From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id j2EDMFDo021220 for ; Mon, 14 Mar 2005 08:22:15 -0500 (EST) Received: from mail-old.asahi-net.or.jp (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id j2EDGX7Z027250 for ; Mon, 14 Mar 2005 13:16:33 GMT Message-ID: <42358ED8.5000901@kaigai.gr.jp> Date: Mon, 14 Mar 2005 22:17:12 +0900 From: KaiGai Kohei MIME-Version: 1.0 To: SELinux Mail List Cc: kaigai@ak.jp.nec.com Subject: Re: [RFC & PATCH] inherited type definition. References: <42346C17.3090301@kaigai.gr.jp> In-Reply-To: <42346C17.3090301@kaigai.gr.jp> Content-Type: multipart/mixed; boundary="------------090806040204060002050208" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. --------------090806040204060002050208 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit Hi, Yesterday, I posted a patch that implements "TYPE ... EXTENDS ..." statement. But, I noticed this patch can't be applied to latest checkpolicy-1.22. So, I modified the inherited type definition patch for latest checkpolicy. There is no differences on functionality and compatibility. Thanks, any comments please. KaiGai Kohei wrote: > Hello, > This attached patch provids a new syntax extension to checkpolicy. > This makes it possible to describe a definition of type which inherit > access vectors of parent's types/attributes. > > Syntax: > TYPE [ALIAS ] EXTENDS , , ... ; > > The basical idea is like attribute, but 'EXTENDS' has those differences as follows: > - It can inherit other types, not only attribute. > - It can describe multi-layer inheritance tree of type. > > Currently, when we try to define a type like another type, we must describe a new > type from a scratch for tiny difference. For example, if we want a new type > 'ext_user_t' which is permitted all access vectors for user_t and a tiny additional > access vectors, we must describe all of the user_t's access vectors and some of > original allow-statements. > > When you use EXTENDS extension, only what you describe are a type definition > with EXTENDS statement and some original allow-statements. > > [Simple Example] > type subject_t; > type parent_t; > type child_t extends parent_t; > type grandchild_t extends child_t; > type stranger_t; > > In this case, there are five types for explanation. > - "allow subject_t child_t:XXX XXX;" means "allow subject_t {child_t grandchild_t}:XXX XXX". > - "allow parent_t child_t:XXX XXX;" means "allow {parent_t child_t grandchild_t} {child_t grandchild_t}:XXX XXX" > - "allow subject_t ~parent_t:XXX XXX" means "allow subject_t stranger_t:XXX