SELinux: Fix arguments when expanding user_datum_t.roles

SELinux: Fix arguments when expanding user_datum_t.roles

[Harry Ciao]

Hi,

When expanding the role_set_t used in user_datum_t or role_allow and
role_transition rules, the pointer to the policydb_t of the out module
should always be used, I guess when user_copy_callback() invokes
role_set_expand(), the pointer to the policydb_t of the base module
is mistakenly passed.

Thanks,
Harry

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH 1/1] Fix arguments when expanding user_datum_t.roles

[Harry Ciao]

When expanding user_datum_t.roles role_set_t, the policydb_t of
the out module should be passed rather than that of the base module!

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
---
 libsepol/src/expand.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index da084ec..3308c3f 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -977,7 +977,7 @@ static int user_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
 	ebitmap_init(&tmp_union);
 
 	/* get global roles for this user */
-	if (role_set_expand(&user->roles, &tmp_union, state->base, state->rolemap)) {
+	if (role_set_expand(&user->roles, &tmp_union, state->out, state->rolemap)) {
 		ERR(state->handle, "Out of memory!");
 		ebitmap_destroy(&tmp_union);
 		return -1;
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH 1/1] Fix arguments when expanding user_datum_t.roles

[HarryCiao]

[-- Attachment #1: Type: text/plain, Size: 1483 bytes --]


Please ignore this patch, I have integrated it in those patches to add role attribute support.

Thanks,
Harry

> From: qingtao.cao@windriver.com
> To: sds@tycho.nsa.gov; jmorris@namei.org; eparis@parisplace.org
> CC: selinux@tycho.nsa.gov
> Subject: [PATCH 1/1] Fix arguments when expanding user_datum_t.roles
> Date: Wed, 25 May 2011 17:26:09 +0800
> 
> When expanding user_datum_t.roles role_set_t, the policydb_t of
> the out module should be passed rather than that of the base module!
> 
> Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
> ---
>  libsepol/src/expand.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index da084ec..3308c3f 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -977,7 +977,7 @@ static int user_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
>  	ebitmap_init(&tmp_union);
>  
>  	/* get global roles for this user */
> -	if (role_set_expand(&user->roles, &tmp_union, state->base, state->rolemap)) {
> +	if (role_set_expand(&user->roles, &tmp_union, state->out, state->rolemap)) {
>  		ERR(state->handle, "Out of memory!");
>  		ebitmap_destroy(&tmp_union);
>  		return -1;
> -- 
> 1.7.0.4
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
 		 	   		  

[-- Attachment #2: Type: text/html, Size: 1945 bytes --]