PERFORCE change 113507 for review
Todd Miller
millert at FreeBSD.org
Thu Jan 25 15:06:39 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113507
Change 113507 by millert at millert_macbook on 2007/01/25 15:06:05
Update to libsepol-1.16.0 from the NSA web site.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/write.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#5 (text+ko) ====
@@ -1,3 +1,20 @@
+1.16.0 2007-01-18
+ * Updated version for stable branch.
+
+1.15.3 2006-11-27
+ * Merged patch to compile wit -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offest table
+ limit. Patch changed to include libselinux and libsemanage in
+ addition to libselinux.
+1.15.2 2006-10-31
+ * Merged fix from Karl MacMillan for a segfault when linking
+ non-MLS modules with users in them.
+
+1.15.1 2006-10-24
+ * Merged fix for version comparison that was preventing range
+ transition rules from being written for a version 5 base policy
+ from Darrel Goeddel.
+
1.14 2006-10-17
* Updated version for release.
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#5 (text+ko) ====
@@ -1,1 +1,1 @@
-1.14
+1.16.0
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#5 (text+ko) ====
@@ -827,19 +827,24 @@
return -1;
}
-static int mls_level_convert(mls_semantic_level_t * src,
- mls_semantic_level_t * dst, policy_module_t * mod)
+static int mls_level_convert(mls_semantic_level_t * src, mls_semantic_level_t * dst,
+ policy_module_t * mod, link_state_t * state)
{
mls_semantic_cat_t *src_cat, *new_cat;
+ if (!mod->policy->mls)
+ return 0;
+
assert(mod->map[SYM_LEVELS][src->sens - 1]);
dst->sens = mod->map[SYM_LEVELS][src->sens - 1];
for (src_cat = src->cat; src_cat; src_cat = src_cat->next) {
new_cat =
(mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
- if (!new_cat)
+ if (!new_cat) {
+ ERR(state->handle, "Out of memory");
return -1;
+ }
mls_semantic_cat_init(new_cat);
new_cat->next = dst->cat;
@@ -854,13 +859,16 @@
return 0;
}
-static int mls_range_convert(mls_semantic_range_t * src,
- mls_semantic_range_t * dst, policy_module_t * mod)
+static int mls_range_convert(mls_semantic_range_t * src, mls_semantic_range_t * dst,
+ policy_module_t * mod, link_state_t * state)
{
- if (mls_level_convert(&src->level[0], &dst->level[0], mod))
- return -1;
- if (mls_level_convert(&src->level[1], &dst->level[1], mod))
- return -1;
+ int ret;
+ ret = mls_level_convert(&src->level[0], &dst->level[0], mod, state);
+ if (ret)
+ return ret;
+ ret = mls_level_convert(&src->level[1], &dst->level[1], mod, state);
+ if (ret)
+ return ret;
return 0;
}
@@ -994,10 +1002,10 @@
goto cleanup;
}
- if (mls_range_convert(&user->range, &new_user->range, mod))
+ if (mls_range_convert(&user->range, &new_user->range, mod, state))
goto cleanup;
- if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod))
+ if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod, state))
goto cleanup;
return 0;
@@ -1224,7 +1232,7 @@
}
}
- if (mls_range_convert(&rule->trange, &new_rule->trange, mod))
+ if (mls_range_convert(&rule->trange, &new_rule->trange, mod, state))
goto cleanup;
}
return 0;
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/write.c#4 (text+ko) ====
@@ -1641,7 +1641,7 @@
if ((p->policyvers >= POLICYDB_VERSION_MLS
&& p->policy_type == POLICY_KERN)
|| (p->policyvers >= MOD_POLICYDB_VERSION_MLS
- && p->policyvers < MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS
&& p->policy_type == POLICY_BASE)) {
if (range_write(p, fp)) {
return POLICYDB_ERROR;
More information about the trustedbsd-cvs
mailing list