XXX". > child_t and grandchild_t are not included in ~parent_t, because its ancestor is parent_t. > - "allow child_t self:XXX XXX" means "allow child_t child_t:XXX XXX", > "allow child_t grandchild_t:XXX XXX" and "allow grandchild_t grandchild_t:XXX XXX". > > An access vector granted to parent-type is inherited to child and grandchild. > We must pay attention to '~' and 'self'. > When we use '~', that means the reverse of the type and its children. > When we use 'self', that means the type and its children. > > Thanks, any comments please. > # This is a personal work, but would you Cc: 'kaigai@ak.jp.nec.com' for useful ? -- DO NOTHING IS THE WORST POLICY. KaiGai Kohei --------------090806040204060002050208 Content-Type: text/plain; name="checkpolicy-1.22-type_extends.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="checkpolicy-1.22-type_extends.patch" LS0tIGNoZWNrcG9saWN5LTEuMjIvcG9saWN5X3NjYW4ubAkyMDA1LTAyLTE3IDA5OjU5OjIz LjAwMDAwMDAwMCAtMDUwMAorKysgY2hlY2twb2xpY3ktMS4yMi5leHRlbmRzL3BvbGljeV9z Y2FuLmwJMjAwNS0wMy0xNCAyMDozNzo1NC4wMDAwMDAwMDAgLTA1MDAKQEAgLTc4LDYgKzc4 LDggQEAgRUxTRSB8CiBlbHNlCQkJCXsgcmV0dXJuKEVMU0UpOyB9CiBBTElBUyB8CiBhbGlh cwkJCQl7IHJldHVybihBTElBUyk7IH0KK0VYVEVORFMgfAorZXh0ZW5kcwkJCQl7IHJldHVy bihFWFRFTkRTKTsgfQogQVRUUklCVVRFIHwKIGF0dHJpYnV0ZQkJCXsgcmV0dXJuKEFUVFJJ QlVURSk7IH0KIFRZUEVfVFJBTlNJVElPTiB8Ci0tLSBjaGVja3BvbGljeS0xLjIyL2NoZWNr cG9saWN5LmgJMjAwNS0wMS0yNiAxNDoxNjoyMC4wMDAwMDAwMDAgLTA1MDAKKysrIGNoZWNr cG9saWN5LTEuMjIuZXh0ZW5kcy9jaGVja3BvbGljeS5oCTIwMDUtMDMtMTQgMjA6NDA6MTIu MDAwMDAwMDAwIC0wNTAwCkBAIC0xOCw0ICsxOCwxNiBAQCB0ZV9hc3NlcnRfdCAqdGVfYXNz ZXJ0aW9uczsKIGV4dGVybiB1bnNpZ25lZCBpbnQgcG9saWN5dmVyczsKIGV4dGVybiB1bnNp Z25lZCBpbnQgbWxzcG9sOwogCisvKiB0eXBlIHdhcyBub3QgaW5kZXhlZCBpbiBwb2xpY3lk YiwKKyAgIGJ1dCBpdCdzIG5lY2Vzc2FyeSBmb3IgZXh0ZW5kcyBzdXBwb3J0LiAqLworZXh0 ZXJuIHR5cGVfZGF0dW1fdCAqKnR5cGVfdmFsX3RvX3N0cnVjdDsKK2V4dGVybiBpbnQgbnVt X3R5cGVfdmFsX3RvX3N0cnVjdDsKK2V4dGVybiB2b2lkIGdldF9jaGlsZF90eXBlcyhlYml0 bWFwX3QgKnNldCwgdHlwZV9kYXR1bV90ICp0LCBpbnQgZGVwdGgpOworCitzdGF0aWMgaW5s aW5lIHR5cGVfZGF0dW1fdCAqZ2V0X3R5cGUoaW50IHR5cGV2YWwpIHsKKwlpZiAoIXR5cGVf dmFsX3RvX3N0cnVjdCB8fCB0eXBldmFsPDEgfHwgdHlwZXZhbD5udW1fdHlwZV92YWxfdG9f c3RydWN0KQorCQlyZXR1cm4gTlVMTDsKKwlyZXR1cm4gdHlwZV92YWxfdG9fc3RydWN0W3R5 cGV2YWwtMV07Cit9CisKICNlbmRpZgotLS0gY2hlY2twb2xpY3ktMS4yMi9jaGVja3BvbGlj eS5jCTIwMDUtMDEtMjYgMTQ6MTY6MjAuMDAwMDAwMDAwIC0wNTAwCisrKyBjaGVja3BvbGlj eS0xLjIyLmV4dGVuZHMvY2hlY2twb2xpY3kuYwkyMDA1LTAzLTE0IDIwOjM3OjU0LjAwMDAw MDAwMCAtMDUwMApAQCAtMzQ0LDYgKzM0NCw4IEBAIHZvaWQgY2hlY2tfYXNzZXJ0aW9uX2hl