From owner-trustedbsd-cvs@FreeBSD.ORG  Wed Oct 25 20:56:03 2006
Return-Path: <owner-trustedbsd-cvs@FreeBSD.ORG>
X-Original-To: trustedbsd-cvs@freebsd.org
Delivered-To: trustedbsd-cvs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 56C3616A494
	for <trustedbsd-cvs@freebsd.org>; Wed, 25 Oct 2006 20:56:03 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3112643E0D
	for <trustedbsd-cvs@freebsd.org>; Wed, 25 Oct 2006 20:54:04 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])
	by cyrus.watson.org (Postfix) with ESMTP id 2ED2046D7D
	for <trustedbsd-cvs@trustedbsd.org>;
	Wed, 25 Oct 2006 16:53:47 -0400 (EDT)
Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP id 7E6D1740E0;
	Wed, 25 Oct 2006 20:47:25 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 76EEB16A4E5; Wed, 25 Oct 2006 20:47:25 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3CB7A16A417
	for <perforce@freebsd.org>; Wed, 25 Oct 2006 20:47:25 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F37E043D98
	for <perforce@freebsd.org>; Wed, 25 Oct 2006 20:47:02 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9PKl20n072817
	for <perforce@freebsd.org>; Wed, 25 Oct 2006 20:47:02 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9PKl2H6072548
	for perforce@freebsd.org; Wed, 25 Oct 2006 20:47:02 GMT
	(envelope-from millert@freebsd.org)
Date: Wed, 25 Oct 2006 20:47:02 GMT
Message-Id: <200610252047.k9PKl2H6072548@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 108428 for review
X-BeenThere: trustedbsd-cvs@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD CVS and Perforce commit message list
	<trustedbsd-cvs.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>, 
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-cvs>
List-Post: <mailto:trustedbsd-cvs@FreeBSD.org>
List-Help: <mailto:trustedbsd-cvs-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>,
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2006 20:56:03 -0000

http://perforce.freebsd.org/chv.cgi?CH=108428

Change 108428 by millert@millert_macbook on 2006/10/25 20:46:23

	Update to libsepol-1.14 from the NSA web site.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/policydb.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/expand.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/policydb.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#4 (text+ko) ====

@@ -1,3 +1,13 @@
+1.14 2006-10-17
+	* Updated version for release.
+
+1.12.28 2006-09-28
+	* Build libsepol's static object files with -fpic
+
+1.12.27 2006-09-28
+	* Merged mls user and range_transition support in modules
+	  from Darrel Goeddel
+
 1.12.26 2006-09-05
 	* Merged range transition enhancements and user format changes
 	  Darrel Goeddel

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#4 (text+ko) ====

@@ -1,1 +1,1 @@
-1.12.26
+1.14

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/policydb.h#4 (text+ko) ====

@@ -532,6 +532,10 @@
 extern void type_datum_destroy(type_datum_t * x);
 extern void user_datum_init(user_datum_t * x);
 extern void user_datum_destroy(user_datum_t * x);
+extern void level_datum_init(level_datum_t * x);
+extern void level_datum_destroy(level_datum_t * x);
+extern void cat_datum_init(cat_datum_t * x);
+extern void cat_datum_destroy(cat_datum_t * x);
 
 extern int check_assertions(sepol_handle_t * handle,
 			    policydb_t * p, avrule_t * avrules);

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/expand.c#4 (text+ko) ====

@@ -823,13 +823,17 @@
 	if (state->verbose)
 		INFO(state->handle, "copying sensitivity level %s", id);
 
-	if ((new_level =
-	     (level_datum_t *) calloc(1, sizeof(*new_level))) == NULL
-	    || (new_level->level =
-		(mls_level_t *) calloc(1, sizeof(mls_level_t))) == NULL
-	    || (new_id = strdup(id)) == NULL) {
+	new_level = (level_datum_t *) malloc(sizeof(level_datum_t));
+	if (!new_level)
+		goto out_of_mem;
+	level_datum_init(new_level);
+	new_level->level = (mls_level_t *) malloc(sizeof(mls_level_t));
+	if (!new_level->level)
+		goto out_of_mem;
+	mls_level_init(new_level->level);
+	new_id = strdup(id);
+	if (!new_id)
 		goto out_of_mem;
-	}
 
 	if (mls_level_cpy(new_level->level, level->level)) {
 		goto out_of_mem;
@@ -847,9 +851,10 @@
       out_of_mem:
 	ERR(state->handle, "Out of memory!");
 	if (new_level != NULL && new_level->level != NULL) {
-		ebitmap_destroy(&new_level->level->cat);
+		mls_level_destroy(new_level->level);
 		free(new_level->level);
 	}
+	level_datum_destroy(new_level);
 	free(new_level);
 	free(new_id);
 	return -1;
@@ -870,10 +875,13 @@
 	if (state->verbose)
 		INFO(state->handle, "copying category attribute %s", id);
 
