Date: Thu, 25 Jan 2007 15:06:33 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 113507 for review Message-ID: <200701251506.l0PF6Xtx052749@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=113507 Change 113507 by millert@millert_macbook on 2007/01/25 15:06:05 Update to libsepol-1.16.0 from the NSA web site. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/write.c#4 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#5 (text+ko) ==== @@ -1,3 +1,20 @@ +1.16.0 2007-01-18 + * Updated version for stable branch. + +1.15.3 2006-11-27 + * Merged patch to compile wit -fPIC instead of -fpic from + Manoj Srivastava to prevent hitting the global offest table + limit. Patch changed to include libselinux and libsemanage in + addition to libselinux. +1.15.2 2006-10-31 + * Merged fix from Karl MacMillan for a segfault when linking + non-MLS modules with users in them. + +1.15.1 2006-10-24 + * Merged fix for version comparison that was preventing range + transition rules from being written for a version 5 base policy + from Darrel Goeddel. + 1.14 2006-10-17 * Updated version for release. ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#5 (text+ko) ==== @@ -1,1 +1,1 @@ -1.14 +1.16.0 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#5 (text+ko) ==== @@ -827,19 +827,24 @@ return -1; } -static int mls_level_convert(mls_semantic_level_t * src, - mls_semantic_level_t * dst, policy_module_t * mod) +static int mls_level_convert(mls_semantic_level_t * src, mls_semantic_level_t * dst, + policy_module_t * mod, link_state_t * state) { mls_semantic_cat_t *src_cat, *new_cat; + if (!mod->policy->mls) + return 0; + assert(mod->map[SYM_LEVELS][src->sens - 1]); dst->sens = mod->map[SYM_LEVELS][src->sens - 1]; for (src_cat = src->cat; src_cat; src_cat = src_cat->next) { new_cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); - if (!new_cat) + if (!new_cat) { + ERR(state->handle, "Out of memory"); return -1; + } mls_semantic_cat_init(new_cat); new_cat->next = dst->cat; @@ -854,13 +859,16 @@ return 0; } -static int mls_range_convert(mls_semantic_range_t * src, - mls_semantic_range_t * dst, policy_module_t * mod) +static int mls_range_convert(mls_semantic_range_t * src, mls_semantic_range_t * dst, + policy_module_t * mod, link_state_t * state) { - if (mls_level_convert(&src->level[0], &dst->level[0], mod)) - return -1; - if (mls_level_convert(&src->level[1], &dst->level[1], mod)) - return -1; + int ret; + ret = mls_level_convert(&src->level[0], &dst->level[0], mod, state); + if (ret) + return ret; + ret = mls_level_convert(&src->level[1], &dst->level[1], mod, state); + if (ret) + return ret; return 0; } @@ -994,10 +1002,10 @@ goto cleanup; } - if (mls_range_convert(&user->range, &new_user->range, mod)) + if (mls_range_convert(&user->range, &new_user->range, mod, state)) goto cleanup; - if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod)) + if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod, state)) goto cleanup; return 0; @@ -1224,7 +1232,7 @@ } } - if (mls_range_convert(&rule->trange, &new_rule->trange, mod)) + if (mls_range_convert(&rule->trange, &new_rule->trange, mod, state)) goto cleanup; } return 0; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/write.c#4 (text+ko) ==== @@ -1641,7 +1641,7 @@ if ((p->policyvers >= POLICYDB_VERSION_MLS && p->policy_type == POLICY_KERN) || (p->policyvers >= MOD_POLICYDB_VERSION_MLS - && p->policyvers < MOD_POLICYDB_VERSION_MLS + && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS && p->policy_type == POLICY_BASE)) { if (range_write(p, fp)) { return POLICYDB_ERROR;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701251506.l0PF6Xtx052749>