bHBlcih1bnNpZ25lZCBpbnQKIAogdm9pZCBjaGVja19hc3NlcnRpb25zKHZvaWQpIAogewor CWViaXRtYXBfdCB0ZW1wOworCXR5cGVfZGF0dW1fdCAqdHlwZWRhdHVtOwogCXRlX2Fzc2Vy dF90ICphLCAqdG1wOwogCXVuc2lnbmVkIGludCBpLCBqOwogCkBAIC0zNTMsNyArMzU1LDE5 IEBAIHZvaWQgY2hlY2tfYXNzZXJ0aW9ucyh2b2lkKSAKIAkJCWlmICghZWJpdG1hcF9nZXRf Yml0KCZhLT5zdHlwZXMsIGkpKQogCQkJCWNvbnRpbnVlOwogCQkJaWYgKGEtPnNlbGYpIHsK LQkJCQljaGVja19hc3NlcnRpb25faGVscGVyKGksIGksICZhLT50Y2xhc3NlcywgYS0+YXZw LCBhLT5saW5lKTsKKwkJCQl0eXBlZGF0dW0gPSB0eXBlX3ZhbF90b19zdHJ1Y3RbaV07CisJ CQkJaWYgKCF0eXBlZGF0dW0pIHsKKwkJCQkJZnByaW50ZihzdGRlcnIsICJCVUc6IGNoZWNr X2Fzc2V0aW9uIGZvciB1bmRlZmluZWQgdHlwZS5cbiIpOworCQkJCQlleGl0KDEpOworCQkJ CX0KKwkJCQllYml0bWFwX2luaXQoJnRlbXApOworCQkJCWdldF9jaGlsZF90eXBlcygmdGVt cCwgdHlwZWRhdHVtLCAwKTsKKwkJCQlmb3IgKGogPSBlYml0bWFwX3N0YXJ0Yml0KCZ0ZW1w KTsgaiA8IGViaXRtYXBfbGVuZ3RoKCZ0ZW1wKTsgaisrKSB7CisJCQkJCWlmICghZWJpdG1h cF9nZXRfYml0KCZ0ZW1wLCBqKSkKKwkJCQkJCWNvbnRpbnVlOworCQkJCQljaGVja19hc3Nl cnRpb25faGVscGVyKGksIGosICZhLT50Y2xhc3NlcywgYS0+YXZwLCBhLT5saW5lKTsKKwkJ CQl9CisJCQkJZWJpdG1hcF9kZXN0cm95KCZ0ZW1wKTsKIAkJCX0KIAkJCWZvciAoaiA9IGVi aXRtYXBfc3RhcnRiaXQoJmEtPnR0eXBlcyk7IGogPCBlYml0bWFwX2xlbmd0aCgmYS0+dHR5 cGVzKTsgaisrKSB7CiAJCQkJaWYgKCFlYml0bWFwX2dldF9iaXQoJmEtPnR0eXBlcywgaikp IApAQCAtNDQyLDYgKzQ1Niw0MSBAQCBpbnQgY2hhbmdlX2Jvb2woY2hhciAqbmFtZSwgaW50 IHN0YXRlKQogCXJldHVybiAwOwogfQogCit0eXBlX2RhdHVtX3QgKip0eXBlX3ZhbF90b19z dHJ1Y3QgPSBOVUxMOworaW50IG51bV90eXBlX3ZhbF90b19zdHJ1Y3QgPSAtMTsKKworc3Rh dGljIGludCB0eXBlX3ZhbF90b19zdHJ1Y3RfaGVscGVyKGhhc2h0YWJfa2V5X3QgaywgaGFz aHRhYl9kYXR1bV90IGQsIHZvaWQgKmFyZ3MpCit7CisJdHlwZV9kYXR1bV90ICp0ID0gKHR5 cGVfZGF0dW1fdCAqKWQ7CisJaWYgKCF0LT5pc2F0dHIgJiYgdC0+cHJpbWFyeSkKKwkJdHlw ZV92YWxfdG9fc3RydWN0W3QtPnZhbHVlLTFdID0gdDsKKwlyZXR1cm4gMDsgLyogYWx3YXlz IHN1Y2Nlc3MgKi8KK30KKwordm9pZCBnZXRfY2hpbGRfdHlwZXMoZWJpdG1hcF90ICpzZXQs IHR5cGVfZGF0dW1fdCAqdGQsIGludCBkZXB0aCkKK3sKKwl0eXBlX2RhdHVtX3QgKmNoaWxk OworCWludCBpOworCisJaWYgKHRkLT5pc2F0dHIgJiYgZGVwdGg+MCkgeworCQlmcHJpbnRm KHN0ZGVyciwgIkJVRzogYW4gYXR0cmlidXRlIG11c3Qgbm90IGluaGVyaXQgYW55b25lLlxu Iik7CisJCWV4aXQoMSk7CisJfQorCisJaWYgKCF0ZC0+aXNhdHRyICYmICF0ZC0+cHJpbWFy eSkKKwkJdGQgPSBnZXRfdHlwZSh0ZC0+dmFsdWUpOworCisJaWYgKCF0ZC0+aXNhdHRyKQor CQllYml0bWFwX3NldF9iaXQoc2V0LCB0ZC0+dmFsdWUgLSAxLCAxKTsKKworCWZvciAoaSA9 IGViaXRtYXBfc3RhcnRiaXQoJnRkLT50eXBlcyk7IGkgPCBlYml0bWFwX2xlbmd0aCgmdGQt PnR5cGVzKTsgaSsrKSB7CisJCWlmIChlYml0bWFwX2dldF9iaXQoJnRkLT50eXBlcywgaSkp IHsKKwkJCWNoaWxkID0gdHlwZV92YWxfdG9fc3RydWN0W2ldOworCQkJZ2V0X2NoaWxkX3R5 cGVzKHNldCwgY2hpbGQsIGRlcHRoICsgMSk7CisJCX0KKwl9Cit9CisKIGludCBtYWluKGlu dCBhcmdjLCBjaGFyICoqYXJndikKIHsKIAlzZWN1cml0eV9jbGFzc190IHRjbGFzczsKQEAg