-	if ((new_cat = (cat_datum_t *) calloc(1, sizeof(*new_cat))) == NULL ||
-	    (new_id = strdup(id)) == NULL) {
+	new_cat = (cat_datum_t *) malloc(sizeof(cat_datum_t));
+	if (!new_cat)
+		goto out_of_mem;
+	cat_datum_init(new_cat);
+	new_id = strdup(id);
+	if (!new_id)
 		goto out_of_mem;
-	}
 
 	new_cat->s.value = cat->s.value;
 	new_cat->isalias = cat->isalias;
@@ -887,6 +895,7 @@
 
       out_of_mem:
 	ERR(state->handle, "Out of memory!");
+	cat_datum_destroy(new_cat);
 	free(new_cat);
 	free(new_id);
 	return -1;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#4 (text+ko) ====

@@ -468,25 +468,8 @@
 	char *id = key, *new_id = NULL;
 	user_datum_t *user, *base_user, *new_user = NULL;
 	link_state_t *state = (link_state_t *) data;
-	scope_datum_t *scope;
 
 	user = (user_datum_t *) datum;
-	if (state->base->mls) {
-		scope =
-		    hashtab_search(state->cur->policy->p_users_scope.table, id);
-		if (!scope) {
-			ERR(state->handle,
-			    "No scope information for user %s in module %s\n",
-			    id, state->cur_mod_name);
-			return -1;
-		}
-		if (scope->scope == SCOPE_DECL) {
-			ERR(state->handle,
-			    "Users cannot be declared in MLS modules");
-			return -1;
-		}
-		/* required users fall through */
-	}
 
 	base_user = hashtab_search(state->base->p_users.table, id);
 	if (base_user == NULL) {
@@ -502,9 +485,8 @@
 			goto cleanup;
 		}
 		user_datum_init(new_user);
-		/* new_users's roles field will be copied during
-		   fix_user_callback().  the MLS fields are currently
-		   unimplemented */
+		/* new_users's roles and MLS fields will be copied during
+		   user_fix_callback(). */
 
 		new_user->s.value = state->base->p_users.nprim + 1;
 
@@ -592,10 +574,72 @@
 	return -1;
 }
 
+static int sens_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+			      void *data)
+{
+	char *id = key;
+	level_datum_t *level, *base_level;
+	link_state_t *state = (link_state_t *) data;
+	scope_datum_t *scope;
+
+	level = (level_datum_t *) datum;
+
+	base_level = hashtab_search(state->base->p_levels.table, id);
+	if (!base_level) {
+		scope =
+		    hashtab_search(state->cur->policy->p_sens_scope.table, id);
+		if (!scope)
+			return -SEPOL_LINK_ERROR;
+		if (scope->scope == SCOPE_DECL) {
+			/* disallow declarations in modules */
+			ERR(state->handle,
+			    "%s: Modules may not declare new sensitivities.",
+			    state->cur_mod_name);
+			return -SEPOL_LINK_NOTSUP;
+		}
+	}
+
+	state->cur->map[SYM_LEVELS][level->level->sens - 1] =
+	    base_level->level->sens;
+
+	return 0;
+}
+
+static int cat_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+			     void *data)
+{
+	char *id = key;
+	cat_datum_t *cat, *base_cat;
+	link_state_t *state = (link_state_t *) data;
+	scope_datum_t *scope;
+
+	cat = (cat_datum_t *) datum;
+
+	base_cat = hashtab_search(state->base->p_cats.table, id);
+	if (!base_cat) {
+		scope =
+		    hashtab_search(state->cur->policy->p_cat_scope.table, id);
+		if (!scope)
+			return -SEPOL_LINK_ERROR;
+		if (scope->scope == SCOPE_DECL) {
+			/* disallow declarations in modules */
+			ERR(state->handle,
+			    "%s: Modules may not declare new categories.",
+			    state->cur_mod_name);
+			return -SEPOL_LINK_NOTSUP;
+		}
+	}
+
+	state->cur->map[SYM_CATS][cat->s.value - 1] = base_cat->s.value;
+
+	return 0;
+}
+
 static int (*copy_callback_f[SYM_NUM]) (hashtab_key_t key,
 					hashtab_datum_t datum, void *datap) = {
 NULL, class_copy_callback, role_copy_callback, type_copy_callback,
-	    user_copy_callback, bool_copy_callback, NULL, NULL};
+	    user_copy_callback, bool_copy_callback, sens_copy_callback,
+	    cat_copy_callback};
 
