* [PATCH] show correct error message when a policy has duplicate declarations
@ 2005-08-31 17:43 Jason Tang
2005-08-31 18:09 ` Stephen Smalley
0 siblings, 1 reply; 4+ messages in thread
From: Jason Tang @ 2005-08-31 17:43 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 206 bytes --]
Although checkpolicy/checkmodule catch duplicate declarations, the
compiler prints the wrong message. This patch alters the program so that it
shows the correct message.
--
Jason Tang / jtang@tresys.com
[-- Attachment #2: module_compiler-patch --]
[-- Type: text/plain, Size: 1136 bytes --]
--- checkpolicy.old/module_compiler.c 2005-08-22 15:16:41.000000000 -0400
+++ checkpolicy/module_compiler.c 2005-08-31 13:25:25.000000000 -0400
@@ -145,9 +145,11 @@ int declare_symbol(uint32_t symbol_type,
else if (retval == -2) {
return -2;
}
- else if (retval == -1 || retval == -ENOMEM) {
+ else if (retval < 0) {
return -3;
}
+ else { /* fall through possible if retval is 0 */
+ }
if (datum_value != NULL) {
if (ebitmap_set_bit(decl->declared.scope + symbol_type,
*datum_value - 1,
@@ -497,9 +499,11 @@ int require_symbol(uint32_t symbol_type,
else if (retval == -2) {
return -2;
}
- else if (retval == -1 || retval == -ENOMEM) {
+ else if (retval < 0) {
return -3;
}
+ else { /* fall through possible if retval is 0 */
+ }
if (datum_value != NULL) {
if (ebitmap_set_bit(decl->required.scope + symbol_type,
*datum_value - 1,
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] show correct error message when a policy has duplicate declarations
2005-08-31 17:43 [PATCH] show correct error message when a policy has duplicate declarations Jason Tang
@ 2005-08-31 18:09 ` Stephen Smalley
2005-08-31 18:23 ` Stephen Smalley
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2005-08-31 18:09 UTC (permalink / raw)
To: Jason Tang; +Cc: selinux
On Wed, 2005-08-31 at 13:43 -0400, Jason Tang wrote:
> Although checkpolicy/checkmodule catch duplicate declarations, the
> compiler prints the wrong message. This patch alters the program so that it
> shows the correct message.
Hmm...interesting. Adding a duplicate type declaration for device_t, I
see the following behaviors before and after this patch:
Before:
checkpolicy: module_compiler.c:318: declare_type: Assertion `0' failed.
After:
types/device.te:16:ERROR 'Out of memory!' at token ';' on line 3855:
type device_t;
checkpolicy: error(s) encountered while parsing configuration
Somewhat improved, but still not what we want.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] show correct error message when a policy has duplicate declarations
2005-08-31 18:09 ` Stephen Smalley
@ 2005-08-31 18:23 ` Stephen Smalley
2005-09-02 13:36 ` Joshua Brindle
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2005-08-31 18:23 UTC (permalink / raw)
To: Jason Tang; +Cc: selinux
On Wed, 2005-08-31 at 14:09 -0400, Stephen Smalley wrote:
> On Wed, 2005-08-31 at 13:43 -0400, Jason Tang wrote:
> > Although checkpolicy/checkmodule catch duplicate declarations, the
> > compiler prints the wrong message. This patch alters the program so that it
> > shows the correct message.
>
> Hmm...interesting. Adding a duplicate type declaration for device_t, I
> see the following behaviors before and after this patch:
>
> Before:
> checkpolicy: module_compiler.c:318: declare_type: Assertion `0' failed.
>
> After:
> types/device.te:16:ERROR 'Out of memory!' at token ';' on line 3855:
>
> type device_t;
> checkpolicy: error(s) encountered while parsing configuration
>
> Somewhat improved, but still not what we want.
Looks like the real bug is in libsepol, i.e.
Index: libsepol/src/util.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libsepol/src/util.c,v
retrieving revision 1.4
diff -u -p -r1.4 util.c
--- libsepol/src/util.c 25 Aug 2005 17:00:49 -0000 1.4
+++ libsepol/src/util.c 31 Aug 2005 18:11:01 -0000
@@ -175,7 +175,7 @@ int symtab_insert(policydb_t *pol, uint3
}
else {
/* duplicate declarations not allowed for all else */
- return rc;
+ return -2;
}
}
else {
Not clear whether your patch is needed or not at that point.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] show correct error message when a policy has duplicate declarations
2005-08-31 18:23 ` Stephen Smalley
@ 2005-09-02 13:36 ` Joshua Brindle
0 siblings, 0 replies; 4+ messages in thread
From: Joshua Brindle @ 2005-09-02 13:36 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Jason Tang, selinux
Stephen Smalley wrote:
>On Wed, 2005-08-31 at 14:09 -0400, Stephen Smalley wrote:
>
>
>>On Wed, 2005-08-31 at 13:43 -0400, Jason Tang wrote:
>>
>>
>>>Although checkpolicy/checkmodule catch duplicate declarations, the
>>>compiler prints the wrong message. This patch alters the program so that it
>>>shows the correct message.
>>>
>>>
>>Hmm...interesting. Adding a duplicate type declaration for device_t, I
>>see the following behaviors before and after this patch:
>>
>>Before:
>>checkpolicy: module_compiler.c:318: declare_type: Assertion `0' failed.
>>
>>After:
>>types/device.te:16:ERROR 'Out of memory!' at token ';' on line 3855:
>>
>>type device_t;
>>checkpolicy: error(s) encountered while parsing configuration
>>
>>Somewhat improved, but still not what we want.
>>
>>
>
>Looks like the real bug is in libsepol, i.e.
>
>Index: libsepol/src/util.c
>===================================================================
>RCS file: /nfshome/pal/CVS/selinux-usr/libsepol/src/util.c,v
>retrieving revision 1.4
>diff -u -p -r1.4 util.c
>--- libsepol/src/util.c 25 Aug 2005 17:00:49 -0000 1.4
>+++ libsepol/src/util.c 31 Aug 2005 18:11:01 -0000
>@@ -175,7 +175,7 @@ int symtab_insert(policydb_t *pol, uint3
> }
> else {
> /* duplicate declarations not allowed for all else */
>- return rc;
>+ return -2;
> }
> }
> else {
>
>Not clear whether your patch is needed or not at that point.
>
>
Probably not but it would be a good idea to audit all the error handling
so that this sort of thing doesn't happen in the future.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-09-02 13:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-31 17:43 [PATCH] show correct error message when a policy has duplicate declarations Jason Tang
2005-08-31 18:09 ` Stephen Smalley
2005-08-31 18:23 ` Stephen Smalley
2005-09-02 13:36 ` Joshua Brindle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.