LTQ1Niw3ICs1MDUsNyBAQCBpbnQgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpCiAJdW5z aWduZWQgaW50IGJpbmFyeSA9IDAsIGRlYnVnID0gMDsKIAlzdHJ1Y3QgdmFsX3RvX25hbWUg djsKIAlpbnQgcmV0LCBjaCwgZmQ7Ci0JdW5zaWduZWQgaW50IG5lbDsKKwl1bnNpZ25lZCBp bnQgbmVsLCBsZW47CiAJc3RydWN0IHN0YXQgc2I7CiAJdm9pZCAqbWFwOwogCUZJTEUgKm91 dGZwID0gTlVMTDsKQEAgLTU5Myw2ICs2NDIsMTggQEAgaW50IG1haW4oaW50IGFyZ2MsIGNo YXIgKiphcmd2KQogCQkJZnByaW50ZihzdGRlcnIsICIlczogIGVycm9yKHMpIGVuY291bnRl cmVkIHdoaWxlIHBhcnNpbmcgY29uZmlndXJhdGlvblxuIiwgYXJndlswXSk7CiAJCQlleGl0 KDEpOwogCQl9CisKKwkJLyogY29uc3RydWN0aW9uIG9mIHR5cGVfdmFsX3RvX3N0cnVjdCAq LworCQludW1fdHlwZV92YWxfdG9fc3RydWN0ID0gcG9saWN5ZGJwLT5wX3R5cGVzLm5wcmlt OworCQlsZW4gPSBzaXplb2YodHlwZV9kYXR1bV90ICopICogbnVtX3R5cGVfdmFsX3RvX3N0 cnVjdDsKKwkJdHlwZV92YWxfdG9fc3RydWN0ID0gKHR5cGVfZGF0dW1fdCAqKiltYWxsb2Mo bGVuKTsKKwkJaWYgKCF0eXBlX3ZhbF90b19zdHJ1Y3QpIHsKKwkJCWZwcmludGYoc3RkZXJy LCAidHlwZV92YWxfdG9fc3RydWN0OiBvdXQgb2YgbWVtb3J5XG4iKTsKKwkJCWV4aXQoMSk7 CisJCX0KKwkJbWVtc2V0KHR5cGVfdmFsX3RvX3N0cnVjdCwgMCwgbGVuKTsKKwkJaGFzaHRh Yl9tYXAocG9saWN5ZGJwLT5wX3R5cGVzLnRhYmxlLCB0eXBlX3ZhbF90b19zdHJ1Y3RfaGVs cGVyLCBOVUxMKTsKKwogCQlyZXdpbmQoeXlpbik7CiAJCXBvbGljeWRiX2xpbmVubyA9IDE7 CiAJCXNvdXJjZV9maWxlWzBdID0gJ1wwJzsKLS0tIGNoZWNrcG9saWN5LTEuMjIvcG9saWN5 X3BhcnNlLnkJMjAwNS0wMi0xNyAwOTo1OToyMy4wMDAwMDAwMDAgLTA1MDAKKysrIGNoZWNr cG9saWN5LTEuMjIuZXh0ZW5kcy9wb2xpY3lfcGFyc2UueQkyMDA1LTAzLTE0IDIwOjQ2OjI1 LjAwMDAwMDAwMCAtMDUwMApAQCAtMTksNiArMTksMTEgQEAKICAqCXRoZSBGcmVlIFNvZnR3 YXJlIEZvdW5kYXRpb24sIHZlcnNpb24gMi4KICAqLwogCisvKiBVcGRhdGVkOiBLYWlHYWkg S29oZWksIDxrYWlnYWlAYWsuanAubmVjLmNvbT4KKyAqICAgICAgQWRkZWQgaW5oZXJpdGVk IHR5cGUgZXh0ZW5zaW9ucy4gKDIwMDUvMDMvMTMpCisgKi8KKworCiAvKiBGTEFTSyAqLwog CiAlewpAQCAtNzMsNyArNzgsNyBAQCBzdGF0aWMgaW50IGRlZmluZV9sZXZlbChpbnQgcmFu Z2UpOwogc3RhdGljIGludCBkZWZpbmVfYXR0cmliKHZvaWQpOwogc3RhdGljIGludCBkZWZp bmVfdHlwZWFsaWFzKHZvaWQpOwogc3RhdGljIGludCBkZWZpbmVfdHlwZWF0dHJpYnV0ZSh2 b2lkKTsKLXN0YXRpYyBpbnQgZGVmaW5lX3R5cGUoaW50IGFsaWFzKTsKK3N0YXRpYyBpbnQg ZGVmaW5lX3R5cGUoaW50IGFsaWFzLCBpbnQgZXh0ZW5kcyk7CiBzdGF0aWMgaW50IGRlZmlu ZV9jb21wdXRlX3R5cGUoaW50IHdoaWNoKTsKIHN0YXRpYyBpbnQgZGVmaW5lX3RlX2F2dGFi KGludCB3aGljaCk7CiBzdGF0aWMgaW50IGRlZmluZV9yb2xlX3R5cGVzKHZvaWQpOwpAQCAt MTMzLDYgKzEzOCw3IEBAIHN0YXRpYyBpbnQgZGVmaW5lX2lwdjZfbm9kZV9jb250ZXh0KHZv aWQKICV0b2tlbiBUWVBFCiAldG9rZW4gVFlQRVMKICV0b2tlbiBBTElBUworJXRva2VuIEVY VEVORFMKICV0b2tlbiBBVFRSSUJVVEUKICV0b2tlbiBCT09MCiAldG9rZW4gSUYKQEAgLTI5 Nyw5ICszMDMsMTMgQEAgYXR0cmlidXRlX2RlZiAgICAgICAgICAgOiBBVFRSSUJVVEUgaWRl bgogICAgICAgICAgICAgICAgICAgICAgICAgeyBpZiAoZGVmaW5lX2F0dHJpYigpKSByZXR1 