 /* The aliases have to be copied after the types and attributes to be
  * certain that the base symbol table will have the type that the
@@ -783,6 +827,43 @@
 	return -1;
 }
 
+static int mls_level_convert(mls_semantic_level_t * src,
+			     mls_semantic_level_t * dst, policy_module_t * mod)
+{
+	mls_semantic_cat_t *src_cat, *new_cat;
+
+	assert(mod->map[SYM_LEVELS][src->sens - 1]);
+	dst->sens = mod->map[SYM_LEVELS][src->sens - 1];
+
+	for (src_cat = src->cat; src_cat; src_cat = src_cat->next) {
+		new_cat =
+		    (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+		if (!new_cat)
+			return -1;
+		mls_semantic_cat_init(new_cat);
+
+		new_cat->next = dst->cat;
+		dst->cat = new_cat;
+
+		assert(mod->map[SYM_CATS][src_cat->low - 1]);
+		dst->cat->low = mod->map[SYM_CATS][src_cat->low - 1];
+		assert(mod->map[SYM_CATS][src_cat->high - 1]);
+		dst->cat->high = mod->map[SYM_CATS][src_cat->high - 1];
+	}
+
+	return 0;
+}
+
+static int mls_range_convert(mls_semantic_range_t * src,
+			     mls_semantic_range_t * dst, policy_module_t * mod)
+{
+	if (mls_level_convert(&src->level[0], &dst->level[0], mod))
+		return -1;
+	if (mls_level_convert(&src->level[1], &dst->level[1], mod))
+		return -1;
+	return 0;
+}
+
 static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
 			     void *data)
 {
@@ -893,13 +974,16 @@
 	user_datum_t *user, *new_user = NULL;
 	link_state_t *state = (link_state_t *) data;
 	policy_module_t *mod = state->cur;
+	symtab_t *usertab;
 
 	user = (user_datum_t *) datum;
 
 	if (state->dest_decl == NULL)
-		return 0;
+		usertab = &state->base->p_users;
+	else
+		usertab = &state->dest_decl->p_users;
 
-	new_user = hashtab_search(state->dest_decl->p_users.table, id);
+	new_user = hashtab_search(usertab->table, id);
 	assert(new_user != NULL);
 
 	if (state->verbose) {
@@ -910,6 +994,12 @@
 		goto cleanup;
 	}
 
+	if (mls_range_convert(&user->range, &new_user->range, mod))
+		goto cleanup;
+
+	if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod))
+		goto cleanup;
+
 	return 0;
 
