* [PATCH v2] libsepol/cil: Fix bugs when writing policy.conf rules
@ 2017-06-14 18:23 James Carter
2017-06-15 17:27 ` jwcart2
0 siblings, 1 reply; 2+ messages in thread
From: James Carter @ 2017-06-14 18:23 UTC (permalink / raw)
To: selinux
The typebounds rules should end with a ";".
The netifcon and nodecon rules should not end with a ";".
The default rules are missing a "_". They should be "default_user",
"default_role" and "default_type".
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
v2: "default_user", not "default_usr"
libsepol/cil/src/cil_policy.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index 2196ae8..729b6e0 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -1069,7 +1069,7 @@ static void cil_typebounds_to_policy(FILE *out, struct cil_list *types)
child = i1->data;
if (child->bounds != NULL) {
parent = child->bounds;
- fprintf(out, "typebounds %s %s\n", parent->datum.fqn, child->datum.fqn);
+ fprintf(out, "typebounds %s %s;\n", parent->datum.fqn, child->datum.fqn);
}
}
}
@@ -1779,7 +1779,7 @@ static void cil_netifcons_to_policy(FILE *out, struct cil_sort *netifcons, int m
cil_context_to_policy(out, netifcon->if_context, mls);
fprintf(out, " ");
cil_context_to_policy(out, netifcon->packet_context, mls);
- fprintf(out, ";\n");
+ fprintf(out, "\n");
}
}
@@ -1836,7 +1836,7 @@ static void cil_nodecons_to_policy(FILE *out, struct cil_sort *nodecons, int mls
}
cil_context_to_policy(out, nodecon->context, mls);
- fprintf(out, ";\n");
+ fprintf(out, "\n");
}
}
@@ -1928,9 +1928,9 @@ void cil_gen_policy(FILE *out, struct cil_db *db)
cil_commons_to_policy(out, lists[CIL_LIST_COMMON]);
cil_classes_to_policy(out, db->classorder);
- cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_USER], CIL_KEY_DEFAULTUSER);
- cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_ROLE], CIL_KEY_DEFAULTROLE);
- cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_TYPE], CIL_KEY_DEFAULTTYPE);
+ cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_USER], "default_user");
+ cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_ROLE], "default_role");
+ cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_TYPE], "default_type");
if (db->mls == CIL_TRUE) {
cil_default_ranges_to_policy(out, lists[CIL_LIST_DEFAULT_RANGE]);
--
2.9.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] libsepol/cil: Fix bugs when writing policy.conf rules
2017-06-14 18:23 [PATCH v2] libsepol/cil: Fix bugs when writing policy.conf rules James Carter
@ 2017-06-15 17:27 ` jwcart2
0 siblings, 0 replies; 2+ messages in thread
From: jwcart2 @ 2017-06-15 17:27 UTC (permalink / raw)
To: selinux
On 06/14/2017 02:23 PM, James Carter wrote:
> The typebounds rules should end with a ";".
>
> The netifcon and nodecon rules should not end with a ";".
>
> The default rules are missing a "_". They should be "default_user",
> "default_role" and "default_type".
>
> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This patch has been applied.
Jim
> ---
> v2: "default_user", not "default_usr"
>
> libsepol/cil/src/cil_policy.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
> index 2196ae8..729b6e0 100644
> --- a/libsepol/cil/src/cil_policy.c
> +++ b/libsepol/cil/src/cil_policy.c
> @@ -1069,7 +1069,7 @@ static void cil_typebounds_to_policy(FILE *out, struct cil_list *types)
> child = i1->data;
> if (child->bounds != NULL) {
> parent = child->bounds;
> - fprintf(out, "typebounds %s %s\n", parent->datum.fqn, child->datum.fqn);
> + fprintf(out, "typebounds %s %s;\n", parent->datum.fqn, child->datum.fqn);
> }
> }
> }
> @@ -1779,7 +1779,7 @@ static void cil_netifcons_to_policy(FILE *out, struct cil_sort *netifcons, int m
> cil_context_to_policy(out, netifcon->if_context, mls);
> fprintf(out, " ");
> cil_context_to_policy(out, netifcon->packet_context, mls);
> - fprintf(out, ";\n");
> + fprintf(out, "\n");
> }
> }
>
> @@ -1836,7 +1836,7 @@ static void cil_nodecons_to_policy(FILE *out, struct cil_sort *nodecons, int mls
> }
>
> cil_context_to_policy(out, nodecon->context, mls);
> - fprintf(out, ";\n");
> + fprintf(out, "\n");
> }
> }
>
> @@ -1928,9 +1928,9 @@ void cil_gen_policy(FILE *out, struct cil_db *db)
> cil_commons_to_policy(out, lists[CIL_LIST_COMMON]);
> cil_classes_to_policy(out, db->classorder);
>
> - cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_USER], CIL_KEY_DEFAULTUSER);
> - cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_ROLE], CIL_KEY_DEFAULTROLE);
> - cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_TYPE], CIL_KEY_DEFAULTTYPE);
> + cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_USER], "default_user");
> + cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_ROLE], "default_role");
> + cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_TYPE], "default_type");
>
> if (db->mls == CIL_TRUE) {
> cil_default_ranges_to_policy(out, lists[CIL_LIST_DEFAULT_RANGE]);
>
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-06-15 17:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-14 18:23 [PATCH v2] libsepol/cil: Fix bugs when writing policy.conf rules James Carter
2017-06-15 17:27 ` jwcart2
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.