cm4gLTE7fQogICAgICAgICAgICAgICAgICAgICAgICAgOwogdHlwZV9kZWYJCTogVFlQRSBp ZGVudGlmaWVyIGFsaWFzX2RlZiBvcHRfYXR0cl9saXN0ICc7JwotICAgICAgICAgICAgICAg ICAgICAgICAge2lmIChkZWZpbmVfdHlwZSgxKSkgcmV0dXJuIC0xO30KKyAgICAgICAgICAg ICAgICAgICAgICAgIHtpZiAoZGVmaW5lX3R5cGUoMSwgMCkpIHJldHVybiAtMTt9CiAJICAg ICAgICAgICAgICAgIHwgVFlQRSBpZGVudGlmaWVyIG9wdF9hdHRyX2xpc3QgJzsnCi0gICAg ICAgICAgICAgICAgICAgICAgICB7aWYgKGRlZmluZV90eXBlKDApKSByZXR1cm4gLTE7fQor ICAgICAgICAgICAgICAgICAgICAgICAge2lmIChkZWZpbmVfdHlwZSgwLCAwKSkgcmV0dXJu IC0xO30KKwkJCXwgVFlQRSBpZGVudGlmaWVyIGFsaWFzX2RlZiBvcHRfZXh0ZW5kc19saXN0 ICc7JworCQkJe2lmIChkZWZpbmVfdHlwZSgxLCAxKSkgcmV0dXJuIC0xO30KKwkJCXwgVFlQ RSBpZGVudGlmaWVyIG9wdF9leHRlbmRzX2xpc3QgJzsnCisJCQl7aWYgKGRlZmluZV90eXBl KDAsIDEpKSByZXR1cm4gLTE7fQogICAgIAkJCTsKIHR5cGVhbGlhc19kZWYgICAgICAgICAg IDogVFlQRUFMSUFTIGlkZW50aWZpZXIgYWxpYXNfZGVmICc7JwogCQkJe2lmIChkZWZpbmVf dHlwZWFsaWFzKCkpIHJldHVybiAtMTt9CkBAIC0zMTAsNiArMzIwLDggQEAgdHlwZWF0dHJp YnV0ZV9kZWYJOiBUWVBFQVRUUklCVVRFIGlkZW50aQogb3B0X2F0dHJfbGlzdCAgICAgICAg ICAgOiAnLCcgaWRfY29tbWFfbGlzdAogCQkJfCAKIAkJCTsKK29wdF9leHRlbmRzX2xpc3QJ OiBFWFRFTkRTIGlkX2NvbW1hX2xpc3QKKwkJCTsKIGJvb2xfZGVmICAgICAgICAgICAgICAg IDogQk9PTCBpZGVudGlmaWVyIGJvb2xfdmFsICc7JwogICAgICAgICAgICAgICAgICAgICAg ICAge2lmIChkZWZpbmVfYm9vbCgpKSByZXR1cm4gLTE7fQogICAgICAgICAgICAgICAgICAg ICAgICAgOwpAQCAtMTUyOSwxMyArMTU0MSwxMSBAQCBzdGF0aWMgaW50IGRlZmluZV90eXBl YWxpYXModm9pZCkKIAkJaWYgKHJldCA9PSBIQVNIVEFCX1BSRVNFTlQpIHsKIAkJCXNwcmlu dGYoZXJyb3Jtc2csICJuYW1lIGNvbmZsaWN0IGZvciB0eXBlIGFsaWFzICVzIiwgaWQpOwog CQkJeXllcnJvcihlcnJvcm1zZyk7Ci0JCQlmcmVlKGFsaWFzZGF0dW0pOwogCQkJZnJlZShp ZCk7CiAJCQlyZXR1cm4gLTE7CiAJCX0KIAkJaWYgKHJldCA9PSBIQVNIVEFCX09WRVJGTE9X KSB7CiAJCQl5eWVycm9yKCJoYXNoIHRhYmxlIG92ZXJmbG93Iik7Ci0JCQlmcmVlKGFsaWFz ZGF0dW0pOwogCQkJZnJlZShpZCk7CiAJCQlyZXR1cm4gLTE7CiAJCX0KQEAgLTE1OTYsMTAg KzE2MDYsMTAgQEAgc3RhdGljIGludCBkZWZpbmVfdHlwZWF0dHJpYnV0ZSh2b2lkKQogCXJl dHVybiAwOwogfQogCi1zdGF0aWMgaW50IGRlZmluZV90eXBlKGludCBhbGlhcykKK3N0YXRp YyBpbnQgZGVmaW5lX3R5cGUoaW50IGFsaWFzLCBpbnQgZXh0ZW5kcykKIHsKIAljaGFyICpp ZDsKLQl0eXBlX2RhdHVtX3QgKmRhdHVtLCAqYWxpYXNkYXR1bSwgKmF0dHI7CisJdHlwZV9k YXR1bV90ICpkYXR1bSwgKmFsaWFzZGF0dW0sICppbmhlcml0OwogCWludCByZXQsIG5ld2F0 dHIgPSAwOwogCiAKQEAgLTE2NjMsMTMgKzE2NzMsMTEgQEAgc3RhdGljIGludCBkZWZpbmVf dHlwZShpbnQgYWxpYXMpCiAJCQlpZiAocmV0ID09IEhBU0hUQUJfUFJFU0VOVCkgewogCQkJ CXNwcmludGYoZXJyb3Jtc2csICJuYW1lIGNvbmZsaWN0IGZvciB0eXBlIGFsaWFzICVzIiwg aWQpOwogCQkJCXl5ZXJyb3IoZXJyb3Jtc2cpOwotCQkJCWZyZWUoYWxpYXNkYXR1bSk7CiAJ CQkJZnJlZShpZCk7CiAJCQkJcmV0dXJuIC0xOwogCQkJfQogCQkJaWYgKHJldCA9PSBIQVNI