* [PATCH] Modify audit2why analyze function to use loaded policy
@ 2016-06-03 0:19 Joshua Brindle
2016-06-03 12:55 ` Joshua Brindle
0 siblings, 1 reply; 2+ messages in thread
From: Joshua Brindle @ 2016-06-03 0:19 UTC (permalink / raw)
To: selinux
Class and perms should come from the policy being used for analysis,
not the system policy so use sepol_ interfaces
Change-Id: Ia0590ed2514249fd98810a8d4fe87f8bf5280561
---
libselinux/src/audit2why.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index 12745b3..abe1701 100644
--- a/libselinux/src/audit2why.c
+++ b/libselinux/src/audit2why.c
@@ -343,8 +343,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
if (rc < 0)
RETURN(BADTCON)
- tclass = string_to_security_class(tclassstr);
- if (!tclass)
+ rc = sepol_string_to_security_class(tclassstr, &tclass);
+ if (rc < 0)
RETURN(BADTCLASS)
/* Convert the permission list to an AV. */
@@ -365,8 +365,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
permstr = PyString_AsString( strObj );
#endif
- perm = string_to_av_perm(tclass, permstr);
- if (!perm)
+ rc = sepol_string_to_av_perm(tclass, permstr, &perm);
+ if (rc < 0)
RETURN(BADPERM)
av |= perm;
--
2.1.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] Modify audit2why analyze function to use loaded policy
2016-06-03 0:19 [PATCH] Modify audit2why analyze function to use loaded policy Joshua Brindle
@ 2016-06-03 12:55 ` Joshua Brindle
0 siblings, 0 replies; 2+ messages in thread
From: Joshua Brindle @ 2016-06-03 12:55 UTC (permalink / raw)
To: selinux
Joshua Brindle wrote:
> Class and perms should come from the policy being used for analysis,
> not the system policy so use sepol_ interfaces
>
Hrm, this solved my original problem which was that I was getting the
wrong answer back from audit2why (classes in my policy that weren't in
the system policy can back with BADTCLASS instead of a more appropriate
answer) but now I have a segfault so I'll try to track that down.
> Change-Id: Ia0590ed2514249fd98810a8d4fe87f8bf5280561
> ---
> libselinux/src/audit2why.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
> index 12745b3..abe1701 100644
> --- a/libselinux/src/audit2why.c
> +++ b/libselinux/src/audit2why.c
> @@ -343,8 +343,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
> if (rc< 0)
> RETURN(BADTCON)
>
> - tclass = string_to_security_class(tclassstr);
> - if (!tclass)
> + rc = sepol_string_to_security_class(tclassstr,&tclass);
> + if (rc< 0)
> RETURN(BADTCLASS)
>
> /* Convert the permission list to an AV. */
> @@ -365,8 +365,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
> permstr = PyString_AsString( strObj );
> #endif
>
> - perm = string_to_av_perm(tclass, permstr);
> - if (!perm)
> + rc = sepol_string_to_av_perm(tclass, permstr,&perm);
> + if (rc< 0)
> RETURN(BADPERM)
>
> av |= perm;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-03 12:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-03 0:19 [PATCH] Modify audit2why analyze function to use loaded policy Joshua Brindle
2016-06-03 12:55 ` Joshua Brindle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.