%{name}-buildroot
 Provides: libsepol.so
@ -36,6 +37,7 @@ needed for developing applications that manipulate binary policies.
 %prep
 %setup -q
 %patch -p1 -b .rhat
 %build
 make CFLAGS="%{optflags}"
@ -71,6 +73,9 @@ rm -rf ${RPM_BUILD_ROOT}
 /%{_lib}/libsepol.so.1
 %changelog
 * Thu Mar 24 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-2
 - Handle booleans.local
 * Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-1
 - Update to latest from NSA
 	* Added man page for sepol_check_context.