VEFCX09WRVJGTE9XKSB7CiAJCQkJeXllcnJvcigiaGFzaCB0YWJsZSBvdmVyZmxvdyIpOwot CQkJCWZyZWUoYWxpYXNkYXR1bSk7CiAJCQkJZnJlZShpZCk7CiAJCQkJcmV0dXJuIC0xOwog CQkJfQpAQCAtMTY3Nyw5ICsxNjg1LDEwIEBAIHN0YXRpYyBpbnQgZGVmaW5lX3R5cGUoaW50 IGFsaWFzKQogCX0KIAogCXdoaWxlICgoaWQgPSBxdWV1ZV9yZW1vdmUoaWRfcXVldWUpKSkg ewotCQlhdHRyID0gaGFzaHRhYl9zZWFyY2gocG9saWN5ZGJwLT5wX3R5cGVzLnRhYmxlLCBp ZCk7Ci0JCWlmICghYXR0cikgewotCQkJc3ByaW50ZihlcnJvcm1zZywgImF0dHJpYnV0ZSAl cyBpcyBub3QgZGVjbGFyZWQiLCBpZCk7CisJCWluaGVyaXQgPSBoYXNodGFiX3NlYXJjaChw b2xpY3lkYnAtPnBfdHlwZXMudGFibGUsIGlkKTsKKwkJaWYgKCFpbmhlcml0KSB7CisJCQlz cHJpbnRmKGVycm9ybXNnLCAiJXNhdHRyaWJ1dGUgJXMgaXMgbm90IGRlY2xhcmVkIiwKKwkJ CSAgICAgICAgKGV4dGVuZHMpPyJ0eXBlLyI6IiIsIGlkKTsKICNpZiAxCiAJCQkvKiB0cmVh dCBpdCBhcyBhIGZhdGFsIGVycm9yICovCiAJCQl5eWVycm9yKGVycm9ybXNnKTsKQEAgLTE3 MDgsNyArMTcxNyw3IEBAIHN0YXRpYyBpbnQgZGVmaW5lX3R5cGUoaW50IGFsaWFzKQogCQkJ bmV3YXR0ciA9IDA7CiAJCX0KIAotCQlpZiAoIWF0dHItPmlzYXR0cikgeworCQlpZiAoIWV4 dGVuZHMgJiYgIWluaGVyaXQtPmlzYXR0cikgewogCQkJc3ByaW50ZihlcnJvcm1zZywgIiVz IGlzIGEgdHlwZSwgbm90IGFuIGF0dHJpYnV0ZSIsIGlkKTsKIAkJCXl5ZXJyb3IoZXJyb3Jt c2cpOwogCQkJcmV0dXJuIC0xOwpAQCAtMTcxNyw3ICsxNzI2LDcgQEAgc3RhdGljIGludCBk ZWZpbmVfdHlwZShpbnQgYWxpYXMpCiAJCWlmICghbmV3YXR0cikKIAkJCWZyZWUoaWQpOwog Ci0JCWViaXRtYXBfc2V0X2JpdCgmYXR0ci0+dHlwZXMsIGRhdHVtLT52YWx1ZSAtIDEsIFRS VUUpOworCQllYml0bWFwX3NldF9iaXQoJmluaGVyaXQtPnR5cGVzLCBkYXR1bS0+dmFsdWUg LSAxLCBUUlVFKTsKIAl9CiAKIAlyZXR1cm4gMDsKQEAgLTE3NTYsNyArMTc2NSw2IEBAIHN0 YXRpYyBjaGFyICp0eXBlX3ZhbF90b19uYW1lKHVuc2lnbmVkIGkKIAlyZXR1cm4gTlVMTDsK IH0KIAotCiBzdGF0aWMgaW50IHNldF90eXBlcyhlYml0bWFwX3QgKnNldCwKIAkJICAgICBl Yml0bWFwX3QgKm5lZ3NldCwKIAkJICAgICBjaGFyICppZCwKQEAgLTE3NjQsNiArMTc3Miw3 IEBAIHN0YXRpYyBpbnQgc2V0X3R5cGVzKGViaXRtYXBfdCAqc2V0LAogewogCXR5cGVfZGF0 dW1fdCAqdDsKIAl1bnNpZ25lZCBpbnQgaTsKKwllYml0bWFwX3QgdGVtcDsKIAogCWlmIChz dHJjbXAoaWQsICIqIikgPT0gMCkgewogCQkvKiBzZXQgYWxsIHR5cGVzIG5vdCBpbiBuZWdz ZXQgKi8KQEAgLTE4MDEsNDEgKzE4MTAsMjUgQEAgc3RhdGljIGludCBzZXRfdHlwZXMoZWJp dG1hcF90ICpzZXQsCiAJCXJldHVybiAtMTsKIAl9CiAKLQlpZiAodC0+aXNhdHRyKSB7Ci0J CS8qIHNldCBvciBjbGVhciBhbGwgdHlwZXMgd2l0aCB0aGlzIGF0dHJpYnV0ZSwKLQkJICAg YnV0IGRvIG5vdCBzZXQgYW55dGhpbmcgZXhwbGljaXRseSBjbGVhcmVkIHByZXZpb3VzbHkg Ki8KLQkJZm9yIChpID0gZWJpdG1hcF9zdGFydGJpdCgmdC0+dHlwZXMpOyBpIDwgZWJpdG1h cF9sZW5ndGgoJnQtPnR5cGVzKTsgaSsrKSB7Ci0JCQlpZiAoIWViaXRtYXBfZ2V0X2JpdCgm dC0+dHlwZXMsIGkpKSAKLQkJCQljb250aW51ZTsJCQotCQkJaWYgKCEoKmFkZCkpIHsKLQkJ CQllYml0bWFwX3NldF9iaXQoc2V0LCBpLCBGQUxTRSk7Ci0JCQkJZWJpdG1hcF9zZXRfYml0 KG5lZ3NldCwgaSwgVFJVRSk7Ci0JCQl9IGVsc2UgaWYgKCFlYml0bWFwX2dldF9iaXQobmVn c2V0LCBpKSkgewotCQkJCWViaXRtYXBfc2V0X2JpdChzZXQsIGksIFRSVUUpOwotI2lmIFZF