* [PATCH 2/2] - use common av_to_string implementation
@ 2006-01-31 19:43 Joshua Brindle
2006-02-01 14:22 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Joshua Brindle @ 2006-01-31 19:43 UTC (permalink / raw)
To: SELinux; +Cc: Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 382 bytes --]
While debugging the last problem I found that dispol/dismod av rendering
was not working correctly. Since we moved av_to_string into libsepol
(statically) a while back for assertions we should use it for apps like
dispol/dismod that link statically against libsepol. This changes it to
sepol_av_to_string, moves it to util.c and removes the redundant code
from dismod and dispol.
[-- Attachment #2: 2-common-av_to_string.diff --]
[-- Type: text/x-patch, Size: 9500 bytes --]
diff -purN -x.svn checkpolicy/test/dismod.c checkpolicy/test/dismod.c
--- checkpolicy/test/dismod.c 2005-10-25 13:15:27.000000000 -0400
+++ checkpolicy/test/dismod.c 2006-01-31 16:32:46.000000000 -0500
@@ -60,62 +60,24 @@ void usage(char *progname)
exit(1);
}
-/* borrowed from checkpolicy.c */
-static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *p)
-{
- unsigned int *valuep;
- perm_datum_t *perdatum;
-
- valuep = (unsigned int *) p;
- perdatum = (perm_datum_t *) datum;
-
- if (*valuep == perdatum->value)
- return (int) key;
-
- return 0;
-}
-
static void render_access_mask(uint32_t mask, uint32_t class, policydb_t *p, FILE *fp)
{
- unsigned int i;
- class_datum_t *cladatum;
char *perm;
- cladatum = p->class_val_to_struct[class - 1];
fprintf(fp, "{");
- for (i = 1; i <= sizeof(mask) * 8; i++) {
- if (mask & (1 << (i - 1))) {
- perm = (char *) hashtab_map(cladatum->permissions.table,
- find_perm, &i);
-
- if (!perm && cladatum->comdatum) {
- perm = (char *) hashtab_map(cladatum->comdatum->permissions.table,
- find_perm, &i);
- }
- if (perm)
- fprintf(fp, " %s", perm);
- }
- }
- fprintf(fp, " }");
+ perm = sepol_av_to_string(p, class, mask);
+ if (perm)
+ fprintf(fp, "%s ", perm);
+ fprintf(fp, "}");
}
static void render_access_bitmap(ebitmap_t *map, uint32_t class, policydb_t *p, FILE *fp)
{
unsigned int i;
- uint32_t perm_value;
- class_datum_t *cladatum;
char *perm;
- cladatum = p->class_val_to_struct[class - 1];
fprintf(fp, "{");
for (i = ebitmap_startbit(map); i < ebitmap_length(map); i++) {
if (ebitmap_get_bit(map, i)) {
- perm_value = i + 1;
- perm = (char *) hashtab_map(cladatum->permissions.table,
- find_perm, &perm_value);
-
- if (!perm && cladatum->comdatum) {
- perm = (char *) hashtab_map(cladatum->comdatum->permissions.table,
- find_perm, &perm_value);
- }
+ perm = sepol_av_to_string(p, class, 1 << i);
if (perm)
fprintf(fp, " %s", perm);
}
@@ -303,11 +265,11 @@ int display_avrule(avrule_t *avrule, uin
fprintf(fp, " }");
fprintf(fp, " ");
- if( avrule->specified & AVRULE_AV) {
+ if( avrule->specified & (AVRULE_AV | AVRULE_NEVERALLOW)) {
render_access_mask(avrule->perms->data, avrule->perms->class, policy, fp);
} else if ( avrule->specified & AVRULE_TYPE) {
display_id(policy, fp, SYM_TYPES, avrule->perms->data - 1, "");
- }
+ }
fprintf(fp, ";\n");
diff -purN -x.svn checkpolicy/test/dispol.c checkpolicy/test/dispol.c
--- checkpolicy/test/dispol.c 2005-10-11 15:02:49.000000000 -0400
+++ checkpolicy/test/dispol.c 2006-01-31 15:51:35.000000000 -0500
@@ -41,42 +41,14 @@ void usage(char *progname)
