Re: [BUG] Segfault on duplicate require of sensitivity

[Caleb Case <ccase@tresys.com>]

On Tue, 2007-05-15 at 13:18 -0400, Joshua Brindle wrote:
> Caleb Case wrote:
> > On Tue, 2007-05-15 at 10:39 -0400, Karl MacMillan wrote:
> >   
> >> On Tue, 2007-05-15 at 10:16 -0400, Caleb Case wrote:
> >>     
> >>> It turns out that level_datum_t is not defined as an actual datum:
> >>>
> >>>       
> >> [...]
> >>
> >>     
> >>> The options I see here are not good.  One option: the level_datum_t
> >>> should be changed into a conforming *_datum_t and the fallout of this
> >>> change handled in the rest of the code which expects to see a
> >>> level_datum_t->level.  Second option: level_datum_t is treated specially
> >>> in require_symbol (using the symbol_type as the switch).
> >>>
> >>>       
> >> Making it a _datum_t seems to be the right choice - what is your concern
> >> about following that path?
> >>
> >> Karl
> >>     
> >
> > Mainly I am concerned because level_datum_t is exported in libsepol's
> > protected headers and will require changes to anything that statically
> > links to libsepol.
> >
> >   
> Err, I don't think this is the main issue. The level datum references 
> the sens_datum, which exists independantly of the level_datum. I think 
> it would cause all sorts of problems to try to change that in the 
> current code base.
> 
> Another option is to just punt on this and it should be handled 
> naturally in the policyrep branch.

This is option 2: special case the level_datum_t handling.

Index: checkpolicy/module_compiler.c
===================================================================
--- checkpolicy/module_compiler.c	(revision 2421)
+++ checkpolicy/module_compiler.c	(working copy)
@@ -142,7 +142,12 @@
 						      symtab[symbol_type].table,
 						      key);
 		assert(s != NULL);
-		*dest_value = s->value;
+		
+		if (symbol_type == SYM_LEVELS) {
+			*dest_value = ((level_datum_t *)s)->level->sens;
+		} else {
+			*dest_value = s->value;
+		}
 	} else if (retval == -2) {
 		return -2;
 	} else if (retval < 0) {
@@ -496,7 +501,12 @@
 						      symtab[symbol_type].table,
 						      key);
 		assert(s != NULL);
-		*dest_value = s->value;
+		
+		if (symbol_type == SYM_LEVELS) {
+			*dest_value = ((level_datum_t *)s)->level->sens;
+		} else {
+			*dest_value = s->value;
+		}
 	} else if (retval == -2) {
 		/* ignore require statements if that symbol was
 		 * previously declared and is in current scope */

-- 
Caleb Case
Tresys Technology
410-290-1411 x144

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.