UkJPU0UKLQkJCX0gZWxzZSB7Ci0JCQkJY2hhciAqbmFtZSA9IHR5cGVfdmFsX3RvX25hbWUo aSsxKTsKLQkJCQlzcHJpbnRmKGVycm9ybXNnLCAiaWdub3JpbmcgJXMgZHVlIHRvIHByaW9y IC0lcyIsIG5hbWUsIG5hbWUpOwotCQkJCXl5d2FybihlcnJvcm1zZyk7Ci0jZW5kaWYKLQkJ CX0KLQkJfQotCX0gZWxzZSB7Ci0JCS8qIHNldCBvciBjbGVhciBvbmUgdHlwZSwgYnV0IGRv IG5vdCBzZXQgYW55dGhpbmcKLQkJICAgZXhwbGljaXRseSBjbGVhcmVkIHByZXZpb3VzbHkg Ki8JCisJZWJpdG1hcF9pbml0KCZ0ZW1wKTsKKwlnZXRfY2hpbGRfdHlwZXMoJnRlbXAsIHQs IDApOworCWZvciAoaSA9IGViaXRtYXBfc3RhcnRiaXQoJnRlbXApOyBpIDwgZWJpdG1hcF9s ZW5ndGgoJnRlbXApOyBpKyspIHsKKwkJaWYgKCFlYml0bWFwX2dldF9iaXQoJnRlbXAsIGkp KQorCQkJY29udGludWU7CiAJCWlmICghKCphZGQpKSB7Ci0JCQllYml0bWFwX3NldF9iaXQo c2V0LCB0LT52YWx1ZSAtIDEsIEZBTFNFKTsKLQkJCWViaXRtYXBfc2V0X2JpdChuZWdzZXQs IHQtPnZhbHVlIC0gMSwgVFJVRSk7Ci0JCX0gZWxzZSBpZiAoIWViaXRtYXBfZ2V0X2JpdChu ZWdzZXQsIHQtPnZhbHVlIC0gMSkpIHsKLQkJCWViaXRtYXBfc2V0X2JpdChzZXQsIHQtPnZh bHVlIC0gMSwgVFJVRSk7CisJCQllYml0bWFwX3NldF9iaXQoc2V0LCBpLCBGQUxTRSk7CisJ CQllYml0bWFwX3NldF9iaXQobmVnc2V0LCBpLCBUUlVFKTsKKwkJfSBlbHNlIGlmICghZWJp dG1hcF9nZXRfYml0KG5lZ3NldCwgaSkpIHsKKwkJCWViaXRtYXBfc2V0X2JpdChzZXQsIGks IFRSVUUpOwogI2lmIFZFUkJPU0UKIAkJfSBlbHNlIHsKLQkJCXNwcmludGYoZXJyb3Jtc2cs ICJpZ25vcmluZyAlcyBkdWUgdG8gcHJpb3IgLSVzIiwgaWQsIGlkKTsKKwkJCWNoYXIgKm5h bWUgPSB0eXBlX3ZhbF90b19uYW1lKGkrMSk7CisJCQlzcHJpbnRmKGVycm9ybXNnLCAiaWdu b3JpbmcgJXMgZHVlIHRvIHByaW9yIC0lcyIsIG5hbWUsIG5hbWUpOwogCQkJeXl3YXJuKGVy cm9ybXNnKTsKICNlbmRpZgogCQl9CiAJfQotCisJZWJpdG1hcF9kZXN0cm95KCZ0ZW1wKTsK IAlmcmVlKGlkKTsKIAkqYWRkID0gMTsKIAlyZXR1cm4gMDsKQEAgLTI0MTksNyArMjQxMiw4 IEBAIHN0YXRpYyBjb25kX2F2X2xpc3RfdCAqZGVmaW5lX2NvbmRfdGVfYXYKIAljb25kX2F2 X2xpc3RfdCAqc3ViX2xpc3QsICpmaW5hbF9saXN0LCAqdGFpbDsKIAljbGFzc19kYXR1bV90 ICpjbGFkYXR1bTsKIAlwZXJtX2RhdHVtX3QgKnBlcmRhdHVtOwotCWViaXRtYXBfdCBzdHlw ZXMsIHR0eXBlcywgdGNsYXNzZXMsIG5lZ3NldDsKKwl0eXBlX2RhdHVtX3QgKnR5cGVkYXR1 bTsKKwllYml0bWFwX3Qgc3R5cGVzLCB0dHlwZXMsIHRjbGFzc2VzLCB0ZW1wLCBuZWdzZXQ7 CiAJYWNjZXNzX3ZlY3Rvcl90ICphdnA7CiAJaW50IGksIGosIGhpY2xhc3MsIHNlbGYgPSAw LCBhZGQgPSAxOwogCWludCBzdXBwcmVzcyA9IDA7CkBAIC0yNTQzLDE4ICsyNTM3LDMxIEBA IHN0YXRpYyBjb25kX2F2X2xpc3RfdCAqZGVmaW5lX2NvbmRfdGVfYXYKIAkJCWlmICghZWJp dG1hcF9nZXRfYml0KCZzdHlwZXMsIGkpKSAKIAkJCQljb250aW51ZTsKIAkJCWlmIChzZWxm KSB7Ci0JCQkJaWYgKChzdWJfbGlzdCA9IGNvbmRfdGVfYXZ0YWJfaGVscGVyKHdoaWNoLCBp LCBpLCAmdGNsYXNzZXMsIGF2cCApKSA9PSBDT05EX0VSUikKKwkJCQl0eXBlZGF0dW0gPSBn ZXRfdHlwZShpKzEpOworCQkJCWlmICghdHlwZWRhdHVtKQogCQkJCQlyZXR1cm4gQ09ORF9F UlI7Ci0JCQkJaWYgKGZpbmFsX2xpc3QpIHsKLQkJCQkJdGFpbC0+bmV4dCA9IHN1Yl9saXN0 OwotCQkJCQl3aGlsZSAodGFpbC0+bmV4dCAhPSBOVUxMKQotCQkJCQkJdGFpbCA9IHRhaWwt