All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] sepolgen: correctly extract params from interface calls
@ 2007-03-01 16:44 Karl MacMillan
  0 siblings, 0 replies; only message in thread
From: Karl MacMillan @ 2007-03-01 16:44 UTC (permalink / raw)
  To: SELinux List; +Cc: Daniel J Walsh

This patch makes the interface parameter extraction code extract
parameters from interface calls. This didn't matter much before because
interfaces normally contained allow rules, but the new policy patterns
make it likely that an interface will have only interface calls. Also
included is a small bug fix in the code that handles conflicting
parameter types.

Signed-off-by: Karl MacMillan <kmacmillan@mentalrootkit.com>

diff -r 62550235fedc sepolgen/src/sepolgen/interfaces.py
--- a/sepolgen/src/sepolgen/interfaces.py	Thu Mar 01 11:14:39 2007 -0500
+++ b/sepolgen/src/sepolgen/interfaces.py	Thu Mar 01 11:33:49 2007 -0500
@@ -71,7 +71,11 @@ def __param_insert(name, type, av, param
             # If the object is not implicitly typed, tell the
             # caller there is a likely conflict.
             ret = 1
-            for obj in itertools.chain(p.obj_classes, [av.obj_class]):
+            if av:
+                avobjs = [av.obj_class]
+            else:
+                avobjs = []
+            for obj in itertools.chain(p.obj_classes, avobjs):
                 if obj in objectmodel.implicitly_typed_objects:
                     ret = 0
                     break
@@ -181,6 +185,17 @@ def type_rule_extract_params(rule, param
         if __param_insert(rule.dest_type, refpolicy.DEST_TYPE, None, params):
             ret = 1
             
+    return ret
+
+def ifcall_extract_params(ifcall, params):
+    ret = 0
+    for arg in ifcall.args:
+        if access.is_idparam(arg):
+            # Assume interface arguments are source types. Fairly safe
+            # assumption for most interfaces
+            if __param_insert(arg, refpolicy.SRC_TYPE, None, params):
+                ret = 1
+
     return ret
             
 
@@ -229,6 +244,13 @@ class InterfaceVector:
                 pass
                 #print "found conflicting params in rule %s in interface %s" % \
                 #      (str(rule), interface.name)
+
+        for ifcall in interface.interface_calls():
+            if ifcall_extract_params(ifcall, self.params):
+                pass
+                #print "found conflicting params in ifcall %s in interface %s" % \
+                #      (str(ifcall), interface.name)
+            
 
     def add_av(self, av):
         if av_extract_params(av, self.params) == 1:



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2007-03-01 16:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-01 16:44 [PATCH] sepolgen: correctly extract params from interface calls Karl MacMillan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.