       cleanup:
@@ -1096,6 +1186,55 @@
 	return -1;
 }
 
+static int copy_range_trans_list(range_trans_rule_t * rules,
+				 range_trans_rule_t ** dst,
+				 policy_module_t * mod, link_state_t * state)
+{
+	range_trans_rule_t *rule, *new_rule = NULL;
+	unsigned int i;
+	ebitmap_node_t *cnode;
+
+	for (rule = rules; rule; rule = rule->next) {
+		new_rule =
+		    (range_trans_rule_t *) malloc(sizeof(range_trans_rule_t));
+		if (!new_rule)
+			goto cleanup;
+
+		range_trans_rule_init(new_rule);
+
+		new_rule->next = *dst;
+		*dst = new_rule;
+
+		if (type_set_convert(&rule->stypes, &new_rule->stypes,
+				     mod, state))
+			goto cleanup;
+
+		if (type_set_convert(&rule->ttypes, &new_rule->ttypes,
+				     mod, state))
+			goto cleanup;
+
+		ebitmap_for_each_bit(&rule->tclasses, cnode, i) {
+			if (ebitmap_node_get_bit(cnode, i)) {
+				assert(mod->map[SYM_CLASSES][i]);
+				if (ebitmap_set_bit
+				    (&new_rule->tclasses,
+				     mod->map[SYM_CLASSES][i] - 1, 1)) {
+					goto cleanup;
+				}
+			}
+		}
+
+		if (mls_range_convert(&rule->trange, &new_rule->trange, mod))
+			goto cleanup;
+	}
+	return 0;
+
+      cleanup:
+	ERR(state->handle, "Out of memory!");
+	range_trans_rule_list_destroy(new_rule);
+	return -1;
+}
+
 static int copy_cond_list(cond_node_t * list, cond_node_t ** dst,
 			  policy_module_t * module, link_state_t * state)
 {
@@ -1278,6 +1417,10 @@
 		return -1;
 	}
 
+	if (copy_range_trans_list(src_decl->range_tr_rules,
+				  &dest_decl->range_tr_rules, module, state))
+		return -1;
+
 	/* finally copy any identifiers local to this declaration */
 	ret = copy_identifiers(state, src_decl->symtab, dest_decl);
 	if (ret < 0) {

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/policydb.c#4 (text+ko) ====

@@ -252,6 +252,29 @@
 	}
 }
 
+void level_datum_init(level_datum_t * x)
+{
+	memset(x, 0, sizeof(level_datum_t));
+}
+
+void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
+{
+	/* the mls_level_t referenced by the level_datum is managed
+	 * separately for now, so there is nothing to destroy */
+	return;
+}
+
+void cat_datum_init(cat_datum_t * x)
+{
+	memset(x, 0, sizeof(cat_datum_t));
+}
+
+void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
+{
+	/* it's currently a simple struct - really nothing to destroy */
+	return;
+}
+
 void class_perm_node_init(class_perm_node_t * x)
 {
 	memset(x, 0, sizeof(class_perm_node_t));
@@ -502,7 +525,11 @@
 		return -1;
 	}
 
-	if (p->policy_type != POLICY_KERN) {
+	/* we do not expand user's MLS info in kernel policies because the
+	 * semantic representation is not present and we do not expand user's
+	 * MLS info in module policies because all of the necessary mls
+	 * information is not present */
+	if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
 		mls_range_destroy(&user->exp_range);
 		if (mls_semantic_range_expand(&user->range,
 					      &user->exp_range, p, NULL)) {
@@ -907,9 +934,10 @@
 	if (key)
 		free(key);
 	levdatum = (level_datum_t *) datum;
-	ebitmap_destroy(&levdatum->level->cat);
+	mls_level_destroy(levdatum->level);
 	free(levdatum->level);
-	free(datum);
+	level_datum_destroy(levdatum);
+	free(levdatum);
 	return 0;
 }
 
@@ -918,6 +946,7 @@
 {
 	if (key)
 		free(key);
+	cat_datum_destroy((cat_datum_t *) datum);
 	free(datum);
 	return 0;
 }
@@ -2199,7 +2228,7 @@
 {
 	uint32_t *buf;
 
-	memset(lp, 0, sizeof(mls_level_t));
+	mls_level_init(lp);
 
 	buf = next_entry(fp, sizeof(uint32_t));
 	if (!buf) {
@@ -2305,9 +2334,10 @@
 	level_datum_t *levdatum;
 	uint32_t *buf, len;
 
-	levdatum = calloc(1, sizeof(level_datum_t));
+	levdatum = malloc(sizeof(level_datum_t));
 	if (!levdatum)
 		return -1;
+	level_datum_init(levdatum);
 
 	buf = next_entry(fp, (sizeof(uint32_t) * 2));
 	if (!buf)
@@ -2347,9 +2377,10 @@
 	cat_datum_t *catdatum;
 	uint32_t *buf, len;
 
-	catdatum = calloc(1, sizeof(cat_datum_t));
+	catdatum = malloc(sizeof(cat_datum_t));
 	if (!catdatum)
 		return -1;
+	cat_datum_init(catdatum);
 
 	buf = next_entry(fp, (sizeof(uint32_t) * 3));
 	if (!buf)