Pm5leHQ7Ci0JCQkJfSBlbHNlIHsKLQkJCQkJZmluYWxfbGlzdCA9IHN1Yl9saXN0OwotCQkJ CQl0YWlsID0gZmluYWxfbGlzdDsKLQkJCQkJd2hpbGUgKHRhaWwtPm5leHQgIT0gTlVMTCkK LQkJCQkJCXRhaWwgPSB0YWlsLT5uZXh0OworCQkJCWViaXRtYXBfaW5pdCgmdGVtcCk7CisJ CQkJZ2V0X2NoaWxkX3R5cGVzKCZ0ZW1wLCB0eXBlZGF0dW0sIDApOworCQkJCWZvciAoaiA9 IGViaXRtYXBfc3RhcnRiaXQoJnRlbXApOyBqIDwgZWJpdG1hcF9sZW5ndGgoJnRlbXApOyBq KyspIHsKKwkJCQkJaWYoIWViaXRtYXBfZ2V0X2JpdCgmdGVtcCwgaikpCisJCQkJCQljb250 aW51ZTsKKwkJCQkJc3ViX2xpc3QgPSBjb25kX3RlX2F2dGFiX2hlbHBlcih3aGljaCwgaSwg aiwgJnRjbGFzc2VzLCBhdnAgKTsKKwkJCQkJaWYgKHN1Yl9saXN0PT1DT05EX0VSUikgewor CQkJCQkJZWJpdG1hcF9kZXN0cm95KCZ0ZW1wKTsKKwkJCQkJCXJldHVybiBDT05EX0VSUjsK KwkJCQkJfQorCQkJCQlpZiAoZmluYWxfbGlzdCkgeworCQkJCQkJdGFpbC0+bmV4dCA9IHN1 Yl9saXN0OworCQkJCQkJd2hpbGUgKHRhaWwtPm5leHQgIT0gTlVMTCkKKwkJCQkJCQl0YWls ID0gdGFpbC0+bmV4dDsKKwkJCQkJfSBlbHNlIHsKKwkJCQkJCWZpbmFsX2xpc3QgPSBzdWJf bGlzdDsKKwkJCQkJCXRhaWwgPSBmaW5hbF9saXN0OworCQkJCQkJd2hpbGUgKHRhaWwtPm5l eHQgIT0gTlVMTCkKKwkJCQkJCQl0YWlsID0gdGFpbC0+bmV4dDsKKwkJCQkJfQogCQkJCX0K KwkJCQllYml0bWFwX2Rlc3Ryb3koJnRlbXApOwogCQkJfQogCQl9CiAJfQpAQCAtMjU5NSw3 ICsyNjAyLDggQEAgc3RhdGljIGludCBkZWZpbmVfdGVfYXZ0YWIoaW50IHdoaWNoKQogCWNo YXIgKmlkOwogCWNsYXNzX2RhdHVtX3QgKmNsYWRhdHVtOwogCXBlcm1fZGF0dW1fdCAqcGVy ZGF0dW07Ci0JZWJpdG1hcF90IHN0eXBlcywgdHR5cGVzLCB0Y2xhc3NlcywgbmVnc2V0Owor CXR5cGVfZGF0dW1fdCAqdHlwZWRhdHVtOworCWViaXRtYXBfdCBzdHlwZXMsIHR0eXBlcywg dGNsYXNzZXMsIHRlbXAsIG5lZ3NldDsKIAlhY2Nlc3NfdmVjdG9yX3QgKmF2cDsKIAl1bnNp Z25lZCBpbnQgaSwgaiwgaGljbGFzczsKIAlpbnQgc2VsZiA9IDAsIGFkZCA9IDE7CkBAIC0y NzM1LDggKzI3NDMsMjAgQEAgc3RhdGljIGludCBkZWZpbmVfdGVfYXZ0YWIoaW50IHdoaWNo KQogCQlpZiAoIWViaXRtYXBfZ2V0X2JpdCgmc3R5cGVzLCBpKSkgCiAJCQljb250aW51ZTsK IAkJaWYgKHNlbGYpIHsKLQkJCWlmICh0ZV9hdnRhYl9oZWxwZXIod2hpY2gsIGksIGksICZ0 Y2xhc3NlcywgYXZwKSkKKwkJCXR5cGVkYXR1bSA9IGdldF90eXBlKGkrMSk7CisJCQlpZiAo IXR5cGVkYXR1bSkKIAkJCQlyZXR1cm4gLTE7CisJCQllYml0bWFwX2luaXQoJnRlbXApOwor CQkJZ2V0X2NoaWxkX3R5cGVzKCZ0ZW1wLCB0eXBlZGF0dW0sIDApOworCQkJZm9yIChqID0g ZWJpdG1hcF9zdGFydGJpdCgmdGVtcCk7IGogPCBlYml0bWFwX2xlbmd0aCgmdGVtcCk7IGor KykgeworCQkJCWlmICghZWJpdG1hcF9nZXRfYml0KCZ0ZW1wLCBqKSkKKwkJCQkJY29udGlu dWU7CisJCQkJaWYgKHRlX2F2dGFiX2hlbHBlcih3aGljaCwgaSwgaiwgJnRjbGFzc2VzLCBh dnApKSB7CisJCQkJCWViaXRtYXBfZGVzdHJveSgmdGVtcCk7CisJCQkJCXJldHVybiAtMTsK KwkJCQl9CisJCQl9CisJCQllYml0bWFwX2Rlc3Ryb3koJnRlbXApOwogCQl9CiAJCWZvciAo aiA9IGViaXRtYXBfc3RhcnRiaXQoJnR0eXBlcyk7IGogPCBlYml0bWFwX2xlbmd0aCgmdHR5 cGVzKTsgaisrKSB7CiAJCQlpZiAoIWViaXRtYXBfZ2V0X2JpdCgmdHR5cGVzLCBqKSkgCg== --------------090806040204060002050208-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.