exit(1);
}
-/* borrowed from checkpolicy.c */
-static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *p)
-{
- unsigned int *valuep;
- perm_datum_t *perdatum;
-
- valuep = (unsigned int *) p;
- perdatum = (perm_datum_t *) datum;
-
- if (*valuep == perdatum->value)
- return (int) key;
-
- return 0;
-}
-
int render_access_mask(uint32_t mask, avtab_key_t *key, policydb_t *p, FILE *fp)
{
- unsigned int i;
- class_datum_t *cladatum;
char *perm;
- cladatum = p->class_val_to_struct[key->target_class -1];
fprintf(fp, "{");
- for (i = 1; i <= sizeof(mask) * 8; i++) {
- if (mask & (1 << (i - 1))) {
- perm = (char *) hashtab_map(cladatum->permissions.table,
- find_perm, &i);
-
- if (!perm && cladatum->comdatum) {
- perm = (char *) hashtab_map(cladatum->comdatum->permissions.table,
- find_perm, &i);
- }
- if (perm)
- fprintf(fp, " %s", perm);
- }
- }
- fprintf(fp, " }");
+ perm = sepol_av_to_string(p, key->target_class, mask);
+ if (perm)
+ fprintf(fp, "%s ", perm);
+ fprintf(fp, "}");
return 0;
}
diff -purN -x.svn libsepol/include/sepol/policydb/policydb.h libsepol/include/sepol/policydb/policydb.h
--- libsepol/include/sepol/policydb/policydb.h 2006-01-23 13:47:25.000000000 -0500
+++ libsepol/include/sepol/policydb/policydb.h 2006-01-31 15:22:56.000000000 -0500
@@ -509,6 +509,9 @@ extern int symtab_insert(policydb_t *x,
uint32_t scope, uint32_t avrule_decl_id,
uint32_t *value);
+extern char *sepol_av_to_string(policydb_t *policydbp, uint32_t tclass,
+ sepol_access_vector_t av);
+
/* A policy "file" may be a memory region referenced by a (data, len) pair
or a file referenced by a FILE pointer. */
typedef struct policy_file {
diff -purN -x.svn libsepol/src/assertion.c libsepol/src/assertion.c
--- libsepol/src/assertion.c 2006-01-23 13:47:26.000000000 -0500
+++ libsepol/src/assertion.c 2006-01-31 15:18:16.000000000 -0500
@@ -26,65 +26,6 @@
#include "debug.h"
-/* This isn't exactly the best place to put this but it will do
- until something else needs it */
-struct val_to_name {
- unsigned int val;
- char *name;
-};
-
-static int perm_name(hashtab_key_t key, hashtab_datum_t datum, void *data)
-{
- struct val_to_name *v = data;
- perm_datum_t *perdatum;
-
- perdatum = (perm_datum_t *) datum;
-
- if (v->val == perdatum->value) {
- v->name = key;
- return 1;
- }
-
- return 0;
-}
-
-static char *av_to_string(policydb_t *policydbp, uint32_t tclass, sepol_access_vector_t av)
-{
- struct val_to_name v;
- static char avbuf[1024];
- class_datum_t *cladatum;
- char *perm = NULL, *p;
- unsigned int i;
- int rc;
- int avlen = 0, len;
-
- cladatum = policydbp->class_val_to_struct[tclass-1];
- p = avbuf;
- for (i = 0; i < cladatum->permissions.nprim; i++) {
- if (av & (1 << i)) {
- v.val = i+1;
- rc = hashtab_map(cladatum->permissions.table,
- perm_name, &v);
- if (!rc && cladatum->comdatum) {
- rc = hashtab_map(
- cladatum->comdatum->permissions.table,
- perm_name, &v);
- }
- if (rc)
- perm = v.name;
- if (perm) {
- len = snprintf(p, sizeof(avbuf) - avlen, " %s", perm);
- if (len < 0 || (size_t) len >= (sizeof(avbuf) - avlen))
- return NULL;
- p += len;
- avlen += len;
- }
- }
- }
-
- return avbuf;
-}
-
static int check_assertion_helper(sepol_handle_t *handle,
policydb_t *p,
avtab_t *te_avtab, avtab_t *te_cond_avtab,
@@ -120,7 +61,7 @@ err:
ERR(handle, "assertion on line %lu violated by allow %s %s:%s {%s };",
line, p->p_type_val_to_name[stype], p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->class - 1],
- av_to_string(p, curperm->class, node->datum.data & curperm->data));
+ sepol_av_to_string(p, curperm->class, node->datum.data & curperm->data));
return -1;
}
diff -purN -x.svn libsepol/src/util.c libsepol/src/util.c
--- libsepol/src/util.c 2005-10-20 14:50:05.000000000 -0400
+++ libsepol/src/util.c 2006-01-31 15:24:15.000000000 -0500
@@ -28,6 +28,11 @@
#include <sepol/policydb/flask_types.h>
#include <sepol/policydb/policydb.h>
+static struct val_to_name {
+ unsigned int val;
+ char *name;
+};
+
/* Add an unsigned integer to a dynamically reallocated array. *cnt
* is a reference pointer to the number of values already within array
* *a; it will be incremented upon successfully appending i. If *a is
@@ -235,3 +240,54 @@ int symtab_insert(policydb_t *pol, uint3
return retval;
}
+static int perm_name(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ struct val_to_name *v = data;
+ perm_datum_t *perdatum;
+
+ perdatum = (perm_datum_t *) datum;
+
+ if (v->val == perdatum->value) {
+ v->name = key;
+ return 1;
+ }
+
+ return 0;
+}
+
+char *sepol_av_to_string(policydb_t *policydbp, uint32_t tclass, sepol_access_vector_t av)
+{
+ struct val_to_name v;
+ static char avbuf[1024];
+ class_datum_t *cladatum;
+ char *perm = NULL, *p;
+ unsigned int i;
+ int rc;
+ int avlen = 0, len;
+
+ cladatum = policydbp->class_val_to_struct[tclass-1];
+ p = avbuf;
+ for (i = 0; i < cladatum->permissions.nprim; i++) {
+ if (av & (1 << i)) {
+ v.val = i+1;
+ rc = hashtab_map(cladatum->permissions.table,
+ perm_name, &v);
+ if (!rc && cladatum->comdatum) {
+ rc = hashtab_map(
+ cladatum->comdatum->permissions.table,
+ perm_name, &v);
+ }
+ if (rc)
+ perm = v.name;
+ if (perm) {
+ len = snprintf(p, sizeof(avbuf) - avlen, " %s", perm);
+ if (len < 0 || (size_t) len >= (sizeof(avbuf) - avlen))
+ return NULL;
+ p += len;
+ avlen += len;
+ }
+ }
+ }
+
+ return avbuf;
+}
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [PATCH 2/2] - use common av_to_string implementation
2006-01-31 19:43 [PATCH 2/2] - use common av_to_string implementation Joshua Brindle
@ 2006-02-01 14:22 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2006-02-01 14:22 UTC (permalink / raw)
To: Joshua Brindle; +Cc: SELinux
On Tue, 2006-01-31 at 14:43 -0500, Joshua Brindle wrote:
> While debugging the last problem I found that dispol/dismod av rendering
> was not working correctly. Since we moved av_to_string into libsepol
> (statically) a while back for assertions we should use it for apps like
> dispol/dismod that link statically against libsepol. This changes it to
> sepol_av_to_string, moves it to util.c and removes the redundant code
> from dismod and dispol.
Thanks, merged as of libsepol 1.11.11 and checkpolicy 1.29.1 with one
minor modification - removed useless static keyword on struct definition
(wasn't in the original code being moved, and generated a compiler
warning).
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-02-01 14:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-31 19:43 [PATCH 2/2] - use common av_to_string implementation Joshua Brindle
2006-02-01 14:22 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.