From owner-trustedbsd-cvs@FreeBSD.ORG  Thu Jan 25 15:06:39 2007
Return-Path: <owner-trustedbsd-cvs@FreeBSD.ORG>
X-Original-To: trustedbsd-cvs@freebsd.org
Delivered-To: trustedbsd-cvs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 925E616A40F
	for <trustedbsd-cvs@freebsd.org>; Thu, 25 Jan 2007 15:06:39 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.freebsd.org (Postfix) with ESMTP id A951D13C468
	for <trustedbsd-cvs@freebsd.org>; Thu, 25 Jan 2007 15:06:38 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53])
	by cyrus.watson.org (Postfix) with ESMTP id B932F4B285
	for <trustedbsd-cvs@trustedbsd.org>;
	Thu, 25 Jan 2007 10:06:36 -0500 (EST)
Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54])
	by mx2.freebsd.org (Postfix) with ESMTP id 1EA4E55802;
	Thu, 25 Jan 2007 15:06:34 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 164D716A405; Thu, 25 Jan 2007 15:06:34 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DE9F316A403
	for <perforce@freebsd.org>; Thu, 25 Jan 2007 15:06:33 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id CF2F713C442
	for <perforce@freebsd.org>; Thu, 25 Jan 2007 15:06:33 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0PF6Xnj052753
	for <perforce@freebsd.org>; Thu, 25 Jan 2007 15:06:33 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0PF6Xtx052749
	for perforce@freebsd.org; Thu, 25 Jan 2007 15:06:33 GMT
	(envelope-from millert@freebsd.org)
Date: Thu, 25 Jan 2007 15:06:33 GMT
Message-Id: <200701251506.l0PF6Xtx052749@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 113507 for review
X-BeenThere: trustedbsd-cvs@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD CVS and Perforce commit message list
	<trustedbsd-cvs.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>, 
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-cvs>
List-Post: <mailto:trustedbsd-cvs@FreeBSD.org>
List-Help: <mailto:trustedbsd-cvs-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>,
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2007 15:06:39 -0000

http://perforce.freebsd.org/chv.cgi?CH=113507

Change 113507 by millert@millert_macbook on 2007/01/25 15:06:05

	Update to libsepol-1.16.0 from the NSA web site.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/write.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#5 (text+ko) ====

@@ -1,3 +1,20 @@
+1.16.0 2007-01-18
+	* Updated version for stable branch.
+
+1.15.3 2006-11-27
+	* Merged patch to compile wit -fPIC instead of -fpic from
+	  Manoj Srivastava to prevent hitting the global offest table
+	  limit. Patch changed to include libselinux and libsemanage in
+	  addition to libselinux.
+1.15.2 2006-10-31
+	* Merged fix from Karl MacMillan for a segfault when linking
+	  non-MLS modules with users in them.
+
+1.15.1 2006-10-24
+	* Merged fix for version comparison that was preventing range
+	  transition rules from being written for a version 5 base policy
+	  from Darrel Goeddel.
+
 1.14 2006-10-17
 	* Updated version for release.
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#5 (text+ko) ====

@@ -1,1 +1,1 @@
-1.14
+1.16.0

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#5 (text+ko) ====

@@ -827,19 +827,24 @@
 	return -1;
 }
 
-static int mls_level_convert(mls_semantic_level_t * src,
-			     mls_semantic_level_t * dst, policy_module_t * mod)
+static int mls_level_convert(mls_semantic_level_t * src, mls_semantic_level_t * dst,
+			     policy_module_t * mod, link_state_t * state)
 {
 	mls_semantic_cat_t *src_cat, *new_cat;
 
+	if (!mod->policy->mls)
+		return 0;
+
 	assert(mod->map[SYM_LEVELS][src->sens - 1]);
 	dst->sens = mod->map[SYM_LEVELS][src->sens - 1];
 
 	for (src_cat = src->cat; src_cat; src_cat = src_cat->next) {
 		new_cat =
 		    (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
-		if (!new_cat)
+		if (!new_cat) {
+			ERR(state->handle, "Out of memory");
 			return -1;
+		}
 		mls_semantic_cat_init(new_cat);
 
 		new_cat->next = dst->cat;
@@ -854,13 +859,16 @@
 	return 0;
 }
 
-static int mls_range_convert(mls_semantic_range_t * src,
-			     mls_semantic_range_t * dst, policy_module_t * mod)
+static int mls_range_convert(mls_semantic_range_t * src, mls_semantic_range_t * dst,
+			     policy_module_t * mod, link_state_t * state)
 {
-	if (mls_level_convert(&src->level[0], &dst->level[0], mod))
-		return -1;
-	if (mls_level_convert(&src->level[1], &dst->level[1], mod))
-		return -1;
+	int ret;
+	ret = mls_level_convert(&src->level[0], &dst->level[0], mod, state);
+	if (ret)
+		return ret;
+	ret = mls_level_convert(&src->level[1], &dst->level[1], mod, state);
+	if (ret)
+		return ret;
 	return 0;
 }
 
@@ -994,10 +1002,10 @@
 		goto cleanup;
 	}
 
-	if (mls_range_convert(&user->range, &new_user->range, mod))
+	if (mls_range_convert(&user->range, &new_user->range, mod, state))
 		goto cleanup;
 
-	if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod))
+	if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod, state))
 		goto cleanup;
 
 	return 0;
@@ -1224,7 +1232,7 @@
 			}
 		}
 
-		if (mls_range_convert(&rule->trange, &new_rule->trange, mod))
+		if (mls_range_convert(&rule->trange, &new_rule->trange, mod, state))
 			goto cleanup;
 	}
 	return 0;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/write.c#4 (text+ko) ====

@@ -1641,7 +1641,7 @@
 	if ((p->policyvers >= POLICYDB_VERSION_MLS
 	     && p->policy_type == POLICY_KERN)
 	    || (p->policyvers >= MOD_POLICYDB_VERSION_MLS
-		&& p->policyvers < MOD_POLICYDB_VERSION_MLS
+		&& p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS
 		&& p->policy_type == POLICY_BASE)) {
 		if (range_write(p, fp)) {
 			return POLICYDB_ERROR;