[PATCH] fix hierarchy checking location

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] fix hierarchy checking location
@ 2005-07-15 15:47 Joshua Brindle
  2005-07-18 14:29 ` Stephen Smalley
  0 siblings, 1 reply; 2+ messages in thread
From: Joshua Brindle @ 2005-07-15 15:47 UTC (permalink / raw)
  To: selinux

This patch puts the hierarchy check in the right place (currently it's before the policy expand)

--- nsa/selinux-usr/checkpolicy/checkpolicy.c   2005-07-13 15:14:25.326064968 -0400
+++ policy-modules/trunk/checkpolicy/checkpolicy.c      2005-07-15 09:49:30.260465152 -0400
@@ -564,11 +564,6 @@ int main(int argc, char **argv)
                        exit(1);
                }

-               if (hierarchy_check_constraints(&parse_policy, error_msg, sizeof(error_msg))) {
-                       fprintf(stderr, "%s\n", error_msg);
-                       exit(1);
-               }
-
                if (policydb_init(&policydb, POLICY_KERN)) {
                        exit(1);
                 }
@@ -583,6 +578,11 @@ int main(int argc, char **argv)
                 }
                policydbp = &policydb;

+               if (hierarchy_check_constraints(policydbp, error_msg, sizeof(error_msg))) {
+                       fprintf(stderr, "%s\n", error_msg);
+                       exit(1);
+               }
+
                if (check_assertions(policydbp,
                                      policydbp->global->branch_list->avrules,
                                      &policydbp->te_avtab) ||



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] fix hierarchy checking location
  2005-07-15 15:47 [PATCH] fix hierarchy checking location Joshua Brindle
@ 2005-07-18 14:29 ` Stephen Smalley
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2005-07-18 14:29 UTC (permalink / raw)
  To: Joshua Brindle; +Cc: selinux

On Fri, 2005-07-15 at 11:47 -0400, Joshua Brindle wrote:
> This patch puts the hierarchy check in the right place (currently it's before the policy expand)

All hunks failed, but merged manually.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-07-18 14:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-15 15:47 [PATCH] fix hierarchy checking location Joshua Brindle
2005-07-18 14:29 ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.