From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id iBDK4bIi006875 for ; Mon, 13 Dec 2004 15:04:37 -0500 (EST) Received: from tcsfw2.tcs-sec.com (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id iBDK4dX4011940 for ; Mon, 13 Dec 2004 20:04:40 GMT Received: (from smmsp@localhost) by tcsfw2.tcs-sec.com (8.12.2/8.12.2) id iBDK4ekn016861 for ; Mon, 13 Dec 2004 15:04:40 -0500 (EST) Message-ID: <41BDF612.7090707@trustedcs.com> Date: Mon, 13 Dec 2004 14:05:38 -0600 From: Darrel Goeddel MIME-Version: 1.0 To: "selinux@tycho.nsa.gov" Subject: Re: [patch] typeattribute statements References: <41BDBAF1.2060502@trustedcs.com> In-Reply-To: <41BDBAF1.2060502@trustedcs.com> Content-Type: multipart/mixed; boundary="------------090701050903090205000401" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. --------------090701050903090205000401 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Darrel Goeddel wrote: > ... The patch is against the current sourceforge CVS chekpolicy directory. > There is a bad call to free() in the patch that was sent earlier. A new patch is attached. I apologize for the goof. Questions/comments? -- Darrel --------------090701050903090205000401 Content-Type: text/plain; name="typeattr-2.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="typeattr-2.patch" Index: policy_parse.y =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/checkpolicy/policy_parse.y,v retrieving revision 1.25 diff -u -r1.25 policy_parse.y --- policy_parse.y 5 Nov 2004 19:14:42 -0000 1.25 +++ policy_parse.y 13 Dec 2004 15:37:38 -0000 @@ -68,6 +68,7 @@ static int define_av_base(void); static int define_attrib(void); static int define_typealias(void); +static int define_typeattribute(void); static int define_type(int alias); static int define_compute_type(int which); static int define_te_avtab(int which); @@ -121,6 +122,7 @@ %token ROLE %token ROLES %token TYPEALIAS +%token TYPEATTRIBUTE %token TYPE %token TYPES %token ALIAS @@ -287,6 +289,7 @@ te_decl : attribute_def | type_def | typealias_def + | typeattribute_def | bool_def | transition_def | te_avtab_def @@ -303,6 +306,9 @@ typealias_def : TYPEALIAS identifier alias_def ';' {if (define_typealias()) return -1;} ; +typeattribute_def : TYPEATTRIBUTE identifier id_comma_list ';' + {if (define_typeattribute()) return -1;} + ; opt_attr_list : ',' id_comma_list | ; @@ -1633,10 +1639,9 @@ static int define_typealias(void) { char *id; - type_datum_t *t, *aliasdatum;; + type_datum_t *t, *aliasdatum; int ret; - if (pass == 2) { while ((id = queue_remove(id_queue))) free(id); @@ -1686,6 +1691,83 @@ return 0; } +static int define_typeattribute(void) +{ + char *id; + type_datum_t *t, *attr; + + if (pass == 2) { + while ((id = queue_remove(id_queue))) + free(id); + return 0; + } + + id = (char *)queue_remove(id_queue); + if (!id) { + yyerror("no type name for typeattribute definition?"); + return -1; + } + + t = hashtab_search(policydbp->p_types.table, id); + if (!t || t->isattr) { + sprintf(errormsg, "unknown type %s", id); + yyerror(errormsg); + free(id); + return -1; + } + + while ((id = queue_remove(id_queue))) { +#ifdef CONFIG_SECURITY_SELINUX_MLS + if (!strcmp(id, "mlstrustedreader")) { + if (ebitmap_set_bit(&policydbp->trustedreaders, + (t->value - 1), TRUE)) { + yyerror("out of memory"); + free(id); + return -1; + } + } else if (!strcmp(id, "mlstrustedwriter")) { + if (ebitmap_set_bit(&policydbp->trustedwriters, + (t->value - 1), TRUE)) { + yyerror("out of memory"); + free(id); + return -1; + } + } else if (!strcmp(id, "mlstrustedobject")) { + if (ebitmap_set_bit(&policydbp->trustedobjects, + (t->value - 1), TRUE)) { + yyerror("out of memory"); + free(id); + return -1; + } + } +#endif + attr = hashtab_search(policydbp->p_types.table, id); + if (!attr) { + sprintf(errormsg, "attribute %s is not declared", id); + /* treat it as a fatal error */ + yyerror(errormsg); + free(id); + return -1; + } + + if (!attr->isattr) { + sprintf(errormsg, "%s is a type, not an attribute", id); + yyerror(errormsg); + free(id); + return -1; + } + + free(id); + + if (ebitmap_set_bit(&attr->types, (t->value - 1), TRUE)) { + yyerror("out of memory"); + return -1; + } + } + + return 0; +} + static int define_type(int alias) { char *id; Index: policy_scan.l =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/checkpolicy/policy_scan.l,v retrieving revision 1.6 diff -u -r1.6 policy_scan.l --- policy_scan.l 9 Aug 2004 18:12:29 -0000 1.6 +++ policy_scan.l 13 Dec 2004 15:37:38 -0000 @@ -64,6 +64,8 @@ types { return(TYPES); } TYPEALIAS | typealias { return(TYPEALIAS); } +TYPEATTRIBUTE | +typeattribute { return(TYPEATTRIBUTE); } TYPE | type { return(TYPE); } BOOL | --------------090701050903090205000401-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.